Vulnerabilites related to Fedora - Fedora
cve-2024-1312
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-1312 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2225569 | issue-tracking, x_refsource_REDHAT | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/mm/memory.c?h=v6.8-rc3&id=657b5146955eba331e01b9a6ae89ce2e716ba306 |
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | kernel | |||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-08T20:10:59.345397Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:20:46.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:33:25.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-1312"
},
{
"name": "RHBZ#2225569",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225569"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/mm/memory.c?h=v6.8-rc3\u0026id=657b5146955eba331e01b9a6ae89ce2e716ba306"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.5-rc4"
}
]
},
{
"defaultStatus": "affected",
"product": "kernel",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-07-26T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in the Linux kernel\u0027s Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-15T06:56:43.291Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-1312"
},
{
"name": "RHBZ#2225569",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225569"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/mm/memory.c?h=v6.8-rc3\u0026id=657b5146955eba331e01b9a6ae89ce2e716ba306"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-25T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-07-26T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: race condition leads to use after free during vma lock in lock_vma_under_rcu",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-1312",
"datePublished": "2024-02-08T12:38:03.062Z",
"dateReserved": "2024-02-07T15:04:41.228Z",
"dateUpdated": "2024-08-01T18:33:25.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3153
Vulnerability from cvelistv5
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | ovn | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:07.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3153"
},
{
"name": "RHBZ#2213279",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213279"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ovn-org/ovn/issues/198"
},
{
"tags": [
"x_transferred"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3153",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T14:24:33.931307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T14:25:08.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ovn",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "22.12.1"
},
{
"status": "unaffected",
"version": "22.03.3"
},
{
"status": "unaffected",
"version": "23.06.1"
},
{
"status": "unaffected",
"version": "23.03.1"
},
{
"status": "unaffected",
"version": "22.09.2"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "ovn2.11",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "ovn2.12",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "ovn2.13",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "ovn-2021",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "ovn2.11",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "ovn2.12",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "ovn2.13",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "ovn22.03",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "ovn22.06",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "ovn22.09",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "ovn22.12",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "ovn-2021",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "ovn22.03",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "ovn22.06",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "ovn22.09",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "ovn22.12",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "ovn-2021",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "ovn21.09",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "ovn21.12",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "ovn22.03",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "ovn22.06",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "ovn22.09",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "ovn22.12",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "ovn23.03",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:13"
],
"defaultStatus": "unknown",
"packageName": "ovn2.11",
"product": "Red Hat OpenStack Platform 13 (Queens)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "ovn",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Ales Musil (Red Hat)."
}
],
"datePublic": "2023-06-07T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-04T11:13:40.083Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3153"
},
{
"name": "RHBZ#2213279",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213279"
},
{
"url": "https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd"
},
{
"url": "https://github.com/ovn-org/ovn/issues/198"
},
{
"url": "https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html"
},
{
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-07T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-06-07T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Service monitor mac flow is not rate limited",
"x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3153",
"datePublished": "2023-10-04T11:13:40.083Z",
"dateReserved": "2023-06-07T18:04:42.140Z",
"dateUpdated": "2024-09-19T14:25:08.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5158
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-5158 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2240561 | issue-tracking, x_refsource_REDHAT |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:07.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5158"
},
{
"name": "RHBZ#2240561",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240561"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "5.13-rc1"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-09-25T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-684",
"description": "Incorrect Provision of Specified Functionality",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T01:02:35.622Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5158"
},
{
"name": "RHBZ#2240561",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240561"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-25T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-09-25T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Possible dos from guest to host invringh_kiov_advance in vhost driver at drivers/vhost/vringh.c",
"x_redhatCweChain": "CWE-684: Incorrect Provision of Specified Functionality"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-5158",
"datePublished": "2023-09-25T15:55:15.724Z",
"dateReserved": "2023-09-25T11:01:28.398Z",
"dateUpdated": "2024-08-02T07:52:07.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6200
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-6200 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2250377 | issue-tracking, x_refsource_REDHAT | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | kernel | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:18.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6200"
},
{
"name": "RHBZ#2250377",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250377"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.7-rc7"
}
]
},
{
"defaultStatus": "affected",
"product": "kernel",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::hypervisor"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Lucas Leong (Trend Micro Zero Day Initiative) for reporting this issue."
}
],
"datePublic": "2023-12-21T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T15:44:56.695Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6200"
},
{
"name": "RHBZ#2250377",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250377"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dade3f6a1e4e"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-17T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-12-21T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: icmpv6 router advertisement packets, aka linux tcp/ip remote code execution vulnerability",
"workarounds": [
{
"lang": "en",
"value": "The remote attack is potentially possible in the local network only. It is not possible if param\nnet.ipv6.conf.[NIC].accept_ra\ndisabled. Check this param value with the command\ncat /proc/sys/net/ipv6/conf/default/accept_ra\nor /proc/sys/net/ipv6/conf/eth0/accept_ra\n(where eth0 is the name of the networking interface).\nIf you cannot run this or a similar command and parameter accept_ra is not available, then IPV6 is disabled.\nIf IPV6 is not being used, it is possible to disable it completely, and there is instruction on how to do this:\nhttps://access.redhat.com/solutions/8709"
}
],
"x_redhatCweChain": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6200",
"datePublished": "2024-01-28T12:19:24.885Z",
"dateReserved": "2023-11-20T09:44:39.245Z",
"dateUpdated": "2024-08-02T08:21:18.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2680
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-2680 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2203387 | issue-tracking, x_refsource_REDHAT | |
| https://security.netapp.com/advisory/ntap-20231116-0001/ |
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | qemu | |||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-2680"
},
{
"name": "RHBZ#2203387",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203387"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231116-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "qemu",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "unaffected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:13"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm-rhev",
"product": "Red Hat OpenStack Platform 13 (Queens)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "qemu",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "qemu",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"datePublic": "2023-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T15:07:43.093Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-2680"
},
{
"name": "RHBZ#2203387",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203387"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0001/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-10T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-12T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Dma reentrancy issue (incomplete fix for cve-2021-3750)",
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-2680",
"datePublished": "2023-09-13T16:50:53.532Z",
"dateReserved": "2023-05-12T09:57:43.190Z",
"dateUpdated": "2025-02-13T16:44:57.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3430
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2218380 | issue-tracking, x_refsource_REDHAT |
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | OpenImageIO | ||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHBZ#2218380",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218380"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenImageIO",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "2.4.12.0"
}
]
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "OpenImageIO",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "OpenImageIO",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-05-15T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T13:40:05.145Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHBZ#2218380",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218380"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-27T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-15T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Openimageio: heap-buffer-overflow in file src/gif.imageio/gifinput.cpp",
"x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3430",
"datePublished": "2023-12-18T13:40:05.145Z",
"dateReserved": "2023-06-27T13:55:43.943Z",
"dateUpdated": "2024-08-02T06:55:03.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4156
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-4156 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2215930 | issue-tracking, x_refsource_REDHAT |
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | gawk | |||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4156"
},
{
"name": "RHBZ#2215930",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215930"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4156",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T15:36:43.075717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T15:36:52.766Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gawk",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "5.1.1"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "gawk",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "gawk",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "gawk",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "gawk",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "gawk",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jiongchi Yu for reporting this issue."
}
],
"datePublic": "2023-06-19T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-25T17:20:19.377Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4156"
},
{
"name": "RHBZ#2215930",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215930"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-19T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-06-19T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Heap out of bound read in builtin.c",
"x_redhatCweChain": "CWE-125: Out-of-bounds Read"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-4156",
"datePublished": "2023-09-25T17:20:19.377Z",
"dateReserved": "2023-08-04T14:59:50.617Z",
"dateUpdated": "2024-09-24T15:36:52.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1194
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-1194 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2154176 | issue-tracking, x_refsource_REDHAT | |
| https://www.spinics.net/lists/stable-commits/msg303065.html | ||
| https://security.netapp.com/advisory/ntap-20231221-0006/ |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:58.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1194"
},
{
"name": "RHBZ#2154176",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154176"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.spinics.net/lists/stable-commits/msg303065.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231221-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "kernel",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Pumpkin (@u1f383) (DEVCORE Internship Program, and NYCU Software Security LAB) for reporting this issue."
}
],
"datePublic": "2022-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T22:06:26.920Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1194"
},
{
"name": "RHBZ#2154176",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154176"
},
{
"url": "https://www.spinics.net/lists/stable-commits/msg303065.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231221-0006/"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-16T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-10-02T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Use-after-free in parse_lease_state()",
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-1194",
"datePublished": "2023-11-03T07:41:35.083Z",
"dateReserved": "2023-03-06T08:47:19.083Z",
"dateUpdated": "2025-02-13T16:39:17.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6560
Vulnerability from cvelistv5
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | kernel | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176405/io_uring-__io_uaddr_map-Dangerous-Multi-Page-Handling.html"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6560"
},
{
"name": "RHBZ#2253249",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253249"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AU4NHBDEDLRW33O76Y6LFECEYNQET5GZ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCQIPFUQXKXRCH5Y4RP3C5NK4IHNBNVK/"
},
{
"tags": [
"x_transferred"
],
"url": "https://patchwork.kernel.org/project/io-uring/patch/20231130194633.649319-2-axboe@kernel.dk/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.7-rc5"
}
]
},
{
"defaultStatus": "affected",
"product": "kernel",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-11-30T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-823",
"description": "Use of Out-of-range Pointer Offset",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T02:07:14.972Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://packetstormsecurity.com/files/176405/io_uring-__io_uaddr_map-Dangerous-Multi-Page-Handling.html"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6560"
},
{
"name": "RHBZ#2253249",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253249"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AU4NHBDEDLRW33O76Y6LFECEYNQET5GZ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UCQIPFUQXKXRCH5Y4RP3C5NK4IHNBNVK/"
},
{
"url": "https://patchwork.kernel.org/project/io-uring/patch/20231130194633.649319-2-axboe@kernel.dk/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-06T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-11-30T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: io_uring out of boundary memory access in __io_uaddr_map()",
"x_redhatCweChain": "CWE-823: Use of Out-of-range Pointer Offset"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6560",
"datePublished": "2023-12-08T23:56:55.211Z",
"dateReserved": "2023-12-06T15:58:00.683Z",
"dateUpdated": "2024-08-02T08:35:14.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4435
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2021-4435 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2262284 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1 | ||
| https://github.com/yarnpkg/yarn/releases/tag/v1.22.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4435"
},
{
"name": "RHBZ#2262284",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262284"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/yarnpkg/yarn/releases/tag/v1.22.13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "yarn",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "1.22.13"
}
]
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "yarnpkg",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "yarnpkg",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Paul Gerste (Sonar) for reporting this issue."
}
],
"datePublic": "2021-09-20T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T19:16:35.651Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4435"
},
{
"name": "RHBZ#2262284",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262284"
},
{
"url": "https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1"
},
{
"url": "https://github.com/yarnpkg/yarn/releases/tag/v1.22.13"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-23T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2021-09-20T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Yarn: untrusted search path",
"x_redhatCweChain": "CWE-426: Untrusted Search Path"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2021-4435",
"datePublished": "2024-02-04T19:16:35.651Z",
"dateReserved": "2024-02-01T14:23:02.896Z",
"dateUpdated": "2024-08-03T17:30:07.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5972
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-5972 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248189 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/torvalds/linux/commit/505ce0630ad5d31185695f8a29dde8d29f28faa7 | ||
| https://github.com/torvalds/linux/commit/52177bbf19e6e9398375a148d2e13ed492b40b80 |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:25.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5972"
},
{
"name": "RHBZ#2248189",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248189"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/505ce0630ad5d31185695f8a29dde8d29f28faa7"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/52177bbf19e6e9398375a148d2e13ed492b40b80"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "kernel",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Xingyuan Mo (IceSword Lab) for reporting this issue."
}
],
"datePublic": "2023-10-12T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-28T12:38:05.880Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5972"
},
{
"name": "RHBZ#2248189",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248189"
},
{
"url": "https://github.com/torvalds/linux/commit/505ce0630ad5d31185695f8a29dde8d29f28faa7"
},
{
"url": "https://github.com/torvalds/linux/commit/52177bbf19e6e9398375a148d2e13ed492b40b80"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-23T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-10-12T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: the nfta_inner_num and nfta_expr_name netlink attributes accessed without checking its presence in nft_inner.c",
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-5972",
"datePublished": "2023-11-23T17:21:20.589Z",
"dateReserved": "2023-11-06T19:19:58.357Z",
"dateUpdated": "2024-08-02T08:14:25.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32627
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-32627 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2212282 | issue-tracking, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2023/08/msg00015.html |
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | sox | ||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:35.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32627"
},
{
"name": "RHBZ#2212282",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212282"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00015.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T16:07:31.411107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T16:08:12.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "sox",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "sox",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "sox",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "sox",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "sox",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-05-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1077",
"description": "Floating Point Comparison with Incorrect Operator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-13T18:06:09.708Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32627"
},
{
"name": "RHBZ#2212282",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212282"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00015.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-11T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-05T00:00:00Z",
"value": "Made public."
}
],
"title": "Floating point exception in src/voc.c",
"x_redhatCweChain": "CWE-1077: Floating Point Comparison with Incorrect Operator"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-32627",
"datePublished": "2023-07-10T17:15:42.063Z",
"dateReserved": "2023-06-06T07:28:27.550Z",
"dateUpdated": "2025-02-13T16:54:52.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1192
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-1192 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2154178 | issue-tracking, x_refsource_REDHAT | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d527f51331cace562393a8038d870b3e9916686f |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1192"
},
{
"name": "RHBZ#2154178",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154178"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d527f51331cace562393a8038d870b3e9916686f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "kernel",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Pumpkin (@u1f383), working with DEVCORE Internship Program for reporting this issue."
}
],
"datePublic": "2022-10-02T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-07T16:42:37.540Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1192"
},
{
"name": "RHBZ#2154178",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154178"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d527f51331cace562393a8038d870b3e9916686f"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-16T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-10-02T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Use-after-free in smb2_is_status_io_timeout()",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-1192",
"datePublished": "2023-11-01T19:01:47.336Z",
"dateReserved": "2023-03-06T08:43:46.689Z",
"dateUpdated": "2024-08-02T05:40:59.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3872
Vulnerability from cvelistv5
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | mod_fcgid | ||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:26:12.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-17474",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050930.html"
},
{
"name": "FEDORA-2010-17434",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050932.html"
},
{
"name": "FEDORA-2010-17472",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050976.html"
},
{
"name": "openSUSE-SU-2011:0884",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00004.html"
},
{
"name": "SUSE-SU-2011:0885",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00005.html"
},
{
"name": "69275",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/69275"
},
{
"name": "42288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42288"
},
{
"name": "42302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42302"
},
{
"name": "42815",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42815"
},
{
"name": "DSA-2140",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2140"
},
{
"name": "[apache] 20101107 [ANNOUNCE] mod_fcgid 2.3.6 is released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.gossamer-threads.com/lists/apache/announce/391406"
},
{
"name": "44900",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44900"
},
{
"name": "ADV-2010-2997",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2997"
},
{
"name": "ADV-2010-2998",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2998"
},
{
"name": "ADV-2011-0031",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0031"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2010-3872"
},
{
"name": "RHBZ#2248172",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248172"
},
{
"name": "apache-fcgid-bo(63303)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63303"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/httpd-mod_fcgid/commit/b1afa70840b4ab4e6fbc12ac8798b2f3ccc336b2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=49406"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mod_fcgid",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "2.3.6"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "mod_fcgid",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "mod_fcgid",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "mod_fcgid",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "mod_fcgid",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2010-06-08T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T05:17:45.315Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2010-17474",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050930.html"
},
{
"name": "FEDORA-2010-17434",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050932.html"
},
{
"name": "FEDORA-2010-17472",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050976.html"
},
{
"name": "openSUSE-SU-2011:0884",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00004.html"
},
{
"name": "SUSE-SU-2011:0885",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00005.html"
},
{
"name": "69275",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/69275"
},
{
"name": "42288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42288"
},
{
"name": "42302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42302"
},
{
"name": "42815",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42815"
},
{
"name": "DSA-2140",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2140"
},
{
"name": "[apache] 20101107 [ANNOUNCE] mod_fcgid 2.3.6 is released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.gossamer-threads.com/lists/apache/announce/391406"
},
{
"name": "44900",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44900"
},
{
"name": "ADV-2010-2997",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2997"
},
{
"name": "ADV-2010-2998",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2998"
},
{
"name": "ADV-2011-0031",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0031"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2010-3872"
},
{
"name": "RHBZ#2248172",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248172"
},
{
"name": "apache-fcgid-bo(63303)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63303"
},
{
"url": "https://github.com/apache/httpd-mod_fcgid/commit/b1afa70840b4ab4e6fbc12ac8798b2f3ccc336b2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=49406"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-17T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2010-06-08T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Httpd: mod_fcgid: stack-based buffer overflow in fcgid_header_bucket_read() in modules/fcgid/fcgid_bucket.c",
"x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3872",
"datePublished": "2010-11-20T20:00:00",
"dateReserved": "2010-10-08T00:00:00",
"dateUpdated": "2024-08-07T03:26:12.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26590
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-26590 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2212279 | issue-tracking, x_refsource_REDHAT |
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | sox | ||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:53.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-26590"
},
{
"name": "RHBZ#2212279",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212279"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T15:55:18.995799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T15:55:31.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "sox",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "sox",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "sox",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "sox",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "sox",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"datePublic": "2023-05-05T00:00:00Z",
"descriptions": [
{
"lang": "en",
"value": "A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1077",
"description": "Floating Point Comparison with Incorrect Operator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T17:14:14.297Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-26590"
},
{
"name": "RHBZ#2212279",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212279"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-11T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-05T00:00:00Z",
"value": "Made public."
}
],
"title": "Floating point exception in src/aiff.c",
"x_redhatCweChain": "CWE-1077: Floating Point Comparison with Incorrect Operator"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-26590",
"datePublished": "2023-07-10T17:14:14.297Z",
"dateReserved": "2023-06-06T07:28:27.543Z",
"dateUpdated": "2024-10-01T15:55:31.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1183
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-1183 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2208506 | issue-tracking, x_refsource_REDHAT | |
| https://www.libreoffice.org/about-us/security/advisories/cve-2023-1183/ | ||
| http://www.openwall.com/lists/oss-security/2023/12/28/4 | ||
| http://www.openwall.com/lists/oss-security/2024/01/03/4 |
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | libreoffice | |||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:58.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1183"
},
{
"name": "RHBZ#2208506",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208506"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-1183/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/12/28/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/03/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libreoffice",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "7.4.6"
},
{
"status": "unaffected",
"version": "7.5.1"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "libreoffice",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "libreoffice",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "libreoffice",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "libreoffice",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "libreoffice",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Gregor Kopf (Secfault Security GmbH) for reporting this issue."
}
],
"datePublic": "2023-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Libreoffice package. An attacker can craft an odb containing a \"database/script\" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-03T12:06:19.907Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1183"
},
{
"name": "RHBZ#2208506",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208506"
},
{
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2023-1183/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/12/28/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/03/4"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-19T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-06-19T00:00:00Z",
"value": "Made public."
}
],
"title": "Arbitrary file write",
"x_redhatCweChain": "CWE-20: Improper Input Validation"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-1183",
"datePublished": "2023-07-10T15:04:30.740Z",
"dateReserved": "2023-03-06T04:37:10.705Z",
"dateUpdated": "2025-02-13T16:39:16.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2860
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-2860 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2218122 | issue-tracking, x_refsource_REDHAT | |
| https://www.zerodayinitiative.com/advisories/ZDI-CAN-18511 |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-2860"
},
{
"name": "RHBZ#2218122",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218122"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-18511"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.0-rc5"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2022-09-05T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This flaw allows a privileged local user to disclose sensitive information on affected installations of the Linux kernel."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T03:20:36.395Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-2860"
},
{
"name": "RHBZ#2218122",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218122"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-18511"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-28T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-09-05T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Out-of-bounds read when setting hmac data",
"x_redhatCweChain": "CWE-125: Out-of-bounds Read"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-2860",
"datePublished": "2023-07-24T15:19:18.473Z",
"dateReserved": "2023-05-24T07:11:24.194Z",
"dateUpdated": "2024-08-02T06:33:05.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3966
Vulnerability from cvelistv5
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | openvswitch | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T15:42:09.680379Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T18:14:22.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3966"
},
{
"name": "RHBZ#2178363",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178363"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openvswitch",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "3.1.0"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.10",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.11",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.12",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.13",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.11",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.12",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.13",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.15",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.16",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.17",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.1",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.17",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch3.0",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.1",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.2",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "openvswitch",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:3.11"
],
"defaultStatus": "unaffected",
"packageName": "openvswitch-ovn-kubernetes",
"product": "Red Hat OpenShift Container Platform 3.11",
"vendor": "Red Hat"
},
{
"collectionURL": "https://repos.fedorapeople.org/repos/openstack/",
"defaultStatus": "affected",
"packageName": "rdo-openvswitch",
"product": "OpenStack RDO",
"vendor": "RDO"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "openvswitch",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Haresh Khandelwal (Red Hat) and Timothy Redaelli (Red Hat)."
}
],
"datePublic": "2024-02-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-23T02:06:40.529Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3966"
},
{
"name": "RHBZ#2178363",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178363"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-14T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-02-08T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet",
"x_redhatCweChain": "CWE-248: Uncaught Exception"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3966",
"datePublished": "2024-02-22T12:15:53.128Z",
"dateReserved": "2023-07-26T23:16:24.169Z",
"dateUpdated": "2025-02-13T17:03:14.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6395
Vulnerability from cvelistv5
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | mock | |||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6395"
},
{
"name": "RHBZ#2252206",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252206"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xsuchy/templated-dictionary/commit/0740bd0ca8d487301881541028977d120f8b8933"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xsuchy/templated-dictionary/commit/bcd90f0dafa365575c4b101e6f5d98c4ef4e4b69"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBFYREAJH4T7GXXQZ4GJEREN4Q3AHS3K/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SP2BJC2AFLFJJAEHPGZ3ZINTBTI7AN/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T20:10:59.775490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T20:12:04.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "mock",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "mock",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mock",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mock",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Sankin Nikita Alexeevich for reporting this issue."
}
],
"datePublic": "2024-01-16T13:52:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-09T02:06:16.059Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6395"
},
{
"name": "RHBZ#2252206",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252206"
},
{
"url": "https://github.com/xsuchy/templated-dictionary/commit/0740bd0ca8d487301881541028977d120f8b8933"
},
{
"url": "https://github.com/xsuchy/templated-dictionary/commit/bcd90f0dafa365575c4b101e6f5d98c4ef4e4b69"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/3"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBFYREAJH4T7GXXQZ4GJEREN4Q3AHS3K/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SP2BJC2AFLFJJAEHPGZ3ZINTBTI7AN/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-30T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-16T13:52:00+00:00",
"value": "Made public."
}
],
"title": "Mock: privilege escalation for users that can access mock configuration",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-20: Improper Input Validation"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6395",
"datePublished": "2024-01-16T14:33:02.308Z",
"dateReserved": "2023-11-30T05:34:50.920Z",
"dateUpdated": "2025-02-13T17:26:22.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4900
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-4900 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2179880 | issue-tracking, x_refsource_REDHAT | |
| https://security.netapp.com/advisory/ntap-20231130-0008/ |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | php | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:55:46.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-4900"
},
{
"name": "RHBZ#2179880",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179880"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231130-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "php",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "8.0.22"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "php",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "php",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "php:7.4/php",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "php:8.0/php",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "php",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "php:8.1/php",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_software_collections:3"
],
"defaultStatus": "affected",
"packageName": "rh-php73-php",
"product": "Red Hat Software Collections",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "php",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2022-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-30T22:06:21.070Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-4900"
},
{
"name": "RHBZ#2179880",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179880"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231130-0008/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-31T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-07-13T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Potential buffer overflow in php_cli_server_startup_workers",
"x_redhatCweChain": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-4900",
"datePublished": "2023-11-02T15:01:28.590Z",
"dateReserved": "2023-01-31T10:50:33.011Z",
"dateUpdated": "2025-02-13T16:34:05.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38253
Vulnerability from cvelistv5
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | w3m | |||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:11.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-38253"
},
{
"name": "RHBZ#2222779",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222779"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tats/w3m/issues/271"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "w3m",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "w3m",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "w3m",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "w3m",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T02:06:16.683Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-38253"
},
{
"name": "RHBZ#2222779",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222779"
},
{
"url": "https://github.com/tats/w3m/issues/271"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-29T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-06-29T00:00:00+00:00",
"value": "Made public."
}
],
"title": "W3m: out of bounds read in growbuf_to_str() at w3m/indep.c",
"x_redhatCweChain": "CWE-125: Out-of-bounds Read"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-38253",
"datePublished": "2023-07-14T17:07:01.468Z",
"dateReserved": "2023-07-13T16:29:56.475Z",
"dateUpdated": "2025-02-13T17:01:49.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3180
Vulnerability from cvelistv5
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | qemu | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:07.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3180"
},
{
"name": "RHBZ#2222424",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222424"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230831-0008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3180",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T19:56:22.741782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T19:56:37.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "qemu",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "unaffected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "qemu",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "qemu",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"datePublic": "2023-08-03T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T02:29:25.701Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3180"
},
{
"name": "RHBZ#2222424",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222424"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230831-0008/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-12T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-08-03T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Heap buffer overflow in virtio_crypto_sym_op_helper()",
"x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3180",
"datePublished": "2023-08-03T14:31:36.083Z",
"dateReserved": "2023-06-09T08:30:43.335Z",
"dateUpdated": "2024-09-25T19:56:37.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1672
Vulnerability from cvelistv5
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | tang | ||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1672"
},
{
"name": "RHBZ#2180999",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180999"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/06/15/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00004.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1672",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T16:29:42.615646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T16:29:57.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "tang",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "tang",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "tang",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "tang",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "tang",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-06-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-07T21:06:32.549Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1672"
},
{
"name": "RHBZ#2180999",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180999"
},
{
"url": "https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/06/15/1"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00004.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-22T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-06-07T00:00:00Z",
"value": "Made public."
}
],
"title": "Race condition exists in the key generation and rotation functionality",
"x_redhatCweChain": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-1672",
"datePublished": "2023-07-11T11:47:35.363Z",
"dateReserved": "2023-03-28T15:03:04.864Z",
"dateUpdated": "2025-02-13T16:39:29.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5349
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5349"
},
{
"name": "RHBZ#2247064",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247064"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rmagick/rmagick/issues/1401"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/rmagick/rmagick/pull/1406"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3XMQ2KWPYGT447EKPENGXXHKAQ5NUWF/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rmagick:rmagick:*:*:*:*:*:ruby:*:*"
],
"defaultStatus": "unknown",
"product": "rmagick",
"vendor": "rmagick",
"versions": [
{
"lessThan": "5.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "37"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5349",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T13:50:48.331930Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T14:29:41.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "rmagick",
"vendor": "n/a"
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "unknown",
"packageName": "3scale-amp-system-container",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "rubygem-rmagick",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-07-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T02:06:14.786Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5349"
},
{
"name": "RHBZ#2247064",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247064"
},
{
"url": "https://github.com/rmagick/rmagick/issues/1401"
},
{
"url": "https://github.com/rmagick/rmagick/pull/1406"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3XMQ2KWPYGT447EKPENGXXHKAQ5NUWF/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-13T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-07-07T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Draw while calling getdrawinfo()",
"x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-5349",
"datePublished": "2023-10-30T20:27:59.972Z",
"dateReserved": "2023-10-03T11:23:23.861Z",
"dateUpdated": "2025-02-13T17:20:08.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-7090
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-7090 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2255723 | issue-tracking, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html | ||
| https://security.netapp.com/advisory/ntap-20240208-0001/ | ||
| https://www.sudo.ws/releases/legacy/#1.8.28 |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | sudo | ||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:07.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-7090"
},
{
"name": "RHBZ#2255723",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255723"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240208-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sudo.ws/releases/legacy/#1.8.28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sudo",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "1.8.28"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "sudo",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "sudo",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "sudo",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "sudo",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "sudo",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "freeipa",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Mohammad Tausif Siddiqui (Red Hat Product Security)."
}
],
"datePublic": "2019-08-15T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T11:05:45.902Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-7090"
},
{
"name": "RHBZ#2255723",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255723"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240208-0001/"
},
{
"url": "https://www.sudo.ws/releases/legacy/#1.8.28"
}
],
"timeline": [
{
"lang": "en",
"time": "2018-11-02T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2019-08-15T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Sudo: improper handling of ipa_hostname leads to privilege mismanagement",
"x_redhatCweChain": "CWE-269: Improper Privilege Management"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-7090",
"datePublished": "2023-12-23T22:33:13.530Z",
"dateReserved": "2023-12-23T19:25:33.533Z",
"dateUpdated": "2024-08-02T08:50:07.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38471
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-38471 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2191691 | issue-tracking, x_refsource_REDHAT |
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | avahi | |||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-38471"
},
{
"name": "RHBZ#2191691",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191691"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38471",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T13:54:56.246487Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T14:17:30.825Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "avahi",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "avahi",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-04-26T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-02T14:58:22.628Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-38471"
},
{
"name": "RHBZ#2191691",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191691"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-26T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-04-26T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Reachable assertion in dbus_set_host_name",
"x_redhatCweChain": "CWE-617: Reachable Assertion"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-38471",
"datePublished": "2023-11-02T14:58:22.628Z",
"dateReserved": "2023-07-18T09:48:04.753Z",
"dateUpdated": "2024-08-29T14:17:30.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3269
Vulnerability from cvelistv5
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3269"
},
{
"name": "RHBZ#2215268",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215268"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/07/05/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6AAA64CUPSMBW6XDTXPQJ3KQWYQ4K7L/"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jul/43"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/28/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/08/25/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/08/25/4"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230908-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "kernel",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-07-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-08T16:06:32.775Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3269"
},
{
"name": "RHBZ#2215268",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215268"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/07/05/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6AAA64CUPSMBW6XDTXPQJ3KQWYQ4K7L/"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/43"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/28/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/25/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/25/4"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230908-0001/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-15T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-07-05T00:00:00Z",
"value": "Made public."
}
],
"title": "Distros-[dirtyvma] privilege escalation via non-rcu-protected vma traversal",
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3269",
"datePublished": "2023-07-11T11:45:36.711Z",
"dateReserved": "2023-06-15T10:41:19.478Z",
"dateUpdated": "2025-02-13T16:54:58.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38473
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-38473 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2191694 | issue-tracking, x_refsource_REDHAT |
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | avahi | |||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-38473"
},
{
"name": "RHBZ#2191694",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191694"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T14:00:14.793605Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T14:16:49.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "avahi",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "avahi",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-04-26T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-02T15:00:19.576Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-38473"
},
{
"name": "RHBZ#2191694",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191694"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-26T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-04-26T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Reachable assertion in avahi_alternative_host_name",
"x_redhatCweChain": "CWE-617: Reachable Assertion"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-38473",
"datePublished": "2023-11-02T15:00:19.576Z",
"dateReserved": "2023-07-18T09:48:04.753Z",
"dateUpdated": "2024-08-29T14:16:49.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32252
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-32252 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2219815 | issue-tracking, x_refsource_REDHAT | |
| https://security.netapp.com/advisory/ntap-20231124-0001/ | ||
| https://www.zerodayinitiative.com/advisories/ZDI-CAN-20590/ |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32252"
},
{
"name": "RHBZ#2219815",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219815"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231124-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20590/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.4-rc1"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-05-04T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u0027s ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T03:28:10.819Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32252"
},
{
"name": "RHBZ#2219815",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219815"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231124-0001/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20590/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-27T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-04T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Session null pointer dereference denial-of-service vulnerability",
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-32252",
"datePublished": "2023-07-24T15:19:26.515Z",
"dateReserved": "2023-05-05T10:00:07.895Z",
"dateUpdated": "2024-08-02T15:10:24.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32254
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-32254 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2191658 | issue-tracking, x_refsource_REDHAT | |
| https://www.zerodayinitiative.com/advisories/ZDI-23-702/ | ||
| https://security.netapp.com/advisory/ntap-20230824-0004/ |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32254"
},
{
"name": "RHBZ#2191658",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191658"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-702/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230824-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.4-rc1"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u0027s ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Critical"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-24T18:06:22.332Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32254"
},
{
"name": "RHBZ#2191658",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191658"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-702/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230824-0004/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-27T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-17T00:00:00Z",
"value": "Made public."
}
],
"title": "Tree connection race condition remote code execution vulnerability",
"x_redhatCweChain": "CWE-667-\u003eCWE-362: Improper Locking leads to Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-32254",
"datePublished": "2023-07-10T15:11:25.707Z",
"dateReserved": "2023-05-05T10:00:07.895Z",
"dateUpdated": "2025-02-13T16:50:28.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6258
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2251062 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/latchset/pkcs11-provider/pull/308 |
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | pkcs11-provider | |||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:20.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHBZ#2251062",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251062"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/latchset/pkcs11-provider/pull/308"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pkcs11-provider",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "0.2"
}
]
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "pkcs11-provider",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-11-22T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Cryptography Standards (PKCS#11). If exploited successfully, this vulnerability could result in a Bleichenbacher-like security flaw, potentially enabling a side-channel attack on PKCS#1 1.5 decryption."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1300",
"description": "Improper Protection of Physical Side Channels",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-08T18:05:32.581Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHBZ#2251062",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251062"
},
{
"url": "https://github.com/latchset/pkcs11-provider/pull/308"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-22T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-11-22T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Pkcs11-provider: side-channel proofing pkcs#1 1.5 paths",
"x_redhatCweChain": "CWE-1300: Improper Protection of Physical Side Channels"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6258",
"datePublished": "2024-01-30T16:55:18.733Z",
"dateReserved": "2023-11-22T16:30:53.153Z",
"dateUpdated": "2024-08-02T08:28:20.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25585
Vulnerability from cvelistv5
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | binutils | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-25585"
},
{
"name": "RHBZ#2167498",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167498"
},
{
"tags": [
"x_transferred"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29892"
},
{
"tags": [
"x_transferred"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231103-0003/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25585",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T18:20:22.619522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T18:20:31.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "binutils",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"packageName": "binutils",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "binutils",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "binutils",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "gcc-toolset-11-binutils",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "gcc-toolset-12-binutils",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "binutils",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "gcc-toolset-12-binutils",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "radare2",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "mingw-binutils",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "insight",
"product": "Fedora 36",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "binutils",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "mingw-binutils",
"product": "Fedora 36",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "radare2",
"product": "Extra Packages for Enterprise Linux 8",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "insight",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "radare2",
"product": "Extra Packages for Enterprise Linux 7",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "rizin",
"product": "Extra Packages for Enterprise Linux 8",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "rizin",
"product": "Fedora 36",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "binutils",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "binutils",
"product": "Fedora 36",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "radare2",
"product": "Fedora 36",
"vendor": "Fedora"
}
],
"datePublic": "2022-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-04T05:07:10.765Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-25585"
},
{
"name": "RHBZ#2167498",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167498"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29892"
},
{
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231103-0003/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-12-12T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Field `file_table` of `struct module *module` is uninitialized",
"x_redhatCweChain": "CWE-457: Use of Uninitialized Variable"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-25585",
"datePublished": "2023-09-14T20:50:09.526Z",
"dateReserved": "2023-02-07T19:03:20.221Z",
"dateUpdated": "2025-02-13T16:44:32.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4233
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2255396 | issue-tracking, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ofono_project:ofono:2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ofono",
"vendor": "ofono_project",
"versions": [
{
"status": "affected",
"version": "2.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4233",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-22T19:33:03.801176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:14.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:03.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHBZ#2255396",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255396"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ofono",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "2.1"
}
]
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "ofono",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Mitch Zakocs (Trend Micro Zero Day Initiative) for reporting this issue."
}
],
"datePublic": "2023-12-20T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the sms_decode_address_field() function during the SMS PDU decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-17T22:50:49.698Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"name": "RHBZ#2255396",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255396"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-20T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-12-20T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the sms_decode_address_field() function",
"x_redhatCweChain": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2023-4233",
"datePublished": "2024-04-17T22:50:49.698Z",
"dateReserved": "2023-08-08T08:02:24.411Z",
"dateUpdated": "2024-08-02T07:24:03.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34318
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-34318 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2212283 | issue-tracking, x_refsource_REDHAT |
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | sox | ||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-34318"
},
{
"name": "RHBZ#2212283",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212283"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34318",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T16:11:54.468770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T16:13:25.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "sox",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "sox",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "sox",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "sox",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "sox",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"datePublic": "2023-05-05T00:00:00Z",
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T17:16:59.692Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-34318"
},
{
"name": "RHBZ#2212283",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212283"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-11T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-05T00:00:00Z",
"value": "Made public."
}
],
"title": "Heap-buffer-overflow in src/hcom.c",
"x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-34318",
"datePublished": "2023-07-10T17:16:59.692Z",
"dateReserved": "2023-06-06T07:28:27.555Z",
"dateUpdated": "2024-10-01T16:13:25.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-0160
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-0160 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2159764 | issue-tracking, x_refsource_REDHAT | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56 | ||
| https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/ |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:43.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-0160"
},
{
"name": "RHBZ#2159764",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159764"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56"
},
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:33:35.695707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:33:49.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.4-rc1"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Hsin-Wei Hung (University of California, Irvine) for reporting this issue."
}
],
"datePublic": "2023-03-12T00:00:00Z",
"descriptions": [
{
"lang": "en",
"value": "A deadlock flaw was found in the Linux kernel\u2019s BPF subsystem. This flaw allows a local user to potentially crash the system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-833",
"description": "Deadlock",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-18T16:08:23.653Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-0160"
},
{
"name": "RHBZ#2159764",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159764"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ed17aa92dc56"
},
{
"url": "https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-05T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-03-12T00:00:00Z",
"value": "Made public."
}
],
"title": "Possibility of deadlock in libbpf function sock_hash_delete_elem",
"workarounds": [
{
"lang": "en",
"value": "The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. \n\nThis would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.\n\nFor the Red Hat Enterprise Linux 7 the eBPF for unprivileged users is always disabled.\nFor the Red Hat Enterprise Linux 8 or 9 to confirm the current state, inspect the sysctl with the command:\n\n# cat /proc/sys/kernel/unprivileged_bpf_disabled\n\nThe setting of 1 would mean that unprivileged users cannot use eBPF, mitigating the flaw.\n\nA kernel update will be required to mitigate the flaw for the root or users with CAP_SYS_ADMIN capabilities.\n\nNote: A fix for this CVE may be backported as a part of one of the future BPF subsystem rebases."
}
],
"x_redhatCweChain": "CWE-833: Deadlock"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-0160",
"datePublished": "2023-07-18T16:08:23.653Z",
"dateReserved": "2023-01-10T16:03:54.488Z",
"dateUpdated": "2024-09-26T19:33:49.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3355
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-3355 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2217820 | issue-tracking, x_refsource_REDHAT | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d839f0811a31322c087a859c2b181e2383daa7be |
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | kernel | |||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:01.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3355"
},
{
"name": "RHBZ#2217820",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217820"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d839f0811a31322c087a859c2b181e2383daa7be"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.1-rc8"
}
]
},
{
"defaultStatus": "affected",
"product": "kernel",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jiasheng Jiang (Institute of Software Chinese Academy of Sciences) for reporting this issue."
}
],
"datePublic": "2023-06-26T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference flaw was found in the Linux kernel\u0027s drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value of kmalloc(). This issue allows a local user to crash the system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T02:35:02.994Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3355"
},
{
"name": "RHBZ#2217820",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217820"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d839f0811a31322c087a859c2b181e2383daa7be"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-27T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-06-26T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Null pointer dereference in submit_lookup_cmds() in drivers/gpu/drm/msm/msm_gem_submit.c",
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3355",
"datePublished": "2023-06-28T00:00:00",
"dateReserved": "2023-06-21T00:00:00",
"dateUpdated": "2024-08-02T06:55:01.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3748
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-3748 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2223668 | issue-tracking, x_refsource_REDHAT |
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | frr | |||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3748"
},
{
"name": "RHBZ#2223668",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223668"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T13:44:16.461499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T13:44:27.663Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "frr",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "8.5"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "frr",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "frr",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "frr",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-04-15T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T01:05:10.544Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3748"
},
{
"name": "RHBZ#2223668",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223668"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-24T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-04-15T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Inifinite loop in babld message parsing may cause dos",
"x_redhatCweChain": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3748",
"datePublished": "2023-07-24T15:19:20.511Z",
"dateReserved": "2023-07-18T12:45:44.867Z",
"dateUpdated": "2024-09-27T13:44:27.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4255
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:03.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHBZ#2255207",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255207"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tats/w3m/issues/268"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tats/w3m/pull/273"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "w3m",
"vendor": "n/a"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "w3m",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "w3m",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank iskindar97@gmail.com for reporting this issue."
}
],
"datePublic": "2023-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T02:06:14.580Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHBZ#2255207",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255207"
},
{
"url": "https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3"
},
{
"url": "https://github.com/tats/w3m/issues/268"
},
{
"url": "https://github.com/tats/w3m/pull/273"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-19T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-06-12T00:00:00+00:00",
"value": "Made public."
}
],
"title": "W3m: out-of-bounds write in function checktype() in etc.c (incomplete fix for cve-2022-38223)",
"x_redhatCweChain": "CWE-787: Out-of-bounds Write"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-4255",
"datePublished": "2023-12-21T16:08:39.691Z",
"dateReserved": "2023-08-08T20:16:01.838Z",
"dateUpdated": "2025-02-13T17:09:26.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2908
Vulnerability from cvelistv5
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | Libtiff | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-2908"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218830"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/479"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230731-0004/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2908",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T13:04:03.459315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T13:04:20.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Libtiff",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "4.5.1rc1"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "libtiff",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "compat-libtiff3",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "libtiff",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "compat-libtiff3",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "libtiff",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "libtiff",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "tkimg",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "iv",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "libtiff",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-libtiff",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-06-30T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference issue was found in Libtiff\u0027s tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T01:44:14.895Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-2908"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218830"
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f"
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/479"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230731-0004/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-26T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-06-30T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Libtiff: null pointer dereference in tif_dir.c",
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-2908",
"datePublished": "2023-06-30T00:00:00",
"dateReserved": "2023-05-26T00:00:00",
"dateUpdated": "2024-10-28T13:04:20.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1193
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-1193 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2154177 | issue-tracking, x_refsource_REDHAT | |
| https://lkml.kernel.org/linux-cifs/20230401084951.6085-2-linkinjeon@kernel.org/T/ |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | Kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:58.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1193"
},
{
"name": "RHBZ#2154177",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154177"
},
{
"tags": [
"x_transferred"
],
"url": "https://lkml.kernel.org/linux-cifs/20230401084951.6085-2-linkinjeon@kernel.org/T/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.3-rc6"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Pumpkin (@u1f383), working with DEVCORE Internship Program for reporting this issue."
}
],
"datePublic": "2022-10-02T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-01T19:10:14.210Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1193"
},
{
"name": "RHBZ#2154177",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154177"
},
{
"url": "https://lkml.kernel.org/linux-cifs/20230401084951.6085-2-linkinjeon@kernel.org/T/"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-16T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-10-02T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Use-after-free in setup_async_work()",
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-1193",
"datePublished": "2023-11-01T19:10:14.210Z",
"dateReserved": "2023-03-06T08:46:50.158Z",
"dateUpdated": "2024-08-02T05:40:58.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6780
Vulnerability from cvelistv5
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | glibc | |||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-02-07T17:02:41.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6780"
},
{
"name": "RHBZ#2254396",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254396"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250207-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "glibc",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "2.39"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "compat-glibc",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "compat-glibc",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glibc",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Qualys Threat Research Unit for reporting this issue."
}
],
"datePublic": "2024-01-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T15:30:47.720Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6780"
},
{
"name": "RHBZ#2254396",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254396"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/"
},
{
"url": "https://security.gentoo.org/glsa/202402-01"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-08T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-30T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Glibc: integer overflow in __vsyslog_internal()",
"x_redhatCweChain": "CWE-190-\u003eCWE-131: Integer Overflow or Wraparound leads to Incorrect Calculation of Buffer Size"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6780",
"datePublished": "2024-01-31T14:08:02.610Z",
"dateReserved": "2023-12-13T14:37:40.684Z",
"dateUpdated": "2025-02-07T17:02:41.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3338
Vulnerability from cvelistv5
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3338"
},
{
"name": "RHBZ#2218618",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218618"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2023/q2/276"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230824-0005/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5480"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.5-rc1"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Davide Ornaghi (Betrusted Srl) for reporting this issue."
}
],
"datePublic": "2023-06-26T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference flaw was found in the Linux kernel\u0027s DECnet networking protocol. This issue could allow a remote user to crash the system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T02:34:01.241Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3338"
},
{
"name": "RHBZ#2218618",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218618"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"url": "https://seclists.org/oss-sec/2023/q2/276"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230824-0005/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5480"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-20T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-06-26T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Crash due to a null pointer dereference in the dn_nsp_send function",
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3338",
"datePublished": "2023-06-30T00:00:00",
"dateReserved": "2023-06-20T00:00:00",
"dateUpdated": "2024-08-02T06:55:03.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3301
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-3301 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2215784 | issue-tracking, x_refsource_REDHAT | |
| https://security.netapp.com/advisory/ntap-20231020-0008/ |
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | qemu | |||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3301"
},
{
"name": "RHBZ#2215784",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215784"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231020-0008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3301",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T17:39:47.385450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T17:39:58.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "qemu",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "8.1.0-rc0"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "affected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:13"
],
"defaultStatus": "unknown",
"packageName": "qemu-kvm-rhev",
"product": "Red Hat OpenStack Platform 13 (Queens)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "qemu",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "qemu",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Eugenio Perez Martin (Red Hat)."
}
],
"datePublic": "2023-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T14:06:34.548Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3301"
},
{
"name": "RHBZ#2215784",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215784"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231020-0008/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-14T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-06-19T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Triggerable assertion due to race condition in hot-unplug",
"x_redhatCweChain": "CWE-362-\u003eCWE-617: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) leads to Reachable Assertion"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3301",
"datePublished": "2023-09-13T16:09:36.861Z",
"dateReserved": "2023-06-17T16:48:21.977Z",
"dateUpdated": "2025-02-13T16:55:04.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3164
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-3164 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2213531 | issue-tracking, x_refsource_REDHAT | |
| https://gitlab.com/libtiff/libtiff/-/issues/542 |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | libtiff | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3164"
},
{
"name": "RHBZ#2213531",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213531"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/libtiff/libtiff/-/issues/542"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3164",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-08T17:05:44.992035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T17:04:00.410Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "libtiff",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "libtiff",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "compat-libtiff3",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "libtiff",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "compat-libtiff3",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "libtiff",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "libtiff",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-libtiff",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "libtiff",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank haolaiwei187@gmail.com for reporting this issue."
}
],
"datePublic": "2023-04-03T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-08T11:23:19.581Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3164"
},
{
"name": "RHBZ#2213531",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213531"
},
{
"url": "https://gitlab.com/libtiff/libtiff/-/issues/542"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-08T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-04-03T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Heap-buffer-overflow in extractimagesection()",
"x_redhatCweChain": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3164",
"datePublished": "2023-11-02T11:26:28.533Z",
"dateReserved": "2023-06-08T13:31:04.848Z",
"dateUpdated": "2024-10-11T17:04:00.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4256
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHBZ#2255212",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255212"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/appneta/tcpreplay/issues/813"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3GYCHPVJ2VFN3D7FI4IRMDVMILLWBRF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMW5CIODKRHUUH7NTAYIRWGSJ56DTGXM/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EHUILQV2YJI5TXXXJA5FQ2HJQGFT7NTN/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "tcpreplay",
"vendor": "n/a"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "tcpreplay",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "tcpreplay",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank iskindar97@gmail.com for reporting this issue."
}
],
"datePublic": "2023-07-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Within tcpreplay\u0027s tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-24T02:06:07.371Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHBZ#2255212",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255212"
},
{
"url": "https://github.com/appneta/tcpreplay/issues/813"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3GYCHPVJ2VFN3D7FI4IRMDVMILLWBRF/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMW5CIODKRHUUH7NTAYIRWGSJ56DTGXM/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EHUILQV2YJI5TXXXJA5FQ2HJQGFT7NTN/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-19T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-07-19T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Tcpreplay: tcprewrite: double free in tcpedit_dlt_cleanup() in plugins/dlt_plugins.c",
"x_redhatCweChain": "CWE-415: Double Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-4256",
"datePublished": "2023-12-21T16:03:21.837Z",
"dateReserved": "2023-08-08T20:17:30.643Z",
"dateUpdated": "2025-02-13T17:09:26.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4135
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-4135 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2229101 | issue-tracking, x_refsource_REDHAT | |
| https://security.netapp.com/advisory/ntap-20230915-0012/ | ||
| https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521 |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | qemu-kvm | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4135"
},
{
"name": "RHBZ#2229101",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229101"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230915-0012/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qemu-kvm",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "8.1.0"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "unaffected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "qemu",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "qemu",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Trend Micro Zero Day Initiative for reporting this issue."
}
],
"datePublic": "2023-08-03T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T01:32:54.867Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4135"
},
{
"name": "RHBZ#2229101",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229101"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230915-0012/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-03T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-08-03T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Out-of-bounds read information disclosure vulnerability",
"x_redhatCweChain": "CWE-125: Out-of-bounds Read"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-4135",
"datePublished": "2023-08-04T13:19:15.760Z",
"dateReserved": "2023-08-03T09:52:00.316Z",
"dateUpdated": "2024-08-02T07:17:11.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25588
Vulnerability from cvelistv5
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | binutils | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-25588"
},
{
"name": "RHBZ#2167505",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167505"
},
{
"tags": [
"x_transferred"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29677"
},
{
"tags": [
"x_transferred"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231103-0003/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25588",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T18:22:06.630431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T18:22:15.590Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "binutils",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"packageName": "binutils",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "binutils",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "binutils",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "gcc-toolset-11-binutils",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "gcc-toolset-12-binutils",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "binutils",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "gcc-toolset-12-binutils",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "binutils",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "radare2",
"product": "Extra Packages for Enterprise Linux 8",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "binutils",
"product": "Fedora 36",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "radare2",
"product": "Extra Packages for Enterprise Linux 7",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "radare2",
"product": "Fedora 36",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "binutils",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "mingw-binutils",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "radare2",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "insight",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "insight",
"product": "Fedora 36",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "mingw-binutils",
"product": "Fedora 36",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "rizin",
"product": "Extra Packages for Enterprise Linux 8",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "rizin",
"product": "Fedora 36",
"vendor": "Fedora"
}
],
"datePublic": "2022-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-04T05:07:12.363Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-25588"
},
{
"name": "RHBZ#2167505",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167505"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29677"
},
{
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231103-0003/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-12-12T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`",
"x_redhatCweChain": "CWE-457: Use of Uninitialized Variable"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-25588",
"datePublished": "2023-09-14T20:47:16.974Z",
"dateReserved": "2023-02-07T19:03:20.221Z",
"dateUpdated": "2025-02-13T16:44:33.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32258
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-32258 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2219809 | issue-tracking, x_refsource_REDHAT | |
| https://security.netapp.com/advisory/ntap-20230915-0011/ | ||
| https://www.zerodayinitiative.com/advisories/ZDI-CAN-20796/ |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:23.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32258"
},
{
"name": "RHBZ#2219809",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219809"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230915-0011/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20796/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.4-rc1"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-05-04T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u0027s ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T03:29:15.355Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32258"
},
{
"name": "RHBZ#2219809",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219809"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230915-0011/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20796/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-27T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-04T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Session race condition remote code execution vulnerability",
"x_redhatCweChain": "CWE-667-\u003eCWE-362: Improper Locking leads to Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-32258",
"datePublished": "2023-07-24T15:19:26.475Z",
"dateReserved": "2023-05-05T10:00:07.896Z",
"dateUpdated": "2024-08-02T15:10:23.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-4132
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-4132 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2147372 | issue-tracking, x_refsource_REDHAT |
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | jss | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-4132"
},
{
"name": "RHBZ#2147372",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2147372"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T14:41:27.673796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T14:41:40.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "jss",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "5.5.0"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "jss",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "tomcatjss",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "jss",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "tomcat",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "jss",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "pki-deps:10.6/pki-servlet-engine",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "jss",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "pki-servlet-engine",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_web_server:3"
],
"defaultStatus": "unknown",
"packageName": "tomcat7",
"product": "Red Hat JBoss Web Server 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_web_server:3"
],
"defaultStatus": "unknown",
"packageName": "tomcat8",
"product": "Red Hat JBoss Web Server 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_web_server:5"
],
"defaultStatus": "unaffected",
"packageName": "jws5-tomcat",
"product": "Red Hat JBoss Web Server 5",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "jss",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "jss",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "tomcat",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "tomcat",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"datePublic": "2022-11-23T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page)."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-04T11:26:11.191Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-4132"
},
{
"name": "RHBZ#2147372",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2147372"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-11-23T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-11-23T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Memory leak on tls connections",
"x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-4132",
"datePublished": "2023-10-04T11:26:11.191Z",
"dateReserved": "2022-11-23T20:20:38.318Z",
"dateUpdated": "2024-09-19T14:41:40.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32665
Vulnerability from cvelistv5
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | glib2 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32665",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-27T17:04:41.563399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T19:16:35.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32665"
},
{
"name": "RHBZ#2211827",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211827"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2121"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-18"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240426-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "glib2",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora 38",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glib2",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-glib2",
"product": "Fedora 38",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-glib2",
"product": "Fedora 37",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges William Manley as the original reporter."
}
],
"datePublic": "2022-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T09:06:01.299Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32665"
},
{
"name": "RHBZ#2211827",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211827"
},
{
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2121"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html"
},
{
"url": "https://security.gentoo.org/glsa/202311-18"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240426-0006/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-24T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-12-14T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Gvariant deserialisation does not match spec for non-normal data",
"x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-32665",
"datePublished": "2023-09-14T19:03:58.229Z",
"dateReserved": "2023-05-30T11:48:42.074Z",
"dateUpdated": "2025-02-13T16:54:55.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6779
Vulnerability from cvelistv5
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | glibc | |||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6779"
},
{
"name": "RHBZ#2254395",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254395"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240223-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "glibc",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "2.39"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "compat-glibc",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "compat-glibc",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glibc",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Qualys Threat Research Unit for reporting this issue."
}
],
"datePublic": "2024-01-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-23T16:05:57.859Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6779"
},
{
"name": "RHBZ#2254395",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254395"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/"
},
{
"url": "https://security.gentoo.org/glsa/202402-01"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240223-0006/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-08T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-30T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal()",
"x_redhatCweChain": "CWE-193-\u003eCWE-122: Off-by-one Error leads to Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6779",
"datePublished": "2024-01-31T14:07:41.967Z",
"dateReserved": "2023-12-13T14:37:37.111Z",
"dateUpdated": "2025-02-13T17:26:32.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4232
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2255394 | issue-tracking, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T16:01:09.656026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:13.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:03.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHBZ#2255394",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255394"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ofono",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "2.1"
}
]
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "ofono",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Mitch Zakocs (Trend Micro Zero Day Initiative) for reporting this issue."
}
],
"datePublic": "2023-12-20T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_status_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_status_report()."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-17T22:49:12.892Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"name": "RHBZ#2255394",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255394"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-20T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-12-20T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_status_report() function",
"x_redhatCweChain": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2023-4232",
"datePublished": "2024-04-17T22:49:12.892Z",
"dateReserved": "2023-08-08T08:01:09.933Z",
"dateUpdated": "2024-08-02T07:24:03.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6039
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-6039 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248755 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/torvalds/linux/commit/1e7417c188d0a83fb385ba2dbe35fd2563f2b6f3 |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | Kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6039"
},
{
"name": "RHBZ#2248755",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248755"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/1e7417c188d0a83fb385ba2dbe35fd2563f2b6f3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.5-rc5"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Duoming Zhou for reporting this issue."
}
],
"datePublic": "2023-07-26T06:30:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T01:47:14.794Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6039"
},
{
"name": "RHBZ#2248755",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248755"
},
{
"url": "https://github.com/torvalds/linux/commit/1e7417c188d0a83fb385ba2dbe35fd2563f2b6f3"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-08T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-07-26T06:30:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: use-after-free in drivers/net/usb/lan78xx.c in lan78xx_disconnect",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is to skip loading the affected module \"lan78xx\" onto the system till we have a fix available, this can be done by a blacklist mechanism, this will ensure the driver is not loaded at the boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278 \n~~~"
}
],
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6039",
"datePublished": "2023-11-09T15:08:03.326Z",
"dateReserved": "2023-11-08T19:23:55.857Z",
"dateUpdated": "2024-08-02T08:21:17.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3618
Vulnerability from cvelistv5
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | libtiff | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:56.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3618"
},
{
"name": "RHBZ#2215865",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215865"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230824-0012/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214038"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214036"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214037"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:26:00.978317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:26:31.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "libtiff",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "libtiff",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "compat-libtiff3",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "libtiff",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "compat-libtiff3",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "libtiff",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "libtiff",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "iv",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "libtiff",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "mingw-libtiff",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "tkimg",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-02-13T00:00:00Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T00:27:54.327174Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3618"
},
{
"name": "RHBZ#2215865",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215865"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230824-0012/"
},
{
"url": "https://support.apple.com/kb/HT214038"
},
{
"url": "https://support.apple.com/kb/HT214036"
},
{
"url": "https://support.apple.com/kb/HT214037"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-19T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-02-13T00:00:00Z",
"value": "Made public."
}
],
"title": "Segmentation fault in fax3encode in libtiff/tif_fax3.c",
"x_redhatCweChain": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3618",
"datePublished": "2023-07-12T14:06:04.572Z",
"dateReserved": "2023-07-11T14:46:05.545Z",
"dateUpdated": "2024-09-26T19:26:31.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4569
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-4569 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2235470 | issue-tracking, x_refsource_REDHAT | |
| https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230812110526.49808-1-fw@strlen.de/ | ||
| https://www.debian.org/security/2023/dsa-5492 |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | Kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4569"
},
{
"name": "RHBZ#2235470",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235470"
},
{
"tags": [
"x_transferred"
],
"url": "https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230812110526.49808-1-fw@strlen.de/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5492"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.5-rc7"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-08-12T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause double-deactivations of catchall elements, which can result in a memory leak."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-402",
"description": "Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T01:46:50.244Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4569"
},
{
"name": "RHBZ#2235470",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235470"
},
{
"url": "https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230812110526.49808-1-fw@strlen.de/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5492"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-28T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-08-12T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is to skip loading the affected module \"nftables\" onto the system until we have a fix available. This can be done by a blacklist mechanism that will ensure the driver is not loaded at boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278 \n~~~"
}
],
"x_redhatCweChain": "CWE-402: Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-4569",
"datePublished": "2023-08-28T21:46:12.599Z",
"dateReserved": "2023-08-28T19:20:15.017Z",
"dateUpdated": "2024-08-02T07:31:06.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3603
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-3603 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2221791 | issue-tracking, x_refsource_REDHAT |
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | libssh | |||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:56.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3603"
},
{
"name": "RHBZ#2221791",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221791"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T20:04:28.247195Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T20:04:43.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "libssh",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "libssh",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "libssh",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "libssh",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "libssh",
"product": "Extra Packages for Enterprise Linux 7",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "libssh",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Upstream acknowledges Wei Chong Tan as the original reporter."
}
],
"datePublic": "2023-07-10T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user\u0027s sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users.\r\n\r\nGiven this code is not in any released versions, no security releases have been issued."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T00:58:36.996Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3603"
},
{
"name": "RHBZ#2221791",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221791"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-10T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-07-10T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Processing sftp server read may cause null dereference",
"workarounds": [
{
"lang": "en",
"value": "The SFTP server implementation is based on callbacks so you can rewrite the sftp_channel_default_data_callback() to provide additional checks.\n\n[1] https://gitlab.com/libssh/libssh-mirror/-/blob/master/examples/sample_sftpserver.c#L330"
}
],
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3603",
"datePublished": "2023-07-21T19:09:44.083Z",
"dateReserved": "2023-07-10T18:21:21.431Z",
"dateUpdated": "2024-09-26T20:04:43.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32248
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-32248 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2219818 | issue-tracking, x_refsource_REDHAT | |
| https://security.netapp.com/advisory/ntap-20230915-0006/ | ||
| https://www.zerodayinitiative.com/advisories/ZDI-CAN-20479/ |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32248"
},
{
"name": "RHBZ#2219818",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219818"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230915-0006/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20479/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.4-rc1"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-05-04T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u0027s ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T03:27:39.926Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32248"
},
{
"name": "RHBZ#2219818",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219818"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230915-0006/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20479/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-27T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-04T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Tree connection null pointer dereference denial-of-service vulnerability",
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-32248",
"datePublished": "2023-07-24T15:19:27.342Z",
"dateReserved": "2023-05-05T10:00:07.895Z",
"dateUpdated": "2024-08-02T15:10:24.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4234
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2255399 | issue-tracking, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:linux:ofono:2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ofono",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "2.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-22T15:41:39.720657Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:37:23.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHBZ#2255399",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255399"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ofono",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "2.1"
}
]
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "ofono",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Mitch Zakocs (Trend Micro Zero Day Initiative) for reporting this issue."
}
],
"datePublic": "2023-12-20T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_submit_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_submit_report()."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-17T22:53:32.562Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"name": "RHBZ#2255399",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255399"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-20T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-12-20T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_submit_report() function",
"x_redhatCweChain": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2023-4234",
"datePublished": "2024-04-17T22:53:32.562Z",
"dateReserved": "2023-08-08T08:03:49.574Z",
"dateUpdated": "2024-08-02T07:24:04.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25586
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-25586"
},
{
"name": "RHBZ#2167502",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167502"
},
{
"tags": [
"x_transferred"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29855"
},
{
"tags": [
"x_transferred"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5830876a0cca17bef3b2d54908928e72cca53502"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231103-0003/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25586",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T18:21:11.697914Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T18:21:19.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "binutils",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "binutils",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "binutils",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "gdb",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "binutils",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "gcc-toolset-11-binutils",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "gcc-toolset-11-gdb",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "gcc-toolset-12-binutils",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "gcc-toolset-12-gdb",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "gdb",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "binutils",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "gcc-toolset-12-binutils",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "gcc-toolset-12-gdb",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "gdb",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "gdb",
"product": "Fedora 36",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "mingw-binutils",
"product": "Fedora 36",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "radare2",
"product": "Fedora 36",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "radare2",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "radare2",
"product": "Extra Packages for Enterprise Linux 7",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "binutils",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "insight",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "binutils",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "mingw-binutils",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "insight",
"product": "Fedora 36",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "binutils",
"product": "Fedora 36",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "radare2",
"product": "Extra Packages for Enterprise Linux 8",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "rizin",
"product": "Extra Packages for Enterprise Linux 8",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "rizin",
"product": "Fedora 36",
"vendor": "Fedora"
}
],
"datePublic": "2022-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-04T05:07:13.976Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-25586"
},
{
"name": "RHBZ#2167502",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167502"
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29855"
},
{
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5830876a0cca17bef3b2d54908928e72cca53502"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231103-0003/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-12-12T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Local variable `ch_type` in function `bfd_init_section_decompress_status` can be uninitialized",
"x_redhatCweChain": "CWE-457: Use of Uninitialized Variable"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-25586",
"datePublished": "2023-09-14T20:49:15.468Z",
"dateReserved": "2023-02-07T19:03:20.221Z",
"dateUpdated": "2025-02-13T16:44:33.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25584
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-25584 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2167467 | issue-tracking, x_refsource_REDHAT | |
| https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44 | ||
| https://security.netapp.com/advisory/ntap-20231103-0002/ |
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | binutils | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-25584"
},
{
"name": "RHBZ#2167467",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167467"
},
{
"tags": [
"x_transferred"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231103-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-23T19:33:44.565202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:47:06.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "binutils",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"packageName": "binutils",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "binutils",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "binutils",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "gcc-toolset-11-binutils",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "gcc-toolset-11-gdb",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "gcc-toolset-12-binutils",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "gcc-toolset-12-gdb",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "binutils",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "gcc-toolset-12-binutils",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "gcc-toolset-12-gdb",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "radare2",
"product": "Extra Packages for Enterprise Linux 8",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "binutils",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "radare2",
"product": "Fedora 36",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "binutils",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "radare2",
"product": "Extra Packages for Enterprise Linux 7",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "mingw-binutils",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "radare2",
"product": "Fedora 37",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "insight",
"product": "Fedora 36",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "rizin",
"product": "Extra Packages for Enterprise Linux 8",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "binutils",
"product": "Fedora 36",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "rizin",
"product": "Fedora 36",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "mingw-binutils",
"product": "Fedora 36",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "insight",
"product": "Fedora 37",
"vendor": "Fedora"
}
],
"datePublic": "2022-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-04T05:07:06.103Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-25584"
},
{
"name": "RHBZ#2167467",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167467"
},
{
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231103-0002/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-12T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-12-12T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Out of bounds read in parse_module function in bfd/vms-alpha.c",
"x_redhatCweChain": "CWE-125: Out-of-bounds Read"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-25584",
"datePublished": "2023-09-14T20:50:58.267Z",
"dateReserved": "2023-02-07T19:03:20.220Z",
"dateUpdated": "2025-02-13T16:44:31.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3863
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-3863 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2225126 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/torvalds/linux/commit/6709d4b7bc2e079241fdef15d1160581c5261c10 | ||
| https://www.debian.org/security/2023/dsa-5480 | ||
| https://www.debian.org/security/2023/dsa-5492 | ||
| https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html | ||
| https://security.netapp.com/advisory/ntap-20240202-0002/ |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | Kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3863"
},
{
"name": "RHBZ#2225126",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225126"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/6709d4b7bc2e079241fdef15d1160581c5261c10"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5492"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240202-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.5-rc1"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-06-25T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T14:06:30.127Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3863"
},
{
"name": "RHBZ#2225126",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225126"
},
{
"url": "https://github.com/torvalds/linux/commit/6709d4b7bc2e079241fdef15d1160581c5261c10"
},
{
"url": "https://www.debian.org/security/2023/dsa-5480"
},
{
"url": "https://www.debian.org/security/2023/dsa-5492"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240202-0002/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-21T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-06-25T06:30:00+00:00",
"value": "Made public."
}
],
"title": "Use-after-free in nfc_llcp_find_loca in net/nfc/llcp_core.c",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3863",
"datePublished": "2023-07-24T14:25:02.287Z",
"dateReserved": "2023-07-24T11:13:32.622Z",
"dateUpdated": "2025-02-13T17:02:27.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1386
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-1386 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2223985 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/advisories/GHSA-ppj8-867g-rgjr | ||
| https://github.com/v9fs/linux/issues/29 | ||
| https://security.netapp.com/advisory/ntap-20230831-0005/ |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | qemu | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1386"
},
{
"name": "RHBZ#2223985",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223985"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-ppj8-867g-rgjr"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/v9fs/linux/issues/29"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230831-0005/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T19:57:40.931519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T19:57:50.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "qemu",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "unaffected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "qemu",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "qemu",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"datePublic": "2023-03-07T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-17T17:34:27.317Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-1386"
},
{
"name": "RHBZ#2223985",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223985"
},
{
"url": "https://github.com/advisories/GHSA-ppj8-867g-rgjr"
},
{
"url": "https://github.com/v9fs/linux/issues/29"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230831-0005/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-01T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-03-07T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Qemu: 9pfs: suid/sgid bits not dropped on file write",
"x_redhatCweChain": "CWE-281: Improper Preservation of Permissions"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-1386",
"datePublished": "2023-07-24T15:19:25.843Z",
"dateReserved": "2023-03-14T10:31:59.556Z",
"dateUpdated": "2024-09-25T19:57:50.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38469
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-38469 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2191687 | issue-tracking, x_refsource_REDHAT |
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | avahi | |||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-38469"
},
{
"name": "RHBZ#2191687",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191687"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T13:53:35.768386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T14:21:27.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "avahi",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "avahi",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-04-26T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-02T14:49:26.283Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-38469"
},
{
"name": "RHBZ#2191687",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191687"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-26T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-04-26T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Reachable assertion in avahi_dns_packet_append_record",
"x_redhatCweChain": "CWE-617: Reachable Assertion"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-38469",
"datePublished": "2023-11-02T14:49:26.283Z",
"dateReserved": "2023-07-18T09:48:04.752Z",
"dateUpdated": "2024-08-29T14:21:27.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32247
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-32247 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2219803 | issue-tracking, x_refsource_REDHAT | |
| https://security.netapp.com/advisory/ntap-20230915-0011/ | ||
| https://www.zerodayinitiative.com/advisories/ZDI-CAN-20478/ |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:23.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32247"
},
{
"name": "RHBZ#2219803",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219803"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230915-0011/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20478/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.4-rc1"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-05-04T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u0027s ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T03:27:09.893Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32247"
},
{
"name": "RHBZ#2219803",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219803"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230915-0011/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20478/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-27T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-04T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Session setup memory exhaustion denial-of-service vulnerability",
"x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-32247",
"datePublished": "2023-07-24T15:19:23.840Z",
"dateReserved": "2023-05-05T10:00:07.894Z",
"dateUpdated": "2024-08-02T15:10:23.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38472
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-38472 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2191692 | issue-tracking, x_refsource_REDHAT |
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | avahi | |||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-38472"
},
{
"name": "RHBZ#2191692",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191692"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38472",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T13:55:06.065680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T14:17:10.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "avahi",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "avahi",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-04-26T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-02T14:59:24.996Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-38472"
},
{
"name": "RHBZ#2191692",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191692"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-26T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-04-26T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Reachable assertion in avahi_rdata_parse",
"x_redhatCweChain": "CWE-617: Reachable Assertion"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-38472",
"datePublished": "2023-11-02T14:59:24.996Z",
"dateReserved": "2023-07-18T09:48:04.753Z",
"dateUpdated": "2024-08-29T14:17:10.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32257
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-32257 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2219806 | issue-tracking, x_refsource_REDHAT | |
| https://security.netapp.com/advisory/ntap-20230915-0011/ | ||
| https://www.zerodayinitiative.com/advisories/ZDI-CAN-20596/ |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:23.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32257"
},
{
"name": "RHBZ#2219806",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219806"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230915-0011/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20596/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.4-rc1"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-05-04T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u0027s ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T03:30:20.769Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32257"
},
{
"name": "RHBZ#2219806",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219806"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230915-0011/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20596/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-27T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-04T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Session race condition remote code execution vulnerability",
"x_redhatCweChain": "CWE-667-\u003eCWE-362: Improper Locking leads to Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-32257",
"datePublished": "2023-07-24T15:19:26.923Z",
"dateReserved": "2023-05-05T10:00:07.896Z",
"dateUpdated": "2024-08-02T15:10:23.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5366
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-5366 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2006347 | issue-tracking, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2024/02/08/4 | ||
| https://lists.debian.org/debian-lts-announce/2024/02/msg00004.html | ||
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/ | ||
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/ |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | openvswitch | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:43.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5366"
},
{
"name": "RHBZ#2006347",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006347"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/08/4"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00004.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "openvswitch",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.10",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.11",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.12",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.13",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.15",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.11",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.12",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.13",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.15",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.16",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.17",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.1",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.17",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "unknown",
"packageName": "openvswitch3.0",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.1",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "openvswitch",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:3.11"
],
"defaultStatus": "unknown",
"packageName": "openvswitch-ovn-kubernetes",
"product": "Red Hat OpenShift Container Platform 3.11",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unknown",
"packageName": "openvswitch2.15",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.16",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.17",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.0",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.1",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:16.1"
],
"defaultStatus": "unaffected",
"packageName": "rhosp-openvswitch",
"product": "Red Hat OpenStack Platform 16.1",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:16.2"
],
"defaultStatus": "unaffected",
"packageName": "rhosp-openvswitch",
"product": "Red Hat OpenStack Platform 16.2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/:redhat:enterprise_linux:::hypervisor"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.11",
"product": "Red Hat Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/:redhat:enterprise_linux:::hypervisor"
],
"defaultStatus": "affected",
"packageName": "redhat-virtualization-host",
"product": "Red Hat Virtualization 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "openvswitch",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Alex Katz (Red Hat) and Slawomir Kaplonski (Red Hat)."
}
],
"datePublic": "2023-09-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-23T02:06:38.589Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5366"
},
{
"name": "RHBZ#2006347",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006347"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/08/4"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00004.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VYYUBF6OW2JG7VOFEOROHXGSJCTES3QO/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFZADABUDOFI2KZIRQBYFZCIKH55RGY3/"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-09-21T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-09-26T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Openvswitch don\u0027t match packets on nd_target field",
"x_redhatCweChain": "CWE-345: Insufficient Verification of Data Authenticity"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-5366",
"datePublished": "2023-10-06T17:43:34.376Z",
"dateReserved": "2023-10-03T19:14:58.793Z",
"dateUpdated": "2025-02-13T17:20:09.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4611
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-4611 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2227244 | issue-tracking, x_refsource_REDHAT | |
| https://www.spinics.net/lists/stable-commits/msg310136.html |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | Kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4611"
},
{
"name": "RHBZ#2227244",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2227244"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.spinics.net/lists/stable-commits/msg310136.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.5-rc4"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-07-28T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T01:56:22.319Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4611"
},
{
"name": "RHBZ#2227244",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2227244"
},
{
"url": "https://www.spinics.net/lists/stable-commits/msg310136.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-28T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-07-28T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Use after free race between mbind() and vma-locked page fault",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-4611",
"datePublished": "2023-08-29T21:25:53.315Z",
"dateReserved": "2023-08-29T19:31:43.618Z",
"dateUpdated": "2024-08-02T07:31:06.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4394
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-4394 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2219263 | issue-tracking, x_refsource_REDHAT | |
| https://patchwork.kernel.org/project/linux-btrfs/patch/20220815151606.3479183-1-r33s3n6@gmail.com/ |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | Kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4394"
},
{
"name": "RHBZ#2219263",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219263"
},
{
"tags": [
"x_transferred"
],
"url": "https://patchwork.kernel.org/project/linux-btrfs/patch/20220815151606.3479183-1-r33s3n6@gmail.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.0-rc3"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2022-08-15T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information"
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T01:41:31.767Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4394"
},
{
"name": "RHBZ#2219263",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219263"
},
{
"url": "https://patchwork.kernel.org/project/linux-btrfs/patch/20220815151606.3479183-1-r33s3n6@gmail.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-28T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-08-15T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Memory leak in btrfs_get_dev_args_from_path()",
"x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-4394",
"datePublished": "2023-08-17T12:49:14.052Z",
"dateReserved": "2023-08-17T03:04:04.317Z",
"dateUpdated": "2024-08-02T07:24:04.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4389
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-4389 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2219271 | issue-tracking, x_refsource_REDHAT | |
| https://patchwork.kernel.org/project/linux-btrfs/patch/20220324134454.15192-1-baijiaju1990@gmail.com/ |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | Kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4389"
},
{
"name": "RHBZ#2219271",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219271"
},
{
"tags": [
"x_transferred"
],
"url": "https://patchwork.kernel.org/project/linux-btrfs/patch/20220324134454.15192-1-baijiaju1990@gmail.com/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:15:45.840832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:32:59.062Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "5.18-rc3"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2022-03-24T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T14:07:09.149Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4389"
},
{
"name": "RHBZ#2219271",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219271"
},
{
"url": "https://patchwork.kernel.org/project/linux-btrfs/patch/20220324134454.15192-1-baijiaju1990@gmail.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-28T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2022-03-24T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: btrfs: double free in btrfs_get_root_ref()",
"x_redhatCweChain": "CWE-415: Double Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-4389",
"datePublished": "2023-08-16T18:49:10.737Z",
"dateReserved": "2023-08-16T17:48:07.101Z",
"dateUpdated": "2024-10-15T18:32:59.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4155
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-4155 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2213802 | issue-tracking, x_refsource_REDHAT |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4155"
},
{
"name": "RHBZ#2213802",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213802"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "kernel",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-08-04T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`)."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T16:11:39.213Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4155"
},
{
"name": "RHBZ#2213802",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213802"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-09T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-08-04T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Sev-es / sev-snp vmgexit double fetch vulnerability",
"x_redhatCweChain": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-4155",
"datePublished": "2023-09-13T16:11:39.213Z",
"dateReserved": "2023-08-04T14:48:29.732Z",
"dateUpdated": "2024-08-02T07:17:12.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4235
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2255402 | issue-tracking, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4235",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-18T20:49:56.114272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:18.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHBZ#2255402",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255402"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ofono",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "2.1"
}
]
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "ofono",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Mitch Zakocs (Trend Micro Zero Day Initiative) for reporting this issue."
}
],
"datePublic": "2023-12-20T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver_report()."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-17T22:54:27.254Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"name": "RHBZ#2255402",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255402"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-20T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-12-20T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_deliver_report() function",
"x_redhatCweChain": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2023-4235",
"datePublished": "2024-04-17T22:54:27.254Z",
"dateReserved": "2023-08-08T08:04:57.578Z",
"dateUpdated": "2024-08-02T07:24:04.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3354
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-3354 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2216478 | issue-tracking, x_refsource_REDHAT | |
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/ | ||
| https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html |
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | qemu | |||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:00.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3354"
},
{
"name": "RHBZ#2216478",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216478"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "qemu",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm-ma",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "virt:rhel/qemu-kvm",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:advanced_virtualization:8::el8"
],
"defaultStatus": "affected",
"packageName": "virt:av/qemu-kvm",
"product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:13"
],
"defaultStatus": "affected",
"packageName": "qemu-kvm-rhev",
"product": "Red Hat OpenStack Platform 13 (Queens)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "qemu",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "qemu",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank jiangyegen (Huawei Vulnerability Management Center) and yexiao7 (Huawei Vulnerability Management Center) for reporting this issue."
}
],
"datePublic": "2023-06-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-11T18:05:59.059Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3354"
},
{
"name": "RHBZ#2216478",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216478"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-21T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-06-28T00:00:00Z",
"value": "Made public."
}
],
"title": "Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service",
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3354",
"datePublished": "2023-07-11T16:16:56.294Z",
"dateReserved": "2023-06-21T12:33:29.897Z",
"dateUpdated": "2025-02-13T16:55:08.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-42752
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html | ||
| https://access.redhat.com/security/cve/CVE-2023-42752 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2239828 | issue-tracking, x_refsource_REDHAT | |
| https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=915d975b2ffa | ||
| https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c3b704d4a4a2 |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | Kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:30:24.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-42752"
},
{
"name": "RHBZ#2239828",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239828"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=915d975b2ffa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c3b704d4a4a2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.6-rc1"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-09-19T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T02:24:21.308Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-42752"
},
{
"name": "RHBZ#2239828",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239828"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=915d975b2ffa"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c3b704d4a4a2"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-20T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-09-19T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: integer overflow in igmpv3_newpack leading to exploitable memory access",
"x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-42752",
"datePublished": "2023-10-13T01:41:49.818Z",
"dateReserved": "2023-09-13T11:03:47.961Z",
"dateUpdated": "2024-08-02T19:30:24.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34432
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-34432 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2212291 | issue-tracking, x_refsource_REDHAT |
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | sox | ||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:07.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-34432"
},
{
"name": "RHBZ#2212291",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212291"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34432",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T16:23:54.315286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T16:24:35.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "sox",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "sox",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "sox",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "sox",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "sox",
"product": "Extra Packages for Enterprise Linux",
"vendor": "Fedora"
}
],
"datePublic": "2023-05-05T00:00:00Z",
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T20:05:39.681Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-34432"
},
{
"name": "RHBZ#2212291",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2212291"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-11T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-05T00:00:00Z",
"value": "Made public."
}
],
"title": "Heap-buffer-overflow in src/formats_i.c",
"x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-34432",
"datePublished": "2023-07-10T20:05:39.681Z",
"dateReserved": "2023-06-06T07:28:27.561Z",
"dateUpdated": "2024-10-01T16:24:35.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38470
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-38470 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2191690 | issue-tracking, x_refsource_REDHAT |
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | avahi | |||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-38470"
},
{
"name": "RHBZ#2191690",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191690"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T13:54:46.019977Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T14:21:01.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "avahi",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "avahi",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-04-26T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-02T14:57:28.872Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-38470"
},
{
"name": "RHBZ#2191690",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191690"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-26T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-04-26T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Reachable assertion in avahi_escape_label",
"x_redhatCweChain": "CWE-617: Reachable Assertion"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-38470",
"datePublished": "2023-11-02T14:57:28.872Z",
"dateReserved": "2023-07-18T09:48:04.752Z",
"dateUpdated": "2024-08-29T14:21:01.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6246
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/176931/glibc-qsort-Out-Of-Bounds-Read-Write.html | ||
| http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html | ||
| http://seclists.org/fulldisclosure/2024/Feb/3 | ||
| http://seclists.org/fulldisclosure/2024/Feb/5 | ||
| https://access.redhat.com/security/cve/CVE-2023-6246 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2249053 | issue-tracking, x_refsource_REDHAT | |
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/ | ||
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/ | ||
| https://security.gentoo.org/glsa/202402-01 | ||
| https://www.openwall.com/lists/oss-security/2024/01/30/6 | ||
| https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt | ||
| https://security.netapp.com/advisory/ntap-20240216-0007/ |
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | glibc | |||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:18.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176931/glibc-qsort-Out-Of-Bounds-Read-Write.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Feb/5"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6246"
},
{
"name": "RHBZ#2249053",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249053"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240216-0007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6246",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-09T05:00:28.307432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T17:53:03.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "glibc",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "2.39"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "compat-glibc",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "compat-glibc",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "glibc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "glibc",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Qualys Threat Research Unit for reporting this issue."
}
],
"datePublic": "2024-01-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-16T13:05:53.547Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://packetstormsecurity.com/files/176931/glibc-qsort-Out-Of-Bounds-Read-Write.html"
},
{
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Feb/5"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6246"
},
{
"name": "RHBZ#2249053",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249053"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/"
},
{
"url": "https://security.gentoo.org/glsa/202402-01"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"url": "https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240216-0007/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-06T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-30T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Glibc: heap-based buffer overflow in __vsyslog_internal()",
"x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6246",
"datePublished": "2024-01-31T14:06:21.949Z",
"dateReserved": "2023-11-21T19:14:21.669Z",
"dateUpdated": "2025-02-13T17:26:15.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4154
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-4154 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2241883 | issue-tracking, x_refsource_REDHAT | |
| https://bugzilla.samba.org/show_bug.cgi?id=15424 | ||
| https://security.netapp.com/advisory/ntap-20231124-0002/ | ||
| https://www.samba.org/samba/security/CVE-2023-4154.html |
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | samba | |||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4154"
},
{
"name": "RHBZ#2241883",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241883"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.samba.org/show_bug.cgi?id=15424"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231124-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.samba.org/samba/security/CVE-2023-4154.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "samba",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "4.19.1"
},
{
"status": "unaffected",
"version": "4.18.8"
},
{
"status": "unaffected",
"version": "4.17.12"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "samba",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "samba4",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "samba",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "samba",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "samba",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:storage:3"
],
"defaultStatus": "unaffected",
"packageName": "samba",
"product": "Red Hat Storage 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "samba",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-10-10T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A design flaw was found in Samba\u0027s DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T01:33:49.736Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-4154"
},
{
"name": "RHBZ#2241883",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241883"
},
{
"url": "https://bugzilla.samba.org/show_bug.cgi?id=15424"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231124-0002/"
},
{
"url": "https://www.samba.org/samba/security/CVE-2023-4154.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-03T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-10-10T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Samba: ad dc password exposure to privileged users and rodcs",
"x_redhatCweChain": "CWE-787: Out-of-bounds Write"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-4154",
"datePublished": "2023-11-07T19:14:28.305Z",
"dateReserved": "2023-08-04T13:22:07.200Z",
"dateUpdated": "2024-08-02T07:17:12.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6238
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-6238 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2250834 | issue-tracking, x_refsource_REDHAT |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:18.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6238"
},
{
"name": "RHBZ#2250834",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250834"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6238",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:15:22.209823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T18:01:41.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "kernel",
"vendor": "n/a"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-10-13T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-06T23:30:20.019Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6238"
},
{
"name": "RHBZ#2250834",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250834"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-25T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-10-13T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: nvme: memory corruption via unprivileged user passthrough",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6238",
"datePublished": "2023-11-21T20:21:20.625Z",
"dateReserved": "2023-11-21T11:09:27.301Z",
"dateUpdated": "2024-10-17T18:01:41.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32250
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-32250 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2208849 | issue-tracking, x_refsource_REDHAT | |
| https://www.zerodayinitiative.com/advisories/ZDI-23-698/ | ||
| https://security.netapp.com/advisory/ntap-20230824-0004/ |
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | kernel | ||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32250"
},
{
"name": "RHBZ#2208849",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208849"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-698/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230824-0004/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:15:49.366500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:33:44.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.4-rc1"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u0027s ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-24T18:06:24.082Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32250"
},
{
"name": "RHBZ#2208849",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2208849"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-698/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230824-0004/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-21T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-17T00:00:00Z",
"value": "Made public."
}
],
"title": "Session race condition remote code execution vulnerability",
"x_redhatCweChain": "CWE-667-\u003eCWE-362: Improper Locking leads to Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-32250",
"datePublished": "2023-07-10T15:09:37.474Z",
"dateReserved": "2023-05-05T10:00:07.895Z",
"dateUpdated": "2025-02-13T16:50:28.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202105-0754
Vulnerability from variot
Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. Prosody Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state. Prosodical Thoughts Prosody is an open source application system of Prosodical Thoughts. A modern XMPP communication server.
There were security vulnerabilities before Prosody 0.11.9. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202105-15
https://security.gentoo.org/
Severity: Low Title: Prosŏdy IM: Multiple vulnerabilities Date: May 26, 2021 Bugs: #771144, #789969 ID: 202105-15
Synopsis
Multiple vulnerabilities have been found in Prosŏdy IM, the worst of which could result in a Denial of Service condition. It aims to be easy to set up and configure, and efficient with system resources.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-im/prosody < 0.11.9 >= 0.11.9
Description
Multiple vulnerabilities have been discovered in Prosŏdy IM. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Prosŏdy IM users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-im/prosody-0.11.9"
References
[ 1 ] CVE-2021-32917 https://nvd.nist.gov/vuln/detail/CVE-2021-32917 [ 2 ] CVE-2021-32918 https://nvd.nist.gov/vuln/detail/CVE-2021-32918 [ 3 ] CVE-2021-32919 https://nvd.nist.gov/vuln/detail/CVE-2021-32919 [ 4 ] CVE-2021-32920 https://nvd.nist.gov/vuln/detail/CVE-2021-32920 [ 5 ] CVE-2021-32921 https://nvd.nist.gov/vuln/detail/CVE-2021-32921
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202105-15
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
.
For the stable distribution (buster), these problems have been fixed in version 0.11.2-1+deb10u1.
We recommend that you upgrade your prosody packages.
For the detailed security status of prosody please refer to its security tracker page at: https://security-tracker.debian.org/tracker/prosody
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCi0+8ACgkQEMKTtsN8 TjZnCg/+NZAMCpnKUqKs3vy7pZkXJXgCmCQgs3TYMXPGty3GuhjCO6Ao2sLnb0OE Jh6QBpgUmGknhMEuU6wbscBK8oMUEkVvvrlFv1sjp8yHwqQ65KkZvnNNbOsVBFXB Yy/aQzk8bYe601ZLXLR29IBVGPUA9+rjUXMqeBNok5LyEQW00yhe/WOOf8UqU7Ly NteRRmc8aR3WL392EVChvKNtVftC+5n6CtegXwzD+OQYCWFEmKbo449ySQJDHHfY oWvQBH9mk+lrfrRgIXqqZ9zFCEAg1cRaUQc0EBLkHFmRbHWCk/Ybk7mUm0dc3BFv OdOHYR3+IHedOjhuBaDnbexffQaVpP8G8/av9Hpzu+SRbmlDVRNfzrtG6M3k3SGn S9j7ah/uxsmuwYXQ4gjnYAhlpRDRkswpms22fZr4wEWRy17LgIIWQh1zIwii3s+U M1uMhU56F0jjZ/X+SGhIdUIKhcKIv+vPbxlBM700T3VLDhpoWhd4+K6JZFcXhMeT mIv12dghuHXwNp9ONw3kC946CLIMcerRqI1eB13f0XZw//+IcqBMPR6PzSkxqRdA KxEOPLzipHNtnNTo/RevUyI1hbi1eWW0QT/sLtuhFSzQUtOW0EFf8ZxJFHBaADeu vBvc9XewmRRGPpwXj42GaYZ/5c7VE3hiMEvdhFimSt666MnwhKg= =miBj -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0754",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "prosody",
"scope": "lt",
"trust": 1.0,
"vendor": "prosody",
"version": "0.11.9"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "prosody",
"scope": null,
"trust": 0.8,
"vendor": "the prosody team",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "prosody",
"scope": "eq",
"trust": 0.6,
"vendor": "prosody",
"version": "0.11.9"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-47381"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006910"
},
{
"db": "NVD",
"id": "CVE-2021-32920"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "162828"
}
],
"trust": 0.1
},
"cve": "CVE-2021-32920",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-32920",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-47381",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-32920",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-32920",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-32920",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-32920",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-47381",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-840",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-32920",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-47381"
},
{
"db": "VULMON",
"id": "CVE-2021-32920"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006910"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-840"
},
{
"db": "NVD",
"id": "CVE-2021-32920"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. Prosody Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state. Prosodical Thoughts Prosody is an open source application system of Prosodical Thoughts. A modern XMPP communication server. \n\r\n\r\nThere were security vulnerabilities before Prosody 0.11.9. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202105-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Pros\u014fdy IM: Multiple vulnerabilities\n Date: May 26, 2021\n Bugs: #771144, #789969\n ID: 202105-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Pros\u014fdy IM, the worst of\nwhich could result in a Denial of Service condition. It aims to be easy to\nset up and configure, and efficient with system resources. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-im/prosody \u003c 0.11.9 \u003e= 0.11.9\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Pros\u014fdy IM. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Pros\u014fdy IM users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-im/prosody-0.11.9\"\n\nReferences\n==========\n\n[ 1 ] CVE-2021-32917\n https://nvd.nist.gov/vuln/detail/CVE-2021-32917\n[ 2 ] CVE-2021-32918\n https://nvd.nist.gov/vuln/detail/CVE-2021-32918\n[ 3 ] CVE-2021-32919\n https://nvd.nist.gov/vuln/detail/CVE-2021-32919\n[ 4 ] CVE-2021-32920\n https://nvd.nist.gov/vuln/detail/CVE-2021-32920\n[ 5 ] CVE-2021-32921\n https://nvd.nist.gov/vuln/detail/CVE-2021-32921\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202105-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 0.11.2-1+deb10u1. \n\nWe recommend that you upgrade your prosody packages. \n\nFor the detailed security status of prosody please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/prosody\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCi0+8ACgkQEMKTtsN8\nTjZnCg/+NZAMCpnKUqKs3vy7pZkXJXgCmCQgs3TYMXPGty3GuhjCO6Ao2sLnb0OE\nJh6QBpgUmGknhMEuU6wbscBK8oMUEkVvvrlFv1sjp8yHwqQ65KkZvnNNbOsVBFXB\nYy/aQzk8bYe601ZLXLR29IBVGPUA9+rjUXMqeBNok5LyEQW00yhe/WOOf8UqU7Ly\nNteRRmc8aR3WL392EVChvKNtVftC+5n6CtegXwzD+OQYCWFEmKbo449ySQJDHHfY\noWvQBH9mk+lrfrRgIXqqZ9zFCEAg1cRaUQc0EBLkHFmRbHWCk/Ybk7mUm0dc3BFv\nOdOHYR3+IHedOjhuBaDnbexffQaVpP8G8/av9Hpzu+SRbmlDVRNfzrtG6M3k3SGn\nS9j7ah/uxsmuwYXQ4gjnYAhlpRDRkswpms22fZr4wEWRy17LgIIWQh1zIwii3s+U\nM1uMhU56F0jjZ/X+SGhIdUIKhcKIv+vPbxlBM700T3VLDhpoWhd4+K6JZFcXhMeT\nmIv12dghuHXwNp9ONw3kC946CLIMcerRqI1eB13f0XZw//+IcqBMPR6PzSkxqRdA\nKxEOPLzipHNtnNTo/RevUyI1hbi1eWW0QT/sLtuhFSzQUtOW0EFf8ZxJFHBaADeu\nvBvc9XewmRRGPpwXj42GaYZ/5c7VE3hiMEvdhFimSt666MnwhKg=\n=miBj\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32920"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006910"
},
{
"db": "CNVD",
"id": "CNVD-2021-47381"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-32920"
},
{
"db": "PACKETSTORM",
"id": "162828"
},
{
"db": "PACKETSTORM",
"id": "169060"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-32920",
"trust": 4.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/05/14/2",
"trust": 2.3
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/05/13/1",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006910",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162828",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-47381",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052610",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051924",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051714",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1668",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-840",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-32920",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169060",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-47381"
},
{
"db": "VULMON",
"id": "CVE-2021-32920"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006910"
},
{
"db": "PACKETSTORM",
"id": "162828"
},
{
"db": "PACKETSTORM",
"id": "169060"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-840"
},
{
"db": "NVD",
"id": "CVE-2021-32920"
}
]
},
"id": "VAR-202105-0754",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-47381"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-47381"
}
]
},
"last_update_date": "2024-08-14T12:28:06.548000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Prosody\u00a00.11.9\u00a0released",
"trust": 0.8,
"url": "https://www.debian.org/security/2021/dsa-4916"
},
{
"title": "Patch for Prosodical Thoughts Prosody Resource Management Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/276801"
},
{
"title": "Prosodical Thoughts Prosody Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151578"
},
{
"title": "Debian CVElist Bug Report Logs: prosody: CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 CVE-2021-32921",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=7e41f41000c2cab381645f71a452e062"
},
{
"title": "Debian Security Advisories: DSA-4916-1 prosody -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=4c6e99d47bcacbd4d7778a12ef9e2dd1"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-32920 log"
},
{
"title": "Arch Linux Advisories: [ASA-202105-11] prosody: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202105-11"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-47381"
},
{
"db": "VULMON",
"id": "CVE-2021-32920"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006910"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-840"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006910"
},
{
"db": "NVD",
"id": "CVE-2021-32920"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.openwall.com/lists/oss-security/2021/05/14/2"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2021/dsa-4916"
},
{
"trust": 1.7,
"url": "https://blog.prosody.im/prosody-0.11.9-released/"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/05/13/1"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202105-15"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32920"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6mffbzwxkpzevznqsvjncue7wrf3t7dg/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gun63ahewb2wrrojhu3bvjrwlonct2b7/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lwj2dg2dfjoefewoun26imyywgsa2zee/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6mffbzwxkpzevznqsvjncue7wrf3t7dg/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lwj2dg2dfjoefewoun26imyywgsa2zee/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gun63ahewb2wrrojhu3bvjrwlonct2b7/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/prosody-four-vulnerabilities-35422"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052610"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162828/gentoo-linux-security-advisory-202105-15.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1668"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051924"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051714"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32918"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32917"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32919"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32921"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988668"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/prosody"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-47381"
},
{
"db": "VULMON",
"id": "CVE-2021-32920"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006910"
},
{
"db": "PACKETSTORM",
"id": "162828"
},
{
"db": "PACKETSTORM",
"id": "169060"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-840"
},
{
"db": "NVD",
"id": "CVE-2021-32920"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-47381"
},
{
"db": "VULMON",
"id": "CVE-2021-32920"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006910"
},
{
"db": "PACKETSTORM",
"id": "162828"
},
{
"db": "PACKETSTORM",
"id": "169060"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-840"
},
{
"db": "NVD",
"id": "CVE-2021-32920"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-47381"
},
{
"date": "2021-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32920"
},
{
"date": "2022-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006910"
},
{
"date": "2021-05-26T17:51:36",
"db": "PACKETSTORM",
"id": "162828"
},
{
"date": "2021-05-28T19:12:00",
"db": "PACKETSTORM",
"id": "169060"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-840"
},
{
"date": "2021-05-13T16:15:08.377000",
"db": "NVD",
"id": "CVE-2021-32920"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-47381"
},
{
"date": "2021-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32920"
},
{
"date": "2022-01-25T07:26:00",
"db": "JVNDB",
"id": "JVNDB-2021-006910"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-840"
},
{
"date": "2023-11-07T03:35:45.367000",
"db": "NVD",
"id": "CVE-2021-32920"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-840"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Prosody\u00a0 Resource Depletion Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006910"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-840"
}
],
"trust": 1.2
}
}
var-202201-0458
Vulnerability from variot
vim is vulnerable to Heap-based Buffer Overflow. vim Exists in an out-of-bounds write vulnerability.Information may be obtained. Vim is an editor based on the UNIX platform. It was found that vim was vulnerable to use-after-free flaw in the way it was treating allocated lines in user functions. A specially crafted file could crash the vim process or possibly lead to other undefined behaviors. (CVE-2022-0156)
It was found that vim was vulnerable to a 1 byte heap based out of bounds read flaw in the compile_get_env() function. A file could use that flaw to disclose 1 byte of vim's internal memory. (CVE-2022-0158)
A flaw was found in vim. The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. This flaw allows an malicious user to trick a user to open a crafted file triggering an out-of-bounds write. This vulnerability is capable of crashing software, modify memory, and possible code execution. (CVE-2022-0261)
A flaw was found in vim. The vulnerability occurs due to reading beyond the end of a line in the utf_head_off function, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0318)
A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0351)
A flaw was found in vim. The vulnerability occurs due to Illegal memory access with large tabstop in Ex mode, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0359). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-03-14-4 macOS Monterey 12.3
macOS Monterey 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213183.
Accelerate Framework Available for: macOS Monterey Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22669: an anonymous researcher
AppKit Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team
AppleGraphicsControl Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.79.1. CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 CVE-2022-22623
FaceTime Available for: macOS Monterey Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks. CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google
Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab
IOGPUFamily Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher
Kernel Available for: macOS Monterey Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders
Kernel Available for: macOS Monterey Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn
libarchive Available for: macOS Monterey Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation. CVE-2021-36976
Login Window Available for: macOS Monterey Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher
LoginWindow Available for: macOS Monterey Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-22657: Brandon Perry of Atredis Partners
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22664: Brandon Perry of Atredis Partners
NSSpellChecker Available for: macOS Monterey Impact: A malicious application may be able to access information about a user's contacts Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2022-22644: an anonymous researcher
PackageKit Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t)
Preferences Available for: macOS Monterey Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
QuickTime Player Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing
Safari Downloads Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
Sandbox Available for: macOS Monterey Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran
Siri Available for: macOS Monterey Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)
SMB Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22651: Felix Poulin-Belanger
SoftwareUpdate Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22639: Mickey Jin (@patch1t)
System Preferences Available for: macOS Monterey Impact: An app may be able to spoof system notifications and UI Description: This issue was addressed with a new entitlement. CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)
UIKit Available for: macOS Monterey Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt
Vim Available for: macOS Monterey Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158
VoiceOver Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2021-30918: an anonymous researcher
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: macOS Monterey Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google
Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2022-22668: MrPhil17
xar Available for: macOS Monterey Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2022-22582: Richard Warren of NCC Group
Additional recognition
AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance.
Bluetooth We would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance.
Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance.
Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.
Local Authentication We would like to acknowledge an anonymous researcher for their assistance.
Notes We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance.
Password Manager We would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance.
Siri We would like to acknowledge an anonymous researcher for their assistance.
syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.
TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.
WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.
macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM 0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/ KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI= =RiA+ -----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. ========================================================================== Ubuntu Security Notice USN-6195-1 July 03, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim contained an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0128)
It was discovered that Vim did not properly manage memory when freeing allocated memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0158)
It was discovered that Vim did not properly manage memory when recording and using select mode. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0393)
It was discovered that Vim incorrectly handled certain memory operations during a visual block yank. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0407)
It was discovered that Vim contained a NULL pointer dereference vulnerability when switching tabpages. An attacker could possible use this issue to cause a denial of service. (CVE-2022-0696)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.9 vim-athena 2:8.2.3995-1ubuntu2.9 vim-gtk3 2:8.2.3995-1ubuntu2.9 vim-nox 2:8.2.3995-1ubuntu2.9 vim-tiny 2:8.2.3995-1ubuntu2.9 xxd 2:8.2.3995-1ubuntu2.9
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0458",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.8"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4049"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002941"
},
{
"db": "NVD",
"id": "CVE-2022-0158"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167788"
}
],
"trust": 0.2
},
"cve": "CVE-2022-0158",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0158",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-411581",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0158",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.5,
"id": "CVE-2022-0158",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-0158",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0158",
"trust": 1.0,
"value": "LOW"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0158",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-0158",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-668",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-411581",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0158",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411581"
},
{
"db": "VULMON",
"id": "CVE-2022-0158"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002941"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-668"
},
{
"db": "NVD",
"id": "CVE-2022-0158"
},
{
"db": "NVD",
"id": "CVE-2022-0158"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim is vulnerable to Heap-based Buffer Overflow. vim Exists in an out-of-bounds write vulnerability.Information may be obtained. Vim is an editor based on the UNIX platform. It was found that vim was vulnerable to use-after-free flaw in the way it was treating allocated lines in user functions. A specially crafted file could crash the vim process or possibly lead to other undefined behaviors. (CVE-2022-0156)\nIt was found that vim was vulnerable to a 1 byte heap based out of bounds read flaw in the `compile_get_env()` function. A file could use that flaw to disclose 1 byte of vim\u0027s internal memory. (CVE-2022-0158)\nA flaw was found in vim. The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. This flaw allows an malicious user to trick a user to open a crafted file triggering an out-of-bounds write. This vulnerability is capable of crashing software, modify memory, and possible code execution. (CVE-2022-0261)\nA flaw was found in vim. The vulnerability occurs due to reading beyond the end of a line in the utf_head_off function, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0318)\nA flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0351)\nA flaw was found in vim. The vulnerability occurs due to Illegal memory access with large tabstop in Ex mode, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0359). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-4 macOS Monterey 12.3\n\nmacOS Monterey 12.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213183. \n\nAccelerate Framework\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-22633: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22669: an anonymous researcher\n\nAppKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22631: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: An application may be able to read restricted memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-22648: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\nBOM\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.79.1. \nCVE-2021-22946\nCVE-2021-22947\nCVE-2021-22945\nCVE-2022-22623\n\nFaceTime\nAvailable for: macOS Monterey\nImpact: A user may send audio and video in a FaceTime call without\nknowing that they have done so\nDescription: This issue was addressed with improved checks. \nCVE-2022-22643: Sonali Luthar of the University of Virginia, Michael\nLiao of the University of Illinois at Urbana-Champaign, Rohan Pahwa\nof Rutgers University, and Bao Nguyen of the University of Florida\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22611: Xingyu Jin of Google\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-22612: Xingyu Jin of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba\nSecurity Pandora Lab\n\nIOGPUFamily\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22641: Mohamed Ghannam (@_simo36)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22613: Alex, an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22614: an anonymous researcher\nCVE-2022-22615: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22632: Keegan Saunders\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-22638: derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22640: sqrtpwn\n\nlibarchive\nAvailable for: macOS Monterey\nImpact: Multiple issues in libarchive\nDescription: Multiple memory corruption issues existed in libarchive. \nThese issues were addressed with improved input validation. \nCVE-2021-36976\n\nLogin Window\nAvailable for: macOS Monterey\nImpact: A person with access to a Mac may be able to bypass Login\nWindow\nDescription: This issue was addressed with improved checks. \nCVE-2022-22647: an anonymous researcher\n\nLoginWindow\nAvailable for: macOS Monterey\nImpact: A local attacker may be able to view the previous logged in\nuser\u2019s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2022-22656\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-22657: Brandon Perry of Atredis Partners\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22664: Brandon Perry of Atredis Partners\n\nNSSpellChecker\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access information\nabout a user\u0027s contacts\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed with improved state management. \nCVE-2022-22644: an anonymous researcher\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22617: Mickey Jin (@patch1t)\n\nPreferences\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to read other\napplications\u0027 settings\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nQuickTime Player\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-22650: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nSafari Downloads\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: The issue was addressed with improved permissions logic. \nCVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,\nKhiem Tran\n\nSiri\nAvailable for: macOS Monterey\nImpact: A person with physical access to a device may be able to use\nSiri to obtain some location information from the lock screen\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,\nMcCombs School of Business (linkedin.com/andrew-goldberg/)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22651: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22639: Mickey Jin (@patch1t)\n\nSystem Preferences\nAvailable for: macOS Monterey\nImpact: An app may be able to spoof system notifications and UI\nDescription: This issue was addressed with a new entitlement. \nCVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nUIKit\nAvailable for: macOS Monterey\nImpact: A person with physical access to an iOS device may be able to\nsee sensitive information via keyboard suggestions\nDescription: This issue was addressed with improved checks. \nCVE-2022-22621: Joey Hewitt\n\nVim\nAvailable for: macOS Monterey\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\nCVE-2022-0156\nCVE-2022-0158\n\nVoiceOver\nAvailable for: macOS Monterey\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2021-30918: an anonymous researcher\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cookie management issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232748\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232812\nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 233172\nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\nWebKit Bugzilla: 234147\nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 234966\nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro\nZero Day Initiative\n\nWebKit\nAvailable for: macOS Monterey\nImpact: A malicious website may cause unexpected cross-origin\nbehavior\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 235294\nCVE-2022-22637: Tom McKee of Google\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-22668: MrPhil17\n\nxar\nAvailable for: macOS Monterey\nImpact: A local user may be able to write arbitrary files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2022-22582: Richard Warren of NCC Group\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Omar Espino (omespino.com), Ron Masas of\nBreakPoint.sh for their assistance. \n\nBluetooth\nWe would like to acknowledge an anonymous researcher, chenyuwang\n(@mzzzz__) of Tencent Security Xuanwu Lab for their assistance. \n\nFace Gallery\nWe would like to acknowledge Tian Zhang (@KhaosT) for their\nassistance. \n\nIntel Graphics Driver\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi\nWu (@3ndy1) for their assistance. \n\nLocal Authentication\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNotes\nWe would like to acknowledge Nathaniel Ekoniak of Ennate Technologies\nfor their assistance. \n\nPassword Manager\nWe would like to acknowledge Maximilian Golla (@m33x) of Max Planck\nInstitute for Security and Privacy (MPI-SP) for their assistance. \n\nSiri\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nsyslog\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for\ntheir assistance. \n\nTCC\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their\nassistance. \n\nWebKit\nWe would like to acknowledge Abdullah Md Shaleh for their assistance. \n\nWebKit Storage\nWe would like to acknowledge Martin Bajanik of FingerprintJS for\ntheir assistance. \n\nmacOS Monterey 12.3 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p\nrhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd\nLrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC\njfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM\n0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL\nosOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa\nrizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/\nKZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB\nL1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi\nkwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ\nJSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo\nGXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI=\n=RiA+\n-----END PGP SIGNATURE-----\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. ==========================================================================\nUbuntu Security Notice USN-6195-1\nJuly 03, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim contained an out-of-bounds read vulnerability. \nAn attacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. (CVE-2022-0128)\n\nIt was discovered that Vim did not properly manage memory when freeing\nallocated memory. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. An attacker could possibly use this issue to cause a denial\nof service or execute arbitrary code. (CVE-2022-0158)\n\nIt was discovered that Vim did not properly manage memory when recording\nand using select mode. An attacker could possibly use this issue to cause\na denial of service. (CVE-2022-0393)\n\nIt was discovered that Vim incorrectly handled certain memory operations\nduring a visual block yank. An attacker could possibly use this issue to\ncause a denial of service or execute arbitrary code. (CVE-2022-0407)\n\nIt was discovered that Vim contained a NULL pointer dereference\nvulnerability when switching tabpages. An attacker could possible use this\nissue to cause a denial of service. (CVE-2022-0696)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.9\n vim-athena 2:8.2.3995-1ubuntu2.9\n vim-gtk3 2:8.2.3995-1ubuntu2.9\n vim-nox 2:8.2.3995-1ubuntu2.9\n vim-tiny 2:8.2.3995-1ubuntu2.9\n xxd 2:8.2.3995-1ubuntu2.9\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0158"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002941"
},
{
"db": "VULHUB",
"id": "VHN-411581"
},
{
"db": "VULMON",
"id": "CVE-2022-0158"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167788"
},
{
"db": "PACKETSTORM",
"id": "173275"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0158",
"trust": 3.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/15/1",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "167788",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166319",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002941",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202201-668",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022072102",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031433",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022220",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3560",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3782",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-05043",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-411581",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0158",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "173275",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411581"
},
{
"db": "VULMON",
"id": "CVE-2022-0158"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002941"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167788"
},
{
"db": "PACKETSTORM",
"id": "173275"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-668"
},
{
"db": "NVD",
"id": "CVE-2022-0158"
}
]
},
"id": "VAR-202201-0458",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411581"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:27:45.300000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213344",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"title": "Vim Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=178105"
},
{
"title": "Red Hat: CVE-2022-0158",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0158"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1567",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1567"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1751",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1751"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-014",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-014"
},
{
"title": "Apple: macOS Big Sur 11.6.8",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=46307825e8223bef6aa99c76dff503a5"
},
{
"title": "Apple: macOS Monterey 12.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f1105c4a20da11497b610b14a1668180"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0158"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002941"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-668"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411581"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002941"
},
{
"db": "NVD",
"id": "CVE-2022-0158"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213183"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213344"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/mar/29"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/jul/13"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hd5s2fc2hf22a7xqxk2xxir46earvwim/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hd5s2fc2hf22a7xqxk2xxir46earvwim/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072102"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022220"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213183"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167788/apple-security-advisory-2022-07-20-3.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213344"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-compile-get-env-37250"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166319/apple-security-advisory-2022-03-14-4.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3560"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3782"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031433"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1567.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22582"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213183."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32800"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32812"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26704"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213344."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32807"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0696"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.9"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6195-1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411581"
},
{
"db": "VULMON",
"id": "CVE-2022-0158"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002941"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167788"
},
{
"db": "PACKETSTORM",
"id": "173275"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-668"
},
{
"db": "NVD",
"id": "CVE-2022-0158"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-411581"
},
{
"db": "VULMON",
"id": "CVE-2022-0158"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002941"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167788"
},
{
"db": "PACKETSTORM",
"id": "173275"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-668"
},
{
"db": "NVD",
"id": "CVE-2022-0158"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-411581"
},
{
"date": "2022-01-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0158"
},
{
"date": "2023-01-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002941"
},
{
"date": "2022-03-15T15:49:02",
"db": "PACKETSTORM",
"id": "166319"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-07-22T16:23:29",
"db": "PACKETSTORM",
"id": "167788"
},
{
"date": "2023-07-04T01:10:12",
"db": "PACKETSTORM",
"id": "173275"
},
{
"date": "2022-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-668"
},
{
"date": "2022-01-10T16:15:09.853000",
"db": "NVD",
"id": "CVE-2022-0158"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-26T00:00:00",
"db": "VULHUB",
"id": "VHN-411581"
},
{
"date": "2022-08-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0158"
},
{
"date": "2023-01-31T02:26:00",
"db": "JVNDB",
"id": "JVNDB-2022-002941"
},
{
"date": "2023-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-668"
},
{
"date": "2024-11-21T06:38:01.650000",
"db": "NVD",
"id": "CVE-2022-0158"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-668"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002941"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-668"
}
],
"trust": 0.6
}
}
var-202101-0221
Vulnerability from variot
A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. dnsmasq There is a security check vulnerability in.Information may be tampered with. Dnsmasq is a lightweight DNS forwarding and DHCP and TFTP server written in C language.
Dnsmasq has a security vulnerability, which stems from the use of a weak hash algorithm (CRC32) to verify DNS responses when compiling without dnnssec. No detailed vulnerability details are currently provided. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update Advisory ID: RHSA-2020:5633-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:5633 Issue date: 2021-02-24 CVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14553 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 CVE-2019-6977 CVE-2019-6978 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-9455 CVE-2019-9458 CVE-2019-11068 CVE-2019-12614 CVE-2019-13050 CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 CVE-2019-15917 CVE-2019-15925 CVE-2019-16167 CVE-2019-16168 CVE-2019-16231 CVE-2019-16233 CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 CVE-2019-18197 CVE-2019-18808 CVE-2019-18809 CVE-2019-19046 CVE-2019-19056 CVE-2019-19062 CVE-2019-19063 CVE-2019-19068 CVE-2019-19072 CVE-2019-19221 CVE-2019-19319 CVE-2019-19332 CVE-2019-19447 CVE-2019-19524 CVE-2019-19533 CVE-2019-19537 CVE-2019-19543 CVE-2019-19602 CVE-2019-19767 CVE-2019-19770 CVE-2019-19906 CVE-2019-19956 CVE-2019-20054 CVE-2019-20218 CVE-2019-20386 CVE-2019-20387 CVE-2019-20388 CVE-2019-20454 CVE-2019-20636 CVE-2019-20807 CVE-2019-20812 CVE-2019-20907 CVE-2019-20916 CVE-2020-0305 CVE-2020-0444 CVE-2020-1716 CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 CVE-2020-1971 CVE-2020-2574 CVE-2020-2752 CVE-2020-2922 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-6405 CVE-2020-7595 CVE-2020-7774 CVE-2020-8177 CVE-2020-8492 CVE-2020-8563 CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-9327 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 CVE-2020-10732 CVE-2020-10749 CVE-2020-10751 CVE-2020-10763 CVE-2020-10773 CVE-2020-10774 CVE-2020-10942 CVE-2020-11565 CVE-2020-11668 CVE-2020-11793 CVE-2020-12465 CVE-2020-12655 CVE-2020-12659 CVE-2020-12770 CVE-2020-12826 CVE-2020-13249 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 CVE-2020-14381 CVE-2020-14382 CVE-2020-14391 CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 CVE-2020-15862 CVE-2020-15999 CVE-2020-16166 CVE-2020-24490 CVE-2020-24659 CVE-2020-25211 CVE-2020-25641 CVE-2020-25658 CVE-2020-25661 CVE-2020-25662 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 CVE-2020-25694 CVE-2020-25696 CVE-2020-26160 CVE-2020-27813 CVE-2020-27846 CVE-2020-28362 CVE-2020-29652 CVE-2021-2007 CVE-2021-3121 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.7.0 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.0. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2020:5634
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-x86_64
The image digest is sha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-s390x
The image digest is sha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le
The image digest is sha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6
All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor.
Security Fix(es):
-
crewjam/saml: authentication bypass in saml authentication (CVE-2020-27846)
-
golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)
-
gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
-
nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)
-
kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider (CVE-2020-8563)
-
containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters (CVE-2020-10749)
-
heketi: gluster-block volume password details available in logs (CVE-2020-10763)
-
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
-
jwt-go: access restriction bypass vulnerability (CVE-2020-26160)
-
golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)
-
golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For OpenShift Container Platform 4.7, see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html.
- Bugs fixed (https://bugzilla.redhat.com/):
1620608 - Restoring deployment config with history leads to weird state
1752220 - [OVN] Network Policy fails to work when project label gets overwritten
1756096 - Local storage operator should implement must-gather spec
1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs
1768255 - installer reports 100% complete but failing components
1770017 - Init containers restart when the exited container is removed from node.
1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating
1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset
1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale
1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating create commands
1784298 - "Displaying with reduced resolution due to large dataset." would show under some conditions
1785399 - Under condition of heavy pod creation, creation fails with 'error reserving pod name ...: name is reserved"
1797766 - Resource Requirements" specDescriptor fields - CPU and Memory injects empty string YAML editor
1801089 - [OVN] Installation failed and monitoring pod not created due to some network error.
1805025 - [OSP] Machine status doesn't become "Failed" when creating a machine with invalid image
1805639 - Machine status should be "Failed" when creating a machine with invalid machine configuration
1806000 - CRI-O failing with: error reserving ctr name
1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be
1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be
1810438 - Installation logs are not gathered from OCP nodes
1812085 - kubernetes-networking-namespace-pods dashboard doesn't exist
1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation
1813012 - EtcdDiscoveryDomain no longer needed
1813949 - openshift-install doesn't use env variables for OS_* for some of API endpoints
1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use
1819053 - loading OpenAPI spec for "v1beta1.metrics.k8s.io" failed with: OpenAPI spec does not exist
1819457 - Package Server is in 'Cannot update' status despite properly working
1820141 - [RFE] deploy qemu-quest-agent on the nodes
1822744 - OCS Installation CI test flaking
1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario
1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool
1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file
1829723 - User workload monitoring alerts fire out of the box
1832968 - oc adm catalog mirror does not mirror the index image itself
1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN
1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters
1834995 - olmFull suite always fails once th suite is run on the same cluster
1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz
1837953 - Replacing masters doesn't work for ovn-kubernetes 4.4
1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks
1838751 - [oVirt][Tracker] Re-enable skipped network tests
1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups
1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed
1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP
1841119 - Get rid of config patches and pass flags directly to kcm
1841175 - When an Install Plan gets deleted, OLM does not create a new one
1841381 - Issue with memoryMB validation
1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option
1844727 - Etcd container leaves grep and lsof zombie processes
1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs
1847074 - Filter bar layout issues at some screen widths on search page
1848358 - CRDs with preserveUnknownFields:true don't reflect in status that they are non-structural
1849543 - [4.5]kubeletconfig's description will show multiple lines for finalizers when upgrade from 4.4.8->4.5
1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service
1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard
1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing
1851693 - The oc apply should return errors instead of hanging there when failing to create the CRD
1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service
1853115 - the restriction of --cloud option should be shown in help text.
1853116 - --to option does not work with --credentials-requests flag.
1853352 - [v2v][UI] Storage Class fields Should Not be empty in VM disks view
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1854567 - "Installed Operators" list showing "duplicated" entries during installation
1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present
1855351 - Inconsistent Installer reactions to Ctrl-C during user input process
1855408 - OVN cluster unstable after running minimal scale test
1856351 - Build page should show metrics for when the build ran, not the last 30 minutes
1856354 - New APIServices missing from OpenAPI definitions
1857446 - ARO/Azure: excessive pod memory allocation causes node lockup
1857877 - Operator upgrades can delete existing CSV before completion
1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed
1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created
1860136 - default ingress does not propagate annotations to route object on update
1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as "Failed"
1860518 - unable to stop a crio pod
1861383 - Route with haproxy.router.openshift.io/timeout: 365d kills the ingress controller
1862430 - LSO: PV creation lock should not be acquired in a loop
1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group.
1862608 - Virtual media does not work on hosts using BIOS, only UEFI
1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network
1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff
1865839 - rpm-ostree fails with "System transaction in progress" when moving to kernel-rt
1866043 - Configurable table column headers can be illegible
1866087 - Examining agones helm chart resources results in "Oh no!"
1866261 - Need to indicate the intentional behavior for Ansible in the create api help info
1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement
1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity
1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there’s no indication on which labels offer tooltip/help
1866340 - [RHOCS Usability Study][Dashboard] It was not clear why “No persistent storage alerts” was prominently displayed
1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations
1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le & s390x
1866482 - Few errors are seen when oc adm must-gather is run
1866605 - No metadata.generation set for build and buildconfig objects
1866873 - MCDDrainError "Drain failed on , updates may be blocked" missing rendered node name
1866901 - Deployment strategy for BMO allows multiple pods to run at the same time
1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure.
1867165 - Cannot assign static address to baremetal install bootstrap vm
1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig
1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS
1867477 - HPA monitoring cpu utilization fails for deployments which have init containers
1867518 - [oc] oc should not print so many goroutines when ANY command fails
1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on 250 node cluster
1867965 - OpenShift Console Deployment Edit overwrites deployment yaml
1868004 - opm index add appears to produce image with wrong registry server binary
1868065 - oc -o jsonpath prints possible warning / bug "Unable to decode server response into a Table"
1868104 - Baremetal actuator should not delete Machine objects
1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead
1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters
1868527 - OpenShift Storage using VMWare vSAN receives error "Failed to add disk 'scsi0:2'" when mounted pod is created on separate node
1868645 - After a disaster recovery pods a stuck in "NodeAffinity" state and not running
1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation
1868765 - [vsphere][ci] could not reserve an IP address: no available addresses
1868770 - catalogSource named "redhat-operators" deleted in a disconnected cluster
1868976 - Prometheus error opening query log file on EBS backed PVC
1869293 - The configmap name looks confusing in aide-ds pod logs
1869606 - crio's failing to delete a network namespace
1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes
1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run [Conformance]
1870373 - Ingress Operator reports available when DNS fails to provision
1870467 - D/DC Part of Helm / Operator Backed should not have HPA
1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json
1870800 - [4.6] Managed Column not appearing on Pods Details page
1871170 - e2e tests are needed to validate the functionality of the etcdctl container
1872001 - EtcdDiscoveryDomain no longer needed
1872095 - content are expanded to the whole line when only one column in table on Resource Details page
1872124 - Could not choose device type as "disk" or "part" when create localvolumeset from web console
1872128 - Can't run container with hostPort on ipv6 cluster
1872166 - 'Silences' link redirects to unexpected 'Alerts' view after creating a silence in the Developer perspective
1872251 - [aws-ebs-csi-driver] Verify job in CI doesn't check for vendor dir sanity
1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them
1872821 - [DOC] Typo in Ansible Operator Tutorial
1872907 - Fail to create CR from generated Helm Base Operator
1872923 - Click "Cancel" button on the "initialization-resource" creation form page should send users to the "Operator details" page instead of "Install Operator" page (previous page)
1873007 - [downstream] failed to read config when running the operator-sdk in the home path
1873030 - Subscriptions without any candidate operators should cause resolution to fail
1873043 - Bump to latest available 1.19.x k8s
1873114 - Nodes goes into NotReady state (VMware)
1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem
1873305 - Failed to power on /inspect node when using Redfish protocol
1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information
1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: “?” button/icon in Developer Console ->Navigation
1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working
1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name > 63 characters
1874057 - Pod stuck in CreateContainerError - error msg="container_linux.go:348: starting container process caused \"chdir to cwd (\\"/mount-point\\") set in config.json failed: permission denied\""
1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver
1874192 - [RFE] "Create Backing Store" page doesn't allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider
1874240 - [vsphere] unable to deprovision - Runtime error list attached objects
1874248 - Include validation for vcenter host in the install-config
1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6
1874583 - apiserver tries and fails to log an event when shutting down
1874584 - add retry for etcd errors in kube-apiserver
1874638 - Missing logging for nbctl daemon
1874736 - [downstream] no version info for the helm-operator
1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution
1874968 - Accessibility: The project selection drop down is a keyboard trap
1875247 - Dependency resolution error "found more than one head for channel" is unhelpful for users
1875516 - disabled scheduling is easy to miss in node page of OCP console
1875598 - machine status is Running for a master node which has been terminated from the console
1875806 - When creating a service of type "LoadBalancer" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes.
1876166 - need to be able to disable kube-apiserver connectivity checks
1876469 - Invalid doc link on yaml template schema description
1876701 - podCount specDescriptor change doesn't take effect on operand details page
1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt
1876935 - AWS volume snapshot is not deleted after the cluster is destroyed
1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted
1877105 - add redfish to enabled_bios_interfaces
1877116 - e2e aws calico tests fail with rpc error: code = ResourceExhausted
1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown
1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only 'rootDevices'
1877681 - Manually created PV can not be used
1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53
1877740 - RHCOS unable to get ip address during first boot
1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5
1877919 - panic in multus-admission-controller
1877924 - Cannot set BIOS config using Redfish with Dell iDracs
1878022 - Met imagestreamimport error when import the whole image repository
1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default "Filesystem Name" instead of providing a textbox, & the name should be validated
1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status
1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM
1878766 - CPU consumption on nodes is higher than the CPU count of the node.
1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus.
1878823 - "oc adm release mirror" generating incomplete imageContentSources when using "--to" and "--to-release-image"
1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode
1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used
1878953 - RBAC error shows when normal user access pvc upload page
1878956 - oc api-resources does not include API version
1878972 - oc adm release mirror removes the architecture information
1879013 - [RFE]Improve CD-ROM interface selection
1879056 - UI should allow to change or unset the evictionStrategy
1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled
1879094 - RHCOS dhcp kernel parameters not working as expected
1879099 - Extra reboot during 4.5 -> 4.6 upgrade
1879244 - Error adding container to network "ipvlan-host-local": "master" field is required
1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder
1879282 - Update OLM references to point to the OLM's new doc site
1879283 - panic after nil pointer dereference in pkg/daemon/update.go
1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests
1879419 - [RFE]Improve boot source description for 'Container' and ‘URL’
1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted.
1879565 - IPv6 installation fails on node-valid-hostname
1879777 - Overlapping, divergent openshift-machine-api namespace manifests
1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with 'Basic', skipping basic authentication in Log message in thanos-querier pod the oauth-proxy
1879930 - Annotations shouldn't be removed during object reconciliation
1879976 - No other channel visible from console
1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc.
1880148 - dns daemonset rolls out slowly in large clusters
1880161 - Actuator Update calls should have fixed retry time
1880259 - additional network + OVN network installation failed
1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as "Failed"
1880410 - Convert Pipeline Visualization node to SVG
1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn
1880443 - broken machine pool management on OpenStack
1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s.
1880473 - IBM Cloudpak operators installation stuck "UpgradePending" with InstallPlan status updates failing due to size limitation
1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables)
1880785 - CredentialsRequest missing description in oc explain
1880787 - No description for Provisioning CRD for oc explain
1880902 - need dnsPlocy set in crd ingresscontrollers
1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster
1881027 - Cluster installation fails at with error : the container name \"assisted-installer\" is already in use
1881046 - [OSP] openstack-cinder-csi-driver-operator doesn't contain required manifests and assets
1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node
1881268 - Image uploading failed but wizard claim the source is available
1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration
1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup
1881881 - unable to specify target port manually resulting in application not reachable
1881898 - misalignment of sub-title in quick start headers
1882022 - [vsphere][ipi] directory path is incomplete, terraform can't find the cluster
1882057 - Not able to select access modes for snapshot and clone
1882140 - No description for spec.kubeletConfig
1882176 - Master recovery instructions don't handle IP change well
1882191 - Installation fails against external resources which lack DNS Subject Alternative Name
1882209 - [ BateMetal IPI ] local coredns resolution not working
1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from "Too large resource version"
1882268 - [e2e][automation]Add Integration Test for Snapshots
1882361 - Retrieve and expose the latest report for the cluster
1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use
1882556 - git:// protocol in origin tests is not currently proxied
1882569 - CNO: Replacing masters doesn't work for ovn-kubernetes 4.4
1882608 - Spot instance not getting created on AzureGovCloud
1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance
1882649 - IPI installer labels all images it uploads into glance as qcow2
1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic
1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page
1882660 - Operators in a namespace should be installed together when approve one
1882667 - [ovn] br-ex Link not found when scale up RHEL worker
1882723 - [vsphere]Suggested mimimum value for providerspec not working
1882730 - z systems not reporting correct core count in recording rule
1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully
1882781 - nameserver= option to dracut creates extra NM connection profile
1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined
1882844 - [IPI on vsphere] Executing 'openshift-installer destroy cluster' leaves installer tag categories in vsphere
1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability
1883388 - Bare Metal Hosts Details page doesn't show Mainitenance and Power On/Off status
1883422 - operator-sdk cleanup fail after installing operator with "run bundle" without installmode and og with ownnamespace
1883425 - Gather top installplans and their count
1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2
1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel]
1883538 - must gather report "cannot file manila/aws ebs/ovirt csi related namespaces and objects" error
1883560 - operator-registry image needs clean up in /tmp
1883563 - Creating duplicate namespace from create namespace modal breaks the UI
1883614 - [OCP 4.6] [UI] UI should not describe power cycle as "graceful"
1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate
1883660 - e2e-metal-ipi CI job consistently failing on 4.4
1883765 - [user workload monitoring] improve latency of Thanos sidecar when streaming read requests
1883766 - [e2e][automation] Adjust tests for UI changes
1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations
1883773 - opm alpha bundle build fails on win10 home
1883790 - revert "force cert rotation every couple days for development" in 4.7
1883803 - node pull secret feature is not working as expected
1883836 - Jenkins imagestream ubi8 and nodejs12 update
1883847 - The UI does not show checkbox for enable encryption at rest for OCS
1883853 - go list -m all does not work
1883905 - race condition in opm index add --overwrite-latest
1883946 - Understand why trident CSI pods are getting deleted by OCP
1884035 - Pods are illegally transitioning back to pending
1884041 - e2e should provide error info when minimum number of pods aren't ready in kube-system namespace
1884131 - oauth-proxy repository should run tests
1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied
1884221 - IO becomes unhealthy due to a file change
1884258 - Node network alerts should work on ratio rather than absolute values
1884270 - Git clone does not support SCP-style ssh locations
1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout
1884435 - vsphere - loopback is randomly not being added to resolver
1884565 - oauth-proxy crashes on invalid usage
1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy
1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users
1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment
1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu.
1884632 - Adding BYOK disk encryption through DES
1884654 - Utilization of a VMI is not populated
1884655 - KeyError on self._existing_vifs[port_id]
1884664 - Operator install page shows "installing..." instead of going to install status page
1884672 - Failed to inspect hardware. Reason: unable to start inspection: 'idrac'
1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure
1884724 - Quick Start: Serverless quickstart doesn't match Operator install steps
1884739 - Node process segfaulted
1884824 - Update baremetal-operator libraries to k8s 1.19
1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping
1885138 - Wrong detection of pending state in VM details
1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2
1885165 - NoRunningOvnMaster alert falsely triggered
1885170 - Nil pointer when verifying images
1885173 - [e2e][automation] Add test for next run configuration feature
1885179 - oc image append fails on push (uploading a new layer)
1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig
1885218 - [e2e][automation] Add virtctl to gating script
1885223 - Sync with upstream (fix panicking cluster-capacity binary)
1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2
1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2
1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2
1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2
1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2
1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2
1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI
1885315 - unit tests fail on slow disks
1885319 - Remove redundant use of group and kind of DataVolumeTemplate
1885343 - Console doesn't load in iOS Safari when using self-signed certificates
1885344 - 4.7 upgrade - dummy bug for 1880591
1885358 - add p&f configuration to protect openshift traffic
1885365 - MCO does not respect the install section of systemd files when enabling
1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating
1885398 - CSV with only Webhook conversion can't be installed
1885403 - Some OLM events hide the underlying errors
1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case
1885425 - opm index add cannot batch add multiple bundles that use skips
1885543 - node tuning operator builds and installs an unsigned RPM
1885644 - Panic output due to timeouts in openshift-apiserver
1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU < 30 || totalMemory < 72 GiB for initial deployment
1885702 - Cypress: Fix 'aria-hidden-focus' accesibility violations
1885706 - Cypress: Fix 'link-name' accesibility violation
1885761 - DNS fails to resolve in some pods
1885856 - Missing registry v1 protocol usage metric on telemetry
1885864 - Stalld service crashed under the worker node
1885930 - [release 4.7] Collect ServiceAccount statistics
1885940 - kuryr/demo image ping not working
1886007 - upgrade test with service type load balancer will never work
1886022 - Move range allocations to CRD's
1886028 - [BM][IPI] Failed to delete node after scale down
1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas
1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd
1886154 - System roles are not present while trying to create new role binding through web console
1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5->4.6 causes broadcast storm
1886168 - Remove Terminal Option for Windows Nodes
1886200 - greenwave / CVP is failing on bundle validations, cannot stage push
1886229 - Multipath support for RHCOS sysroot
1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage
1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status
1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL
1886397 - Move object-enum to console-shared
1886423 - New Affinities don't contain ID until saving
1886435 - Azure UPI uses deprecated command 'group deployment'
1886449 - p&f: add configuration to protect oauth server traffic
1886452 - layout options doesn't gets selected style on click i.e grey background
1886462 - IO doesn't recognize namespaces - 2 resources with the same name in 2 namespaces -> only 1 gets collected
1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest
1886524 - Change default terminal command for Windows Pods
1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution
1886600 - panic: assignment to entry in nil map
1886620 - Application behind service load balancer with PDB is not disrupted
1886627 - Kube-apiserver pods restarting/reinitializing periodically
1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider
1886636 - Panic in machine-config-operator
1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer.
1886751 - Gather MachineConfigPools
1886766 - PVC dropdown has 'Persistent Volume' Label
1886834 - ovn-cert is mandatory in both master and node daemonsets
1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState
1886861 - ordered-values.yaml not honored if values.schema.json provided
1886871 - Neutron ports created for hostNetworking pods
1886890 - Overwrite jenkins-agent-base imagestream
1886900 - Cluster-version operator fills logs with "Manifest: ..." spew
1886922 - [sig-network] pods should successfully create sandboxes by getting pod
1886973 - Local storage operator doesn't include correctly populate LocalVolumeDiscoveryResult in console
1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO
1887010 - Imagepruner met error "Job has reached the specified backoff limit" which causes image registry degraded
1887026 - FC volume attach fails with “no fc disk found” error on OCP 4.6 PowerVM cluster
1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6
1887046 - Event for LSO need update to avoid confusion
1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image
1887375 - User should be able to specify volumeMode when creating pvc from web-console
1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console
1887392 - openshift-apiserver: delegated authn/z should have ttl > metrics/healthz/readyz/openapi interval
1887428 - oauth-apiserver service should be monitored by prometheus
1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting "degraded: False"
1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data
1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes
1887465 - Deleted project is still referenced
1887472 - unable to edit application group for KSVC via gestures (shift+Drag)
1887488 - OCP 4.6: Topology Manager OpenShift E2E test fails: gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface
1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster
1887525 - Failures to set master HardwareDetails cannot easily be debugged
1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable
1887585 - ovn-masters stuck in crashloop after scale test
1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade.
1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator
1887740 - cannot install descheduler operator after uninstalling it
1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events
1887750 - oc explain localvolumediscovery returns empty description
1887751 - oc explain localvolumediscoveryresult returns empty description
1887778 - Add ContainerRuntimeConfig gatherer
1887783 - PVC upload cannot continue after approve the certificate
1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard
1887799 - User workload monitoring prometheus-config-reloader OOM
1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky
1887863 - Installer panics on invalid flavor
1887864 - Clean up dependencies to avoid invalid scan flagging
1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison
1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig
1888015 - workaround kubelet graceful termination of static pods bug
1888028 - prevent extra cycle in aggregated apiservers
1888036 - Operator details shows old CRD versions
1888041 - non-terminating pods are going from running to pending
1888072 - Setting Supermicro node to PXE boot via Redfish doesn't take affect
1888073 - Operator controller continuously busy looping
1888118 - Memory requests not specified for image registry operator
1888150 - Install Operand Form on OperatorHub is displaying unformatted text
1888172 - PR 209 didn't update the sample archive, but machineset and pdbs are now namespaced
1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build
1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5
1888311 - p&f: make SAR traffic from oauth and openshift apiserver exempt
1888363 - namespaces crash in dev
1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created
1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected
1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC
1888494 - imagepruner pod is error when image registry storage is not configured
1888565 - [OSP] machine-config-daemon-firstboot.service failed with "error reading osImageURL from rpm-ostree"
1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error
1888601 - The poddisruptionbudgets is using the operator service account, instead of gather
1888657 - oc doesn't know its name
1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable
1888671 - Document the Cloud Provider's ignore-volume-az setting
1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image
1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s", cr.GetName()
1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set
1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster
1888866 - AggregatedAPIDown permanently firing after removing APIService
1888870 - JS error when using autocomplete in YAML editor
1888874 - hover message are not shown for some properties
1888900 - align plugins versions
1888985 - Cypress: Fix 'Ensures buttons have discernible text' accesibility violation
1889213 - The error message of uploading failure is not clear enough
1889267 - Increase the time out for creating template and upload image in the terraform
1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages)
1889374 - Kiali feature won't work on fresh 4.6 cluster
1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode
1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade
1889515 - Accessibility - The symbols e.g checkmark in the Node > overview page has no text description, label, or other accessible information
1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance
1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown
1889577 - Resources are not shown on project workloads page
1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment
1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages
1889692 - Selected Capacity is showing wrong size
1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15
1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off
1889710 - Prometheus metrics on disk take more space compared to OCP 4.5
1889721 - opm index add semver-skippatch mode does not respect prerelease versions
1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn't see the Disk tab
1889767 - [vsphere] Remove certificate from upi-installer image
1889779 - error when destroying a vSphere installation that failed early
1889787 - OCP is flooding the oVirt engine with auth errors
1889838 - race in Operator update after fix from bz1888073
1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1
1889863 - Router prints incorrect log message for namespace label selector
1889891 - Backport timecache LRU fix
1889912 - Drains can cause high CPU usage
1889921 - Reported Degraded=False Available=False pair does not make sense
1889928 - [e2e][automation] Add more tests for golden os
1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName
1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings
1890074 - MCO extension kernel-headers is invalid
1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest
1890130 - multitenant mode consistently fails CI
1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e
1890145 - The mismatched of font size for Status Ready and Health Check secondary text
1890180 - FieldDependency x-descriptor doesn't support non-sibling fields
1890182 - DaemonSet with existing owner garbage collected
1890228 - AWS: destroy stuck on route53 hosted zone not found
1890235 - e2e: update Protractor's checkErrors logging
1890250 - workers may fail to join the cluster during an update from 4.5
1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member
1890270 - External IP doesn't work if the IP address is not assigned to a node
1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability
1890456 - [vsphere] mapi_instance_create_failed doesn't work on vsphere
1890467 - unable to edit an application without a service
1890472 - [Kuryr] Bulk port creation exception not completely formatted
1890494 - Error assigning Egress IP on GCP
1890530 - cluster-policy-controller doesn't gracefully terminate
1890630 - [Kuryr] Available port count not correctly calculated for alerts
1890671 - [SA] verify-image-signature using service account does not work
1890677 - 'oc image info' claims 'does not exist' for application/vnd.oci.image.manifest.v1+json manifest
1890808 - New etcd alerts need to be added to the monitoring stack
1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn't sync the "overall" sha it syncs only the sub arch sha.
1890984 - Rename operator-webhook-config to sriov-operator-webhook-config
1890995 - wew-app should provide more insight into why image deployment failed
1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call
1891047 - Helm chart fails to install using developer console because of TLS certificate error
1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler
1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI
1891108 - p&f: Increase the concurrency share of workload-low priority level
1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine)
1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown
1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn't meet requirements of chart)
1891362 - Wrong metrics count for openshift_build_result_total
1891368 - fync should be fsync for etcdHighFsyncDurations alert's annotations.message
1891374 - fync should be fsync for etcdHighFsyncDurations critical alert's annotations.message
1891376 - Extra text in Cluster Utilization charts
1891419 - Wrong detail head on network policy detail page.
1891459 - Snapshot tests should report stderr of failed commands
1891498 - Other machine config pools do not show during update
1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage
1891551 - Clusterautoscaler doesn't scale up as expected
1891552 - Handle missing labels as empty.
1891555 - The windows oc.exe binary does not have version metadata
1891559 - kuryr-cni cannot start new thread
1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11
1891625 - [Release 4.7] Mutable LoadBalancer Scope
1891702 - installer get pending when additionalTrustBundle is added into install-config.yaml
1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails
1891740 - OperatorStatusChanged is noisy
1891758 - the authentication operator may spam DeploymentUpdated event endlessly
1891759 - Dockerfile builds cannot change /etc/pki/ca-trust
1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1
1891825 - Error message not very informative in case of mode mismatch
1891898 - The ClusterServiceVersion can define Webhooks that cannot be created.
1891951 - UI should show warning while creating pools with compression on
1891952 - [Release 4.7] Apps Domain Enhancement
1891993 - 4.5 to 4.6 upgrade doesn't remove deployments created by marketplace
1891995 - OperatorHub displaying old content
1891999 - Storage efficiency card showing wrong compression ratio
1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version GLIBC_2.28' not found (required by ./opm)
1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector.
1892198 - TypeError in 'Performance Profile' tab displayed for 'Performance Addon Operator'
1892288 - assisted install workflow creates excessive control-plane disruption
1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config
1892358 - [e2e][automation] update feature gate for kubevirt-gating job
1892376 - Deleted netnamespace could not be re-created
1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky
1892393 - TestListPackages is flaky
1892448 - MCDPivotError alert/metric missing
1892457 - NTO-shipped stalld needs to use FIFO for boosting.
1892467 - linuxptp-daemon crash
1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env
1892653 - User is unable to create KafkaSource with v1beta
1892724 - VFS added to the list of devices of the nodeptpdevice CRD
1892799 - Mounting additionalTrustBundle in the operator
1893117 - Maintenance mode on vSphere blocks installation.
1893351 - TLS secrets are not able to edit on console.
1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots
1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky "worker" assumption when guessing about ingress availability
1893546 - Deploy using virtual media fails on node cleaning step
1893601 - overview filesystem utilization of OCP is showing the wrong values
1893645 - oc describe route SIGSEGV
1893648 - Ironic image building process is not compatible with UEFI secure boot
1893724 - OperatorHub generates incorrect RBAC
1893739 - Force deletion doesn't work for snapshots if snapshotclass is already deleted
1893776 - No useful metrics for image pull time available, making debugging issues there impossible
1893798 - Lots of error messages starting with "get namespace to enqueue Alertmanager instances failed" in the logs of prometheus-operator
1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD
1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS
1893926 - Some "Dynamic PV (block volmode)" pattern storage e2e tests are wrongly skipped
1893944 - Wrong product name for Multicloud Object Gateway
1893953 - (release-4.7) Gather default StatefulSet configs
1893956 - Installation always fails at "failed to initialize the cluster: Cluster operator image-registry is still updating"
1893963 - [Testday] Workloads-> Virtualization is not loading for Firefox browser
1893972 - Should skip e2e test cases as early as possible
1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without 'https://'
1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective
1894025 - OCP 4.5 to 4.6 upgrade for "aws-ebs-csi-driver-operator" fails when "defaultNodeSelector" is set
1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used.
1894065 - tag new packages to enable TLS support
1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0
1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries
1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM
1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted
1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI)
1894216 - Improve OpenShift Web Console availability
1894275 - Fix CRO owners file to reflect node owner
1894278 - "database is locked" error when adding bundle to index image
1894330 - upgrade channels needs to be updated for 4.7
1894342 - oauth-apiserver logs many "[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient"
1894374 - Dont prevent the user from uploading a file with incorrect extension
1894432 - [oVirt] sometimes installer timeout on tmp_import_vm
1894477 - bash syntax error in nodeip-configuration.service
1894503 - add automated test for Polarion CNV-5045
1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform
1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets
1894645 - Cinder volume provisioning crashes on nil cloud provider
1894677 - image-pruner job is panicking: klog stack
1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0
1894860 - 'backend' CI job passing despite failing tests
1894910 - Update the node to use the real-time kernel fails
1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package
1895065 - Schema / Samples / Snippets Tabs are all selected at the same time
1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI
1895141 - panic in service-ca injector
1895147 - Remove memory limits on openshift-dns
1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation
1895268 - The bundleAPIs should NOT be empty
1895309 - [OCP v47] The RHEL node scaleup fails due to "No package matching 'cri-o-1.19.*' found available" on OCP 4.7 cluster
1895329 - The infra index filled with warnings "WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release"
1895360 - Machine Config Daemon removes a file although its defined in the dropin
1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1
1895372 - Web console going blank after selecting any operator to install from OperatorHub
1895385 - Revert KUBELET_LOG_LEVEL back to level 3
1895423 - unable to edit an application with a custom builder image
1895430 - unable to edit custom template application
1895509 - Backup taken on one master cannot be restored on other masters
1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image
1895838 - oc explain description contains '/'
1895908 - "virtio" option is not available when modifying a CD-ROM to disk type
1895909 - e2e-metal-ipi-ovn-dualstack is failing
1895919 - NTO fails to load kernel modules
1895959 - configuring webhook token authentication should prevent cluster upgrades
1895979 - Unable to get coreos-installer with --copy-network to work
1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV
1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded)
1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed
1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest
1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded
1896244 - Found a panic in storage e2e test
1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general
1896302 - [e2e][automation] Fix 4.6 test failures
1896365 - [Migration]The SDN migration cannot revert under some conditions
1896384 - [ovirt IPI]: local coredns resolution not working
1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6
1896529 - Incorrect instructions in the Serverless operator and application quick starts
1896645 - documentationBaseURL needs to be updated for 4.7
1896697 - [Descheduler] policy.yaml param in cluster configmap is empty
1896704 - Machine API components should honour cluster wide proxy settings
1896732 - "Attach to Virtual Machine OS" button should not be visible on old clusters
1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection is incompatible with SR-IOV operator
1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails
1896918 - start creating new-style Secrets for AWS
1896923 - DNS pod /metrics exposed on anonymous http port
1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters
1897003 - VNC console cannot be connected after visit it in new window
1897008 - Cypress: reenable check for 'aria-hidden-focus' rule & checkA11y test for modals
1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO
1897039 - router pod keeps printing log: template "msg"="router reloaded" "output"="[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option 'http-use-htx' is deprecated and ignored
1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV.
1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces
1897138 - oVirt provider uses depricated cluster-api project
1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly
1897252 - Firing alerts are not showing up in console UI after cluster is up for some time
1897354 - Operator installation showing success, but Provided APIs are missing
1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with "connection refused"
1897412 - [sriov]disableDrain did not be updated in CRD of manifest
1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page
1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to 'localhost'
1897520 - After restarting nodes the image-registry co is in degraded true state.
1897584 - Add casc plugins
1897603 - Cinder volume attachment detection failure in Kubelet
1897604 - Machine API deployment fails: Kube-Controller-Manager can't reach API: "Unauthorized"
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests
1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition
1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannotCreate OCS Cluster Service1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing
1897897 - ptp lose sync openshift 4.6
1898036 - no network after reboot (IPI)
1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically
1898097 - mDNS floods the baremetal network
1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem
1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied
1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster
1898174 - [OVN] EgressIP does not guard against node IP assignment
1898194 - GCP: can't install on custom machine types
1898238 - Installer validations allow same floating IP for API and Ingress
1898268 - [OVN]:make checkbroken on 4.6
1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default
1898320 - Incorrect Apostrophe Translation of "it's" in Scheduling Disabled Popover
1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display.
1898407 - [Deployment timing regression] Deployment takes longer with 4.7
1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service
1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine
1898500 - Failure to upgrade operator when a Service is included in a Bundle
1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic
1898532 - Display names defined in specDescriptors not respected
1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted
1898613 - Whereabouts should exclude IPv6 ranges
1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase
1898679 - Operand creation form - Required "type: object" properties (Accordion component) are missing red asterisk
1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability
1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator
1898839 - Wrong YAML in operator metadata
1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job
1898873 - Remove TechPreview Badge from Monitoring
1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way
1899111 - [RFE] Update jenkins-maven-agen to maven36
1899128 - VMI details screen -> show the warning that it is preferable to have a VM only if the VM actually does not exist
1899175 - bump the RHCOS boot images for 4.7
1899198 - Use new packages for ipa ramdisks
1899200 - In Installed Operators page I cannot search for an Operator by it's name
1899220 - Support AWS IMDSv2
1899350 - configure-ovs.sh doesn't configure bonding options
1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error "An error occurred Not Found"
1899459 - Failed to start monitoring pods once the operator removed from override list of CVO
1899515 - Passthrough credentials are not immediately re-distributed on update
1899575 - update discovery burst to reflect lots of CRDs on openshift clusters
1899582 - update discovery burst to reflect lots of CRDs on openshift clusters
1899588 - Operator objects are re-created after all other associated resources have been deleted
1899600 - Increased etcd fsync latency as of OCP 4.6
1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup
1899627 - Project dashboard Active status using small icon
1899725 - Pods table does not wrap well with quick start sidebar open
1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD)
1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality
1899835 - catalog-operator repeatedly crashes with "runtime error: index out of range [0] with length 0"
1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap
1899853 - additionalSecurityGroupIDs not working for master nodes
1899922 - NP changes sometimes influence new pods.
1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet
1900008 - Fix internationalized sentence fragments in ImageSearch.tsx
1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx
1900020 - Remove ' from internationalized keys
1900022 - Search Page - Top labels field is not applied to selected Pipeline resources
1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently
1900126 - Creating a VM results in suggestion to create a default storage class when one already exists
1900138 - [OCP on RHV] Remove insecure mode from the installer
1900196 - stalld is not restarted after crash
1900239 - Skip "subPath should be able to unmount" NFS test
1900322 - metal3 pod's toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists
1900377 - [e2e][automation] create new css selector for active users
1900496 - (release-4.7) Collect spec config for clusteroperator resources
1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks
1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue
1900759 - include qemu-guest-agent by default
1900790 - Track all resource counts via telemetry
1900835 - Multus errors when cachefile is not found
1900935 -oc adm release mirrorpanic panic: runtime error
1900989 - accessing the route cannot wake up the idled resources
1901040 - When scaling down the status of the node is stuck on deleting
1901057 - authentication operator health check failed when installing a cluster behind proxy
1901107 - pod donut shows incorrect information
1901111 - Installer dependencies are broken
1901200 - linuxptp-daemon crash when enable debug log level
1901301 - CBO should handle platform=BM without provisioning CR
1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly
1901363 - High Podready Latency due to timed out waiting for annotations
1901373 - redundant bracket on snapshot restore button
1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with "timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true"
1901395 - "Edit virtual machine template" action link should be removed
1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting
1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP
1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema
1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod "before all" hook for "creates the resource instance"
1901604 - CNO blocks editing Kuryr options
1901675 - [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should allow multicast traffic in namespaces where it is enabled
1901909 - The device plugin pods / cni pod are restarted every 5 minutes
1901982 - [sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service
1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error
1902059 - Wire a real signer for service accout issuer
1902091 -cluster-image-registry-operatorpod leaves connections open when fails connecting S3 storage
1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service
1902157 - The DaemonSet machine-api-termination-handler couldn't allocate Pod
1902253 - MHC status doesnt set RemediationsAllowed = 0
1902299 - Failed to mirror operator catalog - error: destination registry required
1902545 - Cinder csi driver node pod should add nodeSelector for Linux
1902546 - Cinder csi driver node pod doesn't run on master node
1902547 - Cinder csi driver controller pod doesn't run on master node
1902552 - Cinder csi driver does not use the downstream images
1902595 - Project workloads list view doesn't show alert icon and hover message
1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent
1902601 - Cinder csi driver pods run as BestEffort qosClass
1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group
1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails
1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked
1902824 - failed to generate semver informed package manifest: unable to determine default channel
1902894 - hybrid-overlay-node crashing trying to get node object during initialization
1902969 - Cannot load vmi detail page
1902981 - It should default to current namespace when create vm from template
1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file via s3:// URI
1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry
1903034 - OLM continuously printing debug logs
1903062 - [Cinder csi driver] Deployment mounted volume have no write access
1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready
1903107 - Enable vsphere-problem-detector e2e tests
1903164 - OpenShift YAML editor jumps to top every few seconds
1903165 - Improve Canary Status Condition handling for e2e tests
1903172 - Column Management: Fix sticky footer on scroll
1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled
1903188 - [Descheduler] cluster log reports failed to validate server configuration" err="unsupported log format:
1903192 - Role name missing on create role binding form
1903196 - Popover positioning is misaligned for Overview Dashboard status items
1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends.
1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components
1903248 - Backport Upstream Static Pod UID patch
1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests]
1903290 - Kubelet repeatedly log the same log line from exited containers
1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption.
1903382 - Panic when task-graph is canceled with a TaskNode with no tasks
1903400 - Migrate a VM which is not running goes to pending state
1903402 - Nic/Disk on VMI overview should link to VMI's nic/disk page
1903414 - NodePort is not working when configuring an egress IP address
1903424 - mapi_machine_phase_transition_seconds_sum doesn't work
1903464 - "Evaluating rule failed" for "record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum" and "record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum"
1903639 - Hostsubnet gatherer produces wrong output
1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service
1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started
1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image
1903717 - Handle different Pod selectors for metal3 Deployment
1903733 - Scale up followed by scale down can delete all running workers
1903917 - Failed to load "Developer Catalog" page
1903999 - Httplog response code is always zero
1904026 - The quota controllers should resync on new resources and make progress
1904064 - Automated cleaning is disabled by default
1904124 - DHCP to static lease script doesn't work correctly if starting with infinite leases
1904125 - Boostrap VM .ign image gets added into 'default' pool instead of <cluster-name>-<id>-bootstrap
1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails
1904133 - KubeletConfig flooded with failure conditions
1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart
1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi !
1904244 - MissingKey errors for two plugins using i18next.t
1904262 - clusterresourceoverride-operator has version: 1.0.0 every build
1904296 - VPA-operator has version: 1.0.0 every build
1904297 - The index image generated by "opm index prune" leaves unrelated images
1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards
1904385 - [oVirt] registry cannot mount volume on 4.6.4 -> 4.6.6 upgrade
1904497 - vsphere-problem-detector: Run on vSphere cloud only
1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set
1904502 - vsphere-problem-detector: allow longer timeouts for some operations
1904503 - vsphere-problem-detector: emit alerts
1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody)
1904578 - metric scraping for vsphere problem detector is not configured
1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -> 4.6.6 upgrade
1904663 - IPI pointer customization MachineConfig always generated
1904679 - [Feature:ImageInfo] Image info should display information about images
1904683 -[sig-builds][Feature:Builds] s2i build with a root user imagetests use docker.io image
1904684 - [sig-cli] oc debug ensure it works with image streams
1904713 - Helm charts with kubeVersion restriction are filtered incorrectly
1904776 - Snapshot modal alert is not pluralized
1904824 - Set vSphere hostname from guestinfo before NM starts
1904941 - Insights status is always showing a loading icon
1904973 - KeyError: 'nodeName' on NP deletion
1904985 - Prometheus and thanos sidecar targets are down
1904993 - Many ampersand special characters are found in strings
1905066 - QE - Monitoring test cases - smoke test suite automation
1905074 - QE -Gherkin linter to maintain standards
1905100 - Too many haproxy processes in default-router pod causing high load average
1905104 - Snapshot modal disk items missing keys
1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm
1905119 - Race in AWS EBS determining whether custom CA bundle is used
1905128 - [e2e][automation] e2e tests succeed without actually execute
1905133 - operator conditions special-resource-operator
1905141 - vsphere-problem-detector: report metrics through telemetry
1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures
1905194 - Detecting broken connections to the Kube API takes up to 15 minutes
1905221 - CVO transitions from "Initializing" to "Updating" despite not attempting many manifests
1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP
1905253 - Inaccurate text at bottom of Events page
1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory
1905299 - OLM fails to update operator
1905307 - Provisioning CR is missing from must-gather
1905319 - cluster-samples-operator containers are not requesting required memory resource
1905320 - csi-snapshot-webhook is not requesting required memory resource
1905323 - dns-operator is not requesting required memory resource
1905324 - ingress-operator is not requesting required memory resource
1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory
1905328 - Changing the bound token service account issuer invalids previously issued bound tokens
1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory
1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory
1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails
1905347 - QE - Design Gherkin Scenarios
1905348 - QE - Design Gherkin Scenarios
1905362 - [sriov] Error message 'Fail to update DaemonSet' always shown in sriov operator pod
1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted
1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input
1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation
1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1
1905404 - The example of "Remove the entrypoint on the mysql:latest image" foroc image appenddoes not work
1905416 - Hyperlink not working from Operator Description
1905430 - usbguard extension fails to install because of missing correct protobuf dependency version
1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads
1905502 - Test flake - unable to get https transport for ephemeral-registry
1905542 - [GSS] The "External" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6.
1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs
1905610 - Fix typo in export script
1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster
1905640 - Subscription manual approval test is flaky
1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry
1905696 - ClusterMoreUpdatesModal component did not get internationalized
1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes
1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project
1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster
1905792 - [OVN]Cannot create egressfirewalll with dnsName
1905889 - Should create SA for each namespace that the operator scoped
1905920 - Quickstart exit and restart
1905941 - Page goes to error after create catalogsource
1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711
1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters
1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected
1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it
1906118 - OCS feature detection constantly polls storageclusters and storageclasses
1906120 - 'Create Role Binding' form not setting user or group value when created from a user or group resource
1906121 - [oc] After new-project creation, the kubeconfig file does not set the project
1906134 - OLM should not create OperatorConditions for copied CSVs
1906143 - CBO supports log levels
1906186 - i18n: Translators are not able to translatethiswithout context for alert manager config
1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots
1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize.
1906276 -oc image appendcan't work with multi-arch image with --filter-by-os='.*'
1906318 - use proper term for Authorized SSH Keys
1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional
1906356 - Unify Clone PVC boot source flow with URL/Container boot source
1906397 - IPA has incorrect kernel command line arguments
1906441 - HorizontalNav and NavBar have invalid keys
1906448 - Deploy using virtualmedia with provisioning network disabled fails - 'Failed to connect to the agent' in ironic-conductor log
1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project
1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node's memory and killing them
1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures
1906511 - Root reprovisioning tests flaking often in CI
1906517 - Validation is not robust enough and may prevent to generate install-confing.
1906518 - Update snapshot API CRDs to v1
1906519 - Update LSO CRDs to use v1
1906570 - Number of disruptions caused by reboots on a cluster cannot be measured
1906588 - [ci][sig-builds] nodes is forbidden: User "e2e-test-jenkins-pipeline-xfghs-user" cannot list resource "nodes" in API group "" at the cluster scope
1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs
1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs
1906679 - quick start panel styles are not loaded
1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber
1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form
1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created
1906689 - user can pin to nav configmaps and secrets multiple times
1906691 - Add doc which describes disabling helm chart repository
1906713 - Quick starts not accesible for a developer user
1906718 - helm chart "provided by Redhat" is misspelled
1906732 - Machine API proxy support should be tested
1906745 - Update Helm endpoints to use Helm 3.4.x
1906760 - performance issues with topology constantly re-rendering
1906766 - localizedAutoscaled&Autoscalingpod texts overlap with the pod ring
1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section
1906769 - topology fails to load with non-kubeadmin user
1906770 - shortcuts on mobiles view occupies a lot of space
1906798 - Dev catalog customization doesn't update console-config ConfigMap
1906806 - Allow installing extra packages in ironic container images
1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer
1906835 - Topology view shows add page before then showing full project workloads
1906840 - ClusterOperator should not have status "Updating" if operator version is the same as the release version
1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy
1906860 - Bump kube dependencies to v1.20 for Net Edge components
1906864 - Quick Starts Tour: Need to adjust vertical spacing
1906866 - Translations of Sample-Utils
1906871 - White screen when sort by name in monitoring alerts page
1906872 - Pipeline Tech Preview Badge Alignment
1906875 - Provide an option to force backup even when API is not available.
1906877 - Placeholder' value in search filter do not match column heading in Vulnerabilities
1906879 - Add missing i18n keys
1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install
1906896 - No Alerts causes odd empty Table (Need no content message)
1906898 - Missing User RoleBindings in the Project Access Web UI
1906899 - Quick Start - Highlight Bounding Box Issue
1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1
1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers
1906935 - Delete resources when Provisioning CR is deleted
1906968 - Must-gather should support collecting kubernetes-nmstate resources
1906986 - Ensure failed pod adds are retried even if the pod object doesn't change
1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt
1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change
1907211 - beta promotion of p&f switched storage version to v1beta1, making downgrades impossible.
1907269 - Tooltips data are different when checking stack or not checking stack for the same time
1907280 - Install tour of OCS not available.
1907282 - Topology page breaks with white screen
1907286 - The default mhc machine-api-termination-handler couldn't watch spot instance
1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent
1907293 - Increase timeouts in e2e tests
1907295 - Gherkin script for improve management for helm
1907299 - Advanced Subscription Badge for KMS and Arbiter not present
1907303 - Align VM template list items by baseline
1907304 - Use PF styles for selected template card in VM Wizard
1907305 - Drop 'ISO' from CDROM boot source message
1907307 - Support and provider labels should be passed on between templates and sources
1907310 - Pin action should be renamed to favorite
1907312 - VM Template source popover is missing info about added date
1907313 - ClusterOperator objects cannot be overriden with cvo-overrides
1907328 - iproute-tc package is missing in ovn-kube image
1907329 - CLUSTER_PROFILE env. variable is not used by the CVO
1907333 - Node stuck in degraded state, mcp reports "Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached"
1907373 - Rebase to kube 1.20.0
1907375 - Bump to latest available 1.20.x k8s - workloads team
1907378 - Gather netnamespaces networking info
1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity
1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn't match the CSV one
1907390 - prometheus-adapter: panic after k8s 1.20 bump
1907399 - build log icon link on topology nodes cause app to reload
1907407 - Buildah version not accessible
1907421 - [4.6.1]oc-image-mirror command failed on "error: unable to copy layer"
1907453 - Dev Perspective -> running vm details -> resources -> no data
1907454 - Install PodConnectivityCheck CRD with CNO
1907459 - "The Boot source is also maintained by Red Hat." is always shown for all boot sources
1907475 - Unable to estimate the error rate of ingress across the connected fleet
1907480 -Active alertssection throwing forbidden error for users.
1907518 - Kamelets/Eventsource should be shown to user if they have create access
1907543 - Korean timestamps are shown when users' language preferences are set to German-en-en-US
1907610 - Update kubernetes deps to 1.20
1907612 - Update kubernetes deps to 1.20
1907621 - openshift/installer: bump cluster-api-provider-kubevirt version
1907628 - Installer does not set primary subnet consistently
1907632 - Operator Registry should update its kubernetes dependencies to 1.20
1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters
1907644 - fix up handling of non-critical annotations on daemonsets/deployments
1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?)
1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication
1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail
1907767 - [e2e][automation]update test suite for kubevirt plugin
1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don't allow master and worker nodes to boot
1907792 - Theoverridesof the OperatorCondition cannot block the operator upgrade
1907793 - Surface support info in VM template details
1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage
1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set
1907863 - Quickstarts status not updating when starting the tour
1907872 - dual stack with an ipv6 network fails on bootstrap phase
1907874 - QE - Design Gherkin Scenarios for epic ODC-5057
1907875 - No response when try to expand pvc with an invalid size
1907876 - Refactoring record package to make gatherer configurable
1907877 - QE - Automation- pipelines builder scripts
1907883 - Fix Pipleine creation without namespace issue
1907888 - Fix pipeline list page loader
1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form
1907892 - Unable to edit application deployed using "From Devfile" option
1907893 - navSortUtils.spec.ts unit test failure
1907896 - When a workload is added, Topology does not place the new items well
1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template
1907924 - Enable madvdontneed in OpenShift Images
1907929 - Enable madvdontneed in OpenShift System Components Part 2
1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot
1907947 - The kubeconfig saved in tenantcluster shouldn't include anything that is not related to the current context
1907948 - OCM-O bump to k8s 1.20
1907952 - bump to k8s 1.20
1907972 - Update OCM link to open Insights tab
1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI
1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916
1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni
1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk
1908035 - dynamic-demo-plugin build does not generate dist directory
1908135 - quick search modal is not centered over topology
1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled
1908159 - [AWS C2S] MCO fails to sync cloud config
1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384)
1908180 - Add source for template is stucking in preparing pvc
1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens
1908231 - [Migration] The pods ovnkube-node are in CrashLoopBackOff after SDN to OVN
1908277 - QE - Automation- pipelines actions scripts
1908280 - Documentation describingignore-volume-azis incorrect
1908296 - Fix pipeline builder form yaml switcher validation issue
1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI
1908323 - Create button missing for PLR in the search page
1908342 - The new pv_collector_total_pv_count is not reported via telemetry
1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name
1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots
1908349 - Volume snapshot tests are failing after 1.20 rebase
1908353 - QE - Automation- pipelines runs scripts
1908361 - bump to k8s 1.20
1908367 - QE - Automation- pipelines triggers scripts
1908370 - QE - Automation- pipelines secrets scripts
1908375 - QE - Automation- pipelines workspaces scripts
1908381 - Go Dependency Fixes for Devfile Lib
1908389 - Loadbalancer Sync failing on Azure
1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived
1908407 - Backport Upstream 95269 to fix potential crash in kubelet
1908410 - Exclude Yarn from VSCode search
1908425 - Create Role Binding form subject type and name are undefined when All Project is selected
1908431 - When the marketplace-operator pod get's restarted, the custom catalogsources are gone, as well as the pods
1908434 - Remove &apos from metal3-plugin internationalized strings
1908437 - Operator backed with no icon has no badge associated with the CSV tag
1908459 - bump to k8s 1.20
1908461 - Add bugzilla component to OWNERS file
1908462 - RHCOS 4.6 ostree removed dhclient
1908466 - CAPO AZ Screening/Validating
1908467 - Zoom in and zoom out in topology package should be sentence case
1908468 - [Azure][4.7] Installer can't properly parse instance type with non integer memory size
1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster
1908471 - OLM should bump k8s dependencies to 1.20
1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests
1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM
1908545 - VM clone dialog does not open
1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard
1908562 - Pod readiness is not being observed in real world cases
1908565 - [4.6] Cannot filter the platform/arch of the index image
1908573 - Align the style of flavor
1908583 - bootstrap does not run on additional networks if configured for master in install-config
1908596 - Race condition on operator installation
1908598 - Persistent Dashboard shows events for all provisioners
1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state
1908648 - Skip TestKernelType test on OKD, adjust TestExtensions
1908650 - The title of customize wizard is inconsistent
1908654 - cluster-api-provider: volumes and disks names shouldn't change by machine-api-operator
1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s]
1908687 - Option to save user settings separate when using local bridge (affects console developers only)
1908697 - Showkubectl diff command in the oc diff help page
1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom
1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds
1908717 - "missing unit character in duration" error in some network dashboards
1908746 - [Safari] Drop Shadow doesn't works as expected on hover on workload
1908747 - stale S3 CredentialsRequest in CCO manifest
1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase
1908830 - RHCOS 4.6 - Missing Initiatorname
1908868 - Update empty state message for EventSources and Channels tab
1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes
1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference
1908888 - Dualstack does not work with multiple gateways
1908889 - Bump CNO to k8s 1.20
1908891 - TestDNSForwarding DNS operator e2e test is failing frequently
1908914 - CNO: upgrade nodes before masters
1908918 - Pipeline builder yaml view sidebar is not responsive
1908960 - QE - Design Gherkin Scenarios
1908971 - Gherkin Script for pipeline debt 4.7
1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated
1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console
1908998 - [cinder-csi-driver] doesn't detect the credentials change
1909004 - "No datapoints found" for RHEL node's filesystem graph
1909005 - i18n: workloads list view heading is not translated
1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects
1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type
1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware
1909067 - Web terminal should keep latest output when connection closes
1909070 - PLR and TR Logs component is not streaming as fast as tkn
1909092 - Error Message should not confuse user on Channel form
1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page
1909108 - Machine API components should use 1.20 dependencies
1909116 - Catalog Sort Items dropdown is not aligned on Firefox
1909198 - Move Sink action option is not working
1909207 - Accessibility Issue on monitoring page
1909236 - Remove pinned icon overlap on resource name
1909249 - Intermittent packet drop from pod to pod
1909276 - Accessibility Issue on create project modal
1909289 - oc debug of an init container no longer works
1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2
1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle
1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it
1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O
1909464 - Build operator-registry with golang-1.15
1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found
1909521 - Add kubevirt cluster type for e2e-test workflow
1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created
1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node
1909610 - Fix available capacity when no storage class selected
1909678 - scale up / down buttons available on pod details side panel
1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART
1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined
1909739 - Arbiter request data changes
1909744 - cluster-api-provider-openstack: Bump gophercloud
1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline
1909791 - Update standalone kube-proxy config for EndpointSlice
1909792 - Empty states for some details page subcomponents are not i18ned
1909815 - Perspective switcher is only half-i18ned
1909821 - OCS 4.7 LSO installation blocked because of Error "Invalid value: "integer": spec.flexibleScaling in body
1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn't installed in CI
1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing
1909911 - [OVN]EgressFirewall caused a segfault
1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument
1909958 - Support Quick Start Highlights Properly
1909978 - ignore-volume-az = yes not working on standard storageClass
1909981 - Improve statement in template select step
1909992 - Fail to pull the bundle image when using the private index image
1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev
1910036 - QE - Design Gherkin Scenarios ODC-4504
1910049 - UPI: ansible-galaxy is not supported
1910127 - [UPI on oVirt]: Improve UPI Documentation
1910140 - fix the api dashboard with changes in upstream kube 1.20
1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment's containers with the OPERATOR_CONDITION_NAME Environment Variable
1910165 - DHCP to static lease script doesn't handle multiple addresses
1910305 - [Descheduler] - The minKubeVersion should be 1.20.0
1910409 - Notification drawer is not localized for i18n
1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials
1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation
1910501 - Installed Operators->Operand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page
1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work
1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready
1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability
1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded
1910739 - Redfish-virtualmedia (idrac) deploy fails on "The Virtual Media image server is already connected"
1910753 - Support Directory Path to Devfile
1910805 - Missing translation for Pipeline status and breadcrumb text
1910829 - Cannot delete a PVC if the dv's phase is WaitForFirstConsumer
1910840 - Show Nonexistent command info in theoc rollback -hhelp page
1910859 - breadcrumbs doesn't use last namespace
1910866 - Unify templates string
1910870 - Unify template dropdown action
1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6
1911129 - Monitoring charts renders nothing when switching from a Deployment to "All workloads"
1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard
1911212 - [MSTR-998] API Performance Dashboard "Period" drop-down has a choice "$__auto_interval_period" which can bring "1:154: parse error: missing unit character in duration"
1911213 - Wrong and misleading warning for VMs that were created manually (not from template)
1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created
1911269 - waiting for the build message present when build exists
1911280 - Builder images are not detected for Dotnet, Httpd, NGINX
1911307 - Pod Scale-up requires extra privileges in OpenShift web-console
1911381 - "Select Persistent Volume Claim project" shows in customize wizard when select a source available template
1911382 - "source volumeMode (Block) and target volumeMode (Filesystem) do not match" shows in VM Error
1911387 - Hit error - "Cannot read property 'value' of undefined" while creating VM from template
1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation
1911418 - [v2v] The target storage class name is not displayed if default storage class is used
1911434 - git ops empty state page displays icon with watermark
1911443 - SSH Cretifiaction field should be validated
1911465 - IOPS display wrong unit
1911474 - Devfile Application Group Does Not Delete Cleanly (errors)
1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController
1911574 - Expose volume mode on Upload Data form
1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined
1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel
1911656 - using 'operator-sdk run bundle' to install operator successfully, but the command output said 'Failed to run bundle''
1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state
1911782 - Descheduler should not evict pod used local storage by the PVC
1911796 - uploading flow being displayed before submitting the form
1912066 - The ansible type operator's manager container is not stable when managing the CR
1912077 - helm operator's default rbac forbidden
1912115 - [automation] Analyze job keep failing because of 'JavaScript heap out of memory'
1912237 - Rebase CSI sidecars for 4.7
1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page
1912409 - Fix flow schema deployment
1912434 - Update guided tour modal title
1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken
1912523 - Standalone pod status not updating in topology graph
1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion
1912558 - TaskRun list and detail screen doesn't show Pending status
1912563 - p&f: carry 97206: clean up executing request on panic
1912565 - OLM macOS local build broken by moby/term dependency
1912567 - [OCP on RHV] Node becomes to 'NotReady' status when shutdown vm from RHV UI only on the second deletion
1912577 - 4.1/4.2->4.3->...-> 4.7 upgrade is stuck during 4.6->4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff
1912590 - publicImageRepository not being populated
1912640 - Go operator's controller pods is forbidden
1912701 - Handle dual-stack configuration for NIC IP
1912703 - multiple queries can't be plotted in the same graph under some conditons
1912730 - Operator backed: In-context should support visual connector if SBO is not installed
1912828 - Align High Performance VMs with High Performance in RHV-UI
1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates
1912852 - VM from wizard - available VM templates - "storage" field is "0 B"
1912888 - recycler template should be moved to KCM operator
1912907 - Helm chart repository index can contain unresolvable relative URL's
1912916 - Set external traffic policy to cluster for IBM platform
1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller
1912938 - Update confirmation modal for quick starts
1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment
1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment
1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver
1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912977 - rebase upstream static-provisioner
1913006 - Remove etcd v2 specific alerts with etcd_http* metrics
1913011 - [OVN] Pod's external traffic not use egressrouter macvlan ip as a source ip
1913037 - update static-provisioner base image
1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state
1913085 - Regression OLM uses scoped client for CRD installation
1913096 - backport: cadvisor machine metrics are missing in k8s 1.19
1913132 - The installation of Openshift Virtualization reports success early before it 's succeeded eventually
1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root
1913196 - Guided Tour doesn't handle resizing of browser
1913209 - Support modal should be shown for community supported templates
1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort
1913249 - update info alert this template is not aditable
1913285 - VM list empty state should link to virtualization quick starts
1913289 - Rebase AWS EBS CSI driver for 4.7
1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled
1913297 - Remove restriction of taints for arbiter node
1913306 - unnecessary scroll bar is present on quick starts panel
1913325 - 1.20 rebase for openshift-apiserver
1913331 - Import from git: Fails to detect Java builder
1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used
1913343 - (release-4.7) Added changelog file for insights-operator
1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator
1913371 - Missing i18n key "Administrator" in namespace "console-app" and language "en."
1913386 - users can see metrics of namespaces for which they don't have rights when monitoring own services with prometheus user workloads
1913420 - Time duration setting of resources is not being displayed
1913536 - 4.6.9 -> 4.7 upgrade hangs. RHEL 7.9 worker stuck on "error enabling unit: Failed to execute operation: File exists\\n\"
1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase
1913560 - Normal user cannot load template on the new wizard
1913563 - "Virtual Machine" is not on the same line in create button when logged with normal user
1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table
1913568 - Normal user cannot create template
1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker
1913585 - Topology descriptive text fixes
1913608 - Table data contains data value None after change time range in graph and change back
1913651 - Improved Red Hat image and crashlooping OpenShift pod collection
1913660 - Change location and text of Pipeline edit flow alert
1913685 - OS field not disabled when creating a VM from a template
1913716 - Include additional use of existing libraries
1913725 - Refactor Insights Operator Plugin states
1913736 - Regression: fails to deploy computes when using root volumes
1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes
1913751 - add third-party network plugin test suite to openshift-tests
1913783 - QE-To fix the merging pr issue, commenting the afterEach() block
1913807 - Template support badge should not be shown for community supported templates
1913821 - Need definitive steps about uninstalling descheduler operator
1913851 - Cluster Tasks are not sorted in pipeline builder
1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists
1913951 - Update the Devfile Sample Repo to an Official Repo Host
1913960 - Cluster Autoscaler should use 1.20 dependencies
1913969 - Field dependency descriptor can sometimes cause an exception
1914060 - Disk created from 'Import via Registry' cannot be used as boot disk
1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy
1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks)
1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances
1914125 - Still using /dev/vde as default device path when create localvolume
1914183 - Empty NAD page is missing link to quickstarts
1914196 - target port infrom dockerfileflow does nothing
1914204 - Creating VM from dev perspective may fail with template not found error
1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets
1914212 - [e2e][automation] Add test to validate bootable disk souce
1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes
1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows
1914287 - Bring back selfLink
1914301 - User VM Template source should show the same provider as template itself
1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs
1914309 - /terminal page when WTO not installed shows nonsensical error
1914334 - order of getting started samples is arbitrary
1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel] timeout on s390x
1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI
1914405 - Quick search modal should be opened when coming back from a selection
1914407 - Its not clear that node-ca is running as non-root
1914427 - Count of pods on the dashboard is incorrect
1914439 - Typo in SRIOV port create command example
1914451 - cluster-storage-operator pod running as root
1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true
1914642 - Customize Wizard Storage tab does not pass validation
1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling
1914793 - device names should not be translated
1914894 - Warn about using non-groupified api version
1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug
1914932 - Put correct resource name in relatedObjects
1914938 - PVC disk is not shown on customization wizard general tab
1914941 - VM Template rootdisk is not deleted after fetching default disk bus
1914975 - Collect logs from openshift-sdn namespace
1915003 - No estimate of average node readiness during lifetime of a cluster
1915027 - fix MCS blocking iptables rules
1915041 - s3:ListMultipartUploadParts is relied on implicitly
1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons
1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours
1915085 - Pods created and rapidly terminated get stuck
1915114 - [aws-c2s] worker machines are not create during install
1915133 - Missing default pinned nav items in dev perspective
1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource
1915187 - Remove the "Tech preview" tag in web-console for volumesnapshot
1915188 - Remove HostSubnet anonymization
1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment
1915217 - OKD payloads expect to be signed with production keys
1915220 - Remove dropdown workaround for user settings
1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure
1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod
1915277 - [e2e][automation]fix cdi upload form test
1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout
1915304 - Updating scheduling component builder & base images to be consistent with ART
1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node
1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection
1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod
1915357 - Dev Catalog doesn't load anything if virtualization operator is installed
1915379 - New template wizard should require provider and make support input a dropdown type
1915408 - Failure in operator-registry kind e2e test
1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation
1915460 - Cluster name size might affect installations
1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance
1915540 - Silent 4.7 RHCOS install failure on ppc64le
1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI)
1915582 - p&f: carry upstream pr 97860
1915594 - [e2e][automation] Improve test for disk validation
1915617 - Bump bootimage for various fixes
1915624 - "Please fill in the following field: Template provider" blocks customize wizard
1915627 - Translate Guided Tour text.
1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error
1915647 - Intermittent White screen when the connector dragged to revision
1915649 - "Template support" pop up is not a warning; checkbox text should be rephrased
1915654 - [e2e][automation] Add a verification for Afinity modal should hint "Matching node found"
1915661 - Can't run the 'oc adm prune' command in a pod
1915672 - Kuryr doesn't work with selfLink disabled.
1915674 - Golden image PVC creation - storage size should be taken from the template
1915685 - Message for not supported template is not clear enough
1915760 - Need to increase timeout to wait rhel worker get ready
1915793 - quick starts panel syncs incorrectly across browser windows
1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster
1915818 - vsphere-problem-detector: use "_totals" in metrics
1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol
1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version
1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0
1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics
1915885 - Kuryr doesn't support workers running on multiple subnets
1915898 - TaskRun log output shows "undefined" in streaming
1915907 - test/cmd/builds.sh uses docker.io
1915912 - sig-storage-csi-snapshotter image not available
1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART
1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard
1915939 - Resizing the browser window removes Web Terminal Icon
1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance]
1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7
1915962 - ROKS: manifest with machine health check fails to apply in 4.7
1915972 - Global configuration breadcrumbs do not work as expected
1915981 - Install ethtool and conntrack in container for debugging
1915995 - "Edit RoleBinding Subject" action under RoleBinding list page kebab actions causes unhandled exception
1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups
1916021 - OLM enters infinite loop if Pending CSV replaces itself
1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry
1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert's annotations
1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk
1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration
1916145 - Explicitly set minimum versions of python libraries
1916164 - Update csi-driver-nfs builder & base images to be consistent with ART
1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7
1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third
1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2
1916379 - error metrics from vsphere-problem-detector should be gauge
1916382 - Can't create ext4 filesystems with Ignition
1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving 'verified: false' even for verified updates
1916401 - Deleting an ingress controller with a bad DNS Record hangs
1916417 - [Kuryr] Must-gather does not have all Custom Resources information
1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image
1916454 - teach CCO about upgradeability from 4.6 to 4.7
1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation
1916502 - Boot disk mirroring fails with mdadm error
1916524 - Two rootdisk shows on storage step
1916580 - Default yaml is broken for VM and VM template
1916621 - oc adm node-logs examples are wrong
1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret.
1916692 - Possibly fails to destroy LB and thus cluster
1916711 - Update Kube dependencies in MCO to 1.20.0
1916747 - remove links to quick starts if virtualization operator isn't updated to 2.6
1916764 - editing a workload with no application applied, will auto fill the app
1916834 - Pipeline Metrics - Text Updates
1916843 - collect logs from openshift-sdn-controller pod
1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed
1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually
1916888 - OCS wizard Donor chart does not get updated whenDevice Typeis edited
1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error "Forbidden: cannot specify lbFloatingIP and apiFloatingIP together"
1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace
1917101 - [UPI on oVirt] - 'RHCOS image' topic isn't located in the right place in UPI document
1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to '"ProxyConfigController" controller failed to sync "key"' error
1917117 - Common templates - disks screen: invalid disk name
1917124 - Custom template - clone existing PVC - the name of the target VM's data volume is hard-coded; only one VM can be created
1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator
1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable.
1917148 - [oVirt] Consume 23-10 ovirt sdk
1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened
1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console
1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory
1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7
1917327 - annotations.message maybe wrong for NTOPodsNotReady alert
1917367 - Refactor periodic.go
1917371 - Add docs on how to use the built-in profiler
1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console
1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui
1917484 - [BM][IPI] Failed to scale down machineset
1917522 - Deprecate --filter-by-os in oc adm catalog mirror
1917537 - controllers continuously busy reconciling operator
1917551 - use min_over_time for vsphere prometheus alerts
1917585 - OLM Operator install page missing i18n
1917587 - Manila CSI operator becomes degraded if user doesn't have permissions to list share types
1917605 - Deleting an exgw causes pods to no longer route to other exgws
1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API
1917656 - Add to Project/application for eventSources from topology shows 404
1917658 - Show TP badge for sources powered by camel connectors in create flow
1917660 - Editing parallelism of job get error info
1917678 - Could not provision pv when no symlink and target found on rhel worker
1917679 - Hide double CTA in admin pipelineruns tab
1917683 -NodeTextFileCollectorScrapeErroralert in OCP 4.6 cluster.
1917759 - Console operator panics after setting plugin that does not exists to the console-operator config
1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0
1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0
1917799 - Gather s list of names and versions of installed OLM operators
1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error
1917814 - Show Broker create option in eventing under admin perspective
1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types
1917872 - [oVirt] rebase on latest SDK 2021-01-12
1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image
1917938 - upgrade version of dnsmasq package
1917942 - Canary controller causes panic in ingress-operator
1918019 - Undesired scrollbars in markdown area of QuickStart
1918068 - Flaky olm integration tests
1918085 - reversed name of job and namespace in cvo log
1918112 - Flavor is not editable if a customize VM is created from cli
1918129 - Update IO sample archive with missing resources & remove IP anonymization from clusteroperator resources
1918132 - i18n: Volume Snapshot Contents menu is not translated
1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2
1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn't be installed on OSP
1918153 - When&character is set as an environment variable in a build config it is getting converted as\u00261918185 - Capitalization on PLR details page
1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections
1918318 - Kamelet connector's are not shown in eventing section under Admin perspective
1918351 - Gather SAP configuration (SCC & ClusterRoleBinding)
1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews
1918395 - [ovirt] increase livenessProbe period
1918415 - MCD nil pointer on dropins
1918438 - [ja_JP, zh_CN] Serverless i18n misses
1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig
1918471 - CustomNoUpgrade Feature gates are not working correctly
1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk
1918622 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART
1918623 - Updating ose-jenkins-agent-nodejs-12 builder & base images to be consistent with ART
1918625 - Updating ose-jenkins-agent-nodejs-10 builder & base images to be consistent with ART
1918635 - Updating openshift-jenkins-2 builder & base images to be consistent with ART #1197
1918639 - Event listener with triggerRef crashes the console
1918648 - Subscription page doesn't show InstallPlan correctly
1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack
1918748 - helmchartrepo is not http(s)_proxy-aware
1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI
1918803 - Need dedicated details page w/ global config breadcrumbs for 'KnativeServing' plugin
1918826 - Insights popover icons are not horizontally aligned
1918879 - need better debug for bad pull secrets
1918958 - The default NMstate instance from the operator is incorrect
1919097 - Close bracket ")" missing at the end of the sentence in the UI
1919231 - quick search modal cut off on smaller screens
1919259 - Make "Add x" singular in Pipeline Builder
1919260 - VM Template list actions should not wrap
1919271 - NM prepender script doesn't support systemd-resolved
1919341 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART
1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry
1919379 - dotnet logo out of date
1919387 - Console login fails with no error when it can't write to localStorage
1919396 - A11y Violation: svg-img-alt on Pod Status ring
1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren't verified
1919750 - Search InstallPlans got Minified React error
1919778 - Upgrade is stuck in insights operator Degraded with "Source clusterconfig could not be retrieved" until insights operator pod is manually deleted
1919823 - OCP 4.7 Internationalization Chinese tranlate issue
1919851 - Visualization does not render when Pipeline & Task share same name
1919862 - The tip information foroc new-project --skip-config-writeis wrong
1919876 - VM created via customize wizard cannot inherit template's PVC attributes
1919877 - Click on KSVC breaks with white screen
1919879 - The toolbox container name is changed from 'toolbox-root' to 'toolbox-' in a chroot environment
1919945 - user entered name value overridden by default value when selecting a git repository
1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference
1919970 - NTO does not update when the tuned profile is updated.
1919999 - Bump Cluster Resource Operator Golang Versions
1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration
1920200 - user-settings network error results in infinite loop of requests
1920205 - operator-registry e2e tests not working properly
1920214 - Bump golang to 1.15 in cluster-resource-override-admission
1920248 - re-running the pipelinerun with pipelinespec crashes the UI
1920320 - VM template field is "Not available" if it's created from common template
1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode isDisk Mode1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs
1920390 - Monitoring > Metrics graph shifts to the left when clicking the "Stacked" option and when toggling data series lines on / off
1920426 - Egress Router CNI OWNERS file should have ovn-k team members
1920427 - Need to updateoc loginhelp page since we don't support prompt interactively for the username
1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time
1920438 - openshift-tuned panics on turning debugging on/off.
1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn
1920481 - kuryr-cni pods using unreasonable amount of CPU
1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof
1920524 - Topology graph crashes adding Open Data Hub operator
1920526 - catalog operator causing CPU spikes and bad etcd performance
1920551 - Boot Order is not editable for Templates in "openshift" namespace
1920555 - bump cluster-resource-override-admission api dependencies
1920571 - fcp multipath will not recover failed paths automatically
1920619 - Remove default scheduler profile value
1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present
1920674 - MissingKey errors in bindings namespace
1920684 - Text in language preferences modal is misleading
1920695 - CI is broken because of bad image registry reference in the Makefile
1920756 - update generic-admission-server library to get the system:masters authorization optimization
1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for "network-check-target" failed when "defaultNodeSelector" is set
1920771 - i18n: Delete persistent volume claim drop down is not translated
1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI
1920912 - Unable to power off BMH from console
1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by "2"
1920984 - [e2e][automation] some menu items names are out dated
1921013 - Gather PersistentVolume definition (if any) used in image registry config
1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior)
1921087 - 'start next quick start' link doesn't work and is unintuitive
1921088 - test-cmd is failing on volumes.sh pretty consistently
1921248 - Clarify the kubelet configuration cr description
1921253 - Text filter default placeholder text not internationalized
1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window
1921275 - Panic in authentication-operator in (*deploymentController).updateOperatorDeploymentInfo
1921277 - Fix Warning and Info log statements to handle arguments
1921281 - oc get -o yaml --export returns "error: unknown flag: --export"
1921458 - [SDK] Gracefully handle therun bundle-upgradeif the lower version operator doesn't exist
1921556 - [OCS with Vault]: OCS pods didn't comeup after deploying with Vault details from UI
1921572 - For external source (i.e GitHub Source) form view as well shows yaml
1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass
1921610 - Pipeline metrics font size inconsistency
1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1921655 - [OSP] Incorrect error handling during cloudinfo generation
1921713 - [e2e][automation] fix failing VM migration tests
1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view
1921774 - delete application modal errors when a resource cannot be found
1921806 - Explore page APIResourceLinks aren't i18ned
1921823 - CheckBoxControls not internationalized
1921836 - AccessTableRows don't internationalize "User" or "Group"
1921857 - Test flake when hitting router in e2e tests due to one router not being up to date
1921880 - Dynamic plugins are not initialized on console load in production mode
1921911 - Installer PR #4589 is causing leak of IAM role policy bindings
1921921 - "Global Configuration" breadcrumb does not use sentence case
1921949 - Console bug - source code URL broken for gitlab self-hosted repositories
1921954 - Subscription-related constraints in ResolutionFailed events are misleading
1922015 - buttons in modal header are invisible on Safari
1922021 - Nodes terminal page 'Expand' 'Collapse' button not translated
1922050 - [e2e][automation] Improve vm clone tests
1922066 - Cannot create VM from custom template which has extra disk
1922098 - Namespace selection dialog is not closed after select a namespace
1922099 - Updated Readme documentation for QE code review and setup
1922146 - Egress Router CNI doesn't have logging support.
1922267 - Collect specific ADFS error
1922292 - Bump RHCOS boot images for 4.7
1922454 - CRI-O doesn't enable pprof by default
1922473 - reconcile LSO images for 4.8
1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace
1922782 - Source registry missing docker:// in yaml
1922907 - Interop UI Tests - step implementation for updating feature files
1922911 - Page crash when click the "Stacked" checkbox after clicking the data series toggle buttons
1922991 - "verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build" test fails on OKD
1923003 - WebConsole Insights widget showing "Issues pending" when the cluster doesn't report anything
1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources
1923102 - [vsphere-problem-detector-operator] pod's version is not correct
1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot
1923674 - k8s 1.20 vendor dependencies
1923721 - PipelineRun running status icon is not rotating
1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios
1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator
1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator
1923874 - Unable to specify values with % in kubeletconfig
1923888 - Fixes error metadata gathering
1923892 - Update arch.md after refactor.
1923894 - "installed" operator status in operatorhub page does not reflect the real status of operator
1923895 - Changelog generation.
1923911 - [e2e][automation] Improve tests for vm details page and list filter
1923945 - PVC Name and Namespace resets when user changes os/flavor/workload
1923951 - EventSources showsundefined` in project
1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins
1924046 - Localhost: Refreshing on a Project removes it from nav item urls
1924078 - Topology quick search View all results footer should be sticky.
1924081 - NTO should ship the latest Tuned daemon release 2.15
1924084 - backend tests incorrectly hard-code artifacts dir
1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build
1924135 - Under sufficient load, CRI-O may segfault
1924143 - Code Editor Decorator url is broken for Bitbucket repos
1924188 - Language selector dropdown doesn't always pre-select the language
1924365 - Add extra disk for VM which use boot source PXE
1924383 - Degraded network operator during upgrade to 4.7.z
1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box.
1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on
1924583 - Deprectaed templates are listed in the Templates screen
1924870 - pick upstream pr#96901: plumb context with request deadline
1924955 - Images from Private external registry not working in deploy Image
1924961 - k8sutil.TrimDNS1123Label creates invalid values
1924985 - Build egress-router-cni for both RHEL 7 and 8
1925020 - Console demo plugin deployment image shoult not point to dockerhub
1925024 - Remove extra validations on kafka source form view net section
1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running
1925072 - NTO needs to ship the current latest stalld v1.7.0
1925163 - Missing info about dev catalog in boot source template column
1925200 - Monitoring Alert icon is missing on the workload in Topology view
1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1
1925319 - bash syntax error in configure-ovs.sh script
1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data
1925516 - Pipeline Metrics Tooltips are overlapping data
1925562 - Add new ArgoCD link from GitOps application environments page
1925596 - Gitops details page image and commit id text overflows past card boundary
1926556 - 'excessive etcd leader changes' test case failing in serial job because prometheus data is wiped by machine set test
1926588 - The tarball of operator-sdk is not ready for ocp4.7
1927456 - 4.7 still points to 4.6 catalog images
1927500 - API server exits non-zero on 2 SIGTERM signals
1929278 - Monitoring workloads using too high a priorityclass
1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api
1929920 - Cluster monitoring documentation link is broken - 404 not found
- References:
https://access.redhat.com/security/cve/CVE-2018-10103 https://access.redhat.com/security/cve/CVE-2018-10105 https://access.redhat.com/security/cve/CVE-2018-14461 https://access.redhat.com/security/cve/CVE-2018-14462 https://access.redhat.com/security/cve/CVE-2018-14463 https://access.redhat.com/security/cve/CVE-2018-14464 https://access.redhat.com/security/cve/CVE-2018-14465 https://access.redhat.com/security/cve/CVE-2018-14466 https://access.redhat.com/security/cve/CVE-2018-14467 https://access.redhat.com/security/cve/CVE-2018-14468 https://access.redhat.com/security/cve/CVE-2018-14469 https://access.redhat.com/security/cve/CVE-2018-14470 https://access.redhat.com/security/cve/CVE-2018-14553 https://access.redhat.com/security/cve/CVE-2018-14879 https://access.redhat.com/security/cve/CVE-2018-14880 https://access.redhat.com/security/cve/CVE-2018-14881 https://access.redhat.com/security/cve/CVE-2018-14882 https://access.redhat.com/security/cve/CVE-2018-16227 https://access.redhat.com/security/cve/CVE-2018-16228 https://access.redhat.com/security/cve/CVE-2018-16229 https://access.redhat.com/security/cve/CVE-2018-16230 https://access.redhat.com/security/cve/CVE-2018-16300 https://access.redhat.com/security/cve/CVE-2018-16451 https://access.redhat.com/security/cve/CVE-2018-16452 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-3884 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-6977 https://access.redhat.com/security/cve/CVE-2019-6978 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-9455 https://access.redhat.com/security/cve/CVE-2019-9458 https://access.redhat.com/security/cve/CVE-2019-11068 https://access.redhat.com/security/cve/CVE-2019-12614 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13225 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15165 https://access.redhat.com/security/cve/CVE-2019-15166 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-15917 https://access.redhat.com/security/cve/CVE-2019-15925 https://access.redhat.com/security/cve/CVE-2019-16167 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2019-16231 https://access.redhat.com/security/cve/CVE-2019-16233 https://access.redhat.com/security/cve/CVE-2019-16935 https://access.redhat.com/security/cve/CVE-2019-17450 https://access.redhat.com/security/cve/CVE-2019-17546 https://access.redhat.com/security/cve/CVE-2019-18197 https://access.redhat.com/security/cve/CVE-2019-18808 https://access.redhat.com/security/cve/CVE-2019-18809 https://access.redhat.com/security/cve/CVE-2019-19046 https://access.redhat.com/security/cve/CVE-2019-19056 https://access.redhat.com/security/cve/CVE-2019-19062 https://access.redhat.com/security/cve/CVE-2019-19063 https://access.redhat.com/security/cve/CVE-2019-19068 https://access.redhat.com/security/cve/CVE-2019-19072 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2019-19319 https://access.redhat.com/security/cve/CVE-2019-19332 https://access.redhat.com/security/cve/CVE-2019-19447 https://access.redhat.com/security/cve/CVE-2019-19524 https://access.redhat.com/security/cve/CVE-2019-19533 https://access.redhat.com/security/cve/CVE-2019-19537 https://access.redhat.com/security/cve/CVE-2019-19543 https://access.redhat.com/security/cve/CVE-2019-19602 https://access.redhat.com/security/cve/CVE-2019-19767 https://access.redhat.com/security/cve/CVE-2019-19770 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20054 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2019-20386 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20636 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-20812 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2019-20916 https://access.redhat.com/security/cve/CVE-2020-0305 https://access.redhat.com/security/cve/CVE-2020-0444 https://access.redhat.com/security/cve/CVE-2020-1716 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-2574 https://access.redhat.com/security/cve/CVE-2020-2752 https://access.redhat.com/security/cve/CVE-2020-2922 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3898 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-7774 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-8563 https://access.redhat.com/security/cve/CVE-2020-8566 https://access.redhat.com/security/cve/CVE-2020-8619 https://access.redhat.com/security/cve/CVE-2020-8622 https://access.redhat.com/security/cve/CVE-2020-8623 https://access.redhat.com/security/cve/CVE-2020-8624 https://access.redhat.com/security/cve/CVE-2020-8647 https://access.redhat.com/security/cve/CVE-2020-8648 https://access.redhat.com/security/cve/CVE-2020-8649 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-10732 https://access.redhat.com/security/cve/CVE-2020-10749 https://access.redhat.com/security/cve/CVE-2020-10751 https://access.redhat.com/security/cve/CVE-2020-10763 https://access.redhat.com/security/cve/CVE-2020-10773 https://access.redhat.com/security/cve/CVE-2020-10774 https://access.redhat.com/security/cve/CVE-2020-10942 https://access.redhat.com/security/cve/CVE-2020-11565 https://access.redhat.com/security/cve/CVE-2020-11668 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-12465 https://access.redhat.com/security/cve/CVE-2020-12655 https://access.redhat.com/security/cve/CVE-2020-12659 https://access.redhat.com/security/cve/CVE-2020-12770 https://access.redhat.com/security/cve/CVE-2020-12826 https://access.redhat.com/security/cve/CVE-2020-13249 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2020-14019 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14381 https://access.redhat.com/security/cve/CVE-2020-14382 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15157 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-15862 https://access.redhat.com/security/cve/CVE-2020-15999 https://access.redhat.com/security/cve/CVE-2020-16166 https://access.redhat.com/security/cve/CVE-2020-24490 https://access.redhat.com/security/cve/CVE-2020-24659 https://access.redhat.com/security/cve/CVE-2020-25211 https://access.redhat.com/security/cve/CVE-2020-25641 https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/cve/CVE-2020-25661 https://access.redhat.com/security/cve/CVE-2020-25662 https://access.redhat.com/security/cve/CVE-2020-25681 https://access.redhat.com/security/cve/CVE-2020-25682 https://access.redhat.com/security/cve/CVE-2020-25683 https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/cve/CVE-2020-25687 https://access.redhat.com/security/cve/CVE-2020-25694 https://access.redhat.com/security/cve/CVE-2020-25696 https://access.redhat.com/security/cve/CVE-2020-26160 https://access.redhat.com/security/cve/CVE-2020-27813 https://access.redhat.com/security/cve/CVE-2020-27846 https://access.redhat.com/security/cve/CVE-2020-28362 https://access.redhat.com/security/cve/CVE-2020-29652 https://access.redhat.com/security/cve/CVE-2021-2007 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T lmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H EmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8 4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4 mWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL ISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy Ae5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk 4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM uR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG krzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv RjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6 McvuEaxco7U= =sw8i -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, ppc64le, s390x, x86_64
- Bugs fixed (https://bugzilla.redhat.com/):
1732329 - Virtual Machine is missing documentation of its properties in yaml editor
1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv
1791753 - [RFE] [SSP] Template validator should check validations in template's parent template
1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic
1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration
1848956 - KMP requires downtime for CA stabilization during certificate rotation
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1853911 - VM with dot in network name fails to start with unclear message
1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show"
1856347 - SR-IOV : Missing network name for sriov during vm setup
1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS
1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination
1860714 - No API information from oc explain
1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints
1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem
1866593 - CDI is not handling vm disk clone
1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs
1868817 - Container-native Virtualization 2.6.0 Images
1873771 - Improve the VMCreationFailed error message caused by VM low memory
1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it
1878499 - DV import doesn't recover from scratch space PVC deletion
1879108 - Inconsistent naming of "oc virt" command in help text
1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running
1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT
1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability
1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message
1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used
1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, before the NodeNetworkConfigurationPolicy is applied
1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. 7.7) - ppc64, ppc64le, s390x, x86_64
- ========================================================================== Ubuntu Security Notice USN-4698-1 January 19, 2021
dnsmasq vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Dnsmasq.
Software Description: - dnsmasq: Small caching DNS proxy and DHCP/TFTP server
Details:
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled memory when sorting RRsets. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-25681, CVE-2020-25687)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled extracting certain names. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-25682, CVE-2020-25683)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly implemented address/port checks. (CVE-2020-25684)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly implemented query resource name checks. (CVE-2020-25685)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled multiple query requests for the same resource name. (CVE-2020-25686)
It was discovered that Dnsmasq incorrectly handled memory during DHCP response creation. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2019-14834)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: dnsmasq 2.82-1ubuntu1.1 dnsmasq-base 2.82-1ubuntu1.1 dnsmasq-utils 2.82-1ubuntu1.1
Ubuntu 20.04 LTS: dnsmasq 2.80-1.1ubuntu1.2 dnsmasq-base 2.80-1.1ubuntu1.2 dnsmasq-utils 2.80-1.1ubuntu1.2
Ubuntu 18.04 LTS: dnsmasq 2.79-1ubuntu0.2 dnsmasq-base 2.79-1ubuntu0.2 dnsmasq-utils 2.79-1ubuntu0.2
Ubuntu 16.04 LTS: dnsmasq 2.75-1ubuntu0.16.04.7 dnsmasq-base 2.75-1ubuntu0.16.04.7 dnsmasq-utils 2.75-1ubuntu0.16.04.7
After a standard system update you need to reboot your computer to make all the necessary changes. Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64
Security Fix(es):
-
dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)
-
dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)
-
dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker
- Package List:
Red Hat Enterprise Linux Server AUS (v. 7.4):
Source: dnsmasq-2.76-2.el7_4.3.src.rpm
x86_64: dnsmasq-2.76-2.el7_4.3.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.3.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.4):
Source: dnsmasq-2.76-2.el7_4.3.src.rpm
ppc64le: dnsmasq-2.76-2.el7_4.3.ppc64le.rpm dnsmasq-debuginfo-2.76-2.el7_4.3.ppc64le.rpm
x86_64: dnsmasq-2.76-2.el7_4.3.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.3.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.4):
Source: dnsmasq-2.76-2.el7_4.3.src.rpm
x86_64: dnsmasq-2.76-2.el7_4.3.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.4):
x86_64: dnsmasq-debuginfo-2.76-2.el7_4.3.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional E4S (v. 7.4):
ppc64le: dnsmasq-debuginfo-2.76-2.el7_4.3.ppc64le.rpm dnsmasq-utils-2.76-2.el7_4.3.ppc64le.rpm
x86_64: dnsmasq-debuginfo-2.76-2.el7_4.3.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
7
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0221",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "eos",
"scope": "lt",
"trust": 1.0,
"vendor": "arista",
"version": "4.24.5m"
},
{
"model": "eos",
"scope": "gte",
"trust": 1.0,
"vendor": "arista",
"version": "4.22"
},
{
"model": "eos",
"scope": "gte",
"trust": 1.0,
"vendor": "arista",
"version": "4.21"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "eos",
"scope": "lt",
"trust": 1.0,
"vendor": "arista",
"version": "4.23.7m"
},
{
"model": "eos",
"scope": "lt",
"trust": 1.0,
"vendor": "arista",
"version": "4.25.2f"
},
{
"model": "eos",
"scope": "gte",
"trust": 1.0,
"vendor": "arista",
"version": "4.23"
},
{
"model": "eos",
"scope": "lt",
"trust": 1.0,
"vendor": "arista",
"version": "4.22.9m"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "eos",
"scope": "gte",
"trust": 1.0,
"vendor": "arista",
"version": "4.24"
},
{
"model": "eos",
"scope": "lt",
"trust": 1.0,
"vendor": "arista",
"version": "4.21.14m"
},
{
"model": "eos",
"scope": "gte",
"trust": 1.0,
"vendor": "arista",
"version": "4.25"
},
{
"model": "dnsmasq",
"scope": "lt",
"trust": 1.0,
"vendor": "thekelleys",
"version": "2.83"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "dnsmasq",
"scope": null,
"trust": 0.8,
"vendor": "thekelleys",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "dnsmasq",
"scope": "lt",
"trust": 0.6,
"vendor": "dnsmasq",
"version": "2.83"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16430"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015548"
},
{
"db": "NVD",
"id": "CVE-2020-25685"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "161100"
},
{
"db": "PACKETSTORM",
"id": "161546"
},
{
"db": "PACKETSTORM",
"id": "161012"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161019"
},
{
"db": "PACKETSTORM",
"id": "161015"
},
{
"db": "PACKETSTORM",
"id": "161101"
}
],
"trust": 0.7
},
"cve": "CVE-2020-25685",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-25685",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-16430",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2020-25685",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.7,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-25685",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-25685",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2020-25685",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2021-16430",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-25685",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16430"
},
{
"db": "VULMON",
"id": "CVE-2020-25685"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015548"
},
{
"db": "NVD",
"id": "CVE-2020-25685"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. dnsmasq There is a security check vulnerability in.Information may be tampered with. Dnsmasq is a lightweight DNS forwarding and DHCP and TFTP server written in C language. \n\r\n\r\nDnsmasq has a security vulnerability, which stems from the use of a weak hash algorithm (CRC32) to verify DNS responses when compiling without dnnssec. No detailed vulnerability details are currently provided. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2020:5633-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:5633\nIssue date: 2021-02-24\nCVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 \n CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 \n CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 \n CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 \n CVE-2018-14553 CVE-2018-14879 CVE-2018-14880 \n CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 \n CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 \n CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 \n CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 \n CVE-2019-6977 CVE-2019-6978 CVE-2019-8625 \n CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 \n CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 \n CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 \n CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 \n CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 \n CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 \n CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 \n CVE-2019-8846 CVE-2019-9455 CVE-2019-9458 \n CVE-2019-11068 CVE-2019-12614 CVE-2019-13050 \n CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 \n CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 \n CVE-2019-15917 CVE-2019-15925 CVE-2019-16167 \n CVE-2019-16168 CVE-2019-16231 CVE-2019-16233 \n CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 \n CVE-2019-18197 CVE-2019-18808 CVE-2019-18809 \n CVE-2019-19046 CVE-2019-19056 CVE-2019-19062 \n CVE-2019-19063 CVE-2019-19068 CVE-2019-19072 \n CVE-2019-19221 CVE-2019-19319 CVE-2019-19332 \n CVE-2019-19447 CVE-2019-19524 CVE-2019-19533 \n CVE-2019-19537 CVE-2019-19543 CVE-2019-19602 \n CVE-2019-19767 CVE-2019-19770 CVE-2019-19906 \n CVE-2019-19956 CVE-2019-20054 CVE-2019-20218 \n CVE-2019-20386 CVE-2019-20387 CVE-2019-20388 \n CVE-2019-20454 CVE-2019-20636 CVE-2019-20807 \n CVE-2019-20812 CVE-2019-20907 CVE-2019-20916 \n CVE-2020-0305 CVE-2020-0444 CVE-2020-1716 \n CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 \n CVE-2020-1971 CVE-2020-2574 CVE-2020-2752 \n CVE-2020-2922 CVE-2020-3862 CVE-2020-3864 \n CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 \n CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 \n CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 \n CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 \n CVE-2020-6405 CVE-2020-7595 CVE-2020-7774 \n CVE-2020-8177 CVE-2020-8492 CVE-2020-8563 \n CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 \n CVE-2020-8623 CVE-2020-8624 CVE-2020-8647 \n CVE-2020-8648 CVE-2020-8649 CVE-2020-9327 \n CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 \n CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 \n CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 \n CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 \n CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 \n CVE-2020-10732 CVE-2020-10749 CVE-2020-10751 \n CVE-2020-10763 CVE-2020-10773 CVE-2020-10774 \n CVE-2020-10942 CVE-2020-11565 CVE-2020-11668 \n CVE-2020-11793 CVE-2020-12465 CVE-2020-12655 \n CVE-2020-12659 CVE-2020-12770 CVE-2020-12826 \n CVE-2020-13249 CVE-2020-13630 CVE-2020-13631 \n CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 \n CVE-2020-14381 CVE-2020-14382 CVE-2020-14391 \n CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 \n CVE-2020-15862 CVE-2020-15999 CVE-2020-16166 \n CVE-2020-24490 CVE-2020-24659 CVE-2020-25211 \n CVE-2020-25641 CVE-2020-25658 CVE-2020-25661 \n CVE-2020-25662 CVE-2020-25681 CVE-2020-25682 \n CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 \n CVE-2020-25686 CVE-2020-25687 CVE-2020-25694 \n CVE-2020-25696 CVE-2020-26160 CVE-2020-27813 \n CVE-2020-27846 CVE-2020-28362 CVE-2020-29652 \n CVE-2021-2007 CVE-2021-3121 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.7.0 is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.0. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2020:5634\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-x86_64\n\nThe image digest is\nsha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-s390x\n\nThe image digest is\nsha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le\n\nThe image digest is\nsha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. \n\nSecurity Fix(es):\n\n* crewjam/saml: authentication bypass in saml authentication\n(CVE-2020-27846)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil\npointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\n* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)\n\n* kubernetes: Secret leaks in kube-controller-manager when using vSphere\nProvider (CVE-2020-8563)\n\n* containernetworking/plugins: IPv6 router advertisements allow for MitM\nattacks on IPv4 clusters (CVE-2020-10749)\n\n* heketi: gluster-block volume password details available in logs\n(CVE-2020-10763)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of\nservice (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers\n(CVE-2020-28362)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nFor OpenShift Container Platform 4.7, see the following documentation,\nwhich\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1620608 - Restoring deployment config with history leads to weird state\n1752220 - [OVN] Network Policy fails to work when project label gets overwritten\n1756096 - Local storage operator should implement must-gather spec\n1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs\n1768255 - installer reports 100% complete but failing components\n1770017 - Init containers restart when the exited container is removed from node. \n1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating\n1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset\n1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale\n1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating `create` commands\n1784298 - \"Displaying with reduced resolution due to large dataset.\" would show under some conditions\n1785399 - Under condition of heavy pod creation, creation fails with \u0027error reserving pod name ...: name is reserved\"\n1797766 - Resource Requirements\" specDescriptor fields - CPU and Memory injects empty string YAML editor\n1801089 - [OVN] Installation failed and monitoring pod not created due to some network error. \n1805025 - [OSP] Machine status doesn\u0027t become \"Failed\" when creating a machine with invalid image\n1805639 - Machine status should be \"Failed\" when creating a machine with invalid machine configuration\n1806000 - CRI-O failing with: error reserving ctr name\n1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be\n1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be\n1810438 - Installation logs are not gathered from OCP nodes\n1812085 - kubernetes-networking-namespace-pods dashboard doesn\u0027t exist\n1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation\n1813012 - EtcdDiscoveryDomain no longer needed\n1813949 - openshift-install doesn\u0027t use env variables for OS_* for some of API endpoints\n1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use\n1819053 - loading OpenAPI spec for \"v1beta1.metrics.k8s.io\" failed with: OpenAPI spec does not exist\n1819457 - Package Server is in \u0027Cannot update\u0027 status despite properly working\n1820141 - [RFE] deploy qemu-quest-agent on the nodes\n1822744 - OCS Installation CI test flaking\n1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario\n1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool\n1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file\n1829723 - User workload monitoring alerts fire out of the box\n1832968 - oc adm catalog mirror does not mirror the index image itself\n1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN\n1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters\n1834995 - olmFull suite always fails once th suite is run on the same cluster\n1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz\n1837953 - Replacing masters doesn\u0027t work for ovn-kubernetes 4.4\n1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks\n1838751 - [oVirt][Tracker] Re-enable skipped network tests\n1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups\n1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed\n1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP\n1841119 - Get rid of config patches and pass flags directly to kcm\n1841175 - When an Install Plan gets deleted, OLM does not create a new one\n1841381 - Issue with memoryMB validation\n1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option\n1844727 - Etcd container leaves grep and lsof zombie processes\n1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs\n1847074 - Filter bar layout issues at some screen widths on search page\n1848358 - CRDs with preserveUnknownFields:true don\u0027t reflect in status that they are non-structural\n1849543 - [4.5]kubeletconfig\u0027s description will show multiple lines for finalizers when upgrade from 4.4.8-\u003e4.5\n1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service\n1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard\n1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing\n1851693 - The `oc apply` should return errors instead of hanging there when failing to create the CRD\n1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service\n1853115 - the restriction of --cloud option should be shown in help text. \n1853116 - `--to` option does not work with `--credentials-requests` flag. \n1853352 - [v2v][UI] Storage Class fields Should Not be empty in VM disks view\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1854567 - \"Installed Operators\" list showing \"duplicated\" entries during installation\n1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present\n1855351 - Inconsistent Installer reactions to Ctrl-C during user input process\n1855408 - OVN cluster unstable after running minimal scale test\n1856351 - Build page should show metrics for when the build ran, not the last 30 minutes\n1856354 - New APIServices missing from OpenAPI definitions\n1857446 - ARO/Azure: excessive pod memory allocation causes node lockup\n1857877 - Operator upgrades can delete existing CSV before completion\n1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed\n1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created\n1860136 - default ingress does not propagate annotations to route object on update\n1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as \"Failed\"\n1860518 - unable to stop a crio pod\n1861383 - Route with `haproxy.router.openshift.io/timeout: 365d` kills the ingress controller\n1862430 - LSO: PV creation lock should not be acquired in a loop\n1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group. \n1862608 - Virtual media does not work on hosts using BIOS, only UEFI\n1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network\n1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff\n1865839 - rpm-ostree fails with \"System transaction in progress\" when moving to kernel-rt\n1866043 - Configurable table column headers can be illegible\n1866087 - Examining agones helm chart resources results in \"Oh no!\"\n1866261 - Need to indicate the intentional behavior for Ansible in the `create api` help info\n1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement\n1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity\n1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there\u2019s no indication on which labels offer tooltip/help\n1866340 - [RHOCS Usability Study][Dashboard] It was not clear why \u201cNo persistent storage alerts\u201d was prominently displayed\n1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations\n1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le \u0026 s390x\n1866482 - Few errors are seen when oc adm must-gather is run\n1866605 - No metadata.generation set for build and buildconfig objects\n1866873 - MCDDrainError \"Drain failed on , updates may be blocked\" missing rendered node name\n1866901 - Deployment strategy for BMO allows multiple pods to run at the same time\n1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure. \n1867165 - Cannot assign static address to baremetal install bootstrap vm\n1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig\n1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS\n1867477 - HPA monitoring cpu utilization fails for deployments which have init containers\n1867518 - [oc] oc should not print so many goroutines when ANY command fails\n1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on 250 node cluster\n1867965 - OpenShift Console Deployment Edit overwrites deployment yaml\n1868004 - opm index add appears to produce image with wrong registry server binary\n1868065 - oc -o jsonpath prints possible warning / bug \"Unable to decode server response into a Table\"\n1868104 - Baremetal actuator should not delete Machine objects\n1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead\n1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters\n1868527 - OpenShift Storage using VMWare vSAN receives error \"Failed to add disk \u0027scsi0:2\u0027\" when mounted pod is created on separate node\n1868645 - After a disaster recovery pods a stuck in \"NodeAffinity\" state and not running\n1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation\n1868765 - [vsphere][ci] could not reserve an IP address: no available addresses\n1868770 - catalogSource named \"redhat-operators\" deleted in a disconnected cluster\n1868976 - Prometheus error opening query log file on EBS backed PVC\n1869293 - The configmap name looks confusing in aide-ds pod logs\n1869606 - crio\u0027s failing to delete a network namespace\n1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes\n1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run [Conformance]\n1870373 - Ingress Operator reports available when DNS fails to provision\n1870467 - D/DC Part of Helm / Operator Backed should not have HPA\n1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json\n1870800 - [4.6] Managed Column not appearing on Pods Details page\n1871170 - e2e tests are needed to validate the functionality of the etcdctl container\n1872001 - EtcdDiscoveryDomain no longer needed\n1872095 - content are expanded to the whole line when only one column in table on Resource Details page\n1872124 - Could not choose device type as \"disk\" or \"part\" when create localvolumeset from web console\n1872128 - Can\u0027t run container with hostPort on ipv6 cluster\n1872166 - \u0027Silences\u0027 link redirects to unexpected \u0027Alerts\u0027 view after creating a silence in the Developer perspective\n1872251 - [aws-ebs-csi-driver] Verify job in CI doesn\u0027t check for vendor dir sanity\n1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them\n1872821 - [DOC] Typo in Ansible Operator Tutorial\n1872907 - Fail to create CR from generated Helm Base Operator\n1872923 - Click \"Cancel\" button on the \"initialization-resource\" creation form page should send users to the \"Operator details\" page instead of \"Install Operator\" page (previous page)\n1873007 - [downstream] failed to read config when running the operator-sdk in the home path\n1873030 - Subscriptions without any candidate operators should cause resolution to fail\n1873043 - Bump to latest available 1.19.x k8s\n1873114 - Nodes goes into NotReady state (VMware)\n1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem\n1873305 - Failed to power on /inspect node when using Redfish protocol\n1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information\n1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: \u201c?\u201d button/icon in Developer Console -\u003eNavigation\n1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working\n1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name \u003e 63 characters\n1874057 - Pod stuck in CreateContainerError - error msg=\"container_linux.go:348: starting container process caused \\\"chdir to cwd (\\\\\\\"/mount-point\\\\\\\") set in config.json failed: permission denied\\\"\"\n1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver\n1874192 - [RFE] \"Create Backing Store\" page doesn\u0027t allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider\n1874240 - [vsphere] unable to deprovision - Runtime error list attached objects\n1874248 - Include validation for vcenter host in the install-config\n1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6\n1874583 - apiserver tries and fails to log an event when shutting down\n1874584 - add retry for etcd errors in kube-apiserver\n1874638 - Missing logging for nbctl daemon\n1874736 - [downstream] no version info for the helm-operator\n1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution\n1874968 - Accessibility: The project selection drop down is a keyboard trap\n1875247 - Dependency resolution error \"found more than one head for channel\" is unhelpful for users\n1875516 - disabled scheduling is easy to miss in node page of OCP console\n1875598 - machine status is Running for a master node which has been terminated from the console\n1875806 - When creating a service of type \"LoadBalancer\" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes. \n1876166 - need to be able to disable kube-apiserver connectivity checks\n1876469 - Invalid doc link on yaml template schema description\n1876701 - podCount specDescriptor change doesn\u0027t take effect on operand details page\n1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt\n1876935 - AWS volume snapshot is not deleted after the cluster is destroyed\n1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted\n1877105 - add redfish to enabled_bios_interfaces\n1877116 - e2e aws calico tests fail with `rpc error: code = ResourceExhausted`\n1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown\n1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only \u0027rootDevices\u0027\n1877681 - Manually created PV can not be used\n1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53\n1877740 - RHCOS unable to get ip address during first boot\n1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5\n1877919 - panic in multus-admission-controller\n1877924 - Cannot set BIOS config using Redfish with Dell iDracs\n1878022 - Met imagestreamimport error when import the whole image repository\n1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default \"Filesystem Name\" instead of providing a textbox, \u0026 the name should be validated\n1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status\n1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM\n1878766 - CPU consumption on nodes is higher than the CPU count of the node. \n1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus. \n1878823 - \"oc adm release mirror\" generating incomplete imageContentSources when using \"--to\" and \"--to-release-image\"\n1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode\n1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used\n1878953 - RBAC error shows when normal user access pvc upload page\n1878956 - `oc api-resources` does not include API version\n1878972 - oc adm release mirror removes the architecture information\n1879013 - [RFE]Improve CD-ROM interface selection\n1879056 - UI should allow to change or unset the evictionStrategy\n1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled\n1879094 - RHCOS dhcp kernel parameters not working as expected\n1879099 - Extra reboot during 4.5 -\u003e 4.6 upgrade\n1879244 - Error adding container to network \"ipvlan-host-local\": \"master\" field is required\n1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder\n1879282 - Update OLM references to point to the OLM\u0027s new doc site\n1879283 - panic after nil pointer dereference in pkg/daemon/update.go\n1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests\n1879419 - [RFE]Improve boot source description for \u0027Container\u0027 and \u2018URL\u2019\n1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted. \n1879565 - IPv6 installation fails on node-valid-hostname\n1879777 - Overlapping, divergent openshift-machine-api namespace manifests\n1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with \u0027Basic\u0027, skipping basic authentication in Log message in thanos-querier pod the oauth-proxy\n1879930 - Annotations shouldn\u0027t be removed during object reconciliation\n1879976 - No other channel visible from console\n1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc. \n1880148 - dns daemonset rolls out slowly in large clusters\n1880161 - Actuator Update calls should have fixed retry time\n1880259 - additional network + OVN network installation failed\n1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as \"Failed\"\n1880410 - Convert Pipeline Visualization node to SVG\n1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn\n1880443 - broken machine pool management on OpenStack\n1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s. \n1880473 - IBM Cloudpak operators installation stuck \"UpgradePending\" with InstallPlan status updates failing due to size limitation\n1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables)\n1880785 - CredentialsRequest missing description in `oc explain`\n1880787 - No description for Provisioning CRD for `oc explain`\n1880902 - need dnsPlocy set in crd ingresscontrollers\n1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster\n1881027 - Cluster installation fails at with error : the container name \\\"assisted-installer\\\" is already in use\n1881046 - [OSP] openstack-cinder-csi-driver-operator doesn\u0027t contain required manifests and assets\n1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node\n1881268 - Image uploading failed but wizard claim the source is available\n1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration\n1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup\n1881881 - unable to specify target port manually resulting in application not reachable\n1881898 - misalignment of sub-title in quick start headers\n1882022 - [vsphere][ipi] directory path is incomplete, terraform can\u0027t find the cluster\n1882057 - Not able to select access modes for snapshot and clone\n1882140 - No description for spec.kubeletConfig\n1882176 - Master recovery instructions don\u0027t handle IP change well\n1882191 - Installation fails against external resources which lack DNS Subject Alternative Name\n1882209 - [ BateMetal IPI ] local coredns resolution not working\n1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from \"Too large resource version\"\n1882268 - [e2e][automation]Add Integration Test for Snapshots\n1882361 - Retrieve and expose the latest report for the cluster\n1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use\n1882556 - git:// protocol in origin tests is not currently proxied\n1882569 - CNO: Replacing masters doesn\u0027t work for ovn-kubernetes 4.4\n1882608 - Spot instance not getting created on AzureGovCloud\n1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance\n1882649 - IPI installer labels all images it uploads into glance as qcow2\n1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic\n1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page\n1882660 - Operators in a namespace should be installed together when approve one\n1882667 - [ovn] br-ex Link not found when scale up RHEL worker\n1882723 - [vsphere]Suggested mimimum value for providerspec not working\n1882730 - z systems not reporting correct core count in recording rule\n1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully\n1882781 - nameserver= option to dracut creates extra NM connection profile\n1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined\n1882844 - [IPI on vsphere] Executing \u0027openshift-installer destroy cluster\u0027 leaves installer tag categories in vsphere\n1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability\n1883388 - Bare Metal Hosts Details page doesn\u0027t show Mainitenance and Power On/Off status\n1883422 - operator-sdk cleanup fail after installing operator with \"run bundle\" without installmode and og with ownnamespace\n1883425 - Gather top installplans and their count\n1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2\n1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel]\n1883538 - must gather report \"cannot file manila/aws ebs/ovirt csi related namespaces and objects\" error\n1883560 - operator-registry image needs clean up in /tmp\n1883563 - Creating duplicate namespace from create namespace modal breaks the UI\n1883614 - [OCP 4.6] [UI] UI should not describe power cycle as \"graceful\"\n1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate\n1883660 - e2e-metal-ipi CI job consistently failing on 4.4\n1883765 - [user workload monitoring] improve latency of Thanos sidecar when streaming read requests\n1883766 - [e2e][automation] Adjust tests for UI changes\n1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations\n1883773 - opm alpha bundle build fails on win10 home\n1883790 - revert \"force cert rotation every couple days for development\" in 4.7\n1883803 - node pull secret feature is not working as expected\n1883836 - Jenkins imagestream ubi8 and nodejs12 update\n1883847 - The UI does not show checkbox for enable encryption at rest for OCS\n1883853 - go list -m all does not work\n1883905 - race condition in opm index add --overwrite-latest\n1883946 - Understand why trident CSI pods are getting deleted by OCP\n1884035 - Pods are illegally transitioning back to pending\n1884041 - e2e should provide error info when minimum number of pods aren\u0027t ready in kube-system namespace\n1884131 - oauth-proxy repository should run tests\n1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied\n1884221 - IO becomes unhealthy due to a file change\n1884258 - Node network alerts should work on ratio rather than absolute values\n1884270 - Git clone does not support SCP-style ssh locations\n1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout\n1884435 - vsphere - loopback is randomly not being added to resolver\n1884565 - oauth-proxy crashes on invalid usage\n1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy\n1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users\n1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment\n1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu. \n1884632 - Adding BYOK disk encryption through DES\n1884654 - Utilization of a VMI is not populated\n1884655 - KeyError on self._existing_vifs[port_id]\n1884664 - Operator install page shows \"installing...\" instead of going to install status page\n1884672 - Failed to inspect hardware. Reason: unable to start inspection: \u0027idrac\u0027\n1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure\n1884724 - Quick Start: Serverless quickstart doesn\u0027t match Operator install steps\n1884739 - Node process segfaulted\n1884824 - Update baremetal-operator libraries to k8s 1.19\n1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping\n1885138 - Wrong detection of pending state in VM details\n1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2\n1885165 - NoRunningOvnMaster alert falsely triggered\n1885170 - Nil pointer when verifying images\n1885173 - [e2e][automation] Add test for next run configuration feature\n1885179 - oc image append fails on push (uploading a new layer)\n1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig\n1885218 - [e2e][automation] Add virtctl to gating script\n1885223 - Sync with upstream (fix panicking cluster-capacity binary)\n1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI\n1885315 - unit tests fail on slow disks\n1885319 - Remove redundant use of group and kind of DataVolumeTemplate\n1885343 - Console doesn\u0027t load in iOS Safari when using self-signed certificates\n1885344 - 4.7 upgrade - dummy bug for 1880591\n1885358 - add p\u0026f configuration to protect openshift traffic\n1885365 - MCO does not respect the install section of systemd files when enabling\n1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating\n1885398 - CSV with only Webhook conversion can\u0027t be installed\n1885403 - Some OLM events hide the underlying errors\n1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case\n1885425 - opm index add cannot batch add multiple bundles that use skips\n1885543 - node tuning operator builds and installs an unsigned RPM\n1885644 - Panic output due to timeouts in openshift-apiserver\n1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU \u003c 30 || totalMemory \u003c 72 GiB for initial deployment\n1885702 - Cypress: Fix \u0027aria-hidden-focus\u0027 accesibility violations\n1885706 - Cypress: Fix \u0027link-name\u0027 accesibility violation\n1885761 - DNS fails to resolve in some pods\n1885856 - Missing registry v1 protocol usage metric on telemetry\n1885864 - Stalld service crashed under the worker node\n1885930 - [release 4.7] Collect ServiceAccount statistics\n1885940 - kuryr/demo image ping not working\n1886007 - upgrade test with service type load balancer will never work\n1886022 - Move range allocations to CRD\u0027s\n1886028 - [BM][IPI] Failed to delete node after scale down\n1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas\n1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd\n1886154 - System roles are not present while trying to create new role binding through web console\n1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5-\u003e4.6 causes broadcast storm\n1886168 - Remove Terminal Option for Windows Nodes\n1886200 - greenwave / CVP is failing on bundle validations, cannot stage push\n1886229 - Multipath support for RHCOS sysroot\n1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage\n1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status\n1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL\n1886397 - Move object-enum to console-shared\n1886423 - New Affinities don\u0027t contain ID until saving\n1886435 - Azure UPI uses deprecated command \u0027group deployment\u0027\n1886449 - p\u0026f: add configuration to protect oauth server traffic\n1886452 - layout options doesn\u0027t gets selected style on click i.e grey background\n1886462 - IO doesn\u0027t recognize namespaces - 2 resources with the same name in 2 namespaces -\u003e only 1 gets collected\n1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest\n1886524 - Change default terminal command for Windows Pods\n1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution\n1886600 - panic: assignment to entry in nil map\n1886620 - Application behind service load balancer with PDB is not disrupted\n1886627 - Kube-apiserver pods restarting/reinitializing periodically\n1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider\n1886636 - Panic in machine-config-operator\n1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer. \n1886751 - Gather MachineConfigPools\n1886766 - PVC dropdown has \u0027Persistent Volume\u0027 Label\n1886834 - ovn-cert is mandatory in both master and node daemonsets\n1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState\n1886861 - ordered-values.yaml not honored if values.schema.json provided\n1886871 - Neutron ports created for hostNetworking pods\n1886890 - Overwrite jenkins-agent-base imagestream\n1886900 - Cluster-version operator fills logs with \"Manifest: ...\" spew\n1886922 - [sig-network] pods should successfully create sandboxes by getting pod\n1886973 - Local storage operator doesn\u0027t include correctly populate LocalVolumeDiscoveryResult in console\n1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO\n1887010 - Imagepruner met error \"Job has reached the specified backoff limit\" which causes image registry degraded\n1887026 - FC volume attach fails with \u201cno fc disk found\u201d error on OCP 4.6 PowerVM cluster\n1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6\n1887046 - Event for LSO need update to avoid confusion\n1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image\n1887375 - User should be able to specify volumeMode when creating pvc from web-console\n1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console\n1887392 - openshift-apiserver: delegated authn/z should have ttl \u003e metrics/healthz/readyz/openapi interval\n1887428 - oauth-apiserver service should be monitored by prometheus\n1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting \"degraded: False\"\n1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data\n1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes\n1887465 - Deleted project is still referenced\n1887472 - unable to edit application group for KSVC via gestures (shift+Drag)\n1887488 - OCP 4.6: Topology Manager OpenShift E2E test fails: gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface\n1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster\n1887525 - Failures to set master HardwareDetails cannot easily be debugged\n1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable\n1887585 - ovn-masters stuck in crashloop after scale test\n1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade. \n1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator\n1887740 - cannot install descheduler operator after uninstalling it\n1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events\n1887750 - `oc explain localvolumediscovery` returns empty description\n1887751 - `oc explain localvolumediscoveryresult` returns empty description\n1887778 - Add ContainerRuntimeConfig gatherer\n1887783 - PVC upload cannot continue after approve the certificate\n1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard\n1887799 - User workload monitoring prometheus-config-reloader OOM\n1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky\n1887863 - Installer panics on invalid flavor\n1887864 - Clean up dependencies to avoid invalid scan flagging\n1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison\n1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig\n1888015 - workaround kubelet graceful termination of static pods bug\n1888028 - prevent extra cycle in aggregated apiservers\n1888036 - Operator details shows old CRD versions\n1888041 - non-terminating pods are going from running to pending\n1888072 - Setting Supermicro node to PXE boot via Redfish doesn\u0027t take affect\n1888073 - Operator controller continuously busy looping\n1888118 - Memory requests not specified for image registry operator\n1888150 - Install Operand Form on OperatorHub is displaying unformatted text\n1888172 - PR 209 didn\u0027t update the sample archive, but machineset and pdbs are now namespaced\n1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build\n1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5\n1888311 - p\u0026f: make SAR traffic from oauth and openshift apiserver exempt\n1888363 - namespaces crash in dev\n1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created\n1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected\n1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC\n1888494 - imagepruner pod is error when image registry storage is not configured\n1888565 - [OSP] machine-config-daemon-firstboot.service failed with \"error reading osImageURL from rpm-ostree\"\n1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error\n1888601 - The poddisruptionbudgets is using the operator service account, instead of gather\n1888657 - oc doesn\u0027t know its name\n1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable\n1888671 - Document the Cloud Provider\u0027s ignore-volume-az setting\n1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image\n1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s\", cr.GetName()\n1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set\n1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster\n1888866 - AggregatedAPIDown permanently firing after removing APIService\n1888870 - JS error when using autocomplete in YAML editor\n1888874 - hover message are not shown for some properties\n1888900 - align plugins versions\n1888985 - Cypress: Fix \u0027Ensures buttons have discernible text\u0027 accesibility violation\n1889213 - The error message of uploading failure is not clear enough\n1889267 - Increase the time out for creating template and upload image in the terraform\n1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages)\n1889374 - Kiali feature won\u0027t work on fresh 4.6 cluster\n1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode\n1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade\n1889515 - Accessibility - The symbols e.g checkmark in the Node \u003e overview page has no text description, label, or other accessible information\n1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance\n1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown\n1889577 - Resources are not shown on project workloads page\n1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment\n1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages\n1889692 - Selected Capacity is showing wrong size\n1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15\n1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off\n1889710 - Prometheus metrics on disk take more space compared to OCP 4.5\n1889721 - opm index add semver-skippatch mode does not respect prerelease versions\n1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn\u0027t see the Disk tab\n1889767 - [vsphere] Remove certificate from upi-installer image\n1889779 - error when destroying a vSphere installation that failed early\n1889787 - OCP is flooding the oVirt engine with auth errors\n1889838 - race in Operator update after fix from bz1888073\n1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1\n1889863 - Router prints incorrect log message for namespace label selector\n1889891 - Backport timecache LRU fix\n1889912 - Drains can cause high CPU usage\n1889921 - Reported Degraded=False Available=False pair does not make sense\n1889928 - [e2e][automation] Add more tests for golden os\n1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName\n1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings\n1890074 - MCO extension kernel-headers is invalid\n1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest\n1890130 - multitenant mode consistently fails CI\n1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e\n1890145 - The mismatched of font size for Status Ready and Health Check secondary text\n1890180 - FieldDependency x-descriptor doesn\u0027t support non-sibling fields\n1890182 - DaemonSet with existing owner garbage collected\n1890228 - AWS: destroy stuck on route53 hosted zone not found\n1890235 - e2e: update Protractor\u0027s checkErrors logging\n1890250 - workers may fail to join the cluster during an update from 4.5\n1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member\n1890270 - External IP doesn\u0027t work if the IP address is not assigned to a node\n1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability\n1890456 - [vsphere] mapi_instance_create_failed doesn\u0027t work on vsphere\n1890467 - unable to edit an application without a service\n1890472 - [Kuryr] Bulk port creation exception not completely formatted\n1890494 - Error assigning Egress IP on GCP\n1890530 - cluster-policy-controller doesn\u0027t gracefully terminate\n1890630 - [Kuryr] Available port count not correctly calculated for alerts\n1890671 - [SA] verify-image-signature using service account does not work\n1890677 - \u0027oc image info\u0027 claims \u0027does not exist\u0027 for application/vnd.oci.image.manifest.v1+json manifest\n1890808 - New etcd alerts need to be added to the monitoring stack\n1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn\u0027t sync the \"overall\" sha it syncs only the sub arch sha. \n1890984 - Rename operator-webhook-config to sriov-operator-webhook-config\n1890995 - wew-app should provide more insight into why image deployment failed\n1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call\n1891047 - Helm chart fails to install using developer console because of TLS certificate error\n1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn\u0027t report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler\n1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI\n1891108 - p\u0026f: Increase the concurrency share of workload-low priority level\n1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine)\n1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown\n1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn\u0027t meet requirements of chart)\n1891362 - Wrong metrics count for openshift_build_result_total\n1891368 - fync should be fsync for etcdHighFsyncDurations alert\u0027s annotations.message\n1891374 - fync should be fsync for etcdHighFsyncDurations critical alert\u0027s annotations.message\n1891376 - Extra text in Cluster Utilization charts\n1891419 - Wrong detail head on network policy detail page. \n1891459 - Snapshot tests should report stderr of failed commands\n1891498 - Other machine config pools do not show during update\n1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage\n1891551 - Clusterautoscaler doesn\u0027t scale up as expected\n1891552 - Handle missing labels as empty. \n1891555 - The windows oc.exe binary does not have version metadata\n1891559 - kuryr-cni cannot start new thread\n1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11\n1891625 - [Release 4.7] Mutable LoadBalancer Scope\n1891702 - installer get pending when additionalTrustBundle is added into install-config.yaml\n1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails\n1891740 - OperatorStatusChanged is noisy\n1891758 - the authentication operator may spam DeploymentUpdated event endlessly\n1891759 - Dockerfile builds cannot change /etc/pki/ca-trust\n1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1\n1891825 - Error message not very informative in case of mode mismatch\n1891898 - The ClusterServiceVersion can define Webhooks that cannot be created. \n1891951 - UI should show warning while creating pools with compression on\n1891952 - [Release 4.7] Apps Domain Enhancement\n1891993 - 4.5 to 4.6 upgrade doesn\u0027t remove deployments created by marketplace\n1891995 - OperatorHub displaying old content\n1891999 - Storage efficiency card showing wrong compression ratio\n1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28\u0027 not found (required by ./opm)\n1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector. \n1892198 - TypeError in \u0027Performance Profile\u0027 tab displayed for \u0027Performance Addon Operator\u0027\n1892288 - assisted install workflow creates excessive control-plane disruption\n1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config\n1892358 - [e2e][automation] update feature gate for kubevirt-gating job\n1892376 - Deleted netnamespace could not be re-created\n1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky\n1892393 - TestListPackages is flaky\n1892448 - MCDPivotError alert/metric missing\n1892457 - NTO-shipped stalld needs to use FIFO for boosting. \n1892467 - linuxptp-daemon crash\n1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env\n1892653 - User is unable to create KafkaSource with v1beta\n1892724 - VFS added to the list of devices of the nodeptpdevice CRD\n1892799 - Mounting additionalTrustBundle in the operator\n1893117 - Maintenance mode on vSphere blocks installation. \n1893351 - TLS secrets are not able to edit on console. \n1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots\n1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky \"worker\" assumption when guessing about ingress availability\n1893546 - Deploy using virtual media fails on node cleaning step\n1893601 - overview filesystem utilization of OCP is showing the wrong values\n1893645 - oc describe route SIGSEGV\n1893648 - Ironic image building process is not compatible with UEFI secure boot\n1893724 - OperatorHub generates incorrect RBAC\n1893739 - Force deletion doesn\u0027t work for snapshots if snapshotclass is already deleted\n1893776 - No useful metrics for image pull time available, making debugging issues there impossible\n1893798 - Lots of error messages starting with \"get namespace to enqueue Alertmanager instances failed\" in the logs of prometheus-operator\n1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD\n1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS\n1893926 - Some \"Dynamic PV (block volmode)\" pattern storage e2e tests are wrongly skipped\n1893944 - Wrong product name for Multicloud Object Gateway\n1893953 - (release-4.7) Gather default StatefulSet configs\n1893956 - Installation always fails at \"failed to initialize the cluster: Cluster operator image-registry is still updating\"\n1893963 - [Testday] Workloads-\u003e Virtualization is not loading for Firefox browser\n1893972 - Should skip e2e test cases as early as possible\n1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without \u0027https://\u0027\n1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective\n1894025 - OCP 4.5 to 4.6 upgrade for \"aws-ebs-csi-driver-operator\" fails when \"defaultNodeSelector\" is set\n1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used. \n1894065 - tag new packages to enable TLS support\n1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0\n1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries\n1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM\n1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted\n1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI)\n1894216 - Improve OpenShift Web Console availability\n1894275 - Fix CRO owners file to reflect node owner\n1894278 - \"database is locked\" error when adding bundle to index image\n1894330 - upgrade channels needs to be updated for 4.7\n1894342 - oauth-apiserver logs many \"[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient\"\n1894374 - Dont prevent the user from uploading a file with incorrect extension\n1894432 - [oVirt] sometimes installer timeout on tmp_import_vm\n1894477 - bash syntax error in nodeip-configuration.service\n1894503 - add automated test for Polarion CNV-5045\n1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform\n1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets\n1894645 - Cinder volume provisioning crashes on nil cloud provider\n1894677 - image-pruner job is panicking: klog stack\n1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0\n1894860 - \u0027backend\u0027 CI job passing despite failing tests\n1894910 - Update the node to use the real-time kernel fails\n1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package\n1895065 - Schema / Samples / Snippets Tabs are all selected at the same time\n1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI\n1895141 - panic in service-ca injector\n1895147 - Remove memory limits on openshift-dns\n1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation\n1895268 - The bundleAPIs should NOT be empty\n1895309 - [OCP v47] The RHEL node scaleup fails due to \"No package matching \u0027cri-o-1.19.*\u0027 found available\" on OCP 4.7 cluster\n1895329 - The infra index filled with warnings \"WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release\"\n1895360 - Machine Config Daemon removes a file although its defined in the dropin\n1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1\n1895372 - Web console going blank after selecting any operator to install from OperatorHub\n1895385 - Revert KUBELET_LOG_LEVEL back to level 3\n1895423 - unable to edit an application with a custom builder image\n1895430 - unable to edit custom template application\n1895509 - Backup taken on one master cannot be restored on other masters\n1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image\n1895838 - oc explain description contains \u0027/\u0027\n1895908 - \"virtio\" option is not available when modifying a CD-ROM to disk type\n1895909 - e2e-metal-ipi-ovn-dualstack is failing\n1895919 - NTO fails to load kernel modules\n1895959 - configuring webhook token authentication should prevent cluster upgrades\n1895979 - Unable to get coreos-installer with --copy-network to work\n1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV\n1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded)\n1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed\n1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest\n1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded\n1896244 - Found a panic in storage e2e test\n1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general\n1896302 - [e2e][automation] Fix 4.6 test failures\n1896365 - [Migration]The SDN migration cannot revert under some conditions\n1896384 - [ovirt IPI]: local coredns resolution not working\n1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6\n1896529 - Incorrect instructions in the Serverless operator and application quick starts\n1896645 - documentationBaseURL needs to be updated for 4.7\n1896697 - [Descheduler] policy.yaml param in cluster configmap is empty\n1896704 - Machine API components should honour cluster wide proxy settings\n1896732 - \"Attach to Virtual Machine OS\" button should not be visible on old clusters\n1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection is incompatible with SR-IOV operator\n1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails\n1896918 - start creating new-style Secrets for AWS\n1896923 - DNS pod /metrics exposed on anonymous http port\n1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters\n1897003 - VNC console cannot be connected after visit it in new window\n1897008 - Cypress: reenable check for \u0027aria-hidden-focus\u0027 rule \u0026 checkA11y test for modals\n1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO\n1897039 - router pod keeps printing log: template \"msg\"=\"router reloaded\" \"output\"=\"[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option \u0027http-use-htx\u0027 is deprecated and ignored\n1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV. \n1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces\n1897138 - oVirt provider uses depricated cluster-api project\n1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly\n1897252 - Firing alerts are not showing up in console UI after cluster is up for some time\n1897354 - Operator installation showing success, but Provided APIs are missing\n1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with \"connection refused\"\n1897412 - [sriov]disableDrain did not be updated in CRD of manifest\n1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page\n1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to \u0027localhost\u0027\n1897520 - After restarting nodes the image-registry co is in degraded true state. \n1897584 - Add casc plugins\n1897603 - Cinder volume attachment detection failure in Kubelet\n1897604 - Machine API deployment fails: Kube-Controller-Manager can\u0027t reach API: \"Unauthorized\"\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests\n1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition\n1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannot `Create OCS Cluster Service`\n1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing\n1897897 - ptp lose sync openshift 4.6\n1898036 - no network after reboot (IPI)\n1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically\n1898097 - mDNS floods the baremetal network\n1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem\n1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied\n1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster\n1898174 - [OVN] EgressIP does not guard against node IP assignment\n1898194 - GCP: can\u0027t install on custom machine types\n1898238 - Installer validations allow same floating IP for API and Ingress\n1898268 - [OVN]: `make check` broken on 4.6\n1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default\n1898320 - Incorrect Apostrophe Translation of \"it\u0027s\" in Scheduling Disabled Popover\n1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display. \n1898407 - [Deployment timing regression] Deployment takes longer with 4.7\n1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service\n1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine\n1898500 - Failure to upgrade operator when a Service is included in a Bundle\n1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic\n1898532 - Display names defined in specDescriptors not respected\n1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted\n1898613 - Whereabouts should exclude IPv6 ranges\n1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase\n1898679 - Operand creation form - Required \"type: object\" properties (Accordion component) are missing red asterisk\n1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability\n1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator\n1898839 - Wrong YAML in operator metadata\n1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job\n1898873 - Remove TechPreview Badge from Monitoring\n1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way\n1899111 - [RFE] Update jenkins-maven-agen to maven36\n1899128 - VMI details screen -\u003e show the warning that it is preferable to have a VM only if the VM actually does not exist\n1899175 - bump the RHCOS boot images for 4.7\n1899198 - Use new packages for ipa ramdisks\n1899200 - In Installed Operators page I cannot search for an Operator by it\u0027s name\n1899220 - Support AWS IMDSv2\n1899350 - configure-ovs.sh doesn\u0027t configure bonding options\n1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error \"An error occurred Not Found\"\n1899459 - Failed to start monitoring pods once the operator removed from override list of CVO\n1899515 - Passthrough credentials are not immediately re-distributed on update\n1899575 - update discovery burst to reflect lots of CRDs on openshift clusters\n1899582 - update discovery burst to reflect lots of CRDs on openshift clusters\n1899588 - Operator objects are re-created after all other associated resources have been deleted\n1899600 - Increased etcd fsync latency as of OCP 4.6\n1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup\n1899627 - Project dashboard Active status using small icon\n1899725 - Pods table does not wrap well with quick start sidebar open\n1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD)\n1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality\n1899835 - catalog-operator repeatedly crashes with \"runtime error: index out of range [0] with length 0\"\n1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap\n1899853 - additionalSecurityGroupIDs not working for master nodes\n1899922 - NP changes sometimes influence new pods. \n1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet\n1900008 - Fix internationalized sentence fragments in ImageSearch.tsx\n1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx\n1900020 - Remove \u0026apos; from internationalized keys\n1900022 - Search Page - Top labels field is not applied to selected Pipeline resources\n1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently\n1900126 - Creating a VM results in suggestion to create a default storage class when one already exists\n1900138 - [OCP on RHV] Remove insecure mode from the installer\n1900196 - stalld is not restarted after crash\n1900239 - Skip \"subPath should be able to unmount\" NFS test\n1900322 - metal3 pod\u0027s toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists\n1900377 - [e2e][automation] create new css selector for active users\n1900496 - (release-4.7) Collect spec config for clusteroperator resources\n1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks\n1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue\n1900759 - include qemu-guest-agent by default\n1900790 - Track all resource counts via telemetry\n1900835 - Multus errors when cachefile is not found\n1900935 - `oc adm release mirror` panic panic: runtime error\n1900989 - accessing the route cannot wake up the idled resources\n1901040 - When scaling down the status of the node is stuck on deleting\n1901057 - authentication operator health check failed when installing a cluster behind proxy\n1901107 - pod donut shows incorrect information\n1901111 - Installer dependencies are broken\n1901200 - linuxptp-daemon crash when enable debug log level\n1901301 - CBO should handle platform=BM without provisioning CR\n1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly\n1901363 - High Podready Latency due to timed out waiting for annotations\n1901373 - redundant bracket on snapshot restore button\n1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with \"timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true\"\n1901395 - \"Edit virtual machine template\" action link should be removed\n1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting\n1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP\n1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema\n1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod \"before all\" hook for \"creates the resource instance\"\n1901604 - CNO blocks editing Kuryr options\n1901675 - [sig-network] multicast when using one of the plugins \u0027redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy\u0027 should allow multicast traffic in namespaces where it is enabled\n1901909 - The device plugin pods / cni pod are restarted every 5 minutes\n1901982 - [sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service\n1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error\n1902059 - Wire a real signer for service accout issuer\n1902091 - `cluster-image-registry-operator` pod leaves connections open when fails connecting S3 storage\n1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service\n1902157 - The DaemonSet machine-api-termination-handler couldn\u0027t allocate Pod\n1902253 - MHC status doesnt set RemediationsAllowed = 0\n1902299 - Failed to mirror operator catalog - error: destination registry required\n1902545 - Cinder csi driver node pod should add nodeSelector for Linux\n1902546 - Cinder csi driver node pod doesn\u0027t run on master node\n1902547 - Cinder csi driver controller pod doesn\u0027t run on master node\n1902552 - Cinder csi driver does not use the downstream images\n1902595 - Project workloads list view doesn\u0027t show alert icon and hover message\n1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent\n1902601 - Cinder csi driver pods run as BestEffort qosClass\n1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group\n1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails\n1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked\n1902824 - failed to generate semver informed package manifest: unable to determine default channel\n1902894 - hybrid-overlay-node crashing trying to get node object during initialization\n1902969 - Cannot load vmi detail page\n1902981 - It should default to current namespace when create vm from template\n1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file via s3:// URI\n1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry\n1903034 - OLM continuously printing debug logs\n1903062 - [Cinder csi driver] Deployment mounted volume have no write access\n1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready\n1903107 - Enable vsphere-problem-detector e2e tests\n1903164 - OpenShift YAML editor jumps to top every few seconds\n1903165 - Improve Canary Status Condition handling for e2e tests\n1903172 - Column Management: Fix sticky footer on scroll\n1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled\n1903188 - [Descheduler] cluster log reports failed to validate server configuration\" err=\"unsupported log format:\n1903192 - Role name missing on create role binding form\n1903196 - Popover positioning is misaligned for Overview Dashboard status items\n1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends. \n1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components\n1903248 - Backport Upstream Static Pod UID patch\n1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests]\n1903290 - Kubelet repeatedly log the same log line from exited containers\n1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption. \n1903382 - Panic when task-graph is canceled with a TaskNode with no tasks\n1903400 - Migrate a VM which is not running goes to pending state\n1903402 - Nic/Disk on VMI overview should link to VMI\u0027s nic/disk page\n1903414 - NodePort is not working when configuring an egress IP address\n1903424 - mapi_machine_phase_transition_seconds_sum doesn\u0027t work\n1903464 - \"Evaluating rule failed\" for \"record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum\" and \"record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum\"\n1903639 - Hostsubnet gatherer produces wrong output\n1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service\n1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started\n1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image\n1903717 - Handle different Pod selectors for metal3 Deployment\n1903733 - Scale up followed by scale down can delete all running workers\n1903917 - Failed to load \"Developer Catalog\" page\n1903999 - Httplog response code is always zero\n1904026 - The quota controllers should resync on new resources and make progress\n1904064 - Automated cleaning is disabled by default\n1904124 - DHCP to static lease script doesn\u0027t work correctly if starting with infinite leases\n1904125 - Boostrap VM .ign image gets added into \u0027default\u0027 pool instead of \u003ccluster-name\u003e-\u003cid\u003e-bootstrap\n1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails\n1904133 - KubeletConfig flooded with failure conditions\n1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart\n1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi !\n1904244 - MissingKey errors for two plugins using i18next.t\n1904262 - clusterresourceoverride-operator has version: 1.0.0 every build\n1904296 - VPA-operator has version: 1.0.0 every build\n1904297 - The index image generated by \"opm index prune\" leaves unrelated images\n1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards\n1904385 - [oVirt] registry cannot mount volume on 4.6.4 -\u003e 4.6.6 upgrade\n1904497 - vsphere-problem-detector: Run on vSphere cloud only\n1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set\n1904502 - vsphere-problem-detector: allow longer timeouts for some operations\n1904503 - vsphere-problem-detector: emit alerts\n1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody)\n1904578 - metric scraping for vsphere problem detector is not configured\n1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -\u003e 4.6.6 upgrade\n1904663 - IPI pointer customization MachineConfig always generated\n1904679 - [Feature:ImageInfo] Image info should display information about images\n1904683 - `[sig-builds][Feature:Builds] s2i build with a root user image` tests use docker.io image\n1904684 - [sig-cli] oc debug ensure it works with image streams\n1904713 - Helm charts with kubeVersion restriction are filtered incorrectly\n1904776 - Snapshot modal alert is not pluralized\n1904824 - Set vSphere hostname from guestinfo before NM starts\n1904941 - Insights status is always showing a loading icon\n1904973 - KeyError: \u0027nodeName\u0027 on NP deletion\n1904985 - Prometheus and thanos sidecar targets are down\n1904993 - Many ampersand special characters are found in strings\n1905066 - QE - Monitoring test cases - smoke test suite automation\n1905074 - QE -Gherkin linter to maintain standards\n1905100 - Too many haproxy processes in default-router pod causing high load average\n1905104 - Snapshot modal disk items missing keys\n1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm\n1905119 - Race in AWS EBS determining whether custom CA bundle is used\n1905128 - [e2e][automation] e2e tests succeed without actually execute\n1905133 - operator conditions special-resource-operator\n1905141 - vsphere-problem-detector: report metrics through telemetry\n1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures\n1905194 - Detecting broken connections to the Kube API takes up to 15 minutes\n1905221 - CVO transitions from \"Initializing\" to \"Updating\" despite not attempting many manifests\n1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP\n1905253 - Inaccurate text at bottom of Events page\n1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory\n1905299 - OLM fails to update operator\n1905307 - Provisioning CR is missing from must-gather\n1905319 - cluster-samples-operator containers are not requesting required memory resource\n1905320 - csi-snapshot-webhook is not requesting required memory resource\n1905323 - dns-operator is not requesting required memory resource\n1905324 - ingress-operator is not requesting required memory resource\n1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory\n1905328 - Changing the bound token service account issuer invalids previously issued bound tokens\n1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory\n1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory\n1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails\n1905347 - QE - Design Gherkin Scenarios\n1905348 - QE - Design Gherkin Scenarios\n1905362 - [sriov] Error message \u0027Fail to update DaemonSet\u0027 always shown in sriov operator pod\n1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted\n1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input\n1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation\n1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1\n1905404 - The example of \"Remove the entrypoint on the mysql:latest image\" for `oc image append` does not work\n1905416 - Hyperlink not working from Operator Description\n1905430 - usbguard extension fails to install because of missing correct protobuf dependency version\n1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads\n1905502 - Test flake - unable to get https transport for ephemeral-registry\n1905542 - [GSS] The \"External\" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6. \n1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs\n1905610 - Fix typo in export script\n1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster\n1905640 - Subscription manual approval test is flaky\n1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry\n1905696 - ClusterMoreUpdatesModal component did not get internationalized\n1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes\n1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project\n1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster\n1905792 - [OVN]Cannot create egressfirewalll with dnsName\n1905889 - Should create SA for each namespace that the operator scoped\n1905920 - Quickstart exit and restart\n1905941 - Page goes to error after create catalogsource\n1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711\n1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters\n1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected\n1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it\n1906118 - OCS feature detection constantly polls storageclusters and storageclasses\n1906120 - \u0027Create Role Binding\u0027 form not setting user or group value when created from a user or group resource\n1906121 - [oc] After new-project creation, the kubeconfig file does not set the project\n1906134 - OLM should not create OperatorConditions for copied CSVs\n1906143 - CBO supports log levels\n1906186 - i18n: Translators are not able to translate `this` without context for alert manager config\n1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots\n1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize. \n1906276 - `oc image append` can\u0027t work with multi-arch image with --filter-by-os=\u0027.*\u0027\n1906318 - use proper term for Authorized SSH Keys\n1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional\n1906356 - Unify Clone PVC boot source flow with URL/Container boot source\n1906397 - IPA has incorrect kernel command line arguments\n1906441 - HorizontalNav and NavBar have invalid keys\n1906448 - Deploy using virtualmedia with provisioning network disabled fails - \u0027Failed to connect to the agent\u0027 in ironic-conductor log\n1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project\n1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node\u0027s memory and killing them\n1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures\n1906511 - Root reprovisioning tests flaking often in CI\n1906517 - Validation is not robust enough and may prevent to generate install-confing. \n1906518 - Update snapshot API CRDs to v1\n1906519 - Update LSO CRDs to use v1\n1906570 - Number of disruptions caused by reboots on a cluster cannot be measured\n1906588 - [ci][sig-builds] nodes is forbidden: User \"e2e-test-jenkins-pipeline-xfghs-user\" cannot list resource \"nodes\" in API group \"\" at the cluster scope\n1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs\n1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs\n1906679 - quick start panel styles are not loaded\n1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber\n1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form\n1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created\n1906689 - user can pin to nav configmaps and secrets multiple times\n1906691 - Add doc which describes disabling helm chart repository\n1906713 - Quick starts not accesible for a developer user\n1906718 - helm chart \"provided by Redhat\" is misspelled\n1906732 - Machine API proxy support should be tested\n1906745 - Update Helm endpoints to use Helm 3.4.x\n1906760 - performance issues with topology constantly re-rendering\n1906766 - localized `Autoscaled` \u0026 `Autoscaling` pod texts overlap with the pod ring\n1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section\n1906769 - topology fails to load with non-kubeadmin user\n1906770 - shortcuts on mobiles view occupies a lot of space\n1906798 - Dev catalog customization doesn\u0027t update console-config ConfigMap\n1906806 - Allow installing extra packages in ironic container images\n1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer\n1906835 - Topology view shows add page before then showing full project workloads\n1906840 - ClusterOperator should not have status \"Updating\" if operator version is the same as the release version\n1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy\n1906860 - Bump kube dependencies to v1.20 for Net Edge components\n1906864 - Quick Starts Tour: Need to adjust vertical spacing\n1906866 - Translations of Sample-Utils\n1906871 - White screen when sort by name in monitoring alerts page\n1906872 - Pipeline Tech Preview Badge Alignment\n1906875 - Provide an option to force backup even when API is not available. \n1906877 - Placeholder\u0027 value in search filter do not match column heading in Vulnerabilities\n1906879 - Add missing i18n keys\n1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install\n1906896 - No Alerts causes odd empty Table (Need no content message)\n1906898 - Missing User RoleBindings in the Project Access Web UI\n1906899 - Quick Start - Highlight Bounding Box Issue\n1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1\n1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers\n1906935 - Delete resources when Provisioning CR is deleted\n1906968 - Must-gather should support collecting kubernetes-nmstate resources\n1906986 - Ensure failed pod adds are retried even if the pod object doesn\u0027t change\n1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt\n1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change\n1907211 - beta promotion of p\u0026f switched storage version to v1beta1, making downgrades impossible. \n1907269 - Tooltips data are different when checking stack or not checking stack for the same time\n1907280 - Install tour of OCS not available. \n1907282 - Topology page breaks with white screen\n1907286 - The default mhc machine-api-termination-handler couldn\u0027t watch spot instance\n1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent\n1907293 - Increase timeouts in e2e tests\n1907295 - Gherkin script for improve management for helm\n1907299 - Advanced Subscription Badge for KMS and Arbiter not present\n1907303 - Align VM template list items by baseline\n1907304 - Use PF styles for selected template card in VM Wizard\n1907305 - Drop \u0027ISO\u0027 from CDROM boot source message\n1907307 - Support and provider labels should be passed on between templates and sources\n1907310 - Pin action should be renamed to favorite\n1907312 - VM Template source popover is missing info about added date\n1907313 - ClusterOperator objects cannot be overriden with cvo-overrides\n1907328 - iproute-tc package is missing in ovn-kube image\n1907329 - CLUSTER_PROFILE env. variable is not used by the CVO\n1907333 - Node stuck in degraded state, mcp reports \"Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached\"\n1907373 - Rebase to kube 1.20.0\n1907375 - Bump to latest available 1.20.x k8s - workloads team\n1907378 - Gather netnamespaces networking info\n1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity\n1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn\u0027t match the CSV one\n1907390 - prometheus-adapter: panic after k8s 1.20 bump\n1907399 - build log icon link on topology nodes cause app to reload\n1907407 - Buildah version not accessible\n1907421 - [4.6.1]oc-image-mirror command failed on \"error: unable to copy layer\"\n1907453 - Dev Perspective -\u003e running vm details -\u003e resources -\u003e no data\n1907454 - Install PodConnectivityCheck CRD with CNO\n1907459 - \"The Boot source is also maintained by Red Hat.\" is always shown for all boot sources\n1907475 - Unable to estimate the error rate of ingress across the connected fleet\n1907480 - `Active alerts` section throwing forbidden error for users. \n1907518 - Kamelets/Eventsource should be shown to user if they have create access\n1907543 - Korean timestamps are shown when users\u0027 language preferences are set to German-en-en-US\n1907610 - Update kubernetes deps to 1.20\n1907612 - Update kubernetes deps to 1.20\n1907621 - openshift/installer: bump cluster-api-provider-kubevirt version\n1907628 - Installer does not set primary subnet consistently\n1907632 - Operator Registry should update its kubernetes dependencies to 1.20\n1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters\n1907644 - fix up handling of non-critical annotations on daemonsets/deployments\n1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?)\n1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication\n1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail\n1907767 - [e2e][automation]update test suite for kubevirt plugin\n1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don\u0027t allow master and worker nodes to boot\n1907792 - The `overrides` of the OperatorCondition cannot block the operator upgrade\n1907793 - Surface support info in VM template details\n1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage\n1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set\n1907863 - Quickstarts status not updating when starting the tour\n1907872 - dual stack with an ipv6 network fails on bootstrap phase\n1907874 - QE - Design Gherkin Scenarios for epic ODC-5057\n1907875 - No response when try to expand pvc with an invalid size\n1907876 - Refactoring record package to make gatherer configurable\n1907877 - QE - Automation- pipelines builder scripts\n1907883 - Fix Pipleine creation without namespace issue\n1907888 - Fix pipeline list page loader\n1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form\n1907892 - Unable to edit application deployed using \"From Devfile\" option\n1907893 - navSortUtils.spec.ts unit test failure\n1907896 - When a workload is added, Topology does not place the new items well\n1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template\n1907924 - Enable madvdontneed in OpenShift Images\n1907929 - Enable madvdontneed in OpenShift System Components Part 2\n1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot\n1907947 - The kubeconfig saved in tenantcluster shouldn\u0027t include anything that is not related to the current context\n1907948 - OCM-O bump to k8s 1.20\n1907952 - bump to k8s 1.20\n1907972 - Update OCM link to open Insights tab\n1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI\n1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916\n1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni\n1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk\n1908035 - dynamic-demo-plugin build does not generate dist directory\n1908135 - quick search modal is not centered over topology\n1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled\n1908159 - [AWS C2S] MCO fails to sync cloud config\n1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384)\n1908180 - Add source for template is stucking in preparing pvc\n1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens\n1908231 - [Migration] The pods ovnkube-node are in CrashLoopBackOff after SDN to OVN\n1908277 - QE - Automation- pipelines actions scripts\n1908280 - Documentation describing `ignore-volume-az` is incorrect\n1908296 - Fix pipeline builder form yaml switcher validation issue\n1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI\n1908323 - Create button missing for PLR in the search page\n1908342 - The new pv_collector_total_pv_count is not reported via telemetry\n1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name\n1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots\n1908349 - Volume snapshot tests are failing after 1.20 rebase\n1908353 - QE - Automation- pipelines runs scripts\n1908361 - bump to k8s 1.20\n1908367 - QE - Automation- pipelines triggers scripts\n1908370 - QE - Automation- pipelines secrets scripts\n1908375 - QE - Automation- pipelines workspaces scripts\n1908381 - Go Dependency Fixes for Devfile Lib\n1908389 - Loadbalancer Sync failing on Azure\n1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived\n1908407 - Backport Upstream 95269 to fix potential crash in kubelet\n1908410 - Exclude Yarn from VSCode search\n1908425 - Create Role Binding form subject type and name are undefined when All Project is selected\n1908431 - When the marketplace-operator pod get\u0027s restarted, the custom catalogsources are gone, as well as the pods\n1908434 - Remove \u0026apos from metal3-plugin internationalized strings\n1908437 - Operator backed with no icon has no badge associated with the CSV tag\n1908459 - bump to k8s 1.20\n1908461 - Add bugzilla component to OWNERS file\n1908462 - RHCOS 4.6 ostree removed dhclient\n1908466 - CAPO AZ Screening/Validating\n1908467 - Zoom in and zoom out in topology package should be sentence case\n1908468 - [Azure][4.7] Installer can\u0027t properly parse instance type with non integer memory size\n1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster\n1908471 - OLM should bump k8s dependencies to 1.20\n1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests\n1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM\n1908545 - VM clone dialog does not open\n1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard\n1908562 - Pod readiness is not being observed in real world cases\n1908565 - [4.6] Cannot filter the platform/arch of the index image\n1908573 - Align the style of flavor\n1908583 - bootstrap does not run on additional networks if configured for master in install-config\n1908596 - Race condition on operator installation\n1908598 - Persistent Dashboard shows events for all provisioners\n1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state\n1908648 - Skip TestKernelType test on OKD, adjust TestExtensions\n1908650 - The title of customize wizard is inconsistent\n1908654 - cluster-api-provider: volumes and disks names shouldn\u0027t change by machine-api-operator\n1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s]\n1908687 - Option to save user settings separate when using local bridge (affects console developers only)\n1908697 - Show `kubectl diff ` command in the oc diff help page\n1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom\n1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds\n1908717 - \"missing unit character in duration\" error in some network dashboards\n1908746 - [Safari] Drop Shadow doesn\u0027t works as expected on hover on workload\n1908747 - stale S3 CredentialsRequest in CCO manifest\n1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase\n1908830 - RHCOS 4.6 - Missing Initiatorname\n1908868 - Update empty state message for EventSources and Channels tab\n1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes\n1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference\n1908888 - Dualstack does not work with multiple gateways\n1908889 - Bump CNO to k8s 1.20\n1908891 - TestDNSForwarding DNS operator e2e test is failing frequently\n1908914 - CNO: upgrade nodes before masters\n1908918 - Pipeline builder yaml view sidebar is not responsive\n1908960 - QE - Design Gherkin Scenarios\n1908971 - Gherkin Script for pipeline debt 4.7\n1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated\n1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console\n1908998 - [cinder-csi-driver] doesn\u0027t detect the credentials change\n1909004 - \"No datapoints found\" for RHEL node\u0027s filesystem graph\n1909005 - i18n: workloads list view heading is not translated\n1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects\n1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type\n1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware\n1909067 - Web terminal should keep latest output when connection closes\n1909070 - PLR and TR Logs component is not streaming as fast as tkn\n1909092 - Error Message should not confuse user on Channel form\n1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page\n1909108 - Machine API components should use 1.20 dependencies\n1909116 - Catalog Sort Items dropdown is not aligned on Firefox\n1909198 - Move Sink action option is not working\n1909207 - Accessibility Issue on monitoring page\n1909236 - Remove pinned icon overlap on resource name\n1909249 - Intermittent packet drop from pod to pod\n1909276 - Accessibility Issue on create project modal\n1909289 - oc debug of an init container no longer works\n1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2\n1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle\n1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it\n1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O\n1909464 - Build operator-registry with golang-1.15\n1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found\n1909521 - Add kubevirt cluster type for e2e-test workflow\n1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created\n1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node\n1909610 - Fix available capacity when no storage class selected\n1909678 - scale up / down buttons available on pod details side panel\n1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder \u0026 base images to be consistent with ART\n1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined\n1909739 - Arbiter request data changes\n1909744 - cluster-api-provider-openstack: Bump gophercloud\n1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline\n1909791 - Update standalone kube-proxy config for EndpointSlice\n1909792 - Empty states for some details page subcomponents are not i18ned\n1909815 - Perspective switcher is only half-i18ned\n1909821 - OCS 4.7 LSO installation blocked because of Error \"Invalid value: \"integer\": spec.flexibleScaling in body\n1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn\u0027t installed in CI\n1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing\n1909911 - [OVN]EgressFirewall caused a segfault\n1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument\n1909958 - Support Quick Start Highlights Properly\n1909978 - ignore-volume-az = yes not working on standard storageClass\n1909981 - Improve statement in template select step\n1909992 - Fail to pull the bundle image when using the private index image\n1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev\n1910036 - QE - Design Gherkin Scenarios ODC-4504\n1910049 - UPI: ansible-galaxy is not supported\n1910127 - [UPI on oVirt]: Improve UPI Documentation\n1910140 - fix the api dashboard with changes in upstream kube 1.20\n1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment\u0027s containers with the OPERATOR_CONDITION_NAME Environment Variable\n1910165 - DHCP to static lease script doesn\u0027t handle multiple addresses\n1910305 - [Descheduler] - The minKubeVersion should be 1.20.0\n1910409 - Notification drawer is not localized for i18n\n1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials\n1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation\n1910501 - Installed Operators-\u003eOperand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page\n1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work\n1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready\n1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability\n1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded\n1910739 - Redfish-virtualmedia (idrac) deploy fails on \"The Virtual Media image server is already connected\"\n1910753 - Support Directory Path to Devfile\n1910805 - Missing translation for Pipeline status and breadcrumb text\n1910829 - Cannot delete a PVC if the dv\u0027s phase is WaitForFirstConsumer\n1910840 - Show Nonexistent command info in the `oc rollback -h` help page\n1910859 - breadcrumbs doesn\u0027t use last namespace\n1910866 - Unify templates string\n1910870 - Unify template dropdown action\n1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6\n1911129 - Monitoring charts renders nothing when switching from a Deployment to \"All workloads\"\n1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard\n1911212 - [MSTR-998] API Performance Dashboard \"Period\" drop-down has a choice \"$__auto_interval_period\" which can bring \"1:154: parse error: missing unit character in duration\"\n1911213 - Wrong and misleading warning for VMs that were created manually (not from template)\n1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created\n1911269 - waiting for the build message present when build exists\n1911280 - Builder images are not detected for Dotnet, Httpd, NGINX\n1911307 - Pod Scale-up requires extra privileges in OpenShift web-console\n1911381 - \"Select Persistent Volume Claim project\" shows in customize wizard when select a source available template\n1911382 - \"source volumeMode (Block) and target volumeMode (Filesystem) do not match\" shows in VM Error\n1911387 - Hit error - \"Cannot read property \u0027value\u0027 of undefined\" while creating VM from template\n1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation\n1911418 - [v2v] The target storage class name is not displayed if default storage class is used\n1911434 - git ops empty state page displays icon with watermark\n1911443 - SSH Cretifiaction field should be validated\n1911465 - IOPS display wrong unit\n1911474 - Devfile Application Group Does Not Delete Cleanly (errors)\n1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController\n1911574 - Expose volume mode on Upload Data form\n1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined\n1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel\n1911656 - using \u0027operator-sdk run bundle\u0027 to install operator successfully, but the command output said \u0027Failed to run bundle\u0027\u0027\n1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state\n1911782 - Descheduler should not evict pod used local storage by the PVC\n1911796 - uploading flow being displayed before submitting the form\n1912066 - The ansible type operator\u0027s manager container is not stable when managing the CR\n1912077 - helm operator\u0027s default rbac forbidden\n1912115 - [automation] Analyze job keep failing because of \u0027JavaScript heap out of memory\u0027\n1912237 - Rebase CSI sidecars for 4.7\n1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page\n1912409 - Fix flow schema deployment\n1912434 - Update guided tour modal title\n1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken\n1912523 - Standalone pod status not updating in topology graph\n1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion\n1912558 - TaskRun list and detail screen doesn\u0027t show Pending status\n1912563 - p\u0026f: carry 97206: clean up executing request on panic\n1912565 - OLM macOS local build broken by moby/term dependency\n1912567 - [OCP on RHV] Node becomes to \u0027NotReady\u0027 status when shutdown vm from RHV UI only on the second deletion\n1912577 - 4.1/4.2-\u003e4.3-\u003e...-\u003e 4.7 upgrade is stuck during 4.6-\u003e4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff\n1912590 - publicImageRepository not being populated\n1912640 - Go operator\u0027s controller pods is forbidden\n1912701 - Handle dual-stack configuration for NIC IP\n1912703 - multiple queries can\u0027t be plotted in the same graph under some conditons\n1912730 - Operator backed: In-context should support visual connector if SBO is not installed\n1912828 - Align High Performance VMs with High Performance in RHV-UI\n1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates\n1912852 - VM from wizard - available VM templates - \"storage\" field is \"0 B\"\n1912888 - recycler template should be moved to KCM operator\n1912907 - Helm chart repository index can contain unresolvable relative URL\u0027s\n1912916 - Set external traffic policy to cluster for IBM platform\n1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller\n1912938 - Update confirmation modal for quick starts\n1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment\n1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment\n1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver\n1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912977 - rebase upstream static-provisioner\n1913006 - Remove etcd v2 specific alerts with etcd_http* metrics\n1913011 - [OVN] Pod\u0027s external traffic not use egressrouter macvlan ip as a source ip\n1913037 - update static-provisioner base image\n1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state\n1913085 - Regression OLM uses scoped client for CRD installation\n1913096 - backport: cadvisor machine metrics are missing in k8s 1.19\n1913132 - The installation of Openshift Virtualization reports success early before it \u0027s succeeded eventually\n1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root\n1913196 - Guided Tour doesn\u0027t handle resizing of browser\n1913209 - Support modal should be shown for community supported templates\n1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort\n1913249 - update info alert this template is not aditable\n1913285 - VM list empty state should link to virtualization quick starts\n1913289 - Rebase AWS EBS CSI driver for 4.7\n1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled\n1913297 - Remove restriction of taints for arbiter node\n1913306 - unnecessary scroll bar is present on quick starts panel\n1913325 - 1.20 rebase for openshift-apiserver\n1913331 - Import from git: Fails to detect Java builder\n1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used\n1913343 - (release-4.7) Added changelog file for insights-operator\n1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator\n1913371 - Missing i18n key \"Administrator\" in namespace \"console-app\" and language \"en.\"\n1913386 - users can see metrics of namespaces for which they don\u0027t have rights when monitoring own services with prometheus user workloads\n1913420 - Time duration setting of resources is not being displayed\n1913536 - 4.6.9 -\u003e 4.7 upgrade hangs. RHEL 7.9 worker stuck on \"error enabling unit: Failed to execute operation: File exists\\\\n\\\"\n1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase\n1913560 - Normal user cannot load template on the new wizard\n1913563 - \"Virtual Machine\" is not on the same line in create button when logged with normal user\n1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table\n1913568 - Normal user cannot create template\n1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker\n1913585 - Topology descriptive text fixes\n1913608 - Table data contains data value None after change time range in graph and change back\n1913651 - Improved Red Hat image and crashlooping OpenShift pod collection\n1913660 - Change location and text of Pipeline edit flow alert\n1913685 - OS field not disabled when creating a VM from a template\n1913716 - Include additional use of existing libraries\n1913725 - Refactor Insights Operator Plugin states\n1913736 - Regression: fails to deploy computes when using root volumes\n1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes\n1913751 - add third-party network plugin test suite to openshift-tests\n1913783 - QE-To fix the merging pr issue, commenting the afterEach() block\n1913807 - Template support badge should not be shown for community supported templates\n1913821 - Need definitive steps about uninstalling descheduler operator\n1913851 - Cluster Tasks are not sorted in pipeline builder\n1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists\n1913951 - Update the Devfile Sample Repo to an Official Repo Host\n1913960 - Cluster Autoscaler should use 1.20 dependencies\n1913969 - Field dependency descriptor can sometimes cause an exception\n1914060 - Disk created from \u0027Import via Registry\u0027 cannot be used as boot disk\n1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy\n1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks)\n1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances\n1914125 - Still using /dev/vde as default device path when create localvolume\n1914183 - Empty NAD page is missing link to quickstarts\n1914196 - target port in `from dockerfile` flow does nothing\n1914204 - Creating VM from dev perspective may fail with template not found error\n1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets\n1914212 - [e2e][automation] Add test to validate bootable disk souce\n1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes\n1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows\n1914287 - Bring back selfLink\n1914301 - User VM Template source should show the same provider as template itself\n1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs\n1914309 - /terminal page when WTO not installed shows nonsensical error\n1914334 - order of getting started samples is arbitrary\n1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel] timeout on s390x\n1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI\n1914405 - Quick search modal should be opened when coming back from a selection\n1914407 - Its not clear that node-ca is running as non-root\n1914427 - Count of pods on the dashboard is incorrect\n1914439 - Typo in SRIOV port create command example\n1914451 - cluster-storage-operator pod running as root\n1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true\n1914642 - Customize Wizard Storage tab does not pass validation\n1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling\n1914793 - device names should not be translated\n1914894 - Warn about using non-groupified api version\n1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug\n1914932 - Put correct resource name in relatedObjects\n1914938 - PVC disk is not shown on customization wizard general tab\n1914941 - VM Template rootdisk is not deleted after fetching default disk bus\n1914975 - Collect logs from openshift-sdn namespace\n1915003 - No estimate of average node readiness during lifetime of a cluster\n1915027 - fix MCS blocking iptables rules\n1915041 - s3:ListMultipartUploadParts is relied on implicitly\n1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons\n1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours\n1915085 - Pods created and rapidly terminated get stuck\n1915114 - [aws-c2s] worker machines are not create during install\n1915133 - Missing default pinned nav items in dev perspective\n1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource\n1915187 - Remove the \"Tech preview\" tag in web-console for volumesnapshot\n1915188 - Remove HostSubnet anonymization\n1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment\n1915217 - OKD payloads expect to be signed with production keys\n1915220 - Remove dropdown workaround for user settings\n1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure\n1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod\n1915277 - [e2e][automation]fix cdi upload form test\n1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout\n1915304 - Updating scheduling component builder \u0026 base images to be consistent with ART\n1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node\n1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection\n1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod\n1915357 - Dev Catalog doesn\u0027t load anything if virtualization operator is installed\n1915379 - New template wizard should require provider and make support input a dropdown type\n1915408 - Failure in operator-registry kind e2e test\n1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation\n1915460 - Cluster name size might affect installations\n1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance\n1915540 - Silent 4.7 RHCOS install failure on ppc64le\n1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI)\n1915582 - p\u0026f: carry upstream pr 97860\n1915594 - [e2e][automation] Improve test for disk validation\n1915617 - Bump bootimage for various fixes\n1915624 - \"Please fill in the following field: Template provider\" blocks customize wizard\n1915627 - Translate Guided Tour text. \n1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error\n1915647 - Intermittent White screen when the connector dragged to revision\n1915649 - \"Template support\" pop up is not a warning; checkbox text should be rephrased\n1915654 - [e2e][automation] Add a verification for Afinity modal should hint \"Matching node found\"\n1915661 - Can\u0027t run the \u0027oc adm prune\u0027 command in a pod\n1915672 - Kuryr doesn\u0027t work with selfLink disabled. \n1915674 - Golden image PVC creation - storage size should be taken from the template\n1915685 - Message for not supported template is not clear enough\n1915760 - Need to increase timeout to wait rhel worker get ready\n1915793 - quick starts panel syncs incorrectly across browser windows\n1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster\n1915818 - vsphere-problem-detector: use \"_totals\" in metrics\n1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol\n1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version\n1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0\n1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics\n1915885 - Kuryr doesn\u0027t support workers running on multiple subnets\n1915898 - TaskRun log output shows \"undefined\" in streaming\n1915907 - test/cmd/builds.sh uses docker.io\n1915912 - sig-storage-csi-snapshotter image not available\n1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder \u0026 base images to be consistent with ART\n1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard\n1915939 - Resizing the browser window removes Web Terminal Icon\n1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance]\n1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7\n1915962 - ROKS: manifest with machine health check fails to apply in 4.7\n1915972 - Global configuration breadcrumbs do not work as expected\n1915981 - Install ethtool and conntrack in container for debugging\n1915995 - \"Edit RoleBinding Subject\" action under RoleBinding list page kebab actions causes unhandled exception\n1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups\n1916021 - OLM enters infinite loop if Pending CSV replaces itself\n1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry\n1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert\u0027s annotations\n1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk\n1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration\n1916145 - Explicitly set minimum versions of python libraries\n1916164 - Update csi-driver-nfs builder \u0026 base images to be consistent with ART\n1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7\n1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third\n1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2\n1916379 - error metrics from vsphere-problem-detector should be gauge\n1916382 - Can\u0027t create ext4 filesystems with Ignition\n1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving \u0027verified: false\u0027 even for verified updates\n1916401 - Deleting an ingress controller with a bad DNS Record hangs\n1916417 - [Kuryr] Must-gather does not have all Custom Resources information\n1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image\n1916454 - teach CCO about upgradeability from 4.6 to 4.7\n1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation\n1916502 - Boot disk mirroring fails with mdadm error\n1916524 - Two rootdisk shows on storage step\n1916580 - Default yaml is broken for VM and VM template\n1916621 - oc adm node-logs examples are wrong\n1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret. \n1916692 - Possibly fails to destroy LB and thus cluster\n1916711 - Update Kube dependencies in MCO to 1.20.0\n1916747 - remove links to quick starts if virtualization operator isn\u0027t updated to 2.6\n1916764 - editing a workload with no application applied, will auto fill the app\n1916834 - Pipeline Metrics - Text Updates\n1916843 - collect logs from openshift-sdn-controller pod\n1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed\n1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually\n1916888 - OCS wizard Donor chart does not get updated when `Device Type` is edited\n1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error \"Forbidden: cannot specify lbFloatingIP and apiFloatingIP together\"\n1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace\n1917101 - [UPI on oVirt] - \u0027RHCOS image\u0027 topic isn\u0027t located in the right place in UPI document\n1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to \u0027\"ProxyConfigController\" controller failed to sync \"key\"\u0027 error\n1917117 - Common templates - disks screen: invalid disk name\n1917124 - Custom template - clone existing PVC - the name of the target VM\u0027s data volume is hard-coded; only one VM can be created\n1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator\n1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable. \n1917148 - [oVirt] Consume 23-10 ovirt sdk\n1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened\n1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console\n1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory\n1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7\n1917327 - annotations.message maybe wrong for NTOPodsNotReady alert\n1917367 - Refactor periodic.go\n1917371 - Add docs on how to use the built-in profiler\n1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console\n1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui\n1917484 - [BM][IPI] Failed to scale down machineset\n1917522 - Deprecate --filter-by-os in oc adm catalog mirror\n1917537 - controllers continuously busy reconciling operator\n1917551 - use min_over_time for vsphere prometheus alerts\n1917585 - OLM Operator install page missing i18n\n1917587 - Manila CSI operator becomes degraded if user doesn\u0027t have permissions to list share types\n1917605 - Deleting an exgw causes pods to no longer route to other exgws\n1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API\n1917656 - Add to Project/application for eventSources from topology shows 404\n1917658 - Show TP badge for sources powered by camel connectors in create flow\n1917660 - Editing parallelism of job get error info\n1917678 - Could not provision pv when no symlink and target found on rhel worker\n1917679 - Hide double CTA in admin pipelineruns tab\n1917683 - `NodeTextFileCollectorScrapeError` alert in OCP 4.6 cluster. \n1917759 - Console operator panics after setting plugin that does not exists to the console-operator config\n1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0\n1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0\n1917799 - Gather s list of names and versions of installed OLM operators\n1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error\n1917814 - Show Broker create option in eventing under admin perspective\n1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types\n1917872 - [oVirt] rebase on latest SDK 2021-01-12\n1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image\n1917938 - upgrade version of dnsmasq package\n1917942 - Canary controller causes panic in ingress-operator\n1918019 - Undesired scrollbars in markdown area of QuickStart\n1918068 - Flaky olm integration tests\n1918085 - reversed name of job and namespace in cvo log\n1918112 - Flavor is not editable if a customize VM is created from cli\n1918129 - Update IO sample archive with missing resources \u0026 remove IP anonymization from clusteroperator resources\n1918132 - i18n: Volume Snapshot Contents menu is not translated\n1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2\n1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn\u0027t be installed on OSP\n1918153 - When `\u0026` character is set as an environment variable in a build config it is getting converted as `\\u0026`\n1918185 - Capitalization on PLR details page\n1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections\n1918318 - Kamelet connector\u0027s are not shown in eventing section under Admin perspective\n1918351 - Gather SAP configuration (SCC \u0026 ClusterRoleBinding)\n1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews\n1918395 - [ovirt] increase livenessProbe period\n1918415 - MCD nil pointer on dropins\n1918438 - [ja_JP, zh_CN] Serverless i18n misses\n1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig\n1918471 - CustomNoUpgrade Feature gates are not working correctly\n1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk\n1918622 - Updating ose-jenkins-agent-maven builder \u0026 base images to be consistent with ART\n1918623 - Updating ose-jenkins-agent-nodejs-12 builder \u0026 base images to be consistent with ART\n1918625 - Updating ose-jenkins-agent-nodejs-10 builder \u0026 base images to be consistent with ART\n1918635 - Updating openshift-jenkins-2 builder \u0026 base images to be consistent with ART #1197\n1918639 - Event listener with triggerRef crashes the console\n1918648 - Subscription page doesn\u0027t show InstallPlan correctly\n1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack\n1918748 - helmchartrepo is not http(s)_proxy-aware\n1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI\n1918803 - Need dedicated details page w/ global config breadcrumbs for \u0027KnativeServing\u0027 plugin\n1918826 - Insights popover icons are not horizontally aligned\n1918879 - need better debug for bad pull secrets\n1918958 - The default NMstate instance from the operator is incorrect\n1919097 - Close bracket \")\" missing at the end of the sentence in the UI\n1919231 - quick search modal cut off on smaller screens\n1919259 - Make \"Add x\" singular in Pipeline Builder\n1919260 - VM Template list actions should not wrap\n1919271 - NM prepender script doesn\u0027t support systemd-resolved\n1919341 - Updating ose-jenkins-agent-maven builder \u0026 base images to be consistent with ART\n1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry\n1919379 - dotnet logo out of date\n1919387 - Console login fails with no error when it can\u0027t write to localStorage\n1919396 - A11y Violation: svg-img-alt on Pod Status ring\n1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren\u0027t verified\n1919750 - Search InstallPlans got Minified React error\n1919778 - Upgrade is stuck in insights operator Degraded with \"Source clusterconfig could not be retrieved\" until insights operator pod is manually deleted\n1919823 - OCP 4.7 Internationalization Chinese tranlate issue\n1919851 - Visualization does not render when Pipeline \u0026 Task share same name\n1919862 - The tip information for `oc new-project --skip-config-write` is wrong\n1919876 - VM created via customize wizard cannot inherit template\u0027s PVC attributes\n1919877 - Click on KSVC breaks with white screen\n1919879 - The toolbox container name is changed from \u0027toolbox-root\u0027 to \u0027toolbox-\u0027 in a chroot environment\n1919945 - user entered name value overridden by default value when selecting a git repository\n1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference\n1919970 - NTO does not update when the tuned profile is updated. \n1919999 - Bump Cluster Resource Operator Golang Versions\n1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration\n1920200 - user-settings network error results in infinite loop of requests\n1920205 - operator-registry e2e tests not working properly\n1920214 - Bump golang to 1.15 in cluster-resource-override-admission\n1920248 - re-running the pipelinerun with pipelinespec crashes the UI\n1920320 - VM template field is \"Not available\" if it\u0027s created from common template\n1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode is `Disk Mode`\n1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs\n1920390 - Monitoring \u003e Metrics graph shifts to the left when clicking the \"Stacked\" option and when toggling data series lines on / off\n1920426 - Egress Router CNI OWNERS file should have ovn-k team members\n1920427 - Need to update `oc login` help page since we don\u0027t support prompt interactively for the username\n1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time\n1920438 - openshift-tuned panics on turning debugging on/off. \n1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn\n1920481 - kuryr-cni pods using unreasonable amount of CPU\n1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof\n1920524 - Topology graph crashes adding Open Data Hub operator\n1920526 - catalog operator causing CPU spikes and bad etcd performance\n1920551 - Boot Order is not editable for Templates in \"openshift\" namespace\n1920555 - bump cluster-resource-override-admission api dependencies\n1920571 - fcp multipath will not recover failed paths automatically\n1920619 - Remove default scheduler profile value\n1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present\n1920674 - MissingKey errors in bindings namespace\n1920684 - Text in language preferences modal is misleading\n1920695 - CI is broken because of bad image registry reference in the Makefile\n1920756 - update generic-admission-server library to get the system:masters authorization optimization\n1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for \"network-check-target\" failed when \"defaultNodeSelector\" is set\n1920771 - i18n: Delete persistent volume claim drop down is not translated\n1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI\n1920912 - Unable to power off BMH from console\n1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by \"2\"\n1920984 - [e2e][automation] some menu items names are out dated\n1921013 - Gather PersistentVolume definition (if any) used in image registry config\n1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior)\n1921087 - \u0027start next quick start\u0027 link doesn\u0027t work and is unintuitive\n1921088 - test-cmd is failing on volumes.sh pretty consistently\n1921248 - Clarify the kubelet configuration cr description\n1921253 - Text filter default placeholder text not internationalized\n1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window\n1921275 - Panic in authentication-operator in (*deploymentController).updateOperatorDeploymentInfo\n1921277 - Fix Warning and Info log statements to handle arguments\n1921281 - oc get -o yaml --export returns \"error: unknown flag: --export\"\n1921458 - [SDK] Gracefully handle the `run bundle-upgrade` if the lower version operator doesn\u0027t exist\n1921556 - [OCS with Vault]: OCS pods didn\u0027t comeup after deploying with Vault details from UI\n1921572 - For external source (i.e GitHub Source) form view as well shows yaml\n1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass\n1921610 - Pipeline metrics font size inconsistency\n1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1921655 - [OSP] Incorrect error handling during cloudinfo generation\n1921713 - [e2e][automation] fix failing VM migration tests\n1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view\n1921774 - delete application modal errors when a resource cannot be found\n1921806 - Explore page APIResourceLinks aren\u0027t i18ned\n1921823 - CheckBoxControls not internationalized\n1921836 - AccessTableRows don\u0027t internationalize \"User\" or \"Group\"\n1921857 - Test flake when hitting router in e2e tests due to one router not being up to date\n1921880 - Dynamic plugins are not initialized on console load in production mode\n1921911 - Installer PR #4589 is causing leak of IAM role policy bindings\n1921921 - \"Global Configuration\" breadcrumb does not use sentence case\n1921949 - Console bug - source code URL broken for gitlab self-hosted repositories\n1921954 - Subscription-related constraints in ResolutionFailed events are misleading\n1922015 - buttons in modal header are invisible on Safari\n1922021 - Nodes terminal page \u0027Expand\u0027 \u0027Collapse\u0027 button not translated\n1922050 - [e2e][automation] Improve vm clone tests\n1922066 - Cannot create VM from custom template which has extra disk\n1922098 - Namespace selection dialog is not closed after select a namespace\n1922099 - Updated Readme documentation for QE code review and setup\n1922146 - Egress Router CNI doesn\u0027t have logging support. \n1922267 - Collect specific ADFS error\n1922292 - Bump RHCOS boot images for 4.7\n1922454 - CRI-O doesn\u0027t enable pprof by default\n1922473 - reconcile LSO images for 4.8\n1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace\n1922782 - Source registry missing docker:// in yaml\n1922907 - Interop UI Tests - step implementation for updating feature files\n1922911 - Page crash when click the \"Stacked\" checkbox after clicking the data series toggle buttons\n1922991 - \"verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build\" test fails on OKD\n1923003 - WebConsole Insights widget showing \"Issues pending\" when the cluster doesn\u0027t report anything\n1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources\n1923102 - [vsphere-problem-detector-operator] pod\u0027s version is not correct\n1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot\n1923674 - k8s 1.20 vendor dependencies\n1923721 - PipelineRun running status icon is not rotating\n1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios\n1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator\n1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator\n1923874 - Unable to specify values with % in kubeletconfig\n1923888 - Fixes error metadata gathering\n1923892 - Update arch.md after refactor. \n1923894 - \"installed\" operator status in operatorhub page does not reflect the real status of operator\n1923895 - Changelog generation. \n1923911 - [e2e][automation] Improve tests for vm details page and list filter\n1923945 - PVC Name and Namespace resets when user changes os/flavor/workload\n1923951 - EventSources shows `undefined` in project\n1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins\n1924046 - Localhost: Refreshing on a Project removes it from nav item urls\n1924078 - Topology quick search View all results footer should be sticky. \n1924081 - NTO should ship the latest Tuned daemon release 2.15\n1924084 - backend tests incorrectly hard-code artifacts dir\n1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build\n1924135 - Under sufficient load, CRI-O may segfault\n1924143 - Code Editor Decorator url is broken for Bitbucket repos\n1924188 - Language selector dropdown doesn\u0027t always pre-select the language\n1924365 - Add extra disk for VM which use boot source PXE\n1924383 - Degraded network operator during upgrade to 4.7.z\n1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box. \n1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can\u0027t set finalizers on\n1924583 - Deprectaed templates are listed in the Templates screen\n1924870 - pick upstream pr#96901: plumb context with request deadline\n1924955 - Images from Private external registry not working in deploy Image\n1924961 - k8sutil.TrimDNS1123Label creates invalid values\n1924985 - Build egress-router-cni for both RHEL 7 and 8\n1925020 - Console demo plugin deployment image shoult not point to dockerhub\n1925024 - Remove extra validations on kafka source form view net section\n1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running\n1925072 - NTO needs to ship the current latest stalld v1.7.0\n1925163 - Missing info about dev catalog in boot source template column\n1925200 - Monitoring Alert icon is missing on the workload in Topology view\n1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1\n1925319 - bash syntax error in configure-ovs.sh script\n1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data\n1925516 - Pipeline Metrics Tooltips are overlapping data\n1925562 - Add new ArgoCD link from GitOps application environments page\n1925596 - Gitops details page image and commit id text overflows past card boundary\n1926556 - \u0027excessive etcd leader changes\u0027 test case failing in serial job because prometheus data is wiped by machine set test\n1926588 - The tarball of operator-sdk is not ready for ocp4.7\n1927456 - 4.7 still points to 4.6 catalog images\n1927500 - API server exits non-zero on 2 SIGTERM signals\n1929278 - Monitoring workloads using too high a priorityclass\n1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api\n1929920 - Cluster monitoring documentation link is broken - 404 not found\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-10103\nhttps://access.redhat.com/security/cve/CVE-2018-10105\nhttps://access.redhat.com/security/cve/CVE-2018-14461\nhttps://access.redhat.com/security/cve/CVE-2018-14462\nhttps://access.redhat.com/security/cve/CVE-2018-14463\nhttps://access.redhat.com/security/cve/CVE-2018-14464\nhttps://access.redhat.com/security/cve/CVE-2018-14465\nhttps://access.redhat.com/security/cve/CVE-2018-14466\nhttps://access.redhat.com/security/cve/CVE-2018-14467\nhttps://access.redhat.com/security/cve/CVE-2018-14468\nhttps://access.redhat.com/security/cve/CVE-2018-14469\nhttps://access.redhat.com/security/cve/CVE-2018-14470\nhttps://access.redhat.com/security/cve/CVE-2018-14553\nhttps://access.redhat.com/security/cve/CVE-2018-14879\nhttps://access.redhat.com/security/cve/CVE-2018-14880\nhttps://access.redhat.com/security/cve/CVE-2018-14881\nhttps://access.redhat.com/security/cve/CVE-2018-14882\nhttps://access.redhat.com/security/cve/CVE-2018-16227\nhttps://access.redhat.com/security/cve/CVE-2018-16228\nhttps://access.redhat.com/security/cve/CVE-2018-16229\nhttps://access.redhat.com/security/cve/CVE-2018-16230\nhttps://access.redhat.com/security/cve/CVE-2018-16300\nhttps://access.redhat.com/security/cve/CVE-2018-16451\nhttps://access.redhat.com/security/cve/CVE-2018-16452\nhttps://access.redhat.com/security/cve/CVE-2018-20843\nhttps://access.redhat.com/security/cve/CVE-2019-3884\nhttps://access.redhat.com/security/cve/CVE-2019-5018\nhttps://access.redhat.com/security/cve/CVE-2019-6977\nhttps://access.redhat.com/security/cve/CVE-2019-6978\nhttps://access.redhat.com/security/cve/CVE-2019-8625\nhttps://access.redhat.com/security/cve/CVE-2019-8710\nhttps://access.redhat.com/security/cve/CVE-2019-8720\nhttps://access.redhat.com/security/cve/CVE-2019-8743\nhttps://access.redhat.com/security/cve/CVE-2019-8764\nhttps://access.redhat.com/security/cve/CVE-2019-8766\nhttps://access.redhat.com/security/cve/CVE-2019-8769\nhttps://access.redhat.com/security/cve/CVE-2019-8771\nhttps://access.redhat.com/security/cve/CVE-2019-8782\nhttps://access.redhat.com/security/cve/CVE-2019-8783\nhttps://access.redhat.com/security/cve/CVE-2019-8808\nhttps://access.redhat.com/security/cve/CVE-2019-8811\nhttps://access.redhat.com/security/cve/CVE-2019-8812\nhttps://access.redhat.com/security/cve/CVE-2019-8813\nhttps://access.redhat.com/security/cve/CVE-2019-8814\nhttps://access.redhat.com/security/cve/CVE-2019-8815\nhttps://access.redhat.com/security/cve/CVE-2019-8816\nhttps://access.redhat.com/security/cve/CVE-2019-8819\nhttps://access.redhat.com/security/cve/CVE-2019-8820\nhttps://access.redhat.com/security/cve/CVE-2019-8823\nhttps://access.redhat.com/security/cve/CVE-2019-8835\nhttps://access.redhat.com/security/cve/CVE-2019-8844\nhttps://access.redhat.com/security/cve/CVE-2019-8846\nhttps://access.redhat.com/security/cve/CVE-2019-9455\nhttps://access.redhat.com/security/cve/CVE-2019-9458\nhttps://access.redhat.com/security/cve/CVE-2019-11068\nhttps://access.redhat.com/security/cve/CVE-2019-12614\nhttps://access.redhat.com/security/cve/CVE-2019-13050\nhttps://access.redhat.com/security/cve/CVE-2019-13225\nhttps://access.redhat.com/security/cve/CVE-2019-13627\nhttps://access.redhat.com/security/cve/CVE-2019-14889\nhttps://access.redhat.com/security/cve/CVE-2019-15165\nhttps://access.redhat.com/security/cve/CVE-2019-15166\nhttps://access.redhat.com/security/cve/CVE-2019-15903\nhttps://access.redhat.com/security/cve/CVE-2019-15917\nhttps://access.redhat.com/security/cve/CVE-2019-15925\nhttps://access.redhat.com/security/cve/CVE-2019-16167\nhttps://access.redhat.com/security/cve/CVE-2019-16168\nhttps://access.redhat.com/security/cve/CVE-2019-16231\nhttps://access.redhat.com/security/cve/CVE-2019-16233\nhttps://access.redhat.com/security/cve/CVE-2019-16935\nhttps://access.redhat.com/security/cve/CVE-2019-17450\nhttps://access.redhat.com/security/cve/CVE-2019-17546\nhttps://access.redhat.com/security/cve/CVE-2019-18197\nhttps://access.redhat.com/security/cve/CVE-2019-18808\nhttps://access.redhat.com/security/cve/CVE-2019-18809\nhttps://access.redhat.com/security/cve/CVE-2019-19046\nhttps://access.redhat.com/security/cve/CVE-2019-19056\nhttps://access.redhat.com/security/cve/CVE-2019-19062\nhttps://access.redhat.com/security/cve/CVE-2019-19063\nhttps://access.redhat.com/security/cve/CVE-2019-19068\nhttps://access.redhat.com/security/cve/CVE-2019-19072\nhttps://access.redhat.com/security/cve/CVE-2019-19221\nhttps://access.redhat.com/security/cve/CVE-2019-19319\nhttps://access.redhat.com/security/cve/CVE-2019-19332\nhttps://access.redhat.com/security/cve/CVE-2019-19447\nhttps://access.redhat.com/security/cve/CVE-2019-19524\nhttps://access.redhat.com/security/cve/CVE-2019-19533\nhttps://access.redhat.com/security/cve/CVE-2019-19537\nhttps://access.redhat.com/security/cve/CVE-2019-19543\nhttps://access.redhat.com/security/cve/CVE-2019-19602\nhttps://access.redhat.com/security/cve/CVE-2019-19767\nhttps://access.redhat.com/security/cve/CVE-2019-19770\nhttps://access.redhat.com/security/cve/CVE-2019-19906\nhttps://access.redhat.com/security/cve/CVE-2019-19956\nhttps://access.redhat.com/security/cve/CVE-2019-20054\nhttps://access.redhat.com/security/cve/CVE-2019-20218\nhttps://access.redhat.com/security/cve/CVE-2019-20386\nhttps://access.redhat.com/security/cve/CVE-2019-20387\nhttps://access.redhat.com/security/cve/CVE-2019-20388\nhttps://access.redhat.com/security/cve/CVE-2019-20454\nhttps://access.redhat.com/security/cve/CVE-2019-20636\nhttps://access.redhat.com/security/cve/CVE-2019-20807\nhttps://access.redhat.com/security/cve/CVE-2019-20812\nhttps://access.redhat.com/security/cve/CVE-2019-20907\nhttps://access.redhat.com/security/cve/CVE-2019-20916\nhttps://access.redhat.com/security/cve/CVE-2020-0305\nhttps://access.redhat.com/security/cve/CVE-2020-0444\nhttps://access.redhat.com/security/cve/CVE-2020-1716\nhttps://access.redhat.com/security/cve/CVE-2020-1730\nhttps://access.redhat.com/security/cve/CVE-2020-1751\nhttps://access.redhat.com/security/cve/CVE-2020-1752\nhttps://access.redhat.com/security/cve/CVE-2020-1971\nhttps://access.redhat.com/security/cve/CVE-2020-2574\nhttps://access.redhat.com/security/cve/CVE-2020-2752\nhttps://access.redhat.com/security/cve/CVE-2020-2922\nhttps://access.redhat.com/security/cve/CVE-2020-3862\nhttps://access.redhat.com/security/cve/CVE-2020-3864\nhttps://access.redhat.com/security/cve/CVE-2020-3865\nhttps://access.redhat.com/security/cve/CVE-2020-3867\nhttps://access.redhat.com/security/cve/CVE-2020-3868\nhttps://access.redhat.com/security/cve/CVE-2020-3885\nhttps://access.redhat.com/security/cve/CVE-2020-3894\nhttps://access.redhat.com/security/cve/CVE-2020-3895\nhttps://access.redhat.com/security/cve/CVE-2020-3897\nhttps://access.redhat.com/security/cve/CVE-2020-3898\nhttps://access.redhat.com/security/cve/CVE-2020-3899\nhttps://access.redhat.com/security/cve/CVE-2020-3900\nhttps://access.redhat.com/security/cve/CVE-2020-3901\nhttps://access.redhat.com/security/cve/CVE-2020-3902\nhttps://access.redhat.com/security/cve/CVE-2020-6405\nhttps://access.redhat.com/security/cve/CVE-2020-7595\nhttps://access.redhat.com/security/cve/CVE-2020-7774\nhttps://access.redhat.com/security/cve/CVE-2020-8177\nhttps://access.redhat.com/security/cve/CVE-2020-8492\nhttps://access.redhat.com/security/cve/CVE-2020-8563\nhttps://access.redhat.com/security/cve/CVE-2020-8566\nhttps://access.redhat.com/security/cve/CVE-2020-8619\nhttps://access.redhat.com/security/cve/CVE-2020-8622\nhttps://access.redhat.com/security/cve/CVE-2020-8623\nhttps://access.redhat.com/security/cve/CVE-2020-8624\nhttps://access.redhat.com/security/cve/CVE-2020-8647\nhttps://access.redhat.com/security/cve/CVE-2020-8648\nhttps://access.redhat.com/security/cve/CVE-2020-8649\nhttps://access.redhat.com/security/cve/CVE-2020-9327\nhttps://access.redhat.com/security/cve/CVE-2020-9802\nhttps://access.redhat.com/security/cve/CVE-2020-9803\nhttps://access.redhat.com/security/cve/CVE-2020-9805\nhttps://access.redhat.com/security/cve/CVE-2020-9806\nhttps://access.redhat.com/security/cve/CVE-2020-9807\nhttps://access.redhat.com/security/cve/CVE-2020-9843\nhttps://access.redhat.com/security/cve/CVE-2020-9850\nhttps://access.redhat.com/security/cve/CVE-2020-9862\nhttps://access.redhat.com/security/cve/CVE-2020-9893\nhttps://access.redhat.com/security/cve/CVE-2020-9894\nhttps://access.redhat.com/security/cve/CVE-2020-9895\nhttps://access.redhat.com/security/cve/CVE-2020-9915\nhttps://access.redhat.com/security/cve/CVE-2020-9925\nhttps://access.redhat.com/security/cve/CVE-2020-10018\nhttps://access.redhat.com/security/cve/CVE-2020-10029\nhttps://access.redhat.com/security/cve/CVE-2020-10732\nhttps://access.redhat.com/security/cve/CVE-2020-10749\nhttps://access.redhat.com/security/cve/CVE-2020-10751\nhttps://access.redhat.com/security/cve/CVE-2020-10763\nhttps://access.redhat.com/security/cve/CVE-2020-10773\nhttps://access.redhat.com/security/cve/CVE-2020-10774\nhttps://access.redhat.com/security/cve/CVE-2020-10942\nhttps://access.redhat.com/security/cve/CVE-2020-11565\nhttps://access.redhat.com/security/cve/CVE-2020-11668\nhttps://access.redhat.com/security/cve/CVE-2020-11793\nhttps://access.redhat.com/security/cve/CVE-2020-12465\nhttps://access.redhat.com/security/cve/CVE-2020-12655\nhttps://access.redhat.com/security/cve/CVE-2020-12659\nhttps://access.redhat.com/security/cve/CVE-2020-12770\nhttps://access.redhat.com/security/cve/CVE-2020-12826\nhttps://access.redhat.com/security/cve/CVE-2020-13249\nhttps://access.redhat.com/security/cve/CVE-2020-13630\nhttps://access.redhat.com/security/cve/CVE-2020-13631\nhttps://access.redhat.com/security/cve/CVE-2020-13632\nhttps://access.redhat.com/security/cve/CVE-2020-14019\nhttps://access.redhat.com/security/cve/CVE-2020-14040\nhttps://access.redhat.com/security/cve/CVE-2020-14381\nhttps://access.redhat.com/security/cve/CVE-2020-14382\nhttps://access.redhat.com/security/cve/CVE-2020-14391\nhttps://access.redhat.com/security/cve/CVE-2020-14422\nhttps://access.redhat.com/security/cve/CVE-2020-15157\nhttps://access.redhat.com/security/cve/CVE-2020-15503\nhttps://access.redhat.com/security/cve/CVE-2020-15862\nhttps://access.redhat.com/security/cve/CVE-2020-15999\nhttps://access.redhat.com/security/cve/CVE-2020-16166\nhttps://access.redhat.com/security/cve/CVE-2020-24490\nhttps://access.redhat.com/security/cve/CVE-2020-24659\nhttps://access.redhat.com/security/cve/CVE-2020-25211\nhttps://access.redhat.com/security/cve/CVE-2020-25641\nhttps://access.redhat.com/security/cve/CVE-2020-25658\nhttps://access.redhat.com/security/cve/CVE-2020-25661\nhttps://access.redhat.com/security/cve/CVE-2020-25662\nhttps://access.redhat.com/security/cve/CVE-2020-25681\nhttps://access.redhat.com/security/cve/CVE-2020-25682\nhttps://access.redhat.com/security/cve/CVE-2020-25683\nhttps://access.redhat.com/security/cve/CVE-2020-25684\nhttps://access.redhat.com/security/cve/CVE-2020-25685\nhttps://access.redhat.com/security/cve/CVE-2020-25686\nhttps://access.redhat.com/security/cve/CVE-2020-25687\nhttps://access.redhat.com/security/cve/CVE-2020-25694\nhttps://access.redhat.com/security/cve/CVE-2020-25696\nhttps://access.redhat.com/security/cve/CVE-2020-26160\nhttps://access.redhat.com/security/cve/CVE-2020-27813\nhttps://access.redhat.com/security/cve/CVE-2020-27846\nhttps://access.redhat.com/security/cve/CVE-2020-28362\nhttps://access.redhat.com/security/cve/CVE-2020-29652\nhttps://access.redhat.com/security/cve/CVE-2021-2007\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T\nlmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H\nEmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8\n4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4\nmWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL\nISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy\nAe5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk\n4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM\nuR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG\nkrzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv\nRjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6\nMcvuEaxco7U=\n=sw8i\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1732329 - Virtual Machine is missing documentation of its properties in yaml editor\n1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv\n1791753 - [RFE] [SSP] Template validator should check validations in template\u0027s parent template\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration\n1848956 - KMP requires downtime for CA stabilization during certificate rotation\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1853911 - VM with dot in network name fails to start with unclear message\n1854098 - NodeNetworkState on workers doesn\u0027t have \"status\" key due to nmstate-handler pod failure to run \"nmstatectl show\"\n1856347 - SR-IOV : Missing network name for sriov during vm setup\n1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS\n1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination\n1860714 - No API information from `oc explain`\n1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints\n1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem\n1866593 - CDI is not handling vm disk clone\n1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs\n1868817 - Container-native Virtualization 2.6.0 Images\n1873771 - Improve the VMCreationFailed error message caused by VM low memory\n1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it\n1878499 - DV import doesn\u0027t recover from scratch space PVC deletion\n1879108 - Inconsistent naming of \"oc virt\" command in help text\n1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running\n1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT\n1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability\n1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message\n1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used\n1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied\n1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. 7.7) - ppc64, ppc64le, s390x, x86_64\n\n3. ==========================================================================\nUbuntu Security Notice USN-4698-1\nJanuary 19, 2021\n\ndnsmasq vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Dnsmasq. \n\nSoftware Description:\n- dnsmasq: Small caching DNS proxy and DHCP/TFTP server\n\nDetails:\n\nMoshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled\nmemory when sorting RRsets. A remote attacker could use this issue to cause\nDnsmasq to hang, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2020-25681, CVE-2020-25687)\n\nMoshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled\nextracting certain names. A remote attacker could use this issue to cause\nDnsmasq to hang, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2020-25682, CVE-2020-25683)\n\nMoshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly\nimplemented address/port checks. (CVE-2020-25684)\n\nMoshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly\nimplemented query resource name checks. (CVE-2020-25685)\n\nMoshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled\nmultiple query requests for the same resource name. (CVE-2020-25686)\n\nIt was discovered that Dnsmasq incorrectly handled memory during DHCP\nresponse creation. A remote attacker could possibly use this issue to\ncause Dnsmasq to consume resources, leading to a denial of service. This\nissue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04\nLTS. (CVE-2019-14834)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n dnsmasq 2.82-1ubuntu1.1\n dnsmasq-base 2.82-1ubuntu1.1\n dnsmasq-utils 2.82-1ubuntu1.1\n\nUbuntu 20.04 LTS:\n dnsmasq 2.80-1.1ubuntu1.2\n dnsmasq-base 2.80-1.1ubuntu1.2\n dnsmasq-utils 2.80-1.1ubuntu1.2\n\nUbuntu 18.04 LTS:\n dnsmasq 2.79-1ubuntu0.2\n dnsmasq-base 2.79-1ubuntu0.2\n dnsmasq-utils 2.79-1ubuntu0.2\n\nUbuntu 16.04 LTS:\n dnsmasq 2.75-1ubuntu0.16.04.7\n dnsmasq-base 2.75-1ubuntu0.16.04.7\n dnsmasq-utils 2.75-1ubuntu0.16.04.7\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server AUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.4) - x86_64\n\n3. \n\nSecurity Fix(es):\n\n* dnsmasq: loose address/port check in reply_query() makes forging replies\neasier for an off-path attacker (CVE-2020-25684)\n\n* dnsmasq: loose query name check in reply_query() makes forging replies\neasier for an off-path attacker (CVE-2020-25685)\n\n* dnsmasq: multiple queries forwarded for the same name makes forging\nreplies easier for an off-path attacker (CVE-2020-25686)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker\n1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker\n1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker\n\n6. Package List:\n\nRed Hat Enterprise Linux Server AUS (v. 7.4):\n\nSource:\ndnsmasq-2.76-2.el7_4.3.src.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.3.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.4):\n\nSource:\ndnsmasq-2.76-2.el7_4.3.src.rpm\n\nppc64le:\ndnsmasq-2.76-2.el7_4.3.ppc64le.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.3.ppc64le.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.3.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.4):\n\nSource:\ndnsmasq-2.76-2.el7_4.3.src.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.3.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4):\n\nx86_64:\ndnsmasq-debuginfo-2.76-2.el7_4.3.x86_64.rpm\ndnsmasq-utils-2.76-2.el7_4.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.4):\n\nppc64le:\ndnsmasq-debuginfo-2.76-2.el7_4.3.ppc64le.rpm\ndnsmasq-utils-2.76-2.el7_4.3.ppc64le.rpm\n\nx86_64:\ndnsmasq-debuginfo-2.76-2.el7_4.3.x86_64.rpm\ndnsmasq-utils-2.76-2.el7_4.3.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25685"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015548"
},
{
"db": "CNVD",
"id": "CNVD-2021-16430"
},
{
"db": "VULMON",
"id": "CVE-2020-25685"
},
{
"db": "PACKETSTORM",
"id": "161100"
},
{
"db": "PACKETSTORM",
"id": "161546"
},
{
"db": "PACKETSTORM",
"id": "161012"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161019"
},
{
"db": "PACKETSTORM",
"id": "161010"
},
{
"db": "PACKETSTORM",
"id": "161015"
},
{
"db": "PACKETSTORM",
"id": "161101"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25685",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU90340376",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015548",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-16430",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-25685",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161100",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161546",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161012",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161742",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161019",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161010",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161015",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161101",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16430"
},
{
"db": "VULMON",
"id": "CVE-2020-25685"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015548"
},
{
"db": "PACKETSTORM",
"id": "161100"
},
{
"db": "PACKETSTORM",
"id": "161546"
},
{
"db": "PACKETSTORM",
"id": "161012"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161019"
},
{
"db": "PACKETSTORM",
"id": "161010"
},
{
"db": "PACKETSTORM",
"id": "161015"
},
{
"db": "PACKETSTORM",
"id": "161101"
},
{
"db": "NVD",
"id": "CVE-2020-25685"
}
]
},
"id": "VAR-202101-0221",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16430"
}
],
"trust": 0.85396827
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16430"
}
]
},
"last_update_date": "2024-11-29T19:35:41.632000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2021-84440e87ba thekelleysthekelleys",
"trust": 0.8,
"url": "https://www.debian.org/security/2021/dsa-4844"
},
{
"title": "Patch for Dnsmasq security feature issue vulnerability (CNVD-2021-16430)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/251936"
},
{
"title": "Red Hat: Moderate: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210156 - Security Advisory"
},
{
"title": "Red Hat: Moderate: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210240 - Security Advisory"
},
{
"title": "Red Hat: Moderate: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210245 - Security Advisory"
},
{
"title": "Red Hat: Moderate: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210153 - Security Advisory"
},
{
"title": "Red Hat: Moderate: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210154 - Security Advisory"
},
{
"title": "Red Hat: Moderate: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210155 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Virtualization Host security bug fix and enhancement update [ovirt-4.4.4]",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210401 - Security Advisory"
},
{
"title": "Red Hat: Important: RHV-H security, bug fix, enhancement update (redhat-virtualization-host) 4.3.13",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210395 - Security Advisory"
},
{
"title": "Red Hat: Important: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210151 - Security Advisory"
},
{
"title": "Red Hat: Important: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210150 - Security Advisory"
},
{
"title": "Red Hat: Important: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210152 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-25685 log"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1587",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1587"
},
{
"title": "Debian Security Advisories: DSA-4844-1 dnsmasq -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6bdd82a7af8c0333eca753b3b7b02111"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.4.33 bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210281 - Security Advisory"
},
{
"title": "Cisco: Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-dnsmasq-dns-2021-c5mrdf3g"
},
{
"title": "dnspooq",
"trust": 0.1,
"url": "https://github.com/knqyf263/dnspooq "
},
{
"title": "multironic\nRequirements:\nInstall libvirt and prepare nodes\nhave to check why we need this\nTODO download ironic images later\nPull images\nTag images\nPush images\nrun httpd\nCheck that two vbmcs are running for the two nodes\nPlay with vbmc and ipmitools\nRun management cluster\nFirewall\nLaunch ironic\nrun capm3\nFirewall\nRef",
"trust": 0.1,
"url": "https://github.com/mboukhalfa/multironic "
},
{
"title": "Criminal IP NSE Script",
"trust": 0.1,
"url": "https://github.com/criminalip/CIP-NSE-Script "
},
{
"title": "Intro: What\u0027s pique or repique\n\n\nOverview",
"trust": 0.1,
"url": "https://github.com/AZ-X/pique "
},
{
"title": "https://github.com/klcheung99/CSCM28CW2",
"trust": 0.1,
"url": "https://github.com/klcheung99/CSCM28CW2 "
},
{
"title": "Kaosagnt\u0027s Ansible Everyday Utils",
"trust": 0.1,
"url": "https://github.com/kaosagnt/ansible-everyday "
},
{
"title": "F5\u306e\u8106\u5f31\u6027\u60c5\u5831",
"trust": 0.1,
"url": "https://github.com/DNTYO/F5_Vulnerability "
},
{
"title": "Vulnerability",
"trust": 0.1,
"url": "https://github.com/tzwlhack/Vulnerability "
},
{
"title": "TOP\nTable of Contents\nDonation",
"trust": 0.1,
"url": "https://github.com/JERRY123S/all-poc "
},
{
"title": "SecBooks\nSecBooks\u76ee\u5f55",
"trust": 0.1,
"url": "https://github.com/SexyBeast233/SecBooks "
},
{
"title": "Table of Contents",
"trust": 0.1,
"url": "https://github.com/CVEDB/top "
},
{
"title": "Table of Contents",
"trust": 0.1,
"url": "https://github.com/CVEDB/awesome-cve-repo "
},
{
"title": "TOP\nTable of Contents\nDonation",
"trust": 0.1,
"url": "https://github.com/hktalent/TOP "
},
{
"title": "TOP\nTable of Contents\nDonation",
"trust": 0.1,
"url": "https://github.com/cyberanand1337x/bug-bounty-2022 "
},
{
"title": "TOP\nTable of Contents\nDonation",
"trust": 0.1,
"url": "https://github.com/weeka10/-hktalent-TOP "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2021/01/20/dns_cache_poisoning/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16430"
},
{
"db": "VULMON",
"id": "CVE-2020-25685"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015548"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.0
},
{
"problemtype": "Improperly implemented security checks (CWE-358) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015548"
},
{
"db": "NVD",
"id": "CVE-2020-25685"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889688"
},
{
"trust": 1.7,
"url": "https://www.jsof-tech.com/disclosures/dnspooq/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25685"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202101-17"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-4844"
},
{
"trust": 1.1,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wyw3ir6apuskoykl5ft3actihwhgqy32/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qgb7hl3owhtlepsmldgomxqkg3km2qme/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90340376/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-25685"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-25686"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-25684"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25686"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25684"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-001"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-25683"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-25682"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-25687"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-25681"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2021:0156"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8624"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-16300"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14466"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-10105"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9925"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-15166"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9802"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20218"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26160"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-16230"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9895"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8625"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-15165"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14382"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8812"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3899"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8819"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10103"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14467"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14469"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3867"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-16229"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9893"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19221"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8808"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3902"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14465"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14882"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8623"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-16227"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-18197"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1751"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3900"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14461"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14881"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9805"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14464"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8820"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9807"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8769"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8710"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8813"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9850"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14463"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8811"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16228"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14879"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-29652"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16168"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9803"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9862"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24659"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14469"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9327"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10105"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14880"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3885"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17450"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-15503"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16935"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14461"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20916"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-5018"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10018"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14468"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14422"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8835"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8764"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14466"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8844"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3865"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14882"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16452"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3864"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16227"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14464"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16230"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20387"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14391"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-15999"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14468"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14467"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14462"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3862"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14880"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14881"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3901"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16300"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8823"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14462"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1752"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16229"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8622"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3895"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8492"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11793"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9894"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8816"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9843"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-6405"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8771"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-16451"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3897"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-10103"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-16228"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9806"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14463"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8814"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8743"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9915"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8815"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13632"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10029"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16451"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8783"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20807"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13630"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14879"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14470"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14470"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8619"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27813"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14465"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11068"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8766"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13631"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-16452"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8846"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3868"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3894"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8782"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/326.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/knqyf263/dnspooq"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2020-25685"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0240"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19770"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11668"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25662"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24490"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2007"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19072"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8649"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12655"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9458"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13225"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13249"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27846"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20636"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18808"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18809"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14553"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20054"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12826"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15862"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25211"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19602"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10773"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25661"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25641"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6977"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8647"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15917"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16166"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10774"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7774"
},
{
"trust": 0.1,
"url": "https://\u0027"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12659"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20812"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5633"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15157"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6978"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0444"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16233"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25694"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14553"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20386"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2574"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17546"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3884"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10763"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19062"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19046"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14381"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19056"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12770"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19767"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19533"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19537"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2922"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16167"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9455"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11565"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12614"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14019"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19063"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19319"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8563"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10732"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5634"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25682"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25687"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25683"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0150"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25681"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6829"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12403"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3156"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20206"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14351"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14559"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29661"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12400"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0799"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0154"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.75-1ubuntu0.16.04.7"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14834"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4698-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.79-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.82-1ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.80-1.1ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0245"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16430"
},
{
"db": "VULMON",
"id": "CVE-2020-25685"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015548"
},
{
"db": "PACKETSTORM",
"id": "161100"
},
{
"db": "PACKETSTORM",
"id": "161546"
},
{
"db": "PACKETSTORM",
"id": "161012"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161019"
},
{
"db": "PACKETSTORM",
"id": "161010"
},
{
"db": "PACKETSTORM",
"id": "161015"
},
{
"db": "PACKETSTORM",
"id": "161101"
},
{
"db": "NVD",
"id": "CVE-2020-25685"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-16430"
},
{
"db": "VULMON",
"id": "CVE-2020-25685"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015548"
},
{
"db": "PACKETSTORM",
"id": "161100"
},
{
"db": "PACKETSTORM",
"id": "161546"
},
{
"db": "PACKETSTORM",
"id": "161012"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161019"
},
{
"db": "PACKETSTORM",
"id": "161010"
},
{
"db": "PACKETSTORM",
"id": "161015"
},
{
"db": "PACKETSTORM",
"id": "161101"
},
{
"db": "NVD",
"id": "CVE-2020-25685"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-16430"
},
{
"date": "2021-01-20T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25685"
},
{
"date": "2021-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015548"
},
{
"date": "2021-01-25T17:28:49",
"db": "PACKETSTORM",
"id": "161100"
},
{
"date": "2021-02-25T15:29:25",
"db": "PACKETSTORM",
"id": "161546"
},
{
"date": "2021-01-19T14:45:12",
"db": "PACKETSTORM",
"id": "161012"
},
{
"date": "2021-03-10T16:02:43",
"db": "PACKETSTORM",
"id": "161742"
},
{
"date": "2021-01-19T14:46:12",
"db": "PACKETSTORM",
"id": "161019"
},
{
"date": "2021-01-19T14:43:50",
"db": "PACKETSTORM",
"id": "161010"
},
{
"date": "2021-01-19T14:45:36",
"db": "PACKETSTORM",
"id": "161015"
},
{
"date": "2021-01-25T17:28:57",
"db": "PACKETSTORM",
"id": "161101"
},
{
"date": "2021-01-20T16:15:14.303000",
"db": "NVD",
"id": "CVE-2020-25685"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-16430"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25685"
},
{
"date": "2021-10-04T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2020-015548"
},
{
"date": "2024-11-21T05:18:27.807000",
"db": "NVD",
"id": "CVE-2020-25685"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "161010"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "dnsmasq\u00a0 Security check vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015548"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow, memory leak",
"sources": [
{
"db": "PACKETSTORM",
"id": "161546"
}
],
"trust": 0.1
}
}
var-202202-1144
Vulnerability from variot
Puma is a Ruby/Rack web server built for parallelism. Prior to puma version 5.6.2, puma may not always call close on the response body. Rails, prior to version 7.0.2.2, depended on the response body being closed in order for its CurrentAttributes implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails or Puma version fixes the vulnerability. Puma and Rails Exists in unspecified vulnerabilities.Information may be obtained. Puma is a web server for high-concurrency applications developed by the individual developer of Evan Phoenix in the United States. No detailed vulnerability details are currently provided. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202208-28
https://security.gentoo.org/
Severity: Low Title: Puma: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #794034, #817893, #833155, #836431 ID: 202208-28
Synopsis
Multiple vulnerabilities have been discovered in Puma, the worst of which could result in denial of service.
Background
Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/puma < 5.6.4 >= 5.6.4
Description
Multiple vulnerabilities have been discovered in Puma. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Puma users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/puma-5.6.4"
References
[ 1 ] CVE-2021-29509 https://nvd.nist.gov/vuln/detail/CVE-2021-29509 [ 2 ] CVE-2021-41136 https://nvd.nist.gov/vuln/detail/CVE-2021-41136 [ 3 ] CVE-2022-23634 https://nvd.nist.gov/vuln/detail/CVE-2022-23634 [ 4 ] CVE-2022-24790 https://nvd.nist.gov/vuln/detail/CVE-2022-24790
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-28
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 .
We recommend that you upgrade your puma packages.
For the detailed security status of puma please refer to its security tracker page at: https://security-tracker.debian.org/tracker/puma
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmKNGrEACgkQEMKTtsN8 TjYLKxAAmsH1Yv2uTLb4ONhlsJwSpEW7+lZChBTALXMvJZGhBeWCNqMzKwYZGf7E +DPi0F04Igm930pDB/diFuu0P+R/OkLTGRklDL6Y1fa7quzVXJ2iyWCFb5ilA5dw 3BNz2qkytsXLy9lVXsCfUo06A6inwOpNeg+Dyz61iA+l6cuUoXveji4xg9WzJZJT vB1Acuns273ILxoYcTrnoG0srLZ2WQwduvyu1wRV5z6UjAZ9MwxxKWA1dm2fyNmG MfUugl6rHryyQq8MjY/qgnUpAb5aAT6OiyiBv2faJHflCvtYBzA5cE1aTUg/2EpK OG2lJYUJkzks0P8apw4ZoFQAxZcYbcQAUMSSrwMOob6YqIw1LO6oped3L86Yr/UY UK7m0N2EC0TYWiPa3Y0oW1348jatdqlEQP5OxoMLAIY2qlhH08xnpx6Pf9xzZynH ivM7kBn9xsOIZQh6XGdHLFnioBc9S2fUQlaIK5D6tn+2T3+CzR85qoY6mg3ZsJlI rpkNI2Fgj/piZIdhDxSM9A7Tb840ECi1Tv3Z1P0b9ujlzrzlRWO+GinTNl4HS8f1 7jUZ4HzAaeUg/LRcBrURlmG2vcCT6cB3qM/m/jX0VF1w/6AzjqysHGfD+MxhrxQA PKqIrnCaAvSSV59rtWxyzSSfwOfLFUkUu6BWDiLo71Jl2XxCrdE= =w9Nx -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Satellite 6.11 Release Advisory ID: RHSA-2022:5498-01 Product: Red Hat Satellite 6 Advisory URL: https://access.redhat.com/errata/RHSA-2022:5498 Issue date: 2022-07-05 CVE Names: CVE-2021-3200 CVE-2021-3584 CVE-2021-4142 CVE-2021-21290 CVE-2021-21295 CVE-2021-21409 CVE-2021-30151 CVE-2021-32839 CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 CVE-2021-41136 CVE-2021-42550 CVE-2021-43797 CVE-2021-43818 CVE-2021-44420 CVE-2021-44568 CVE-2021-45115 CVE-2021-45116 CVE-2021-45452 CVE-2022-22818 CVE-2022-23633 CVE-2022-23634 CVE-2022-23833 CVE-2022-23837 CVE-2022-28346 CVE-2022-28347 ==================================================================== 1. Summary:
An update is now available for Red Hat Satellite 6.11
- Relevant releases/architectures:
Red Hat Satellite 6.11 for RHEL 7 - noarch, x86_64 Red Hat Satellite 6.11 for RHEL 8 - noarch, x86_64
- Description:
Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.
Security Fix(es):
- libsolv: Heap-based buffer overflow in testcase_read() in src/testcase.c (CVE-2021-3200)
- satellite: foreman: Authenticate remote code execution through Sendmail configuration (CVE-2021-3584)
- candlepin: Allow unintended SCA certificate to authenticate Candlepin (CVE-2021-4142)
- candlepin: netty: Information disclosure via the local system temporary directory (CVE-2021-21290)
- candlepin: netty: Possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)
- candlepin: netty: Request smuggling via content-length header (CVE-2021-21409)
- tfm-rubygem-sidekiq: XSS via the queue name of the live-poll feature (CVE-2021-30151)
- python-sqlparse: ReDoS via regular expression in StripComments filter (CVE-2021-32839)
- libsolv: various flaws (CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938)
- tfm-rubygem-puma: Inconsistent Interpretation of HTTP Requests in puma (CVE-2021-41136)
- logback-classic: Remote code execution through JNDI call from within its configuration file (CVE-2021-42550)
- candlepin: netty: Control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
- python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818)
- python3-django: Potential bypass of an upstream access control based on URL paths (CVE-2021-44420)
- libsolv: Heap overflow (CVE-2021-44568)
- python3-django: Various flaws (CVE-2021-45115 CVE-2021-45116 CVE-2021-45452 CVE-2022-22818)
- tfm-rubygem-actionpack: Information leak between requests (CVE-2022-23633)
- tfm-rubygem-puma: rubygem-rails: Information leak between requests (CVE-2022-23634)
- python3-django: Denial-of-service possibility in file uploads (CVE-2022-23833)
- tfm-rubygem-sidekiq: WebUI Denial of Service caused by number of days on graph (CVE-2022-23837)
- python3-django: Various flaws (CVE-2022-28346 CVE-2022-28347)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
- New repo layout for Satellite, Utils, Maintenance, and Client repos.
- Support for RHEL 9 clients
- Module-based installation on RHEL 8
- Upgrading Satellite Server and Capsule Server installations from RHEL 7 to RHEL 8
- Connected and Disconnected servers supported on RHEL 7 and RHEL 8
- Inter-Server Synchronization improvements
- Puppet integration optional and disabled by default
- Pulp 3 updated to Python 3.8
- Change to Capsule certificate archive
- New default port for communication with Red Hat Subscription Management * (RHSM) API on Capsule servers
- New Content Views Page (Content Publication workflow simplification)
- New Hosts Page (Technology Preview)
- Registration and preview templates
- Simplified host content source changing
- Improved behavior for configuring and running remote jobs
- Provisioning improvements
- New error signaling unsupported options in TASK-Filter
- Virt-who configuration enhanced to support Nutanix AHV
- Cloud Connector configuration updated
- Improved Insights adoption
The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.
- Solution:
For Red Hat Satellite 6.11 see the following documentation for the release. https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11
The important instructions on how to upgrade are available below. https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html/upgrading_and_updating_red_hat_satellite
- Bugs fixed (https://bugzilla.redhat.com/):
1459231 - [RFE] Support 'cleaning' a repo of downloaded on_demand content
1473263 - Processing outputs of remote command on the smart-proxy is slow.
1545000 - [RFE] As a user of Satellite, I would like to use another Satellite as my CDN.
1596004 - Cannot register host with activationkey that is associated to host collections that have host count limits
1609543 - concurrently creating repositories causes most of them are not visible for consumer at the end
1659649 - [RFE] Shorten or handle "410 Gone" errors rather than printing a page-long trace for each
1662924 - [RFE] Report that lists all the hosts on which a particular repository is enabled
1685708 - Editing a host tries to inherit the operating system properties from it's host-group instead of the CV and Lifecycle Environment assigned
1693733 - ensure foreman-maintain works with RHEL8 Satellite & Capsules
1694659 - [RFE] Host Add-Parameter button should not float down page as new params are added.
1713401 - RHEL 8 systems with OSPP applied cannot install katello-ca-consumer package from Satellite 6.5
1723632 - When restarting foreman-tasks, long running tasks got forcefully killed after 20 seconds of wait.
1723751 - [RFE] Provide a script-like interface to task cleanup, preventing wrong values from being entered
1735540 - Virt-who-config for kubevirt does not support in API and hammer CLI
1744521 - There is no way to identify the overriden Ansible variables while creating or editing an existing host
1761421 - [RFE] Option to "skip-tags" on Ansible runs from Red Hat Satellite server.
1770075 - Snippet template may render incorrect result when non-default scope class is used to render the main template.
1771724 - Move Actions::Katello::Host::UploadPackageProfile out of dynflow
1777820 - [RFE] Make hammer-cli available for RHEL 8 systems
1784254 - Static recurring job failed to schedule on 2nd iteration if any of the target host record is invalid.
1805028 - Issue with hammer shell while using "--fields" parameter to display host info
1807258 - Cloned viewer role cannot view facts
1807536 - Parent Hostgroup hammer parameter accept only name, not title
1809769 - [RFE] support ability disable and remove puppetserver from Satellite and Capsules
1811166 - REX job failed when you enable FIPS on RHEL 8 hosts
1813624 - Consistent use of unlimited-host argument throughout CLI
1819309 - [RFE] Load balanced capsules without using sticky sessions
1825761 - Ansible Role execution reports do not show Ansible Icon
1832858 - [RFE] Exporting a content view does not exports the description assigned to the content view.
1844848 - [RFE] add "duration" column to tasks hammer and export
1845471 - exclude source redhat containers by default
1847825 - Incorrect text alignment for error message
1851808 - Unable to set ssh password and sudo password when creating a REX job using hammer
1852897 - API - ISE when using invalid status type
1862140 - ipv4/6 auto-suggested address should be removed when the different domain and subnet with ipv6/4 are selected
1867193 - Content Host Traces Management modal window does not respect selection done on the previously opened page
1869351 - [RFE] Add ability to omit specific hosts from rh_cloud inventory upload
1872688 - Remote execution will fail on client with FIPS enabled
1873241 - [RFE] When choosing what capsule to use for Remote Execution into a host, use the host's "Registered through" capsule
1877283 - [RFE] Request to use /etc/virt-who.conf as the default config file for virt-who plugin
1878049 - Cancel button should be enabled in the capsule sync until the job completions
1881668 - hammer user list --help has invalid --order example
1883612 - [RFE] - Needs Dot Bullet to distinguised environment for Composite Content View on Red Hat Satellite Web UI
1883816 - Appropriate error message to be shown when creating authsource with same name as existing authsource.
1886780 - [Sat 6.8/UI/Bug] Refresh icon doesn't go away
1893059 - Satellite 6.8 Remote Execution fails on RHEL 8.2 clients with DEFAULT:NO-SHA1 crypto policy
1896628 - Hammer Command Fails to List Job Invocation Details if Organization is Used
1898656 - [RFE] Include status of REX jobs on the Satellite Dashboard
1899481 - [RFE] - Tasks: Need Word Wrap for Long Commands
1902047 - [RFE] In the message "Repository cannot be deleted since it has already been included in a published Content View" , include the name of CV and it's versions
1902314 - [RFE] Introduce check-only or dry-run feature for any kind of Ansible based job execution from Satellite 6
1906023 - ssh debug logging on FIPS causes REX job failure with OpenSSL::Digest::DigestError
1907795 - Remove the MS Windows provisioning Templates from the RedHat Satellite 6
1910433 - REX is not possible on RHEL 8 when FUTURE crypto policy is set from Satellite 6.8
1911545 - Epoch version is missing from rpm Packages tab of Content View Version
1914803 - Some of the "filters" permission changed after the upgrade.
1915394 - [RFE] Adding an option to keep the ansible-runner files on Satellite.
1919146 - [RFE] Possibility for further tailoring with Compliance Viewer role
1920579 - The private bookmark status is not reflected correct in satellite GUI and we cannot make a private bookmark public through Red Hat Satellite GUI
1922872 - Autosearch is not working even if its enabled.
1923766 - Inconsistent time format on Sync Plans Details page
1924625 - Sync status showing never synced even though the repositories has been synced successfully
1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory
1927532 - Large CRL file operation causes OOM error in Candlepin
1931489 - Timeout to kill settings in job execution is not honored when running an Ansible playbook
1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation
1937470 - hammer does not have a compute resource associate VMs command as web UI has
1940308 - [BUG] The / at the end of proxy url is not being handled by satellite correctly when trying to enable repositories
1942806 - AttributeError occured when run python 3 bootstrap.py on RHEL9.0 Alpha
1944802 - [RFE] List of all Enabled Repository of all the content hosts using Reporting Templates.
1944888 - CVE-2021-21409 netty: Request smuggling via content-length header
1951626 - Validate Content Sync on bulk product produces error messages
1955385 - Privilege escalation defined inside ansible playbook tasks is not working when executing the playbook via Remote Execution in Satellite 6
1957070 - [RFE] add 'name' for the role filter in API
1957288 - [RFE] Add option in the satellite to upload/sync OVAL defination to evalute the rule (xccdf_org.ssgproject.content_rule_security_patches_up_to_date) when performing Compliance scan on the client registered with the Satellite server.
1958664 - [RFE]? Replace?bcrypt hash function with (FIPS-approved / NIST recommended) encryption algorithm for internal passwords?in the Satellite.
1959691 - [Tuning] Tuning Puma in the predefined tuning profiles
1960228 - Template is written twice when resolving provisioning templates for a host
1962307 - CVE-2021-3200 libsolv: heap-based buffer overflow in testcase_read() in src/testcase.c
1962410 - VMs Migrating are Losing ELS Subscriptions and Repos for RHEL 6
1962847 - foreman-rake katello:* fails with the error message The Dynflow world was not initialized yet
1964394 - Warning: postgresql.service changed on disk, when calling foreman-maintain service restart
1965968 - Since Satellite 6.8 it's not possible to remove subscriptions from 'WebUI --> Content --> Subscriptions' page if the user doesn't have 'Setting' permissions.
1967319 - The /api/usergroups/:usergroup_id/external_usergroups API is not accepting 1-group as the name of usergroup
1968439 - CVE-2021-3584 foreman: Authenticate remote code execution through Sendmail configuration
1969748 - Hammer documentation for "hammer organization create --help" command has unnecessary and repeated description
1969992 - Exclude pulp-2to3-migration package from Satellite 7.0
1970482 - Discovery plugin ignores IPv6 when doing reboot/kexec/fetch facts
1972501 - After promoting the content view, Candlepin failed to mark the entitlement certificates as dirty
1973146 - [RFE] As a user I want to receive an email notification when a job I triggered fails
1974225 - Incremental CV update does not auto-publish CCV
1975321 - select all button selects recommendation for other organizations which fails remediation action(JobInvocation).
1978323 - [RFE]: Include curve25519sha256 support in Remote Execution
1978689 - [global registration] [hammer] - No proper alignment in host-registration generate-command -h command
1979092 - Capsule cname is reported as opposed to hostname
1979907 - [RFE] IPv6 fact is not being parsed for satellite hosts.
1980023 - satellite-installer times out during long running SQL DELETE transactions
1980166 - Too many libvirt connections from Satellite due to ssh connection leaks
1982970 - Fact updates causing unnecessary compliance recalculation in Candlepin
1988370 - [RFE] Support Nutanix AHV in the Satellite virt-who plugin
1992570 - Only Ansible config jobs should run in check mode
1992624 - Remote Execution fails to honor remote_execution_connect_by_ip override on host
1992698 - Store certain parts of dynflow data as msgpack
1994212 - Failed at scanning for repository: undefined method resolve_substitutions' for nil:NilClass
1994237 - Executing any foreman-rake commands shows 'ErbParser' and 'RubyParser' are ignored.
1994397 - Increased memory usage of pulp-3 workers during repo sync
1994679 - Host - Last Checkin report template is not showing any other content host apart from Red Hat Satellite itself.
1996803 - Grammatical errors with Insecure help text at Host Registration
1997575 - Lifecycle Environment tab flash OSTree & Docker details for a second then shows actual content path.
1997818 - "Login Page Footer Text" Blocking Login Button on Satellite UI
1998172 - Puppet classes and environment importer. documentation opens in same tab instead of a new one
1999604 - Unable to assign ansible roles to a host group via hammer/api with non-admin user
2000699 - CVE-2021-33928 libsolv: heap-based buffer overflow in pool_installable() in src/repo.h
2000703 - CVE-2021-33929 libsolv: heap-based buffer overflow in pool_disabled_solvable() in src/repo.h
2000705 - CVE-2021-33930 libsolv: heap-based buffer overflow in pool_installable_whatprovides() in src/repo.h
2000707 - CVE-2021-33938 libsolv: heap-based buffer overflow in prune_to_recommended() in src/policy.c
2000769 - pulp3: CV publishes with dependency solving and same source repos for copy are not concurrent
2002995 - hammer completion not working
2004016 - httpboot not working on GRUB version provided by RHEL7
2004158 - Sat 6.9.5: foreman-rake facts:clean aborts due to foreign key in database
2004234 - [RFE] Email notification after a job template execution completes.
2004335 - [RFE] API and Hammer functionality for Red Hat Access Insights in satellite 6
2005072 - CVE-2021-32839 python-sqlparse: ReDoS via regular expression in StripComments filter
2007655 - Authorization repository causing invalid upstream url
2008809 - Task is failing but still showing success state
2009049 - pulp_rpm: Basic-auth repository causing invalid upstream url
2009398 - hammer host interface update does not update remote execution setting
2010138 - Satellite doesn't forward the "If-Modified-Since" header for /accessible_content endpoint to Candlepin
2011062 - cockpit webconsole login fails when remote execution configured for kerberos
2013495 - CVE-2021-41136 rubygem-puma: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
2013503 - CVE-2021-30151 sidekiq: XSS via the queue name of the live-poll feature
2013837 - Improve REX error reporting when uploading script
2014037 - There is a new login account in satellite 6.9
2014244 - Remove Greedy DepSolving from UI
2014251 - Global Registration: Selecting Satellite URL as the proxy fails to register hosts with default config
2018263 - Using Satellite with a proxy produces an SELinux alert
2020329 - [RFE] Switch process output to DB
2021255 - Satellite schedules one recurring InventorySync::Async::InventoryScheduledSync per org but each task syncs all orgs, resulting in harmless but unnecessary tasks
2021352 - [RFE] One manifest version to cover all of Satellite 7
2021406 - syncing tens of repos to capsule can cause deadlock: while updating tuple (...) in relation "core_content"
2021985 - [BUG] Upgrading Satellite 6.9 with custom certificates to Satellite 6.10 beta will cause the same problem to occur as BZ# 1961886
2022648 - please update to Satellite Ansible Collection 3.0.0
2023809 - Satellite 6.10 upgrade fails with PG::NotNullViolation: ERROR: column "subscription_id" contains null values
2024269 - Attempt of upgrading Satellite server to 6.7 or 6.8 stops with message "Please run 'foreman-maintain prep-6.10-upgrade' prior to upgrading." when using latest rubygem-foreman_maintain package
2024553 - Repository sync jobs are failing with the Exception "NoMethodError undefined methodrepository_href' for nil:NilClass" post upgrade to satellite version 6.10
2024889 - Syncing RHEL 5 KS repository fails with: " Artifact() got an unexpected keyword argument 'sha' "
2024894 - Unable to sync EPEL repositories on Satellite 6.10 when 'Mirror on Sync' is enabled
2024963 - Syncing EPEL repos on Satellite 6.10 fails with: "Incoming and existing advisories have the same id but different timestamps and non-intersecting package lists.."
2024978 - Satellite upgrade to 6.10.1 fails with multiple rubygem-sinatra package dependency errors
2024986 - CV publish fails with: No route matches {:action=>"show", :controller=>"foreman_tasks/tasks", :id=>nil}, missing required keys: [:id] (ActionController::UrlGenerationError)
2025049 - Executing remove-pulp2 after a successful Satellite 6.10 upgrade breaks synchronizations and repositories.
2025437 - New OS created due to facts mismatch for operatingsystem for RHSM, Puppet and Ansible
2025494 - Capsule sync task failed to refresh repo that doesn't have feed url with "bad argument (expected URI object or URI string)" error
2025523 - Ansible roles are not starting automatically after provisioning
2025760 - installer does not restart foreman.service when changing puma configuration
2025811 - Upgrading to Satellite 6.9.6 and above introduces an increase in system memory consumption causing Pulp activities to fail with OOM at certain times
2026239 - Config report upload failed with "No smart proxy server found on ["capsule.example.com"] and is not in trusted_hosts"
2026277 - null value in column "manifest_id" violates not-null constraint error while syncing RHOSP container images
2026415 - RFE: Add command for upgrading foreman-maintain to next major version
2026658 - Fix name & path to OS host_init_config template
2026718 - XCCDF Profile in Tailoring File selecting the first id not the selected id
2026873 - Date parse error around SCA cert fetching when system locale is en_AU or en_CA
2027052 - The redhat.satellite.foreman plugin is unable to collect all facts for the target systems as expected when using default api
2027968 - A failed CV promote during publish or repo sync causes ISE
2028178 - CVE-2021-44420 django: potential bypass of an upstream access control based on URL paths
2028205 - db:seed can fail when there are host mismatches
2028273 - Cannot pull container content - TypeError: wrong argument type String (expected OpenSSL/X509)
2028377 - [RFE] add option to export and import just repository for hammer content-export
2028446 - Pulp: Add options to change the import and export path in /etc/pulp/settings.py
2028733 - katello-change-hostname fails to perform changes, leaving the system in an unusable state
2029192 - Applying errata from the errata's page always tries to use katello-agent even when remote_execution_by_default set to true
2029375 - webhook event "build_exited" never gets triggered
2029385 - selinux denials when accessing /etc/pulp/certs/database_fields.symmetric.key
2029548 - Excluding system facts logs as WARN causing log files to increase dramatically
2029760 - Scenarios for Satellite and Capsule 7.0
2029807 - foreman-maintain service fails for external postgres service, when no psql utility installed
2029828 - TFTP Storage check fails on undefined method []' for nil:NilClass
2029829 - change hostname tries to unconditionally restart puppetserver
2029914 - FIPS enabled RHEL7 server: Candlepin services not running after installation
2030101 - No longer be able to import content into disconnected Satellite for existing content views
2030273 - The tasks generated by task export in html format are not sorted by date
2030434 - Repository sync download all metadata files on every sync, even when there is no new packages
2030460 - Need a way to sync from a specific content view lifecycle environment of the upstream organization
2030715 - hammer content-[import,export] uses /tmp directory for temporary decompression location
2031154 - After upgrading to Satellite 6.10, Repository sync randomly fails if a ReservedResource exists in core_taskreservedresource table of pulpcore DB.
2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling
2032098 - Incremental publish content view doesn't copy any contents
2032400 - Remove warning from reports page in 7.0
2032569 - CVE-2021-43818 python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through
2032602 - Content not accessible after importing
2032928 - Puppet disable command fails
2032956 - Cannot create bookmark for credentials search
2033174 - Large repo sync failed with "Katello::Errors::Pulp3Error: Response payload is not completed"
2033201 - Button to assign roles on Host details page missing
2033217 - "Cannot find rabl template 'api/v2/override_values/index'" error while trying to import Ansible variables using hammer CLI.
2033336 - Add 'service restart' step in purge-puppet command
2033560 - CVE-2021-42550 logback: remote code execution through JNDI call from within its configuration file
2033593 - fact_values api performance issues when loading a large number of facts
2033847 - Content view export failed with undefined methodfirst' for nil:NilClass
2033853 - Publish content view failed with "PulpRpmClient::ApiError Error message: the server returns an error"
2033940 - Error: AttributeError: 'NoneType' object has no attribute 'cast' thrown while listing repository versions
2034317 - hammer repository upload-content with large file gives "Too many open files" error
2034346 - CVE-2021-4142 Satellite: Allow unintended SCA certificate to authenticate Candlepin
2034461 - Capsule failed to sync empty repositories
2034552 - Puppet disable command fails on Capsule
2034635 - New hosts UI, removal of Share your feedback link
2034643 - New hosts UI, when navigated back to host detail from jobs detail, old ui is shown instead of new
2034649 - New hosts UI, missing Ansible cards
2034659 - OSTree repository update error: excludes is not a valid attribute in PulpOstreeClient::OstreeOstreeRemote
2035195 - command "hammer full-help" gives error "Error: uninitialized constant HammerCLIForeman::CommandExtensions::PuppetEnvironment"
2035204 - Tags need to be truncated in rh_cloud report
2035480 - In Satellite upgrade, yum update failed to resolve the "createrepo_c-libs" dependency
2035907 - Ansible config report time is one hour off
2036054 - [Custom Certs] - Failed to install the custom certs on the Satellite 7.0.0 works fine in 6.10
2036187 - self-upgrade fails with x.y should be greater than existing version x.y.z!
2036381 - Applying exclude filter on a CV containing kickstart repos causes missing package groups
2036628 - Rex job fails Error loading data from Capsule: NoMethodError - undefined method each' for nil:NilClass
2036721 - Satellite is creating the schedule on the wrong day of the week (day+1)
2037024 - CVE-2021-45115 django: Denial-of-service possibility in UserAttributeSimilarityValidator
2037025 - CVE-2021-45116 django: Potential information disclosure in dictsort template filter
2037028 - CVE-2021-45452 django: Potential directory-traversal via Storage.save()
2037180 - Failed to docker pull image with "Error: image <image name> not found" error
2037275 - Cockpit integration always fails with authentication error
2037508 - upload-content results in wrong RPM being added to product
2037518 - The RSS channel is set to the upstream URL
2037520 - Bootdisk new host page menu items are missing
2037648 - upgrade check checking group ownership of /var/lib/pulp (pulp2) instead of /var/lib/pulp/content (pulp3)
2037706 - Rex job fails: undefined methodjoin' for "RHSA-2012:0055":String
2037773 - The new host detail page should be enabled by default without the experimental warning
2038042 - Ansible Jobs are halting at status running
2038192 - Upgrade to Satellite 6.10 fails at db:migrate stage if there are errata reference present for some ostree\puppet type repos
2038241 - ERROR: at least one Erratum record has migrated_pulp3_href NULL value
2038388 - Activation key issue with custom products on RHEL 6
2038432 - Error when importing content and same package belongs to multiple repositories
2038849 - repositories-setup procedure failing with "undefined method map' for "*":String"
2039289 - Installing Satellite7, satellite-installer runs redundant upgrade steps
2039696 - Puppet-related hammer commands still missing after plugin enabled
2040406 - Incorrect layout of new host details overview cards
2040447 - [RFE] Katello host detail tabs should accept URL params for search
2040453 - Limited CV docker tags cannot be pulled after syncing library repo with "limit sync tags"
2040596 - undefined methodname' for "":String" on "All Hosts" page
2040650 - Upgrade or offline backup fails on RHEL8 due to missing iptables command
2040773 - Updating repo with GPG key ID fails
2040796 - Grammar error on SyncPlan Details tab
2040870 - Error to import rhel7 kickstart on disconnected satellite
2041457 - Change ks= to inst.ks= and sendmac for RHEL 9 Beta
2041497 - Incremental CV update fails with 400 HTTP error
2041508 - Publication creation (during migration to pulp3 as well) can fail if /var/lib/pulp is NFS share
2041551 - Puppet enable fails on RHEL8 due to missing package(s)
2041588 - [RFE] Add Type to cdn configuration for 'disconnected' mode
2041701 - Fail to import contents when the connected and disconnected Satellite have different product labels for the same product
2042416 - Unclickable Class names in Configure > Puppet classes
2042480 - Configure Cloud Connector fails after hostname change; potentially hits all templates
2042848 - Package list of repository is empty page
2042861 - [Recurring Logic]logging for recurring logic should be more verbose
2043081 - 406 error appears when running insights-client --compliance
2043097 - sql dump of dynflow data is encoded, what breaks sosreport
2043144 - After upgrading to 6.10, Satellite fails to sync some repositories with large files with timeout error
2043248 - Importing content fails if an importer with same name already exists
2043501 - Satellite upgrade fails during db:seed with ActiveRecord::RecordNotDestroyed: Failed to destroy the record
2043609 - pulpcore-workers grow very large when repositories have many changelog entries
2043726 - content views configured as "import only" generate 404 errors during capsule sync
2044581 - CVE-2022-23837 sidekiq: WebUI Denial of Service caused by number of days on graph
2044606 - New version of Candlepin now has org in entitlement certificate and causes authorization issues
2044631 - duplicate key value violates unique constraint "core_repositorycontent_repository_id_content_id_df902e11_uniq"
2044839 - SSH Remote execution does not reap processes when closing multiplexed ssh connection
2045504 - Show all provisioning templates by default
2045854 - organization context fails to change in web UI
2046281 - usability issues for user without execute_jobs_on_infrastructure_hosts permissions
2046307 - New host details Errata overview card shows stale data for unregistered host
2046322 - Manager role does contain the execute_jobs_on_infrastructure_hosts permission
2046328 - Custom yum CV does not show correct list of packages
2046337 - Certain manifest, subscription and repository related actions are broken while using HTTP Proxy as content_default_http_proxy in Satellite 6.10
2046484 - RPM exclude filter does not work in web UI
2046573 - update puppet classes via API to empty puppet classes does not update the classes
2047285 - [RFE] enable redis cache for pulp content server by default
2047443 - Unable to Import any content via Import/Export
2047451 - [RFE] [SAT-4229] Packages - Filter by status
2047485 - syncing repo using proxy can generate misleading log entries when proxy deny access to the url requested
2047649 - please update to Satellite Ansible Collection 3.1.0
2047675 - Getting "404 not found" when publishing a content view
2047683 - Force cancel a paused task doesn't release the lock
2048470 - Leapp upgrade fails after reboot with disabled postgresql redis tomcat services
2048517 - service stop tries to execute CheckTftpStorage
2048560 - REX doesn't honor effective_user when async_ssh is true
2048775 - CVE-2022-22818 django: Possible XSS via '{% debug %}' template tag
2048778 - CVE-2022-23833 django: Denial-of-service possibility in file uploads
2048913 - "foreman-maintain health check --label check-hotfix-installed" fails with error "undefined method []' for nil:NilClass"
2048927 - Satellite 6.10 clone is looking for mongo_data.tar.gz file
2048986 - "foreman-maintain health check --label validate-yum-config" command failed with message "clean_requirements_on_remove=True Unset this configuration as it is risky while yum update or upgrade!"
2049143 - Unable to run Convert2RHEL role on the host
2049304 - katello-rhsm-consumer script subscription-manager version detection depends on subscription-manager rpm being installed
2049799 - Incremental update with --propagate-all-composites makes new CVV but with no new content
2049913 - Repo filtering shows all products and repos in different organizations
2050100 - Module streams enabled by default are gone when CV starts using filters
2050297 - Modifying 'Capsule tasks batch size for Ansible' causes subsequent Ansible jobs to hit TypeError
2050323 - Misleading error message when incorrect org label is entered
2050440 - pulp workers are idle despite there is one pending task
2051374 - wrong sinatra obsoletes makes Satellite uninstallable
2051408 - IP obfuscation algorithm can generate invalid IPs
2051468 - Active directory users taking too much time to login when its part of many groups.
2051522 - pulpcore_t and pulpcore_server_t domains are prevented to access httpd_config_t files
2051543 - smart_proxy_remote_execution_ssh leaves zombie ssh processes around
2051912 - Some of the services failed to start after satellite restore
2052048 - Repeated Ansible Role run scheduling adds extra time to specified start date
2052088 - Satellite-installer does not ensure proper permissions on /etc/foreman-proxy/ssl_ca.pem at every run
2052420 - Satellite upgrade fails during db:migrate with PG::DuplicateTable: ERROR: relation "index_hostgroups_puppetclasses_on_hostgroup_id" already exists
2052493 - restore on another machine fails with ERROR: web server's SSL certificate generation/signing failed
2052506 - "foreman-maintain health check --label check-hotfix-installed" does not display the modified files in command stdout.
2052524 - rubygem-sinatra el8 rpm should keep the epoch number
2052815 - dynflow fails with "403 extra bytes after the deserialized object"
2052958 - Job invocation fails for errata installation.
2053329 - content-view import fails with Error: PG::StringDataRightTruncation: ERROR: value too long for type character varying(255)
2053395 - Satellite upgrade failed with error "Couldn't connect to the server: undefined methodto_sym' for nil:NilClass"
2053478 - Uploading external DISA SCAP content to satellite 6.10 fails with exception "Invalid SCAP file type"
2053601 - Errata icons are the wrong colors
2053839 - Deletion of Custom repo fails with error "uninitialized constant Actions::Foreman::Exception" in Satellite 7.0
2053843 - hammer shell with redirected input prints stty error on RHEL8
2053872 - Changing Upstream URL of a custom repo in WebUI raises error "Upstream password requires upstream username be set."
2053876 - Multiple instances of scheduled tasks of more types
2053884 - Host detail UI setting is not honored when returning to the host page after canceling an Edit action
2053923 - InsightsScheduledSync raises exception when allow_auto_insights_sync is false
2053928 - Satellite UI suddenly shows "Connection refused - connect(2) for 10.74.xxx.yyy:443 (Errno::ECONNREFUSED) Plus 6 more errors" for a capsule even if there are no connectivity issue present in Satellite\Capsule 7.0
2053956 - Installing Satellite 7.0 on FIPS enabled RHEL 8.5 fails on "katello-ssl-tool --gen-ca" step with error "ERROR: Certificate Authority private SSL key generation failed"
2053970 - Upgrade to Red Hat Satellite 7.0 fails at db:migrate step with error "undefined local variable or method type' for #<Katello::CdnConfiguration:0x00000000153c6198>"
2053996 - ReclaimSpace does not acquire repo lock so it can be run concurrently with the repo sync
2053997 - hammer lacks command "repository reclaim-space"
2054008 - Retain packages on Repository does not synchronize the specified number of packages on Satellite 7
2054121 - API and WebUI must disallow repo create with negative Retain package versions count
2054123 - hammer repository create ignores --retain-package-versions-count option
2054165 - After satellite-change-hostname, foreman tasks acquired lock error still refers to URL of old hostname
2054174 - Repo discovery feature cannot discover yum repositories because 'Content Default HTTP Proxy' is not used to connect to the upstream URL in Satellite 7.0
2054182 - remove pulp2 automatically on upgrade to 6.11 (If the user hasn't already done it)
2054211 - CVE-2022-23634 rubygem-puma: rubygem-rails: information leak between requests
2054340 - [SAT-4229] Module streams - basic table
2054758 - Satellite 6.10 clone is failing with user pulp doesn't exist
2054849 - CDN loading error for non-admin user and non-default org
2054971 - Enable registration by default
2055159 - Satellite/capsule 6.10 and tools 6.10 repos are listed in the Recommended Repositories for Sat 7.0
2055312 - Enabling ISO type repository fails with PG::NotNullViolation: ERROR
2055329 - Cannot import a cv
2055495 - If Kickstart 7.X repos are being synced to Capsule 7.0 then Pulp 3 tries to sync a non-existant HighAvailability and ResilientStorage repo as well and gets 404 fnot found
2055513 - Deletion of Custom repo deletes it from all versions of CV where it is included but the behavior is different for Red Hat based repos in Satellite 7.0
2055570 - Add check for LCE and CV presence in upstream server for disconnected Satellite
2055808 - Upgrading the Satellite 7.0 from Snap 8 to Snap 9 , sets the CDN configuration for all Organizations in airgapped mode
2055951 - Index content is creating duplicated errata in "katello_erratum" table after upgrading to Satellite 6.10
2056167 - [RFE] Create new content view should redirect to "Repositories" and not "Versions" tab
2056171 - [RFE] Publish new version should redirect to "Version" tab
2056172 - [RFE] Add repositories button should highlight in Content view
2056173 - [RFE] Content view filter doesn't shows "Start Date" & "End Date" tags to confirm the correct user inputs.
2056177 - [Bug] Custom subscriptions consumed and available quantity not correct in the CSV file
2056178 - [RFE] Add RHEL-8 EUS repositories under recommended repositories
2056183 - Content view filter should suggest architectures parameters in RPM rule
2056186 - After enabling the Red Hat web console feature in Satellite 7.0, the redesigned Host page does not offers any option to connect to the Web\Cockpit Console of the client system
2056189 - Remove RHEL 7 EUS repository from the Recommended Repositories list
2056198 - [RFE] "Add Content Views" button should highlight in Composite Content view
2056202 - [RFE] Promote button should be displayed in the Content view version
2056237 - [Bug] Satellite Administration Documentation is missing
2056469 - Not possible to set hostgroup parameter during hostgroup creation
2056657 - Add deprecation banners for traditional (non-SCA) subscription management
2056966 - Part of REX job fails if multiple capsules are used for the job
2057178 - CVE-2021-44568 libsolv: heap-overflows in resolve_dependencies function
2057309 - Latest Hardware version for VMware vSphere 7.0U3 is not available on Satellite 7
2057416 - rubygem-rack is obsoleted without epoch
2057605 - foreman.rpm pulls in nodejs
2057632 - Creating repo fails if there's a validation error in the first save.
2057658 - Update pulp-rpm to 3.17
2057782 - Limit sync tags parameter is displayed twice on the repositories detail page
2057848 - Inclusion of tags in limit sync tags parameter is not white listing the tags to sync
2058397 - Ensure pulp-rpm 3.17 is built for Satellite 6.11
2058532 - certs-regenerate breaks qpidd certificates, resulting in qpidd start-up failures: Couldn't find any network address to listen to
2058649 - Unable to set or unset "Discovery location" settings from UI of Satellite 7.0 but the same is partly feasible via hammer_cli.
2058711 - Ostree type is missing during repo creation.
2058844 - The foreman-protector plugin does not works for Satellite 6.11 if the OS is RHEL 8
2058863 - Everytime a host build is being submitted that somehow generates a huge traceback with error "undefined methodinsights' for nil:NilClass" in Satellite 7.0
2058867 - The insights registration steps happens during host build even if the host_registration_insights parameter is set to false in Satellite 7.0
2058894 - Server fingerprints not managed properly
2058905 - Content Import does not delete version on failure
2058984 - The Satellite 7.0 beta offers the download capability of both Host and Full Host image via UI where as the support for Host image was already removed in Satellite 6.10
2059576 - non admin user with host_view permission is unable to look at old host details ui
2059985 - please update to Satellite Ansible Collection 3.3.0
2060097 - [RFE] ouia-ID for content view table
2060396 - satellite-maintain self-upgrade passes even if the next major version maintenance repository isn't available
2060512 - Update terminology for ISS
2060546 - Leapp-upgrade package installation failing with dependency on sat 7.0
2060885 - Update foreman-ansible package to 7.0.3
2061688 - old rubygems (from 6.7 and older) installed and prevent EL7 to EL8 upgrade
2061749 - Templates sync with git on RHEL8 is causing SElinux error
2061773 - Settings defined by DSL are not properly encrypted
2061970 - Mirror on sync still shows up in 'hammer repository info', while mirroring policy does not
2062189 - satellite-installer gets failed with "Could not open SSL root certificate file /root/.postgresql/root.crt" error.
2062476 - GPG shows blank on repo details page render, but is correct when selecting the dropdown
2063149 - CVE-2022-23633 rubygem-actionpack: information leak between requests
2063190 - Upgrading from Satellite 6.9 to Satellite 6.10.3 fails with error "undefined method operatingsystems' for nil:NilClass" during the db:migrate step
2063575 - [RFE] - add ouia-ID for buttons on a cv
2063910 - LEAPP upgrade fails with [Errno 2] No such file or directory: '/var/lib/leapp/scratch/mounts/root_/system_overlay/etc/pki/pulp/content/pulp-global-repo.ca'
2064400 - Migration of encrypted fields between 3.14 and 3.16 is broken for some remotes
2064410 - Incorrect file permissions in /var/lib/pulp/media/... lead to repository sync errors
2064434 - Repository set not showing repos after importing library and creating an ak in a disconnected satellite
2064583 - High memory usage of foreman-proxy during a scaled bulk REX job
2064707 - bootstrap.py can't reach the API via the capsule
2064793 - Remotes should have username and password cleared out if a user sets them to be blank
2065015 - "Sync Connect Timeout" settings takes invalid value and shows update successful but doesn't reflect the change for invalid values
2065027 - Job invocation installs all the installable errata if incorrect Job Template is used.
2065391 - LCE and content view label resets when trying to delete the field names in "Upstream Foreman Server" tab
2065448 - [RFE] - add ouia-ID prop to update buttons in CDN configuration
2065450 - [RFE] - add ouia-ID prop to all fields in CDN configuration
2066408 - REX SSH Key works for SSH but fails for REX on RHEL 8.5 Host
2066899 - After IP change on Tues Mar 22 Satellite manifest tasks fail with 'could not initialize proxy [org.candlepin.model.UpstreamConsumer#XXXXX] - no Session'
2067301 - hammer content-import fails with error Export version 3.14.9 of pulpcore does not match installed version 3.14.12 if the z-stream versions are different for the connected and disconnected satellite 6.10
2067331 - Upgrade to Satellite 6.9 and 6.10 fails with error "ActiveRecord::RecordInvalid: Validation failed: Remote execution features is invalid" during db:seed stage
2069135 - After restore from 6.10.2 (and older) backup to 6.10.3 candlepin is broken
2069248 - documentation links in 6.11 navigate to 7.0 instead of 6.11
2069381 - new host ui, do not navigate to task, instead navigate to job
2069456 - new host ui details,ansible roles, bug when all ansible roles are assigned
2069459 - new host ui details, edit ansible roles, when assigned, wait and not confirmed, role is unasigned automatically
2069640 - insights total risk chart network errors in new host page's overview tab
2070176 - Clicking on "Select recommendations from all pages" of host details page(insights tab) selects insights recommendations of other hosts as well.
2070177 - De-duplicate errata migration doesn't delete child records
2070242 - The satellite-maintain change with respect to 6.11 version shift
2070272 - Sync Status page does not show syncing progress bar under "Result" column when syncing a repo
2070620 - After upgrading to 6.11 ping check fails with "Some components are failing: katello_agent"
2072447 - CVE-2022-28346 Django: SQL injection in QuerySet.annotate(),aggregate() and extra()
2072459 - CVE-2022-28347 Django: SQL injection via QuerySet.explain(options) on PostgreSQL
2072530 - Improvements on foreman-maintain's self-upgrade mechanism
2073039 - LEAPP upgrade enables wrong repositories for capsules
2073124 - HTTP responses include incorrect ETag value
2073194 - Filter API/ UI doesn't return errata, package group, module stream filter rules if repository has been removed from CV
2073307 - "Selected scenario is DISABLED" errors when trying to upgrade installer packages
2073313 - "Publish" action in the drop down doesn't work
2073421 - The new host page should be disabled by default
2073468 - Bootdisk Provisioning Templates are missing description
2073469 - Discovery kexec Provisioning Template is missing description
2073470 - "Kickstart default user data" Provisioning Template contains doubled description key
2075434 - bootstrap.py fails if puppet is not enabled in Satellite
2075519 - Upgrade fails during db:migrate with PG::ForeignKeyViolation: ERROR: update or delete on table "katello_errata" violates foreign key constraint "katello_content_facet_errata_errata_id"
2075528 - OS upgrade keeps original TFTP setup preventing machines to boot from the network
2076372 - Address VCR test changes in pulp_rpm_client 3.17.5
2076684 - NullPointerException during manifest refresh
2076987 - After upgrade any foreman-rake command shows 'ErbParser' and 'RubyParser' are ignored.
2077850 - Puppet purge fails on an upgraded Satellite
2078983 - Tabbable latest version 5.3.1 is not compatible with jest dom/ JSDom without changes to PF4.
2079357 - foreman-maintain maintenance-mode status command fails with undefined methodmaintenance_mode_status?' for nil:NilClass2080909 - The satellite-maintain self-upgrade does not disable the non RHSM repository if it was not enabled on system
2081280 - Bootdisks are left in privatetmp of httpd
2081459 - Omit python*-pulp-ostree packages
2082076 - Settings - Like operator for name
2082241 - hammer host-collection create fails with "Too many arguments" when setting unlimited-hosts
2082505 - Omit python*-pulp-python packages
2082560 - satellite-clone missed version rename 7.0 to 6.11
2083532 - PG::ForeignKeyViolation: ERROR: update or delete on table "katello_erratum_packages" violates foreign key constraint "katello_msep_erratum_package_id_fk" on table "katello_module_stream_erratum_packages"
2084106 - satellite-change-hostname on capsule runs deprecated capsule-installer
2084624 - Unable to install 6.11 with ansible-core 2.12
2085446 - LEAPP preupgrade --target 8.6 fails to resolve conflicts for rubygem-openscap
2085528 - Change "Component content view" to "Content view"
2086101 - rhel8 repos are missing python2-qpid, making qpid-tools and thus the katello-agent support unavailable
2086683 - Actions::Candlepin::Owner::Import failing with "Entity version collision detected"
2086948 - Remove 6.11 beta branding
2087727 - Upgrade to Satellite 6.10.5.1 fails with error message "PG::NotNullViolation: ERROR: null value in column "erratum_package_id" violates not-null constraint"
2089361 - satellite-clone is broken on RHEL8.6
2089794 - Insights recommendations get halted with error undefined methodid' for nil:NilClass
2089796 - Absence of Package redhat-access-insights-puppet.noarch in rhel 8 sat/capsule
2089812 - Need to list Satellite Utils and Puppet agent repositories on Recommended Repositories page for Sat 6.11
2089928 - Dependency Issue when attempting to enable Satellite Infoblox DNS and DHCP plugins on RHEL 8
2090740 - Update links for the new puppet documentation
2090820 - satellite upgrade to 6.11 fails in installer with "Could not open SSL root certificate file /root/.postgresql/root.crt" error for external DB setup
2093679 - satellite-installer --enable-foreman-proxy-plugin-shellhooks fails with error Error: Unable to find a match: rubygem-smart_proxy_shellhooks in Red Hat Satellite 6.11
2094255 - Configure Cloud Connector runs against an old hostname after a hostname change
2094280 - rhc_instance_id is not being set correctly by configure cloud connector playbook.
2094454 - Error "missing keywords: :arch, :major, :minor" on CDN configuration
2095598 - The completion of a remediation playbook should indicate success or failure combined for all hosts in the run
2095599 - Satellite yggdrasil-forwarder-worker does not send proper lowercase JSON to RHC API
2096198 - Too many connection issue occurring for on-demand content sync
2096921 - "Reconfigure Cloud Connector" job fails on upgraded Satellite configured with fifi/receptor.
- Package List:
Red Hat Satellite 6.11 for RHEL 7:
Source: ansible-collection-redhat-satellite-3.3.0-1.el7sat.src.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el7sat.src.rpm ansible-runner-1.4.7-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.2.0-2.el7sat.src.rpm ansiblerole-insights-client-1.7.1-2.el7sat.src.rpm candlepin-4.1.13-1.el7sat.src.rpm createrepo_c-0.20.0-1.el7pc.src.rpm dynflow-utils-1.6.3-1.el7sat.src.rpm foreman-3.1.1.21-2.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.8.2-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-4.1.el7sat.src.rpm foreman-installer-3.1.2.6-1.el7sat.src.rpm foreman-proxy-3.1.1.1-1.el7sat.src.rpm foreman-selinux-3.1.2.1-1.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-4.3.0-3.el7sat.src.rpm katello-certs-tools-2.9.0-1.el7sat.src.rpm katello-client-bootstrap-1.7.9-1.el7sat.src.rpm katello-selinux-4.0.2-1.el7sat.src.rpm keycloak-httpd-client-install-1.2.2-2.el7sat.src.rpm libcomps-0.1.18-1.el7pc.src.rpm libmodulemd2-2.9.3-1.el7pc.src.rpm libsodium-1.0.17-3.el7sat.src.rpm libsolv-0.7.22-1.el7pc.src.rpm libsolv0-0.6.34-4.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm pcp-mmvstatsd-0.4-2.el7sat.src.rpm pulpcore-selinux-1.3.0-1.el7pc.src.rpm puppet-agent-7.12.1-1.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-5.2.0-1.el7sat.src.rpm puppetserver-7.4.2-1.el7sat.src.rpm python-daemon-2.1.2-7.2.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-psutil-5.7.2-2.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-qpid-1.35.0-5.el7.src.rpm python2-libcomps-0.1.15-5.pulp.el7sat.src.rpm qpid-cpp-1.36.0-32.el7_9amq.src.rpm qpid-dispatch-1.14.0-1.el7_9.src.rpm qpid-proton-0.33.0-6.el7_9.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm rubygem-clamp-1.1.2-7.el7sat.src.rpm rubygem-facter-2.4.1-2.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-foreman_maintain-1.0.12-1.el7sat.src.rpm rubygem-foreman_scap_client-0.5.0-1.el7sat.src.rpm rubygem-highline-2.0.3-2.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.11.0-2.el7sat.src.rpm satellite-installer-6.11.0.7-1.el7sat.src.rpm satellite-maintain-0.0.1-1.el7sat.src.rpm tfm-7.0-1.el7sat.src.rpm tfm-pulpcore-1.0-4.el7pc.src.rpm tfm-pulpcore-python-aiodns-3.0.0-2.el7pc.src.rpm tfm-pulpcore-python-aiofiles-0.7.0-2.el7pc.src.rpm tfm-pulpcore-python-aiohttp-3.8.1-2.el7pc.src.rpm tfm-pulpcore-python-aiohttp-xmlrpc-1.5.0-1.el7pc.src.rpm tfm-pulpcore-python-aioredis-2.0.0-2.el7pc.src.rpm tfm-pulpcore-python-aiosignal-1.2.0-1.el7pc.src.rpm tfm-pulpcore-python-ansible-builder-1.0.1-2.el7pc.src.rpm tfm-pulpcore-python-asgiref-3.4.1-1.el7pc.src.rpm tfm-pulpcore-python-async-lru-1.0.2-2.el7pc.src.rpm tfm-pulpcore-python-async-timeout-4.0.2-1.el7pc.src.rpm tfm-pulpcore-python-asyncio-throttle-1.0.2-2.el7pc.src.rpm tfm-pulpcore-python-attrs-21.2.0-2.el7pc.src.rpm tfm-pulpcore-python-backoff-1.11.1-1.el7pc.src.rpm tfm-pulpcore-python-bindep-2.10.1-1.el7pc.src.rpm tfm-pulpcore-python-bleach-3.3.1-1.el7pc.src.rpm tfm-pulpcore-python-bleach-allowlist-1.0.3-2.el7pc.src.rpm tfm-pulpcore-python-brotli-1.0.9-1.el7pc.src.rpm tfm-pulpcore-python-cchardet-2.1.7-1.el7pc.src.rpm tfm-pulpcore-python-certifi-2020.6.20-2.el7pc.src.rpm tfm-pulpcore-python-cffi-1.15.0-1.el7pc.src.rpm tfm-pulpcore-python-chardet-3.0.4-3.el7pc.src.rpm tfm-pulpcore-python-charset-normalizer-2.0.7-1.el7pc.src.rpm tfm-pulpcore-python-click-8.0.3-1.el7pc.src.rpm tfm-pulpcore-python-click-shell-2.1-2.el7pc.src.rpm tfm-pulpcore-python-colorama-0.4.4-2.el7pc.src.rpm tfm-pulpcore-python-contextlib2-21.6.0-2.el7pc.src.rpm tfm-pulpcore-python-cryptography-3.1.1-1.el7pc.src.rpm tfm-pulpcore-python-dateutil-2.8.2-1.el7pc.src.rpm tfm-pulpcore-python-debian-0.1.42-1.el7pc.src.rpm tfm-pulpcore-python-defusedxml-0.7.1-2.el7pc.src.rpm tfm-pulpcore-python-diff-match-patch-20200713-2.el7pc.src.rpm tfm-pulpcore-python-distro-1.6.0-2.el7pc.src.rpm tfm-pulpcore-python-django-3.2.13-1.el7pc.src.rpm tfm-pulpcore-python-django-currentuser-0.5.3-3.el7pc.src.rpm tfm-pulpcore-python-django-filter-21.1-1.el7pc.src.rpm tfm-pulpcore-python-django-guardian-2.4.0-3.el7pc.src.rpm tfm-pulpcore-python-django-guid-3.2.0-2.el7pc.src.rpm tfm-pulpcore-python-django-import-export-2.6.1-1.el7pc.src.rpm tfm-pulpcore-python-django-lifecycle-0.9.3-1.el7pc.src.rpm tfm-pulpcore-python-django-prometheus-2.1.0-2.el7pc.src.rpm tfm-pulpcore-python-django-readonly-field-1.0.5-3.el7pc.src.rpm tfm-pulpcore-python-djangorestframework-3.12.4-4.el7pc.src.rpm tfm-pulpcore-python-djangorestframework-queryfields-1.0.0-4.el7pc.src.rpm tfm-pulpcore-python-drf-access-policy-1.1.0-1.el7pc.src.rpm tfm-pulpcore-python-drf-nested-routers-0.93.3-3.el7pc.src.rpm tfm-pulpcore-python-drf-spectacular-0.20.1-1.el7pc.src.rpm tfm-pulpcore-python-dynaconf-3.1.7-2.el7pc.src.rpm tfm-pulpcore-python-ecdsa-0.13.3-3.el7pc.src.rpm tfm-pulpcore-python-et-xmlfile-1.1.0-1.el7pc.src.rpm tfm-pulpcore-python-flake8-3.9.2-3.el7pc.src.rpm tfm-pulpcore-python-frozenlist-1.3.0-1.el7pc.src.rpm tfm-pulpcore-python-future-0.18.2-4.el7pc.src.rpm tfm-pulpcore-python-galaxy-importer-0.4.1-2.el7pc.src.rpm tfm-pulpcore-python-gnupg-0.4.7-2.el7pc.src.rpm tfm-pulpcore-python-gunicorn-20.1.0-3.el7pc.src.rpm tfm-pulpcore-python-idna-3.3-1.el7pc.src.rpm tfm-pulpcore-python-idna-ssl-1.1.0-4.el7pc.src.rpm tfm-pulpcore-python-importlib-metadata-1.7.0-2.el7pc.src.rpm tfm-pulpcore-python-inflection-0.5.1-2.el7pc.src.rpm tfm-pulpcore-python-iniparse-0.4-34.el7pc.src.rpm tfm-pulpcore-python-jinja2-3.0.2-1.el7pc.src.rpm tfm-pulpcore-python-jsonschema-3.2.0-7.el7pc.src.rpm tfm-pulpcore-python-lxml-4.7.1-1.el7pc.src.rpm tfm-pulpcore-python-markdown-3.3.4-4.el7pc.src.rpm tfm-pulpcore-python-markuppy-1.14-2.el7pc.src.rpm tfm-pulpcore-python-markupsafe-2.0.1-2.el7pc.src.rpm tfm-pulpcore-python-mccabe-0.6.1-2.el7pc.src.rpm tfm-pulpcore-python-multidict-5.2.0-1.el7pc.src.rpm tfm-pulpcore-python-naya-1.1.1-1.el7pc.src.rpm tfm-pulpcore-python-odfpy-1.4.1-5.el7pc.src.rpm tfm-pulpcore-python-openpyxl-3.0.9-1.el7pc.src.rpm tfm-pulpcore-python-packaging-21.2-1.el7pc.src.rpm tfm-pulpcore-python-parsley-1.3-1.el7pc.src.rpm tfm-pulpcore-python-pbr-5.6.0-1.el7pc.src.rpm tfm-pulpcore-python-productmd-1.33-2.el7pc.src.rpm tfm-pulpcore-python-prometheus-client-0.8.0-2.el7pc.src.rpm tfm-pulpcore-python-psycopg2-2.9.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-ansible-0.10.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-certguard-1.5.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-cli-0.14.0-1.el7pc.src.rpm tfm-pulpcore-python-pulp-container-2.9.2-1.el7pc.src.rpm tfm-pulpcore-python-pulp-deb-2.16.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-file-1.10.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-rpm-3.17.5-1.1.el7pc.src.rpm tfm-pulpcore-python-pulpcore-3.16.9-1.el7pc.src.rpm tfm-pulpcore-python-pyOpenSSL-19.1.0-2.el7pc.src.rpm tfm-pulpcore-python-pycairo-1.20.1-2.el7pc.src.rpm tfm-pulpcore-python-pycares-4.1.2-3.el7pc.src.rpm tfm-pulpcore-python-pycodestyle-2.7.0-4.el7pc.src.rpm tfm-pulpcore-python-pycparser-2.20-2.el7pc.src.rpm tfm-pulpcore-python-pycryptodomex-3.11.0-1.el7pc.src.rpm tfm-pulpcore-python-pyflakes-2.3.1-4.el7pc.src.rpm tfm-pulpcore-python-pygments-2.10.0-2.el7pc.src.rpm tfm-pulpcore-python-pygobject-3.40.1-1.el7pc.src.rpm tfm-pulpcore-python-pygtrie-2.4.2-2.el7pc.src.rpm tfm-pulpcore-python-pyjwkest-1.4.2-5.el7pc.src.rpm tfm-pulpcore-python-pyjwt-1.7.1-7.el7pc.src.rpm tfm-pulpcore-python-pyparsing-2.4.7-2.el7pc.src.rpm tfm-pulpcore-python-pyrsistent-0.18.0-1.el7pc.src.rpm tfm-pulpcore-python-pytz-2021.3-1.el7pc.src.rpm tfm-pulpcore-python-pyyaml-5.4.1-3.el7pc.src.rpm tfm-pulpcore-python-redis-3.5.3-2.el7pc.src.rpm tfm-pulpcore-python-requests-2.26.0-3.el7pc.src.rpm tfm-pulpcore-python-requirements-parser-0.2.0-2.el7pc.src.rpm tfm-pulpcore-python-rhsm-1.19.2-2.el7pc.src.rpm tfm-pulpcore-python-schema-0.7.5-1.el7pc.src.rpm tfm-pulpcore-python-semantic-version-2.8.5-2.el7pc.src.rpm tfm-pulpcore-python-six-1.16.0-1.el7pc.src.rpm tfm-pulpcore-python-sqlparse-0.4.2-2.el7pc.src.rpm tfm-pulpcore-python-tablib-3.1.0-1.el7pc.src.rpm tfm-pulpcore-python-toml-0.10.2-2.el7pc.src.rpm tfm-pulpcore-python-typing-extensions-3.10.0.2-1.el7pc.src.rpm tfm-pulpcore-python-uritemplate-4.1.1-1.el7pc.src.rpm tfm-pulpcore-python-url-normalize-1.4.3-3.el7pc.src.rpm tfm-pulpcore-python-urllib3-1.26.7-1.el7pc.src.rpm tfm-pulpcore-python-urlman-1.4.0-2.el7pc.src.rpm tfm-pulpcore-python-webencodings-0.5.1-2.el7pc.src.rpm tfm-pulpcore-python-whitenoise-5.3.0-1.el7pc.src.rpm tfm-pulpcore-python-xlrd-2.0.1-4.el7pc.src.rpm tfm-pulpcore-python-xlwt-1.3.0-2.el7pc.src.rpm tfm-pulpcore-python-yarl-1.7.2-1.el7pc.src.rpm tfm-pulpcore-python-zipp-3.4.0-3.el7pc.src.rpm tfm-rubygem-actioncable-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-actionmailbox-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-actionmailer-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-actionpack-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-actiontext-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-actionview-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-activejob-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-activemodel-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-activerecord-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-activerecord-import-1.1.0-1.el7sat.src.rpm tfm-rubygem-activerecord-session_store-2.0.0-1.el7sat.src.rpm tfm-rubygem-activestorage-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-activesupport-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-acts_as_list-1.0.3-2.el7sat.src.rpm tfm-rubygem-addressable-2.8.0-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-8.el7sat.src.rpm tfm-rubygem-amazing_print-1.1.0-2.el7sat.src.rpm tfm-rubygem-ancestry-3.0.7-2.el7sat.src.rpm tfm-rubygem-anemone-0.7.2-23.el7sat.src.rpm tfm-rubygem-angular-rails-templates-1.1.0-2.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-3.el7sat.src.rpm tfm-rubygem-apipie-bindings-0.4.0-2.el7sat.src.rpm tfm-rubygem-apipie-dsl-2.3.0-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.1.el7sat.src.rpm tfm-rubygem-apipie-rails-0.5.17-4.el7sat.src.rpm tfm-rubygem-audited-4.9.0-4.el7sat.src.rpm tfm-rubygem-azure_mgmt_compute-0.22.0-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_network-0.26.1-2.el7sat.src.rpm tfm-rubygem-azure_mgmt_resources-0.18.2-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_storage-0.23.0-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.5-1.el7sat.src.rpm tfm-rubygem-bcrypt-3.1.12-4.1.el7sat.src.rpm tfm-rubygem-builder-3.2.4-2.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-6.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-7.el7sat.src.rpm tfm-rubygem-coffee-rails-5.0.0-2.el7sat.src.rpm tfm-rubygem-coffee-script-2.4.1-5.el7sat.src.rpm tfm-rubygem-coffee-script-source-1.12.2-5.el7sat.src.rpm tfm-rubygem-colorize-0.8.1-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-3.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-3.el7sat.src.rpm tfm-rubygem-connection_pool-2.2.2-3.el7sat.src.rpm tfm-rubygem-crass-1.0.6-2.el7sat.src.rpm tfm-rubygem-css_parser-1.4.7-5.el7sat.src.rpm tfm-rubygem-daemons-1.2.3-7.1.el7sat.src.rpm tfm-rubygem-deacon-1.0.0-5.el7sat.src.rpm tfm-rubygem-declarative-0.0.10-3.el7sat.src.rpm tfm-rubygem-declarative-option-0.1.0-3.el7sat.src.rpm tfm-rubygem-deep_cloneable-3.0.0-4.el7sat.src.rpm tfm-rubygem-deface-1.5.3-3.el7sat.src.rpm tfm-rubygem-diffy-3.0.1-6.1.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-5.el7sat.src.rpm tfm-rubygem-dynflow-1.6.4-1.el7sat.src.rpm tfm-rubygem-erubi-1.9.0-2.el7sat.src.rpm tfm-rubygem-excon-0.76.0-2.el7sat.src.rpm tfm-rubygem-execjs-2.7.0-5.el7sat.src.rpm tfm-rubygem-facter-4.0.51-2.el7sat.src.rpm tfm-rubygem-faraday-0.17.3-2.el7sat.src.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-2.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-3.el7sat.src.rpm tfm-rubygem-fast_gettext-1.4.1-5.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-2.1.el7sat.src.rpm tfm-rubygem-fog-aws-3.6.5-2.el7sat.src.rpm tfm-rubygem-fog-core-2.1.0-4.el7sat.src.rpm tfm-rubygem-fog-google-1.11.0-2.el7sat.src.rpm tfm-rubygem-fog-json-1.2.0-4.el7sat.src.rpm tfm-rubygem-fog-kubevirt-1.3.3-2.el7sat.src.rpm tfm-rubygem-fog-libvirt-0.9.0-1.el7sat.src.rpm tfm-rubygem-fog-openstack-1.0.8-4.el7sat.src.rpm tfm-rubygem-fog-ovirt-2.0.1-2.el7sat.src.rpm tfm-rubygem-fog-vsphere-3.5.1-1.el7sat.src.rpm tfm-rubygem-fog-xml-0.1.2-9.el7sat.src.rpm tfm-rubygem-foreman-tasks-5.2.3-1.el7sat.src.rpm tfm-rubygem-foreman_ansible-7.0.4.1-1.el7sat.src.rpm tfm-rubygem-foreman_azure_rm-2.2.6-1.el7sat.src.rpm tfm-rubygem-foreman_bootdisk-19.0.4.1-1.el7sat.src.rpm tfm-rubygem-foreman_discovery-19.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_hooks-0.3.17-2.el7sat.src.rpm tfm-rubygem-foreman_kubevirt-0.1.9-2.el7sat.src.rpm tfm-rubygem-foreman_leapp-0.1.9-1.el7sat.src.rpm tfm-rubygem-foreman_openscap-5.1.1-1.el7sat.src.rpm tfm-rubygem-foreman_puppet-2.0.6-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution-5.0.7-1.el7sat.src.rpm tfm-rubygem-foreman_rh_cloud-5.0.39-1.el7sat.src.rpm tfm-rubygem-foreman_templates-9.1.0-1.el7sat.src.rpm tfm-rubygem-foreman_theme_satellite-9.0.0.10-1.el7sat.src.rpm tfm-rubygem-foreman_virt_who_configure-0.5.8-1.el7sat.src.rpm tfm-rubygem-foreman_webhooks-2.0.1-1.1.el7sat.src.rpm tfm-rubygem-formatador-0.2.1-13.el7sat.src.rpm tfm-rubygem-friendly_id-5.3.0-2.el7sat.src.rpm tfm-rubygem-fx-0.5.0-2.el7sat.src.rpm tfm-rubygem-get_process_mem-0.2.7-2.1.el7sat.src.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-3.el7sat.src.rpm tfm-rubygem-git-1.5.0-2.el7sat.src.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el7sat.src.rpm tfm-rubygem-globalid-0.4.2-2.el7sat.src.rpm tfm-rubygem-google-api-client-0.33.2-2.el7sat.src.rpm tfm-rubygem-google-cloud-env-1.3.3-2.el7sat.src.rpm tfm-rubygem-googleauth-0.13.1-2.el7sat.src.rpm tfm-rubygem-graphql-1.8.14-3.el7sat.src.rpm tfm-rubygem-graphql-batch-0.3.10-3.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-8.el7sat.src.rpm tfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_puppet-0.0.5-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-3.el7sat.src.rpm tfm-rubygem-highline-2.0.3-2.el7sat.src.rpm tfm-rubygem-hocon-1.3.1-2.el7sat.src.rpm tfm-rubygem-http-3.3.0-2.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.1.el7sat.src.rpm tfm-rubygem-http-form_data-2.1.1-2.el7sat.src.rpm tfm-rubygem-http_parser.rb-0.6.0-3.1.el7sat.src.rpm tfm-rubygem-httpclient-2.8.3-4.el7sat.src.rpm tfm-rubygem-i18n-1.8.2-2.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-4.el7sat.src.rpm tfm-rubygem-ipaddress-0.8.0-13.el7sat.src.rpm tfm-rubygem-jgrep-1.3.3-13.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-3.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-4.1.el7sat.src.rpm tfm-rubygem-jwt-2.2.2-2.el7sat.src.rpm tfm-rubygem-kafo-6.4.0-1.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.2.1-1.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.2-2.el7sat.src.rpm tfm-rubygem-katello-4.3.0.42-1.el7sat.src.rpm tfm-rubygem-kubeclient-4.3.0-2.el7sat.src.rpm tfm-rubygem-ldap_fluff-0.6.0-1.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-3.el7sat.src.rpm tfm-rubygem-locale-2.0.9-15.el7sat.src.rpm tfm-rubygem-logging-2.3.0-2.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-3.el7sat.src.rpm tfm-rubygem-loofah-2.4.0-2.el7sat.src.rpm tfm-rubygem-mail-2.7.1-2.el7sat.src.rpm tfm-rubygem-marcel-1.0.1-1.el7sat.src.rpm tfm-rubygem-memoist-0.16.0-3.el7sat.src.rpm tfm-rubygem-method_source-0.9.2-3.el7sat.src.rpm tfm-rubygem-mime-types-3.3.1-2.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.src.rpm tfm-rubygem-mini_mime-1.0.2-2.el7sat.src.rpm tfm-rubygem-mini_portile2-2.5.1-1.el7sat.src.rpm tfm-rubygem-mqtt-0.5.0-1.el7sat.src.rpm tfm-rubygem-ms_rest-0.7.6-1.el7sat.src.rpm tfm-rubygem-ms_rest_azure-0.12.0-1.el7sat.src.rpm tfm-rubygem-msgpack-1.3.3-2.1.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-3.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-3.el7sat.src.rpm tfm-rubygem-mustermann-1.1.1-1.el7sat.src.rpm tfm-rubygem-net-ldap-0.17.0-2.el7sat.src.rpm tfm-rubygem-net-ping-2.0.1-5.el7sat.src.rpm tfm-rubygem-net-scp-1.2.1-5.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-3.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-4.el7sat.src.rpm tfm-rubygem-net_http_unix-0.2.2-2.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-6.el7sat.src.rpm tfm-rubygem-newt-0.9.7-3.1.el7sat.src.rpm tfm-rubygem-nio4r-2.5.4-2.1.el7sat.src.rpm tfm-rubygem-nokogiri-1.11.3-2.el7sat.src.rpm tfm-rubygem-oauth-0.5.4-5.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-7.el7sat.src.rpm tfm-rubygem-openscap_parser-1.0.2-2.el7sat.src.rpm tfm-rubygem-optimist-3.0.0-3.el7sat.src.rpm tfm-rubygem-os-1.0.0-3.el7sat.src.rpm tfm-rubygem-ovirt-engine-sdk-4.4.0-2.1.el7sat.src.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-3.el7sat.src.rpm tfm-rubygem-parallel-1.19.1-2.el7sat.src.rpm tfm-rubygem-parse-cron-0.1.4-5.el7sat.src.rpm tfm-rubygem-pg-1.1.4-4.1.el7sat.src.rpm tfm-rubygem-polyglot-0.3.5-3.1.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-3.el7sat.src.rpm tfm-rubygem-prometheus-client-1.0.0-3.el7sat.src.rpm tfm-rubygem-promise.rb-0.7.4-3.el7sat.src.rpm tfm-rubygem-public_suffix-3.0.3-3.el7sat.src.rpm tfm-rubygem-pulp_ansible_client-0.10.1-1.el7sat.src.rpm tfm-rubygem-pulp_certguard_client-1.5.0-1.el7sat.src.rpm tfm-rubygem-pulp_container_client-2.9.0-1.el7sat.src.rpm tfm-rubygem-pulp_deb_client-2.16.0-1.el7sat.src.rpm tfm-rubygem-pulp_file_client-1.10.0-1.el7sat.src.rpm tfm-rubygem-pulp_ostree_client-2.0.0-0.1.a1.el7sat.src.rpm tfm-rubygem-pulp_python_client-3.5.2-1.el7sat.src.rpm tfm-rubygem-pulp_rpm_client-3.17.4-1.el7sat.src.rpm tfm-rubygem-pulpcore_client-3.16.7-1.el7sat.src.rpm tfm-rubygem-puma-5.6.2-1.el7sat.src.rpm tfm-rubygem-puma-status-1.3-1.el7sat.src.rpm tfm-rubygem-qpid_proton-0.33.0-5.el7sat.src.rpm tfm-rubygem-quantile-0.2.0-5.el7sat.src.rpm tfm-rubygem-rabl-0.14.3-2.el7sat.src.rpm tfm-rubygem-racc-1.5.2-1.el7sat.src.rpm tfm-rubygem-rack-2.2.3-2.el7sat.src.rpm tfm-rubygem-rack-cors-1.0.2-3.el7sat.src.rpm tfm-rubygem-rack-jsonp-1.3.1-10.el7sat.src.rpm tfm-rubygem-rack-protection-2.1.0-2.el7sat.src.rpm tfm-rubygem-rack-test-1.1.0-5.el7sat.src.rpm tfm-rubygem-rails-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-rails-dom-testing-2.0.3-7.el7sat.src.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-2.el7sat.src.rpm tfm-rubygem-rails-i18n-6.0.0-3.el7sat.src.rpm tfm-rubygem-railties-6.0.4.7-1.el7sat.src.rpm tfm-rubygem-rainbow-2.2.2-1.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-6.el7sat.src.rpm tfm-rubygem-rbnacl-4.0.2-2.el7sat.src.rpm tfm-rubygem-rbvmomi-2.2.0-4.el7sat.src.rpm tfm-rubygem-record_tag_helper-1.0.1-4.el7sat.src.rpm tfm-rubygem-recursive-open-struct-1.1.0-2.el7sat.src.rpm tfm-rubygem-redfish_client-0.5.2-2.el7sat.src.rpm tfm-rubygem-redis-4.5.1-1.el7sat.src.rpm tfm-rubygem-representable-3.0.4-3.el7sat.src.rpm tfm-rubygem-responders-3.0.0-4.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-4.el7sat.src.rpm tfm-rubygem-retriable-3.1.2-3.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-20.1.el7sat.src.rpm tfm-rubygem-roadie-3.4.0-4.el7sat.src.rpm tfm-rubygem-roadie-rails-2.1.1-3.el7sat.src.rpm tfm-rubygem-robotex-1.0.0-22.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-5.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.1-2.1.el7sat.src.rpm tfm-rubygem-ruby2_keywords-0.0.4-1.el7sat.src.rpm tfm-rubygem-ruby2ruby-2.4.2-4.el7sat.src.rpm tfm-rubygem-ruby_parser-3.10.1-4.el7sat.src.rpm tfm-rubygem-rubyipmi-0.11.0-1.el7sat.src.rpm tfm-rubygem-runcible-2.13.1-2.el7sat.src.rpm tfm-rubygem-safemode-1.3.6-2.el7sat.src.rpm tfm-rubygem-scoped_search-4.1.9-2.el7sat.src.rpm tfm-rubygem-sd_notify-0.1.0-2.el7sat.src.rpm tfm-rubygem-secure_headers-6.3.0-3.el7sat.src.rpm tfm-rubygem-sequel-5.42.0-2.el7sat.src.rpm tfm-rubygem-server_sent_events-0.1.2-2.el7sat.src.rpm tfm-rubygem-sexp_processor-4.10.0-7.el7sat.src.rpm tfm-rubygem-sidekiq-5.2.10-1.el7sat.src.rpm tfm-rubygem-signet-0.14.0-2.el7sat.src.rpm tfm-rubygem-sinatra-2.1.0-3.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.3.1-2.el7sat.src.rpm tfm-rubygem-smart_proxy_container_gateway-1.0.6-1.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-8.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.3.2-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.1.0-6.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.6.3-1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.4.1-1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-3.2.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el7sat.src.rpm tfm-rubygem-smart_proxy_shellhooks-0.9.2-2.el7sat.src.rpm tfm-rubygem-sprockets-4.0.2-2.el7sat.src.rpm tfm-rubygem-sprockets-rails-3.2.1-7.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-7.1.el7sat.src.rpm tfm-rubygem-sshkey-1.9.0-5.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-4.el7sat.src.rpm tfm-rubygem-stomp-1.4.9-2.el7sat.src.rpm tfm-rubygem-thor-1.0.1-3.el7sat.src.rpm tfm-rubygem-thread_safe-0.3.6-6.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-5.el7sat.src.rpm tfm-rubygem-timeliness-0.3.10-2.el7sat.src.rpm tfm-rubygem-tzinfo-1.2.6-2.el7sat.src.rpm tfm-rubygem-uber-0.1.0-3.el7sat.src.rpm tfm-rubygem-unf-0.1.3-9.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.src.rpm tfm-rubygem-unicode-0.4.4.4-4.1.el7sat.src.rpm tfm-rubygem-unicode-display_width-1.7.0-2.el7sat.src.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-8.el7sat.src.rpm tfm-rubygem-webpack-rails-0.9.8-6.1.el7sat.src.rpm tfm-rubygem-websocket-driver-0.7.1-2.1.el7sat.src.rpm tfm-rubygem-websocket-extensions-0.1.5-2.el7sat.src.rpm tfm-rubygem-will_paginate-3.1.7-4.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-3.el7sat.src.rpm tfm-rubygem-zeitwerk-2.2.2-2.el7sat.src.rpm yggdrasil-worker-forwarder-0.0.1-1.el7sat.src.rpm
noarch: ansible-collection-redhat-satellite-3.3.0-1.el7sat.noarch.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el7sat.noarch.rpm ansible-runner-1.4.7-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.2.0-2.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-2.el7sat.noarch.rpm candlepin-4.1.13-1.el7sat.noarch.rpm candlepin-selinux-4.1.13-1.el7sat.noarch.rpm foreman-3.1.1.21-2.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-cli-3.1.1.21-2.el7sat.noarch.rpm foreman-debug-3.1.1.21-2.el7sat.noarch.rpm foreman-discovery-image-3.8.2-1.el7sat.noarch.rpm foreman-dynflow-sidekiq-3.1.1.21-2.el7sat.noarch.rpm foreman-ec2-3.1.1.21-2.el7sat.noarch.rpm foreman-gce-3.1.1.21-2.el7sat.noarch.rpm foreman-installer-3.1.2.6-1.el7sat.noarch.rpm foreman-installer-katello-3.1.2.6-1.el7sat.noarch.rpm foreman-journald-3.1.1.21-2.el7sat.noarch.rpm foreman-libvirt-3.1.1.21-2.el7sat.noarch.rpm foreman-openstack-3.1.1.21-2.el7sat.noarch.rpm foreman-ovirt-3.1.1.21-2.el7sat.noarch.rpm foreman-postgresql-3.1.1.21-2.el7sat.noarch.rpm foreman-proxy-3.1.1.1-1.el7sat.noarch.rpm foreman-proxy-journald-3.1.1.1-1.el7sat.noarch.rpm foreman-selinux-3.1.2.1-1.el7sat.noarch.rpm foreman-service-3.1.1.21-2.el7sat.noarch.rpm foreman-telemetry-3.1.1.21-2.el7sat.noarch.rpm foreman-vmware-3.1.1.21-2.el7sat.noarch.rpm katello-4.3.0-3.el7sat.noarch.rpm katello-certs-tools-2.9.0-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.9-1.el7sat.noarch.rpm katello-common-4.3.0-3.el7sat.noarch.rpm katello-debug-4.3.0-3.el7sat.noarch.rpm katello-selinux-4.0.2-1.el7sat.noarch.rpm keycloak-httpd-client-install-1.2.2-2.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-5.2.0-1.el7sat.noarch.rpm puppetserver-7.4.2-1.el7sat.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python2-ansible-runner-1.4.7-1.el7ar.noarch.rpm python2-daemon-2.1.2-7.2.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-keycloak-httpd-client-install-1.2.2-2.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm qpid-dispatch-tools-1.14.0-1.el7_9.noarch.rpm qpid-tools-1.36.0-32.el7_9amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm rubygem-clamp-1.1.2-7.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-foreman_maintain-1.0.12-1.el7sat.noarch.rpm rubygem-foreman_scap_client-0.5.0-1.el7sat.noarch.rpm rubygem-highline-2.0.3-2.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm satellite-6.11.0-2.el7sat.noarch.rpm satellite-cli-6.11.0-2.el7sat.noarch.rpm satellite-common-6.11.0-2.el7sat.noarch.rpm satellite-installer-6.11.0.7-1.el7sat.noarch.rpm satellite-maintain-0.0.1-1.el7sat.noarch.rpm tfm-pulpcore-python3-aiodns-3.0.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-aiofiles-0.7.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-aiohttp-xmlrpc-1.5.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-aioredis-2.0.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-aiosignal-1.2.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-ansible-builder-1.0.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-asgiref-3.4.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-async-lru-1.0.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-async-timeout-4.0.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-asyncio-throttle-1.0.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-attrs-21.2.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-backoff-1.11.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-bindep-2.10.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-bleach-3.3.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-bleach-allowlist-1.0.3-2.el7pc.noarch.rpm tfm-pulpcore-python3-certifi-2020.6.20-2.el7pc.noarch.rpm tfm-pulpcore-python3-chardet-3.0.4-3.el7pc.noarch.rpm tfm-pulpcore-python3-charset-normalizer-2.0.7-1.el7pc.noarch.rpm tfm-pulpcore-python3-click-8.0.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-click-shell-2.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-colorama-0.4.4-2.el7pc.noarch.rpm tfm-pulpcore-python3-contextlib2-21.6.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-dateutil-2.8.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-debian-0.1.42-1.el7pc.noarch.rpm tfm-pulpcore-python3-defusedxml-0.7.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-diff-match-patch-20200713-2.el7pc.noarch.rpm tfm-pulpcore-python3-distro-1.6.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-django-3.2.13-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-currentuser-0.5.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-django-filter-21.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-guardian-2.4.0-3.el7pc.noarch.rpm tfm-pulpcore-python3-django-guid-3.2.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-django-import-export-2.6.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-lifecycle-0.9.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-prometheus-2.1.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-django-readonly-field-1.0.5-3.el7pc.noarch.rpm tfm-pulpcore-python3-djangorestframework-3.12.4-4.el7pc.noarch.rpm tfm-pulpcore-python3-djangorestframework-queryfields-1.0.0-4.el7pc.noarch.rpm tfm-pulpcore-python3-drf-access-policy-1.1.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-drf-nested-routers-0.93.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-drf-spectacular-0.20.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-dynaconf-3.1.7-2.el7pc.noarch.rpm tfm-pulpcore-python3-ecdsa-0.13.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-et-xmlfile-1.1.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-flake8-3.9.2-3.el7pc.noarch.rpm tfm-pulpcore-python3-future-0.18.2-4.el7pc.noarch.rpm tfm-pulpcore-python3-galaxy-importer-0.4.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-gnupg-0.4.7-2.el7pc.noarch.rpm tfm-pulpcore-python3-gunicorn-20.1.0-3.el7pc.noarch.rpm tfm-pulpcore-python3-idna-3.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-idna-ssl-1.1.0-4.el7pc.noarch.rpm tfm-pulpcore-python3-importlib-metadata-1.7.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-inflection-0.5.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-iniparse-0.4-34.el7pc.noarch.rpm tfm-pulpcore-python3-jinja2-3.0.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-jsonschema-3.2.0-7.el7pc.noarch.rpm tfm-pulpcore-python3-markdown-3.3.4-4.el7pc.noarch.rpm tfm-pulpcore-python3-markuppy-1.14-2.el7pc.noarch.rpm tfm-pulpcore-python3-mccabe-0.6.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-naya-1.1.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-odfpy-1.4.1-5.el7pc.noarch.rpm tfm-pulpcore-python3-openpyxl-3.0.9-1.el7pc.noarch.rpm tfm-pulpcore-python3-packaging-21.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-parsley-1.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-pbr-5.6.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-productmd-1.33-2.el7pc.noarch.rpm tfm-pulpcore-python3-prometheus-client-0.8.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-ansible-0.10.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-certguard-1.5.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-cli-0.14.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-container-2.9.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-deb-2.16.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-file-1.10.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-rpm-3.17.5-1.1.el7pc.noarch.rpm tfm-pulpcore-python3-pulpcore-3.16.9-1.el7pc.noarch.rpm tfm-pulpcore-python3-pyOpenSSL-19.1.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-pycodestyle-2.7.0-4.el7pc.noarch.rpm tfm-pulpcore-python3-pycparser-2.20-2.el7pc.noarch.rpm tfm-pulpcore-python3-pyflakes-2.3.1-4.el7pc.noarch.rpm tfm-pulpcore-python3-pygments-2.10.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-pygtrie-2.4.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-pyjwkest-1.4.2-5.el7pc.noarch.rpm tfm-pulpcore-python3-pyjwt-1.7.1-7.el7pc.noarch.rpm tfm-pulpcore-python3-pyparsing-2.4.7-2.el7pc.noarch.rpm tfm-pulpcore-python3-pytz-2021.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-redis-3.5.3-2.el7pc.noarch.rpm tfm-pulpcore-python3-requests-2.26.0-3.el7pc.noarch.rpm tfm-pulpcore-python3-requirements-parser-0.2.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-schema-0.7.5-1.el7pc.noarch.rpm tfm-pulpcore-python3-semantic-version-2.8.5-2.el7pc.noarch.rpm tfm-pulpcore-python3-six-1.16.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-sqlparse-0.4.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-tablib-3.1.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-toml-0.10.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-typing-extensions-3.10.0.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-uritemplate-4.1.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-url-normalize-1.4.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-urllib3-1.26.7-1.el7pc.noarch.rpm tfm-pulpcore-python3-urlman-1.4.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-webencodings-0.5.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-whitenoise-5.3.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-xlrd-2.0.1-4.el7pc.noarch.rpm tfm-pulpcore-python3-xlwt-1.3.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-zipp-3.4.0-3.el7pc.noarch.rpm tfm-rubygem-actioncable-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-actionmailbox-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-actionmailer-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-actionpack-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-actiontext-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-actionview-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-activejob-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-activemodel-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-activerecord-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-activerecord-import-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-activerecord-session_store-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-activestorage-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-activesupport-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-acts_as_list-1.0.3-2.el7sat.noarch.rpm tfm-rubygem-addressable-2.8.0-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-8.el7sat.noarch.rpm tfm-rubygem-amazing_print-1.1.0-2.el7sat.noarch.rpm tfm-rubygem-ancestry-3.0.7-2.el7sat.noarch.rpm tfm-rubygem-anemone-0.7.2-23.el7sat.noarch.rpm tfm-rubygem-angular-rails-templates-1.1.0-2.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-3.el7sat.noarch.rpm tfm-rubygem-apipie-bindings-0.4.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-dsl-2.3.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.1.el7sat.noarch.rpm tfm-rubygem-apipie-rails-0.5.17-4.el7sat.noarch.rpm tfm-rubygem-audited-4.9.0-4.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_compute-0.22.0-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_network-0.26.1-2.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_resources-0.18.2-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_storage-0.23.0-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.5-1.el7sat.noarch.rpm tfm-rubygem-builder-3.2.4-2.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-6.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-7.el7sat.noarch.rpm tfm-rubygem-coffee-rails-5.0.0-2.el7sat.noarch.rpm tfm-rubygem-coffee-script-2.4.1-5.el7sat.noarch.rpm tfm-rubygem-coffee-script-source-1.12.2-5.el7sat.noarch.rpm tfm-rubygem-colorize-0.8.1-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-3.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-3.el7sat.noarch.rpm tfm-rubygem-connection_pool-2.2.2-3.el7sat.noarch.rpm tfm-rubygem-crass-1.0.6-2.el7sat.noarch.rpm tfm-rubygem-css_parser-1.4.7-5.el7sat.noarch.rpm tfm-rubygem-daemons-1.2.3-7.1.el7sat.noarch.rpm tfm-rubygem-deacon-1.0.0-5.el7sat.noarch.rpm tfm-rubygem-declarative-0.0.10-3.el7sat.noarch.rpm tfm-rubygem-declarative-option-0.1.0-3.el7sat.noarch.rpm tfm-rubygem-deep_cloneable-3.0.0-4.el7sat.noarch.rpm tfm-rubygem-deface-1.5.3-3.el7sat.noarch.rpm tfm-rubygem-diffy-3.0.1-6.1.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-5.el7sat.noarch.rpm tfm-rubygem-dynflow-1.6.4-1.el7sat.noarch.rpm tfm-rubygem-erubi-1.9.0-2.el7sat.noarch.rpm tfm-rubygem-excon-0.76.0-2.el7sat.noarch.rpm tfm-rubygem-execjs-2.7.0-5.el7sat.noarch.rpm tfm-rubygem-faraday-0.17.3-2.el7sat.noarch.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-2.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-3.el7sat.noarch.rpm tfm-rubygem-fast_gettext-1.4.1-5.el7sat.noarch.rpm tfm-rubygem-fog-aws-3.6.5-2.el7sat.noarch.rpm tfm-rubygem-fog-core-2.1.0-4.el7sat.noarch.rpm tfm-rubygem-fog-google-1.11.0-2.el7sat.noarch.rpm tfm-rubygem-fog-json-1.2.0-4.el7sat.noarch.rpm tfm-rubygem-fog-kubevirt-1.3.3-2.el7sat.noarch.rpm tfm-rubygem-fog-libvirt-0.9.0-1.el7sat.noarch.rpm tfm-rubygem-fog-openstack-1.0.8-4.el7sat.noarch.rpm tfm-rubygem-fog-ovirt-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-fog-vsphere-3.5.1-1.el7sat.noarch.rpm tfm-rubygem-fog-xml-0.1.2-9.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-5.2.3-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible-7.0.4.1-1.el7sat.noarch.rpm tfm-rubygem-foreman_azure_rm-2.2.6-1.el7sat.noarch.rpm tfm-rubygem-foreman_bootdisk-19.0.4.1-1.el7sat.noarch.rpm tfm-rubygem-foreman_discovery-19.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_hooks-0.3.17-2.el7sat.noarch.rpm tfm-rubygem-foreman_kubevirt-0.1.9-2.el7sat.noarch.rpm tfm-rubygem-foreman_leapp-0.1.9-1.el7sat.noarch.rpm tfm-rubygem-foreman_openscap-5.1.1-1.el7sat.noarch.rpm tfm-rubygem-foreman_puppet-2.0.6-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-5.0.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-cockpit-5.0.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_rh_cloud-5.0.39-1.el7sat.noarch.rpm tfm-rubygem-foreman_templates-9.1.0-1.el7sat.noarch.rpm tfm-rubygem-foreman_theme_satellite-9.0.0.10-1.el7sat.noarch.rpm tfm-rubygem-foreman_virt_who_configure-0.5.8-1.el7sat.noarch.rpm tfm-rubygem-foreman_webhooks-2.0.1-1.1.el7sat.noarch.rpm tfm-rubygem-formatador-0.2.1-13.el7sat.noarch.rpm tfm-rubygem-friendly_id-5.3.0-2.el7sat.noarch.rpm tfm-rubygem-fx-0.5.0-2.el7sat.noarch.rpm tfm-rubygem-get_process_mem-0.2.7-2.1.el7sat.noarch.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-3.el7sat.noarch.rpm tfm-rubygem-git-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-globalid-0.4.2-2.el7sat.noarch.rpm tfm-rubygem-google-api-client-0.33.2-2.el7sat.noarch.rpm tfm-rubygem-google-cloud-env-1.3.3-2.el7sat.noarch.rpm tfm-rubygem-googleauth-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-graphql-1.8.14-3.el7sat.noarch.rpm tfm-rubygem-graphql-batch-0.3.10-3.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-8.el7sat.noarch.rpm tfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_puppet-0.0.5-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-3.el7sat.noarch.rpm tfm-rubygem-highline-2.0.3-2.el7sat.noarch.rpm tfm-rubygem-hocon-1.3.1-2.el7sat.noarch.rpm tfm-rubygem-http-3.3.0-2.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.1.el7sat.noarch.rpm tfm-rubygem-http-form_data-2.1.1-2.el7sat.noarch.rpm tfm-rubygem-httpclient-2.8.3-4.el7sat.noarch.rpm tfm-rubygem-i18n-1.8.2-2.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-4.el7sat.noarch.rpm tfm-rubygem-ipaddress-0.8.0-13.el7sat.noarch.rpm tfm-rubygem-jgrep-1.3.3-13.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-3.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-kafo-6.4.0-1.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.2-2.el7sat.noarch.rpm tfm-rubygem-katello-4.3.0.42-1.el7sat.noarch.rpm tfm-rubygem-kubeclient-4.3.0-2.el7sat.noarch.rpm tfm-rubygem-ldap_fluff-0.6.0-1.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-3.el7sat.noarch.rpm tfm-rubygem-locale-2.0.9-15.el7sat.noarch.rpm tfm-rubygem-logging-2.3.0-2.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-3.el7sat.noarch.rpm tfm-rubygem-loofah-2.4.0-2.el7sat.noarch.rpm tfm-rubygem-mail-2.7.1-2.el7sat.noarch.rpm tfm-rubygem-marcel-1.0.1-1.el7sat.noarch.rpm tfm-rubygem-memoist-0.16.0-3.el7sat.noarch.rpm tfm-rubygem-method_source-0.9.2-3.el7sat.noarch.rpm tfm-rubygem-mime-types-3.3.1-2.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.noarch.rpm tfm-rubygem-mini_mime-1.0.2-2.el7sat.noarch.rpm tfm-rubygem-mini_portile2-2.5.1-1.el7sat.noarch.rpm tfm-rubygem-mqtt-0.5.0-1.el7sat.noarch.rpm tfm-rubygem-ms_rest-0.7.6-1.el7sat.noarch.rpm tfm-rubygem-ms_rest_azure-0.12.0-1.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-3.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-3.el7sat.noarch.rpm tfm-rubygem-mustermann-1.1.1-1.el7sat.noarch.rpm tfm-rubygem-net-ldap-0.17.0-2.el7sat.noarch.rpm tfm-rubygem-net-ping-2.0.1-5.el7sat.noarch.rpm tfm-rubygem-net-scp-1.2.1-5.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-3.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-4.el7sat.noarch.rpm tfm-rubygem-net_http_unix-0.2.2-2.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-6.el7sat.noarch.rpm tfm-rubygem-oauth-0.5.4-5.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-7.el7sat.noarch.rpm tfm-rubygem-openscap_parser-1.0.2-2.el7sat.noarch.rpm tfm-rubygem-optimist-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-os-1.0.0-3.el7sat.noarch.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-3.el7sat.noarch.rpm tfm-rubygem-parallel-1.19.1-2.el7sat.noarch.rpm tfm-rubygem-parse-cron-0.1.4-5.el7sat.noarch.rpm tfm-rubygem-polyglot-0.3.5-3.1.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-3.el7sat.noarch.rpm tfm-rubygem-prometheus-client-1.0.0-3.el7sat.noarch.rpm tfm-rubygem-promise.rb-0.7.4-3.el7sat.noarch.rpm tfm-rubygem-public_suffix-3.0.3-3.el7sat.noarch.rpm tfm-rubygem-pulp_ansible_client-0.10.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_certguard_client-1.5.0-1.el7sat.noarch.rpm tfm-rubygem-pulp_container_client-2.9.0-1.el7sat.noarch.rpm tfm-rubygem-pulp_deb_client-2.16.0-1.el7sat.noarch.rpm tfm-rubygem-pulp_file_client-1.10.0-1.el7sat.noarch.rpm tfm-rubygem-pulp_ostree_client-2.0.0-0.1.a1.el7sat.noarch.rpm tfm-rubygem-pulp_python_client-3.5.2-1.el7sat.noarch.rpm tfm-rubygem-pulp_rpm_client-3.17.4-1.el7sat.noarch.rpm tfm-rubygem-pulpcore_client-3.16.7-1.el7sat.noarch.rpm tfm-rubygem-puma-status-1.3-1.el7sat.noarch.rpm tfm-rubygem-quantile-0.2.0-5.el7sat.noarch.rpm tfm-rubygem-rabl-0.14.3-2.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-2.el7sat.noarch.rpm tfm-rubygem-rack-cors-1.0.2-3.el7sat.noarch.rpm tfm-rubygem-rack-jsonp-1.3.1-10.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-rack-test-1.1.0-5.el7sat.noarch.rpm tfm-rubygem-rails-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-rails-dom-testing-2.0.3-7.el7sat.noarch.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-2.el7sat.noarch.rpm tfm-rubygem-rails-i18n-6.0.0-3.el7sat.noarch.rpm tfm-rubygem-railties-6.0.4.7-1.el7sat.noarch.rpm tfm-rubygem-rainbow-2.2.2-1.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-6.el7sat.noarch.rpm tfm-rubygem-rbnacl-4.0.2-2.el7sat.noarch.rpm tfm-rubygem-rbvmomi-2.2.0-4.el7sat.noarch.rpm tfm-rubygem-record_tag_helper-1.0.1-4.el7sat.noarch.rpm tfm-rubygem-recursive-open-struct-1.1.0-2.el7sat.noarch.rpm tfm-rubygem-redfish_client-0.5.2-2.el7sat.noarch.rpm tfm-rubygem-redis-4.5.1-1.el7sat.noarch.rpm tfm-rubygem-representable-3.0.4-3.el7sat.noarch.rpm tfm-rubygem-responders-3.0.0-4.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-4.el7sat.noarch.rpm tfm-rubygem-retriable-3.1.2-3.el7sat.noarch.rpm tfm-rubygem-roadie-3.4.0-4.el7sat.noarch.rpm tfm-rubygem-roadie-rails-2.1.1-3.el7sat.noarch.rpm tfm-rubygem-robotex-1.0.0-22.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-5.el7sat.noarch.rpm tfm-rubygem-ruby2_keywords-0.0.4-1.el7sat.noarch.rpm tfm-rubygem-ruby2ruby-2.4.2-4.el7sat.noarch.rpm tfm-rubygem-ruby_parser-3.10.1-4.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.11.0-1.el7sat.noarch.rpm tfm-rubygem-runcible-2.13.1-2.el7sat.noarch.rpm tfm-rubygem-safemode-1.3.6-2.el7sat.noarch.rpm tfm-rubygem-scoped_search-4.1.9-2.el7sat.noarch.rpm tfm-rubygem-sd_notify-0.1.0-2.el7sat.noarch.rpm tfm-rubygem-secure_headers-6.3.0-3.el7sat.noarch.rpm tfm-rubygem-sequel-5.42.0-2.el7sat.noarch.rpm tfm-rubygem-server_sent_events-0.1.2-2.el7sat.noarch.rpm tfm-rubygem-sexp_processor-4.10.0-7.el7sat.noarch.rpm tfm-rubygem-sidekiq-5.2.10-1.el7sat.noarch.rpm tfm-rubygem-signet-0.14.0-2.el7sat.noarch.rpm tfm-rubygem-sinatra-2.1.0-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.3.1-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_container_gateway-1.0.6-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-8.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.3.2-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.1.0-6.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.6.3-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.4.1-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-3.2.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_shellhooks-0.9.2-2.el7sat.noarch.rpm tfm-rubygem-sprockets-4.0.2-2.el7sat.noarch.rpm tfm-rubygem-sprockets-rails-3.2.1-7.el7sat.noarch.rpm tfm-rubygem-sshkey-1.9.0-5.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-4.el7sat.noarch.rpm tfm-rubygem-stomp-1.4.9-2.el7sat.noarch.rpm tfm-rubygem-thor-1.0.1-3.el7sat.noarch.rpm tfm-rubygem-thread_safe-0.3.6-6.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-5.el7sat.noarch.rpm tfm-rubygem-timeliness-0.3.10-2.el7sat.noarch.rpm tfm-rubygem-tzinfo-1.2.6-2.el7sat.noarch.rpm tfm-rubygem-uber-0.1.0-3.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-9.el7sat.noarch.rpm tfm-rubygem-unicode-display_width-1.7.0-2.el7sat.noarch.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-8.el7sat.noarch.rpm tfm-rubygem-webpack-rails-0.9.8-6.1.el7sat.noarch.rpm tfm-rubygem-websocket-extensions-0.1.5-2.el7sat.noarch.rpm tfm-rubygem-will_paginate-3.1.7-4.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-zeitwerk-2.2.2-2.el7sat.noarch.rpm
x86_64: createrepo_c-0.20.0-1.el7pc.x86_64.rpm createrepo_c-debuginfo-0.20.0-1.el7pc.x86_64.rpm createrepo_c-libs-0.20.0-1.el7pc.x86_64.rpm dynflow-utils-1.6.3-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-4.1.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-4.1.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libcomps-0.1.18-1.el7pc.x86_64.rpm libcomps-debuginfo-0.1.18-1.el7pc.x86_64.rpm libmodulemd2-2.9.3-1.el7pc.x86_64.rpm libmodulemd2-debuginfo-2.9.3-1.el7pc.x86_64.rpm libsodium-1.0.17-3.el7sat.x86_64.rpm libsodium-debuginfo-1.0.17-3.el7sat.x86_64.rpm libsolv-0.7.22-1.el7pc.x86_64.rpm libsolv-debuginfo-0.7.22-1.el7pc.x86_64.rpm libsolv0-0.6.34-4.el7sat.x86_64.rpm libsolv0-debuginfo-0.6.34-4.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm pcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm pulpcore-selinux-1.3.0-1.el7pc.x86_64.rpm puppet-agent-7.12.1-1.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-psutil-debuginfo-5.7.2-2.el7sat.x86_64.rpm python-qpid-proton-0.33.0-6.el7_9.x86_64.rpm python-qpid-qmf-1.36.0-32.el7_9amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python2-libcomps-0.1.15-5.pulp.el7sat.x86_64.rpm python2-libcomps-debuginfo-0.1.15-5.pulp.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-psutil-5.7.2-2.el7sat.x86_64.rpm qpid-cpp-client-1.36.0-32.el7_9amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-32.el7_9amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-32.el7_9amq.x86_64.rpm qpid-cpp-server-1.36.0-32.el7_9amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-32.el7_9amq.x86_64.rpm qpid-dispatch-debuginfo-1.14.0-1.el7_9.x86_64.rpm qpid-dispatch-router-1.14.0-1.el7_9.x86_64.rpm qpid-proton-c-0.33.0-6.el7_9.x86_64.rpm qpid-proton-debuginfo-0.33.0-6.el7_9.x86_64.rpm qpid-qmf-1.36.0-32.el7_9amq.x86_64.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm rubygem-facter-2.4.1-2.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-pulpcore-python-aiohttp-debuginfo-3.8.1-2.el7pc.x86_64.rpm tfm-pulpcore-python-brotli-debuginfo-1.0.9-1.el7pc.x86_64.rpm tfm-pulpcore-python-cchardet-debuginfo-2.1.7-1.el7pc.x86_64.rpm tfm-pulpcore-python-cffi-debuginfo-1.15.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-cryptography-debuginfo-3.1.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-frozenlist-debuginfo-1.3.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-lxml-debuginfo-4.7.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-markupsafe-debuginfo-2.0.1-2.el7pc.x86_64.rpm tfm-pulpcore-python-multidict-debuginfo-5.2.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-psycopg2-debuginfo-2.9.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-pycairo-debuginfo-1.20.1-2.el7pc.x86_64.rpm tfm-pulpcore-python-pycares-debuginfo-4.1.2-3.el7pc.x86_64.rpm tfm-pulpcore-python-pycryptodomex-debuginfo-3.11.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-pygobject-debuginfo-3.40.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-pyrsistent-debuginfo-0.18.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-rhsm-debuginfo-1.19.2-2.el7pc.x86_64.rpm tfm-pulpcore-python-yarl-debuginfo-1.7.2-1.el7pc.x86_64.rpm tfm-pulpcore-python3-aiohttp-3.8.1-2.el7pc.x86_64.rpm tfm-pulpcore-python3-brotli-1.0.9-1.el7pc.x86_64.rpm tfm-pulpcore-python3-cchardet-2.1.7-1.el7pc.x86_64.rpm tfm-pulpcore-python3-cffi-1.15.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-createrepo_c-0.20.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-cryptography-3.1.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-frozenlist-1.3.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-libcomps-0.1.18-1.el7pc.x86_64.rpm tfm-pulpcore-python3-lxml-4.7.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-markupsafe-2.0.1-2.el7pc.x86_64.rpm tfm-pulpcore-python3-multidict-5.2.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-psycopg2-2.9.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pycairo-1.20.1-2.el7pc.x86_64.rpm tfm-pulpcore-python3-pycares-4.1.2-3.el7pc.x86_64.rpm tfm-pulpcore-python3-pycryptodomex-3.11.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pygobject-3.40.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pyrsistent-0.18.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pyyaml-5.4.1-3.el7pc.x86_64.rpm tfm-pulpcore-python3-rhsm-1.19.2-2.el7pc.x86_64.rpm tfm-pulpcore-python3-setuptools-1.0-4.el7pc.x86_64.rpm tfm-pulpcore-python3-solv-0.7.22-1.el7pc.x86_64.rpm tfm-pulpcore-python3-yarl-1.7.2-1.el7pc.x86_64.rpm tfm-pulpcore-runtime-1.0-4.el7pc.x86_64.rpm tfm-rubygem-bcrypt-3.1.12-4.1.el7sat.x86_64.rpm tfm-rubygem-bcrypt-debuginfo-3.1.12-4.1.el7sat.x86_64.rpm tfm-rubygem-facter-4.0.51-2.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-2.1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-2.1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-0.6.0-3.1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-debuginfo-0.6.0-3.1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-4.1.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-4.1.el7sat.x86_64.rpm tfm-rubygem-msgpack-1.3.3-2.1.el7sat.x86_64.rpm tfm-rubygem-msgpack-debuginfo-1.3.3-2.1.el7sat.x86_64.rpm tfm-rubygem-newt-0.9.7-3.1.el7sat.x86_64.rpm tfm-rubygem-newt-debuginfo-0.9.7-3.1.el7sat.x86_64.rpm tfm-rubygem-nio4r-2.5.4-2.1.el7sat.x86_64.rpm tfm-rubygem-nio4r-debuginfo-2.5.4-2.1.el7sat.x86_64.rpm tfm-rubygem-nokogiri-1.11.3-2.el7sat.x86_64.rpm tfm-rubygem-nokogiri-debuginfo-1.11.3-2.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-4.4.0-2.1.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-debuginfo-4.4.0-2.1.el7sat.x86_64.rpm tfm-rubygem-pg-1.1.4-4.1.el7sat.x86_64.rpm tfm-rubygem-pg-debuginfo-1.1.4-4.1.el7sat.x86_64.rpm tfm-rubygem-puma-5.6.2-1.el7sat.x86_64.rpm tfm-rubygem-puma-debuginfo-5.6.2-1.el7sat.x86_64.rpm tfm-rubygem-qpid_proton-0.33.0-5.el7sat.x86_64.rpm tfm-rubygem-qpid_proton-debuginfo-0.33.0-5.el7sat.x86_64.rpm tfm-rubygem-racc-1.5.2-1.el7sat.x86_64.rpm tfm-rubygem-racc-debuginfo-1.5.2-1.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-20.1.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-20.1.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.1-2.1.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-7.1.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-7.1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el7sat.x86_64.rpm tfm-rubygem-unicode-0.4.4.4-4.1.el7sat.x86_64.rpm tfm-rubygem-unicode-debuginfo-0.4.4.4-4.1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-0.7.1-2.1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-debuginfo-0.7.1-2.1.el7sat.x86_64.rpm tfm-runtime-7.0-1.el7sat.x86_64.rpm yggdrasil-worker-forwarder-0.0.1-1.el7sat.x86_64.rpm
Red Hat Satellite 6.11 for RHEL 7:
Source: ansible-collection-redhat-satellite-3.3.0-1.el7sat.src.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el7sat.src.rpm ansible-runner-1.4.7-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.2.0-2.el7sat.src.rpm ansiblerole-insights-client-1.7.1-2.el7sat.src.rpm createrepo_c-0.20.0-1.el7pc.src.rpm dynflow-utils-1.6.3-1.el7sat.src.rpm foreman-3.1.1.21-2.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.8.2-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-4.1.el7sat.src.rpm foreman-installer-3.1.2.6-1.el7sat.src.rpm foreman-proxy-3.1.1.1-1.el7sat.src.rpm foreman-selinux-3.1.2.1-1.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-4.3.0-3.el7sat.src.rpm katello-certs-tools-2.9.0-1.el7sat.src.rpm katello-client-bootstrap-1.7.9-1.el7sat.src.rpm libcomps-0.1.18-1.el7pc.src.rpm libmodulemd2-2.9.3-1.el7pc.src.rpm libsodium-1.0.17-3.el7sat.src.rpm libsolv-0.7.22-1.el7pc.src.rpm libsolv0-0.6.34-4.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm pulpcore-selinux-1.3.0-1.el7pc.src.rpm puppet-agent-7.12.1-1.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-5.2.0-1.el7sat.src.rpm puppetserver-7.4.2-1.el7sat.src.rpm python-daemon-2.1.2-7.2.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-psutil-5.7.2-2.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-qpid-1.35.0-5.el7.src.rpm python2-libcomps-0.1.15-5.pulp.el7sat.src.rpm qpid-cpp-1.36.0-32.el7_9amq.src.rpm qpid-dispatch-1.14.0-1.el7_9.src.rpm qpid-proton-0.33.0-6.el7_9.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm rubygem-clamp-1.1.2-7.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-foreman_maintain-1.0.12-1.el7sat.src.rpm rubygem-highline-2.0.3-2.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.11.0-2.el7sat.src.rpm satellite-installer-6.11.0.7-1.el7sat.src.rpm satellite-maintain-0.0.1-1.el7sat.src.rpm tfm-7.0-1.el7sat.src.rpm tfm-pulpcore-1.0-4.el7pc.src.rpm tfm-pulpcore-python-aiodns-3.0.0-2.el7pc.src.rpm tfm-pulpcore-python-aiofiles-0.7.0-2.el7pc.src.rpm tfm-pulpcore-python-aiohttp-3.8.1-2.el7pc.src.rpm tfm-pulpcore-python-aiohttp-xmlrpc-1.5.0-1.el7pc.src.rpm tfm-pulpcore-python-aioredis-2.0.0-2.el7pc.src.rpm tfm-pulpcore-python-aiosignal-1.2.0-1.el7pc.src.rpm tfm-pulpcore-python-ansible-builder-1.0.1-2.el7pc.src.rpm tfm-pulpcore-python-asgiref-3.4.1-1.el7pc.src.rpm tfm-pulpcore-python-async-lru-1.0.2-2.el7pc.src.rpm tfm-pulpcore-python-async-timeout-4.0.2-1.el7pc.src.rpm tfm-pulpcore-python-asyncio-throttle-1.0.2-2.el7pc.src.rpm tfm-pulpcore-python-attrs-21.2.0-2.el7pc.src.rpm tfm-pulpcore-python-backoff-1.11.1-1.el7pc.src.rpm tfm-pulpcore-python-bindep-2.10.1-1.el7pc.src.rpm tfm-pulpcore-python-bleach-3.3.1-1.el7pc.src.rpm tfm-pulpcore-python-bleach-allowlist-1.0.3-2.el7pc.src.rpm tfm-pulpcore-python-brotli-1.0.9-1.el7pc.src.rpm tfm-pulpcore-python-cchardet-2.1.7-1.el7pc.src.rpm tfm-pulpcore-python-certifi-2020.6.20-2.el7pc.src.rpm tfm-pulpcore-python-cffi-1.15.0-1.el7pc.src.rpm tfm-pulpcore-python-chardet-3.0.4-3.el7pc.src.rpm tfm-pulpcore-python-charset-normalizer-2.0.7-1.el7pc.src.rpm tfm-pulpcore-python-click-8.0.3-1.el7pc.src.rpm tfm-pulpcore-python-click-shell-2.1-2.el7pc.src.rpm tfm-pulpcore-python-colorama-0.4.4-2.el7pc.src.rpm tfm-pulpcore-python-contextlib2-21.6.0-2.el7pc.src.rpm tfm-pulpcore-python-cryptography-3.1.1-1.el7pc.src.rpm tfm-pulpcore-python-dateutil-2.8.2-1.el7pc.src.rpm tfm-pulpcore-python-debian-0.1.42-1.el7pc.src.rpm tfm-pulpcore-python-defusedxml-0.7.1-2.el7pc.src.rpm tfm-pulpcore-python-diff-match-patch-20200713-2.el7pc.src.rpm tfm-pulpcore-python-distro-1.6.0-2.el7pc.src.rpm tfm-pulpcore-python-django-3.2.13-1.el7pc.src.rpm tfm-pulpcore-python-django-currentuser-0.5.3-3.el7pc.src.rpm tfm-pulpcore-python-django-filter-21.1-1.el7pc.src.rpm tfm-pulpcore-python-django-guardian-2.4.0-3.el7pc.src.rpm tfm-pulpcore-python-django-guid-3.2.0-2.el7pc.src.rpm tfm-pulpcore-python-django-import-export-2.6.1-1.el7pc.src.rpm tfm-pulpcore-python-django-lifecycle-0.9.3-1.el7pc.src.rpm tfm-pulpcore-python-django-prometheus-2.1.0-2.el7pc.src.rpm tfm-pulpcore-python-django-readonly-field-1.0.5-3.el7pc.src.rpm tfm-pulpcore-python-djangorestframework-3.12.4-4.el7pc.src.rpm tfm-pulpcore-python-djangorestframework-queryfields-1.0.0-4.el7pc.src.rpm tfm-pulpcore-python-drf-access-policy-1.1.0-1.el7pc.src.rpm tfm-pulpcore-python-drf-nested-routers-0.93.3-3.el7pc.src.rpm tfm-pulpcore-python-drf-spectacular-0.20.1-1.el7pc.src.rpm tfm-pulpcore-python-dynaconf-3.1.7-2.el7pc.src.rpm tfm-pulpcore-python-ecdsa-0.13.3-3.el7pc.src.rpm tfm-pulpcore-python-et-xmlfile-1.1.0-1.el7pc.src.rpm tfm-pulpcore-python-flake8-3.9.2-3.el7pc.src.rpm tfm-pulpcore-python-frozenlist-1.3.0-1.el7pc.src.rpm tfm-pulpcore-python-future-0.18.2-4.el7pc.src.rpm tfm-pulpcore-python-galaxy-importer-0.4.1-2.el7pc.src.rpm tfm-pulpcore-python-gnupg-0.4.7-2.el7pc.src.rpm tfm-pulpcore-python-gunicorn-20.1.0-3.el7pc.src.rpm tfm-pulpcore-python-idna-3.3-1.el7pc.src.rpm tfm-pulpcore-python-idna-ssl-1.1.0-4.el7pc.src.rpm tfm-pulpcore-python-importlib-metadata-1.7.0-2.el7pc.src.rpm tfm-pulpcore-python-inflection-0.5.1-2.el7pc.src.rpm tfm-pulpcore-python-iniparse-0.4-34.el7pc.src.rpm tfm-pulpcore-python-jinja2-3.0.2-1.el7pc.src.rpm tfm-pulpcore-python-jsonschema-3.2.0-7.el7pc.src.rpm tfm-pulpcore-python-lxml-4.7.1-1.el7pc.src.rpm tfm-pulpcore-python-markdown-3.3.4-4.el7pc.src.rpm tfm-pulpcore-python-markuppy-1.14-2.el7pc.src.rpm tfm-pulpcore-python-markupsafe-2.0.1-2.el7pc.src.rpm tfm-pulpcore-python-mccabe-0.6.1-2.el7pc.src.rpm tfm-pulpcore-python-multidict-5.2.0-1.el7pc.src.rpm tfm-pulpcore-python-naya-1.1.1-1.el7pc.src.rpm tfm-pulpcore-python-odfpy-1.4.1-5.el7pc.src.rpm tfm-pulpcore-python-openpyxl-3.0.9-1.el7pc.src.rpm tfm-pulpcore-python-packaging-21.2-1.el7pc.src.rpm tfm-pulpcore-python-parsley-1.3-1.el7pc.src.rpm tfm-pulpcore-python-pbr-5.6.0-1.el7pc.src.rpm tfm-pulpcore-python-productmd-1.33-2.el7pc.src.rpm tfm-pulpcore-python-prometheus-client-0.8.0-2.el7pc.src.rpm tfm-pulpcore-python-psycopg2-2.9.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-ansible-0.10.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-certguard-1.5.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-cli-0.14.0-1.el7pc.src.rpm tfm-pulpcore-python-pulp-container-2.9.2-1.el7pc.src.rpm tfm-pulpcore-python-pulp-deb-2.16.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-file-1.10.1-1.el7pc.src.rpm tfm-pulpcore-python-pulp-rpm-3.17.5-1.1.el7pc.src.rpm tfm-pulpcore-python-pulpcore-3.16.9-1.el7pc.src.rpm tfm-pulpcore-python-pyOpenSSL-19.1.0-2.el7pc.src.rpm tfm-pulpcore-python-pycairo-1.20.1-2.el7pc.src.rpm tfm-pulpcore-python-pycares-4.1.2-3.el7pc.src.rpm tfm-pulpcore-python-pycodestyle-2.7.0-4.el7pc.src.rpm tfm-pulpcore-python-pycparser-2.20-2.el7pc.src.rpm tfm-pulpcore-python-pycryptodomex-3.11.0-1.el7pc.src.rpm tfm-pulpcore-python-pyflakes-2.3.1-4.el7pc.src.rpm tfm-pulpcore-python-pygments-2.10.0-2.el7pc.src.rpm tfm-pulpcore-python-pygobject-3.40.1-1.el7pc.src.rpm tfm-pulpcore-python-pygtrie-2.4.2-2.el7pc.src.rpm tfm-pulpcore-python-pyjwkest-1.4.2-5.el7pc.src.rpm tfm-pulpcore-python-pyjwt-1.7.1-7.el7pc.src.rpm tfm-pulpcore-python-pyparsing-2.4.7-2.el7pc.src.rpm tfm-pulpcore-python-pyrsistent-0.18.0-1.el7pc.src.rpm tfm-pulpcore-python-pytz-2021.3-1.el7pc.src.rpm tfm-pulpcore-python-pyyaml-5.4.1-3.el7pc.src.rpm tfm-pulpcore-python-redis-3.5.3-2.el7pc.src.rpm tfm-pulpcore-python-requests-2.26.0-3.el7pc.src.rpm tfm-pulpcore-python-requirements-parser-0.2.0-2.el7pc.src.rpm tfm-pulpcore-python-rhsm-1.19.2-2.el7pc.src.rpm tfm-pulpcore-python-schema-0.7.5-1.el7pc.src.rpm tfm-pulpcore-python-semantic-version-2.8.5-2.el7pc.src.rpm tfm-pulpcore-python-six-1.16.0-1.el7pc.src.rpm tfm-pulpcore-python-sqlparse-0.4.2-2.el7pc.src.rpm tfm-pulpcore-python-tablib-3.1.0-1.el7pc.src.rpm tfm-pulpcore-python-toml-0.10.2-2.el7pc.src.rpm tfm-pulpcore-python-typing-extensions-3.10.0.2-1.el7pc.src.rpm tfm-pulpcore-python-uritemplate-4.1.1-1.el7pc.src.rpm tfm-pulpcore-python-url-normalize-1.4.3-3.el7pc.src.rpm tfm-pulpcore-python-urllib3-1.26.7-1.el7pc.src.rpm tfm-pulpcore-python-urlman-1.4.0-2.el7pc.src.rpm tfm-pulpcore-python-webencodings-0.5.1-2.el7pc.src.rpm tfm-pulpcore-python-whitenoise-5.3.0-1.el7pc.src.rpm tfm-pulpcore-python-xlrd-2.0.1-4.el7pc.src.rpm tfm-pulpcore-python-xlwt-1.3.0-2.el7pc.src.rpm tfm-pulpcore-python-yarl-1.7.2-1.el7pc.src.rpm tfm-pulpcore-python-zipp-3.4.0-3.el7pc.src.rpm tfm-rubygem-algebrick-0.7.3-8.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-3.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.1.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-6.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-7.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-3.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-3.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-5.el7sat.src.rpm tfm-rubygem-dynflow-1.6.4-1.el7sat.src.rpm tfm-rubygem-excon-0.76.0-2.el7sat.src.rpm tfm-rubygem-faraday-0.17.3-2.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-3.el7sat.src.rpm tfm-rubygem-fast_gettext-1.4.1-5.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-2.1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-8.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-3.el7sat.src.rpm tfm-rubygem-highline-2.0.3-2.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.1.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-4.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-3.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-4.1.el7sat.src.rpm tfm-rubygem-jwt-2.2.2-2.el7sat.src.rpm tfm-rubygem-kafo-6.4.0-1.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.2.1-1.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.2-2.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-3.el7sat.src.rpm tfm-rubygem-logging-2.3.0-2.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-3.el7sat.src.rpm tfm-rubygem-mime-types-3.3.1-2.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.src.rpm tfm-rubygem-mini_portile2-2.5.1-1.el7sat.src.rpm tfm-rubygem-mqtt-0.5.0-1.el7sat.src.rpm tfm-rubygem-msgpack-1.3.3-2.1.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-3.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-3.el7sat.src.rpm tfm-rubygem-mustermann-1.1.1-1.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-3.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-4.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-6.el7sat.src.rpm tfm-rubygem-newt-0.9.7-3.1.el7sat.src.rpm tfm-rubygem-nokogiri-1.11.3-2.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-7.el7sat.src.rpm tfm-rubygem-openscap_parser-1.0.2-2.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-3.el7sat.src.rpm tfm-rubygem-racc-1.5.2-1.el7sat.src.rpm tfm-rubygem-rack-2.2.3-2.el7sat.src.rpm tfm-rubygem-rack-protection-2.1.0-2.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-6.el7sat.src.rpm tfm-rubygem-rbnacl-4.0.2-2.el7sat.src.rpm tfm-rubygem-redfish_client-0.5.2-2.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-4.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-20.1.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-5.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.1-2.1.el7sat.src.rpm tfm-rubygem-ruby2_keywords-0.0.4-1.el7sat.src.rpm tfm-rubygem-rubyipmi-0.11.0-1.el7sat.src.rpm tfm-rubygem-sd_notify-0.1.0-2.el7sat.src.rpm tfm-rubygem-sequel-5.42.0-2.el7sat.src.rpm tfm-rubygem-server_sent_events-0.1.2-2.el7sat.src.rpm tfm-rubygem-sinatra-2.1.0-3.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.3.1-2.el7sat.src.rpm tfm-rubygem-smart_proxy_container_gateway-1.0.6-1.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-8.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.3.2-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.1.0-6.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.6.3-1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.4.1-1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-3.2.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el7sat.src.rpm tfm-rubygem-smart_proxy_shellhooks-0.9.2-2.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-7.1.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-4.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-5.el7sat.src.rpm tfm-rubygem-unf-0.1.3-9.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-3.el7sat.src.rpm
noarch: ansible-collection-redhat-satellite-3.3.0-1.el7sat.noarch.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el7sat.noarch.rpm ansible-runner-1.4.7-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.2.0-2.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-2.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-debug-3.1.1.21-2.el7sat.noarch.rpm foreman-discovery-image-3.8.2-1.el7sat.noarch.rpm foreman-installer-3.1.2.6-1.el7sat.noarch.rpm foreman-installer-katello-3.1.2.6-1.el7sat.noarch.rpm foreman-proxy-3.1.1.1-1.el7sat.noarch.rpm foreman-proxy-content-4.3.0-3.el7sat.noarch.rpm foreman-proxy-journald-3.1.1.1-1.el7sat.noarch.rpm foreman-proxy-selinux-3.1.2.1-1.el7sat.noarch.rpm katello-certs-tools-2.9.0-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.9-1.el7sat.noarch.rpm katello-common-4.3.0-3.el7sat.noarch.rpm katello-debug-4.3.0-3.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-5.2.0-1.el7sat.noarch.rpm puppetserver-7.4.2-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python2-ansible-runner-1.4.7-1.el7ar.noarch.rpm python2-daemon-2.1.2-7.2.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm qpid-tools-1.36.0-32.el7_9amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm rubygem-clamp-1.1.2-7.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-foreman_maintain-1.0.12-1.el7sat.noarch.rpm rubygem-highline-2.0.3-2.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm satellite-capsule-6.11.0-2.el7sat.noarch.rpm satellite-common-6.11.0-2.el7sat.noarch.rpm satellite-installer-6.11.0.7-1.el7sat.noarch.rpm satellite-maintain-0.0.1-1.el7sat.noarch.rpm tfm-pulpcore-python3-aiodns-3.0.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-aiofiles-0.7.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-aiohttp-xmlrpc-1.5.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-aioredis-2.0.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-aiosignal-1.2.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-ansible-builder-1.0.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-asgiref-3.4.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-async-lru-1.0.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-async-timeout-4.0.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-asyncio-throttle-1.0.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-attrs-21.2.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-backoff-1.11.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-bindep-2.10.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-bleach-3.3.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-bleach-allowlist-1.0.3-2.el7pc.noarch.rpm tfm-pulpcore-python3-certifi-2020.6.20-2.el7pc.noarch.rpm tfm-pulpcore-python3-chardet-3.0.4-3.el7pc.noarch.rpm tfm-pulpcore-python3-charset-normalizer-2.0.7-1.el7pc.noarch.rpm tfm-pulpcore-python3-click-8.0.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-click-shell-2.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-colorama-0.4.4-2.el7pc.noarch.rpm tfm-pulpcore-python3-contextlib2-21.6.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-dateutil-2.8.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-debian-0.1.42-1.el7pc.noarch.rpm tfm-pulpcore-python3-defusedxml-0.7.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-diff-match-patch-20200713-2.el7pc.noarch.rpm tfm-pulpcore-python3-distro-1.6.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-django-3.2.13-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-currentuser-0.5.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-django-filter-21.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-guardian-2.4.0-3.el7pc.noarch.rpm tfm-pulpcore-python3-django-guid-3.2.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-django-import-export-2.6.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-lifecycle-0.9.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-django-prometheus-2.1.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-django-readonly-field-1.0.5-3.el7pc.noarch.rpm tfm-pulpcore-python3-djangorestframework-3.12.4-4.el7pc.noarch.rpm tfm-pulpcore-python3-djangorestframework-queryfields-1.0.0-4.el7pc.noarch.rpm tfm-pulpcore-python3-drf-access-policy-1.1.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-drf-nested-routers-0.93.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-drf-spectacular-0.20.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-dynaconf-3.1.7-2.el7pc.noarch.rpm tfm-pulpcore-python3-ecdsa-0.13.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-et-xmlfile-1.1.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-flake8-3.9.2-3.el7pc.noarch.rpm tfm-pulpcore-python3-future-0.18.2-4.el7pc.noarch.rpm tfm-pulpcore-python3-galaxy-importer-0.4.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-gnupg-0.4.7-2.el7pc.noarch.rpm tfm-pulpcore-python3-gunicorn-20.1.0-3.el7pc.noarch.rpm tfm-pulpcore-python3-idna-3.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-idna-ssl-1.1.0-4.el7pc.noarch.rpm tfm-pulpcore-python3-importlib-metadata-1.7.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-inflection-0.5.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-iniparse-0.4-34.el7pc.noarch.rpm tfm-pulpcore-python3-jinja2-3.0.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-jsonschema-3.2.0-7.el7pc.noarch.rpm tfm-pulpcore-python3-markdown-3.3.4-4.el7pc.noarch.rpm tfm-pulpcore-python3-markuppy-1.14-2.el7pc.noarch.rpm tfm-pulpcore-python3-mccabe-0.6.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-naya-1.1.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-odfpy-1.4.1-5.el7pc.noarch.rpm tfm-pulpcore-python3-openpyxl-3.0.9-1.el7pc.noarch.rpm tfm-pulpcore-python3-packaging-21.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-parsley-1.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-pbr-5.6.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-productmd-1.33-2.el7pc.noarch.rpm tfm-pulpcore-python3-prometheus-client-0.8.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-ansible-0.10.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-certguard-1.5.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-cli-0.14.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-container-2.9.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-deb-2.16.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-file-1.10.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-pulp-rpm-3.17.5-1.1.el7pc.noarch.rpm tfm-pulpcore-python3-pulpcore-3.16.9-1.el7pc.noarch.rpm tfm-pulpcore-python3-pyOpenSSL-19.1.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-pycodestyle-2.7.0-4.el7pc.noarch.rpm tfm-pulpcore-python3-pycparser-2.20-2.el7pc.noarch.rpm tfm-pulpcore-python3-pyflakes-2.3.1-4.el7pc.noarch.rpm tfm-pulpcore-python3-pygments-2.10.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-pygtrie-2.4.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-pyjwkest-1.4.2-5.el7pc.noarch.rpm tfm-pulpcore-python3-pyjwt-1.7.1-7.el7pc.noarch.rpm tfm-pulpcore-python3-pyparsing-2.4.7-2.el7pc.noarch.rpm tfm-pulpcore-python3-pytz-2021.3-1.el7pc.noarch.rpm tfm-pulpcore-python3-redis-3.5.3-2.el7pc.noarch.rpm tfm-pulpcore-python3-requests-2.26.0-3.el7pc.noarch.rpm tfm-pulpcore-python3-requirements-parser-0.2.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-schema-0.7.5-1.el7pc.noarch.rpm tfm-pulpcore-python3-semantic-version-2.8.5-2.el7pc.noarch.rpm tfm-pulpcore-python3-six-1.16.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-sqlparse-0.4.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-tablib-3.1.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-toml-0.10.2-2.el7pc.noarch.rpm tfm-pulpcore-python3-typing-extensions-3.10.0.2-1.el7pc.noarch.rpm tfm-pulpcore-python3-uritemplate-4.1.1-1.el7pc.noarch.rpm tfm-pulpcore-python3-url-normalize-1.4.3-3.el7pc.noarch.rpm tfm-pulpcore-python3-urllib3-1.26.7-1.el7pc.noarch.rpm tfm-pulpcore-python3-urlman-1.4.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-webencodings-0.5.1-2.el7pc.noarch.rpm tfm-pulpcore-python3-whitenoise-5.3.0-1.el7pc.noarch.rpm tfm-pulpcore-python3-xlrd-2.0.1-4.el7pc.noarch.rpm tfm-pulpcore-python3-xlwt-1.3.0-2.el7pc.noarch.rpm tfm-pulpcore-python3-zipp-3.4.0-3.el7pc.noarch.rpm tfm-rubygem-algebrick-0.7.3-8.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-3.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.1.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-6.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-7.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-3.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-3.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-5.el7sat.noarch.rpm tfm-rubygem-dynflow-1.6.4-1.el7sat.noarch.rpm tfm-rubygem-excon-0.76.0-2.el7sat.noarch.rpm tfm-rubygem-faraday-0.17.3-2.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-3.el7sat.noarch.rpm tfm-rubygem-fast_gettext-1.4.1-5.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-8.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-3.el7sat.noarch.rpm tfm-rubygem-highline-2.0.3-2.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.1.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-4.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-3.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-kafo-6.4.0-1.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.2-2.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-3.el7sat.noarch.rpm tfm-rubygem-logging-2.3.0-2.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-3.el7sat.noarch.rpm tfm-rubygem-mime-types-3.3.1-2.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.noarch.rpm tfm-rubygem-mini_portile2-2.5.1-1.el7sat.noarch.rpm tfm-rubygem-mqtt-0.5.0-1.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-3.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-3.el7sat.noarch.rpm tfm-rubygem-mustermann-1.1.1-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-3.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-4.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-6.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-7.el7sat.noarch.rpm tfm-rubygem-openscap_parser-1.0.2-2.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-3.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-2.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-6.el7sat.noarch.rpm tfm-rubygem-rbnacl-4.0.2-2.el7sat.noarch.rpm tfm-rubygem-redfish_client-0.5.2-2.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-4.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-5.el7sat.noarch.rpm tfm-rubygem-ruby2_keywords-0.0.4-1.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.11.0-1.el7sat.noarch.rpm tfm-rubygem-sd_notify-0.1.0-2.el7sat.noarch.rpm tfm-rubygem-sequel-5.42.0-2.el7sat.noarch.rpm tfm-rubygem-server_sent_events-0.1.2-2.el7sat.noarch.rpm tfm-rubygem-sinatra-2.1.0-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.3.1-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_container_gateway-1.0.6-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-8.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.3.2-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.1.0-6.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.6.3-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.4.1-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-3.2.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_shellhooks-0.9.2-2.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-4.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-5.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-9.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-3.el7sat.noarch.rpm
x86_64: createrepo_c-0.20.0-1.el7pc.x86_64.rpm createrepo_c-debuginfo-0.20.0-1.el7pc.x86_64.rpm createrepo_c-libs-0.20.0-1.el7pc.x86_64.rpm dynflow-utils-1.6.3-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-4.1.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-4.1.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libcomps-0.1.18-1.el7pc.x86_64.rpm libcomps-debuginfo-0.1.18-1.el7pc.x86_64.rpm libmodulemd2-2.9.3-1.el7pc.x86_64.rpm libmodulemd2-debuginfo-2.9.3-1.el7pc.x86_64.rpm libsodium-1.0.17-3.el7sat.x86_64.rpm libsodium-debuginfo-1.0.17-3.el7sat.x86_64.rpm libsolv-0.7.22-1.el7pc.x86_64.rpm libsolv-debuginfo-0.7.22-1.el7pc.x86_64.rpm libsolv0-0.6.34-4.el7sat.x86_64.rpm libsolv0-debuginfo-0.6.34-4.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm pulpcore-selinux-1.3.0-1.el7pc.x86_64.rpm puppet-agent-7.12.1-1.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-psutil-debuginfo-5.7.2-2.el7sat.x86_64.rpm python-qpid-proton-0.33.0-6.el7_9.x86_64.rpm python-qpid-qmf-1.36.0-32.el7_9amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python2-libcomps-0.1.15-5.pulp.el7sat.x86_64.rpm python2-libcomps-debuginfo-0.1.15-5.pulp.el7sat.x86_64.rpm python2-psutil-5.7.2-2.el7sat.x86_64.rpm qpid-cpp-client-1.36.0-32.el7_9amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-32.el7_9amq.x86_64.rpm qpid-cpp-server-1.36.0-32.el7_9amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-32.el7_9amq.x86_64.rpm qpid-dispatch-debuginfo-1.14.0-1.el7_9.x86_64.rpm qpid-dispatch-router-1.14.0-1.el7_9.x86_64.rpm qpid-proton-c-0.33.0-6.el7_9.x86_64.rpm qpid-proton-debuginfo-0.33.0-6.el7_9.x86_64.rpm qpid-qmf-1.36.0-32.el7_9amq.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-pulpcore-python-aiohttp-debuginfo-3.8.1-2.el7pc.x86_64.rpm tfm-pulpcore-python-brotli-debuginfo-1.0.9-1.el7pc.x86_64.rpm tfm-pulpcore-python-cchardet-debuginfo-2.1.7-1.el7pc.x86_64.rpm tfm-pulpcore-python-cffi-debuginfo-1.15.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-cryptography-debuginfo-3.1.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-frozenlist-debuginfo-1.3.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-lxml-debuginfo-4.7.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-markupsafe-debuginfo-2.0.1-2.el7pc.x86_64.rpm tfm-pulpcore-python-multidict-debuginfo-5.2.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-psycopg2-debuginfo-2.9.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-pycairo-debuginfo-1.20.1-2.el7pc.x86_64.rpm tfm-pulpcore-python-pycares-debuginfo-4.1.2-3.el7pc.x86_64.rpm tfm-pulpcore-python-pycryptodomex-debuginfo-3.11.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-pygobject-debuginfo-3.40.1-1.el7pc.x86_64.rpm tfm-pulpcore-python-pyrsistent-debuginfo-0.18.0-1.el7pc.x86_64.rpm tfm-pulpcore-python-rhsm-debuginfo-1.19.2-2.el7pc.x86_64.rpm tfm-pulpcore-python-yarl-debuginfo-1.7.2-1.el7pc.x86_64.rpm tfm-pulpcore-python3-aiohttp-3.8.1-2.el7pc.x86_64.rpm tfm-pulpcore-python3-brotli-1.0.9-1.el7pc.x86_64.rpm tfm-pulpcore-python3-cchardet-2.1.7-1.el7pc.x86_64.rpm tfm-pulpcore-python3-cffi-1.15.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-createrepo_c-0.20.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-cryptography-3.1.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-frozenlist-1.3.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-libcomps-0.1.18-1.el7pc.x86_64.rpm tfm-pulpcore-python3-lxml-4.7.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-markupsafe-2.0.1-2.el7pc.x86_64.rpm tfm-pulpcore-python3-multidict-5.2.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-psycopg2-2.9.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pycairo-1.20.1-2.el7pc.x86_64.rpm tfm-pulpcore-python3-pycares-4.1.2-3.el7pc.x86_64.rpm tfm-pulpcore-python3-pycryptodomex-3.11.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pygobject-3.40.1-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pyrsistent-0.18.0-1.el7pc.x86_64.rpm tfm-pulpcore-python3-pyyaml-5.4.1-3.el7pc.x86_64.rpm tfm-pulpcore-python3-rhsm-1.19.2-2.el7pc.x86_64.rpm tfm-pulpcore-python3-setuptools-1.0-4.el7pc.x86_64.rpm tfm-pulpcore-python3-solv-0.7.22-1.el7pc.x86_64.rpm tfm-pulpcore-python3-yarl-1.7.2-1.el7pc.x86_64.rpm tfm-pulpcore-runtime-1.0-4.el7pc.x86_64.rpm tfm-rubygem-ffi-1.12.2-2.1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-2.1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-4.1.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-4.1.el7sat.x86_64.rpm tfm-rubygem-msgpack-1.3.3-2.1.el7sat.x86_64.rpm tfm-rubygem-msgpack-debuginfo-1.3.3-2.1.el7sat.x86_64.rpm tfm-rubygem-newt-0.9.7-3.1.el7sat.x86_64.rpm tfm-rubygem-newt-debuginfo-0.9.7-3.1.el7sat.x86_64.rpm tfm-rubygem-nokogiri-1.11.3-2.el7sat.x86_64.rpm tfm-rubygem-nokogiri-debuginfo-1.11.3-2.el7sat.x86_64.rpm tfm-rubygem-racc-1.5.2-1.el7sat.x86_64.rpm tfm-rubygem-racc-debuginfo-1.5.2-1.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-20.1.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-20.1.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.1-2.1.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-7.1.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-7.1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el7sat.x86_64.rpm tfm-runtime-7.0-1.el7sat.x86_64.rpm
Red Hat Satellite 6.11 for RHEL 7:
Source: rubygem-clamp-1.1.2-7.el7sat.src.rpm rubygem-foreman_maintain-1.0.12-1.el7sat.src.rpm rubygem-highline-2.0.3-2.el7sat.src.rpm satellite-clone-3.1.0-2.el7sat.src.rpm satellite-maintain-0.0.1-1.el7sat.src.rpm
noarch: rubygem-clamp-1.1.2-7.el7sat.noarch.rpm rubygem-foreman_maintain-1.0.12-1.el7sat.noarch.rpm rubygem-highline-2.0.3-2.el7sat.noarch.rpm satellite-clone-3.1.0-2.el7sat.noarch.rpm satellite-maintain-0.0.1-1.el7sat.noarch.rpm
Red Hat Satellite 6.11 for RHEL 7:
Source: foreman-3.1.1.21-2.el7sat.src.rpm satellite-6.11.0-2.el7sat.src.rpm tfm-7.0-1.el7sat.src.rpm tfm-rubygem-amazing_print-1.1.0-2.el7sat.src.rpm tfm-rubygem-apipie-bindings-0.4.0-2.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-7.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-5.el7sat.src.rpm tfm-rubygem-fast_gettext-1.4.1-5.el7sat.src.rpm tfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-3.el7sat.src.rpm tfm-rubygem-highline-2.0.3-2.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.1.el7sat.src.rpm tfm-rubygem-jwt-2.2.2-2.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-3.el7sat.src.rpm tfm-rubygem-locale-2.0.9-15.el7sat.src.rpm tfm-rubygem-logging-2.3.0-2.el7sat.src.rpm tfm-rubygem-mime-types-3.3.1-2.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-6.el7sat.src.rpm tfm-rubygem-oauth-0.5.4-5.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-3.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-4.el7sat.src.rpm tfm-rubygem-unf-0.1.3-9.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.src.rpm tfm-rubygem-unicode-0.4.4.4-4.1.el7sat.src.rpm tfm-rubygem-unicode-display_width-1.7.0-2.el7sat.src.rpm
noarch: foreman-cli-3.1.1.21-2.el7sat.noarch.rpm satellite-cli-6.11.0-2.el7sat.noarch.rpm tfm-rubygem-amazing_print-1.1.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-bindings-0.4.0-2.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-7.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-5.el7sat.noarch.rpm tfm-rubygem-fast_gettext-1.4.1-5.el7sat.noarch.rpm tfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-3.el7sat.noarch.rpm tfm-rubygem-highline-2.0.3-2.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.1.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-3.el7sat.noarch.rpm tfm-rubygem-locale-2.0.9-15.el7sat.noarch.rpm tfm-rubygem-logging-2.3.0-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.3.1-2.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-6.el7sat.noarch.rpm tfm-rubygem-oauth-0.5.4-5.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-3.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-4.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-9.el7sat.noarch.rpm tfm-rubygem-unicode-display_width-1.7.0-2.el7sat.noarch.rpm
x86_64: tfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el7sat.x86_64.rpm tfm-rubygem-unicode-0.4.4.4-4.1.el7sat.x86_64.rpm tfm-rubygem-unicode-debuginfo-0.4.4.4-4.1.el7sat.x86_64.rpm tfm-runtime-7.0-1.el7sat.x86_64.rpm
Red Hat Satellite 6.11 for RHEL 8:
Source: ansible-collection-redhat-satellite-3.3.0-1.el8sat.src.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.src.rpm ansible-lint-5.0.8-3.el8pc.src.rpm ansible-runner-1.4.7-1.el8ar.src.rpm ansiblerole-foreman_scap_client-0.2.0-2.el8sat.src.rpm ansiblerole-insights-client-1.7.1-2.el8sat.src.rpm candlepin-4.1.13-1.el8sat.src.rpm createrepo_c-0.20.0-1.el8pc.src.rpm dynflow-utils-1.6.3-1.el8sat.src.rpm foreman-3.1.1.21-2.el8sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el8sat.src.rpm foreman-discovery-image-3.8.2-1.el8sat.src.rpm foreman-discovery-image-service-1.0.0-4.1.el8sat.src.rpm foreman-installer-3.1.2.6-1.el8sat.src.rpm foreman-proxy-3.1.1.1-1.el8sat.src.rpm foreman-selinux-3.1.2.1-1.el8sat.src.rpm katello-4.3.0-3.el8sat.src.rpm katello-certs-tools-2.9.0-1.el8sat.src.rpm katello-client-bootstrap-1.7.9-1.el8sat.src.rpm katello-selinux-4.0.2-1.el8sat.src.rpm libcomps-0.1.18-1.el8pc.src.rpm libdb-5.3.28-42.el8_4.src.rpm libsodium-1.0.17-3.el8sat.src.rpm libsolv-0.7.22-1.el8pc.src.rpm libwebsockets-2.4.2-2.el8.src.rpm postgresql-evr-0.0.2-1.el8sat.src.rpm pulpcore-selinux-1.3.0-1.el8pc.src.rpm puppet-agent-7.12.1-1.el8sat.src.rpm puppet-agent-oauth-0.5.1-3.el8sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el8sat.src.rpm puppetlabs-stdlib-5.2.0-1.el8sat.src.rpm puppetserver-7.4.2-1.el8sat.src.rpm python-aiodns-3.0.0-2.el8pc.src.rpm python-aiofiles-0.7.0-2.el8pc.src.rpm python-aiohttp-3.8.1-2.el8pc.src.rpm python-aiohttp-xmlrpc-1.5.0-1.el8pc.src.rpm python-aioredis-2.0.0-2.el8pc.src.rpm python-aiosignal-1.2.0-1.el8pc.src.rpm python-ansible-builder-1.0.1-2.el8pc.src.rpm python-asgiref-3.4.1-1.el8pc.src.rpm python-async-lru-1.0.2-2.el8pc.src.rpm python-async-timeout-4.0.2-1.el8pc.src.rpm python-asyncio-throttle-1.0.2-2.el8pc.src.rpm python-attrs-21.2.0-2.el8pc.src.rpm python-backoff-1.11.1-1.el8pc.src.rpm python-bindep-2.10.1-1.el8pc.src.rpm python-bleach-3.3.1-1.el8pc.src.rpm python-bleach-allowlist-1.0.3-2.el8pc.src.rpm python-bracex-2.2-1.el8pc.src.rpm python-brotli-1.0.9-1.el8pc.src.rpm python-cchardet-2.1.7-1.el8pc.src.rpm python-certifi-2020.6.20-2.el8pc.src.rpm python-cffi-1.15.0-1.el8pc.src.rpm python-charset-normalizer-2.0.7-1.el8pc.src.rpm python-click-8.0.3-1.el8pc.src.rpm python-click-shell-2.1-2.el8pc.src.rpm python-colorama-0.4.4-2.el8pc.src.rpm python-commonmark-0.9.1-4.el8pc.src.rpm python-contextlib2-21.6.0-2.el8pc.src.rpm python-cryptography-3.1.1-1.el8pc.src.rpm python-daemon-2.1.2-9.el8ar.src.rpm python-dataclasses-0.8-2.el8pc.src.rpm python-dateutil-2.8.2-1.el8pc.src.rpm python-debian-0.1.42-1.el8pc.src.rpm python-defusedxml-0.7.1-2.el8pc.src.rpm python-diff-match-patch-20200713-2.el8pc.src.rpm python-distro-1.6.0-2.el8pc.src.rpm python-django-3.2.13-1.el8pc.src.rpm python-django-currentuser-0.5.3-3.el8pc.src.rpm python-django-filter-21.1-1.el8pc.src.rpm python-django-guardian-2.4.0-3.el8pc.src.rpm python-django-guid-3.2.0-2.el8pc.src.rpm python-django-import-export-2.6.1-1.el8pc.src.rpm python-django-lifecycle-0.9.3-1.el8pc.src.rpm python-django-prometheus-2.1.0-2.el8pc.src.rpm python-django-readonly-field-1.0.5-3.el8pc.src.rpm python-djangorestframework-3.12.4-4.el8pc.src.rpm python-djangorestframework-queryfields-1.0.0-4.el8pc.src.rpm python-drf-access-policy-1.1.0-1.el8pc.src.rpm python-drf-nested-routers-0.93.3-3.el8pc.src.rpm python-drf-spectacular-0.20.1-1.el8pc.src.rpm python-dynaconf-3.1.7-2.el8pc.src.rpm python-ecdsa-0.13.3-3.el8pc.src.rpm python-enrich-1.2.6-3.el8pc.src.rpm python-et-xmlfile-1.1.0-1.el8pc.src.rpm python-flake8-3.9.2-3.el8pc.src.rpm python-frozenlist-1.3.0-1.el8pc.src.rpm python-future-0.18.2-4.el8pc.src.rpm python-galaxy-importer-0.4.1-2.el8pc.src.rpm python-gnupg-0.4.7-2.el8pc.src.rpm python-gunicorn-20.1.0-3.el8pc.src.rpm python-idna-3.3-1.el8pc.src.rpm python-idna-ssl-1.1.0-4.el8pc.src.rpm python-importlib-metadata-1.7.0-2.el8pc.src.rpm python-inflection-0.5.1-2.el8pc.src.rpm python-iniparse-0.4-34.el8pc.src.rpm python-jinja2-3.0.2-1.el8pc.src.rpm python-jsonschema-3.2.0-7.el8pc.src.rpm python-lockfile-0.11.0-8.el8ar.src.rpm python-lxml-4.7.1-1.el8pc.src.rpm python-markdown-3.3.4-4.el8pc.src.rpm python-markuppy-1.14-2.el8pc.src.rpm python-markupsafe-2.0.1-2.el8pc.src.rpm python-mccabe-0.6.1-2.el8pc.src.rpm python-multidict-5.2.0-1.el8pc.src.rpm python-naya-1.1.1-1.el8pc.src.rpm python-odfpy-1.4.1-5.el8pc.src.rpm python-openpyxl-3.0.9-1.el8pc.src.rpm python-packaging-21.2-1.el8pc.src.rpm python-parsley-1.3-1.el8pc.src.rpm python-pbr-5.6.0-1.el8pc.src.rpm python-pexpect-4.6-2.el8ar.src.rpm python-productmd-1.33-2.el8pc.src.rpm python-prometheus-client-0.8.0-2.el8pc.src.rpm python-psutil-5.7.2-2.el8sat.src.rpm python-psycopg2-2.9.1-1.el8pc.src.rpm python-pulp-ansible-0.10.1-1.el8pc.src.rpm python-pulp-certguard-1.5.1-1.el8pc.src.rpm python-pulp-cli-0.14.0-1.el8pc.src.rpm python-pulp-container-2.9.2-1.el8pc.src.rpm python-pulp-deb-2.16.1-1.el8pc.src.rpm python-pulp-file-1.10.1-1.el8pc.src.rpm python-pulp-rpm-3.17.5-1.1.el8pc.src.rpm python-pulpcore-3.16.9-1.el8pc.src.rpm python-pyOpenSSL-19.1.0-2.el8pc.src.rpm python-pycairo-1.20.1-2.el8pc.src.rpm python-pycares-4.1.2-3.el8pc.src.rpm python-pycodestyle-2.7.0-4.el8pc.src.rpm python-pycparser-2.20-2.el8pc.src.rpm python-pycryptodomex-3.11.0-1.el8pc.src.rpm python-pyflakes-2.3.1-4.el8pc.src.rpm python-pygments-2.10.0-2.el8pc.src.rpm python-pygobject-3.40.1-1.el8pc.src.rpm python-pygtrie-2.4.2-2.el8pc.src.rpm python-pyjwkest-1.4.2-5.el8pc.src.rpm python-pyjwt-1.7.1-7.el8pc.src.rpm python-pyparsing-2.4.7-2.el8pc.src.rpm python-pyrsistent-0.18.0-1.el8pc.src.rpm python-pytz-2021.3-1.el8pc.src.rpm python-pyyaml-5.4.1-3.el8pc.src.rpm python-qpid-1.37.0-1.el8.src.rpm python-redis-3.5.3-2.el8pc.src.rpm python-requests-2.26.0-3.el8pc.src.rpm python-requirements-parser-0.2.0-2.el8pc.src.rpm python-rhsm-1.19.2-2.el8pc.src.rpm python-rich-10.12.0-1.el8pc.src.rpm python-ruamel-yaml-0.17.17-1.el8pc.src.rpm python-ruamel-yaml-clib-0.2.6-1.el8pc.src.rpm python-schema-0.7.5-1.el8pc.src.rpm python-semantic-version-2.8.5-2.el8pc.src.rpm python-six-1.16.0-1.el8pc.src.rpm python-sqlparse-0.4.2-2.el8pc.src.rpm python-tablib-3.1.0-1.el8pc.src.rpm python-tenacity-7.0.0-2.el8pc.src.rpm python-toml-0.10.2-2.el8pc.src.rpm python-typing-extensions-3.10.0.2-1.el8pc.src.rpm python-uritemplate-4.1.1-1.el8pc.src.rpm python-url-normalize-1.4.3-3.el8pc.src.rpm python-urllib3-1.26.7-1.el8pc.src.rpm python-urlman-1.4.0-2.el8pc.src.rpm python-wcmatch-8.3-1.el8pc.src.rpm python-webencodings-0.5.1-2.el8pc.src.rpm python-whitenoise-5.3.0-1.el8pc.src.rpm python-xlrd-2.0.1-4.el8pc.src.rpm python-xlwt-1.3.0-2.el8pc.src.rpm python-yarl-1.7.2-1.el8pc.src.rpm python-zipp-3.4.0-3.el8pc.src.rpm qpid-cpp-1.39.0-7.el8amq.src.rpm qpid-dispatch-1.14.0-6.el8.src.rpm qpid-proton-0.33.0-4.el8.src.rpm redhat-access-insights-puppet-1.0.1-1.el8sat.src.rpm rubygem-actioncable-6.0.4.7-1.el8sat.src.rpm rubygem-actionmailbox-6.0.4.7-1.el8sat.src.rpm rubygem-actionmailer-6.0.4.7-1.el8sat.src.rpm rubygem-actionpack-6.0.4.7-1.el8sat.src.rpm rubygem-actiontext-6.0.4.7-1.el8sat.src.rpm rubygem-actionview-6.0.4.7-1.el8sat.src.rpm rubygem-activejob-6.0.4.7-1.el8sat.src.rpm rubygem-activemodel-6.0.4.7-1.el8sat.src.rpm rubygem-activerecord-6.0.4.7-1.el8sat.src.rpm rubygem-activerecord-import-1.1.0-1.el8sat.src.rpm rubygem-activerecord-session_store-2.0.0-1.el8sat.src.rpm rubygem-activestorage-6.0.4.7-1.el8sat.src.rpm rubygem-activesupport-6.0.4.7-1.el8sat.src.rpm rubygem-acts_as_list-1.0.3-2.el8sat.src.rpm rubygem-addressable-2.8.0-1.el8sat.src.rpm rubygem-algebrick-0.7.3-8.el8sat.src.rpm rubygem-amazing_print-1.1.0-2.el8sat.src.rpm rubygem-ancestry-3.0.7-2.el8sat.src.rpm rubygem-anemone-0.7.2-23.el8sat.src.rpm rubygem-angular-rails-templates-1.1.0-2.el8sat.src.rpm rubygem-ansi-1.5.0-3.el8sat.src.rpm rubygem-apipie-bindings-0.4.0-2.el8sat.src.rpm rubygem-apipie-dsl-2.4.0-1.el8sat.src.rpm rubygem-apipie-params-0.0.5-5.1.el8sat.src.rpm rubygem-apipie-rails-0.5.17-4.el8sat.src.rpm rubygem-audited-4.9.0-4.el8sat.src.rpm rubygem-azure_mgmt_compute-0.22.0-1.el8sat.src.rpm rubygem-azure_mgmt_network-0.26.1-2.el8sat.src.rpm rubygem-azure_mgmt_resources-0.18.2-1.el8sat.src.rpm rubygem-azure_mgmt_storage-0.23.0-1.el8sat.src.rpm rubygem-azure_mgmt_subscriptions-0.18.5-1.el8sat.src.rpm rubygem-bcrypt-3.1.12-4.1.el8sat.src.rpm rubygem-builder-3.2.4-2.el8sat.src.rpm rubygem-bundler_ext-0.4.1-6.el8sat.src.rpm rubygem-clamp-1.1.2-7.el8sat.src.rpm rubygem-coffee-rails-5.0.0-2.el8sat.src.rpm rubygem-coffee-script-2.4.1-5.el8sat.src.rpm rubygem-coffee-script-source-1.12.2-5.el8sat.src.rpm rubygem-colorize-0.8.1-2.el8sat.src.rpm rubygem-concurrent-ruby-1.1.6-3.el8sat.src.rpm rubygem-concurrent-ruby-edge-0.6.0-3.el8sat.src.rpm rubygem-connection_pool-2.2.2-3.el8sat.src.rpm rubygem-crass-1.0.6-2.el8sat.src.rpm rubygem-css_parser-1.4.7-5.el8sat.src.rpm rubygem-daemons-1.2.3-7.1.el8sat.src.rpm rubygem-deacon-1.0.0-5.el8sat.src.rpm rubygem-declarative-0.0.10-3.el8sat.src.rpm rubygem-declarative-option-0.1.0-3.el8sat.src.rpm rubygem-deep_cloneable-3.0.0-4.el8sat.src.rpm rubygem-deface-1.5.3-3.el8sat.src.rpm rubygem-diffy-3.0.1-6.1.el8sat.src.rpm rubygem-domain_name-0.5.20160310-5.el8sat.src.rpm rubygem-dynflow-1.6.4-1.el8sat.src.rpm rubygem-erubi-1.9.0-2.el8sat.src.rpm rubygem-excon-0.76.0-2.el8sat.src.rpm rubygem-execjs-2.7.0-5.el8sat.src.rpm rubygem-facter-4.0.51-2.el8sat.src.rpm rubygem-faraday-0.17.3-2.el8sat.src.rpm rubygem-faraday-cookie_jar-0.0.6-2.el8sat.src.rpm rubygem-faraday_middleware-0.13.1-3.el8sat.src.rpm rubygem-fast_gettext-1.4.1-5.el8sat.src.rpm rubygem-ffi-1.12.2-2.1.el8sat.src.rpm rubygem-fog-aws-3.6.5-2.el8sat.src.rpm rubygem-fog-core-2.1.0-4.el8sat.src.rpm rubygem-fog-google-1.11.0-2.el8sat.src.rpm rubygem-fog-json-1.2.0-4.el8sat.src.rpm rubygem-fog-kubevirt-1.3.3-2.el8sat.src.rpm rubygem-fog-libvirt-0.9.0-1.el8sat.src.rpm rubygem-fog-openstack-1.0.8-4.el8sat.src.rpm rubygem-fog-ovirt-2.0.1-2.el8sat.src.rpm rubygem-fog-vsphere-3.5.1-1.el8sat.src.rpm rubygem-fog-xml-0.1.2-9.el8sat.src.rpm rubygem-foreman-tasks-5.2.3-1.el8sat.src.rpm rubygem-foreman_ansible-7.0.4.1-1.el8sat.src.rpm rubygem-foreman_azure_rm-2.2.6-1.el8sat.src.rpm rubygem-foreman_bootdisk-19.0.4.1-1.el8sat.src.rpm rubygem-foreman_discovery-19.0.4-1.el8sat.src.rpm rubygem-foreman_hooks-0.3.17-2.el8sat.src.rpm rubygem-foreman_kubevirt-0.1.9-2.el8sat.src.rpm rubygem-foreman_leapp-0.1.9-1.el8sat.src.rpm rubygem-foreman_maintain-1.0.12-1.el8sat.src.rpm rubygem-foreman_openscap-5.1.1-1.el8sat.src.rpm rubygem-foreman_puppet-2.0.6-1.el8sat.src.rpm rubygem-foreman_remote_execution-5.0.7-1.el8sat.src.rpm rubygem-foreman_rh_cloud-5.0.39-1.el8sat.src.rpm rubygem-foreman_scap_client-0.5.0-1.el8sat.src.rpm rubygem-foreman_templates-9.1.0-1.el8sat.src.rpm rubygem-foreman_theme_satellite-9.0.0.10-1.el8sat.src.rpm rubygem-foreman_virt_who_configure-0.5.8-1.el8sat.src.rpm rubygem-foreman_webhooks-2.0.1-1.1.el8sat.src.rpm rubygem-formatador-0.2.1-13.el8sat.src.rpm rubygem-friendly_id-5.3.0-2.el8sat.src.rpm rubygem-fx-0.5.0-2.el8sat.src.rpm rubygem-get_process_mem-0.2.7-2.1.el8sat.src.rpm rubygem-gettext_i18n_rails-1.8.0-3.el8sat.src.rpm rubygem-git-1.5.0-2.el8sat.src.rpm rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el8sat.src.rpm rubygem-globalid-0.4.2-2.el8sat.src.rpm rubygem-google-api-client-0.33.2-2.el8sat.src.rpm rubygem-google-cloud-env-1.3.3-2.el8sat.src.rpm rubygem-googleauth-0.13.1-2.el8sat.src.rpm rubygem-graphql-1.8.14-3.el8sat.src.rpm rubygem-graphql-batch-0.3.10-3.el8sat.src.rpm rubygem-gssapi-1.2.0-8.el8sat.src.rpm rubygem-hammer_cli-3.1.0.1-1.el8sat.src.rpm rubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.src.rpm rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.src.rpm rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.src.rpm rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.src.rpm rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el8sat.src.rpm rubygem-hammer_cli_foreman_leapp-0.1.1-1.el8sat.src.rpm rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.src.rpm rubygem-hammer_cli_foreman_puppet-0.0.5-1.el8sat.src.rpm rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.src.rpm rubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.src.rpm rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.src.rpm rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.src.rpm rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.src.rpm rubygem-hammer_cli_katello-1.3.1.6-1.el8sat.src.rpm rubygem-hashie-3.6.0-3.el8sat.src.rpm rubygem-highline-2.0.3-2.el8sat.src.rpm rubygem-hocon-1.3.1-2.el8sat.src.rpm rubygem-http-3.3.0-2.el8sat.src.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm rubygem-http-form_data-2.1.1-2.el8sat.src.rpm rubygem-http_parser.rb-0.6.0-3.1.el8sat.src.rpm rubygem-httpclient-2.8.3-4.el8sat.src.rpm rubygem-i18n-1.8.2-2.el8sat.src.rpm rubygem-infoblox-3.0.0-4.el8sat.src.rpm rubygem-ipaddress-0.8.0-13.el8sat.src.rpm rubygem-jgrep-1.3.3-11.el8sat.src.rpm rubygem-journald-logger-2.0.4-3.el8sat.src.rpm rubygem-journald-native-1.0.11-4.1.el8sat.src.rpm rubygem-jwt-2.2.2-2.el8sat.src.rpm rubygem-kafo-6.4.0-1.el8sat.src.rpm rubygem-kafo_parsers-1.2.1-1.el8sat.src.rpm rubygem-kafo_wizards-0.0.2-2.el8sat.src.rpm rubygem-katello-4.3.0.42-1.el8sat.src.rpm rubygem-kubeclient-4.3.0-2.el8sat.src.rpm rubygem-ldap_fluff-0.6.0-1.el8sat.src.rpm rubygem-little-plugger-1.1.4-3.el8sat.src.rpm rubygem-locale-2.0.9-15.el8sat.src.rpm rubygem-logging-2.3.0-2.el8sat.src.rpm rubygem-logging-journald-2.0.0-3.el8sat.src.rpm rubygem-loofah-2.4.0-2.el8sat.src.rpm rubygem-mail-2.7.1-2.el8sat.src.rpm rubygem-marcel-1.0.1-1.el8sat.src.rpm rubygem-memoist-0.16.0-3.el8sat.src.rpm rubygem-method_source-0.9.2-3.el8sat.src.rpm rubygem-mime-types-3.3.1-2.el8sat.src.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm rubygem-mini_mime-1.0.2-2.el8sat.src.rpm rubygem-mini_portile2-2.5.1-1.el8sat.src.rpm rubygem-mqtt-0.5.0-1.el8sat.src.rpm rubygem-ms_rest-0.7.6-1.el8sat.src.rpm rubygem-ms_rest_azure-0.12.0-1.el8sat.src.rpm rubygem-msgpack-1.3.3-2.1.el8sat.src.rpm rubygem-multi_json-1.14.1-3.el8sat.src.rpm rubygem-multipart-post-2.0.0-3.el8sat.src.rpm rubygem-mustermann-1.1.1-1.el8sat.src.rpm rubygem-net-ldap-0.17.0-2.el8sat.src.rpm rubygem-net-ping-2.0.1-5.el8sat.src.rpm rubygem-net-scp-1.2.1-5.el8sat.src.rpm rubygem-net-ssh-4.2.0-3.el8sat.src.rpm rubygem-net-ssh-krb-0.4.0-4.el8sat.src.rpm rubygem-net_http_unix-0.2.2-2.el8sat.src.rpm rubygem-netrc-0.11.0-6.el8sat.src.rpm rubygem-newt-0.9.7-3.1.el8sat.src.rpm rubygem-nio4r-2.5.4-2.1.el8sat.src.rpm rubygem-nokogiri-1.11.3-2.el8sat.src.rpm rubygem-oauth-0.5.4-5.el8sat.src.rpm rubygem-openscap-0.4.9-7.el8sat.src.rpm rubygem-openscap_parser-1.0.2-2.el8sat.src.rpm rubygem-optimist-3.0.0-3.el8sat.src.rpm rubygem-os-1.0.0-3.el8sat.src.rpm rubygem-ovirt-engine-sdk-4.4.0-2.1.el8sat.src.rpm rubygem-ovirt_provision_plugin-2.0.3-3.el8sat.src.rpm rubygem-parallel-1.19.1-2.el8sat.src.rpm rubygem-parse-cron-0.1.4-5.el8sat.src.rpm rubygem-polyglot-0.3.5-3.1.el8sat.src.rpm rubygem-powerbar-2.0.1-3.el8sat.src.rpm rubygem-prometheus-client-1.0.0-3.el8sat.src.rpm rubygem-promise.rb-0.7.4-3.el8sat.src.rpm rubygem-public_suffix-3.0.3-3.el8sat.src.rpm rubygem-pulp_ansible_client-0.10.1-1.el8sat.src.rpm rubygem-pulp_certguard_client-1.5.0-1.el8sat.src.rpm rubygem-pulp_container_client-2.9.0-1.el8sat.src.rpm rubygem-pulp_deb_client-2.16.0-1.el8sat.src.rpm rubygem-pulp_file_client-1.10.0-1.el8sat.src.rpm rubygem-pulp_ostree_client-2.0.0-0.1.a1.el8sat.src.rpm rubygem-pulp_python_client-3.5.2-1.el8sat.src.rpm rubygem-pulp_rpm_client-3.17.4-1.el8sat.src.rpm rubygem-pulpcore_client-3.16.7-1.el8sat.src.rpm rubygem-puma-5.6.2-1.el8sat.src.rpm rubygem-puma-status-1.3-1.el8sat.src.rpm rubygem-qpid_proton-0.33.0-5.el8sat.src.rpm rubygem-quantile-0.2.0-5.el8sat.src.rpm rubygem-rabl-0.14.3-2.el8sat.src.rpm rubygem-rack-2.2.3-2.el8sat.src.rpm rubygem-rack-cors-1.0.2-3.el8sat.src.rpm rubygem-rack-jsonp-1.3.1-10.el8sat.src.rpm rubygem-rack-protection-2.1.0-2.el8sat.src.rpm rubygem-rack-test-1.1.0-5.el8sat.src.rpm rubygem-rails-6.0.4.7-1.el8sat.src.rpm rubygem-rails-dom-testing-2.0.3-7.el8sat.src.rpm rubygem-rails-html-sanitizer-1.3.0-2.el8sat.src.rpm rubygem-rails-i18n-6.0.0-3.el8sat.src.rpm rubygem-railties-6.0.4.7-1.el8sat.src.rpm rubygem-rainbow-2.2.2-1.el8sat.src.rpm rubygem-rb-inotify-0.9.7-6.el8sat.src.rpm rubygem-rbnacl-4.0.2-2.el8sat.src.rpm rubygem-rbvmomi-2.2.0-4.el8sat.src.rpm rubygem-record_tag_helper-1.0.1-4.el8sat.src.rpm rubygem-recursive-open-struct-1.1.0-2.el8sat.src.rpm rubygem-redfish_client-0.5.2-2.el8sat.src.rpm rubygem-redis-4.5.1-1.el8sat.src.rpm rubygem-representable-3.0.4-3.el8sat.src.rpm rubygem-responders-3.0.0-4.el8sat.src.rpm rubygem-rest-client-2.0.2-4.el8sat.src.rpm rubygem-retriable-3.1.2-3.el8sat.src.rpm rubygem-rkerberos-0.1.5-20.1.el8sat.src.rpm rubygem-roadie-3.4.0-4.el8sat.src.rpm rubygem-roadie-rails-2.1.1-3.el8sat.src.rpm rubygem-robotex-1.0.0-22.el8sat.src.rpm rubygem-rsec-0.4.3-5.el8sat.src.rpm rubygem-ruby-libvirt-0.7.1-2.1.el8sat.src.rpm rubygem-ruby2_keywords-0.0.4-1.el8sat.src.rpm rubygem-ruby2ruby-2.4.2-4.el8sat.src.rpm rubygem-ruby_parser-3.10.1-4.el8sat.src.rpm rubygem-rubyipmi-0.11.0-1.el8sat.src.rpm rubygem-runcible-2.13.1-2.el8sat.src.rpm rubygem-safemode-1.3.6-2.el8sat.src.rpm rubygem-scoped_search-4.1.9-2.el8sat.src.rpm rubygem-sd_notify-0.1.0-2.el8sat.src.rpm rubygem-secure_headers-6.3.0-3.el8sat.src.rpm rubygem-sequel-5.42.0-2.el8sat.src.rpm rubygem-server_sent_events-0.1.2-2.el8sat.src.rpm rubygem-sexp_processor-4.10.0-7.el8sat.src.rpm rubygem-sidekiq-5.2.10-1.el8sat.src.rpm rubygem-signet-0.14.0-2.el8sat.src.rpm rubygem-sinatra-2.1.0-3.el8sat.src.rpm rubygem-smart_proxy_ansible-3.3.1-2.el8sat.src.rpm rubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.src.rpm rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el8sat.src.rpm rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el8sat.src.rpm rubygem-smart_proxy_discovery-1.0.5-8.el8sat.src.rpm rubygem-smart_proxy_discovery_image-1.3.2-3.el8sat.src.rpm rubygem-smart_proxy_dns_infoblox-1.1.0-6.el8sat.src.rpm rubygem-smart_proxy_dynflow-0.6.3-1.el8sat.src.rpm rubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.src.rpm rubygem-smart_proxy_openscap-0.9.2-1.el8sat.src.rpm rubygem-smart_proxy_pulp-3.2.0-2.el8sat.src.rpm rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el8sat.src.rpm rubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.src.rpm rubygem-sprockets-4.0.2-2.el8sat.src.rpm rubygem-sprockets-rails-3.2.1-7.el8sat.src.rpm rubygem-sqlite3-1.3.13-7.1.el8sat.src.rpm rubygem-sshkey-1.9.0-5.el8sat.src.rpm rubygem-statsd-instrument-2.1.4-4.el8sat.src.rpm rubygem-stomp-1.4.9-2.el8sat.src.rpm rubygem-thor-1.0.1-3.el8sat.src.rpm rubygem-thread_safe-0.3.6-6.el8sat.src.rpm rubygem-tilt-2.0.8-5.el8sat.src.rpm rubygem-timeliness-0.3.10-2.el8sat.src.rpm rubygem-tzinfo-1.2.6-2.el8sat.src.rpm rubygem-uber-0.1.0-3.el8sat.src.rpm rubygem-unf-0.1.3-9.el8sat.src.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm rubygem-unicode-0.4.4.4-4.1.el8sat.src.rpm rubygem-unicode-display_width-1.7.0-2.el8sat.src.rpm rubygem-validates_lengths_from_database-0.5.0-8.el8sat.src.rpm rubygem-webpack-rails-0.9.8-6.1.el8sat.src.rpm rubygem-websocket-driver-0.7.1-2.1.el8sat.src.rpm rubygem-websocket-extensions-0.1.5-2.el8sat.src.rpm rubygem-will_paginate-3.1.7-4.el8sat.src.rpm rubygem-zeitwerk-2.2.2-2.el8sat.src.rpm saslwrapper-0.22-6.el8sat.src.rpm satellite-6.11.0-2.el8sat.src.rpm satellite-installer-6.11.0.7-1.el8sat.src.rpm satellite-maintain-0.0.1-1.el8sat.src.rpm yggdrasil-worker-forwarder-0.0.1-1.el8sat.src.rpm
noarch: ansible-collection-redhat-satellite-3.3.0-1.el8sat.noarch.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.noarch.rpm ansible-lint-5.0.8-3.el8pc.noarch.rpm ansible-runner-1.4.7-1.el8ar.noarch.rpm ansiblerole-foreman_scap_client-0.2.0-2.el8sat.noarch.rpm ansiblerole-insights-client-1.7.1-2.el8sat.noarch.rpm candlepin-4.1.13-1.el8sat.noarch.rpm candlepin-selinux-4.1.13-1.el8sat.noarch.rpm foreman-3.1.1.21-2.el8sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el8sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el8sat.noarch.rpm foreman-cli-3.1.1.21-2.el8sat.noarch.rpm foreman-debug-3.1.1.21-2.el8sat.noarch.rpm foreman-discovery-image-3.8.2-1.el8sat.noarch.rpm foreman-dynflow-sidekiq-3.1.1.21-2.el8sat.noarch.rpm foreman-ec2-3.1.1.21-2.el8sat.noarch.rpm foreman-gce-3.1.1.21-2.el8sat.noarch.rpm foreman-installer-3.1.2.6-1.el8sat.noarch.rpm foreman-installer-katello-3.1.2.6-1.el8sat.noarch.rpm foreman-journald-3.1.1.21-2.el8sat.noarch.rpm foreman-libvirt-3.1.1.21-2.el8sat.noarch.rpm foreman-openstack-3.1.1.21-2.el8sat.noarch.rpm foreman-ovirt-3.1.1.21-2.el8sat.noarch.rpm foreman-postgresql-3.1.1.21-2.el8sat.noarch.rpm foreman-proxy-3.1.1.1-1.el8sat.noarch.rpm foreman-proxy-journald-3.1.1.1-1.el8sat.noarch.rpm foreman-selinux-3.1.2.1-1.el8sat.noarch.rpm foreman-service-3.1.1.21-2.el8sat.noarch.rpm foreman-telemetry-3.1.1.21-2.el8sat.noarch.rpm foreman-vmware-3.1.1.21-2.el8sat.noarch.rpm katello-4.3.0-3.el8sat.noarch.rpm katello-certs-tools-2.9.0-1.el8sat.noarch.rpm katello-client-bootstrap-1.7.9-1.el8sat.noarch.rpm katello-common-4.3.0-3.el8sat.noarch.rpm katello-debug-4.3.0-3.el8sat.noarch.rpm katello-selinux-4.0.2-1.el8sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el8sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el8sat.noarch.rpm puppetlabs-stdlib-5.2.0-1.el8sat.noarch.rpm puppetserver-7.4.2-1.el8sat.noarch.rpm python2-qpid-1.37.0-1.el8.noarch.rpm python3-ansible-runner-1.4.7-1.el8ar.noarch.rpm python3-daemon-2.1.2-9.el8ar.noarch.rpm python3-lockfile-0.11.0-8.el8ar.noarch.rpm python3-pexpect-4.6-2.el8ar.noarch.rpm python38-aiodns-3.0.0-2.el8pc.noarch.rpm python38-aiofiles-0.7.0-2.el8pc.noarch.rpm python38-aiohttp-xmlrpc-1.5.0-1.el8pc.noarch.rpm python38-aioredis-2.0.0-2.el8pc.noarch.rpm python38-aiosignal-1.2.0-1.el8pc.noarch.rpm python38-ansible-builder-1.0.1-2.el8pc.noarch.rpm python38-asgiref-3.4.1-1.el8pc.noarch.rpm python38-async-lru-1.0.2-2.el8pc.noarch.rpm python38-async-timeout-4.0.2-1.el8pc.noarch.rpm python38-asyncio-throttle-1.0.2-2.el8pc.noarch.rpm python38-attrs-21.2.0-2.el8pc.noarch.rpm python38-backoff-1.11.1-1.el8pc.noarch.rpm python38-bindep-2.10.1-1.el8pc.noarch.rpm python38-bleach-3.3.1-1.el8pc.noarch.rpm python38-bleach-allowlist-1.0.3-2.el8pc.noarch.rpm python38-bracex-2.2-1.el8pc.noarch.rpm python38-certifi-2020.6.20-2.el8pc.noarch.rpm python38-charset-normalizer-2.0.7-1.el8pc.noarch.rpm python38-click-8.0.3-1.el8pc.noarch.rpm python38-click-shell-2.1-2.el8pc.noarch.rpm python38-colorama-0.4.4-2.el8pc.noarch.rpm python38-commonmark-0.9.1-4.el8pc.noarch.rpm python38-contextlib2-21.6.0-2.el8pc.noarch.rpm python38-dataclasses-0.8-2.el8pc.noarch.rpm python38-dateutil-2.8.2-1.el8pc.noarch.rpm python38-debian-0.1.42-1.el8pc.noarch.rpm python38-defusedxml-0.7.1-2.el8pc.noarch.rpm python38-diff-match-patch-20200713-2.el8pc.noarch.rpm python38-distro-1.6.0-2.el8pc.noarch.rpm python38-django-3.2.13-1.el8pc.noarch.rpm python38-django-currentuser-0.5.3-3.el8pc.noarch.rpm python38-django-filter-21.1-1.el8pc.noarch.rpm python38-django-guardian-2.4.0-3.el8pc.noarch.rpm python38-django-guid-3.2.0-2.el8pc.noarch.rpm python38-django-import-export-2.6.1-1.el8pc.noarch.rpm python38-django-lifecycle-0.9.3-1.el8pc.noarch.rpm python38-django-prometheus-2.1.0-2.el8pc.noarch.rpm python38-django-readonly-field-1.0.5-3.el8pc.noarch.rpm python38-djangorestframework-3.12.4-4.el8pc.noarch.rpm python38-djangorestframework-queryfields-1.0.0-4.el8pc.noarch.rpm python38-drf-access-policy-1.1.0-1.el8pc.noarch.rpm python38-drf-nested-routers-0.93.3-3.el8pc.noarch.rpm python38-drf-spectacular-0.20.1-1.el8pc.noarch.rpm python38-dynaconf-3.1.7-2.el8pc.noarch.rpm python38-ecdsa-0.13.3-3.el8pc.noarch.rpm python38-enrich-1.2.6-3.el8pc.noarch.rpm python38-et-xmlfile-1.1.0-1.el8pc.noarch.rpm python38-flake8-3.9.2-3.el8pc.noarch.rpm python38-future-0.18.2-4.el8pc.noarch.rpm python38-galaxy-importer-0.4.1-2.el8pc.noarch.rpm python38-gnupg-0.4.7-2.el8pc.noarch.rpm python38-gunicorn-20.1.0-3.el8pc.noarch.rpm python38-idna-3.3-1.el8pc.noarch.rpm python38-idna-ssl-1.1.0-4.el8pc.noarch.rpm python38-importlib-metadata-1.7.0-2.el8pc.noarch.rpm python38-inflection-0.5.1-2.el8pc.noarch.rpm python38-iniparse-0.4-34.el8pc.noarch.rpm python38-jinja2-3.0.2-1.el8pc.noarch.rpm python38-jsonschema-3.2.0-7.el8pc.noarch.rpm python38-markdown-3.3.4-4.el8pc.noarch.rpm python38-markuppy-1.14-2.el8pc.noarch.rpm python38-mccabe-0.6.1-2.el8pc.noarch.rpm python38-naya-1.1.1-1.el8pc.noarch.rpm python38-odfpy-1.4.1-5.el8pc.noarch.rpm python38-openpyxl-3.0.9-1.el8pc.noarch.rpm python38-packaging-21.2-1.el8pc.noarch.rpm python38-parsley-1.3-1.el8pc.noarch.rpm python38-pbr-5.6.0-1.el8pc.noarch.rpm python38-productmd-1.33-2.el8pc.noarch.rpm python38-prometheus-client-0.8.0-2.el8pc.noarch.rpm python38-pulp-ansible-0.10.1-1.el8pc.noarch.rpm python38-pulp-certguard-1.5.1-1.el8pc.noarch.rpm python38-pulp-cli-0.14.0-1.el8pc.noarch.rpm python38-pulp-container-2.9.2-1.el8pc.noarch.rpm python38-pulp-deb-2.16.1-1.el8pc.noarch.rpm python38-pulp-file-1.10.1-1.el8pc.noarch.rpm python38-pulp-rpm-3.17.5-1.1.el8pc.noarch.rpm python38-pulpcore-3.16.9-1.el8pc.noarch.rpm python38-pyOpenSSL-19.1.0-2.el8pc.noarch.rpm python38-pycodestyle-2.7.0-4.el8pc.noarch.rpm python38-pycparser-2.20-2.el8pc.noarch.rpm python38-pyflakes-2.3.1-4.el8pc.noarch.rpm python38-pygments-2.10.0-2.el8pc.noarch.rpm python38-pygtrie-2.4.2-2.el8pc.noarch.rpm python38-pyjwkest-1.4.2-5.el8pc.noarch.rpm python38-pyjwt-1.7.1-7.el8pc.noarch.rpm python38-pyparsing-2.4.7-2.el8pc.noarch.rpm python38-pytz-2021.3-1.el8pc.noarch.rpm python38-redis-3.5.3-2.el8pc.noarch.rpm python38-requests-2.26.0-3.el8pc.noarch.rpm python38-requirements-parser-0.2.0-2.el8pc.noarch.rpm python38-rich-10.12.0-1.el8pc.noarch.rpm python38-ruamel-yaml-0.17.17-1.el8pc.noarch.rpm python38-schema-0.7.5-1.el8pc.noarch.rpm python38-semantic-version-2.8.5-2.el8pc.noarch.rpm python38-six-1.16.0-1.el8pc.noarch.rpm python38-sqlparse-0.4.2-2.el8pc.noarch.rpm python38-tablib-3.1.0-1.el8pc.noarch.rpm python38-tenacity-7.0.0-2.el8pc.noarch.rpm python38-toml-0.10.2-2.el8pc.noarch.rpm python38-typing-extensions-3.10.0.2-1.el8pc.noarch.rpm python38-uritemplate-4.1.1-1.el8pc.noarch.rpm python38-url-normalize-1.4.3-3.el8pc.noarch.rpm python38-urllib3-1.26.7-1.el8pc.noarch.rpm python38-urlman-1.4.0-2.el8pc.noarch.rpm python38-wcmatch-8.3-1.el8pc.noarch.rpm python38-webencodings-0.5.1-2.el8pc.noarch.rpm python38-whitenoise-5.3.0-1.el8pc.noarch.rpm python38-xlrd-2.0.1-4.el8pc.noarch.rpm python38-xlwt-1.3.0-2.el8pc.noarch.rpm python38-zipp-3.4.0-3.el8pc.noarch.rpm qpid-dispatch-tools-1.14.0-6.el8.noarch.rpm qpid-tools-1.39.0-7.el8amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el8sat.noarch.rpm rubygem-actioncable-6.0.4.7-1.el8sat.noarch.rpm rubygem-actionmailbox-6.0.4.7-1.el8sat.noarch.rpm rubygem-actionmailer-6.0.4.7-1.el8sat.noarch.rpm rubygem-actionpack-6.0.4.7-1.el8sat.noarch.rpm rubygem-actiontext-6.0.4.7-1.el8sat.noarch.rpm rubygem-actionview-6.0.4.7-1.el8sat.noarch.rpm rubygem-activejob-6.0.4.7-1.el8sat.noarch.rpm rubygem-activemodel-6.0.4.7-1.el8sat.noarch.rpm rubygem-activerecord-6.0.4.7-1.el8sat.noarch.rpm rubygem-activerecord-import-1.1.0-1.el8sat.noarch.rpm rubygem-activerecord-session_store-2.0.0-1.el8sat.noarch.rpm rubygem-activestorage-6.0.4.7-1.el8sat.noarch.rpm rubygem-activesupport-6.0.4.7-1.el8sat.noarch.rpm rubygem-acts_as_list-1.0.3-2.el8sat.noarch.rpm rubygem-addressable-2.8.0-1.el8sat.noarch.rpm rubygem-algebrick-0.7.3-8.el8sat.noarch.rpm rubygem-amazing_print-1.1.0-2.el8sat.noarch.rpm rubygem-ancestry-3.0.7-2.el8sat.noarch.rpm rubygem-anemone-0.7.2-23.el8sat.noarch.rpm rubygem-angular-rails-templates-1.1.0-2.el8sat.noarch.rpm rubygem-ansi-1.5.0-3.el8sat.noarch.rpm rubygem-apipie-bindings-0.4.0-2.el8sat.noarch.rpm rubygem-apipie-dsl-2.4.0-1.el8sat.noarch.rpm rubygem-apipie-params-0.0.5-5.1.el8sat.noarch.rpm rubygem-apipie-rails-0.5.17-4.el8sat.noarch.rpm rubygem-audited-4.9.0-4.el8sat.noarch.rpm rubygem-azure_mgmt_compute-0.22.0-1.el8sat.noarch.rpm rubygem-azure_mgmt_network-0.26.1-2.el8sat.noarch.rpm rubygem-azure_mgmt_resources-0.18.2-1.el8sat.noarch.rpm rubygem-azure_mgmt_storage-0.23.0-1.el8sat.noarch.rpm rubygem-azure_mgmt_subscriptions-0.18.5-1.el8sat.noarch.rpm rubygem-builder-3.2.4-2.el8sat.noarch.rpm rubygem-bundler_ext-0.4.1-6.el8sat.noarch.rpm rubygem-clamp-1.1.2-7.el8sat.noarch.rpm rubygem-coffee-rails-5.0.0-2.el8sat.noarch.rpm rubygem-coffee-script-2.4.1-5.el8sat.noarch.rpm rubygem-coffee-script-source-1.12.2-5.el8sat.noarch.rpm rubygem-colorize-0.8.1-2.el8sat.noarch.rpm rubygem-concurrent-ruby-1.1.6-3.el8sat.noarch.rpm rubygem-concurrent-ruby-edge-0.6.0-3.el8sat.noarch.rpm rubygem-connection_pool-2.2.2-3.el8sat.noarch.rpm rubygem-crass-1.0.6-2.el8sat.noarch.rpm rubygem-css_parser-1.4.7-5.el8sat.noarch.rpm rubygem-daemons-1.2.3-7.1.el8sat.noarch.rpm rubygem-deacon-1.0.0-5.el8sat.noarch.rpm rubygem-declarative-0.0.10-3.el8sat.noarch.rpm rubygem-declarative-option-0.1.0-3.el8sat.noarch.rpm rubygem-deep_cloneable-3.0.0-4.el8sat.noarch.rpm rubygem-deface-1.5.3-3.el8sat.noarch.rpm rubygem-diffy-3.0.1-6.1.el8sat.noarch.rpm rubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm rubygem-dynflow-1.6.4-1.el8sat.noarch.rpm rubygem-erubi-1.9.0-2.el8sat.noarch.rpm rubygem-excon-0.76.0-2.el8sat.noarch.rpm rubygem-execjs-2.7.0-5.el8sat.noarch.rpm rubygem-faraday-0.17.3-2.el8sat.noarch.rpm rubygem-faraday-cookie_jar-0.0.6-2.el8sat.noarch.rpm rubygem-faraday_middleware-0.13.1-3.el8sat.noarch.rpm rubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm rubygem-fog-aws-3.6.5-2.el8sat.noarch.rpm rubygem-fog-core-2.1.0-4.el8sat.noarch.rpm rubygem-fog-google-1.11.0-2.el8sat.noarch.rpm rubygem-fog-json-1.2.0-4.el8sat.noarch.rpm rubygem-fog-kubevirt-1.3.3-2.el8sat.noarch.rpm rubygem-fog-libvirt-0.9.0-1.el8sat.noarch.rpm rubygem-fog-openstack-1.0.8-4.el8sat.noarch.rpm rubygem-fog-ovirt-2.0.1-2.el8sat.noarch.rpm rubygem-fog-vsphere-3.5.1-1.el8sat.noarch.rpm rubygem-fog-xml-0.1.2-9.el8sat.noarch.rpm rubygem-foreman-tasks-5.2.3-1.el8sat.noarch.rpm rubygem-foreman_ansible-7.0.4.1-1.el8sat.noarch.rpm rubygem-foreman_azure_rm-2.2.6-1.el8sat.noarch.rpm rubygem-foreman_bootdisk-19.0.4.1-1.el8sat.noarch.rpm rubygem-foreman_discovery-19.0.4-1.el8sat.noarch.rpm rubygem-foreman_hooks-0.3.17-2.el8sat.noarch.rpm rubygem-foreman_kubevirt-0.1.9-2.el8sat.noarch.rpm rubygem-foreman_leapp-0.1.9-1.el8sat.noarch.rpm rubygem-foreman_maintain-1.0.12-1.el8sat.noarch.rpm rubygem-foreman_openscap-5.1.1-1.el8sat.noarch.rpm rubygem-foreman_puppet-2.0.6-1.el8sat.noarch.rpm rubygem-foreman_remote_execution-5.0.7-1.el8sat.noarch.rpm rubygem-foreman_remote_execution-cockpit-5.0.7-1.el8sat.noarch.rpm rubygem-foreman_rh_cloud-5.0.39-1.el8sat.noarch.rpm rubygem-foreman_scap_client-0.5.0-1.el8sat.noarch.rpm rubygem-foreman_templates-9.1.0-1.el8sat.noarch.rpm rubygem-foreman_theme_satellite-9.0.0.10-1.el8sat.noarch.rpm rubygem-foreman_virt_who_configure-0.5.8-1.el8sat.noarch.rpm rubygem-foreman_webhooks-2.0.1-1.1.el8sat.noarch.rpm rubygem-formatador-0.2.1-13.el8sat.noarch.rpm rubygem-friendly_id-5.3.0-2.el8sat.noarch.rpm rubygem-fx-0.5.0-2.el8sat.noarch.rpm rubygem-get_process_mem-0.2.7-2.1.el8sat.noarch.rpm rubygem-gettext_i18n_rails-1.8.0-3.el8sat.noarch.rpm rubygem-git-1.5.0-2.el8sat.noarch.rpm rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el8sat.noarch.rpm rubygem-globalid-0.4.2-2.el8sat.noarch.rpm rubygem-google-api-client-0.33.2-2.el8sat.noarch.rpm rubygem-google-cloud-env-1.3.3-2.el8sat.noarch.rpm rubygem-googleauth-0.13.1-2.el8sat.noarch.rpm rubygem-graphql-1.8.14-3.el8sat.noarch.rpm rubygem-graphql-batch-0.3.10-3.el8sat.noarch.rpm rubygem-gssapi-1.2.0-8.el8sat.noarch.rpm rubygem-hammer_cli-3.1.0.1-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.noarch.rpm rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_leapp-0.1.1-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_puppet-0.0.5-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.noarch.rpm rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.noarch.rpm rubygem-hammer_cli_katello-1.3.1.6-1.el8sat.noarch.rpm rubygem-hashie-3.6.0-3.el8sat.noarch.rpm rubygem-highline-2.0.3-2.el8sat.noarch.rpm rubygem-hocon-1.3.1-2.el8sat.noarch.rpm rubygem-http-3.3.0-2.el8sat.noarch.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm rubygem-http-form_data-2.1.1-2.el8sat.noarch.rpm rubygem-httpclient-2.8.3-4.el8sat.noarch.rpm rubygem-i18n-1.8.2-2.el8sat.noarch.rpm rubygem-infoblox-3.0.0-4.el8sat.noarch.rpm rubygem-ipaddress-0.8.0-13.el8sat.noarch.rpm rubygem-jgrep-1.3.3-11.el8sat.noarch.rpm rubygem-journald-logger-2.0.4-3.el8sat.noarch.rpm rubygem-jwt-2.2.2-2.el8sat.noarch.rpm rubygem-kafo-6.4.0-1.el8sat.noarch.rpm rubygem-kafo_parsers-1.2.1-1.el8sat.noarch.rpm rubygem-kafo_wizards-0.0.2-2.el8sat.noarch.rpm rubygem-katello-4.3.0.42-1.el8sat.noarch.rpm rubygem-kubeclient-4.3.0-2.el8sat.noarch.rpm rubygem-ldap_fluff-0.6.0-1.el8sat.noarch.rpm rubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm rubygem-locale-2.0.9-15.el8sat.noarch.rpm rubygem-logging-2.3.0-2.el8sat.noarch.rpm rubygem-logging-journald-2.0.0-3.el8sat.noarch.rpm rubygem-loofah-2.4.0-2.el8sat.noarch.rpm rubygem-mail-2.7.1-2.el8sat.noarch.rpm rubygem-marcel-1.0.1-1.el8sat.noarch.rpm rubygem-memoist-0.16.0-3.el8sat.noarch.rpm rubygem-method_source-0.9.2-3.el8sat.noarch.rpm rubygem-mime-types-3.3.1-2.el8sat.noarch.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm rubygem-mini_mime-1.0.2-2.el8sat.noarch.rpm rubygem-mini_portile2-2.5.1-1.el8sat.noarch.rpm rubygem-mqtt-0.5.0-1.el8sat.noarch.rpm rubygem-ms_rest-0.7.6-1.el8sat.noarch.rpm rubygem-ms_rest_azure-0.12.0-1.el8sat.noarch.rpm rubygem-multi_json-1.14.1-3.el8sat.noarch.rpm rubygem-multipart-post-2.0.0-3.el8sat.noarch.rpm rubygem-mustermann-1.1.1-1.el8sat.noarch.rpm rubygem-net-ldap-0.17.0-2.el8sat.noarch.rpm rubygem-net-ping-2.0.1-5.el8sat.noarch.rpm rubygem-net-scp-1.2.1-5.el8sat.noarch.rpm rubygem-net-ssh-4.2.0-3.el8sat.noarch.rpm rubygem-net-ssh-krb-0.4.0-4.el8sat.noarch.rpm rubygem-net_http_unix-0.2.2-2.el8sat.noarch.rpm rubygem-netrc-0.11.0-6.el8sat.noarch.rpm rubygem-oauth-0.5.4-5.el8sat.noarch.rpm rubygem-openscap-0.4.9-7.el8sat.noarch.rpm rubygem-openscap_parser-1.0.2-2.el8sat.noarch.rpm rubygem-optimist-3.0.0-3.el8sat.noarch.rpm rubygem-os-1.0.0-3.el8sat.noarch.rpm rubygem-ovirt_provision_plugin-2.0.3-3.el8sat.noarch.rpm rubygem-parallel-1.19.1-2.el8sat.noarch.rpm rubygem-parse-cron-0.1.4-5.el8sat.noarch.rpm rubygem-polyglot-0.3.5-3.1.el8sat.noarch.rpm rubygem-powerbar-2.0.1-3.el8sat.noarch.rpm rubygem-prometheus-client-1.0.0-3.el8sat.noarch.rpm rubygem-promise.rb-0.7.4-3.el8sat.noarch.rpm rubygem-public_suffix-3.0.3-3.el8sat.noarch.rpm rubygem-pulp_ansible_client-0.10.1-1.el8sat.noarch.rpm rubygem-pulp_certguard_client-1.5.0-1.el8sat.noarch.rpm rubygem-pulp_container_client-2.9.0-1.el8sat.noarch.rpm rubygem-pulp_deb_client-2.16.0-1.el8sat.noarch.rpm rubygem-pulp_file_client-1.10.0-1.el8sat.noarch.rpm rubygem-pulp_ostree_client-2.0.0-0.1.a1.el8sat.noarch.rpm rubygem-pulp_python_client-3.5.2-1.el8sat.noarch.rpm rubygem-pulp_rpm_client-3.17.4-1.el8sat.noarch.rpm rubygem-pulpcore_client-3.16.7-1.el8sat.noarch.rpm rubygem-puma-status-1.3-1.el8sat.noarch.rpm rubygem-quantile-0.2.0-5.el8sat.noarch.rpm rubygem-rabl-0.14.3-2.el8sat.noarch.rpm rubygem-rack-2.2.3-2.el8sat.noarch.rpm rubygem-rack-cors-1.0.2-3.el8sat.noarch.rpm rubygem-rack-jsonp-1.3.1-10.el8sat.noarch.rpm rubygem-rack-protection-2.1.0-2.el8sat.noarch.rpm rubygem-rack-test-1.1.0-5.el8sat.noarch.rpm rubygem-rails-6.0.4.7-1.el8sat.noarch.rpm rubygem-rails-dom-testing-2.0.3-7.el8sat.noarch.rpm rubygem-rails-html-sanitizer-1.3.0-2.el8sat.noarch.rpm rubygem-rails-i18n-6.0.0-3.el8sat.noarch.rpm rubygem-railties-6.0.4.7-1.el8sat.noarch.rpm rubygem-rainbow-2.2.2-1.el8sat.noarch.rpm rubygem-rb-inotify-0.9.7-6.el8sat.noarch.rpm rubygem-rbnacl-4.0.2-2.el8sat.noarch.rpm rubygem-rbvmomi-2.2.0-4.el8sat.noarch.rpm rubygem-record_tag_helper-1.0.1-4.el8sat.noarch.rpm rubygem-recursive-open-struct-1.1.0-2.el8sat.noarch.rpm rubygem-redfish_client-0.5.2-2.el8sat.noarch.rpm rubygem-redis-4.5.1-1.el8sat.noarch.rpm rubygem-representable-3.0.4-3.el8sat.noarch.rpm rubygem-responders-3.0.0-4.el8sat.noarch.rpm rubygem-rest-client-2.0.2-4.el8sat.noarch.rpm rubygem-retriable-3.1.2-3.el8sat.noarch.rpm rubygem-roadie-3.4.0-4.el8sat.noarch.rpm rubygem-roadie-rails-2.1.1-3.el8sat.noarch.rpm rubygem-robotex-1.0.0-22.el8sat.noarch.rpm rubygem-rsec-0.4.3-5.el8sat.noarch.rpm rubygem-ruby2_keywords-0.0.4-1.el8sat.noarch.rpm rubygem-ruby2ruby-2.4.2-4.el8sat.noarch.rpm rubygem-ruby_parser-3.10.1-4.el8sat.noarch.rpm rubygem-rubyipmi-0.11.0-1.el8sat.noarch.rpm rubygem-runcible-2.13.1-2.el8sat.noarch.rpm rubygem-safemode-1.3.6-2.el8sat.noarch.rpm rubygem-scoped_search-4.1.9-2.el8sat.noarch.rpm rubygem-sd_notify-0.1.0-2.el8sat.noarch.rpm rubygem-secure_headers-6.3.0-3.el8sat.noarch.rpm rubygem-sequel-5.42.0-2.el8sat.noarch.rpm rubygem-server_sent_events-0.1.2-2.el8sat.noarch.rpm rubygem-sexp_processor-4.10.0-7.el8sat.noarch.rpm rubygem-sidekiq-5.2.10-1.el8sat.noarch.rpm rubygem-signet-0.14.0-2.el8sat.noarch.rpm rubygem-sinatra-2.1.0-3.el8sat.noarch.rpm rubygem-smart_proxy_ansible-3.3.1-2.el8sat.noarch.rpm rubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.noarch.rpm rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el8sat.noarch.rpm rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el8sat.noarch.rpm rubygem-smart_proxy_discovery-1.0.5-8.el8sat.noarch.rpm rubygem-smart_proxy_discovery_image-1.3.2-3.el8sat.noarch.rpm rubygem-smart_proxy_dns_infoblox-1.1.0-6.el8sat.noarch.rpm rubygem-smart_proxy_dynflow-0.6.3-1.el8sat.noarch.rpm rubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.noarch.rpm rubygem-smart_proxy_openscap-0.9.2-1.el8sat.noarch.rpm rubygem-smart_proxy_pulp-3.2.0-2.el8sat.noarch.rpm rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el8sat.noarch.rpm rubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.noarch.rpm rubygem-sprockets-4.0.2-2.el8sat.noarch.rpm rubygem-sprockets-rails-3.2.1-7.el8sat.noarch.rpm rubygem-sshkey-1.9.0-5.el8sat.noarch.rpm rubygem-statsd-instrument-2.1.4-4.el8sat.noarch.rpm rubygem-stomp-1.4.9-2.el8sat.noarch.rpm rubygem-thor-1.0.1-3.el8sat.noarch.rpm rubygem-thread_safe-0.3.6-6.el8sat.noarch.rpm rubygem-tilt-2.0.8-5.el8sat.noarch.rpm rubygem-timeliness-0.3.10-2.el8sat.noarch.rpm rubygem-tzinfo-1.2.6-2.el8sat.noarch.rpm rubygem-uber-0.1.0-3.el8sat.noarch.rpm rubygem-unf-0.1.3-9.el8sat.noarch.rpm rubygem-unicode-display_width-1.7.0-2.el8sat.noarch.rpm rubygem-validates_lengths_from_database-0.5.0-8.el8sat.noarch.rpm rubygem-webpack-rails-0.9.8-6.1.el8sat.noarch.rpm rubygem-websocket-extensions-0.1.5-2.el8sat.noarch.rpm rubygem-will_paginate-3.1.7-4.el8sat.noarch.rpm rubygem-zeitwerk-2.2.2-2.el8sat.noarch.rpm satellite-6.11.0-2.el8sat.noarch.rpm satellite-cli-6.11.0-2.el8sat.noarch.rpm satellite-common-6.11.0-2.el8sat.noarch.rpm satellite-installer-6.11.0.7-1.el8sat.noarch.rpm satellite-maintain-0.0.1-1.el8sat.noarch.rpm
x86_64: createrepo_c-0.20.0-1.el8pc.x86_64.rpm createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm createrepo_c-debugsource-0.20.0-1.el8pc.x86_64.rpm createrepo_c-libs-0.20.0-1.el8pc.x86_64.rpm createrepo_c-libs-debuginfo-0.20.0-1.el8pc.x86_64.rpm dynflow-utils-1.6.3-1.el8sat.x86_64.rpm foreman-discovery-image-service-1.0.0-4.1.el8sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-4.1.el8sat.x86_64.rpm libcomps-0.1.18-1.el8pc.x86_64.rpm libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm libcomps-debugsource-0.1.18-1.el8pc.x86_64.rpm libdb-cxx-5.3.28-42.el8_4.x86_64.rpm libdb-cxx-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-debugsource-5.3.28-42.el8_4.x86_64.rpm libdb-java-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-sql-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-sql-devel-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-tcl-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-utils-debuginfo-5.3.28-42.el8_4.x86_64.rpm libsodium-1.0.17-3.el8sat.x86_64.rpm libsodium-debuginfo-1.0.17-3.el8sat.x86_64.rpm libsodium-debugsource-1.0.17-3.el8sat.x86_64.rpm libsolv-0.7.22-1.el8pc.x86_64.rpm libsolv-debuginfo-0.7.22-1.el8pc.x86_64.rpm libsolv-debugsource-0.7.22-1.el8pc.x86_64.rpm libsolv-demo-debuginfo-0.7.22-1.el8pc.x86_64.rpm libsolv-tools-debuginfo-0.7.22-1.el8pc.x86_64.rpm libwebsockets-2.4.2-2.el8.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el8.x86_64.rpm libwebsockets-debugsource-2.4.2-2.el8.x86_64.rpm libwebsockets-tests-debuginfo-2.4.2-2.el8.x86_64.rpm postgresql-evr-0.0.2-1.el8sat.x86_64.rpm pulpcore-selinux-1.3.0-1.el8pc.x86_64.rpm puppet-agent-7.12.1-1.el8sat.x86_64.rpm python-aiohttp-debugsource-3.8.1-2.el8pc.x86_64.rpm python-brotli-debugsource-1.0.9-1.el8pc.x86_64.rpm python-cchardet-debugsource-2.1.7-1.el8pc.x86_64.rpm python-cffi-debugsource-1.15.0-1.el8pc.x86_64.rpm python-cryptography-debugsource-3.1.1-1.el8pc.x86_64.rpm python-frozenlist-debugsource-1.3.0-1.el8pc.x86_64.rpm python-lxml-debugsource-4.7.1-1.el8pc.x86_64.rpm python-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm python-markupsafe-debugsource-2.0.1-2.el8pc.x86_64.rpm python-multidict-debugsource-5.2.0-1.el8pc.x86_64.rpm python-psutil-debugsource-5.7.2-2.el8sat.x86_64.rpm python-psycopg2-debugsource-2.9.1-1.el8pc.x86_64.rpm python-pycairo-debugsource-1.20.1-2.el8pc.x86_64.rpm python-pycares-debugsource-4.1.2-3.el8pc.x86_64.rpm python-pycryptodomex-debugsource-3.11.0-1.el8pc.x86_64.rpm python-pygobject-debugsource-3.40.1-1.el8pc.x86_64.rpm python-pyrsistent-debugsource-0.18.0-1.el8pc.x86_64.rpm python-rhsm-debugsource-1.19.2-2.el8pc.x86_64.rpm python-ruamel-yaml-clib-debugsource-0.2.6-1.el8pc.x86_64.rpm python-yarl-debugsource-1.7.2-1.el8pc.x86_64.rpm python2-qpid-qmf-1.39.0-7.el8amq.x86_64.rpm python2-saslwrapper-0.22-6.el8sat.x86_64.rpm python2-saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm python3-createrepo_c-0.20.0-1.el8pc.x86_64.rpm python3-createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm python3-libcomps-0.1.18-1.el8pc.x86_64.rpm python3-libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm python3-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm python3-psutil-5.7.2-2.el8sat.x86_64.rpm python3-psutil-debuginfo-5.7.2-2.el8sat.x86_64.rpm python3-qpid-proton-0.33.0-4.el8.x86_64.rpm python3-qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm python3-solv-0.7.22-1.el8pc.x86_64.rpm python3-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm python38-aiohttp-3.8.1-2.el8pc.x86_64.rpm python38-aiohttp-debuginfo-3.8.1-2.el8pc.x86_64.rpm python38-brotli-1.0.9-1.el8pc.x86_64.rpm python38-brotli-debuginfo-1.0.9-1.el8pc.x86_64.rpm python38-cchardet-2.1.7-1.el8pc.x86_64.rpm python38-cchardet-debuginfo-2.1.7-1.el8pc.x86_64.rpm python38-cffi-1.15.0-1.el8pc.x86_64.rpm python38-cffi-debuginfo-1.15.0-1.el8pc.x86_64.rpm python38-createrepo_c-0.20.0-1.el8pc.x86_64.rpm python38-createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm python38-cryptography-3.1.1-1.el8pc.x86_64.rpm python38-cryptography-debuginfo-3.1.1-1.el8pc.x86_64.rpm python38-frozenlist-1.3.0-1.el8pc.x86_64.rpm python38-frozenlist-debuginfo-1.3.0-1.el8pc.x86_64.rpm python38-libcomps-0.1.18-1.el8pc.x86_64.rpm python38-libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm python38-lxml-4.7.1-1.el8pc.x86_64.rpm python38-lxml-debuginfo-4.7.1-1.el8pc.x86_64.rpm python38-markupsafe-2.0.1-2.el8pc.x86_64.rpm python38-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm python38-multidict-5.2.0-1.el8pc.x86_64.rpm python38-multidict-debuginfo-5.2.0-1.el8pc.x86_64.rpm python38-psycopg2-2.9.1-1.el8pc.x86_64.rpm python38-psycopg2-debuginfo-2.9.1-1.el8pc.x86_64.rpm python38-pycairo-1.20.1-2.el8pc.x86_64.rpm python38-pycairo-debuginfo-1.20.1-2.el8pc.x86_64.rpm python38-pycares-4.1.2-3.el8pc.x86_64.rpm python38-pycares-debuginfo-4.1.2-3.el8pc.x86_64.rpm python38-pycryptodomex-3.11.0-1.el8pc.x86_64.rpm python38-pycryptodomex-debuginfo-3.11.0-1.el8pc.x86_64.rpm python38-pygobject-3.40.1-1.el8pc.x86_64.rpm python38-pygobject-debuginfo-3.40.1-1.el8pc.x86_64.rpm python38-pyrsistent-0.18.0-1.el8pc.x86_64.rpm python38-pyrsistent-debuginfo-0.18.0-1.el8pc.x86_64.rpm python38-pyyaml-5.4.1-3.el8pc.x86_64.rpm python38-rhsm-1.19.2-2.el8pc.x86_64.rpm python38-rhsm-debuginfo-1.19.2-2.el8pc.x86_64.rpm python38-ruamel-yaml-clib-0.2.6-1.el8pc.x86_64.rpm python38-ruamel-yaml-clib-debuginfo-0.2.6-1.el8pc.x86_64.rpm python38-solv-0.7.22-1.el8pc.x86_64.rpm python38-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm python38-yarl-1.7.2-1.el8pc.x86_64.rpm python38-yarl-debuginfo-1.7.2-1.el8pc.x86_64.rpm qpid-cpp-client-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-devel-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-devel-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-debugsource-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-ha-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-linearstore-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-linearstore-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-dispatch-debugsource-1.14.0-6.el8.x86_64.rpm qpid-dispatch-router-1.14.0-6.el8.x86_64.rpm qpid-dispatch-router-debuginfo-1.14.0-6.el8.x86_64.rpm qpid-proton-c-0.33.0-4.el8.x86_64.rpm qpid-proton-c-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-cpp-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-debugsource-0.33.0-4.el8.x86_64.rpm qpid-qmf-1.39.0-7.el8amq.x86_64.rpm qpid-qmf-debuginfo-1.39.0-7.el8amq.x86_64.rpm ruby-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm rubygem-bcrypt-3.1.12-4.1.el8sat.x86_64.rpm rubygem-bcrypt-debuginfo-3.1.12-4.1.el8sat.x86_64.rpm rubygem-bcrypt-debugsource-3.1.12-4.1.el8sat.x86_64.rpm rubygem-facter-4.0.51-2.el8sat.x86_64.rpm rubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debuginfo-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm rubygem-http_parser.rb-0.6.0-3.1.el8sat.x86_64.rpm rubygem-http_parser.rb-debuginfo-0.6.0-3.1.el8sat.x86_64.rpm rubygem-http_parser.rb-debugsource-0.6.0-3.1.el8sat.x86_64.rpm rubygem-journald-native-1.0.11-4.1.el8sat.x86_64.rpm rubygem-journald-native-debuginfo-1.0.11-4.1.el8sat.x86_64.rpm rubygem-journald-native-debugsource-1.0.11-4.1.el8sat.x86_64.rpm rubygem-msgpack-1.3.3-2.1.el8sat.x86_64.rpm rubygem-msgpack-debuginfo-1.3.3-2.1.el8sat.x86_64.rpm rubygem-msgpack-debugsource-1.3.3-2.1.el8sat.x86_64.rpm rubygem-newt-0.9.7-3.1.el8sat.x86_64.rpm rubygem-newt-debuginfo-0.9.7-3.1.el8sat.x86_64.rpm rubygem-newt-debugsource-0.9.7-3.1.el8sat.x86_64.rpm rubygem-nio4r-2.5.4-2.1.el8sat.x86_64.rpm rubygem-nio4r-debuginfo-2.5.4-2.1.el8sat.x86_64.rpm rubygem-nio4r-debugsource-2.5.4-2.1.el8sat.x86_64.rpm rubygem-nokogiri-1.11.3-2.el8sat.x86_64.rpm rubygem-nokogiri-debuginfo-1.11.3-2.el8sat.x86_64.rpm rubygem-nokogiri-debugsource-1.11.3-2.el8sat.x86_64.rpm rubygem-ovirt-engine-sdk-4.4.0-2.1.el8sat.x86_64.rpm rubygem-ovirt-engine-sdk-debuginfo-4.4.0-2.1.el8sat.x86_64.rpm rubygem-ovirt-engine-sdk-debugsource-4.4.0-2.1.el8sat.x86_64.rpm rubygem-puma-5.6.2-1.el8sat.x86_64.rpm rubygem-puma-debuginfo-5.6.2-1.el8sat.x86_64.rpm rubygem-puma-debugsource-5.6.2-1.el8sat.x86_64.rpm rubygem-qpid_proton-0.33.0-4.el8.x86_64.rpm rubygem-qpid_proton-0.33.0-5.el8sat.x86_64.rpm rubygem-qpid_proton-debuginfo-0.33.0-4.el8.x86_64.rpm rubygem-qpid_proton-debuginfo-0.33.0-5.el8sat.x86_64.rpm rubygem-qpid_proton-debugsource-0.33.0-5.el8sat.x86_64.rpm rubygem-rkerberos-0.1.5-20.1.el8sat.x86_64.rpm rubygem-rkerberos-debuginfo-0.1.5-20.1.el8sat.x86_64.rpm rubygem-rkerberos-debugsource-0.1.5-20.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-0.7.1-2.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-debugsource-0.7.1-2.1.el8sat.x86_64.rpm rubygem-sqlite3-1.3.13-7.1.el8sat.x86_64.rpm rubygem-sqlite3-debuginfo-1.3.13-7.1.el8sat.x86_64.rpm rubygem-sqlite3-debugsource-1.3.13-7.1.el8sat.x86_64.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unicode-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-unicode-debuginfo-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-unicode-debugsource-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-websocket-driver-0.7.1-2.1.el8sat.x86_64.rpm rubygem-websocket-driver-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm rubygem-websocket-driver-debugsource-0.7.1-2.1.el8sat.x86_64.rpm saslwrapper-0.22-6.el8sat.x86_64.rpm saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm saslwrapper-debugsource-0.22-6.el8sat.x86_64.rpm yggdrasil-worker-forwarder-0.0.1-1.el8sat.x86_64.rpm
Red Hat Satellite 6.11 for RHEL 8:
Source: ansible-collection-redhat-satellite-3.3.0-1.el8sat.src.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.src.rpm ansible-lint-5.0.8-3.el8pc.src.rpm ansible-runner-1.4.7-1.el8ar.src.rpm ansiblerole-foreman_scap_client-0.2.0-2.el8sat.src.rpm ansiblerole-insights-client-1.7.1-2.el8sat.src.rpm createrepo_c-0.20.0-1.el8pc.src.rpm dynflow-utils-1.6.3-1.el8sat.src.rpm foreman-3.1.1.21-2.el8sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el8sat.src.rpm foreman-discovery-image-3.8.2-1.el8sat.src.rpm foreman-discovery-image-service-1.0.0-4.1.el8sat.src.rpm foreman-installer-3.1.2.6-1.el8sat.src.rpm foreman-proxy-3.1.1.1-1.el8sat.src.rpm foreman-selinux-3.1.2.1-1.el8sat.src.rpm katello-4.3.0-3.el8sat.src.rpm katello-certs-tools-2.9.0-1.el8sat.src.rpm katello-client-bootstrap-1.7.9-1.el8sat.src.rpm libcomps-0.1.18-1.el8pc.src.rpm libdb-5.3.28-42.el8_4.src.rpm libsodium-1.0.17-3.el8sat.src.rpm libsolv-0.7.22-1.el8pc.src.rpm libwebsockets-2.4.2-2.el8.src.rpm pulpcore-selinux-1.3.0-1.el8pc.src.rpm puppet-agent-7.12.1-1.el8sat.src.rpm puppet-agent-oauth-0.5.1-3.el8sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el8sat.src.rpm puppetlabs-stdlib-5.2.0-1.el8sat.src.rpm puppetserver-7.4.2-1.el8sat.src.rpm python-aiodns-3.0.0-2.el8pc.src.rpm python-aiofiles-0.7.0-2.el8pc.src.rpm python-aiohttp-3.8.1-2.el8pc.src.rpm python-aiohttp-xmlrpc-1.5.0-1.el8pc.src.rpm python-aioredis-2.0.0-2.el8pc.src.rpm python-aiosignal-1.2.0-1.el8pc.src.rpm python-ansible-builder-1.0.1-2.el8pc.src.rpm python-asgiref-3.4.1-1.el8pc.src.rpm python-async-lru-1.0.2-2.el8pc.src.rpm python-async-timeout-4.0.2-1.el8pc.src.rpm python-asyncio-throttle-1.0.2-2.el8pc.src.rpm python-attrs-21.2.0-2.el8pc.src.rpm python-backoff-1.11.1-1.el8pc.src.rpm python-bindep-2.10.1-1.el8pc.src.rpm python-bleach-3.3.1-1.el8pc.src.rpm python-bleach-allowlist-1.0.3-2.el8pc.src.rpm python-bracex-2.2-1.el8pc.src.rpm python-brotli-1.0.9-1.el8pc.src.rpm python-cchardet-2.1.7-1.el8pc.src.rpm python-certifi-2020.6.20-2.el8pc.src.rpm python-cffi-1.15.0-1.el8pc.src.rpm python-charset-normalizer-2.0.7-1.el8pc.src.rpm python-click-8.0.3-1.el8pc.src.rpm python-click-shell-2.1-2.el8pc.src.rpm python-colorama-0.4.4-2.el8pc.src.rpm python-commonmark-0.9.1-4.el8pc.src.rpm python-contextlib2-21.6.0-2.el8pc.src.rpm python-cryptography-3.1.1-1.el8pc.src.rpm python-daemon-2.1.2-9.el8ar.src.rpm python-dataclasses-0.8-2.el8pc.src.rpm python-dateutil-2.8.2-1.el8pc.src.rpm python-debian-0.1.42-1.el8pc.src.rpm python-defusedxml-0.7.1-2.el8pc.src.rpm python-diff-match-patch-20200713-2.el8pc.src.rpm python-distro-1.6.0-2.el8pc.src.rpm python-django-3.2.13-1.el8pc.src.rpm python-django-currentuser-0.5.3-3.el8pc.src.rpm python-django-filter-21.1-1.el8pc.src.rpm python-django-guardian-2.4.0-3.el8pc.src.rpm python-django-guid-3.2.0-2.el8pc.src.rpm python-django-import-export-2.6.1-1.el8pc.src.rpm python-django-lifecycle-0.9.3-1.el8pc.src.rpm python-django-prometheus-2.1.0-2.el8pc.src.rpm python-django-readonly-field-1.0.5-3.el8pc.src.rpm python-djangorestframework-3.12.4-4.el8pc.src.rpm python-djangorestframework-queryfields-1.0.0-4.el8pc.src.rpm python-drf-access-policy-1.1.0-1.el8pc.src.rpm python-drf-nested-routers-0.93.3-3.el8pc.src.rpm python-drf-spectacular-0.20.1-1.el8pc.src.rpm python-dynaconf-3.1.7-2.el8pc.src.rpm python-ecdsa-0.13.3-3.el8pc.src.rpm python-enrich-1.2.6-3.el8pc.src.rpm python-et-xmlfile-1.1.0-1.el8pc.src.rpm python-flake8-3.9.2-3.el8pc.src.rpm python-frozenlist-1.3.0-1.el8pc.src.rpm python-future-0.18.2-4.el8pc.src.rpm python-galaxy-importer-0.4.1-2.el8pc.src.rpm python-gnupg-0.4.7-2.el8pc.src.rpm python-gunicorn-20.1.0-3.el8pc.src.rpm python-idna-3.3-1.el8pc.src.rpm python-idna-ssl-1.1.0-4.el8pc.src.rpm python-importlib-metadata-1.7.0-2.el8pc.src.rpm python-inflection-0.5.1-2.el8pc.src.rpm python-iniparse-0.4-34.el8pc.src.rpm python-jinja2-3.0.2-1.el8pc.src.rpm python-jsonschema-3.2.0-7.el8pc.src.rpm python-lockfile-0.11.0-8.el8ar.src.rpm python-lxml-4.7.1-1.el8pc.src.rpm python-markdown-3.3.4-4.el8pc.src.rpm python-markuppy-1.14-2.el8pc.src.rpm python-markupsafe-2.0.1-2.el8pc.src.rpm python-mccabe-0.6.1-2.el8pc.src.rpm python-multidict-5.2.0-1.el8pc.src.rpm python-naya-1.1.1-1.el8pc.src.rpm python-odfpy-1.4.1-5.el8pc.src.rpm python-openpyxl-3.0.9-1.el8pc.src.rpm python-packaging-21.2-1.el8pc.src.rpm python-parsley-1.3-1.el8pc.src.rpm python-pbr-5.6.0-1.el8pc.src.rpm python-pexpect-4.6-2.el8ar.src.rpm python-productmd-1.33-2.el8pc.src.rpm python-prometheus-client-0.8.0-2.el8pc.src.rpm python-psutil-5.7.2-2.el8sat.src.rpm python-psycopg2-2.9.1-1.el8pc.src.rpm python-pulp-ansible-0.10.1-1.el8pc.src.rpm python-pulp-certguard-1.5.1-1.el8pc.src.rpm python-pulp-cli-0.14.0-1.el8pc.src.rpm python-pulp-container-2.9.2-1.el8pc.src.rpm python-pulp-deb-2.16.1-1.el8pc.src.rpm python-pulp-file-1.10.1-1.el8pc.src.rpm python-pulp-rpm-3.17.5-1.1.el8pc.src.rpm python-pulpcore-3.16.9-1.el8pc.src.rpm python-pyOpenSSL-19.1.0-2.el8pc.src.rpm python-pycairo-1.20.1-2.el8pc.src.rpm python-pycares-4.1.2-3.el8pc.src.rpm python-pycodestyle-2.7.0-4.el8pc.src.rpm python-pycparser-2.20-2.el8pc.src.rpm python-pycryptodomex-3.11.0-1.el8pc.src.rpm python-pyflakes-2.3.1-4.el8pc.src.rpm python-pygments-2.10.0-2.el8pc.src.rpm python-pygobject-3.40.1-1.el8pc.src.rpm python-pygtrie-2.4.2-2.el8pc.src.rpm python-pyjwkest-1.4.2-5.el8pc.src.rpm python-pyjwt-1.7.1-7.el8pc.src.rpm python-pyparsing-2.4.7-2.el8pc.src.rpm python-pyrsistent-0.18.0-1.el8pc.src.rpm python-pytz-2021.3-1.el8pc.src.rpm python-pyyaml-5.4.1-3.el8pc.src.rpm python-qpid-1.37.0-1.el8.src.rpm python-redis-3.5.3-2.el8pc.src.rpm python-requests-2.26.0-3.el8pc.src.rpm python-requirements-parser-0.2.0-2.el8pc.src.rpm python-rhsm-1.19.2-2.el8pc.src.rpm python-rich-10.12.0-1.el8pc.src.rpm python-ruamel-yaml-0.17.17-1.el8pc.src.rpm python-ruamel-yaml-clib-0.2.6-1.el8pc.src.rpm python-schema-0.7.5-1.el8pc.src.rpm python-semantic-version-2.8.5-2.el8pc.src.rpm python-six-1.16.0-1.el8pc.src.rpm python-sqlparse-0.4.2-2.el8pc.src.rpm python-tablib-3.1.0-1.el8pc.src.rpm python-tenacity-7.0.0-2.el8pc.src.rpm python-toml-0.10.2-2.el8pc.src.rpm python-typing-extensions-3.10.0.2-1.el8pc.src.rpm python-uritemplate-4.1.1-1.el8pc.src.rpm python-url-normalize-1.4.3-3.el8pc.src.rpm python-urllib3-1.26.7-1.el8pc.src.rpm python-urlman-1.4.0-2.el8pc.src.rpm python-wcmatch-8.3-1.el8pc.src.rpm python-webencodings-0.5.1-2.el8pc.src.rpm python-whitenoise-5.3.0-1.el8pc.src.rpm python-xlrd-2.0.1-4.el8pc.src.rpm python-xlwt-1.3.0-2.el8pc.src.rpm python-yarl-1.7.2-1.el8pc.src.rpm python-zipp-3.4.0-3.el8pc.src.rpm qpid-cpp-1.39.0-7.el8amq.src.rpm qpid-dispatch-1.14.0-6.el8.src.rpm qpid-proton-0.33.0-4.el8.src.rpm redhat-access-insights-puppet-1.0.1-1.el8sat.src.rpm rubygem-algebrick-0.7.3-8.el8sat.src.rpm rubygem-ansi-1.5.0-3.el8sat.src.rpm rubygem-apipie-params-0.0.5-5.1.el8sat.src.rpm rubygem-bundler_ext-0.4.1-6.el8sat.src.rpm rubygem-clamp-1.1.2-7.el8sat.src.rpm rubygem-concurrent-ruby-1.1.6-3.el8sat.src.rpm rubygem-concurrent-ruby-edge-0.6.0-3.el8sat.src.rpm rubygem-domain_name-0.5.20160310-5.el8sat.src.rpm rubygem-dynflow-1.6.4-1.el8sat.src.rpm rubygem-excon-0.76.0-2.el8sat.src.rpm rubygem-faraday-0.17.3-2.el8sat.src.rpm rubygem-faraday_middleware-0.13.1-3.el8sat.src.rpm rubygem-fast_gettext-1.4.1-5.el8sat.src.rpm rubygem-ffi-1.12.2-2.1.el8sat.src.rpm rubygem-foreman_maintain-1.0.12-1.el8sat.src.rpm rubygem-gssapi-1.2.0-8.el8sat.src.rpm rubygem-hashie-3.6.0-3.el8sat.src.rpm rubygem-highline-2.0.3-2.el8sat.src.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm rubygem-infoblox-3.0.0-4.el8sat.src.rpm rubygem-journald-logger-2.0.4-3.el8sat.src.rpm rubygem-journald-native-1.0.11-4.1.el8sat.src.rpm rubygem-jwt-2.2.2-2.el8sat.src.rpm rubygem-kafo-6.4.0-1.el8sat.src.rpm rubygem-kafo_parsers-1.2.1-1.el8sat.src.rpm rubygem-kafo_wizards-0.0.2-2.el8sat.src.rpm rubygem-little-plugger-1.1.4-3.el8sat.src.rpm rubygem-logging-2.3.0-2.el8sat.src.rpm rubygem-logging-journald-2.0.0-3.el8sat.src.rpm rubygem-mime-types-3.3.1-2.el8sat.src.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm rubygem-mini_portile2-2.5.1-1.el8sat.src.rpm rubygem-mqtt-0.5.0-1.el8sat.src.rpm rubygem-msgpack-1.3.3-2.1.el8sat.src.rpm rubygem-multi_json-1.14.1-3.el8sat.src.rpm rubygem-multipart-post-2.0.0-3.el8sat.src.rpm rubygem-mustermann-1.1.1-1.el8sat.src.rpm rubygem-net-ssh-4.2.0-3.el8sat.src.rpm rubygem-net-ssh-krb-0.4.0-4.el8sat.src.rpm rubygem-netrc-0.11.0-6.el8sat.src.rpm rubygem-newt-0.9.7-3.1.el8sat.src.rpm rubygem-nokogiri-1.11.3-2.el8sat.src.rpm rubygem-oauth-0.5.4-5.el8sat.src.rpm rubygem-openscap-0.4.9-7.el8sat.src.rpm rubygem-openscap_parser-1.0.2-2.el8sat.src.rpm rubygem-powerbar-2.0.1-3.el8sat.src.rpm rubygem-rack-2.2.3-2.el8sat.src.rpm rubygem-rack-protection-2.1.0-2.el8sat.src.rpm rubygem-rb-inotify-0.9.7-6.el8sat.src.rpm rubygem-rbnacl-4.0.2-2.el8sat.src.rpm rubygem-redfish_client-0.5.2-2.el8sat.src.rpm rubygem-rest-client-2.0.2-4.el8sat.src.rpm rubygem-rkerberos-0.1.5-20.1.el8sat.src.rpm rubygem-rsec-0.4.3-5.el8sat.src.rpm rubygem-ruby-libvirt-0.7.1-2.1.el8sat.src.rpm rubygem-ruby2_keywords-0.0.4-1.el8sat.src.rpm rubygem-rubyipmi-0.11.0-1.el8sat.src.rpm rubygem-sd_notify-0.1.0-2.el8sat.src.rpm rubygem-sequel-5.42.0-2.el8sat.src.rpm rubygem-server_sent_events-0.1.2-2.el8sat.src.rpm rubygem-sinatra-2.1.0-3.el8sat.src.rpm rubygem-smart_proxy_ansible-3.3.1-2.el8sat.src.rpm rubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.src.rpm rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el8sat.src.rpm rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el8sat.src.rpm rubygem-smart_proxy_discovery-1.0.5-8.el8sat.src.rpm rubygem-smart_proxy_discovery_image-1.3.2-3.el8sat.src.rpm rubygem-smart_proxy_dns_infoblox-1.1.0-6.el8sat.src.rpm rubygem-smart_proxy_dynflow-0.6.3-1.el8sat.src.rpm rubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.src.rpm rubygem-smart_proxy_openscap-0.9.2-1.el8sat.src.rpm rubygem-smart_proxy_pulp-3.2.0-2.el8sat.src.rpm rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el8sat.src.rpm rubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.src.rpm rubygem-sqlite3-1.3.13-7.1.el8sat.src.rpm rubygem-statsd-instrument-2.1.4-4.el8sat.src.rpm rubygem-tilt-2.0.8-5.el8sat.src.rpm rubygem-unf-0.1.3-9.el8sat.src.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm saslwrapper-0.22-6.el8sat.src.rpm satellite-6.11.0-2.el8sat.src.rpm satellite-installer-6.11.0.7-1.el8sat.src.rpm satellite-maintain-0.0.1-1.el8sat.src.rpm
noarch: ansible-collection-redhat-satellite-3.3.0-1.el8sat.noarch.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.noarch.rpm ansible-lint-5.0.8-3.el8pc.noarch.rpm ansible-runner-1.4.7-1.el8ar.noarch.rpm ansiblerole-foreman_scap_client-0.2.0-2.el8sat.noarch.rpm ansiblerole-insights-client-1.7.1-2.el8sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el8sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el8sat.noarch.rpm foreman-debug-3.1.1.21-2.el8sat.noarch.rpm foreman-discovery-image-3.8.2-1.el8sat.noarch.rpm foreman-installer-3.1.2.6-1.el8sat.noarch.rpm foreman-installer-katello-3.1.2.6-1.el8sat.noarch.rpm foreman-proxy-3.1.1.1-1.el8sat.noarch.rpm foreman-proxy-content-4.3.0-3.el8sat.noarch.rpm foreman-proxy-journald-3.1.1.1-1.el8sat.noarch.rpm foreman-proxy-selinux-3.1.2.1-1.el8sat.noarch.rpm katello-certs-tools-2.9.0-1.el8sat.noarch.rpm katello-client-bootstrap-1.7.9-1.el8sat.noarch.rpm katello-common-4.3.0-3.el8sat.noarch.rpm katello-debug-4.3.0-3.el8sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el8sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el8sat.noarch.rpm puppetlabs-stdlib-5.2.0-1.el8sat.noarch.rpm puppetserver-7.4.2-1.el8sat.noarch.rpm python2-qpid-1.37.0-1.el8.noarch.rpm python3-ansible-runner-1.4.7-1.el8ar.noarch.rpm python3-daemon-2.1.2-9.el8ar.noarch.rpm python3-lockfile-0.11.0-8.el8ar.noarch.rpm python3-pexpect-4.6-2.el8ar.noarch.rpm python38-aiodns-3.0.0-2.el8pc.noarch.rpm python38-aiofiles-0.7.0-2.el8pc.noarch.rpm python38-aiohttp-xmlrpc-1.5.0-1.el8pc.noarch.rpm python38-aioredis-2.0.0-2.el8pc.noarch.rpm python38-aiosignal-1.2.0-1.el8pc.noarch.rpm python38-ansible-builder-1.0.1-2.el8pc.noarch.rpm python38-asgiref-3.4.1-1.el8pc.noarch.rpm python38-async-lru-1.0.2-2.el8pc.noarch.rpm python38-async-timeout-4.0.2-1.el8pc.noarch.rpm python38-asyncio-throttle-1.0.2-2.el8pc.noarch.rpm python38-attrs-21.2.0-2.el8pc.noarch.rpm python38-backoff-1.11.1-1.el8pc.noarch.rpm python38-bindep-2.10.1-1.el8pc.noarch.rpm python38-bleach-3.3.1-1.el8pc.noarch.rpm python38-bleach-allowlist-1.0.3-2.el8pc.noarch.rpm python38-bracex-2.2-1.el8pc.noarch.rpm python38-certifi-2020.6.20-2.el8pc.noarch.rpm python38-charset-normalizer-2.0.7-1.el8pc.noarch.rpm python38-click-8.0.3-1.el8pc.noarch.rpm python38-click-shell-2.1-2.el8pc.noarch.rpm python38-colorama-0.4.4-2.el8pc.noarch.rpm python38-commonmark-0.9.1-4.el8pc.noarch.rpm python38-contextlib2-21.6.0-2.el8pc.noarch.rpm python38-dataclasses-0.8-2.el8pc.noarch.rpm python38-dateutil-2.8.2-1.el8pc.noarch.rpm python38-debian-0.1.42-1.el8pc.noarch.rpm python38-defusedxml-0.7.1-2.el8pc.noarch.rpm python38-diff-match-patch-20200713-2.el8pc.noarch.rpm python38-distro-1.6.0-2.el8pc.noarch.rpm python38-django-3.2.13-1.el8pc.noarch.rpm python38-django-currentuser-0.5.3-3.el8pc.noarch.rpm python38-django-filter-21.1-1.el8pc.noarch.rpm python38-django-guardian-2.4.0-3.el8pc.noarch.rpm python38-django-guid-3.2.0-2.el8pc.noarch.rpm python38-django-import-export-2.6.1-1.el8pc.noarch.rpm python38-django-lifecycle-0.9.3-1.el8pc.noarch.rpm python38-django-prometheus-2.1.0-2.el8pc.noarch.rpm python38-django-readonly-field-1.0.5-3.el8pc.noarch.rpm python38-djangorestframework-3.12.4-4.el8pc.noarch.rpm python38-djangorestframework-queryfields-1.0.0-4.el8pc.noarch.rpm python38-drf-access-policy-1.1.0-1.el8pc.noarch.rpm python38-drf-nested-routers-0.93.3-3.el8pc.noarch.rpm python38-drf-spectacular-0.20.1-1.el8pc.noarch.rpm python38-dynaconf-3.1.7-2.el8pc.noarch.rpm python38-ecdsa-0.13.3-3.el8pc.noarch.rpm python38-enrich-1.2.6-3.el8pc.noarch.rpm python38-et-xmlfile-1.1.0-1.el8pc.noarch.rpm python38-flake8-3.9.2-3.el8pc.noarch.rpm python38-future-0.18.2-4.el8pc.noarch.rpm python38-galaxy-importer-0.4.1-2.el8pc.noarch.rpm python38-gnupg-0.4.7-2.el8pc.noarch.rpm python38-gunicorn-20.1.0-3.el8pc.noarch.rpm python38-idna-3.3-1.el8pc.noarch.rpm python38-idna-ssl-1.1.0-4.el8pc.noarch.rpm python38-importlib-metadata-1.7.0-2.el8pc.noarch.rpm python38-inflection-0.5.1-2.el8pc.noarch.rpm python38-iniparse-0.4-34.el8pc.noarch.rpm python38-jinja2-3.0.2-1.el8pc.noarch.rpm python38-jsonschema-3.2.0-7.el8pc.noarch.rpm python38-markdown-3.3.4-4.el8pc.noarch.rpm python38-markuppy-1.14-2.el8pc.noarch.rpm python38-mccabe-0.6.1-2.el8pc.noarch.rpm python38-naya-1.1.1-1.el8pc.noarch.rpm python38-odfpy-1.4.1-5.el8pc.noarch.rpm python38-openpyxl-3.0.9-1.el8pc.noarch.rpm python38-packaging-21.2-1.el8pc.noarch.rpm python38-parsley-1.3-1.el8pc.noarch.rpm python38-pbr-5.6.0-1.el8pc.noarch.rpm python38-productmd-1.33-2.el8pc.noarch.rpm python38-prometheus-client-0.8.0-2.el8pc.noarch.rpm python38-pulp-ansible-0.10.1-1.el8pc.noarch.rpm python38-pulp-certguard-1.5.1-1.el8pc.noarch.rpm python38-pulp-cli-0.14.0-1.el8pc.noarch.rpm python38-pulp-container-2.9.2-1.el8pc.noarch.rpm python38-pulp-deb-2.16.1-1.el8pc.noarch.rpm python38-pulp-file-1.10.1-1.el8pc.noarch.rpm python38-pulp-rpm-3.17.5-1.1.el8pc.noarch.rpm python38-pulpcore-3.16.9-1.el8pc.noarch.rpm python38-pyOpenSSL-19.1.0-2.el8pc.noarch.rpm python38-pycodestyle-2.7.0-4.el8pc.noarch.rpm python38-pycparser-2.20-2.el8pc.noarch.rpm python38-pyflakes-2.3.1-4.el8pc.noarch.rpm python38-pygments-2.10.0-2.el8pc.noarch.rpm python38-pygtrie-2.4.2-2.el8pc.noarch.rpm python38-pyjwkest-1.4.2-5.el8pc.noarch.rpm python38-pyjwt-1.7.1-7.el8pc.noarch.rpm python38-pyparsing-2.4.7-2.el8pc.noarch.rpm python38-pytz-2021.3-1.el8pc.noarch.rpm python38-redis-3.5.3-2.el8pc.noarch.rpm python38-requests-2.26.0-3.el8pc.noarch.rpm python38-requirements-parser-0.2.0-2.el8pc.noarch.rpm python38-rich-10.12.0-1.el8pc.noarch.rpm python38-ruamel-yaml-0.17.17-1.el8pc.noarch.rpm python38-schema-0.7.5-1.el8pc.noarch.rpm python38-semantic-version-2.8.5-2.el8pc.noarch.rpm python38-six-1.16.0-1.el8pc.noarch.rpm python38-sqlparse-0.4.2-2.el8pc.noarch.rpm python38-tablib-3.1.0-1.el8pc.noarch.rpm python38-tenacity-7.0.0-2.el8pc.noarch.rpm python38-toml-0.10.2-2.el8pc.noarch.rpm python38-typing-extensions-3.10.0.2-1.el8pc.noarch.rpm python38-uritemplate-4.1.1-1.el8pc.noarch.rpm python38-url-normalize-1.4.3-3.el8pc.noarch.rpm python38-urllib3-1.26.7-1.el8pc.noarch.rpm python38-urlman-1.4.0-2.el8pc.noarch.rpm python38-wcmatch-8.3-1.el8pc.noarch.rpm python38-webencodings-0.5.1-2.el8pc.noarch.rpm python38-whitenoise-5.3.0-1.el8pc.noarch.rpm python38-xlrd-2.0.1-4.el8pc.noarch.rpm python38-xlwt-1.3.0-2.el8pc.noarch.rpm python38-zipp-3.4.0-3.el8pc.noarch.rpm qpid-tools-1.39.0-7.el8amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el8sat.noarch.rpm rubygem-algebrick-0.7.3-8.el8sat.noarch.rpm rubygem-ansi-1.5.0-3.el8sat.noarch.rpm rubygem-apipie-params-0.0.5-5.1.el8sat.noarch.rpm rubygem-bundler_ext-0.4.1-6.el8sat.noarch.rpm rubygem-clamp-1.1.2-7.el8sat.noarch.rpm rubygem-concurrent-ruby-1.1.6-3.el8sat.noarch.rpm rubygem-concurrent-ruby-edge-0.6.0-3.el8sat.noarch.rpm rubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm rubygem-dynflow-1.6.4-1.el8sat.noarch.rpm rubygem-excon-0.76.0-2.el8sat.noarch.rpm rubygem-faraday-0.17.3-2.el8sat.noarch.rpm rubygem-faraday_middleware-0.13.1-3.el8sat.noarch.rpm rubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm rubygem-foreman_maintain-1.0.12-1.el8sat.noarch.rpm rubygem-gssapi-1.2.0-8.el8sat.noarch.rpm rubygem-hashie-3.6.0-3.el8sat.noarch.rpm rubygem-highline-2.0.3-2.el8sat.noarch.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm rubygem-infoblox-3.0.0-4.el8sat.noarch.rpm rubygem-journald-logger-2.0.4-3.el8sat.noarch.rpm rubygem-jwt-2.2.2-2.el8sat.noarch.rpm rubygem-kafo-6.4.0-1.el8sat.noarch.rpm rubygem-kafo_parsers-1.2.1-1.el8sat.noarch.rpm rubygem-kafo_wizards-0.0.2-2.el8sat.noarch.rpm rubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm rubygem-logging-2.3.0-2.el8sat.noarch.rpm rubygem-logging-journald-2.0.0-3.el8sat.noarch.rpm rubygem-mime-types-3.3.1-2.el8sat.noarch.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm rubygem-mini_portile2-2.5.1-1.el8sat.noarch.rpm rubygem-mqtt-0.5.0-1.el8sat.noarch.rpm rubygem-multi_json-1.14.1-3.el8sat.noarch.rpm rubygem-multipart-post-2.0.0-3.el8sat.noarch.rpm rubygem-mustermann-1.1.1-1.el8sat.noarch.rpm rubygem-net-ssh-4.2.0-3.el8sat.noarch.rpm rubygem-net-ssh-krb-0.4.0-4.el8sat.noarch.rpm rubygem-netrc-0.11.0-6.el8sat.noarch.rpm rubygem-oauth-0.5.4-5.el8sat.noarch.rpm rubygem-openscap-0.4.9-7.el8sat.noarch.rpm rubygem-openscap_parser-1.0.2-2.el8sat.noarch.rpm rubygem-powerbar-2.0.1-3.el8sat.noarch.rpm rubygem-rack-2.2.3-2.el8sat.noarch.rpm rubygem-rack-protection-2.1.0-2.el8sat.noarch.rpm rubygem-rb-inotify-0.9.7-6.el8sat.noarch.rpm rubygem-rbnacl-4.0.2-2.el8sat.noarch.rpm rubygem-redfish_client-0.5.2-2.el8sat.noarch.rpm rubygem-rest-client-2.0.2-4.el8sat.noarch.rpm rubygem-rsec-0.4.3-5.el8sat.noarch.rpm rubygem-ruby2_keywords-0.0.4-1.el8sat.noarch.rpm rubygem-rubyipmi-0.11.0-1.el8sat.noarch.rpm rubygem-sd_notify-0.1.0-2.el8sat.noarch.rpm rubygem-sequel-5.42.0-2.el8sat.noarch.rpm rubygem-server_sent_events-0.1.2-2.el8sat.noarch.rpm rubygem-sinatra-2.1.0-3.el8sat.noarch.rpm rubygem-smart_proxy_ansible-3.3.1-2.el8sat.noarch.rpm rubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.noarch.rpm rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el8sat.noarch.rpm rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el8sat.noarch.rpm rubygem-smart_proxy_discovery-1.0.5-8.el8sat.noarch.rpm rubygem-smart_proxy_discovery_image-1.3.2-3.el8sat.noarch.rpm rubygem-smart_proxy_dns_infoblox-1.1.0-6.el8sat.noarch.rpm rubygem-smart_proxy_dynflow-0.6.3-1.el8sat.noarch.rpm rubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.noarch.rpm rubygem-smart_proxy_openscap-0.9.2-1.el8sat.noarch.rpm rubygem-smart_proxy_pulp-3.2.0-2.el8sat.noarch.rpm rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el8sat.noarch.rpm rubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.noarch.rpm rubygem-statsd-instrument-2.1.4-4.el8sat.noarch.rpm rubygem-tilt-2.0.8-5.el8sat.noarch.rpm rubygem-unf-0.1.3-9.el8sat.noarch.rpm satellite-capsule-6.11.0-2.el8sat.noarch.rpm satellite-common-6.11.0-2.el8sat.noarch.rpm satellite-installer-6.11.0.7-1.el8sat.noarch.rpm satellite-maintain-0.0.1-1.el8sat.noarch.rpm
x86_64: createrepo_c-0.20.0-1.el8pc.x86_64.rpm createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm createrepo_c-debugsource-0.20.0-1.el8pc.x86_64.rpm createrepo_c-libs-0.20.0-1.el8pc.x86_64.rpm createrepo_c-libs-debuginfo-0.20.0-1.el8pc.x86_64.rpm dynflow-utils-1.6.3-1.el8sat.x86_64.rpm foreman-discovery-image-service-1.0.0-4.1.el8sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-4.1.el8sat.x86_64.rpm libcomps-0.1.18-1.el8pc.x86_64.rpm libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm libcomps-debugsource-0.1.18-1.el8pc.x86_64.rpm libdb-cxx-5.3.28-42.el8_4.x86_64.rpm libdb-cxx-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-debugsource-5.3.28-42.el8_4.x86_64.rpm libdb-java-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-sql-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-sql-devel-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-tcl-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-utils-debuginfo-5.3.28-42.el8_4.x86_64.rpm libsodium-1.0.17-3.el8sat.x86_64.rpm libsodium-debuginfo-1.0.17-3.el8sat.x86_64.rpm libsodium-debugsource-1.0.17-3.el8sat.x86_64.rpm libsolv-0.7.22-1.el8pc.x86_64.rpm libsolv-debuginfo-0.7.22-1.el8pc.x86_64.rpm libsolv-debugsource-0.7.22-1.el8pc.x86_64.rpm libsolv-demo-debuginfo-0.7.22-1.el8pc.x86_64.rpm libsolv-tools-debuginfo-0.7.22-1.el8pc.x86_64.rpm libwebsockets-2.4.2-2.el8.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el8.x86_64.rpm libwebsockets-debugsource-2.4.2-2.el8.x86_64.rpm libwebsockets-tests-debuginfo-2.4.2-2.el8.x86_64.rpm pulpcore-selinux-1.3.0-1.el8pc.x86_64.rpm puppet-agent-7.12.1-1.el8sat.x86_64.rpm python-aiohttp-debugsource-3.8.1-2.el8pc.x86_64.rpm python-brotli-debugsource-1.0.9-1.el8pc.x86_64.rpm python-cchardet-debugsource-2.1.7-1.el8pc.x86_64.rpm python-cffi-debugsource-1.15.0-1.el8pc.x86_64.rpm python-cryptography-debugsource-3.1.1-1.el8pc.x86_64.rpm python-frozenlist-debugsource-1.3.0-1.el8pc.x86_64.rpm python-lxml-debugsource-4.7.1-1.el8pc.x86_64.rpm python-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm python-markupsafe-debugsource-2.0.1-2.el8pc.x86_64.rpm python-multidict-debugsource-5.2.0-1.el8pc.x86_64.rpm python-psutil-debugsource-5.7.2-2.el8sat.x86_64.rpm python-psycopg2-debugsource-2.9.1-1.el8pc.x86_64.rpm python-pycairo-debugsource-1.20.1-2.el8pc.x86_64.rpm python-pycares-debugsource-4.1.2-3.el8pc.x86_64.rpm python-pycryptodomex-debugsource-3.11.0-1.el8pc.x86_64.rpm python-pygobject-debugsource-3.40.1-1.el8pc.x86_64.rpm python-pyrsistent-debugsource-0.18.0-1.el8pc.x86_64.rpm python-rhsm-debugsource-1.19.2-2.el8pc.x86_64.rpm python-ruamel-yaml-clib-debugsource-0.2.6-1.el8pc.x86_64.rpm python-yarl-debugsource-1.7.2-1.el8pc.x86_64.rpm python2-qpid-qmf-1.39.0-7.el8amq.x86_64.rpm python2-saslwrapper-0.22-6.el8sat.x86_64.rpm python2-saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm python3-createrepo_c-0.20.0-1.el8pc.x86_64.rpm python3-createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm python3-libcomps-0.1.18-1.el8pc.x86_64.rpm python3-libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm python3-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm python3-psutil-5.7.2-2.el8sat.x86_64.rpm python3-psutil-debuginfo-5.7.2-2.el8sat.x86_64.rpm python3-qpid-proton-0.33.0-4.el8.x86_64.rpm python3-qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm python3-solv-0.7.22-1.el8pc.x86_64.rpm python3-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm python38-aiohttp-3.8.1-2.el8pc.x86_64.rpm python38-aiohttp-debuginfo-3.8.1-2.el8pc.x86_64.rpm python38-brotli-1.0.9-1.el8pc.x86_64.rpm python38-brotli-debuginfo-1.0.9-1.el8pc.x86_64.rpm python38-cchardet-2.1.7-1.el8pc.x86_64.rpm python38-cchardet-debuginfo-2.1.7-1.el8pc.x86_64.rpm python38-cffi-1.15.0-1.el8pc.x86_64.rpm python38-cffi-debuginfo-1.15.0-1.el8pc.x86_64.rpm python38-createrepo_c-0.20.0-1.el8pc.x86_64.rpm python38-createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm python38-cryptography-3.1.1-1.el8pc.x86_64.rpm python38-cryptography-debuginfo-3.1.1-1.el8pc.x86_64.rpm python38-frozenlist-1.3.0-1.el8pc.x86_64.rpm python38-frozenlist-debuginfo-1.3.0-1.el8pc.x86_64.rpm python38-libcomps-0.1.18-1.el8pc.x86_64.rpm python38-libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm python38-lxml-4.7.1-1.el8pc.x86_64.rpm python38-lxml-debuginfo-4.7.1-1.el8pc.x86_64.rpm python38-markupsafe-2.0.1-2.el8pc.x86_64.rpm python38-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm python38-multidict-5.2.0-1.el8pc.x86_64.rpm python38-multidict-debuginfo-5.2.0-1.el8pc.x86_64.rpm python38-psycopg2-2.9.1-1.el8pc.x86_64.rpm python38-psycopg2-debuginfo-2.9.1-1.el8pc.x86_64.rpm python38-pycairo-1.20.1-2.el8pc.x86_64.rpm python38-pycairo-debuginfo-1.20.1-2.el8pc.x86_64.rpm python38-pycares-4.1.2-3.el8pc.x86_64.rpm python38-pycares-debuginfo-4.1.2-3.el8pc.x86_64.rpm python38-pycryptodomex-3.11.0-1.el8pc.x86_64.rpm python38-pycryptodomex-debuginfo-3.11.0-1.el8pc.x86_64.rpm python38-pygobject-3.40.1-1.el8pc.x86_64.rpm python38-pygobject-debuginfo-3.40.1-1.el8pc.x86_64.rpm python38-pyrsistent-0.18.0-1.el8pc.x86_64.rpm python38-pyrsistent-debuginfo-0.18.0-1.el8pc.x86_64.rpm python38-pyyaml-5.4.1-3.el8pc.x86_64.rpm python38-rhsm-1.19.2-2.el8pc.x86_64.rpm python38-rhsm-debuginfo-1.19.2-2.el8pc.x86_64.rpm python38-ruamel-yaml-clib-0.2.6-1.el8pc.x86_64.rpm python38-ruamel-yaml-clib-debuginfo-0.2.6-1.el8pc.x86_64.rpm python38-solv-0.7.22-1.el8pc.x86_64.rpm python38-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm python38-yarl-1.7.2-1.el8pc.x86_64.rpm python38-yarl-debuginfo-1.7.2-1.el8pc.x86_64.rpm qpid-cpp-client-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-devel-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-debugsource-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-ha-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-linearstore-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-linearstore-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-dispatch-debugsource-1.14.0-6.el8.x86_64.rpm qpid-dispatch-router-1.14.0-6.el8.x86_64.rpm qpid-dispatch-router-debuginfo-1.14.0-6.el8.x86_64.rpm qpid-proton-c-0.33.0-4.el8.x86_64.rpm qpid-proton-c-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-cpp-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-debugsource-0.33.0-4.el8.x86_64.rpm qpid-qmf-1.39.0-7.el8amq.x86_64.rpm qpid-qmf-debuginfo-1.39.0-7.el8amq.x86_64.rpm ruby-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm rubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debuginfo-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm rubygem-journald-native-1.0.11-4.1.el8sat.x86_64.rpm rubygem-journald-native-debuginfo-1.0.11-4.1.el8sat.x86_64.rpm rubygem-journald-native-debugsource-1.0.11-4.1.el8sat.x86_64.rpm rubygem-msgpack-1.3.3-2.1.el8sat.x86_64.rpm rubygem-msgpack-debuginfo-1.3.3-2.1.el8sat.x86_64.rpm rubygem-msgpack-debugsource-1.3.3-2.1.el8sat.x86_64.rpm rubygem-newt-0.9.7-3.1.el8sat.x86_64.rpm rubygem-newt-debuginfo-0.9.7-3.1.el8sat.x86_64.rpm rubygem-newt-debugsource-0.9.7-3.1.el8sat.x86_64.rpm rubygem-nokogiri-1.11.3-2.el8sat.x86_64.rpm rubygem-nokogiri-debuginfo-1.11.3-2.el8sat.x86_64.rpm rubygem-nokogiri-debugsource-1.11.3-2.el8sat.x86_64.rpm rubygem-qpid_proton-debuginfo-0.33.0-4.el8.x86_64.rpm rubygem-rkerberos-0.1.5-20.1.el8sat.x86_64.rpm rubygem-rkerberos-debuginfo-0.1.5-20.1.el8sat.x86_64.rpm rubygem-rkerberos-debugsource-0.1.5-20.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-0.7.1-2.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-debugsource-0.7.1-2.1.el8sat.x86_64.rpm rubygem-sqlite3-1.3.13-7.1.el8sat.x86_64.rpm rubygem-sqlite3-debuginfo-1.3.13-7.1.el8sat.x86_64.rpm rubygem-sqlite3-debugsource-1.3.13-7.1.el8sat.x86_64.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm saslwrapper-0.22-6.el8sat.x86_64.rpm saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm saslwrapper-debugsource-0.22-6.el8sat.x86_64.rpm
Red Hat Satellite 6.11 for RHEL 8:
Source: rubygem-clamp-1.1.2-7.el8sat.src.rpm rubygem-foreman_maintain-1.0.12-1.el8sat.src.rpm rubygem-highline-2.0.3-2.el8sat.src.rpm satellite-clone-3.1.0-2.el8sat.src.rpm satellite-maintain-0.0.1-1.el8sat.src.rpm
noarch: rubygem-clamp-1.1.2-7.el8sat.noarch.rpm rubygem-foreman_maintain-1.0.12-1.el8sat.noarch.rpm rubygem-highline-2.0.3-2.el8sat.noarch.rpm satellite-clone-3.1.0-2.el8sat.noarch.rpm satellite-maintain-0.0.1-1.el8sat.noarch.rpm
Red Hat Satellite 6.11 for RHEL 8:
Source: foreman-3.1.1.21-2.el8sat.src.rpm rubygem-amazing_print-1.1.0-2.el8sat.src.rpm rubygem-apipie-bindings-0.4.0-2.el8sat.src.rpm rubygem-clamp-1.1.2-7.el8sat.src.rpm rubygem-domain_name-0.5.20160310-5.el8sat.src.rpm rubygem-fast_gettext-1.4.1-5.el8sat.src.rpm rubygem-hammer_cli-3.1.0.1-1.el8sat.src.rpm rubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.src.rpm rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.src.rpm rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.src.rpm rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.src.rpm rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.src.rpm rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.src.rpm rubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.src.rpm rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.src.rpm rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.src.rpm rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.src.rpm rubygem-hammer_cli_katello-1.3.1.6-1.el8sat.src.rpm rubygem-hashie-3.6.0-3.el8sat.src.rpm rubygem-highline-2.0.3-2.el8sat.src.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm rubygem-jwt-2.2.2-2.el8sat.src.rpm rubygem-little-plugger-1.1.4-3.el8sat.src.rpm rubygem-locale-2.0.9-15.el8sat.src.rpm rubygem-logging-2.3.0-2.el8sat.src.rpm rubygem-mime-types-3.3.1-2.el8sat.src.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm rubygem-multi_json-1.14.1-3.el8sat.src.rpm rubygem-netrc-0.11.0-6.el8sat.src.rpm rubygem-oauth-0.5.4-5.el8sat.src.rpm rubygem-powerbar-2.0.1-3.el8sat.src.rpm rubygem-rest-client-2.0.2-4.el8sat.src.rpm rubygem-unf-0.1.3-9.el8sat.src.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm rubygem-unicode-0.4.4.4-4.1.el8sat.src.rpm rubygem-unicode-display_width-1.7.0-2.el8sat.src.rpm satellite-6.11.0-2.el8sat.src.rpm
noarch: foreman-cli-3.1.1.21-2.el8sat.noarch.rpm rubygem-amazing_print-1.1.0-2.el8sat.noarch.rpm rubygem-apipie-bindings-0.4.0-2.el8sat.noarch.rpm rubygem-clamp-1.1.2-7.el8sat.noarch.rpm rubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm rubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm rubygem-hammer_cli-3.1.0.1-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.noarch.rpm rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.noarch.rpm rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.noarch.rpm rubygem-hammer_cli_katello-1.3.1.6-1.el8sat.noarch.rpm rubygem-hashie-3.6.0-3.el8sat.noarch.rpm rubygem-highline-2.0.3-2.el8sat.noarch.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm rubygem-jwt-2.2.2-2.el8sat.noarch.rpm rubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm rubygem-locale-2.0.9-15.el8sat.noarch.rpm rubygem-logging-2.3.0-2.el8sat.noarch.rpm rubygem-mime-types-3.3.1-2.el8sat.noarch.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm rubygem-multi_json-1.14.1-3.el8sat.noarch.rpm rubygem-netrc-0.11.0-6.el8sat.noarch.rpm rubygem-oauth-0.5.4-5.el8sat.noarch.rpm rubygem-powerbar-2.0.1-3.el8sat.noarch.rpm rubygem-rest-client-2.0.2-4.el8sat.noarch.rpm rubygem-unf-0.1.3-9.el8sat.noarch.rpm rubygem-unicode-display_width-1.7.0-2.el8sat.noarch.rpm satellite-cli-6.11.0-2.el8sat.noarch.rpm
x86_64: rubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unicode-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-unicode-debuginfo-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-unicode-debugsource-0.4.4.4-4.1.el8sat.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3584 https://access.redhat.com/security/cve/CVE-2021-4142 https://access.redhat.com/security/cve/CVE-2021-21290 https://access.redhat.com/security/cve/CVE-2021-21295 https://access.redhat.com/security/cve/CVE-2021-21409 https://access.redhat.com/security/cve/CVE-2021-30151 https://access.redhat.com/security/cve/CVE-2021-32839 https://access.redhat.com/security/cve/CVE-2021-33928 https://access.redhat.com/security/cve/CVE-2021-33929 https://access.redhat.com/security/cve/CVE-2021-33930 https://access.redhat.com/security/cve/CVE-2021-33938 https://access.redhat.com/security/cve/CVE-2021-41136 https://access.redhat.com/security/cve/CVE-2021-42550 https://access.redhat.com/security/cve/CVE-2021-43797 https://access.redhat.com/security/cve/CVE-2021-43818 https://access.redhat.com/security/cve/CVE-2021-44420 https://access.redhat.com/security/cve/CVE-2021-44568 https://access.redhat.com/security/cve/CVE-2021-45115 https://access.redhat.com/security/cve/CVE-2021-45116 https://access.redhat.com/security/cve/CVE-2021-45452 https://access.redhat.com/security/cve/CVE-2022-22818 https://access.redhat.com/security/cve/CVE-2022-23633 https://access.redhat.com/security/cve/CVE-2022-23634 https://access.redhat.com/security/cve/CVE-2022-23833 https://access.redhat.com/security/cve/CVE-2022-23837 https://access.redhat.com/security/cve/CVE-2022-28346 https://access.redhat.com/security/cve/CVE-2022-28347 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html/release_notes
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYsSEj9zjgjWX9erEAQj1NhAAh9dwyCl+/LFkekteujgg+I646SZTWNua 7x7JKiF+ptoaQB3ZcbKHAwuLMK5LNzTnsq+Y+ZuhPh1EkDKlZ1LkiONw/kTgMHLB EEq+lqiI3Lr31NWValfQiIatXbLQIyD7ZCk9dxxkJtTGGJw+CL7W4f2naYAsei+4 iYghK8DG5C33U5K/1NpXetfQMpRihferXV15Cx/bxGMcRP+ryD9vxxq4PDMWa1UH zTco1EAzP3UZxpD/AqCwNmBoG4r8gxSJml6CJatiicUQ1SrTdSMj2x8jYJ8pCWXR 2ceGJVse2rBC0cunqV3tX/NL9xu8L8Vq4lyYDzJNhoSElQ6Lb/lpu1HpQpoqqmAf UBA7f80opj1o80U/M/WTQaQ9dYFDua7WlzzeuP026Pohsy/M1lZicmXMCDGJZaT1 E4ivToILRGYfhZcVBrhFgWiPUQRmFvhxpGY0cStlmpMAruGeE9saXr1LyAbQrlty fnm4z+pRiLowgJPPTmusYPicL0p1DwU9XMxDSTW11/zp9PK5dErL+mIYofbvrOpk MhTKGBJ7yOgrmKTBUNIyNupeLuFM5MUBcw+nnTyjUHPh1Vaygq//WbUD+2IZileV 0tRbFgVrt8mCk031+OVCbsUyGPO/D9+ambl7xieynjuIOHyLC+H3PH9QghCzZAUS aMoVmOr2Umo=+ioi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-6682-1 March 07, 2024
puma vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS (Available with Ubuntu Pro)
- Ubuntu 20.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in Puma.
Software Description: - puma: threaded HTTP 1.1 server for Ruby/Rack applications
Details:
ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-11076)
It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-11077)
Jean Boussier discovered that Puma might not always release resources properly after handling HTTP requests. A remote attacker could possibly use this issue to read sensitive information. (CVE-2022-23634)
It was discovered that Puma incorrectly handled certain malformed headers. A remote attacker could use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-24790)
Ben Kallus discovered that Puma incorrectly handled parsing certain headers. A remote attacker could use this issue to perform an HTTP Request Smuggling attack. (CVE-2023-40175)
Bartek Nowotarski discovered that Puma incorrectly handled parsing certain encoded content. A remote attacker could possibly use this to cause a denial of service. (CVE-2024-21647)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS (Available with Ubuntu Pro): puma 5.5.2-2ubuntu2+esm1
Ubuntu 20.04 LTS (Available with Ubuntu Pro): puma 3.12.4-1ubuntu2+esm1
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-1144",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "puma",
"scope": "lt",
"trust": 1.6,
"vendor": "puma",
"version": "5.6.2"
},
{
"model": "rails",
"scope": "lt",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "7.0.2.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "puma",
"scope": "gte",
"trust": 1.0,
"vendor": "puma",
"version": "5.0.0"
},
{
"model": "rails",
"scope": "gte",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "7.0.0"
},
{
"model": "puma",
"scope": "lt",
"trust": 1.0,
"vendor": "puma",
"version": "4.3.11"
},
{
"model": "rails",
"scope": "lt",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "6.1.4.6"
},
{
"model": "rails",
"scope": "gte",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "6.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "rails",
"scope": "lt",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "5.2.6.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "rails",
"scope": "lt",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "6.0.4.6"
},
{
"model": "rails",
"scope": "gte",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "6.1.0"
},
{
"model": "rails",
"scope": "gte",
"trust": 1.0,
"vendor": "rubyonrails",
"version": "5.0.0"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "rails",
"scope": null,
"trust": 0.8,
"vendor": "ruby on rails",
"version": null
},
{
"model": "puma",
"scope": null,
"trust": 0.8,
"vendor": "puma",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-10705"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005839"
},
{
"db": "NVD",
"id": "CVE-2022-23634"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168079"
}
],
"trust": 0.1
},
"cve": "CVE-2022-23634",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-23634",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2022-10705",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-23634",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2022-23634",
"impactScore": 5.8,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-23634",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-23634",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2022-23634",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-23634",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2022-10705",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1101",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-23634",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-10705"
},
{
"db": "VULMON",
"id": "CVE-2022-23634"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005839"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1101"
},
{
"db": "NVD",
"id": "CVE-2022-23634"
},
{
"db": "NVD",
"id": "CVE-2022-23634"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails\u0027 Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability. Puma and Rails Exists in unspecified vulnerabilities.Information may be obtained. Puma is a web server for high-concurrency applications developed by the individual developer of Evan Phoenix in the United States. No detailed vulnerability details are currently provided. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-28\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Puma: Multiple Vulnerabilities\n Date: August 14, 2022\n Bugs: #794034, #817893, #833155, #836431\n ID: 202208-28\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Puma, the worst of\nwhich could result in denial of service. \n\nBackground\n=========\nPuma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server\nfor Ruby/Rack. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/puma \u003c 5.6.4 \u003e= 5.6.4\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Puma. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Puma users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/puma-5.6.4\"\n\nReferences\n=========\n[ 1 ] CVE-2021-29509\n https://nvd.nist.gov/vuln/detail/CVE-2021-29509\n[ 2 ] CVE-2021-41136\n https://nvd.nist.gov/vuln/detail/CVE-2021-41136\n[ 3 ] CVE-2022-23634\n https://nvd.nist.gov/vuln/detail/CVE-2022-23634\n[ 4 ] CVE-2022-24790\n https://nvd.nist.gov/vuln/detail/CVE-2022-24790\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-28\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n\nWe recommend that you upgrade your puma packages. \n\nFor the detailed security status of puma please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/puma\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmKNGrEACgkQEMKTtsN8\nTjYLKxAAmsH1Yv2uTLb4ONhlsJwSpEW7+lZChBTALXMvJZGhBeWCNqMzKwYZGf7E\n+DPi0F04Igm930pDB/diFuu0P+R/OkLTGRklDL6Y1fa7quzVXJ2iyWCFb5ilA5dw\n3BNz2qkytsXLy9lVXsCfUo06A6inwOpNeg+Dyz61iA+l6cuUoXveji4xg9WzJZJT\nvB1Acuns273ILxoYcTrnoG0srLZ2WQwduvyu1wRV5z6UjAZ9MwxxKWA1dm2fyNmG\nMfUugl6rHryyQq8MjY/qgnUpAb5aAT6OiyiBv2faJHflCvtYBzA5cE1aTUg/2EpK\nOG2lJYUJkzks0P8apw4ZoFQAxZcYbcQAUMSSrwMOob6YqIw1LO6oped3L86Yr/UY\nUK7m0N2EC0TYWiPa3Y0oW1348jatdqlEQP5OxoMLAIY2qlhH08xnpx6Pf9xzZynH\nivM7kBn9xsOIZQh6XGdHLFnioBc9S2fUQlaIK5D6tn+2T3+CzR85qoY6mg3ZsJlI\nrpkNI2Fgj/piZIdhDxSM9A7Tb840ECi1Tv3Z1P0b9ujlzrzlRWO+GinTNl4HS8f1\n7jUZ4HzAaeUg/LRcBrURlmG2vcCT6cB3qM/m/jX0VF1w/6AzjqysHGfD+MxhrxQA\nPKqIrnCaAvSSV59rtWxyzSSfwOfLFUkUu6BWDiLo71Jl2XxCrdE=\n=w9Nx\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Satellite 6.11 Release\nAdvisory ID: RHSA-2022:5498-01\nProduct: Red Hat Satellite 6\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:5498\nIssue date: 2022-07-05\nCVE Names: CVE-2021-3200 CVE-2021-3584 CVE-2021-4142\n CVE-2021-21290 CVE-2021-21295 CVE-2021-21409\n CVE-2021-30151 CVE-2021-32839 CVE-2021-33928\n CVE-2021-33929 CVE-2021-33930 CVE-2021-33938\n CVE-2021-41136 CVE-2021-42550 CVE-2021-43797\n CVE-2021-43818 CVE-2021-44420 CVE-2021-44568\n CVE-2021-45115 CVE-2021-45116 CVE-2021-45452\n CVE-2022-22818 CVE-2022-23633 CVE-2022-23634\n CVE-2022-23833 CVE-2022-23837 CVE-2022-28346\n CVE-2022-28347\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Satellite 6.11\n\n2. Relevant releases/architectures:\n\nRed Hat Satellite 6.11 for RHEL 7 - noarch, x86_64\nRed Hat Satellite 6.11 for RHEL 8 - noarch, x86_64\n\n3. Description:\n\nRed Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized tool. \n\nSecurity Fix(es):\n\n* libsolv: Heap-based buffer overflow in testcase_read() in src/testcase.c\n(CVE-2021-3200)\n* satellite: foreman: Authenticate remote code execution through Sendmail\nconfiguration (CVE-2021-3584)\n* candlepin: Allow unintended SCA certificate to authenticate Candlepin\n(CVE-2021-4142)\n* candlepin: netty: Information disclosure via the local system temporary\ndirectory (CVE-2021-21290)\n* candlepin: netty: Possible request smuggling in HTTP/2 due missing\nvalidation (CVE-2021-21295)\n* candlepin: netty: Request smuggling via content-length header\n(CVE-2021-21409)\n* tfm-rubygem-sidekiq: XSS via the queue name of the live-poll feature\n(CVE-2021-30151)\n* python-sqlparse: ReDoS via regular expression in StripComments filter\n(CVE-2021-32839)\n* libsolv: various flaws (CVE-2021-33928 CVE-2021-33929 CVE-2021-33930\nCVE-2021-33938)\n* tfm-rubygem-puma: Inconsistent Interpretation of HTTP Requests in puma\n(CVE-2021-41136)\n* logback-classic: Remote code execution through JNDI call from within its\nconfiguration file (CVE-2021-42550)\n* candlepin: netty: Control chars in header names may lead to HTTP request\nsmuggling (CVE-2021-43797)\n* python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass\nthrough (CVE-2021-43818)\n* python3-django: Potential bypass of an upstream access control based on\nURL paths (CVE-2021-44420)\n* libsolv: Heap overflow (CVE-2021-44568)\n* python3-django: Various flaws (CVE-2021-45115 CVE-2021-45116\nCVE-2021-45452 CVE-2022-22818)\n* tfm-rubygem-actionpack: Information leak between requests\n(CVE-2022-23633)\n* tfm-rubygem-puma: rubygem-rails: Information leak between requests\n(CVE-2022-23634)\n* python3-django: Denial-of-service possibility in file uploads\n(CVE-2022-23833)\n* tfm-rubygem-sidekiq: WebUI Denial of Service caused by number of days on\ngraph (CVE-2022-23837)\n* python3-django: Various flaws (CVE-2022-28346 CVE-2022-28347)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\n* New repo layout for Satellite, Utils, Maintenance, and Client repos. \n* Support for RHEL 9 clients\n* Module-based installation on RHEL 8\n* Upgrading Satellite Server and Capsule Server installations from RHEL 7\nto RHEL 8\n* Connected and Disconnected servers supported on RHEL 7 and RHEL 8\n* Inter-Server Synchronization improvements\n* Puppet integration optional and disabled by default\n* Pulp 3 updated to Python 3.8\n* Change to Capsule certificate archive\n* New default port for communication with Red Hat Subscription Management *\n(RHSM) API on Capsule servers\n* New Content Views Page (Content Publication workflow simplification)\n* New Hosts Page (Technology Preview)\n* Registration and preview templates\n* Simplified host content source changing\n* Improved behavior for configuring and running remote jobs\n* Provisioning improvements\n* New error signaling unsupported options in TASK-Filter\n* Virt-who configuration enhanced to support Nutanix AHV\n* Cloud Connector configuration updated\n* Improved Insights adoption\n\nThe items above are not a complete list of changes. This update also fixes\nseveral bugs and adds various enhancements. Documentation for these changes\nis available from the Release Notes document linked to in the References\nsection. \n\n4. Solution:\n\nFor Red Hat Satellite 6.11 see the following documentation for the release. \nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.11\n\nThe important instructions on how to upgrade are available below. \nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html/upgrading_and_updating_red_hat_satellite\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1459231 - [RFE] Support \u0027cleaning\u0027 a repo of downloaded on_demand content\n1473263 - Processing outputs of remote command on the smart-proxy is slow. \n1545000 - [RFE] As a user of Satellite, I would like to use another Satellite as my CDN. \n1596004 - Cannot register host with activationkey that is associated to host collections that have host count limits\n1609543 - concurrently creating repositories causes most of them are not visible for consumer at the end\n1659649 - [RFE] Shorten or handle \"410 Gone\" errors rather than printing a page-long trace for each\n1662924 - [RFE] Report that lists all the hosts on which a particular repository is enabled\n1685708 - Editing a host tries to inherit the operating system properties from it\u0027s host-group instead of the CV and Lifecycle Environment assigned\n1693733 - ensure foreman-maintain works with RHEL8 Satellite \u0026 Capsules\n1694659 - [RFE] Host Add-Parameter button should not float down page as new params are added. \n1713401 - RHEL 8 systems with OSPP applied cannot install katello-ca-consumer package from Satellite 6.5\n1723632 - When restarting foreman-tasks, long running tasks got forcefully killed after 20 seconds of wait. \n1723751 - [RFE] Provide a script-like interface to task cleanup, preventing wrong values from being entered\n1735540 - Virt-who-config for kubevirt does not support in API and hammer CLI\n1744521 - There is no way to identify the overriden Ansible variables while creating or editing an existing host\n1761421 - [RFE] Option to \"skip-tags\" on Ansible runs from Red Hat Satellite server. \n1770075 - Snippet template may render incorrect result when non-default scope class is used to render the main template. \n1771724 - Move Actions::Katello::Host::UploadPackageProfile out of dynflow\n1777820 - [RFE] Make hammer-cli available for RHEL 8 systems\n1784254 - Static recurring job failed to schedule on 2nd iteration if any of the target host record is invalid. \n1805028 - Issue with hammer shell while using \"--fields\" parameter to display host info\n1807258 - Cloned viewer role cannot view facts\n1807536 - Parent Hostgroup hammer parameter accept only name, not title\n1809769 - [RFE] support ability disable and remove puppetserver from Satellite and Capsules\n1811166 - REX job failed when you enable FIPS on RHEL 8 hosts\n1813624 - Consistent use of unlimited-host argument throughout CLI\n1819309 - [RFE] Load balanced capsules without using sticky sessions\n1825761 - Ansible Role execution reports do not show Ansible Icon\n1832858 - [RFE] Exporting a content view does not exports the description assigned to the content view. \n1844848 - [RFE] add \"duration\" column to tasks hammer and export\n1845471 - exclude source redhat containers by default\n1847825 - Incorrect text alignment for error message\n1851808 - Unable to set ssh password and sudo password when creating a REX job using hammer\n1852897 - API - ISE when using invalid status type\n1862140 - ipv4/6 auto-suggested address should be removed when the different domain and subnet with ipv6/4 are selected\n1867193 - Content Host Traces Management modal window does not respect selection done on the previously opened page\n1869351 - [RFE] Add ability to omit specific hosts from rh_cloud inventory upload\n1872688 - Remote execution will fail on client with FIPS enabled\n1873241 - [RFE] When choosing what capsule to use for Remote Execution into a host, use the host\u0027s \"Registered through\" capsule\n1877283 - [RFE] Request to use /etc/virt-who.conf as the default config file for virt-who plugin\n1878049 - Cancel button should be enabled in the capsule sync until the job completions\n1881668 - hammer user list --help has invalid --order example\n1883612 - [RFE] - Needs Dot Bullet to distinguised environment for Composite Content View on Red Hat Satellite Web UI\n1883816 - Appropriate error message to be shown when creating authsource with same name as existing authsource. \n1886780 - [Sat 6.8/UI/Bug] Refresh icon doesn\u0027t go away\n1893059 - Satellite 6.8 Remote Execution fails on RHEL 8.2 clients with DEFAULT:NO-SHA1 crypto policy\n1896628 - Hammer Command Fails to List Job Invocation Details if Organization is Used\n1898656 - [RFE] Include status of REX jobs on the Satellite Dashboard\n1899481 - [RFE] - Tasks: Need Word Wrap for Long Commands\n1902047 - [RFE] In the message \"Repository cannot be deleted since it has already been included in a published Content View\" , include the name of CV and it\u0027s versions\n1902314 - [RFE] Introduce check-only or dry-run feature for any kind of Ansible based job execution from Satellite 6\n1906023 - ssh debug logging on FIPS causes REX job failure with OpenSSL::Digest::DigestError\n1907795 - Remove the MS Windows provisioning Templates from the RedHat Satellite 6\n1910433 - REX is not possible on RHEL 8 when FUTURE crypto policy is set from Satellite 6.8\n1911545 - Epoch version is missing from rpm Packages tab of Content View Version\n1914803 - Some of the \"filters\" permission changed after the upgrade. \n1915394 - [RFE] Adding an option to keep the ansible-runner files on Satellite. \n1919146 - [RFE] Possibility for further tailoring with Compliance Viewer role\n1920579 - The private bookmark status is not reflected correct in satellite GUI and we cannot make a private bookmark public through Red Hat Satellite GUI\n1922872 - Autosearch is not working even if its enabled. \n1923766 - Inconsistent time format on Sync Plans Details page\n1924625 - Sync status showing never synced even though the repositories has been synced successfully\n1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory\n1927532 - Large CRL file operation causes OOM error in Candlepin\n1931489 - Timeout to kill settings in job execution is not honored when running an Ansible playbook\n1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation\n1937470 - hammer does not have a compute resource associate VMs command as web UI has\n1940308 - [BUG] The / at the end of proxy url is not being handled by satellite correctly when trying to enable repositories\n1942806 - AttributeError occured when run python 3 bootstrap.py on RHEL9.0 Alpha\n1944802 - [RFE] List of all Enabled Repository of all the content hosts using Reporting Templates. \n1944888 - CVE-2021-21409 netty: Request smuggling via content-length header\n1951626 - Validate Content Sync on bulk product produces error messages\n1955385 - Privilege escalation defined inside ansible playbook tasks is not working when executing the playbook via Remote Execution in Satellite 6\n1957070 - [RFE] add \u0027name\u0027 for the role filter in API\n1957288 - [RFE] Add option in the satellite to upload/sync OVAL defination to evalute the rule (xccdf_org.ssgproject.content_rule_security_patches_up_to_date) when performing Compliance scan on the client registered with the Satellite server. \n1958664 - [RFE]? Replace?bcrypt hash function with (FIPS-approved / NIST recommended) encryption algorithm for internal passwords?in the Satellite. \n1959691 - [Tuning] Tuning Puma in the predefined tuning profiles\n1960228 - Template is written twice when resolving provisioning templates for a host\n1962307 - CVE-2021-3200 libsolv: heap-based buffer overflow in testcase_read() in src/testcase.c\n1962410 - VMs Migrating are Losing ELS Subscriptions and Repos for RHEL 6\n1962847 - foreman-rake katello:* fails with the error message The Dynflow world was not initialized yet\n1964394 - Warning: postgresql.service changed on disk, when calling foreman-maintain service restart\n1965968 - Since Satellite 6.8 it\u0027s not possible to remove subscriptions from \u0027WebUI --\u003e Content --\u003e Subscriptions\u0027 page if the user doesn\u0027t have \u0027Setting\u0027 permissions. \n1967319 - The /api/usergroups/:usergroup_id/external_usergroups API is not accepting 1-group as the name of usergroup\n1968439 - CVE-2021-3584 foreman: Authenticate remote code execution through Sendmail configuration\n1969748 - Hammer documentation for \"hammer organization create --help\" command has unnecessary and repeated description\n1969992 - Exclude pulp-2to3-migration package from Satellite 7.0\n1970482 - Discovery plugin ignores IPv6 when doing reboot/kexec/fetch facts\n1972501 - After promoting the content view, Candlepin failed to mark the entitlement certificates as dirty\n1973146 - [RFE] As a user I want to receive an email notification when a job I triggered fails\n1974225 - Incremental CV update does not auto-publish CCV\n1975321 - select all button selects recommendation for other organizations which fails remediation action(JobInvocation). \n1978323 - [RFE]: Include curve25519sha256 support in Remote Execution\n1978689 - [global registration] [hammer] - No proper alignment in host-registration generate-command -h command\n1979092 - Capsule cname is reported as opposed to hostname\n1979907 - [RFE] IPv6 fact is not being parsed for satellite hosts. \n1980023 - satellite-installer times out during long running SQL DELETE transactions\n1980166 - Too many libvirt connections from Satellite due to ssh connection leaks\n1982970 - Fact updates causing unnecessary compliance recalculation in Candlepin\n1988370 - [RFE] Support Nutanix AHV in the Satellite virt-who plugin\n1992570 - Only Ansible config jobs should run in check mode\n1992624 - Remote Execution fails to honor remote_execution_connect_by_ip override on host\n1992698 - Store certain parts of dynflow data as msgpack\n1994212 - Failed at scanning for repository: undefined method `resolve_substitutions\u0027 for nil:NilClass\n1994237 - Executing any foreman-rake commands shows \u0027ErbParser\u0027 and \u0027RubyParser\u0027 are ignored. \n1994397 - Increased memory usage of pulp-3 workers during repo sync\n1994679 - Host - Last Checkin report template is not showing any other content host apart from Red Hat Satellite itself. \n1996803 - Grammatical errors with Insecure help text at Host Registration\n1997575 - Lifecycle Environment tab flash OSTree \u0026 Docker details for a second then shows actual content path. \n1997818 - \"Login Page Footer Text\" Blocking Login Button on Satellite UI\n1998172 - Puppet classes and environment importer. documentation opens in same tab instead of a new one\n1999604 - Unable to assign ansible roles to a host group via hammer/api with non-admin user\n2000699 - CVE-2021-33928 libsolv: heap-based buffer overflow in pool_installable() in src/repo.h\n2000703 - CVE-2021-33929 libsolv: heap-based buffer overflow in pool_disabled_solvable() in src/repo.h\n2000705 - CVE-2021-33930 libsolv: heap-based buffer overflow in pool_installable_whatprovides() in src/repo.h\n2000707 - CVE-2021-33938 libsolv: heap-based buffer overflow in prune_to_recommended() in src/policy.c\n2000769 - pulp3: CV publishes with dependency solving and same source repos for copy are not concurrent\n2002995 - hammer completion not working\n2004016 - httpboot not working on GRUB version provided by RHEL7\n2004158 - Sat 6.9.5: foreman-rake facts:clean aborts due to foreign key in database\n2004234 - [RFE] Email notification after a job template execution completes. \n2004335 - [RFE] API and Hammer functionality for Red Hat Access Insights in satellite 6\n2005072 - CVE-2021-32839 python-sqlparse: ReDoS via regular expression in StripComments filter\n2007655 - Authorization repository causing invalid upstream url\n2008809 - Task is failing but still showing success state\n2009049 - pulp_rpm: Basic-auth repository causing invalid upstream url\n2009398 - hammer host interface update does not update remote execution setting\n2010138 - Satellite doesn\u0027t forward the \"If-Modified-Since\" header for /accessible_content endpoint to Candlepin\n2011062 - cockpit webconsole login fails when remote execution configured for kerberos\n2013495 - CVE-2021-41136 rubygem-puma: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027) in puma\n2013503 - CVE-2021-30151 sidekiq: XSS via the queue name of the live-poll feature\n2013837 - Improve REX error reporting when uploading script\n2014037 - There is a new login account in satellite 6.9\n2014244 - Remove Greedy DepSolving from UI\n2014251 - Global Registration: Selecting Satellite URL as the proxy fails to register hosts with default config\n2018263 - Using Satellite with a proxy produces an SELinux alert\n2020329 - [RFE] Switch process output to DB\n2021255 - Satellite schedules one recurring InventorySync::Async::InventoryScheduledSync per org but each task syncs all orgs, resulting in harmless but unnecessary tasks\n2021352 - [RFE] One manifest version to cover all of Satellite 7\n2021406 - syncing tens of repos to capsule can cause deadlock: while updating tuple (...) in relation \"core_content\"\n2021985 - [BUG] Upgrading Satellite 6.9 with custom certificates to Satellite 6.10 beta will cause the same problem to occur as BZ# 1961886\n2022648 - please update to Satellite Ansible Collection 3.0.0\n2023809 - Satellite 6.10 upgrade fails with PG::NotNullViolation: ERROR: column \"subscription_id\" contains null values\n2024269 - Attempt of upgrading Satellite server to 6.7 or 6.8 stops with message \"Please run \u0027foreman-maintain prep-6.10-upgrade\u0027 prior to upgrading.\" when using latest rubygem-foreman_maintain package\n2024553 - Repository sync jobs are failing with the Exception \"NoMethodError undefined method `repository_href\u0027 for nil:NilClass\" post upgrade to satellite version 6.10\n2024889 - Syncing RHEL 5 KS repository fails with: \" Artifact() got an unexpected keyword argument \u0027sha\u0027 \"\n2024894 - Unable to sync EPEL repositories on Satellite 6.10 when \u0027Mirror on Sync\u0027 is enabled\n2024963 - Syncing EPEL repos on Satellite 6.10 fails with: \"Incoming and existing advisories have the same id but different timestamps and non-intersecting package lists..\"\n2024978 - Satellite upgrade to 6.10.1 fails with multiple rubygem-sinatra package dependency errors\n2024986 - CV publish fails with: No route matches {:action=\u003e\"show\", :controller=\u003e\"foreman_tasks/tasks\", :id=\u003enil}, missing required keys: [:id] (ActionController::UrlGenerationError)\n2025049 - Executing remove-pulp2 after a successful Satellite 6.10 upgrade breaks synchronizations and repositories. \n2025437 - New OS created due to facts mismatch for operatingsystem for RHSM, Puppet and Ansible\n2025494 - Capsule sync task failed to refresh repo that doesn\u0027t have feed url with \"bad argument (expected URI object or URI string)\" error\n2025523 - Ansible roles are not starting automatically after provisioning\n2025760 - installer does not restart foreman.service when changing puma configuration\n2025811 - Upgrading to Satellite 6.9.6 and above introduces an increase in system memory consumption causing Pulp activities to fail with OOM at certain times\n2026239 - Config report upload failed with \"No smart proxy server found on [\"capsule.example.com\"] and is not in trusted_hosts\"\n2026277 - null value in column \"manifest_id\" violates not-null constraint error while syncing RHOSP container images\n2026415 - RFE: Add command for upgrading foreman-maintain to next major version\n2026658 - Fix name \u0026 path to OS host_init_config template\n2026718 - XCCDF Profile in Tailoring File selecting the first id not the selected id\n2026873 - Date parse error around SCA cert fetching when system locale is en_AU or en_CA\n2027052 - The redhat.satellite.foreman plugin is unable to collect all facts for the target systems as expected when using default api\n2027968 - A failed CV promote during publish or repo sync causes ISE\n2028178 - CVE-2021-44420 django: potential bypass of an upstream access control based on URL paths\n2028205 - db:seed can fail when there are host mismatches\n2028273 - Cannot pull container content - TypeError: wrong argument type String (expected OpenSSL/X509)\n2028377 - [RFE] add option to export and import just repository for hammer content-export\n2028446 - Pulp: Add options to change the import and export path in /etc/pulp/settings.py\n2028733 - katello-change-hostname fails to perform changes, leaving the system in an unusable state\n2029192 - Applying errata from the errata\u0027s page always tries to use katello-agent even when remote_execution_by_default set to true\n2029375 - webhook event \"build_exited\" never gets triggered\n2029385 - selinux denials when accessing /etc/pulp/certs/database_fields.symmetric.key\n2029548 - Excluding system facts logs as WARN causing log files to increase dramatically\n2029760 - Scenarios for Satellite and Capsule 7.0\n2029807 - foreman-maintain service fails for external postgres service, when no psql utility installed\n2029828 - TFTP Storage check fails on undefined method `[]\u0027 for nil:NilClass\n2029829 - change hostname tries to unconditionally restart puppetserver\n2029914 - FIPS enabled RHEL7 server: Candlepin services not running after installation\n2030101 - No longer be able to import content into disconnected Satellite for existing content views\n2030273 - The tasks generated by task export in html format are not sorted by date\n2030434 - Repository sync download all metadata files on every sync, even when there is no new packages\n2030460 - Need a way to sync from a specific content view lifecycle environment of the upstream organization\n2030715 - hammer content-[import,export] uses /tmp directory for temporary decompression location\n2031154 - After upgrading to Satellite 6.10, Repository sync randomly fails if a ReservedResource exists in core_taskreservedresource table of pulpcore DB. \n2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling\n2032098 - Incremental publish content view doesn\u0027t copy any contents\n2032400 - Remove warning from reports page in 7.0\n2032569 - CVE-2021-43818 python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through\n2032602 - Content not accessible after importing\n2032928 - Puppet disable command fails\n2032956 - Cannot create bookmark for credentials search\n2033174 - Large repo sync failed with \"Katello::Errors::Pulp3Error: Response payload is not completed\"\n2033201 - Button to assign roles on Host details page missing\n2033217 - \"Cannot find rabl template \u0027api/v2/override_values/index\u0027\" error while trying to import Ansible variables using hammer CLI. \n2033336 - Add \u0027service restart\u0027 step in purge-puppet command\n2033560 - CVE-2021-42550 logback: remote code execution through JNDI call from within its configuration file\n2033593 - fact_values api performance issues when loading a large number of facts\n2033847 - Content view export failed with undefined method `first\u0027 for nil:NilClass\n2033853 - Publish content view failed with \"PulpRpmClient::ApiError Error message: the server returns an error\"\n2033940 - Error: AttributeError: \u0027NoneType\u0027 object has no attribute \u0027cast\u0027 thrown while listing repository versions\n2034317 - hammer repository upload-content with large file gives \"Too many open files\" error\n2034346 - CVE-2021-4142 Satellite: Allow unintended SCA certificate to authenticate Candlepin\n2034461 - Capsule failed to sync empty repositories\n2034552 - Puppet disable command fails on Capsule\n2034635 - New hosts UI, removal of Share your feedback link\n2034643 - New hosts UI, when navigated back to host detail from jobs detail, old ui is shown instead of new\n2034649 - New hosts UI, missing Ansible cards\n2034659 - OSTree repository update error: `excludes` is not a valid attribute in `PulpOstreeClient::OstreeOstreeRemote`\n2035195 - command \"hammer full-help\" gives error \"Error: uninitialized constant HammerCLIForeman::CommandExtensions::PuppetEnvironment\"\n2035204 - Tags need to be truncated in rh_cloud report\n2035480 - In Satellite upgrade, yum update failed to resolve the \"createrepo_c-libs\" dependency\n2035907 - Ansible config report time is one hour off\n2036054 - [Custom Certs] - Failed to install the custom certs on the Satellite 7.0.0 works fine in 6.10\n2036187 - self-upgrade fails with x.y should be greater than existing version x.y.z!\n2036381 - Applying exclude filter on a CV containing kickstart repos causes missing package groups\n2036628 - Rex job fails Error loading data from Capsule: NoMethodError - undefined method `each\u0027 for nil:NilClass\n2036721 - Satellite is creating the schedule on the wrong day of the week (day+1)\n2037024 - CVE-2021-45115 django: Denial-of-service possibility in UserAttributeSimilarityValidator\n2037025 - CVE-2021-45116 django: Potential information disclosure in dictsort template filter\n2037028 - CVE-2021-45452 django: Potential directory-traversal via Storage.save()\n2037180 - Failed to docker pull image with \"Error: image \u003cimage name\u003e not found\" error\n2037275 - Cockpit integration always fails with authentication error\n2037508 - upload-content results in wrong RPM being added to product\n2037518 - The RSS channel is set to the upstream URL\n2037520 - Bootdisk new host page menu items are missing\n2037648 - upgrade check checking group ownership of /var/lib/pulp (pulp2) instead of /var/lib/pulp/content (pulp3)\n2037706 - Rex job fails: undefined method `join\u0027 for \"RHSA-2012:0055\":String\n2037773 - The new host detail page should be enabled by default without the experimental warning\n2038042 - Ansible Jobs are halting at status running\n2038192 - Upgrade to Satellite 6.10 fails at db:migrate stage if there are errata reference present for some ostree\\puppet type repos\n2038241 - ERROR: at least one Erratum record has migrated_pulp3_href NULL value\n2038388 - Activation key issue with custom products on RHEL 6\n2038432 - Error when importing content and same package belongs to multiple repositories\n2038849 - repositories-setup procedure failing with \"undefined method `map\u0027 for \"*\":String\"\n2039289 - Installing Satellite7, satellite-installer runs redundant upgrade steps\n2039696 - Puppet-related hammer commands still missing after plugin enabled\n2040406 - Incorrect layout of new host details overview cards\n2040447 - [RFE] Katello host detail tabs should accept URL params for search\n2040453 - Limited CV docker tags cannot be pulled after syncing library repo with \"limit sync tags\"\n2040596 - undefined method `name\u0027 for \"\":String\" on \"All Hosts\" page\n2040650 - Upgrade or offline backup fails on RHEL8 due to missing iptables command\n2040773 - Updating repo with GPG key ID fails\n2040796 - Grammar error on SyncPlan Details tab\n2040870 - Error to import rhel7 kickstart on disconnected satellite\n2041457 - Change ks= to inst.ks= and sendmac for RHEL 9 Beta\n2041497 - Incremental CV update fails with 400 HTTP error\n2041508 - Publication creation (during migration to pulp3 as well) can fail if /var/lib/pulp is NFS share\n2041551 - Puppet enable fails on RHEL8 due to missing package(s)\n2041588 - [RFE] Add Type to cdn configuration for \u0027disconnected\u0027 mode\n2041701 - Fail to import contents when the connected and disconnected Satellite have different product labels for the same product\n2042416 - Unclickable Class names in Configure \u003e Puppet classes\n2042480 - Configure Cloud Connector fails after hostname change; potentially hits all templates\n2042848 - Package list of repository is empty page\n2042861 - [Recurring Logic]logging for recurring logic should be more verbose\n2043081 - 406 error appears when running insights-client --compliance\n2043097 - sql dump of dynflow data is encoded, what breaks sosreport\n2043144 - After upgrading to 6.10, Satellite fails to sync some repositories with large files with timeout error\n2043248 - Importing content fails if an importer with same name already exists\n2043501 - Satellite upgrade fails during db:seed with ActiveRecord::RecordNotDestroyed: Failed to destroy the record\n2043609 - pulpcore-workers grow very large when repositories have many changelog entries\n2043726 - content views configured as \"import only\" generate 404 errors during capsule sync\n2044581 - CVE-2022-23837 sidekiq: WebUI Denial of Service caused by number of days on graph\n2044606 - New version of Candlepin now has org in entitlement certificate and causes authorization issues\n2044631 - duplicate key value violates unique constraint \"core_repositorycontent_repository_id_content_id_df902e11_uniq\"\n2044839 - SSH Remote execution does not reap processes when closing multiplexed ssh connection\n2045504 - Show all provisioning templates by default\n2045854 - organization context fails to change in web UI\n2046281 - usability issues for user without execute_jobs_on_infrastructure_hosts permissions\n2046307 - New host details Errata overview card shows stale data for unregistered host\n2046322 - Manager role does contain the execute_jobs_on_infrastructure_hosts permission\n2046328 - Custom yum CV does not show correct list of packages\n2046337 - Certain manifest, subscription and repository related actions are broken while using HTTP Proxy as content_default_http_proxy in Satellite 6.10\n2046484 - RPM exclude filter does not work in web UI\n2046573 - update puppet classes via API to empty puppet classes does not update the classes\n2047285 - [RFE] enable redis cache for pulp content server by default\n2047443 - Unable to Import any content via Import/Export\n2047451 - [RFE] [SAT-4229] Packages - Filter by status\n2047485 - syncing repo using proxy can generate misleading log entries when proxy deny access to the url requested\n2047649 - please update to Satellite Ansible Collection 3.1.0\n2047675 - Getting \"404 not found\" when publishing a content view\n2047683 - Force cancel a paused task doesn\u0027t release the lock\n2048470 - Leapp upgrade fails after reboot with disabled postgresql redis tomcat services\n2048517 - service stop tries to execute CheckTftpStorage\n2048560 - REX doesn\u0027t honor effective_user when async_ssh is true\n2048775 - CVE-2022-22818 django: Possible XSS via \u0027{% debug %}\u0027 template tag\n2048778 - CVE-2022-23833 django: Denial-of-service possibility in file uploads\n2048913 - \"foreman-maintain health check --label check-hotfix-installed\" fails with error \"undefined method `[]\u0027 for nil:NilClass\"\n2048927 - Satellite 6.10 clone is looking for mongo_data.tar.gz file\n2048986 - \"foreman-maintain health check --label validate-yum-config\" command failed with message \"clean_requirements_on_remove=True Unset this configuration as it is risky while yum update or upgrade!\"\n2049143 - Unable to run Convert2RHEL role on the host\n2049304 - katello-rhsm-consumer script subscription-manager version detection depends on subscription-manager rpm being installed\n2049799 - Incremental update with --propagate-all-composites makes new CVV but with no new content\n2049913 - Repo filtering shows all products and repos in different organizations\n2050100 - Module streams enabled by default are gone when CV starts using filters\n2050297 - Modifying \u0027Capsule tasks batch size for Ansible\u0027 causes subsequent Ansible jobs to hit TypeError\n2050323 - Misleading error message when incorrect org label is entered\n2050440 - pulp workers are idle despite there is one pending task\n2051374 - wrong sinatra obsoletes makes Satellite uninstallable\n2051408 - IP obfuscation algorithm can generate invalid IPs\n2051468 - Active directory users taking too much time to login when its part of many groups. \n2051522 - pulpcore_t and pulpcore_server_t domains are prevented to access httpd_config_t files\n2051543 - smart_proxy_remote_execution_ssh leaves zombie ssh processes around\n2051912 - Some of the services failed to start after satellite restore\n2052048 - Repeated Ansible Role run scheduling adds extra time to specified start date\n2052088 - Satellite-installer does not ensure proper permissions on /etc/foreman-proxy/ssl_ca.pem at every run\n2052420 - Satellite upgrade fails during db:migrate with PG::DuplicateTable: ERROR: relation \"index_hostgroups_puppetclasses_on_hostgroup_id\" already exists\n2052493 - restore on another machine fails with ERROR: web server\u0027s SSL certificate generation/signing failed\n2052506 - \"foreman-maintain health check --label check-hotfix-installed\" does not display the modified files in command stdout. \n2052524 - rubygem-sinatra el8 rpm should keep the epoch number\n2052815 - dynflow fails with \"403 extra bytes after the deserialized object\"\n2052958 - Job invocation fails for errata installation. \n2053329 - content-view import fails with Error: PG::StringDataRightTruncation: ERROR: value too long for type character varying(255)\n2053395 - Satellite upgrade failed with error \"Couldn\u0027t connect to the server: undefined method `to_sym\u0027 for nil:NilClass\"\n2053478 - Uploading external DISA SCAP content to satellite 6.10 fails with exception \"Invalid SCAP file type\"\n2053601 - Errata icons are the wrong colors\n2053839 - Deletion of Custom repo fails with error \"uninitialized constant Actions::Foreman::Exception\" in Satellite 7.0\n2053843 - hammer shell with redirected input prints stty error on RHEL8\n2053872 - Changing Upstream URL of a custom repo in WebUI raises error \"Upstream password requires upstream username be set.\"\n2053876 - Multiple instances of scheduled tasks of more types\n2053884 - Host detail UI setting is not honored when returning to the host page after canceling an Edit action\n2053923 - InsightsScheduledSync raises exception when allow_auto_insights_sync is false\n2053928 - Satellite UI suddenly shows \"Connection refused - connect(2) for 10.74.xxx.yyy:443 (Errno::ECONNREFUSED) Plus 6 more errors\" for a capsule even if there are no connectivity issue present in Satellite\\Capsule 7.0\n2053956 - Installing Satellite 7.0 on FIPS enabled RHEL 8.5 fails on \"katello-ssl-tool --gen-ca\" step with error \"ERROR: Certificate Authority private SSL key generation failed\"\n2053970 - Upgrade to Red Hat Satellite 7.0 fails at db:migrate step with error \"undefined local variable or method `type\u0027 for #\u003cKatello::CdnConfiguration:0x00000000153c6198\u003e\"\n2053996 - ReclaimSpace does not acquire repo lock so it can be run concurrently with the repo sync\n2053997 - hammer lacks command \"repository reclaim-space\"\n2054008 - Retain packages on Repository does not synchronize the specified number of packages on Satellite 7\n2054121 - API and WebUI must disallow repo create with negative Retain package versions count\n2054123 - hammer repository create ignores --retain-package-versions-count option\n2054165 - After satellite-change-hostname, foreman tasks acquired lock error still refers to URL of old hostname\n2054174 - Repo discovery feature cannot discover yum repositories because \u0027Content Default HTTP Proxy\u0027 is not used to connect to the upstream URL in Satellite 7.0\n2054182 - remove pulp2 automatically on upgrade to 6.11 (If the user hasn\u0027t already done it)\n2054211 - CVE-2022-23634 rubygem-puma: rubygem-rails: information leak between requests\n2054340 - [SAT-4229] Module streams - basic table\n2054758 - Satellite 6.10 clone is failing with user pulp doesn\u0027t exist\n2054849 - CDN loading error for non-admin user and non-default org\n2054971 - Enable registration by default\n2055159 - Satellite/capsule 6.10 and tools 6.10 repos are listed in the Recommended Repositories for Sat 7.0\n2055312 - Enabling ISO type repository fails with PG::NotNullViolation: ERROR\n2055329 - Cannot import a cv\n2055495 - If Kickstart 7.X repos are being synced to Capsule 7.0 then Pulp 3 tries to sync a non-existant HighAvailability and ResilientStorage repo as well and gets 404 fnot found\n2055513 - Deletion of Custom repo deletes it from all versions of CV where it is included but the behavior is different for Red Hat based repos in Satellite 7.0\n2055570 - Add check for LCE and CV presence in upstream server for disconnected Satellite\n2055808 - Upgrading the Satellite 7.0 from Snap 8 to Snap 9 , sets the CDN configuration for all Organizations in airgapped mode\n2055951 - Index content is creating duplicated errata in \"katello_erratum\" table after upgrading to Satellite 6.10\n2056167 - [RFE] Create new content view should redirect to \"Repositories\" and not \"Versions\" tab\n2056171 - [RFE] Publish new version should redirect to \"Version\" tab\n2056172 - [RFE] Add repositories button should highlight in Content view\n2056173 - [RFE] Content view filter doesn\u0027t shows \"Start Date\" \u0026 \"End Date\" tags to confirm the correct user inputs. \n2056177 - [Bug] Custom subscriptions consumed and available quantity not correct in the CSV file\n2056178 - [RFE] Add RHEL-8 EUS repositories under recommended repositories\n2056183 - Content view filter should suggest architectures parameters in RPM rule\n2056186 - After enabling the Red Hat web console feature in Satellite 7.0, the redesigned Host page does not offers any option to connect to the Web\\Cockpit Console of the client system\n2056189 - Remove RHEL 7 EUS repository from the Recommended Repositories list\n2056198 - [RFE] \"Add Content Views\" button should highlight in Composite Content view\n2056202 - [RFE] Promote button should be displayed in the Content view version\n2056237 - [Bug] Satellite Administration Documentation is missing\n2056469 - Not possible to set hostgroup parameter during hostgroup creation\n2056657 - Add deprecation banners for traditional (non-SCA) subscription management\n2056966 - Part of REX job fails if multiple capsules are used for the job\n2057178 - CVE-2021-44568 libsolv: heap-overflows in resolve_dependencies function\n2057309 - Latest Hardware version for VMware vSphere 7.0U3 is not available on Satellite 7\n2057416 - rubygem-rack is obsoleted without epoch\n2057605 - foreman.rpm pulls in nodejs\n2057632 - Creating repo fails if there\u0027s a validation error in the first save. \n2057658 - Update pulp-rpm to 3.17\n2057782 - Limit sync tags parameter is displayed twice on the repositories detail page\n2057848 - Inclusion of tags in limit sync tags parameter is not white listing the tags to sync\n2058397 - Ensure pulp-rpm 3.17 is built for Satellite 6.11\n2058532 - certs-regenerate breaks qpidd certificates, resulting in qpidd start-up failures: Couldn\u0027t find any network address to listen to\n2058649 - Unable to set or unset \"Discovery location\" settings from UI of Satellite 7.0 but the same is partly feasible via hammer_cli. \n2058711 - Ostree type is missing during repo creation. \n2058844 - The foreman-protector plugin does not works for Satellite 6.11 if the OS is RHEL 8\n2058863 - Everytime a host build is being submitted that somehow generates a huge traceback with error \"undefined method `insights\u0027 for nil:NilClass\" in Satellite 7.0\n2058867 - The insights registration steps happens during host build even if the host_registration_insights parameter is set to false in Satellite 7.0\n2058894 - Server fingerprints not managed properly\n2058905 - Content Import does not delete version on failure\n2058984 - The Satellite 7.0 beta offers the download capability of both Host and Full Host image via UI where as the support for Host image was already removed in Satellite 6.10\n2059576 - non admin user with host_view permission is unable to look at old host details ui\n2059985 - please update to Satellite Ansible Collection 3.3.0\n2060097 - [RFE] ouia-ID for content view table\n2060396 - satellite-maintain self-upgrade passes even if the next major version maintenance repository isn\u0027t available\n2060512 - Update terminology for ISS\n2060546 - Leapp-upgrade package installation failing with dependency on sat 7.0\n2060885 - Update foreman-ansible package to 7.0.3\n2061688 - old rubygems (from 6.7 and older) installed and prevent EL7 to EL8 upgrade\n2061749 - Templates sync with git on RHEL8 is causing SElinux error\n2061773 - Settings defined by DSL are not properly encrypted\n2061970 - Mirror on sync still shows up in \u0027hammer repository info\u0027, while mirroring policy does not\n2062189 - satellite-installer gets failed with \"Could not open SSL root certificate file /root/.postgresql/root.crt\" error. \n2062476 - GPG shows blank on repo details page render, but is correct when selecting the dropdown\n2063149 - CVE-2022-23633 rubygem-actionpack: information leak between requests\n2063190 - Upgrading from Satellite 6.9 to Satellite 6.10.3 fails with error \"undefined method operatingsystems\u0027 for nil:NilClass\" during the db:migrate step\n2063575 - [RFE] - add ouia-ID for buttons on a cv\n2063910 - LEAPP upgrade fails with [Errno 2] No such file or directory: \u0027/var/lib/leapp/scratch/mounts/root_/system_overlay/etc/pki/pulp/content/pulp-global-repo.ca\u0027\n2064400 - Migration of encrypted fields between 3.14 and 3.16 is broken for some remotes\n2064410 - Incorrect file permissions in /var/lib/pulp/media/... lead to repository sync errors\n2064434 - Repository set not showing repos after importing library and creating an ak in a disconnected satellite\n2064583 - High memory usage of foreman-proxy during a scaled bulk REX job\n2064707 - bootstrap.py can\u0027t reach the API via the capsule\n2064793 - Remotes should have username and password cleared out if a user sets them to be blank\n2065015 - \"Sync Connect Timeout\" settings takes invalid value and shows update successful but doesn\u0027t reflect the change for invalid values\n2065027 - Job invocation installs all the installable errata if incorrect `Job Template` is used. \n2065391 - LCE and content view label resets when trying to delete the field names in \"Upstream Foreman Server\" tab\n2065448 - [RFE] - add ouia-ID prop to update buttons in CDN configuration\n2065450 - [RFE] - add ouia-ID prop to all fields in CDN configuration\n2066408 - REX SSH Key works for SSH but fails for REX on RHEL 8.5 Host\n2066899 - After IP change on Tues Mar 22 Satellite manifest tasks fail with \u0027could not initialize proxy [org.candlepin.model.UpstreamConsumer#XXXXX] - no Session\u0027\n2067301 - hammer content-import fails with error Export version 3.14.9 of pulpcore does not match installed version 3.14.12 if the z-stream versions are different for the connected and disconnected satellite 6.10\n2067331 - Upgrade to Satellite 6.9 and 6.10 fails with error \"ActiveRecord::RecordInvalid: Validation failed: Remote execution features is invalid\" during db:seed stage\n2069135 - After restore from 6.10.2 (and older) backup to 6.10.3 candlepin is broken\n2069248 - documentation links in 6.11 navigate to 7.0 instead of 6.11\n2069381 - new host ui, do not navigate to task, instead navigate to job\n2069456 - new host ui details,ansible roles, bug when all ansible roles are assigned\n2069459 - new host ui details, edit ansible roles, when assigned, wait and not confirmed, role is unasigned automatically\n2069640 - insights total risk chart network errors in new host page\u0027s overview tab\n2070176 - Clicking on \"Select recommendations from all pages\" of host details page(insights tab) selects insights recommendations of other hosts as well. \n2070177 - De-duplicate errata migration doesn\u0027t delete child records\n2070242 - The satellite-maintain change with respect to 6.11 version shift\n2070272 - Sync Status page does not show syncing progress bar under \"Result\" column when syncing a repo\n2070620 - After upgrading to 6.11 ping check fails with \"Some components are failing: katello_agent\"\n2072447 - CVE-2022-28346 Django: SQL injection in QuerySet.annotate(),aggregate() and extra()\n2072459 - CVE-2022-28347 Django: SQL injection via QuerySet.explain(options) on PostgreSQL\n2072530 - Improvements on foreman-maintain\u0027s self-upgrade mechanism\n2073039 - LEAPP upgrade enables wrong repositories for capsules\n2073124 - HTTP responses include incorrect ETag value\n2073194 - Filter API/ UI doesn\u0027t return errata, package group, module stream filter rules if repository has been removed from CV\n2073307 - \"Selected scenario is DISABLED\" errors when trying to upgrade installer packages\n2073313 - \"Publish\" action in the drop down doesn\u0027t work\n2073421 - The new host page should be disabled by default\n2073468 - Bootdisk Provisioning Templates are missing description\n2073469 - Discovery kexec Provisioning Template is missing description\n2073470 - \"Kickstart default user data\" Provisioning Template contains doubled description key\n2075434 - bootstrap.py fails if puppet is not enabled in Satellite\n2075519 - Upgrade fails during db:migrate with PG::ForeignKeyViolation: ERROR: update or delete on table \"katello_errata\" violates foreign key constraint \"katello_content_facet_errata_errata_id\"\n2075528 - OS upgrade keeps original TFTP setup preventing machines to boot from the network\n2076372 - Address VCR test changes in pulp_rpm_client 3.17.5\n2076684 - NullPointerException during manifest refresh\n2076987 - After upgrade any foreman-rake command shows \u0027ErbParser\u0027 and \u0027RubyParser\u0027 are ignored. \n2077850 - Puppet purge fails on an upgraded Satellite\n2078983 - Tabbable latest version 5.3.1 is not compatible with jest dom/ JSDom without changes to PF4. \n2079357 - foreman-maintain maintenance-mode status command fails with `undefined method `maintenance_mode_status?\u0027 for nil:NilClass`\n2080909 - The satellite-maintain self-upgrade does not disable the non RHSM repository if it was not enabled on system\n2081280 - Bootdisks are left in privatetmp of httpd\n2081459 - Omit python*-pulp-ostree packages\n2082076 - Settings - Like operator for name\n2082241 - hammer host-collection create fails with \"Too many arguments\" when setting unlimited-hosts\n2082505 - Omit python*-pulp-python packages\n2082560 - satellite-clone missed version rename 7.0 to 6.11\n2083532 - PG::ForeignKeyViolation: ERROR: update or delete on table \"katello_erratum_packages\" violates foreign key constraint \"katello_msep_erratum_package_id_fk\" on table \"katello_module_stream_erratum_packages\"\n2084106 - satellite-change-hostname on capsule runs deprecated capsule-installer\n2084624 - Unable to install 6.11 with ansible-core 2.12\n2085446 - LEAPP preupgrade --target 8.6 fails to resolve conflicts for rubygem-openscap\n2085528 - Change \"Component content view\" to \"Content view\"\n2086101 - rhel8 repos are missing python2-qpid, making qpid-tools and thus the katello-agent support unavailable\n2086683 - Actions::Candlepin::Owner::Import failing with \"Entity version collision detected\"\n2086948 - Remove 6.11 beta branding\n2087727 - Upgrade to Satellite 6.10.5.1 fails with error message \"PG::NotNullViolation: ERROR: null value in column \"erratum_package_id\" violates not-null constraint\"\n2089361 - satellite-clone is broken on RHEL8.6\n2089794 - Insights recommendations get halted with error undefined method `id\u0027 for nil:NilClass\n2089796 - Absence of Package redhat-access-insights-puppet.noarch in rhel 8 sat/capsule\n2089812 - Need to list Satellite Utils and Puppet agent repositories on Recommended Repositories page for Sat 6.11\n2089928 - Dependency Issue when attempting to enable Satellite Infoblox DNS and DHCP plugins on RHEL 8\n2090740 - Update links for the new puppet documentation\n2090820 - satellite upgrade to 6.11 fails in installer with \"Could not open SSL root certificate file /root/.postgresql/root.crt\" error for external DB setup\n2093679 - satellite-installer --enable-foreman-proxy-plugin-shellhooks fails with error Error: Unable to find a match: rubygem-smart_proxy_shellhooks in Red Hat Satellite 6.11\n2094255 - Configure Cloud Connector runs against an old hostname after a hostname change\n2094280 - rhc_instance_id is not being set correctly by configure cloud connector playbook. \n2094454 - Error \"missing keywords: :arch, :major, :minor\" on CDN configuration\n2095598 - The completion of a remediation playbook should indicate success or failure combined for all hosts in the run\n2095599 - Satellite yggdrasil-forwarder-worker does not send proper lowercase JSON to RHC API\n2096198 - Too many connection issue occurring for on-demand content sync\n2096921 - \"Reconfigure Cloud Connector\" job fails on upgraded Satellite configured with fifi/receptor. \n\n6. Package List:\n\nRed Hat Satellite 6.11 for RHEL 7:\n\nSource:\nansible-collection-redhat-satellite-3.3.0-1.el7sat.src.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el7sat.src.rpm\nansible-runner-1.4.7-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-2.el7sat.src.rpm\ncandlepin-4.1.13-1.el7sat.src.rpm\ncreaterepo_c-0.20.0-1.el7pc.src.rpm\ndynflow-utils-1.6.3-1.el7sat.src.rpm\nforeman-3.1.1.21-2.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.8.2-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-4.1.el7sat.src.rpm\nforeman-installer-3.1.2.6-1.el7sat.src.rpm\nforeman-proxy-3.1.1.1-1.el7sat.src.rpm\nforeman-selinux-3.1.2.1-1.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-4.3.0-3.el7sat.src.rpm\nkatello-certs-tools-2.9.0-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.9-1.el7sat.src.rpm\nkatello-selinux-4.0.2-1.el7sat.src.rpm\nkeycloak-httpd-client-install-1.2.2-2.el7sat.src.rpm\nlibcomps-0.1.18-1.el7pc.src.rpm\nlibmodulemd2-2.9.3-1.el7pc.src.rpm\nlibsodium-1.0.17-3.el7sat.src.rpm\nlibsolv-0.7.22-1.el7pc.src.rpm\nlibsolv0-0.6.34-4.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\npcp-mmvstatsd-0.4-2.el7sat.src.rpm\npulpcore-selinux-1.3.0-1.el7pc.src.rpm\npuppet-agent-7.12.1-1.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-5.2.0-1.el7sat.src.rpm\npuppetserver-7.4.2-1.el7sat.src.rpm\npython-daemon-2.1.2-7.2.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-psutil-5.7.2-2.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython2-libcomps-0.1.15-5.pulp.el7sat.src.rpm\nqpid-cpp-1.36.0-32.el7_9amq.src.rpm\nqpid-dispatch-1.14.0-1.el7_9.src.rpm\nqpid-proton-0.33.0-6.el7_9.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm\nrubygem-clamp-1.1.2-7.el7sat.src.rpm\nrubygem-facter-2.4.1-2.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-foreman_maintain-1.0.12-1.el7sat.src.rpm\nrubygem-foreman_scap_client-0.5.0-1.el7sat.src.rpm\nrubygem-highline-2.0.3-2.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.11.0-2.el7sat.src.rpm\nsatellite-installer-6.11.0.7-1.el7sat.src.rpm\nsatellite-maintain-0.0.1-1.el7sat.src.rpm\ntfm-7.0-1.el7sat.src.rpm\ntfm-pulpcore-1.0-4.el7pc.src.rpm\ntfm-pulpcore-python-aiodns-3.0.0-2.el7pc.src.rpm\ntfm-pulpcore-python-aiofiles-0.7.0-2.el7pc.src.rpm\ntfm-pulpcore-python-aiohttp-3.8.1-2.el7pc.src.rpm\ntfm-pulpcore-python-aiohttp-xmlrpc-1.5.0-1.el7pc.src.rpm\ntfm-pulpcore-python-aioredis-2.0.0-2.el7pc.src.rpm\ntfm-pulpcore-python-aiosignal-1.2.0-1.el7pc.src.rpm\ntfm-pulpcore-python-ansible-builder-1.0.1-2.el7pc.src.rpm\ntfm-pulpcore-python-asgiref-3.4.1-1.el7pc.src.rpm\ntfm-pulpcore-python-async-lru-1.0.2-2.el7pc.src.rpm\ntfm-pulpcore-python-async-timeout-4.0.2-1.el7pc.src.rpm\ntfm-pulpcore-python-asyncio-throttle-1.0.2-2.el7pc.src.rpm\ntfm-pulpcore-python-attrs-21.2.0-2.el7pc.src.rpm\ntfm-pulpcore-python-backoff-1.11.1-1.el7pc.src.rpm\ntfm-pulpcore-python-bindep-2.10.1-1.el7pc.src.rpm\ntfm-pulpcore-python-bleach-3.3.1-1.el7pc.src.rpm\ntfm-pulpcore-python-bleach-allowlist-1.0.3-2.el7pc.src.rpm\ntfm-pulpcore-python-brotli-1.0.9-1.el7pc.src.rpm\ntfm-pulpcore-python-cchardet-2.1.7-1.el7pc.src.rpm\ntfm-pulpcore-python-certifi-2020.6.20-2.el7pc.src.rpm\ntfm-pulpcore-python-cffi-1.15.0-1.el7pc.src.rpm\ntfm-pulpcore-python-chardet-3.0.4-3.el7pc.src.rpm\ntfm-pulpcore-python-charset-normalizer-2.0.7-1.el7pc.src.rpm\ntfm-pulpcore-python-click-8.0.3-1.el7pc.src.rpm\ntfm-pulpcore-python-click-shell-2.1-2.el7pc.src.rpm\ntfm-pulpcore-python-colorama-0.4.4-2.el7pc.src.rpm\ntfm-pulpcore-python-contextlib2-21.6.0-2.el7pc.src.rpm\ntfm-pulpcore-python-cryptography-3.1.1-1.el7pc.src.rpm\ntfm-pulpcore-python-dateutil-2.8.2-1.el7pc.src.rpm\ntfm-pulpcore-python-debian-0.1.42-1.el7pc.src.rpm\ntfm-pulpcore-python-defusedxml-0.7.1-2.el7pc.src.rpm\ntfm-pulpcore-python-diff-match-patch-20200713-2.el7pc.src.rpm\ntfm-pulpcore-python-distro-1.6.0-2.el7pc.src.rpm\ntfm-pulpcore-python-django-3.2.13-1.el7pc.src.rpm\ntfm-pulpcore-python-django-currentuser-0.5.3-3.el7pc.src.rpm\ntfm-pulpcore-python-django-filter-21.1-1.el7pc.src.rpm\ntfm-pulpcore-python-django-guardian-2.4.0-3.el7pc.src.rpm\ntfm-pulpcore-python-django-guid-3.2.0-2.el7pc.src.rpm\ntfm-pulpcore-python-django-import-export-2.6.1-1.el7pc.src.rpm\ntfm-pulpcore-python-django-lifecycle-0.9.3-1.el7pc.src.rpm\ntfm-pulpcore-python-django-prometheus-2.1.0-2.el7pc.src.rpm\ntfm-pulpcore-python-django-readonly-field-1.0.5-3.el7pc.src.rpm\ntfm-pulpcore-python-djangorestframework-3.12.4-4.el7pc.src.rpm\ntfm-pulpcore-python-djangorestframework-queryfields-1.0.0-4.el7pc.src.rpm\ntfm-pulpcore-python-drf-access-policy-1.1.0-1.el7pc.src.rpm\ntfm-pulpcore-python-drf-nested-routers-0.93.3-3.el7pc.src.rpm\ntfm-pulpcore-python-drf-spectacular-0.20.1-1.el7pc.src.rpm\ntfm-pulpcore-python-dynaconf-3.1.7-2.el7pc.src.rpm\ntfm-pulpcore-python-ecdsa-0.13.3-3.el7pc.src.rpm\ntfm-pulpcore-python-et-xmlfile-1.1.0-1.el7pc.src.rpm\ntfm-pulpcore-python-flake8-3.9.2-3.el7pc.src.rpm\ntfm-pulpcore-python-frozenlist-1.3.0-1.el7pc.src.rpm\ntfm-pulpcore-python-future-0.18.2-4.el7pc.src.rpm\ntfm-pulpcore-python-galaxy-importer-0.4.1-2.el7pc.src.rpm\ntfm-pulpcore-python-gnupg-0.4.7-2.el7pc.src.rpm\ntfm-pulpcore-python-gunicorn-20.1.0-3.el7pc.src.rpm\ntfm-pulpcore-python-idna-3.3-1.el7pc.src.rpm\ntfm-pulpcore-python-idna-ssl-1.1.0-4.el7pc.src.rpm\ntfm-pulpcore-python-importlib-metadata-1.7.0-2.el7pc.src.rpm\ntfm-pulpcore-python-inflection-0.5.1-2.el7pc.src.rpm\ntfm-pulpcore-python-iniparse-0.4-34.el7pc.src.rpm\ntfm-pulpcore-python-jinja2-3.0.2-1.el7pc.src.rpm\ntfm-pulpcore-python-jsonschema-3.2.0-7.el7pc.src.rpm\ntfm-pulpcore-python-lxml-4.7.1-1.el7pc.src.rpm\ntfm-pulpcore-python-markdown-3.3.4-4.el7pc.src.rpm\ntfm-pulpcore-python-markuppy-1.14-2.el7pc.src.rpm\ntfm-pulpcore-python-markupsafe-2.0.1-2.el7pc.src.rpm\ntfm-pulpcore-python-mccabe-0.6.1-2.el7pc.src.rpm\ntfm-pulpcore-python-multidict-5.2.0-1.el7pc.src.rpm\ntfm-pulpcore-python-naya-1.1.1-1.el7pc.src.rpm\ntfm-pulpcore-python-odfpy-1.4.1-5.el7pc.src.rpm\ntfm-pulpcore-python-openpyxl-3.0.9-1.el7pc.src.rpm\ntfm-pulpcore-python-packaging-21.2-1.el7pc.src.rpm\ntfm-pulpcore-python-parsley-1.3-1.el7pc.src.rpm\ntfm-pulpcore-python-pbr-5.6.0-1.el7pc.src.rpm\ntfm-pulpcore-python-productmd-1.33-2.el7pc.src.rpm\ntfm-pulpcore-python-prometheus-client-0.8.0-2.el7pc.src.rpm\ntfm-pulpcore-python-psycopg2-2.9.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-ansible-0.10.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-certguard-1.5.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-cli-0.14.0-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-container-2.9.2-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-deb-2.16.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-file-1.10.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-rpm-3.17.5-1.1.el7pc.src.rpm\ntfm-pulpcore-python-pulpcore-3.16.9-1.el7pc.src.rpm\ntfm-pulpcore-python-pyOpenSSL-19.1.0-2.el7pc.src.rpm\ntfm-pulpcore-python-pycairo-1.20.1-2.el7pc.src.rpm\ntfm-pulpcore-python-pycares-4.1.2-3.el7pc.src.rpm\ntfm-pulpcore-python-pycodestyle-2.7.0-4.el7pc.src.rpm\ntfm-pulpcore-python-pycparser-2.20-2.el7pc.src.rpm\ntfm-pulpcore-python-pycryptodomex-3.11.0-1.el7pc.src.rpm\ntfm-pulpcore-python-pyflakes-2.3.1-4.el7pc.src.rpm\ntfm-pulpcore-python-pygments-2.10.0-2.el7pc.src.rpm\ntfm-pulpcore-python-pygobject-3.40.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pygtrie-2.4.2-2.el7pc.src.rpm\ntfm-pulpcore-python-pyjwkest-1.4.2-5.el7pc.src.rpm\ntfm-pulpcore-python-pyjwt-1.7.1-7.el7pc.src.rpm\ntfm-pulpcore-python-pyparsing-2.4.7-2.el7pc.src.rpm\ntfm-pulpcore-python-pyrsistent-0.18.0-1.el7pc.src.rpm\ntfm-pulpcore-python-pytz-2021.3-1.el7pc.src.rpm\ntfm-pulpcore-python-pyyaml-5.4.1-3.el7pc.src.rpm\ntfm-pulpcore-python-redis-3.5.3-2.el7pc.src.rpm\ntfm-pulpcore-python-requests-2.26.0-3.el7pc.src.rpm\ntfm-pulpcore-python-requirements-parser-0.2.0-2.el7pc.src.rpm\ntfm-pulpcore-python-rhsm-1.19.2-2.el7pc.src.rpm\ntfm-pulpcore-python-schema-0.7.5-1.el7pc.src.rpm\ntfm-pulpcore-python-semantic-version-2.8.5-2.el7pc.src.rpm\ntfm-pulpcore-python-six-1.16.0-1.el7pc.src.rpm\ntfm-pulpcore-python-sqlparse-0.4.2-2.el7pc.src.rpm\ntfm-pulpcore-python-tablib-3.1.0-1.el7pc.src.rpm\ntfm-pulpcore-python-toml-0.10.2-2.el7pc.src.rpm\ntfm-pulpcore-python-typing-extensions-3.10.0.2-1.el7pc.src.rpm\ntfm-pulpcore-python-uritemplate-4.1.1-1.el7pc.src.rpm\ntfm-pulpcore-python-url-normalize-1.4.3-3.el7pc.src.rpm\ntfm-pulpcore-python-urllib3-1.26.7-1.el7pc.src.rpm\ntfm-pulpcore-python-urlman-1.4.0-2.el7pc.src.rpm\ntfm-pulpcore-python-webencodings-0.5.1-2.el7pc.src.rpm\ntfm-pulpcore-python-whitenoise-5.3.0-1.el7pc.src.rpm\ntfm-pulpcore-python-xlrd-2.0.1-4.el7pc.src.rpm\ntfm-pulpcore-python-xlwt-1.3.0-2.el7pc.src.rpm\ntfm-pulpcore-python-yarl-1.7.2-1.el7pc.src.rpm\ntfm-pulpcore-python-zipp-3.4.0-3.el7pc.src.rpm\ntfm-rubygem-actioncable-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-actionmailbox-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-actionmailer-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-actionpack-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-actiontext-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-actionview-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-activejob-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-activemodel-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-activerecord-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-activerecord-import-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-activerecord-session_store-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-activestorage-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-activesupport-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-acts_as_list-1.0.3-2.el7sat.src.rpm\ntfm-rubygem-addressable-2.8.0-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-8.el7sat.src.rpm\ntfm-rubygem-amazing_print-1.1.0-2.el7sat.src.rpm\ntfm-rubygem-ancestry-3.0.7-2.el7sat.src.rpm\ntfm-rubygem-anemone-0.7.2-23.el7sat.src.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-2.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-3.el7sat.src.rpm\ntfm-rubygem-apipie-bindings-0.4.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-dsl-2.3.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.1.el7sat.src.rpm\ntfm-rubygem-apipie-rails-0.5.17-4.el7sat.src.rpm\ntfm-rubygem-audited-4.9.0-4.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_compute-0.22.0-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_network-0.26.1-2.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_resources-0.18.2-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_storage-0.23.0-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.5-1.el7sat.src.rpm\ntfm-rubygem-bcrypt-3.1.12-4.1.el7sat.src.rpm\ntfm-rubygem-builder-3.2.4-2.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-6.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-7.el7sat.src.rpm\ntfm-rubygem-coffee-rails-5.0.0-2.el7sat.src.rpm\ntfm-rubygem-coffee-script-2.4.1-5.el7sat.src.rpm\ntfm-rubygem-coffee-script-source-1.12.2-5.el7sat.src.rpm\ntfm-rubygem-colorize-0.8.1-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-3.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-3.el7sat.src.rpm\ntfm-rubygem-connection_pool-2.2.2-3.el7sat.src.rpm\ntfm-rubygem-crass-1.0.6-2.el7sat.src.rpm\ntfm-rubygem-css_parser-1.4.7-5.el7sat.src.rpm\ntfm-rubygem-daemons-1.2.3-7.1.el7sat.src.rpm\ntfm-rubygem-deacon-1.0.0-5.el7sat.src.rpm\ntfm-rubygem-declarative-0.0.10-3.el7sat.src.rpm\ntfm-rubygem-declarative-option-0.1.0-3.el7sat.src.rpm\ntfm-rubygem-deep_cloneable-3.0.0-4.el7sat.src.rpm\ntfm-rubygem-deface-1.5.3-3.el7sat.src.rpm\ntfm-rubygem-diffy-3.0.1-6.1.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-5.el7sat.src.rpm\ntfm-rubygem-dynflow-1.6.4-1.el7sat.src.rpm\ntfm-rubygem-erubi-1.9.0-2.el7sat.src.rpm\ntfm-rubygem-excon-0.76.0-2.el7sat.src.rpm\ntfm-rubygem-execjs-2.7.0-5.el7sat.src.rpm\ntfm-rubygem-facter-4.0.51-2.el7sat.src.rpm\ntfm-rubygem-faraday-0.17.3-2.el7sat.src.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-2.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-3.el7sat.src.rpm\ntfm-rubygem-fast_gettext-1.4.1-5.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-2.1.el7sat.src.rpm\ntfm-rubygem-fog-aws-3.6.5-2.el7sat.src.rpm\ntfm-rubygem-fog-core-2.1.0-4.el7sat.src.rpm\ntfm-rubygem-fog-google-1.11.0-2.el7sat.src.rpm\ntfm-rubygem-fog-json-1.2.0-4.el7sat.src.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-2.el7sat.src.rpm\ntfm-rubygem-fog-libvirt-0.9.0-1.el7sat.src.rpm\ntfm-rubygem-fog-openstack-1.0.8-4.el7sat.src.rpm\ntfm-rubygem-fog-ovirt-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-fog-vsphere-3.5.1-1.el7sat.src.rpm\ntfm-rubygem-fog-xml-0.1.2-9.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-5.2.3-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible-7.0.4.1-1.el7sat.src.rpm\ntfm-rubygem-foreman_azure_rm-2.2.6-1.el7sat.src.rpm\ntfm-rubygem-foreman_bootdisk-19.0.4.1-1.el7sat.src.rpm\ntfm-rubygem-foreman_discovery-19.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_hooks-0.3.17-2.el7sat.src.rpm\ntfm-rubygem-foreman_kubevirt-0.1.9-2.el7sat.src.rpm\ntfm-rubygem-foreman_leapp-0.1.9-1.el7sat.src.rpm\ntfm-rubygem-foreman_openscap-5.1.1-1.el7sat.src.rpm\ntfm-rubygem-foreman_puppet-2.0.6-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution-5.0.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_rh_cloud-5.0.39-1.el7sat.src.rpm\ntfm-rubygem-foreman_templates-9.1.0-1.el7sat.src.rpm\ntfm-rubygem-foreman_theme_satellite-9.0.0.10-1.el7sat.src.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.8-1.el7sat.src.rpm\ntfm-rubygem-foreman_webhooks-2.0.1-1.1.el7sat.src.rpm\ntfm-rubygem-formatador-0.2.1-13.el7sat.src.rpm\ntfm-rubygem-friendly_id-5.3.0-2.el7sat.src.rpm\ntfm-rubygem-fx-0.5.0-2.el7sat.src.rpm\ntfm-rubygem-get_process_mem-0.2.7-2.1.el7sat.src.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-3.el7sat.src.rpm\ntfm-rubygem-git-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-globalid-0.4.2-2.el7sat.src.rpm\ntfm-rubygem-google-api-client-0.33.2-2.el7sat.src.rpm\ntfm-rubygem-google-cloud-env-1.3.3-2.el7sat.src.rpm\ntfm-rubygem-googleauth-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-graphql-1.8.14-3.el7sat.src.rpm\ntfm-rubygem-graphql-batch-0.3.10-3.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-8.el7sat.src.rpm\ntfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_puppet-0.0.5-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-3.el7sat.src.rpm\ntfm-rubygem-highline-2.0.3-2.el7sat.src.rpm\ntfm-rubygem-hocon-1.3.1-2.el7sat.src.rpm\ntfm-rubygem-http-3.3.0-2.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.1.el7sat.src.rpm\ntfm-rubygem-http-form_data-2.1.1-2.el7sat.src.rpm\ntfm-rubygem-http_parser.rb-0.6.0-3.1.el7sat.src.rpm\ntfm-rubygem-httpclient-2.8.3-4.el7sat.src.rpm\ntfm-rubygem-i18n-1.8.2-2.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-4.el7sat.src.rpm\ntfm-rubygem-ipaddress-0.8.0-13.el7sat.src.rpm\ntfm-rubygem-jgrep-1.3.3-13.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-3.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-4.1.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-kafo-6.4.0-1.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.2-2.el7sat.src.rpm\ntfm-rubygem-katello-4.3.0.42-1.el7sat.src.rpm\ntfm-rubygem-kubeclient-4.3.0-2.el7sat.src.rpm\ntfm-rubygem-ldap_fluff-0.6.0-1.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-3.el7sat.src.rpm\ntfm-rubygem-locale-2.0.9-15.el7sat.src.rpm\ntfm-rubygem-logging-2.3.0-2.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-3.el7sat.src.rpm\ntfm-rubygem-loofah-2.4.0-2.el7sat.src.rpm\ntfm-rubygem-mail-2.7.1-2.el7sat.src.rpm\ntfm-rubygem-marcel-1.0.1-1.el7sat.src.rpm\ntfm-rubygem-memoist-0.16.0-3.el7sat.src.rpm\ntfm-rubygem-method_source-0.9.2-3.el7sat.src.rpm\ntfm-rubygem-mime-types-3.3.1-2.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.src.rpm\ntfm-rubygem-mini_mime-1.0.2-2.el7sat.src.rpm\ntfm-rubygem-mini_portile2-2.5.1-1.el7sat.src.rpm\ntfm-rubygem-mqtt-0.5.0-1.el7sat.src.rpm\ntfm-rubygem-ms_rest-0.7.6-1.el7sat.src.rpm\ntfm-rubygem-ms_rest_azure-0.12.0-1.el7sat.src.rpm\ntfm-rubygem-msgpack-1.3.3-2.1.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-3.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-3.el7sat.src.rpm\ntfm-rubygem-mustermann-1.1.1-1.el7sat.src.rpm\ntfm-rubygem-net-ldap-0.17.0-2.el7sat.src.rpm\ntfm-rubygem-net-ping-2.0.1-5.el7sat.src.rpm\ntfm-rubygem-net-scp-1.2.1-5.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-3.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-4.el7sat.src.rpm\ntfm-rubygem-net_http_unix-0.2.2-2.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-6.el7sat.src.rpm\ntfm-rubygem-newt-0.9.7-3.1.el7sat.src.rpm\ntfm-rubygem-nio4r-2.5.4-2.1.el7sat.src.rpm\ntfm-rubygem-nokogiri-1.11.3-2.el7sat.src.rpm\ntfm-rubygem-oauth-0.5.4-5.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-7.el7sat.src.rpm\ntfm-rubygem-openscap_parser-1.0.2-2.el7sat.src.rpm\ntfm-rubygem-optimist-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-os-1.0.0-3.el7sat.src.rpm\ntfm-rubygem-ovirt-engine-sdk-4.4.0-2.1.el7sat.src.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-3.el7sat.src.rpm\ntfm-rubygem-parallel-1.19.1-2.el7sat.src.rpm\ntfm-rubygem-parse-cron-0.1.4-5.el7sat.src.rpm\ntfm-rubygem-pg-1.1.4-4.1.el7sat.src.rpm\ntfm-rubygem-polyglot-0.3.5-3.1.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-3.el7sat.src.rpm\ntfm-rubygem-prometheus-client-1.0.0-3.el7sat.src.rpm\ntfm-rubygem-promise.rb-0.7.4-3.el7sat.src.rpm\ntfm-rubygem-public_suffix-3.0.3-3.el7sat.src.rpm\ntfm-rubygem-pulp_ansible_client-0.10.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_certguard_client-1.5.0-1.el7sat.src.rpm\ntfm-rubygem-pulp_container_client-2.9.0-1.el7sat.src.rpm\ntfm-rubygem-pulp_deb_client-2.16.0-1.el7sat.src.rpm\ntfm-rubygem-pulp_file_client-1.10.0-1.el7sat.src.rpm\ntfm-rubygem-pulp_ostree_client-2.0.0-0.1.a1.el7sat.src.rpm\ntfm-rubygem-pulp_python_client-3.5.2-1.el7sat.src.rpm\ntfm-rubygem-pulp_rpm_client-3.17.4-1.el7sat.src.rpm\ntfm-rubygem-pulpcore_client-3.16.7-1.el7sat.src.rpm\ntfm-rubygem-puma-5.6.2-1.el7sat.src.rpm\ntfm-rubygem-puma-status-1.3-1.el7sat.src.rpm\ntfm-rubygem-qpid_proton-0.33.0-5.el7sat.src.rpm\ntfm-rubygem-quantile-0.2.0-5.el7sat.src.rpm\ntfm-rubygem-rabl-0.14.3-2.el7sat.src.rpm\ntfm-rubygem-racc-1.5.2-1.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-2.el7sat.src.rpm\ntfm-rubygem-rack-cors-1.0.2-3.el7sat.src.rpm\ntfm-rubygem-rack-jsonp-1.3.1-10.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-rack-test-1.1.0-5.el7sat.src.rpm\ntfm-rubygem-rails-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-7.el7sat.src.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-2.el7sat.src.rpm\ntfm-rubygem-rails-i18n-6.0.0-3.el7sat.src.rpm\ntfm-rubygem-railties-6.0.4.7-1.el7sat.src.rpm\ntfm-rubygem-rainbow-2.2.2-1.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-6.el7sat.src.rpm\ntfm-rubygem-rbnacl-4.0.2-2.el7sat.src.rpm\ntfm-rubygem-rbvmomi-2.2.0-4.el7sat.src.rpm\ntfm-rubygem-record_tag_helper-1.0.1-4.el7sat.src.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-2.el7sat.src.rpm\ntfm-rubygem-redfish_client-0.5.2-2.el7sat.src.rpm\ntfm-rubygem-redis-4.5.1-1.el7sat.src.rpm\ntfm-rubygem-representable-3.0.4-3.el7sat.src.rpm\ntfm-rubygem-responders-3.0.0-4.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-4.el7sat.src.rpm\ntfm-rubygem-retriable-3.1.2-3.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-20.1.el7sat.src.rpm\ntfm-rubygem-roadie-3.4.0-4.el7sat.src.rpm\ntfm-rubygem-roadie-rails-2.1.1-3.el7sat.src.rpm\ntfm-rubygem-robotex-1.0.0-22.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-5.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.1-2.1.el7sat.src.rpm\ntfm-rubygem-ruby2_keywords-0.0.4-1.el7sat.src.rpm\ntfm-rubygem-ruby2ruby-2.4.2-4.el7sat.src.rpm\ntfm-rubygem-ruby_parser-3.10.1-4.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.11.0-1.el7sat.src.rpm\ntfm-rubygem-runcible-2.13.1-2.el7sat.src.rpm\ntfm-rubygem-safemode-1.3.6-2.el7sat.src.rpm\ntfm-rubygem-scoped_search-4.1.9-2.el7sat.src.rpm\ntfm-rubygem-sd_notify-0.1.0-2.el7sat.src.rpm\ntfm-rubygem-secure_headers-6.3.0-3.el7sat.src.rpm\ntfm-rubygem-sequel-5.42.0-2.el7sat.src.rpm\ntfm-rubygem-server_sent_events-0.1.2-2.el7sat.src.rpm\ntfm-rubygem-sexp_processor-4.10.0-7.el7sat.src.rpm\ntfm-rubygem-sidekiq-5.2.10-1.el7sat.src.rpm\ntfm-rubygem-signet-0.14.0-2.el7sat.src.rpm\ntfm-rubygem-sinatra-2.1.0-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.3.1-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_container_gateway-1.0.6-1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-8.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.3.2-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.1.0-6.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.6.3-1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.4.1-1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-3.2.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_shellhooks-0.9.2-2.el7sat.src.rpm\ntfm-rubygem-sprockets-4.0.2-2.el7sat.src.rpm\ntfm-rubygem-sprockets-rails-3.2.1-7.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-7.1.el7sat.src.rpm\ntfm-rubygem-sshkey-1.9.0-5.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-4.el7sat.src.rpm\ntfm-rubygem-stomp-1.4.9-2.el7sat.src.rpm\ntfm-rubygem-thor-1.0.1-3.el7sat.src.rpm\ntfm-rubygem-thread_safe-0.3.6-6.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-5.el7sat.src.rpm\ntfm-rubygem-timeliness-0.3.10-2.el7sat.src.rpm\ntfm-rubygem-tzinfo-1.2.6-2.el7sat.src.rpm\ntfm-rubygem-uber-0.1.0-3.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-9.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.src.rpm\ntfm-rubygem-unicode-0.4.4.4-4.1.el7sat.src.rpm\ntfm-rubygem-unicode-display_width-1.7.0-2.el7sat.src.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-8.el7sat.src.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.1.el7sat.src.rpm\ntfm-rubygem-websocket-driver-0.7.1-2.1.el7sat.src.rpm\ntfm-rubygem-websocket-extensions-0.1.5-2.el7sat.src.rpm\ntfm-rubygem-will_paginate-3.1.7-4.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-zeitwerk-2.2.2-2.el7sat.src.rpm\nyggdrasil-worker-forwarder-0.0.1-1.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-3.3.0-1.el7sat.noarch.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el7sat.noarch.rpm\nansible-runner-1.4.7-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-2.el7sat.noarch.rpm\ncandlepin-4.1.13-1.el7sat.noarch.rpm\ncandlepin-selinux-4.1.13-1.el7sat.noarch.rpm\nforeman-3.1.1.21-2.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-cli-3.1.1.21-2.el7sat.noarch.rpm\nforeman-debug-3.1.1.21-2.el7sat.noarch.rpm\nforeman-discovery-image-3.8.2-1.el7sat.noarch.rpm\nforeman-dynflow-sidekiq-3.1.1.21-2.el7sat.noarch.rpm\nforeman-ec2-3.1.1.21-2.el7sat.noarch.rpm\nforeman-gce-3.1.1.21-2.el7sat.noarch.rpm\nforeman-installer-3.1.2.6-1.el7sat.noarch.rpm\nforeman-installer-katello-3.1.2.6-1.el7sat.noarch.rpm\nforeman-journald-3.1.1.21-2.el7sat.noarch.rpm\nforeman-libvirt-3.1.1.21-2.el7sat.noarch.rpm\nforeman-openstack-3.1.1.21-2.el7sat.noarch.rpm\nforeman-ovirt-3.1.1.21-2.el7sat.noarch.rpm\nforeman-postgresql-3.1.1.21-2.el7sat.noarch.rpm\nforeman-proxy-3.1.1.1-1.el7sat.noarch.rpm\nforeman-proxy-journald-3.1.1.1-1.el7sat.noarch.rpm\nforeman-selinux-3.1.2.1-1.el7sat.noarch.rpm\nforeman-service-3.1.1.21-2.el7sat.noarch.rpm\nforeman-telemetry-3.1.1.21-2.el7sat.noarch.rpm\nforeman-vmware-3.1.1.21-2.el7sat.noarch.rpm\nkatello-4.3.0-3.el7sat.noarch.rpm\nkatello-certs-tools-2.9.0-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.9-1.el7sat.noarch.rpm\nkatello-common-4.3.0-3.el7sat.noarch.rpm\nkatello-debug-4.3.0-3.el7sat.noarch.rpm\nkatello-selinux-4.0.2-1.el7sat.noarch.rpm\nkeycloak-httpd-client-install-1.2.2-2.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-5.2.0-1.el7sat.noarch.rpm\npuppetserver-7.4.2-1.el7sat.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython2-ansible-runner-1.4.7-1.el7ar.noarch.rpm\npython2-daemon-2.1.2-7.2.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-keycloak-httpd-client-install-1.2.2-2.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\nqpid-dispatch-tools-1.14.0-1.el7_9.noarch.rpm\nqpid-tools-1.36.0-32.el7_9amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm\nrubygem-clamp-1.1.2-7.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-foreman_maintain-1.0.12-1.el7sat.noarch.rpm\nrubygem-foreman_scap_client-0.5.0-1.el7sat.noarch.rpm\nrubygem-highline-2.0.3-2.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nsatellite-6.11.0-2.el7sat.noarch.rpm\nsatellite-cli-6.11.0-2.el7sat.noarch.rpm\nsatellite-common-6.11.0-2.el7sat.noarch.rpm\nsatellite-installer-6.11.0.7-1.el7sat.noarch.rpm\nsatellite-maintain-0.0.1-1.el7sat.noarch.rpm\ntfm-pulpcore-python3-aiodns-3.0.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-aiofiles-0.7.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-aiohttp-xmlrpc-1.5.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-aioredis-2.0.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-aiosignal-1.2.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-ansible-builder-1.0.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-asgiref-3.4.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-async-lru-1.0.2-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-async-timeout-4.0.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-asyncio-throttle-1.0.2-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-attrs-21.2.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-backoff-1.11.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-bindep-2.10.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-bleach-3.3.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-bleach-allowlist-1.0.3-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-certifi-2020.6.20-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-chardet-3.0.4-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-charset-normalizer-2.0.7-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-click-8.0.3-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-click-shell-2.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-colorama-0.4.4-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-contextlib2-21.6.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-dateutil-2.8.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-debian-0.1.42-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-defusedxml-0.7.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-diff-match-patch-20200713-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-distro-1.6.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-3.2.13-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-currentuser-0.5.3-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-filter-21.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-guardian-2.4.0-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-guid-3.2.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-import-export-2.6.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-lifecycle-0.9.3-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-prometheus-2.1.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-readonly-field-1.0.5-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-djangorestframework-3.12.4-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-djangorestframework-queryfields-1.0.0-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-drf-access-policy-1.1.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-drf-nested-routers-0.93.3-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-drf-spectacular-0.20.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-dynaconf-3.1.7-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-ecdsa-0.13.3-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-et-xmlfile-1.1.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-flake8-3.9.2-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-future-0.18.2-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-galaxy-importer-0.4.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-gnupg-0.4.7-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-gunicorn-20.1.0-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-idna-3.3-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-idna-ssl-1.1.0-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-importlib-metadata-1.7.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-inflection-0.5.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-iniparse-0.4-34.el7pc.noarch.rpm\ntfm-pulpcore-python3-jinja2-3.0.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-jsonschema-3.2.0-7.el7pc.noarch.rpm\ntfm-pulpcore-python3-markdown-3.3.4-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-markuppy-1.14-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-mccabe-0.6.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-naya-1.1.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-odfpy-1.4.1-5.el7pc.noarch.rpm\ntfm-pulpcore-python3-openpyxl-3.0.9-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-packaging-21.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-parsley-1.3-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pbr-5.6.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-productmd-1.33-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-prometheus-client-0.8.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-ansible-0.10.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-certguard-1.5.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-cli-0.14.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-container-2.9.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-deb-2.16.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-file-1.10.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-rpm-3.17.5-1.1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulpcore-3.16.9-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pyOpenSSL-19.1.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pycodestyle-2.7.0-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-pycparser-2.20-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pyflakes-2.3.1-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-pygments-2.10.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pygtrie-2.4.2-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pyjwkest-1.4.2-5.el7pc.noarch.rpm\ntfm-pulpcore-python3-pyjwt-1.7.1-7.el7pc.noarch.rpm\ntfm-pulpcore-python3-pyparsing-2.4.7-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pytz-2021.3-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-redis-3.5.3-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-requests-2.26.0-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-requirements-parser-0.2.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-schema-0.7.5-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-semantic-version-2.8.5-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-six-1.16.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-sqlparse-0.4.2-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-tablib-3.1.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-toml-0.10.2-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-typing-extensions-3.10.0.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-uritemplate-4.1.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-url-normalize-1.4.3-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-urllib3-1.26.7-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-urlman-1.4.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-webencodings-0.5.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-whitenoise-5.3.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-xlrd-2.0.1-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-xlwt-1.3.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-zipp-3.4.0-3.el7pc.noarch.rpm\ntfm-rubygem-actioncable-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailbox-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailer-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-actionpack-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-actiontext-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-actionview-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-activejob-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-activemodel-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-import-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-session_store-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-activestorage-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-activesupport-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-acts_as_list-1.0.3-2.el7sat.noarch.rpm\ntfm-rubygem-addressable-2.8.0-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-8.el7sat.noarch.rpm\ntfm-rubygem-amazing_print-1.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-ancestry-3.0.7-2.el7sat.noarch.rpm\ntfm-rubygem-anemone-0.7.2-23.el7sat.noarch.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-3.el7sat.noarch.rpm\ntfm-rubygem-apipie-bindings-0.4.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-dsl-2.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.1.el7sat.noarch.rpm\ntfm-rubygem-apipie-rails-0.5.17-4.el7sat.noarch.rpm\ntfm-rubygem-audited-4.9.0-4.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_compute-0.22.0-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_network-0.26.1-2.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_resources-0.18.2-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_storage-0.23.0-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.5-1.el7sat.noarch.rpm\ntfm-rubygem-builder-3.2.4-2.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-6.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-7.el7sat.noarch.rpm\ntfm-rubygem-coffee-rails-5.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-2.4.1-5.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-source-1.12.2-5.el7sat.noarch.rpm\ntfm-rubygem-colorize-0.8.1-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-3.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-3.el7sat.noarch.rpm\ntfm-rubygem-connection_pool-2.2.2-3.el7sat.noarch.rpm\ntfm-rubygem-crass-1.0.6-2.el7sat.noarch.rpm\ntfm-rubygem-css_parser-1.4.7-5.el7sat.noarch.rpm\ntfm-rubygem-daemons-1.2.3-7.1.el7sat.noarch.rpm\ntfm-rubygem-deacon-1.0.0-5.el7sat.noarch.rpm\ntfm-rubygem-declarative-0.0.10-3.el7sat.noarch.rpm\ntfm-rubygem-declarative-option-0.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-deep_cloneable-3.0.0-4.el7sat.noarch.rpm\ntfm-rubygem-deface-1.5.3-3.el7sat.noarch.rpm\ntfm-rubygem-diffy-3.0.1-6.1.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-5.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.6.4-1.el7sat.noarch.rpm\ntfm-rubygem-erubi-1.9.0-2.el7sat.noarch.rpm\ntfm-rubygem-excon-0.76.0-2.el7sat.noarch.rpm\ntfm-rubygem-execjs-2.7.0-5.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.17.3-2.el7sat.noarch.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-2.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-3.el7sat.noarch.rpm\ntfm-rubygem-fast_gettext-1.4.1-5.el7sat.noarch.rpm\ntfm-rubygem-fog-aws-3.6.5-2.el7sat.noarch.rpm\ntfm-rubygem-fog-core-2.1.0-4.el7sat.noarch.rpm\ntfm-rubygem-fog-google-1.11.0-2.el7sat.noarch.rpm\ntfm-rubygem-fog-json-1.2.0-4.el7sat.noarch.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-2.el7sat.noarch.rpm\ntfm-rubygem-fog-libvirt-0.9.0-1.el7sat.noarch.rpm\ntfm-rubygem-fog-openstack-1.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-fog-ovirt-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-fog-vsphere-3.5.1-1.el7sat.noarch.rpm\ntfm-rubygem-fog-xml-0.1.2-9.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-5.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible-7.0.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_azure_rm-2.2.6-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_bootdisk-19.0.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_discovery-19.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_hooks-0.3.17-2.el7sat.noarch.rpm\ntfm-rubygem-foreman_kubevirt-0.1.9-2.el7sat.noarch.rpm\ntfm-rubygem-foreman_leapp-0.1.9-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_openscap-5.1.1-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_puppet-2.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-5.0.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-cockpit-5.0.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_rh_cloud-5.0.39-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_templates-9.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_theme_satellite-9.0.0.10-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.8-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_webhooks-2.0.1-1.1.el7sat.noarch.rpm\ntfm-rubygem-formatador-0.2.1-13.el7sat.noarch.rpm\ntfm-rubygem-friendly_id-5.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-fx-0.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-get_process_mem-0.2.7-2.1.el7sat.noarch.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-3.el7sat.noarch.rpm\ntfm-rubygem-git-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-globalid-0.4.2-2.el7sat.noarch.rpm\ntfm-rubygem-google-api-client-0.33.2-2.el7sat.noarch.rpm\ntfm-rubygem-google-cloud-env-1.3.3-2.el7sat.noarch.rpm\ntfm-rubygem-googleauth-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-graphql-1.8.14-3.el7sat.noarch.rpm\ntfm-rubygem-graphql-batch-0.3.10-3.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-8.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_puppet-0.0.5-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-3.el7sat.noarch.rpm\ntfm-rubygem-highline-2.0.3-2.el7sat.noarch.rpm\ntfm-rubygem-hocon-1.3.1-2.el7sat.noarch.rpm\ntfm-rubygem-http-3.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.1.el7sat.noarch.rpm\ntfm-rubygem-http-form_data-2.1.1-2.el7sat.noarch.rpm\ntfm-rubygem-httpclient-2.8.3-4.el7sat.noarch.rpm\ntfm-rubygem-i18n-1.8.2-2.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-4.el7sat.noarch.rpm\ntfm-rubygem-ipaddress-0.8.0-13.el7sat.noarch.rpm\ntfm-rubygem-jgrep-1.3.3-13.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-3.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-kafo-6.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.2-2.el7sat.noarch.rpm\ntfm-rubygem-katello-4.3.0.42-1.el7sat.noarch.rpm\ntfm-rubygem-kubeclient-4.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-ldap_fluff-0.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-3.el7sat.noarch.rpm\ntfm-rubygem-locale-2.0.9-15.el7sat.noarch.rpm\ntfm-rubygem-logging-2.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-loofah-2.4.0-2.el7sat.noarch.rpm\ntfm-rubygem-mail-2.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-marcel-1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-memoist-0.16.0-3.el7sat.noarch.rpm\ntfm-rubygem-method_source-0.9.2-3.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.3.1-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.noarch.rpm\ntfm-rubygem-mini_mime-1.0.2-2.el7sat.noarch.rpm\ntfm-rubygem-mini_portile2-2.5.1-1.el7sat.noarch.rpm\ntfm-rubygem-mqtt-0.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-ms_rest-0.7.6-1.el7sat.noarch.rpm\ntfm-rubygem-ms_rest_azure-0.12.0-1.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-3.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.1.1-1.el7sat.noarch.rpm\ntfm-rubygem-net-ldap-0.17.0-2.el7sat.noarch.rpm\ntfm-rubygem-net-ping-2.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-net-scp-1.2.1-5.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-4.el7sat.noarch.rpm\ntfm-rubygem-net_http_unix-0.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-6.el7sat.noarch.rpm\ntfm-rubygem-oauth-0.5.4-5.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-7.el7sat.noarch.rpm\ntfm-rubygem-openscap_parser-1.0.2-2.el7sat.noarch.rpm\ntfm-rubygem-optimist-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-os-1.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-3.el7sat.noarch.rpm\ntfm-rubygem-parallel-1.19.1-2.el7sat.noarch.rpm\ntfm-rubygem-parse-cron-0.1.4-5.el7sat.noarch.rpm\ntfm-rubygem-polyglot-0.3.5-3.1.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-prometheus-client-1.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-promise.rb-0.7.4-3.el7sat.noarch.rpm\ntfm-rubygem-public_suffix-3.0.3-3.el7sat.noarch.rpm\ntfm-rubygem-pulp_ansible_client-0.10.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_certguard_client-1.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_container_client-2.9.0-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_deb_client-2.16.0-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_file_client-1.10.0-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_ostree_client-2.0.0-0.1.a1.el7sat.noarch.rpm\ntfm-rubygem-pulp_python_client-3.5.2-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_rpm_client-3.17.4-1.el7sat.noarch.rpm\ntfm-rubygem-pulpcore_client-3.16.7-1.el7sat.noarch.rpm\ntfm-rubygem-puma-status-1.3-1.el7sat.noarch.rpm\ntfm-rubygem-quantile-0.2.0-5.el7sat.noarch.rpm\ntfm-rubygem-rabl-0.14.3-2.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-2.el7sat.noarch.rpm\ntfm-rubygem-rack-cors-1.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-rack-jsonp-1.3.1-10.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-rack-test-1.1.0-5.el7sat.noarch.rpm\ntfm-rubygem-rails-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-7.el7sat.noarch.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-rails-i18n-6.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-railties-6.0.4.7-1.el7sat.noarch.rpm\ntfm-rubygem-rainbow-2.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-6.el7sat.noarch.rpm\ntfm-rubygem-rbnacl-4.0.2-2.el7sat.noarch.rpm\ntfm-rubygem-rbvmomi-2.2.0-4.el7sat.noarch.rpm\ntfm-rubygem-record_tag_helper-1.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-redfish_client-0.5.2-2.el7sat.noarch.rpm\ntfm-rubygem-redis-4.5.1-1.el7sat.noarch.rpm\ntfm-rubygem-representable-3.0.4-3.el7sat.noarch.rpm\ntfm-rubygem-responders-3.0.0-4.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-retriable-3.1.2-3.el7sat.noarch.rpm\ntfm-rubygem-roadie-3.4.0-4.el7sat.noarch.rpm\ntfm-rubygem-roadie-rails-2.1.1-3.el7sat.noarch.rpm\ntfm-rubygem-robotex-1.0.0-22.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-5.el7sat.noarch.rpm\ntfm-rubygem-ruby2_keywords-0.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-ruby2ruby-2.4.2-4.el7sat.noarch.rpm\ntfm-rubygem-ruby_parser-3.10.1-4.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.11.0-1.el7sat.noarch.rpm\ntfm-rubygem-runcible-2.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-safemode-1.3.6-2.el7sat.noarch.rpm\ntfm-rubygem-scoped_search-4.1.9-2.el7sat.noarch.rpm\ntfm-rubygem-sd_notify-0.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-secure_headers-6.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.42.0-2.el7sat.noarch.rpm\ntfm-rubygem-server_sent_events-0.1.2-2.el7sat.noarch.rpm\ntfm-rubygem-sexp_processor-4.10.0-7.el7sat.noarch.rpm\ntfm-rubygem-sidekiq-5.2.10-1.el7sat.noarch.rpm\ntfm-rubygem-signet-0.14.0-2.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.3.1-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_container_gateway-1.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-8.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.3.2-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.1.0-6.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.6.3-1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-3.2.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_shellhooks-0.9.2-2.el7sat.noarch.rpm\ntfm-rubygem-sprockets-4.0.2-2.el7sat.noarch.rpm\ntfm-rubygem-sprockets-rails-3.2.1-7.el7sat.noarch.rpm\ntfm-rubygem-sshkey-1.9.0-5.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-4.el7sat.noarch.rpm\ntfm-rubygem-stomp-1.4.9-2.el7sat.noarch.rpm\ntfm-rubygem-thor-1.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-thread_safe-0.3.6-6.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-5.el7sat.noarch.rpm\ntfm-rubygem-timeliness-0.3.10-2.el7sat.noarch.rpm\ntfm-rubygem-tzinfo-1.2.6-2.el7sat.noarch.rpm\ntfm-rubygem-uber-0.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-9.el7sat.noarch.rpm\ntfm-rubygem-unicode-display_width-1.7.0-2.el7sat.noarch.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-8.el7sat.noarch.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.1.el7sat.noarch.rpm\ntfm-rubygem-websocket-extensions-0.1.5-2.el7sat.noarch.rpm\ntfm-rubygem-will_paginate-3.1.7-4.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-zeitwerk-2.2.2-2.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.20.0-1.el7pc.x86_64.rpm\ncreaterepo_c-debuginfo-0.20.0-1.el7pc.x86_64.rpm\ncreaterepo_c-libs-0.20.0-1.el7pc.x86_64.rpm\ndynflow-utils-1.6.3-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-4.1.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-4.1.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibcomps-0.1.18-1.el7pc.x86_64.rpm\nlibcomps-debuginfo-0.1.18-1.el7pc.x86_64.rpm\nlibmodulemd2-2.9.3-1.el7pc.x86_64.rpm\nlibmodulemd2-debuginfo-2.9.3-1.el7pc.x86_64.rpm\nlibsodium-1.0.17-3.el7sat.x86_64.rpm\nlibsodium-debuginfo-1.0.17-3.el7sat.x86_64.rpm\nlibsolv-0.7.22-1.el7pc.x86_64.rpm\nlibsolv-debuginfo-0.7.22-1.el7pc.x86_64.rpm\nlibsolv0-0.6.34-4.el7sat.x86_64.rpm\nlibsolv0-debuginfo-0.6.34-4.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\npcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm\npulpcore-selinux-1.3.0-1.el7pc.x86_64.rpm\npuppet-agent-7.12.1-1.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.7.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.33.0-6.el7_9.x86_64.rpm\npython-qpid-qmf-1.36.0-32.el7_9amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython2-libcomps-0.1.15-5.pulp.el7sat.x86_64.rpm\npython2-libcomps-debuginfo-0.1.15-5.pulp.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-psutil-5.7.2-2.el7sat.x86_64.rpm\nqpid-cpp-client-1.36.0-32.el7_9amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-32.el7_9amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-32.el7_9amq.x86_64.rpm\nqpid-cpp-server-1.36.0-32.el7_9amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-32.el7_9amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.14.0-1.el7_9.x86_64.rpm\nqpid-dispatch-router-1.14.0-1.el7_9.x86_64.rpm\nqpid-proton-c-0.33.0-6.el7_9.x86_64.rpm\nqpid-proton-debuginfo-0.33.0-6.el7_9.x86_64.rpm\nqpid-qmf-1.36.0-32.el7_9amq.x86_64.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm\nrubygem-facter-2.4.1-2.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-pulpcore-python-aiohttp-debuginfo-3.8.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python-brotli-debuginfo-1.0.9-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-cchardet-debuginfo-2.1.7-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-cffi-debuginfo-1.15.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-cryptography-debuginfo-3.1.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-frozenlist-debuginfo-1.3.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-lxml-debuginfo-4.7.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-markupsafe-debuginfo-2.0.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python-multidict-debuginfo-5.2.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-psycopg2-debuginfo-2.9.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-pycairo-debuginfo-1.20.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python-pycares-debuginfo-4.1.2-3.el7pc.x86_64.rpm\ntfm-pulpcore-python-pycryptodomex-debuginfo-3.11.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-pygobject-debuginfo-3.40.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-pyrsistent-debuginfo-0.18.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-rhsm-debuginfo-1.19.2-2.el7pc.x86_64.rpm\ntfm-pulpcore-python-yarl-debuginfo-1.7.2-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-aiohttp-3.8.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python3-brotli-1.0.9-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-cchardet-2.1.7-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-cffi-1.15.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-createrepo_c-0.20.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-cryptography-3.1.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-frozenlist-1.3.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-libcomps-0.1.18-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-lxml-4.7.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-markupsafe-2.0.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python3-multidict-5.2.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-psycopg2-2.9.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pycairo-1.20.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pycares-4.1.2-3.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pycryptodomex-3.11.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pygobject-3.40.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pyrsistent-0.18.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pyyaml-5.4.1-3.el7pc.x86_64.rpm\ntfm-pulpcore-python3-rhsm-1.19.2-2.el7pc.x86_64.rpm\ntfm-pulpcore-python3-setuptools-1.0-4.el7pc.x86_64.rpm\ntfm-pulpcore-python3-solv-0.7.22-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-yarl-1.7.2-1.el7pc.x86_64.rpm\ntfm-pulpcore-runtime-1.0-4.el7pc.x86_64.rpm\ntfm-rubygem-bcrypt-3.1.12-4.1.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-debuginfo-3.1.12-4.1.el7sat.x86_64.rpm\ntfm-rubygem-facter-4.0.51-2.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-2.1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-2.1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-0.6.0-3.1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-debuginfo-0.6.0-3.1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-4.1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-4.1.el7sat.x86_64.rpm\ntfm-rubygem-msgpack-1.3.3-2.1.el7sat.x86_64.rpm\ntfm-rubygem-msgpack-debuginfo-1.3.3-2.1.el7sat.x86_64.rpm\ntfm-rubygem-newt-0.9.7-3.1.el7sat.x86_64.rpm\ntfm-rubygem-newt-debuginfo-0.9.7-3.1.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-2.5.4-2.1.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-debuginfo-2.5.4-2.1.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-1.11.3-2.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-debuginfo-1.11.3-2.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-4.4.0-2.1.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-debuginfo-4.4.0-2.1.el7sat.x86_64.rpm\ntfm-rubygem-pg-1.1.4-4.1.el7sat.x86_64.rpm\ntfm-rubygem-pg-debuginfo-1.1.4-4.1.el7sat.x86_64.rpm\ntfm-rubygem-puma-5.6.2-1.el7sat.x86_64.rpm\ntfm-rubygem-puma-debuginfo-5.6.2-1.el7sat.x86_64.rpm\ntfm-rubygem-qpid_proton-0.33.0-5.el7sat.x86_64.rpm\ntfm-rubygem-qpid_proton-debuginfo-0.33.0-5.el7sat.x86_64.rpm\ntfm-rubygem-racc-1.5.2-1.el7sat.x86_64.rpm\ntfm-rubygem-racc-debuginfo-1.5.2-1.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-20.1.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-20.1.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.1-2.1.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-7.1.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-7.1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-0.4.4.4-4.1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-debuginfo-0.4.4.4-4.1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-0.7.1-2.1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-debuginfo-0.7.1-2.1.el7sat.x86_64.rpm\ntfm-runtime-7.0-1.el7sat.x86_64.rpm\nyggdrasil-worker-forwarder-0.0.1-1.el7sat.x86_64.rpm\n\nRed Hat Satellite 6.11 for RHEL 7:\n\nSource:\nansible-collection-redhat-satellite-3.3.0-1.el7sat.src.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el7sat.src.rpm\nansible-runner-1.4.7-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-2.el7sat.src.rpm\ncreaterepo_c-0.20.0-1.el7pc.src.rpm\ndynflow-utils-1.6.3-1.el7sat.src.rpm\nforeman-3.1.1.21-2.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.8.2-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-4.1.el7sat.src.rpm\nforeman-installer-3.1.2.6-1.el7sat.src.rpm\nforeman-proxy-3.1.1.1-1.el7sat.src.rpm\nforeman-selinux-3.1.2.1-1.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-4.3.0-3.el7sat.src.rpm\nkatello-certs-tools-2.9.0-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.9-1.el7sat.src.rpm\nlibcomps-0.1.18-1.el7pc.src.rpm\nlibmodulemd2-2.9.3-1.el7pc.src.rpm\nlibsodium-1.0.17-3.el7sat.src.rpm\nlibsolv-0.7.22-1.el7pc.src.rpm\nlibsolv0-0.6.34-4.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\npulpcore-selinux-1.3.0-1.el7pc.src.rpm\npuppet-agent-7.12.1-1.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-5.2.0-1.el7sat.src.rpm\npuppetserver-7.4.2-1.el7sat.src.rpm\npython-daemon-2.1.2-7.2.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-psutil-5.7.2-2.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython2-libcomps-0.1.15-5.pulp.el7sat.src.rpm\nqpid-cpp-1.36.0-32.el7_9amq.src.rpm\nqpid-dispatch-1.14.0-1.el7_9.src.rpm\nqpid-proton-0.33.0-6.el7_9.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrubygem-clamp-1.1.2-7.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-foreman_maintain-1.0.12-1.el7sat.src.rpm\nrubygem-highline-2.0.3-2.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.11.0-2.el7sat.src.rpm\nsatellite-installer-6.11.0.7-1.el7sat.src.rpm\nsatellite-maintain-0.0.1-1.el7sat.src.rpm\ntfm-7.0-1.el7sat.src.rpm\ntfm-pulpcore-1.0-4.el7pc.src.rpm\ntfm-pulpcore-python-aiodns-3.0.0-2.el7pc.src.rpm\ntfm-pulpcore-python-aiofiles-0.7.0-2.el7pc.src.rpm\ntfm-pulpcore-python-aiohttp-3.8.1-2.el7pc.src.rpm\ntfm-pulpcore-python-aiohttp-xmlrpc-1.5.0-1.el7pc.src.rpm\ntfm-pulpcore-python-aioredis-2.0.0-2.el7pc.src.rpm\ntfm-pulpcore-python-aiosignal-1.2.0-1.el7pc.src.rpm\ntfm-pulpcore-python-ansible-builder-1.0.1-2.el7pc.src.rpm\ntfm-pulpcore-python-asgiref-3.4.1-1.el7pc.src.rpm\ntfm-pulpcore-python-async-lru-1.0.2-2.el7pc.src.rpm\ntfm-pulpcore-python-async-timeout-4.0.2-1.el7pc.src.rpm\ntfm-pulpcore-python-asyncio-throttle-1.0.2-2.el7pc.src.rpm\ntfm-pulpcore-python-attrs-21.2.0-2.el7pc.src.rpm\ntfm-pulpcore-python-backoff-1.11.1-1.el7pc.src.rpm\ntfm-pulpcore-python-bindep-2.10.1-1.el7pc.src.rpm\ntfm-pulpcore-python-bleach-3.3.1-1.el7pc.src.rpm\ntfm-pulpcore-python-bleach-allowlist-1.0.3-2.el7pc.src.rpm\ntfm-pulpcore-python-brotli-1.0.9-1.el7pc.src.rpm\ntfm-pulpcore-python-cchardet-2.1.7-1.el7pc.src.rpm\ntfm-pulpcore-python-certifi-2020.6.20-2.el7pc.src.rpm\ntfm-pulpcore-python-cffi-1.15.0-1.el7pc.src.rpm\ntfm-pulpcore-python-chardet-3.0.4-3.el7pc.src.rpm\ntfm-pulpcore-python-charset-normalizer-2.0.7-1.el7pc.src.rpm\ntfm-pulpcore-python-click-8.0.3-1.el7pc.src.rpm\ntfm-pulpcore-python-click-shell-2.1-2.el7pc.src.rpm\ntfm-pulpcore-python-colorama-0.4.4-2.el7pc.src.rpm\ntfm-pulpcore-python-contextlib2-21.6.0-2.el7pc.src.rpm\ntfm-pulpcore-python-cryptography-3.1.1-1.el7pc.src.rpm\ntfm-pulpcore-python-dateutil-2.8.2-1.el7pc.src.rpm\ntfm-pulpcore-python-debian-0.1.42-1.el7pc.src.rpm\ntfm-pulpcore-python-defusedxml-0.7.1-2.el7pc.src.rpm\ntfm-pulpcore-python-diff-match-patch-20200713-2.el7pc.src.rpm\ntfm-pulpcore-python-distro-1.6.0-2.el7pc.src.rpm\ntfm-pulpcore-python-django-3.2.13-1.el7pc.src.rpm\ntfm-pulpcore-python-django-currentuser-0.5.3-3.el7pc.src.rpm\ntfm-pulpcore-python-django-filter-21.1-1.el7pc.src.rpm\ntfm-pulpcore-python-django-guardian-2.4.0-3.el7pc.src.rpm\ntfm-pulpcore-python-django-guid-3.2.0-2.el7pc.src.rpm\ntfm-pulpcore-python-django-import-export-2.6.1-1.el7pc.src.rpm\ntfm-pulpcore-python-django-lifecycle-0.9.3-1.el7pc.src.rpm\ntfm-pulpcore-python-django-prometheus-2.1.0-2.el7pc.src.rpm\ntfm-pulpcore-python-django-readonly-field-1.0.5-3.el7pc.src.rpm\ntfm-pulpcore-python-djangorestframework-3.12.4-4.el7pc.src.rpm\ntfm-pulpcore-python-djangorestframework-queryfields-1.0.0-4.el7pc.src.rpm\ntfm-pulpcore-python-drf-access-policy-1.1.0-1.el7pc.src.rpm\ntfm-pulpcore-python-drf-nested-routers-0.93.3-3.el7pc.src.rpm\ntfm-pulpcore-python-drf-spectacular-0.20.1-1.el7pc.src.rpm\ntfm-pulpcore-python-dynaconf-3.1.7-2.el7pc.src.rpm\ntfm-pulpcore-python-ecdsa-0.13.3-3.el7pc.src.rpm\ntfm-pulpcore-python-et-xmlfile-1.1.0-1.el7pc.src.rpm\ntfm-pulpcore-python-flake8-3.9.2-3.el7pc.src.rpm\ntfm-pulpcore-python-frozenlist-1.3.0-1.el7pc.src.rpm\ntfm-pulpcore-python-future-0.18.2-4.el7pc.src.rpm\ntfm-pulpcore-python-galaxy-importer-0.4.1-2.el7pc.src.rpm\ntfm-pulpcore-python-gnupg-0.4.7-2.el7pc.src.rpm\ntfm-pulpcore-python-gunicorn-20.1.0-3.el7pc.src.rpm\ntfm-pulpcore-python-idna-3.3-1.el7pc.src.rpm\ntfm-pulpcore-python-idna-ssl-1.1.0-4.el7pc.src.rpm\ntfm-pulpcore-python-importlib-metadata-1.7.0-2.el7pc.src.rpm\ntfm-pulpcore-python-inflection-0.5.1-2.el7pc.src.rpm\ntfm-pulpcore-python-iniparse-0.4-34.el7pc.src.rpm\ntfm-pulpcore-python-jinja2-3.0.2-1.el7pc.src.rpm\ntfm-pulpcore-python-jsonschema-3.2.0-7.el7pc.src.rpm\ntfm-pulpcore-python-lxml-4.7.1-1.el7pc.src.rpm\ntfm-pulpcore-python-markdown-3.3.4-4.el7pc.src.rpm\ntfm-pulpcore-python-markuppy-1.14-2.el7pc.src.rpm\ntfm-pulpcore-python-markupsafe-2.0.1-2.el7pc.src.rpm\ntfm-pulpcore-python-mccabe-0.6.1-2.el7pc.src.rpm\ntfm-pulpcore-python-multidict-5.2.0-1.el7pc.src.rpm\ntfm-pulpcore-python-naya-1.1.1-1.el7pc.src.rpm\ntfm-pulpcore-python-odfpy-1.4.1-5.el7pc.src.rpm\ntfm-pulpcore-python-openpyxl-3.0.9-1.el7pc.src.rpm\ntfm-pulpcore-python-packaging-21.2-1.el7pc.src.rpm\ntfm-pulpcore-python-parsley-1.3-1.el7pc.src.rpm\ntfm-pulpcore-python-pbr-5.6.0-1.el7pc.src.rpm\ntfm-pulpcore-python-productmd-1.33-2.el7pc.src.rpm\ntfm-pulpcore-python-prometheus-client-0.8.0-2.el7pc.src.rpm\ntfm-pulpcore-python-psycopg2-2.9.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-ansible-0.10.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-certguard-1.5.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-cli-0.14.0-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-container-2.9.2-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-deb-2.16.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-file-1.10.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pulp-rpm-3.17.5-1.1.el7pc.src.rpm\ntfm-pulpcore-python-pulpcore-3.16.9-1.el7pc.src.rpm\ntfm-pulpcore-python-pyOpenSSL-19.1.0-2.el7pc.src.rpm\ntfm-pulpcore-python-pycairo-1.20.1-2.el7pc.src.rpm\ntfm-pulpcore-python-pycares-4.1.2-3.el7pc.src.rpm\ntfm-pulpcore-python-pycodestyle-2.7.0-4.el7pc.src.rpm\ntfm-pulpcore-python-pycparser-2.20-2.el7pc.src.rpm\ntfm-pulpcore-python-pycryptodomex-3.11.0-1.el7pc.src.rpm\ntfm-pulpcore-python-pyflakes-2.3.1-4.el7pc.src.rpm\ntfm-pulpcore-python-pygments-2.10.0-2.el7pc.src.rpm\ntfm-pulpcore-python-pygobject-3.40.1-1.el7pc.src.rpm\ntfm-pulpcore-python-pygtrie-2.4.2-2.el7pc.src.rpm\ntfm-pulpcore-python-pyjwkest-1.4.2-5.el7pc.src.rpm\ntfm-pulpcore-python-pyjwt-1.7.1-7.el7pc.src.rpm\ntfm-pulpcore-python-pyparsing-2.4.7-2.el7pc.src.rpm\ntfm-pulpcore-python-pyrsistent-0.18.0-1.el7pc.src.rpm\ntfm-pulpcore-python-pytz-2021.3-1.el7pc.src.rpm\ntfm-pulpcore-python-pyyaml-5.4.1-3.el7pc.src.rpm\ntfm-pulpcore-python-redis-3.5.3-2.el7pc.src.rpm\ntfm-pulpcore-python-requests-2.26.0-3.el7pc.src.rpm\ntfm-pulpcore-python-requirements-parser-0.2.0-2.el7pc.src.rpm\ntfm-pulpcore-python-rhsm-1.19.2-2.el7pc.src.rpm\ntfm-pulpcore-python-schema-0.7.5-1.el7pc.src.rpm\ntfm-pulpcore-python-semantic-version-2.8.5-2.el7pc.src.rpm\ntfm-pulpcore-python-six-1.16.0-1.el7pc.src.rpm\ntfm-pulpcore-python-sqlparse-0.4.2-2.el7pc.src.rpm\ntfm-pulpcore-python-tablib-3.1.0-1.el7pc.src.rpm\ntfm-pulpcore-python-toml-0.10.2-2.el7pc.src.rpm\ntfm-pulpcore-python-typing-extensions-3.10.0.2-1.el7pc.src.rpm\ntfm-pulpcore-python-uritemplate-4.1.1-1.el7pc.src.rpm\ntfm-pulpcore-python-url-normalize-1.4.3-3.el7pc.src.rpm\ntfm-pulpcore-python-urllib3-1.26.7-1.el7pc.src.rpm\ntfm-pulpcore-python-urlman-1.4.0-2.el7pc.src.rpm\ntfm-pulpcore-python-webencodings-0.5.1-2.el7pc.src.rpm\ntfm-pulpcore-python-whitenoise-5.3.0-1.el7pc.src.rpm\ntfm-pulpcore-python-xlrd-2.0.1-4.el7pc.src.rpm\ntfm-pulpcore-python-xlwt-1.3.0-2.el7pc.src.rpm\ntfm-pulpcore-python-yarl-1.7.2-1.el7pc.src.rpm\ntfm-pulpcore-python-zipp-3.4.0-3.el7pc.src.rpm\ntfm-rubygem-algebrick-0.7.3-8.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-3.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.1.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-6.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-7.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-3.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-3.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-5.el7sat.src.rpm\ntfm-rubygem-dynflow-1.6.4-1.el7sat.src.rpm\ntfm-rubygem-excon-0.76.0-2.el7sat.src.rpm\ntfm-rubygem-faraday-0.17.3-2.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-3.el7sat.src.rpm\ntfm-rubygem-fast_gettext-1.4.1-5.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-2.1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-8.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-3.el7sat.src.rpm\ntfm-rubygem-highline-2.0.3-2.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.1.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-4.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-3.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-4.1.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-kafo-6.4.0-1.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.2-2.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-3.el7sat.src.rpm\ntfm-rubygem-logging-2.3.0-2.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-3.el7sat.src.rpm\ntfm-rubygem-mime-types-3.3.1-2.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.src.rpm\ntfm-rubygem-mini_portile2-2.5.1-1.el7sat.src.rpm\ntfm-rubygem-mqtt-0.5.0-1.el7sat.src.rpm\ntfm-rubygem-msgpack-1.3.3-2.1.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-3.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-3.el7sat.src.rpm\ntfm-rubygem-mustermann-1.1.1-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-3.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-4.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-6.el7sat.src.rpm\ntfm-rubygem-newt-0.9.7-3.1.el7sat.src.rpm\ntfm-rubygem-nokogiri-1.11.3-2.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-7.el7sat.src.rpm\ntfm-rubygem-openscap_parser-1.0.2-2.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-3.el7sat.src.rpm\ntfm-rubygem-racc-1.5.2-1.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-2.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-6.el7sat.src.rpm\ntfm-rubygem-rbnacl-4.0.2-2.el7sat.src.rpm\ntfm-rubygem-redfish_client-0.5.2-2.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-4.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-20.1.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-5.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.1-2.1.el7sat.src.rpm\ntfm-rubygem-ruby2_keywords-0.0.4-1.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.11.0-1.el7sat.src.rpm\ntfm-rubygem-sd_notify-0.1.0-2.el7sat.src.rpm\ntfm-rubygem-sequel-5.42.0-2.el7sat.src.rpm\ntfm-rubygem-server_sent_events-0.1.2-2.el7sat.src.rpm\ntfm-rubygem-sinatra-2.1.0-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.3.1-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_container_gateway-1.0.6-1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-8.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.3.2-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.1.0-6.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.6.3-1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.4.1-1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-3.2.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_shellhooks-0.9.2-2.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-7.1.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-4.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-5.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-9.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-3.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-3.3.0-1.el7sat.noarch.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el7sat.noarch.rpm\nansible-runner-1.4.7-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-2.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-debug-3.1.1.21-2.el7sat.noarch.rpm\nforeman-discovery-image-3.8.2-1.el7sat.noarch.rpm\nforeman-installer-3.1.2.6-1.el7sat.noarch.rpm\nforeman-installer-katello-3.1.2.6-1.el7sat.noarch.rpm\nforeman-proxy-3.1.1.1-1.el7sat.noarch.rpm\nforeman-proxy-content-4.3.0-3.el7sat.noarch.rpm\nforeman-proxy-journald-3.1.1.1-1.el7sat.noarch.rpm\nforeman-proxy-selinux-3.1.2.1-1.el7sat.noarch.rpm\nkatello-certs-tools-2.9.0-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.9-1.el7sat.noarch.rpm\nkatello-common-4.3.0-3.el7sat.noarch.rpm\nkatello-debug-4.3.0-3.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-5.2.0-1.el7sat.noarch.rpm\npuppetserver-7.4.2-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython2-ansible-runner-1.4.7-1.el7ar.noarch.rpm\npython2-daemon-2.1.2-7.2.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\nqpid-tools-1.36.0-32.el7_9amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrubygem-clamp-1.1.2-7.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-foreman_maintain-1.0.12-1.el7sat.noarch.rpm\nrubygem-highline-2.0.3-2.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nsatellite-capsule-6.11.0-2.el7sat.noarch.rpm\nsatellite-common-6.11.0-2.el7sat.noarch.rpm\nsatellite-installer-6.11.0.7-1.el7sat.noarch.rpm\nsatellite-maintain-0.0.1-1.el7sat.noarch.rpm\ntfm-pulpcore-python3-aiodns-3.0.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-aiofiles-0.7.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-aiohttp-xmlrpc-1.5.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-aioredis-2.0.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-aiosignal-1.2.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-ansible-builder-1.0.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-asgiref-3.4.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-async-lru-1.0.2-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-async-timeout-4.0.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-asyncio-throttle-1.0.2-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-attrs-21.2.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-backoff-1.11.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-bindep-2.10.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-bleach-3.3.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-bleach-allowlist-1.0.3-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-certifi-2020.6.20-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-chardet-3.0.4-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-charset-normalizer-2.0.7-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-click-8.0.3-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-click-shell-2.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-colorama-0.4.4-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-contextlib2-21.6.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-dateutil-2.8.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-debian-0.1.42-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-defusedxml-0.7.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-diff-match-patch-20200713-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-distro-1.6.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-3.2.13-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-currentuser-0.5.3-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-filter-21.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-guardian-2.4.0-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-guid-3.2.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-import-export-2.6.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-lifecycle-0.9.3-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-prometheus-2.1.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-django-readonly-field-1.0.5-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-djangorestframework-3.12.4-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-djangorestframework-queryfields-1.0.0-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-drf-access-policy-1.1.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-drf-nested-routers-0.93.3-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-drf-spectacular-0.20.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-dynaconf-3.1.7-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-ecdsa-0.13.3-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-et-xmlfile-1.1.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-flake8-3.9.2-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-future-0.18.2-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-galaxy-importer-0.4.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-gnupg-0.4.7-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-gunicorn-20.1.0-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-idna-3.3-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-idna-ssl-1.1.0-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-importlib-metadata-1.7.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-inflection-0.5.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-iniparse-0.4-34.el7pc.noarch.rpm\ntfm-pulpcore-python3-jinja2-3.0.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-jsonschema-3.2.0-7.el7pc.noarch.rpm\ntfm-pulpcore-python3-markdown-3.3.4-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-markuppy-1.14-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-mccabe-0.6.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-naya-1.1.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-odfpy-1.4.1-5.el7pc.noarch.rpm\ntfm-pulpcore-python3-openpyxl-3.0.9-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-packaging-21.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-parsley-1.3-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pbr-5.6.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-productmd-1.33-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-prometheus-client-0.8.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-ansible-0.10.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-certguard-1.5.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-cli-0.14.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-container-2.9.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-deb-2.16.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-file-1.10.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulp-rpm-3.17.5-1.1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pulpcore-3.16.9-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-pyOpenSSL-19.1.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pycodestyle-2.7.0-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-pycparser-2.20-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pyflakes-2.3.1-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-pygments-2.10.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pygtrie-2.4.2-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pyjwkest-1.4.2-5.el7pc.noarch.rpm\ntfm-pulpcore-python3-pyjwt-1.7.1-7.el7pc.noarch.rpm\ntfm-pulpcore-python3-pyparsing-2.4.7-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-pytz-2021.3-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-redis-3.5.3-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-requests-2.26.0-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-requirements-parser-0.2.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-schema-0.7.5-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-semantic-version-2.8.5-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-six-1.16.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-sqlparse-0.4.2-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-tablib-3.1.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-toml-0.10.2-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-typing-extensions-3.10.0.2-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-uritemplate-4.1.1-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-url-normalize-1.4.3-3.el7pc.noarch.rpm\ntfm-pulpcore-python3-urllib3-1.26.7-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-urlman-1.4.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-webencodings-0.5.1-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-whitenoise-5.3.0-1.el7pc.noarch.rpm\ntfm-pulpcore-python3-xlrd-2.0.1-4.el7pc.noarch.rpm\ntfm-pulpcore-python3-xlwt-1.3.0-2.el7pc.noarch.rpm\ntfm-pulpcore-python3-zipp-3.4.0-3.el7pc.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-8.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-3.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.1.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-6.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-7.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-3.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-3.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-5.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.6.4-1.el7sat.noarch.rpm\ntfm-rubygem-excon-0.76.0-2.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.17.3-2.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-3.el7sat.noarch.rpm\ntfm-rubygem-fast_gettext-1.4.1-5.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-8.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-3.el7sat.noarch.rpm\ntfm-rubygem-highline-2.0.3-2.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.1.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-4.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-3.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-kafo-6.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.2-2.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-3.el7sat.noarch.rpm\ntfm-rubygem-logging-2.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.3.1-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.noarch.rpm\ntfm-rubygem-mini_portile2-2.5.1-1.el7sat.noarch.rpm\ntfm-rubygem-mqtt-0.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-3.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.1.1-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-4.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-6.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-7.el7sat.noarch.rpm\ntfm-rubygem-openscap_parser-1.0.2-2.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-2.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-6.el7sat.noarch.rpm\ntfm-rubygem-rbnacl-4.0.2-2.el7sat.noarch.rpm\ntfm-rubygem-redfish_client-0.5.2-2.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-5.el7sat.noarch.rpm\ntfm-rubygem-ruby2_keywords-0.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.11.0-1.el7sat.noarch.rpm\ntfm-rubygem-sd_notify-0.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.42.0-2.el7sat.noarch.rpm\ntfm-rubygem-server_sent_events-0.1.2-2.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.3.1-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_container_gateway-1.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-8.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.3.2-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.1.0-6.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.6.3-1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.9.2-1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-3.2.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_shellhooks-0.9.2-2.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-4.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-5.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-9.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-3.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.20.0-1.el7pc.x86_64.rpm\ncreaterepo_c-debuginfo-0.20.0-1.el7pc.x86_64.rpm\ncreaterepo_c-libs-0.20.0-1.el7pc.x86_64.rpm\ndynflow-utils-1.6.3-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-4.1.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-4.1.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibcomps-0.1.18-1.el7pc.x86_64.rpm\nlibcomps-debuginfo-0.1.18-1.el7pc.x86_64.rpm\nlibmodulemd2-2.9.3-1.el7pc.x86_64.rpm\nlibmodulemd2-debuginfo-2.9.3-1.el7pc.x86_64.rpm\nlibsodium-1.0.17-3.el7sat.x86_64.rpm\nlibsodium-debuginfo-1.0.17-3.el7sat.x86_64.rpm\nlibsolv-0.7.22-1.el7pc.x86_64.rpm\nlibsolv-debuginfo-0.7.22-1.el7pc.x86_64.rpm\nlibsolv0-0.6.34-4.el7sat.x86_64.rpm\nlibsolv0-debuginfo-0.6.34-4.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\npulpcore-selinux-1.3.0-1.el7pc.x86_64.rpm\npuppet-agent-7.12.1-1.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.7.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.33.0-6.el7_9.x86_64.rpm\npython-qpid-qmf-1.36.0-32.el7_9amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython2-libcomps-0.1.15-5.pulp.el7sat.x86_64.rpm\npython2-libcomps-debuginfo-0.1.15-5.pulp.el7sat.x86_64.rpm\npython2-psutil-5.7.2-2.el7sat.x86_64.rpm\nqpid-cpp-client-1.36.0-32.el7_9amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-32.el7_9amq.x86_64.rpm\nqpid-cpp-server-1.36.0-32.el7_9amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-32.el7_9amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.14.0-1.el7_9.x86_64.rpm\nqpid-dispatch-router-1.14.0-1.el7_9.x86_64.rpm\nqpid-proton-c-0.33.0-6.el7_9.x86_64.rpm\nqpid-proton-debuginfo-0.33.0-6.el7_9.x86_64.rpm\nqpid-qmf-1.36.0-32.el7_9amq.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-pulpcore-python-aiohttp-debuginfo-3.8.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python-brotli-debuginfo-1.0.9-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-cchardet-debuginfo-2.1.7-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-cffi-debuginfo-1.15.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-cryptography-debuginfo-3.1.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-frozenlist-debuginfo-1.3.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-lxml-debuginfo-4.7.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-markupsafe-debuginfo-2.0.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python-multidict-debuginfo-5.2.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-psycopg2-debuginfo-2.9.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-pycairo-debuginfo-1.20.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python-pycares-debuginfo-4.1.2-3.el7pc.x86_64.rpm\ntfm-pulpcore-python-pycryptodomex-debuginfo-3.11.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-pygobject-debuginfo-3.40.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-pyrsistent-debuginfo-0.18.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python-rhsm-debuginfo-1.19.2-2.el7pc.x86_64.rpm\ntfm-pulpcore-python-yarl-debuginfo-1.7.2-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-aiohttp-3.8.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python3-brotli-1.0.9-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-cchardet-2.1.7-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-cffi-1.15.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-createrepo_c-0.20.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-cryptography-3.1.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-frozenlist-1.3.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-libcomps-0.1.18-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-lxml-4.7.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-markupsafe-2.0.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python3-multidict-5.2.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-psycopg2-2.9.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pycairo-1.20.1-2.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pycares-4.1.2-3.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pycryptodomex-3.11.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pygobject-3.40.1-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pyrsistent-0.18.0-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-pyyaml-5.4.1-3.el7pc.x86_64.rpm\ntfm-pulpcore-python3-rhsm-1.19.2-2.el7pc.x86_64.rpm\ntfm-pulpcore-python3-setuptools-1.0-4.el7pc.x86_64.rpm\ntfm-pulpcore-python3-solv-0.7.22-1.el7pc.x86_64.rpm\ntfm-pulpcore-python3-yarl-1.7.2-1.el7pc.x86_64.rpm\ntfm-pulpcore-runtime-1.0-4.el7pc.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-2.1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-2.1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-4.1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-4.1.el7sat.x86_64.rpm\ntfm-rubygem-msgpack-1.3.3-2.1.el7sat.x86_64.rpm\ntfm-rubygem-msgpack-debuginfo-1.3.3-2.1.el7sat.x86_64.rpm\ntfm-rubygem-newt-0.9.7-3.1.el7sat.x86_64.rpm\ntfm-rubygem-newt-debuginfo-0.9.7-3.1.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-1.11.3-2.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-debuginfo-1.11.3-2.el7sat.x86_64.rpm\ntfm-rubygem-racc-1.5.2-1.el7sat.x86_64.rpm\ntfm-rubygem-racc-debuginfo-1.5.2-1.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-20.1.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-20.1.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.1-2.1.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-7.1.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-7.1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el7sat.x86_64.rpm\ntfm-runtime-7.0-1.el7sat.x86_64.rpm\n\nRed Hat Satellite 6.11 for RHEL 7:\n\nSource:\nrubygem-clamp-1.1.2-7.el7sat.src.rpm\nrubygem-foreman_maintain-1.0.12-1.el7sat.src.rpm\nrubygem-highline-2.0.3-2.el7sat.src.rpm\nsatellite-clone-3.1.0-2.el7sat.src.rpm\nsatellite-maintain-0.0.1-1.el7sat.src.rpm\n\nnoarch:\nrubygem-clamp-1.1.2-7.el7sat.noarch.rpm\nrubygem-foreman_maintain-1.0.12-1.el7sat.noarch.rpm\nrubygem-highline-2.0.3-2.el7sat.noarch.rpm\nsatellite-clone-3.1.0-2.el7sat.noarch.rpm\nsatellite-maintain-0.0.1-1.el7sat.noarch.rpm\n\nRed Hat Satellite 6.11 for RHEL 7:\n\nSource:\nforeman-3.1.1.21-2.el7sat.src.rpm\nsatellite-6.11.0-2.el7sat.src.rpm\ntfm-7.0-1.el7sat.src.rpm\ntfm-rubygem-amazing_print-1.1.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-bindings-0.4.0-2.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-7.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-5.el7sat.src.rpm\ntfm-rubygem-fast_gettext-1.4.1-5.el7sat.src.rpm\ntfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-3.el7sat.src.rpm\ntfm-rubygem-highline-2.0.3-2.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.1.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-3.el7sat.src.rpm\ntfm-rubygem-locale-2.0.9-15.el7sat.src.rpm\ntfm-rubygem-logging-2.3.0-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.3.1-2.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-6.el7sat.src.rpm\ntfm-rubygem-oauth-0.5.4-5.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-3.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-4.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-9.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.src.rpm\ntfm-rubygem-unicode-0.4.4.4-4.1.el7sat.src.rpm\ntfm-rubygem-unicode-display_width-1.7.0-2.el7sat.src.rpm\n\nnoarch:\nforeman-cli-3.1.1.21-2.el7sat.noarch.rpm\nsatellite-cli-6.11.0-2.el7sat.noarch.rpm\ntfm-rubygem-amazing_print-1.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-bindings-0.4.0-2.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-7.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-5.el7sat.noarch.rpm\ntfm-rubygem-fast_gettext-1.4.1-5.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli-3.1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman-3.1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_admin-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.13-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.17-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-2.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_webhooks-0.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_katello-1.3.1.6-1.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-3.el7sat.noarch.rpm\ntfm-rubygem-highline-2.0.3-2.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.1.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-3.el7sat.noarch.rpm\ntfm-rubygem-locale-2.0.9-15.el7sat.noarch.rpm\ntfm-rubygem-logging-2.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.3.1-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-5.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-6.el7sat.noarch.rpm\ntfm-rubygem-oauth-0.5.4-5.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-9.el7sat.noarch.rpm\ntfm-rubygem-unicode-display_width-1.7.0-2.el7sat.noarch.rpm\n\nx86_64:\ntfm-rubygem-unf_ext-0.0.7.2-4.1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-0.4.4.4-4.1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-debuginfo-0.4.4.4-4.1.el7sat.x86_64.rpm\ntfm-runtime-7.0-1.el7sat.x86_64.rpm\n\nRed Hat Satellite 6.11 for RHEL 8:\n\nSource:\nansible-collection-redhat-satellite-3.3.0-1.el8sat.src.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.src.rpm\nansible-lint-5.0.8-3.el8pc.src.rpm\nansible-runner-1.4.7-1.el8ar.src.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el8sat.src.rpm\nansiblerole-insights-client-1.7.1-2.el8sat.src.rpm\ncandlepin-4.1.13-1.el8sat.src.rpm\ncreaterepo_c-0.20.0-1.el8pc.src.rpm\ndynflow-utils-1.6.3-1.el8sat.src.rpm\nforeman-3.1.1.21-2.el8sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el8sat.src.rpm\nforeman-discovery-image-3.8.2-1.el8sat.src.rpm\nforeman-discovery-image-service-1.0.0-4.1.el8sat.src.rpm\nforeman-installer-3.1.2.6-1.el8sat.src.rpm\nforeman-proxy-3.1.1.1-1.el8sat.src.rpm\nforeman-selinux-3.1.2.1-1.el8sat.src.rpm\nkatello-4.3.0-3.el8sat.src.rpm\nkatello-certs-tools-2.9.0-1.el8sat.src.rpm\nkatello-client-bootstrap-1.7.9-1.el8sat.src.rpm\nkatello-selinux-4.0.2-1.el8sat.src.rpm\nlibcomps-0.1.18-1.el8pc.src.rpm\nlibdb-5.3.28-42.el8_4.src.rpm\nlibsodium-1.0.17-3.el8sat.src.rpm\nlibsolv-0.7.22-1.el8pc.src.rpm\nlibwebsockets-2.4.2-2.el8.src.rpm\npostgresql-evr-0.0.2-1.el8sat.src.rpm\npulpcore-selinux-1.3.0-1.el8pc.src.rpm\npuppet-agent-7.12.1-1.el8sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el8sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el8sat.src.rpm\npuppetlabs-stdlib-5.2.0-1.el8sat.src.rpm\npuppetserver-7.4.2-1.el8sat.src.rpm\npython-aiodns-3.0.0-2.el8pc.src.rpm\npython-aiofiles-0.7.0-2.el8pc.src.rpm\npython-aiohttp-3.8.1-2.el8pc.src.rpm\npython-aiohttp-xmlrpc-1.5.0-1.el8pc.src.rpm\npython-aioredis-2.0.0-2.el8pc.src.rpm\npython-aiosignal-1.2.0-1.el8pc.src.rpm\npython-ansible-builder-1.0.1-2.el8pc.src.rpm\npython-asgiref-3.4.1-1.el8pc.src.rpm\npython-async-lru-1.0.2-2.el8pc.src.rpm\npython-async-timeout-4.0.2-1.el8pc.src.rpm\npython-asyncio-throttle-1.0.2-2.el8pc.src.rpm\npython-attrs-21.2.0-2.el8pc.src.rpm\npython-backoff-1.11.1-1.el8pc.src.rpm\npython-bindep-2.10.1-1.el8pc.src.rpm\npython-bleach-3.3.1-1.el8pc.src.rpm\npython-bleach-allowlist-1.0.3-2.el8pc.src.rpm\npython-bracex-2.2-1.el8pc.src.rpm\npython-brotli-1.0.9-1.el8pc.src.rpm\npython-cchardet-2.1.7-1.el8pc.src.rpm\npython-certifi-2020.6.20-2.el8pc.src.rpm\npython-cffi-1.15.0-1.el8pc.src.rpm\npython-charset-normalizer-2.0.7-1.el8pc.src.rpm\npython-click-8.0.3-1.el8pc.src.rpm\npython-click-shell-2.1-2.el8pc.src.rpm\npython-colorama-0.4.4-2.el8pc.src.rpm\npython-commonmark-0.9.1-4.el8pc.src.rpm\npython-contextlib2-21.6.0-2.el8pc.src.rpm\npython-cryptography-3.1.1-1.el8pc.src.rpm\npython-daemon-2.1.2-9.el8ar.src.rpm\npython-dataclasses-0.8-2.el8pc.src.rpm\npython-dateutil-2.8.2-1.el8pc.src.rpm\npython-debian-0.1.42-1.el8pc.src.rpm\npython-defusedxml-0.7.1-2.el8pc.src.rpm\npython-diff-match-patch-20200713-2.el8pc.src.rpm\npython-distro-1.6.0-2.el8pc.src.rpm\npython-django-3.2.13-1.el8pc.src.rpm\npython-django-currentuser-0.5.3-3.el8pc.src.rpm\npython-django-filter-21.1-1.el8pc.src.rpm\npython-django-guardian-2.4.0-3.el8pc.src.rpm\npython-django-guid-3.2.0-2.el8pc.src.rpm\npython-django-import-export-2.6.1-1.el8pc.src.rpm\npython-django-lifecycle-0.9.3-1.el8pc.src.rpm\npython-django-prometheus-2.1.0-2.el8pc.src.rpm\npython-django-readonly-field-1.0.5-3.el8pc.src.rpm\npython-djangorestframework-3.12.4-4.el8pc.src.rpm\npython-djangorestframework-queryfields-1.0.0-4.el8pc.src.rpm\npython-drf-access-policy-1.1.0-1.el8pc.src.rpm\npython-drf-nested-routers-0.93.3-3.el8pc.src.rpm\npython-drf-spectacular-0.20.1-1.el8pc.src.rpm\npython-dynaconf-3.1.7-2.el8pc.src.rpm\npython-ecdsa-0.13.3-3.el8pc.src.rpm\npython-enrich-1.2.6-3.el8pc.src.rpm\npython-et-xmlfile-1.1.0-1.el8pc.src.rpm\npython-flake8-3.9.2-3.el8pc.src.rpm\npython-frozenlist-1.3.0-1.el8pc.src.rpm\npython-future-0.18.2-4.el8pc.src.rpm\npython-galaxy-importer-0.4.1-2.el8pc.src.rpm\npython-gnupg-0.4.7-2.el8pc.src.rpm\npython-gunicorn-20.1.0-3.el8pc.src.rpm\npython-idna-3.3-1.el8pc.src.rpm\npython-idna-ssl-1.1.0-4.el8pc.src.rpm\npython-importlib-metadata-1.7.0-2.el8pc.src.rpm\npython-inflection-0.5.1-2.el8pc.src.rpm\npython-iniparse-0.4-34.el8pc.src.rpm\npython-jinja2-3.0.2-1.el8pc.src.rpm\npython-jsonschema-3.2.0-7.el8pc.src.rpm\npython-lockfile-0.11.0-8.el8ar.src.rpm\npython-lxml-4.7.1-1.el8pc.src.rpm\npython-markdown-3.3.4-4.el8pc.src.rpm\npython-markuppy-1.14-2.el8pc.src.rpm\npython-markupsafe-2.0.1-2.el8pc.src.rpm\npython-mccabe-0.6.1-2.el8pc.src.rpm\npython-multidict-5.2.0-1.el8pc.src.rpm\npython-naya-1.1.1-1.el8pc.src.rpm\npython-odfpy-1.4.1-5.el8pc.src.rpm\npython-openpyxl-3.0.9-1.el8pc.src.rpm\npython-packaging-21.2-1.el8pc.src.rpm\npython-parsley-1.3-1.el8pc.src.rpm\npython-pbr-5.6.0-1.el8pc.src.rpm\npython-pexpect-4.6-2.el8ar.src.rpm\npython-productmd-1.33-2.el8pc.src.rpm\npython-prometheus-client-0.8.0-2.el8pc.src.rpm\npython-psutil-5.7.2-2.el8sat.src.rpm\npython-psycopg2-2.9.1-1.el8pc.src.rpm\npython-pulp-ansible-0.10.1-1.el8pc.src.rpm\npython-pulp-certguard-1.5.1-1.el8pc.src.rpm\npython-pulp-cli-0.14.0-1.el8pc.src.rpm\npython-pulp-container-2.9.2-1.el8pc.src.rpm\npython-pulp-deb-2.16.1-1.el8pc.src.rpm\npython-pulp-file-1.10.1-1.el8pc.src.rpm\npython-pulp-rpm-3.17.5-1.1.el8pc.src.rpm\npython-pulpcore-3.16.9-1.el8pc.src.rpm\npython-pyOpenSSL-19.1.0-2.el8pc.src.rpm\npython-pycairo-1.20.1-2.el8pc.src.rpm\npython-pycares-4.1.2-3.el8pc.src.rpm\npython-pycodestyle-2.7.0-4.el8pc.src.rpm\npython-pycparser-2.20-2.el8pc.src.rpm\npython-pycryptodomex-3.11.0-1.el8pc.src.rpm\npython-pyflakes-2.3.1-4.el8pc.src.rpm\npython-pygments-2.10.0-2.el8pc.src.rpm\npython-pygobject-3.40.1-1.el8pc.src.rpm\npython-pygtrie-2.4.2-2.el8pc.src.rpm\npython-pyjwkest-1.4.2-5.el8pc.src.rpm\npython-pyjwt-1.7.1-7.el8pc.src.rpm\npython-pyparsing-2.4.7-2.el8pc.src.rpm\npython-pyrsistent-0.18.0-1.el8pc.src.rpm\npython-pytz-2021.3-1.el8pc.src.rpm\npython-pyyaml-5.4.1-3.el8pc.src.rpm\npython-qpid-1.37.0-1.el8.src.rpm\npython-redis-3.5.3-2.el8pc.src.rpm\npython-requests-2.26.0-3.el8pc.src.rpm\npython-requirements-parser-0.2.0-2.el8pc.src.rpm\npython-rhsm-1.19.2-2.el8pc.src.rpm\npython-rich-10.12.0-1.el8pc.src.rpm\npython-ruamel-yaml-0.17.17-1.el8pc.src.rpm\npython-ruamel-yaml-clib-0.2.6-1.el8pc.src.rpm\npython-schema-0.7.5-1.el8pc.src.rpm\npython-semantic-version-2.8.5-2.el8pc.src.rpm\npython-six-1.16.0-1.el8pc.src.rpm\npython-sqlparse-0.4.2-2.el8pc.src.rpm\npython-tablib-3.1.0-1.el8pc.src.rpm\npython-tenacity-7.0.0-2.el8pc.src.rpm\npython-toml-0.10.2-2.el8pc.src.rpm\npython-typing-extensions-3.10.0.2-1.el8pc.src.rpm\npython-uritemplate-4.1.1-1.el8pc.src.rpm\npython-url-normalize-1.4.3-3.el8pc.src.rpm\npython-urllib3-1.26.7-1.el8pc.src.rpm\npython-urlman-1.4.0-2.el8pc.src.rpm\npython-wcmatch-8.3-1.el8pc.src.rpm\npython-webencodings-0.5.1-2.el8pc.src.rpm\npython-whitenoise-5.3.0-1.el8pc.src.rpm\npython-xlrd-2.0.1-4.el8pc.src.rpm\npython-xlwt-1.3.0-2.el8pc.src.rpm\npython-yarl-1.7.2-1.el8pc.src.rpm\npython-zipp-3.4.0-3.el8pc.src.rpm\nqpid-cpp-1.39.0-7.el8amq.src.rpm\nqpid-dispatch-1.14.0-6.el8.src.rpm\nqpid-proton-0.33.0-4.el8.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el8sat.src.rpm\nrubygem-actioncable-6.0.4.7-1.el8sat.src.rpm\nrubygem-actionmailbox-6.0.4.7-1.el8sat.src.rpm\nrubygem-actionmailer-6.0.4.7-1.el8sat.src.rpm\nrubygem-actionpack-6.0.4.7-1.el8sat.src.rpm\nrubygem-actiontext-6.0.4.7-1.el8sat.src.rpm\nrubygem-actionview-6.0.4.7-1.el8sat.src.rpm\nrubygem-activejob-6.0.4.7-1.el8sat.src.rpm\nrubygem-activemodel-6.0.4.7-1.el8sat.src.rpm\nrubygem-activerecord-6.0.4.7-1.el8sat.src.rpm\nrubygem-activerecord-import-1.1.0-1.el8sat.src.rpm\nrubygem-activerecord-session_store-2.0.0-1.el8sat.src.rpm\nrubygem-activestorage-6.0.4.7-1.el8sat.src.rpm\nrubygem-activesupport-6.0.4.7-1.el8sat.src.rpm\nrubygem-acts_as_list-1.0.3-2.el8sat.src.rpm\nrubygem-addressable-2.8.0-1.el8sat.src.rpm\nrubygem-algebrick-0.7.3-8.el8sat.src.rpm\nrubygem-amazing_print-1.1.0-2.el8sat.src.rpm\nrubygem-ancestry-3.0.7-2.el8sat.src.rpm\nrubygem-anemone-0.7.2-23.el8sat.src.rpm\nrubygem-angular-rails-templates-1.1.0-2.el8sat.src.rpm\nrubygem-ansi-1.5.0-3.el8sat.src.rpm\nrubygem-apipie-bindings-0.4.0-2.el8sat.src.rpm\nrubygem-apipie-dsl-2.4.0-1.el8sat.src.rpm\nrubygem-apipie-params-0.0.5-5.1.el8sat.src.rpm\nrubygem-apipie-rails-0.5.17-4.el8sat.src.rpm\nrubygem-audited-4.9.0-4.el8sat.src.rpm\nrubygem-azure_mgmt_compute-0.22.0-1.el8sat.src.rpm\nrubygem-azure_mgmt_network-0.26.1-2.el8sat.src.rpm\nrubygem-azure_mgmt_resources-0.18.2-1.el8sat.src.rpm\nrubygem-azure_mgmt_storage-0.23.0-1.el8sat.src.rpm\nrubygem-azure_mgmt_subscriptions-0.18.5-1.el8sat.src.rpm\nrubygem-bcrypt-3.1.12-4.1.el8sat.src.rpm\nrubygem-builder-3.2.4-2.el8sat.src.rpm\nrubygem-bundler_ext-0.4.1-6.el8sat.src.rpm\nrubygem-clamp-1.1.2-7.el8sat.src.rpm\nrubygem-coffee-rails-5.0.0-2.el8sat.src.rpm\nrubygem-coffee-script-2.4.1-5.el8sat.src.rpm\nrubygem-coffee-script-source-1.12.2-5.el8sat.src.rpm\nrubygem-colorize-0.8.1-2.el8sat.src.rpm\nrubygem-concurrent-ruby-1.1.6-3.el8sat.src.rpm\nrubygem-concurrent-ruby-edge-0.6.0-3.el8sat.src.rpm\nrubygem-connection_pool-2.2.2-3.el8sat.src.rpm\nrubygem-crass-1.0.6-2.el8sat.src.rpm\nrubygem-css_parser-1.4.7-5.el8sat.src.rpm\nrubygem-daemons-1.2.3-7.1.el8sat.src.rpm\nrubygem-deacon-1.0.0-5.el8sat.src.rpm\nrubygem-declarative-0.0.10-3.el8sat.src.rpm\nrubygem-declarative-option-0.1.0-3.el8sat.src.rpm\nrubygem-deep_cloneable-3.0.0-4.el8sat.src.rpm\nrubygem-deface-1.5.3-3.el8sat.src.rpm\nrubygem-diffy-3.0.1-6.1.el8sat.src.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.src.rpm\nrubygem-dynflow-1.6.4-1.el8sat.src.rpm\nrubygem-erubi-1.9.0-2.el8sat.src.rpm\nrubygem-excon-0.76.0-2.el8sat.src.rpm\nrubygem-execjs-2.7.0-5.el8sat.src.rpm\nrubygem-facter-4.0.51-2.el8sat.src.rpm\nrubygem-faraday-0.17.3-2.el8sat.src.rpm\nrubygem-faraday-cookie_jar-0.0.6-2.el8sat.src.rpm\nrubygem-faraday_middleware-0.13.1-3.el8sat.src.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.src.rpm\nrubygem-ffi-1.12.2-2.1.el8sat.src.rpm\nrubygem-fog-aws-3.6.5-2.el8sat.src.rpm\nrubygem-fog-core-2.1.0-4.el8sat.src.rpm\nrubygem-fog-google-1.11.0-2.el8sat.src.rpm\nrubygem-fog-json-1.2.0-4.el8sat.src.rpm\nrubygem-fog-kubevirt-1.3.3-2.el8sat.src.rpm\nrubygem-fog-libvirt-0.9.0-1.el8sat.src.rpm\nrubygem-fog-openstack-1.0.8-4.el8sat.src.rpm\nrubygem-fog-ovirt-2.0.1-2.el8sat.src.rpm\nrubygem-fog-vsphere-3.5.1-1.el8sat.src.rpm\nrubygem-fog-xml-0.1.2-9.el8sat.src.rpm\nrubygem-foreman-tasks-5.2.3-1.el8sat.src.rpm\nrubygem-foreman_ansible-7.0.4.1-1.el8sat.src.rpm\nrubygem-foreman_azure_rm-2.2.6-1.el8sat.src.rpm\nrubygem-foreman_bootdisk-19.0.4.1-1.el8sat.src.rpm\nrubygem-foreman_discovery-19.0.4-1.el8sat.src.rpm\nrubygem-foreman_hooks-0.3.17-2.el8sat.src.rpm\nrubygem-foreman_kubevirt-0.1.9-2.el8sat.src.rpm\nrubygem-foreman_leapp-0.1.9-1.el8sat.src.rpm\nrubygem-foreman_maintain-1.0.12-1.el8sat.src.rpm\nrubygem-foreman_openscap-5.1.1-1.el8sat.src.rpm\nrubygem-foreman_puppet-2.0.6-1.el8sat.src.rpm\nrubygem-foreman_remote_execution-5.0.7-1.el8sat.src.rpm\nrubygem-foreman_rh_cloud-5.0.39-1.el8sat.src.rpm\nrubygem-foreman_scap_client-0.5.0-1.el8sat.src.rpm\nrubygem-foreman_templates-9.1.0-1.el8sat.src.rpm\nrubygem-foreman_theme_satellite-9.0.0.10-1.el8sat.src.rpm\nrubygem-foreman_virt_who_configure-0.5.8-1.el8sat.src.rpm\nrubygem-foreman_webhooks-2.0.1-1.1.el8sat.src.rpm\nrubygem-formatador-0.2.1-13.el8sat.src.rpm\nrubygem-friendly_id-5.3.0-2.el8sat.src.rpm\nrubygem-fx-0.5.0-2.el8sat.src.rpm\nrubygem-get_process_mem-0.2.7-2.1.el8sat.src.rpm\nrubygem-gettext_i18n_rails-1.8.0-3.el8sat.src.rpm\nrubygem-git-1.5.0-2.el8sat.src.rpm\nrubygem-gitlab-sidekiq-fetcher-0.6.0-2.el8sat.src.rpm\nrubygem-globalid-0.4.2-2.el8sat.src.rpm\nrubygem-google-api-client-0.33.2-2.el8sat.src.rpm\nrubygem-google-cloud-env-1.3.3-2.el8sat.src.rpm\nrubygem-googleauth-0.13.1-2.el8sat.src.rpm\nrubygem-graphql-1.8.14-3.el8sat.src.rpm\nrubygem-graphql-batch-0.3.10-3.el8sat.src.rpm\nrubygem-gssapi-1.2.0-8.el8sat.src.rpm\nrubygem-hammer_cli-3.1.0.1-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.src.rpm\nrubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_leapp-0.1.1-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_puppet-0.0.5-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.src.rpm\nrubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.src.rpm\nrubygem-hammer_cli_katello-1.3.1.6-1.el8sat.src.rpm\nrubygem-hashie-3.6.0-3.el8sat.src.rpm\nrubygem-highline-2.0.3-2.el8sat.src.rpm\nrubygem-hocon-1.3.1-2.el8sat.src.rpm\nrubygem-http-3.3.0-2.el8sat.src.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm\nrubygem-http-form_data-2.1.1-2.el8sat.src.rpm\nrubygem-http_parser.rb-0.6.0-3.1.el8sat.src.rpm\nrubygem-httpclient-2.8.3-4.el8sat.src.rpm\nrubygem-i18n-1.8.2-2.el8sat.src.rpm\nrubygem-infoblox-3.0.0-4.el8sat.src.rpm\nrubygem-ipaddress-0.8.0-13.el8sat.src.rpm\nrubygem-jgrep-1.3.3-11.el8sat.src.rpm\nrubygem-journald-logger-2.0.4-3.el8sat.src.rpm\nrubygem-journald-native-1.0.11-4.1.el8sat.src.rpm\nrubygem-jwt-2.2.2-2.el8sat.src.rpm\nrubygem-kafo-6.4.0-1.el8sat.src.rpm\nrubygem-kafo_parsers-1.2.1-1.el8sat.src.rpm\nrubygem-kafo_wizards-0.0.2-2.el8sat.src.rpm\nrubygem-katello-4.3.0.42-1.el8sat.src.rpm\nrubygem-kubeclient-4.3.0-2.el8sat.src.rpm\nrubygem-ldap_fluff-0.6.0-1.el8sat.src.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.src.rpm\nrubygem-locale-2.0.9-15.el8sat.src.rpm\nrubygem-logging-2.3.0-2.el8sat.src.rpm\nrubygem-logging-journald-2.0.0-3.el8sat.src.rpm\nrubygem-loofah-2.4.0-2.el8sat.src.rpm\nrubygem-mail-2.7.1-2.el8sat.src.rpm\nrubygem-marcel-1.0.1-1.el8sat.src.rpm\nrubygem-memoist-0.16.0-3.el8sat.src.rpm\nrubygem-method_source-0.9.2-3.el8sat.src.rpm\nrubygem-mime-types-3.3.1-2.el8sat.src.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm\nrubygem-mini_mime-1.0.2-2.el8sat.src.rpm\nrubygem-mini_portile2-2.5.1-1.el8sat.src.rpm\nrubygem-mqtt-0.5.0-1.el8sat.src.rpm\nrubygem-ms_rest-0.7.6-1.el8sat.src.rpm\nrubygem-ms_rest_azure-0.12.0-1.el8sat.src.rpm\nrubygem-msgpack-1.3.3-2.1.el8sat.src.rpm\nrubygem-multi_json-1.14.1-3.el8sat.src.rpm\nrubygem-multipart-post-2.0.0-3.el8sat.src.rpm\nrubygem-mustermann-1.1.1-1.el8sat.src.rpm\nrubygem-net-ldap-0.17.0-2.el8sat.src.rpm\nrubygem-net-ping-2.0.1-5.el8sat.src.rpm\nrubygem-net-scp-1.2.1-5.el8sat.src.rpm\nrubygem-net-ssh-4.2.0-3.el8sat.src.rpm\nrubygem-net-ssh-krb-0.4.0-4.el8sat.src.rpm\nrubygem-net_http_unix-0.2.2-2.el8sat.src.rpm\nrubygem-netrc-0.11.0-6.el8sat.src.rpm\nrubygem-newt-0.9.7-3.1.el8sat.src.rpm\nrubygem-nio4r-2.5.4-2.1.el8sat.src.rpm\nrubygem-nokogiri-1.11.3-2.el8sat.src.rpm\nrubygem-oauth-0.5.4-5.el8sat.src.rpm\nrubygem-openscap-0.4.9-7.el8sat.src.rpm\nrubygem-openscap_parser-1.0.2-2.el8sat.src.rpm\nrubygem-optimist-3.0.0-3.el8sat.src.rpm\nrubygem-os-1.0.0-3.el8sat.src.rpm\nrubygem-ovirt-engine-sdk-4.4.0-2.1.el8sat.src.rpm\nrubygem-ovirt_provision_plugin-2.0.3-3.el8sat.src.rpm\nrubygem-parallel-1.19.1-2.el8sat.src.rpm\nrubygem-parse-cron-0.1.4-5.el8sat.src.rpm\nrubygem-polyglot-0.3.5-3.1.el8sat.src.rpm\nrubygem-powerbar-2.0.1-3.el8sat.src.rpm\nrubygem-prometheus-client-1.0.0-3.el8sat.src.rpm\nrubygem-promise.rb-0.7.4-3.el8sat.src.rpm\nrubygem-public_suffix-3.0.3-3.el8sat.src.rpm\nrubygem-pulp_ansible_client-0.10.1-1.el8sat.src.rpm\nrubygem-pulp_certguard_client-1.5.0-1.el8sat.src.rpm\nrubygem-pulp_container_client-2.9.0-1.el8sat.src.rpm\nrubygem-pulp_deb_client-2.16.0-1.el8sat.src.rpm\nrubygem-pulp_file_client-1.10.0-1.el8sat.src.rpm\nrubygem-pulp_ostree_client-2.0.0-0.1.a1.el8sat.src.rpm\nrubygem-pulp_python_client-3.5.2-1.el8sat.src.rpm\nrubygem-pulp_rpm_client-3.17.4-1.el8sat.src.rpm\nrubygem-pulpcore_client-3.16.7-1.el8sat.src.rpm\nrubygem-puma-5.6.2-1.el8sat.src.rpm\nrubygem-puma-status-1.3-1.el8sat.src.rpm\nrubygem-qpid_proton-0.33.0-5.el8sat.src.rpm\nrubygem-quantile-0.2.0-5.el8sat.src.rpm\nrubygem-rabl-0.14.3-2.el8sat.src.rpm\nrubygem-rack-2.2.3-2.el8sat.src.rpm\nrubygem-rack-cors-1.0.2-3.el8sat.src.rpm\nrubygem-rack-jsonp-1.3.1-10.el8sat.src.rpm\nrubygem-rack-protection-2.1.0-2.el8sat.src.rpm\nrubygem-rack-test-1.1.0-5.el8sat.src.rpm\nrubygem-rails-6.0.4.7-1.el8sat.src.rpm\nrubygem-rails-dom-testing-2.0.3-7.el8sat.src.rpm\nrubygem-rails-html-sanitizer-1.3.0-2.el8sat.src.rpm\nrubygem-rails-i18n-6.0.0-3.el8sat.src.rpm\nrubygem-railties-6.0.4.7-1.el8sat.src.rpm\nrubygem-rainbow-2.2.2-1.el8sat.src.rpm\nrubygem-rb-inotify-0.9.7-6.el8sat.src.rpm\nrubygem-rbnacl-4.0.2-2.el8sat.src.rpm\nrubygem-rbvmomi-2.2.0-4.el8sat.src.rpm\nrubygem-record_tag_helper-1.0.1-4.el8sat.src.rpm\nrubygem-recursive-open-struct-1.1.0-2.el8sat.src.rpm\nrubygem-redfish_client-0.5.2-2.el8sat.src.rpm\nrubygem-redis-4.5.1-1.el8sat.src.rpm\nrubygem-representable-3.0.4-3.el8sat.src.rpm\nrubygem-responders-3.0.0-4.el8sat.src.rpm\nrubygem-rest-client-2.0.2-4.el8sat.src.rpm\nrubygem-retriable-3.1.2-3.el8sat.src.rpm\nrubygem-rkerberos-0.1.5-20.1.el8sat.src.rpm\nrubygem-roadie-3.4.0-4.el8sat.src.rpm\nrubygem-roadie-rails-2.1.1-3.el8sat.src.rpm\nrubygem-robotex-1.0.0-22.el8sat.src.rpm\nrubygem-rsec-0.4.3-5.el8sat.src.rpm\nrubygem-ruby-libvirt-0.7.1-2.1.el8sat.src.rpm\nrubygem-ruby2_keywords-0.0.4-1.el8sat.src.rpm\nrubygem-ruby2ruby-2.4.2-4.el8sat.src.rpm\nrubygem-ruby_parser-3.10.1-4.el8sat.src.rpm\nrubygem-rubyipmi-0.11.0-1.el8sat.src.rpm\nrubygem-runcible-2.13.1-2.el8sat.src.rpm\nrubygem-safemode-1.3.6-2.el8sat.src.rpm\nrubygem-scoped_search-4.1.9-2.el8sat.src.rpm\nrubygem-sd_notify-0.1.0-2.el8sat.src.rpm\nrubygem-secure_headers-6.3.0-3.el8sat.src.rpm\nrubygem-sequel-5.42.0-2.el8sat.src.rpm\nrubygem-server_sent_events-0.1.2-2.el8sat.src.rpm\nrubygem-sexp_processor-4.10.0-7.el8sat.src.rpm\nrubygem-sidekiq-5.2.10-1.el8sat.src.rpm\nrubygem-signet-0.14.0-2.el8sat.src.rpm\nrubygem-sinatra-2.1.0-3.el8sat.src.rpm\nrubygem-smart_proxy_ansible-3.3.1-2.el8sat.src.rpm\nrubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.src.rpm\nrubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el8sat.src.rpm\nrubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el8sat.src.rpm\nrubygem-smart_proxy_discovery-1.0.5-8.el8sat.src.rpm\nrubygem-smart_proxy_discovery_image-1.3.2-3.el8sat.src.rpm\nrubygem-smart_proxy_dns_infoblox-1.1.0-6.el8sat.src.rpm\nrubygem-smart_proxy_dynflow-0.6.3-1.el8sat.src.rpm\nrubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.src.rpm\nrubygem-smart_proxy_openscap-0.9.2-1.el8sat.src.rpm\nrubygem-smart_proxy_pulp-3.2.0-2.el8sat.src.rpm\nrubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el8sat.src.rpm\nrubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.src.rpm\nrubygem-sprockets-4.0.2-2.el8sat.src.rpm\nrubygem-sprockets-rails-3.2.1-7.el8sat.src.rpm\nrubygem-sqlite3-1.3.13-7.1.el8sat.src.rpm\nrubygem-sshkey-1.9.0-5.el8sat.src.rpm\nrubygem-statsd-instrument-2.1.4-4.el8sat.src.rpm\nrubygem-stomp-1.4.9-2.el8sat.src.rpm\nrubygem-thor-1.0.1-3.el8sat.src.rpm\nrubygem-thread_safe-0.3.6-6.el8sat.src.rpm\nrubygem-tilt-2.0.8-5.el8sat.src.rpm\nrubygem-timeliness-0.3.10-2.el8sat.src.rpm\nrubygem-tzinfo-1.2.6-2.el8sat.src.rpm\nrubygem-uber-0.1.0-3.el8sat.src.rpm\nrubygem-unf-0.1.3-9.el8sat.src.rpm\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm\nrubygem-unicode-0.4.4.4-4.1.el8sat.src.rpm\nrubygem-unicode-display_width-1.7.0-2.el8sat.src.rpm\nrubygem-validates_lengths_from_database-0.5.0-8.el8sat.src.rpm\nrubygem-webpack-rails-0.9.8-6.1.el8sat.src.rpm\nrubygem-websocket-driver-0.7.1-2.1.el8sat.src.rpm\nrubygem-websocket-extensions-0.1.5-2.el8sat.src.rpm\nrubygem-will_paginate-3.1.7-4.el8sat.src.rpm\nrubygem-zeitwerk-2.2.2-2.el8sat.src.rpm\nsaslwrapper-0.22-6.el8sat.src.rpm\nsatellite-6.11.0-2.el8sat.src.rpm\nsatellite-installer-6.11.0.7-1.el8sat.src.rpm\nsatellite-maintain-0.0.1-1.el8sat.src.rpm\nyggdrasil-worker-forwarder-0.0.1-1.el8sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-3.3.0-1.el8sat.noarch.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.noarch.rpm\nansible-lint-5.0.8-3.el8pc.noarch.rpm\nansible-runner-1.4.7-1.el8ar.noarch.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el8sat.noarch.rpm\nansiblerole-insights-client-1.7.1-2.el8sat.noarch.rpm\ncandlepin-4.1.13-1.el8sat.noarch.rpm\ncandlepin-selinux-4.1.13-1.el8sat.noarch.rpm\nforeman-3.1.1.21-2.el8sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el8sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el8sat.noarch.rpm\nforeman-cli-3.1.1.21-2.el8sat.noarch.rpm\nforeman-debug-3.1.1.21-2.el8sat.noarch.rpm\nforeman-discovery-image-3.8.2-1.el8sat.noarch.rpm\nforeman-dynflow-sidekiq-3.1.1.21-2.el8sat.noarch.rpm\nforeman-ec2-3.1.1.21-2.el8sat.noarch.rpm\nforeman-gce-3.1.1.21-2.el8sat.noarch.rpm\nforeman-installer-3.1.2.6-1.el8sat.noarch.rpm\nforeman-installer-katello-3.1.2.6-1.el8sat.noarch.rpm\nforeman-journald-3.1.1.21-2.el8sat.noarch.rpm\nforeman-libvirt-3.1.1.21-2.el8sat.noarch.rpm\nforeman-openstack-3.1.1.21-2.el8sat.noarch.rpm\nforeman-ovirt-3.1.1.21-2.el8sat.noarch.rpm\nforeman-postgresql-3.1.1.21-2.el8sat.noarch.rpm\nforeman-proxy-3.1.1.1-1.el8sat.noarch.rpm\nforeman-proxy-journald-3.1.1.1-1.el8sat.noarch.rpm\nforeman-selinux-3.1.2.1-1.el8sat.noarch.rpm\nforeman-service-3.1.1.21-2.el8sat.noarch.rpm\nforeman-telemetry-3.1.1.21-2.el8sat.noarch.rpm\nforeman-vmware-3.1.1.21-2.el8sat.noarch.rpm\nkatello-4.3.0-3.el8sat.noarch.rpm\nkatello-certs-tools-2.9.0-1.el8sat.noarch.rpm\nkatello-client-bootstrap-1.7.9-1.el8sat.noarch.rpm\nkatello-common-4.3.0-3.el8sat.noarch.rpm\nkatello-debug-4.3.0-3.el8sat.noarch.rpm\nkatello-selinux-4.0.2-1.el8sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el8sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el8sat.noarch.rpm\npuppetlabs-stdlib-5.2.0-1.el8sat.noarch.rpm\npuppetserver-7.4.2-1.el8sat.noarch.rpm\npython2-qpid-1.37.0-1.el8.noarch.rpm\npython3-ansible-runner-1.4.7-1.el8ar.noarch.rpm\npython3-daemon-2.1.2-9.el8ar.noarch.rpm\npython3-lockfile-0.11.0-8.el8ar.noarch.rpm\npython3-pexpect-4.6-2.el8ar.noarch.rpm\npython38-aiodns-3.0.0-2.el8pc.noarch.rpm\npython38-aiofiles-0.7.0-2.el8pc.noarch.rpm\npython38-aiohttp-xmlrpc-1.5.0-1.el8pc.noarch.rpm\npython38-aioredis-2.0.0-2.el8pc.noarch.rpm\npython38-aiosignal-1.2.0-1.el8pc.noarch.rpm\npython38-ansible-builder-1.0.1-2.el8pc.noarch.rpm\npython38-asgiref-3.4.1-1.el8pc.noarch.rpm\npython38-async-lru-1.0.2-2.el8pc.noarch.rpm\npython38-async-timeout-4.0.2-1.el8pc.noarch.rpm\npython38-asyncio-throttle-1.0.2-2.el8pc.noarch.rpm\npython38-attrs-21.2.0-2.el8pc.noarch.rpm\npython38-backoff-1.11.1-1.el8pc.noarch.rpm\npython38-bindep-2.10.1-1.el8pc.noarch.rpm\npython38-bleach-3.3.1-1.el8pc.noarch.rpm\npython38-bleach-allowlist-1.0.3-2.el8pc.noarch.rpm\npython38-bracex-2.2-1.el8pc.noarch.rpm\npython38-certifi-2020.6.20-2.el8pc.noarch.rpm\npython38-charset-normalizer-2.0.7-1.el8pc.noarch.rpm\npython38-click-8.0.3-1.el8pc.noarch.rpm\npython38-click-shell-2.1-2.el8pc.noarch.rpm\npython38-colorama-0.4.4-2.el8pc.noarch.rpm\npython38-commonmark-0.9.1-4.el8pc.noarch.rpm\npython38-contextlib2-21.6.0-2.el8pc.noarch.rpm\npython38-dataclasses-0.8-2.el8pc.noarch.rpm\npython38-dateutil-2.8.2-1.el8pc.noarch.rpm\npython38-debian-0.1.42-1.el8pc.noarch.rpm\npython38-defusedxml-0.7.1-2.el8pc.noarch.rpm\npython38-diff-match-patch-20200713-2.el8pc.noarch.rpm\npython38-distro-1.6.0-2.el8pc.noarch.rpm\npython38-django-3.2.13-1.el8pc.noarch.rpm\npython38-django-currentuser-0.5.3-3.el8pc.noarch.rpm\npython38-django-filter-21.1-1.el8pc.noarch.rpm\npython38-django-guardian-2.4.0-3.el8pc.noarch.rpm\npython38-django-guid-3.2.0-2.el8pc.noarch.rpm\npython38-django-import-export-2.6.1-1.el8pc.noarch.rpm\npython38-django-lifecycle-0.9.3-1.el8pc.noarch.rpm\npython38-django-prometheus-2.1.0-2.el8pc.noarch.rpm\npython38-django-readonly-field-1.0.5-3.el8pc.noarch.rpm\npython38-djangorestframework-3.12.4-4.el8pc.noarch.rpm\npython38-djangorestframework-queryfields-1.0.0-4.el8pc.noarch.rpm\npython38-drf-access-policy-1.1.0-1.el8pc.noarch.rpm\npython38-drf-nested-routers-0.93.3-3.el8pc.noarch.rpm\npython38-drf-spectacular-0.20.1-1.el8pc.noarch.rpm\npython38-dynaconf-3.1.7-2.el8pc.noarch.rpm\npython38-ecdsa-0.13.3-3.el8pc.noarch.rpm\npython38-enrich-1.2.6-3.el8pc.noarch.rpm\npython38-et-xmlfile-1.1.0-1.el8pc.noarch.rpm\npython38-flake8-3.9.2-3.el8pc.noarch.rpm\npython38-future-0.18.2-4.el8pc.noarch.rpm\npython38-galaxy-importer-0.4.1-2.el8pc.noarch.rpm\npython38-gnupg-0.4.7-2.el8pc.noarch.rpm\npython38-gunicorn-20.1.0-3.el8pc.noarch.rpm\npython38-idna-3.3-1.el8pc.noarch.rpm\npython38-idna-ssl-1.1.0-4.el8pc.noarch.rpm\npython38-importlib-metadata-1.7.0-2.el8pc.noarch.rpm\npython38-inflection-0.5.1-2.el8pc.noarch.rpm\npython38-iniparse-0.4-34.el8pc.noarch.rpm\npython38-jinja2-3.0.2-1.el8pc.noarch.rpm\npython38-jsonschema-3.2.0-7.el8pc.noarch.rpm\npython38-markdown-3.3.4-4.el8pc.noarch.rpm\npython38-markuppy-1.14-2.el8pc.noarch.rpm\npython38-mccabe-0.6.1-2.el8pc.noarch.rpm\npython38-naya-1.1.1-1.el8pc.noarch.rpm\npython38-odfpy-1.4.1-5.el8pc.noarch.rpm\npython38-openpyxl-3.0.9-1.el8pc.noarch.rpm\npython38-packaging-21.2-1.el8pc.noarch.rpm\npython38-parsley-1.3-1.el8pc.noarch.rpm\npython38-pbr-5.6.0-1.el8pc.noarch.rpm\npython38-productmd-1.33-2.el8pc.noarch.rpm\npython38-prometheus-client-0.8.0-2.el8pc.noarch.rpm\npython38-pulp-ansible-0.10.1-1.el8pc.noarch.rpm\npython38-pulp-certguard-1.5.1-1.el8pc.noarch.rpm\npython38-pulp-cli-0.14.0-1.el8pc.noarch.rpm\npython38-pulp-container-2.9.2-1.el8pc.noarch.rpm\npython38-pulp-deb-2.16.1-1.el8pc.noarch.rpm\npython38-pulp-file-1.10.1-1.el8pc.noarch.rpm\npython38-pulp-rpm-3.17.5-1.1.el8pc.noarch.rpm\npython38-pulpcore-3.16.9-1.el8pc.noarch.rpm\npython38-pyOpenSSL-19.1.0-2.el8pc.noarch.rpm\npython38-pycodestyle-2.7.0-4.el8pc.noarch.rpm\npython38-pycparser-2.20-2.el8pc.noarch.rpm\npython38-pyflakes-2.3.1-4.el8pc.noarch.rpm\npython38-pygments-2.10.0-2.el8pc.noarch.rpm\npython38-pygtrie-2.4.2-2.el8pc.noarch.rpm\npython38-pyjwkest-1.4.2-5.el8pc.noarch.rpm\npython38-pyjwt-1.7.1-7.el8pc.noarch.rpm\npython38-pyparsing-2.4.7-2.el8pc.noarch.rpm\npython38-pytz-2021.3-1.el8pc.noarch.rpm\npython38-redis-3.5.3-2.el8pc.noarch.rpm\npython38-requests-2.26.0-3.el8pc.noarch.rpm\npython38-requirements-parser-0.2.0-2.el8pc.noarch.rpm\npython38-rich-10.12.0-1.el8pc.noarch.rpm\npython38-ruamel-yaml-0.17.17-1.el8pc.noarch.rpm\npython38-schema-0.7.5-1.el8pc.noarch.rpm\npython38-semantic-version-2.8.5-2.el8pc.noarch.rpm\npython38-six-1.16.0-1.el8pc.noarch.rpm\npython38-sqlparse-0.4.2-2.el8pc.noarch.rpm\npython38-tablib-3.1.0-1.el8pc.noarch.rpm\npython38-tenacity-7.0.0-2.el8pc.noarch.rpm\npython38-toml-0.10.2-2.el8pc.noarch.rpm\npython38-typing-extensions-3.10.0.2-1.el8pc.noarch.rpm\npython38-uritemplate-4.1.1-1.el8pc.noarch.rpm\npython38-url-normalize-1.4.3-3.el8pc.noarch.rpm\npython38-urllib3-1.26.7-1.el8pc.noarch.rpm\npython38-urlman-1.4.0-2.el8pc.noarch.rpm\npython38-wcmatch-8.3-1.el8pc.noarch.rpm\npython38-webencodings-0.5.1-2.el8pc.noarch.rpm\npython38-whitenoise-5.3.0-1.el8pc.noarch.rpm\npython38-xlrd-2.0.1-4.el8pc.noarch.rpm\npython38-xlwt-1.3.0-2.el8pc.noarch.rpm\npython38-zipp-3.4.0-3.el8pc.noarch.rpm\nqpid-dispatch-tools-1.14.0-6.el8.noarch.rpm\nqpid-tools-1.39.0-7.el8amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el8sat.noarch.rpm\nrubygem-actioncable-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-actionmailbox-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-actionmailer-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-actionpack-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-actiontext-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-actionview-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-activejob-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-activemodel-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-activerecord-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-activerecord-import-1.1.0-1.el8sat.noarch.rpm\nrubygem-activerecord-session_store-2.0.0-1.el8sat.noarch.rpm\nrubygem-activestorage-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-activesupport-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-acts_as_list-1.0.3-2.el8sat.noarch.rpm\nrubygem-addressable-2.8.0-1.el8sat.noarch.rpm\nrubygem-algebrick-0.7.3-8.el8sat.noarch.rpm\nrubygem-amazing_print-1.1.0-2.el8sat.noarch.rpm\nrubygem-ancestry-3.0.7-2.el8sat.noarch.rpm\nrubygem-anemone-0.7.2-23.el8sat.noarch.rpm\nrubygem-angular-rails-templates-1.1.0-2.el8sat.noarch.rpm\nrubygem-ansi-1.5.0-3.el8sat.noarch.rpm\nrubygem-apipie-bindings-0.4.0-2.el8sat.noarch.rpm\nrubygem-apipie-dsl-2.4.0-1.el8sat.noarch.rpm\nrubygem-apipie-params-0.0.5-5.1.el8sat.noarch.rpm\nrubygem-apipie-rails-0.5.17-4.el8sat.noarch.rpm\nrubygem-audited-4.9.0-4.el8sat.noarch.rpm\nrubygem-azure_mgmt_compute-0.22.0-1.el8sat.noarch.rpm\nrubygem-azure_mgmt_network-0.26.1-2.el8sat.noarch.rpm\nrubygem-azure_mgmt_resources-0.18.2-1.el8sat.noarch.rpm\nrubygem-azure_mgmt_storage-0.23.0-1.el8sat.noarch.rpm\nrubygem-azure_mgmt_subscriptions-0.18.5-1.el8sat.noarch.rpm\nrubygem-builder-3.2.4-2.el8sat.noarch.rpm\nrubygem-bundler_ext-0.4.1-6.el8sat.noarch.rpm\nrubygem-clamp-1.1.2-7.el8sat.noarch.rpm\nrubygem-coffee-rails-5.0.0-2.el8sat.noarch.rpm\nrubygem-coffee-script-2.4.1-5.el8sat.noarch.rpm\nrubygem-coffee-script-source-1.12.2-5.el8sat.noarch.rpm\nrubygem-colorize-0.8.1-2.el8sat.noarch.rpm\nrubygem-concurrent-ruby-1.1.6-3.el8sat.noarch.rpm\nrubygem-concurrent-ruby-edge-0.6.0-3.el8sat.noarch.rpm\nrubygem-connection_pool-2.2.2-3.el8sat.noarch.rpm\nrubygem-crass-1.0.6-2.el8sat.noarch.rpm\nrubygem-css_parser-1.4.7-5.el8sat.noarch.rpm\nrubygem-daemons-1.2.3-7.1.el8sat.noarch.rpm\nrubygem-deacon-1.0.0-5.el8sat.noarch.rpm\nrubygem-declarative-0.0.10-3.el8sat.noarch.rpm\nrubygem-declarative-option-0.1.0-3.el8sat.noarch.rpm\nrubygem-deep_cloneable-3.0.0-4.el8sat.noarch.rpm\nrubygem-deface-1.5.3-3.el8sat.noarch.rpm\nrubygem-diffy-3.0.1-6.1.el8sat.noarch.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm\nrubygem-dynflow-1.6.4-1.el8sat.noarch.rpm\nrubygem-erubi-1.9.0-2.el8sat.noarch.rpm\nrubygem-excon-0.76.0-2.el8sat.noarch.rpm\nrubygem-execjs-2.7.0-5.el8sat.noarch.rpm\nrubygem-faraday-0.17.3-2.el8sat.noarch.rpm\nrubygem-faraday-cookie_jar-0.0.6-2.el8sat.noarch.rpm\nrubygem-faraday_middleware-0.13.1-3.el8sat.noarch.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm\nrubygem-fog-aws-3.6.5-2.el8sat.noarch.rpm\nrubygem-fog-core-2.1.0-4.el8sat.noarch.rpm\nrubygem-fog-google-1.11.0-2.el8sat.noarch.rpm\nrubygem-fog-json-1.2.0-4.el8sat.noarch.rpm\nrubygem-fog-kubevirt-1.3.3-2.el8sat.noarch.rpm\nrubygem-fog-libvirt-0.9.0-1.el8sat.noarch.rpm\nrubygem-fog-openstack-1.0.8-4.el8sat.noarch.rpm\nrubygem-fog-ovirt-2.0.1-2.el8sat.noarch.rpm\nrubygem-fog-vsphere-3.5.1-1.el8sat.noarch.rpm\nrubygem-fog-xml-0.1.2-9.el8sat.noarch.rpm\nrubygem-foreman-tasks-5.2.3-1.el8sat.noarch.rpm\nrubygem-foreman_ansible-7.0.4.1-1.el8sat.noarch.rpm\nrubygem-foreman_azure_rm-2.2.6-1.el8sat.noarch.rpm\nrubygem-foreman_bootdisk-19.0.4.1-1.el8sat.noarch.rpm\nrubygem-foreman_discovery-19.0.4-1.el8sat.noarch.rpm\nrubygem-foreman_hooks-0.3.17-2.el8sat.noarch.rpm\nrubygem-foreman_kubevirt-0.1.9-2.el8sat.noarch.rpm\nrubygem-foreman_leapp-0.1.9-1.el8sat.noarch.rpm\nrubygem-foreman_maintain-1.0.12-1.el8sat.noarch.rpm\nrubygem-foreman_openscap-5.1.1-1.el8sat.noarch.rpm\nrubygem-foreman_puppet-2.0.6-1.el8sat.noarch.rpm\nrubygem-foreman_remote_execution-5.0.7-1.el8sat.noarch.rpm\nrubygem-foreman_remote_execution-cockpit-5.0.7-1.el8sat.noarch.rpm\nrubygem-foreman_rh_cloud-5.0.39-1.el8sat.noarch.rpm\nrubygem-foreman_scap_client-0.5.0-1.el8sat.noarch.rpm\nrubygem-foreman_templates-9.1.0-1.el8sat.noarch.rpm\nrubygem-foreman_theme_satellite-9.0.0.10-1.el8sat.noarch.rpm\nrubygem-foreman_virt_who_configure-0.5.8-1.el8sat.noarch.rpm\nrubygem-foreman_webhooks-2.0.1-1.1.el8sat.noarch.rpm\nrubygem-formatador-0.2.1-13.el8sat.noarch.rpm\nrubygem-friendly_id-5.3.0-2.el8sat.noarch.rpm\nrubygem-fx-0.5.0-2.el8sat.noarch.rpm\nrubygem-get_process_mem-0.2.7-2.1.el8sat.noarch.rpm\nrubygem-gettext_i18n_rails-1.8.0-3.el8sat.noarch.rpm\nrubygem-git-1.5.0-2.el8sat.noarch.rpm\nrubygem-gitlab-sidekiq-fetcher-0.6.0-2.el8sat.noarch.rpm\nrubygem-globalid-0.4.2-2.el8sat.noarch.rpm\nrubygem-google-api-client-0.33.2-2.el8sat.noarch.rpm\nrubygem-google-cloud-env-1.3.3-2.el8sat.noarch.rpm\nrubygem-googleauth-0.13.1-2.el8sat.noarch.rpm\nrubygem-graphql-1.8.14-3.el8sat.noarch.rpm\nrubygem-graphql-batch-0.3.10-3.el8sat.noarch.rpm\nrubygem-gssapi-1.2.0-8.el8sat.noarch.rpm\nrubygem-hammer_cli-3.1.0.1-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_leapp-0.1.1-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_puppet-0.0.5-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.noarch.rpm\nrubygem-hammer_cli_katello-1.3.1.6-1.el8sat.noarch.rpm\nrubygem-hashie-3.6.0-3.el8sat.noarch.rpm\nrubygem-highline-2.0.3-2.el8sat.noarch.rpm\nrubygem-hocon-1.3.1-2.el8sat.noarch.rpm\nrubygem-http-3.3.0-2.el8sat.noarch.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm\nrubygem-http-form_data-2.1.1-2.el8sat.noarch.rpm\nrubygem-httpclient-2.8.3-4.el8sat.noarch.rpm\nrubygem-i18n-1.8.2-2.el8sat.noarch.rpm\nrubygem-infoblox-3.0.0-4.el8sat.noarch.rpm\nrubygem-ipaddress-0.8.0-13.el8sat.noarch.rpm\nrubygem-jgrep-1.3.3-11.el8sat.noarch.rpm\nrubygem-journald-logger-2.0.4-3.el8sat.noarch.rpm\nrubygem-jwt-2.2.2-2.el8sat.noarch.rpm\nrubygem-kafo-6.4.0-1.el8sat.noarch.rpm\nrubygem-kafo_parsers-1.2.1-1.el8sat.noarch.rpm\nrubygem-kafo_wizards-0.0.2-2.el8sat.noarch.rpm\nrubygem-katello-4.3.0.42-1.el8sat.noarch.rpm\nrubygem-kubeclient-4.3.0-2.el8sat.noarch.rpm\nrubygem-ldap_fluff-0.6.0-1.el8sat.noarch.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm\nrubygem-locale-2.0.9-15.el8sat.noarch.rpm\nrubygem-logging-2.3.0-2.el8sat.noarch.rpm\nrubygem-logging-journald-2.0.0-3.el8sat.noarch.rpm\nrubygem-loofah-2.4.0-2.el8sat.noarch.rpm\nrubygem-mail-2.7.1-2.el8sat.noarch.rpm\nrubygem-marcel-1.0.1-1.el8sat.noarch.rpm\nrubygem-memoist-0.16.0-3.el8sat.noarch.rpm\nrubygem-method_source-0.9.2-3.el8sat.noarch.rpm\nrubygem-mime-types-3.3.1-2.el8sat.noarch.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm\nrubygem-mini_mime-1.0.2-2.el8sat.noarch.rpm\nrubygem-mini_portile2-2.5.1-1.el8sat.noarch.rpm\nrubygem-mqtt-0.5.0-1.el8sat.noarch.rpm\nrubygem-ms_rest-0.7.6-1.el8sat.noarch.rpm\nrubygem-ms_rest_azure-0.12.0-1.el8sat.noarch.rpm\nrubygem-multi_json-1.14.1-3.el8sat.noarch.rpm\nrubygem-multipart-post-2.0.0-3.el8sat.noarch.rpm\nrubygem-mustermann-1.1.1-1.el8sat.noarch.rpm\nrubygem-net-ldap-0.17.0-2.el8sat.noarch.rpm\nrubygem-net-ping-2.0.1-5.el8sat.noarch.rpm\nrubygem-net-scp-1.2.1-5.el8sat.noarch.rpm\nrubygem-net-ssh-4.2.0-3.el8sat.noarch.rpm\nrubygem-net-ssh-krb-0.4.0-4.el8sat.noarch.rpm\nrubygem-net_http_unix-0.2.2-2.el8sat.noarch.rpm\nrubygem-netrc-0.11.0-6.el8sat.noarch.rpm\nrubygem-oauth-0.5.4-5.el8sat.noarch.rpm\nrubygem-openscap-0.4.9-7.el8sat.noarch.rpm\nrubygem-openscap_parser-1.0.2-2.el8sat.noarch.rpm\nrubygem-optimist-3.0.0-3.el8sat.noarch.rpm\nrubygem-os-1.0.0-3.el8sat.noarch.rpm\nrubygem-ovirt_provision_plugin-2.0.3-3.el8sat.noarch.rpm\nrubygem-parallel-1.19.1-2.el8sat.noarch.rpm\nrubygem-parse-cron-0.1.4-5.el8sat.noarch.rpm\nrubygem-polyglot-0.3.5-3.1.el8sat.noarch.rpm\nrubygem-powerbar-2.0.1-3.el8sat.noarch.rpm\nrubygem-prometheus-client-1.0.0-3.el8sat.noarch.rpm\nrubygem-promise.rb-0.7.4-3.el8sat.noarch.rpm\nrubygem-public_suffix-3.0.3-3.el8sat.noarch.rpm\nrubygem-pulp_ansible_client-0.10.1-1.el8sat.noarch.rpm\nrubygem-pulp_certguard_client-1.5.0-1.el8sat.noarch.rpm\nrubygem-pulp_container_client-2.9.0-1.el8sat.noarch.rpm\nrubygem-pulp_deb_client-2.16.0-1.el8sat.noarch.rpm\nrubygem-pulp_file_client-1.10.0-1.el8sat.noarch.rpm\nrubygem-pulp_ostree_client-2.0.0-0.1.a1.el8sat.noarch.rpm\nrubygem-pulp_python_client-3.5.2-1.el8sat.noarch.rpm\nrubygem-pulp_rpm_client-3.17.4-1.el8sat.noarch.rpm\nrubygem-pulpcore_client-3.16.7-1.el8sat.noarch.rpm\nrubygem-puma-status-1.3-1.el8sat.noarch.rpm\nrubygem-quantile-0.2.0-5.el8sat.noarch.rpm\nrubygem-rabl-0.14.3-2.el8sat.noarch.rpm\nrubygem-rack-2.2.3-2.el8sat.noarch.rpm\nrubygem-rack-cors-1.0.2-3.el8sat.noarch.rpm\nrubygem-rack-jsonp-1.3.1-10.el8sat.noarch.rpm\nrubygem-rack-protection-2.1.0-2.el8sat.noarch.rpm\nrubygem-rack-test-1.1.0-5.el8sat.noarch.rpm\nrubygem-rails-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-rails-dom-testing-2.0.3-7.el8sat.noarch.rpm\nrubygem-rails-html-sanitizer-1.3.0-2.el8sat.noarch.rpm\nrubygem-rails-i18n-6.0.0-3.el8sat.noarch.rpm\nrubygem-railties-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-rainbow-2.2.2-1.el8sat.noarch.rpm\nrubygem-rb-inotify-0.9.7-6.el8sat.noarch.rpm\nrubygem-rbnacl-4.0.2-2.el8sat.noarch.rpm\nrubygem-rbvmomi-2.2.0-4.el8sat.noarch.rpm\nrubygem-record_tag_helper-1.0.1-4.el8sat.noarch.rpm\nrubygem-recursive-open-struct-1.1.0-2.el8sat.noarch.rpm\nrubygem-redfish_client-0.5.2-2.el8sat.noarch.rpm\nrubygem-redis-4.5.1-1.el8sat.noarch.rpm\nrubygem-representable-3.0.4-3.el8sat.noarch.rpm\nrubygem-responders-3.0.0-4.el8sat.noarch.rpm\nrubygem-rest-client-2.0.2-4.el8sat.noarch.rpm\nrubygem-retriable-3.1.2-3.el8sat.noarch.rpm\nrubygem-roadie-3.4.0-4.el8sat.noarch.rpm\nrubygem-roadie-rails-2.1.1-3.el8sat.noarch.rpm\nrubygem-robotex-1.0.0-22.el8sat.noarch.rpm\nrubygem-rsec-0.4.3-5.el8sat.noarch.rpm\nrubygem-ruby2_keywords-0.0.4-1.el8sat.noarch.rpm\nrubygem-ruby2ruby-2.4.2-4.el8sat.noarch.rpm\nrubygem-ruby_parser-3.10.1-4.el8sat.noarch.rpm\nrubygem-rubyipmi-0.11.0-1.el8sat.noarch.rpm\nrubygem-runcible-2.13.1-2.el8sat.noarch.rpm\nrubygem-safemode-1.3.6-2.el8sat.noarch.rpm\nrubygem-scoped_search-4.1.9-2.el8sat.noarch.rpm\nrubygem-sd_notify-0.1.0-2.el8sat.noarch.rpm\nrubygem-secure_headers-6.3.0-3.el8sat.noarch.rpm\nrubygem-sequel-5.42.0-2.el8sat.noarch.rpm\nrubygem-server_sent_events-0.1.2-2.el8sat.noarch.rpm\nrubygem-sexp_processor-4.10.0-7.el8sat.noarch.rpm\nrubygem-sidekiq-5.2.10-1.el8sat.noarch.rpm\nrubygem-signet-0.14.0-2.el8sat.noarch.rpm\nrubygem-sinatra-2.1.0-3.el8sat.noarch.rpm\nrubygem-smart_proxy_ansible-3.3.1-2.el8sat.noarch.rpm\nrubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.noarch.rpm\nrubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el8sat.noarch.rpm\nrubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el8sat.noarch.rpm\nrubygem-smart_proxy_discovery-1.0.5-8.el8sat.noarch.rpm\nrubygem-smart_proxy_discovery_image-1.3.2-3.el8sat.noarch.rpm\nrubygem-smart_proxy_dns_infoblox-1.1.0-6.el8sat.noarch.rpm\nrubygem-smart_proxy_dynflow-0.6.3-1.el8sat.noarch.rpm\nrubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.noarch.rpm\nrubygem-smart_proxy_openscap-0.9.2-1.el8sat.noarch.rpm\nrubygem-smart_proxy_pulp-3.2.0-2.el8sat.noarch.rpm\nrubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el8sat.noarch.rpm\nrubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.noarch.rpm\nrubygem-sprockets-4.0.2-2.el8sat.noarch.rpm\nrubygem-sprockets-rails-3.2.1-7.el8sat.noarch.rpm\nrubygem-sshkey-1.9.0-5.el8sat.noarch.rpm\nrubygem-statsd-instrument-2.1.4-4.el8sat.noarch.rpm\nrubygem-stomp-1.4.9-2.el8sat.noarch.rpm\nrubygem-thor-1.0.1-3.el8sat.noarch.rpm\nrubygem-thread_safe-0.3.6-6.el8sat.noarch.rpm\nrubygem-tilt-2.0.8-5.el8sat.noarch.rpm\nrubygem-timeliness-0.3.10-2.el8sat.noarch.rpm\nrubygem-tzinfo-1.2.6-2.el8sat.noarch.rpm\nrubygem-uber-0.1.0-3.el8sat.noarch.rpm\nrubygem-unf-0.1.3-9.el8sat.noarch.rpm\nrubygem-unicode-display_width-1.7.0-2.el8sat.noarch.rpm\nrubygem-validates_lengths_from_database-0.5.0-8.el8sat.noarch.rpm\nrubygem-webpack-rails-0.9.8-6.1.el8sat.noarch.rpm\nrubygem-websocket-extensions-0.1.5-2.el8sat.noarch.rpm\nrubygem-will_paginate-3.1.7-4.el8sat.noarch.rpm\nrubygem-zeitwerk-2.2.2-2.el8sat.noarch.rpm\nsatellite-6.11.0-2.el8sat.noarch.rpm\nsatellite-cli-6.11.0-2.el8sat.noarch.rpm\nsatellite-common-6.11.0-2.el8sat.noarch.rpm\nsatellite-installer-6.11.0.7-1.el8sat.noarch.rpm\nsatellite-maintain-0.0.1-1.el8sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.20.0-1.el8pc.x86_64.rpm\ncreaterepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm\ncreaterepo_c-debugsource-0.20.0-1.el8pc.x86_64.rpm\ncreaterepo_c-libs-0.20.0-1.el8pc.x86_64.rpm\ncreaterepo_c-libs-debuginfo-0.20.0-1.el8pc.x86_64.rpm\ndynflow-utils-1.6.3-1.el8sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-4.1.el8sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-4.1.el8sat.x86_64.rpm\nlibcomps-0.1.18-1.el8pc.x86_64.rpm\nlibcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm\nlibcomps-debugsource-0.1.18-1.el8pc.x86_64.rpm\nlibdb-cxx-5.3.28-42.el8_4.x86_64.rpm\nlibdb-cxx-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-debugsource-5.3.28-42.el8_4.x86_64.rpm\nlibdb-java-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-sql-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-sql-devel-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-tcl-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-utils-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibsodium-1.0.17-3.el8sat.x86_64.rpm\nlibsodium-debuginfo-1.0.17-3.el8sat.x86_64.rpm\nlibsodium-debugsource-1.0.17-3.el8sat.x86_64.rpm\nlibsolv-0.7.22-1.el8pc.x86_64.rpm\nlibsolv-debuginfo-0.7.22-1.el8pc.x86_64.rpm\nlibsolv-debugsource-0.7.22-1.el8pc.x86_64.rpm\nlibsolv-demo-debuginfo-0.7.22-1.el8pc.x86_64.rpm\nlibsolv-tools-debuginfo-0.7.22-1.el8pc.x86_64.rpm\nlibwebsockets-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-debugsource-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-tests-debuginfo-2.4.2-2.el8.x86_64.rpm\npostgresql-evr-0.0.2-1.el8sat.x86_64.rpm\npulpcore-selinux-1.3.0-1.el8pc.x86_64.rpm\npuppet-agent-7.12.1-1.el8sat.x86_64.rpm\npython-aiohttp-debugsource-3.8.1-2.el8pc.x86_64.rpm\npython-brotli-debugsource-1.0.9-1.el8pc.x86_64.rpm\npython-cchardet-debugsource-2.1.7-1.el8pc.x86_64.rpm\npython-cffi-debugsource-1.15.0-1.el8pc.x86_64.rpm\npython-cryptography-debugsource-3.1.1-1.el8pc.x86_64.rpm\npython-frozenlist-debugsource-1.3.0-1.el8pc.x86_64.rpm\npython-lxml-debugsource-4.7.1-1.el8pc.x86_64.rpm\npython-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm\npython-markupsafe-debugsource-2.0.1-2.el8pc.x86_64.rpm\npython-multidict-debugsource-5.2.0-1.el8pc.x86_64.rpm\npython-psutil-debugsource-5.7.2-2.el8sat.x86_64.rpm\npython-psycopg2-debugsource-2.9.1-1.el8pc.x86_64.rpm\npython-pycairo-debugsource-1.20.1-2.el8pc.x86_64.rpm\npython-pycares-debugsource-4.1.2-3.el8pc.x86_64.rpm\npython-pycryptodomex-debugsource-3.11.0-1.el8pc.x86_64.rpm\npython-pygobject-debugsource-3.40.1-1.el8pc.x86_64.rpm\npython-pyrsistent-debugsource-0.18.0-1.el8pc.x86_64.rpm\npython-rhsm-debugsource-1.19.2-2.el8pc.x86_64.rpm\npython-ruamel-yaml-clib-debugsource-0.2.6-1.el8pc.x86_64.rpm\npython-yarl-debugsource-1.7.2-1.el8pc.x86_64.rpm\npython2-qpid-qmf-1.39.0-7.el8amq.x86_64.rpm\npython2-saslwrapper-0.22-6.el8sat.x86_64.rpm\npython2-saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm\npython3-createrepo_c-0.20.0-1.el8pc.x86_64.rpm\npython3-createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm\npython3-libcomps-0.1.18-1.el8pc.x86_64.rpm\npython3-libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm\npython3-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm\npython3-psutil-5.7.2-2.el8sat.x86_64.rpm\npython3-psutil-debuginfo-5.7.2-2.el8sat.x86_64.rpm\npython3-qpid-proton-0.33.0-4.el8.x86_64.rpm\npython3-qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm\npython3-solv-0.7.22-1.el8pc.x86_64.rpm\npython3-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm\npython38-aiohttp-3.8.1-2.el8pc.x86_64.rpm\npython38-aiohttp-debuginfo-3.8.1-2.el8pc.x86_64.rpm\npython38-brotli-1.0.9-1.el8pc.x86_64.rpm\npython38-brotli-debuginfo-1.0.9-1.el8pc.x86_64.rpm\npython38-cchardet-2.1.7-1.el8pc.x86_64.rpm\npython38-cchardet-debuginfo-2.1.7-1.el8pc.x86_64.rpm\npython38-cffi-1.15.0-1.el8pc.x86_64.rpm\npython38-cffi-debuginfo-1.15.0-1.el8pc.x86_64.rpm\npython38-createrepo_c-0.20.0-1.el8pc.x86_64.rpm\npython38-createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm\npython38-cryptography-3.1.1-1.el8pc.x86_64.rpm\npython38-cryptography-debuginfo-3.1.1-1.el8pc.x86_64.rpm\npython38-frozenlist-1.3.0-1.el8pc.x86_64.rpm\npython38-frozenlist-debuginfo-1.3.0-1.el8pc.x86_64.rpm\npython38-libcomps-0.1.18-1.el8pc.x86_64.rpm\npython38-libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm\npython38-lxml-4.7.1-1.el8pc.x86_64.rpm\npython38-lxml-debuginfo-4.7.1-1.el8pc.x86_64.rpm\npython38-markupsafe-2.0.1-2.el8pc.x86_64.rpm\npython38-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm\npython38-multidict-5.2.0-1.el8pc.x86_64.rpm\npython38-multidict-debuginfo-5.2.0-1.el8pc.x86_64.rpm\npython38-psycopg2-2.9.1-1.el8pc.x86_64.rpm\npython38-psycopg2-debuginfo-2.9.1-1.el8pc.x86_64.rpm\npython38-pycairo-1.20.1-2.el8pc.x86_64.rpm\npython38-pycairo-debuginfo-1.20.1-2.el8pc.x86_64.rpm\npython38-pycares-4.1.2-3.el8pc.x86_64.rpm\npython38-pycares-debuginfo-4.1.2-3.el8pc.x86_64.rpm\npython38-pycryptodomex-3.11.0-1.el8pc.x86_64.rpm\npython38-pycryptodomex-debuginfo-3.11.0-1.el8pc.x86_64.rpm\npython38-pygobject-3.40.1-1.el8pc.x86_64.rpm\npython38-pygobject-debuginfo-3.40.1-1.el8pc.x86_64.rpm\npython38-pyrsistent-0.18.0-1.el8pc.x86_64.rpm\npython38-pyrsistent-debuginfo-0.18.0-1.el8pc.x86_64.rpm\npython38-pyyaml-5.4.1-3.el8pc.x86_64.rpm\npython38-rhsm-1.19.2-2.el8pc.x86_64.rpm\npython38-rhsm-debuginfo-1.19.2-2.el8pc.x86_64.rpm\npython38-ruamel-yaml-clib-0.2.6-1.el8pc.x86_64.rpm\npython38-ruamel-yaml-clib-debuginfo-0.2.6-1.el8pc.x86_64.rpm\npython38-solv-0.7.22-1.el8pc.x86_64.rpm\npython38-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm\npython38-yarl-1.7.2-1.el8pc.x86_64.rpm\npython38-yarl-debuginfo-1.7.2-1.el8pc.x86_64.rpm\nqpid-cpp-client-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-devel-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-devel-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-debugsource-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-ha-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-linearstore-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-dispatch-debugsource-1.14.0-6.el8.x86_64.rpm\nqpid-dispatch-router-1.14.0-6.el8.x86_64.rpm\nqpid-dispatch-router-debuginfo-1.14.0-6.el8.x86_64.rpm\nqpid-proton-c-0.33.0-4.el8.x86_64.rpm\nqpid-proton-c-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-cpp-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-debugsource-0.33.0-4.el8.x86_64.rpm\nqpid-qmf-1.39.0-7.el8amq.x86_64.rpm\nqpid-qmf-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nruby-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm\nrubygem-bcrypt-3.1.12-4.1.el8sat.x86_64.rpm\nrubygem-bcrypt-debuginfo-3.1.12-4.1.el8sat.x86_64.rpm\nrubygem-bcrypt-debugsource-3.1.12-4.1.el8sat.x86_64.rpm\nrubygem-facter-4.0.51-2.el8sat.x86_64.rpm\nrubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-ffi-debuginfo-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-http_parser.rb-0.6.0-3.1.el8sat.x86_64.rpm\nrubygem-http_parser.rb-debuginfo-0.6.0-3.1.el8sat.x86_64.rpm\nrubygem-http_parser.rb-debugsource-0.6.0-3.1.el8sat.x86_64.rpm\nrubygem-journald-native-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-journald-native-debuginfo-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-journald-native-debugsource-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-msgpack-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-msgpack-debuginfo-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-msgpack-debugsource-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-newt-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-newt-debugsource-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-nio4r-2.5.4-2.1.el8sat.x86_64.rpm\nrubygem-nio4r-debuginfo-2.5.4-2.1.el8sat.x86_64.rpm\nrubygem-nio4r-debugsource-2.5.4-2.1.el8sat.x86_64.rpm\nrubygem-nokogiri-1.11.3-2.el8sat.x86_64.rpm\nrubygem-nokogiri-debuginfo-1.11.3-2.el8sat.x86_64.rpm\nrubygem-nokogiri-debugsource-1.11.3-2.el8sat.x86_64.rpm\nrubygem-ovirt-engine-sdk-4.4.0-2.1.el8sat.x86_64.rpm\nrubygem-ovirt-engine-sdk-debuginfo-4.4.0-2.1.el8sat.x86_64.rpm\nrubygem-ovirt-engine-sdk-debugsource-4.4.0-2.1.el8sat.x86_64.rpm\nrubygem-puma-5.6.2-1.el8sat.x86_64.rpm\nrubygem-puma-debuginfo-5.6.2-1.el8sat.x86_64.rpm\nrubygem-puma-debugsource-5.6.2-1.el8sat.x86_64.rpm\nrubygem-qpid_proton-0.33.0-4.el8.x86_64.rpm\nrubygem-qpid_proton-0.33.0-5.el8sat.x86_64.rpm\nrubygem-qpid_proton-debuginfo-0.33.0-4.el8.x86_64.rpm\nrubygem-qpid_proton-debuginfo-0.33.0-5.el8sat.x86_64.rpm\nrubygem-qpid_proton-debugsource-0.33.0-5.el8sat.x86_64.rpm\nrubygem-rkerberos-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-rkerberos-debuginfo-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-rkerberos-debugsource-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-debugsource-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-sqlite3-1.3.13-7.1.el8sat.x86_64.rpm\nrubygem-sqlite3-debuginfo-1.3.13-7.1.el8sat.x86_64.rpm\nrubygem-sqlite3-debugsource-1.3.13-7.1.el8sat.x86_64.rpm\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unicode-0.4.4.4-4.1.el8sat.x86_64.rpm\nrubygem-unicode-debuginfo-0.4.4.4-4.1.el8sat.x86_64.rpm\nrubygem-unicode-debugsource-0.4.4.4-4.1.el8sat.x86_64.rpm\nrubygem-websocket-driver-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-websocket-driver-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-websocket-driver-debugsource-0.7.1-2.1.el8sat.x86_64.rpm\nsaslwrapper-0.22-6.el8sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm\nsaslwrapper-debugsource-0.22-6.el8sat.x86_64.rpm\nyggdrasil-worker-forwarder-0.0.1-1.el8sat.x86_64.rpm\n\nRed Hat Satellite 6.11 for RHEL 8:\n\nSource:\nansible-collection-redhat-satellite-3.3.0-1.el8sat.src.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.src.rpm\nansible-lint-5.0.8-3.el8pc.src.rpm\nansible-runner-1.4.7-1.el8ar.src.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el8sat.src.rpm\nansiblerole-insights-client-1.7.1-2.el8sat.src.rpm\ncreaterepo_c-0.20.0-1.el8pc.src.rpm\ndynflow-utils-1.6.3-1.el8sat.src.rpm\nforeman-3.1.1.21-2.el8sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el8sat.src.rpm\nforeman-discovery-image-3.8.2-1.el8sat.src.rpm\nforeman-discovery-image-service-1.0.0-4.1.el8sat.src.rpm\nforeman-installer-3.1.2.6-1.el8sat.src.rpm\nforeman-proxy-3.1.1.1-1.el8sat.src.rpm\nforeman-selinux-3.1.2.1-1.el8sat.src.rpm\nkatello-4.3.0-3.el8sat.src.rpm\nkatello-certs-tools-2.9.0-1.el8sat.src.rpm\nkatello-client-bootstrap-1.7.9-1.el8sat.src.rpm\nlibcomps-0.1.18-1.el8pc.src.rpm\nlibdb-5.3.28-42.el8_4.src.rpm\nlibsodium-1.0.17-3.el8sat.src.rpm\nlibsolv-0.7.22-1.el8pc.src.rpm\nlibwebsockets-2.4.2-2.el8.src.rpm\npulpcore-selinux-1.3.0-1.el8pc.src.rpm\npuppet-agent-7.12.1-1.el8sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el8sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el8sat.src.rpm\npuppetlabs-stdlib-5.2.0-1.el8sat.src.rpm\npuppetserver-7.4.2-1.el8sat.src.rpm\npython-aiodns-3.0.0-2.el8pc.src.rpm\npython-aiofiles-0.7.0-2.el8pc.src.rpm\npython-aiohttp-3.8.1-2.el8pc.src.rpm\npython-aiohttp-xmlrpc-1.5.0-1.el8pc.src.rpm\npython-aioredis-2.0.0-2.el8pc.src.rpm\npython-aiosignal-1.2.0-1.el8pc.src.rpm\npython-ansible-builder-1.0.1-2.el8pc.src.rpm\npython-asgiref-3.4.1-1.el8pc.src.rpm\npython-async-lru-1.0.2-2.el8pc.src.rpm\npython-async-timeout-4.0.2-1.el8pc.src.rpm\npython-asyncio-throttle-1.0.2-2.el8pc.src.rpm\npython-attrs-21.2.0-2.el8pc.src.rpm\npython-backoff-1.11.1-1.el8pc.src.rpm\npython-bindep-2.10.1-1.el8pc.src.rpm\npython-bleach-3.3.1-1.el8pc.src.rpm\npython-bleach-allowlist-1.0.3-2.el8pc.src.rpm\npython-bracex-2.2-1.el8pc.src.rpm\npython-brotli-1.0.9-1.el8pc.src.rpm\npython-cchardet-2.1.7-1.el8pc.src.rpm\npython-certifi-2020.6.20-2.el8pc.src.rpm\npython-cffi-1.15.0-1.el8pc.src.rpm\npython-charset-normalizer-2.0.7-1.el8pc.src.rpm\npython-click-8.0.3-1.el8pc.src.rpm\npython-click-shell-2.1-2.el8pc.src.rpm\npython-colorama-0.4.4-2.el8pc.src.rpm\npython-commonmark-0.9.1-4.el8pc.src.rpm\npython-contextlib2-21.6.0-2.el8pc.src.rpm\npython-cryptography-3.1.1-1.el8pc.src.rpm\npython-daemon-2.1.2-9.el8ar.src.rpm\npython-dataclasses-0.8-2.el8pc.src.rpm\npython-dateutil-2.8.2-1.el8pc.src.rpm\npython-debian-0.1.42-1.el8pc.src.rpm\npython-defusedxml-0.7.1-2.el8pc.src.rpm\npython-diff-match-patch-20200713-2.el8pc.src.rpm\npython-distro-1.6.0-2.el8pc.src.rpm\npython-django-3.2.13-1.el8pc.src.rpm\npython-django-currentuser-0.5.3-3.el8pc.src.rpm\npython-django-filter-21.1-1.el8pc.src.rpm\npython-django-guardian-2.4.0-3.el8pc.src.rpm\npython-django-guid-3.2.0-2.el8pc.src.rpm\npython-django-import-export-2.6.1-1.el8pc.src.rpm\npython-django-lifecycle-0.9.3-1.el8pc.src.rpm\npython-django-prometheus-2.1.0-2.el8pc.src.rpm\npython-django-readonly-field-1.0.5-3.el8pc.src.rpm\npython-djangorestframework-3.12.4-4.el8pc.src.rpm\npython-djangorestframework-queryfields-1.0.0-4.el8pc.src.rpm\npython-drf-access-policy-1.1.0-1.el8pc.src.rpm\npython-drf-nested-routers-0.93.3-3.el8pc.src.rpm\npython-drf-spectacular-0.20.1-1.el8pc.src.rpm\npython-dynaconf-3.1.7-2.el8pc.src.rpm\npython-ecdsa-0.13.3-3.el8pc.src.rpm\npython-enrich-1.2.6-3.el8pc.src.rpm\npython-et-xmlfile-1.1.0-1.el8pc.src.rpm\npython-flake8-3.9.2-3.el8pc.src.rpm\npython-frozenlist-1.3.0-1.el8pc.src.rpm\npython-future-0.18.2-4.el8pc.src.rpm\npython-galaxy-importer-0.4.1-2.el8pc.src.rpm\npython-gnupg-0.4.7-2.el8pc.src.rpm\npython-gunicorn-20.1.0-3.el8pc.src.rpm\npython-idna-3.3-1.el8pc.src.rpm\npython-idna-ssl-1.1.0-4.el8pc.src.rpm\npython-importlib-metadata-1.7.0-2.el8pc.src.rpm\npython-inflection-0.5.1-2.el8pc.src.rpm\npython-iniparse-0.4-34.el8pc.src.rpm\npython-jinja2-3.0.2-1.el8pc.src.rpm\npython-jsonschema-3.2.0-7.el8pc.src.rpm\npython-lockfile-0.11.0-8.el8ar.src.rpm\npython-lxml-4.7.1-1.el8pc.src.rpm\npython-markdown-3.3.4-4.el8pc.src.rpm\npython-markuppy-1.14-2.el8pc.src.rpm\npython-markupsafe-2.0.1-2.el8pc.src.rpm\npython-mccabe-0.6.1-2.el8pc.src.rpm\npython-multidict-5.2.0-1.el8pc.src.rpm\npython-naya-1.1.1-1.el8pc.src.rpm\npython-odfpy-1.4.1-5.el8pc.src.rpm\npython-openpyxl-3.0.9-1.el8pc.src.rpm\npython-packaging-21.2-1.el8pc.src.rpm\npython-parsley-1.3-1.el8pc.src.rpm\npython-pbr-5.6.0-1.el8pc.src.rpm\npython-pexpect-4.6-2.el8ar.src.rpm\npython-productmd-1.33-2.el8pc.src.rpm\npython-prometheus-client-0.8.0-2.el8pc.src.rpm\npython-psutil-5.7.2-2.el8sat.src.rpm\npython-psycopg2-2.9.1-1.el8pc.src.rpm\npython-pulp-ansible-0.10.1-1.el8pc.src.rpm\npython-pulp-certguard-1.5.1-1.el8pc.src.rpm\npython-pulp-cli-0.14.0-1.el8pc.src.rpm\npython-pulp-container-2.9.2-1.el8pc.src.rpm\npython-pulp-deb-2.16.1-1.el8pc.src.rpm\npython-pulp-file-1.10.1-1.el8pc.src.rpm\npython-pulp-rpm-3.17.5-1.1.el8pc.src.rpm\npython-pulpcore-3.16.9-1.el8pc.src.rpm\npython-pyOpenSSL-19.1.0-2.el8pc.src.rpm\npython-pycairo-1.20.1-2.el8pc.src.rpm\npython-pycares-4.1.2-3.el8pc.src.rpm\npython-pycodestyle-2.7.0-4.el8pc.src.rpm\npython-pycparser-2.20-2.el8pc.src.rpm\npython-pycryptodomex-3.11.0-1.el8pc.src.rpm\npython-pyflakes-2.3.1-4.el8pc.src.rpm\npython-pygments-2.10.0-2.el8pc.src.rpm\npython-pygobject-3.40.1-1.el8pc.src.rpm\npython-pygtrie-2.4.2-2.el8pc.src.rpm\npython-pyjwkest-1.4.2-5.el8pc.src.rpm\npython-pyjwt-1.7.1-7.el8pc.src.rpm\npython-pyparsing-2.4.7-2.el8pc.src.rpm\npython-pyrsistent-0.18.0-1.el8pc.src.rpm\npython-pytz-2021.3-1.el8pc.src.rpm\npython-pyyaml-5.4.1-3.el8pc.src.rpm\npython-qpid-1.37.0-1.el8.src.rpm\npython-redis-3.5.3-2.el8pc.src.rpm\npython-requests-2.26.0-3.el8pc.src.rpm\npython-requirements-parser-0.2.0-2.el8pc.src.rpm\npython-rhsm-1.19.2-2.el8pc.src.rpm\npython-rich-10.12.0-1.el8pc.src.rpm\npython-ruamel-yaml-0.17.17-1.el8pc.src.rpm\npython-ruamel-yaml-clib-0.2.6-1.el8pc.src.rpm\npython-schema-0.7.5-1.el8pc.src.rpm\npython-semantic-version-2.8.5-2.el8pc.src.rpm\npython-six-1.16.0-1.el8pc.src.rpm\npython-sqlparse-0.4.2-2.el8pc.src.rpm\npython-tablib-3.1.0-1.el8pc.src.rpm\npython-tenacity-7.0.0-2.el8pc.src.rpm\npython-toml-0.10.2-2.el8pc.src.rpm\npython-typing-extensions-3.10.0.2-1.el8pc.src.rpm\npython-uritemplate-4.1.1-1.el8pc.src.rpm\npython-url-normalize-1.4.3-3.el8pc.src.rpm\npython-urllib3-1.26.7-1.el8pc.src.rpm\npython-urlman-1.4.0-2.el8pc.src.rpm\npython-wcmatch-8.3-1.el8pc.src.rpm\npython-webencodings-0.5.1-2.el8pc.src.rpm\npython-whitenoise-5.3.0-1.el8pc.src.rpm\npython-xlrd-2.0.1-4.el8pc.src.rpm\npython-xlwt-1.3.0-2.el8pc.src.rpm\npython-yarl-1.7.2-1.el8pc.src.rpm\npython-zipp-3.4.0-3.el8pc.src.rpm\nqpid-cpp-1.39.0-7.el8amq.src.rpm\nqpid-dispatch-1.14.0-6.el8.src.rpm\nqpid-proton-0.33.0-4.el8.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el8sat.src.rpm\nrubygem-algebrick-0.7.3-8.el8sat.src.rpm\nrubygem-ansi-1.5.0-3.el8sat.src.rpm\nrubygem-apipie-params-0.0.5-5.1.el8sat.src.rpm\nrubygem-bundler_ext-0.4.1-6.el8sat.src.rpm\nrubygem-clamp-1.1.2-7.el8sat.src.rpm\nrubygem-concurrent-ruby-1.1.6-3.el8sat.src.rpm\nrubygem-concurrent-ruby-edge-0.6.0-3.el8sat.src.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.src.rpm\nrubygem-dynflow-1.6.4-1.el8sat.src.rpm\nrubygem-excon-0.76.0-2.el8sat.src.rpm\nrubygem-faraday-0.17.3-2.el8sat.src.rpm\nrubygem-faraday_middleware-0.13.1-3.el8sat.src.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.src.rpm\nrubygem-ffi-1.12.2-2.1.el8sat.src.rpm\nrubygem-foreman_maintain-1.0.12-1.el8sat.src.rpm\nrubygem-gssapi-1.2.0-8.el8sat.src.rpm\nrubygem-hashie-3.6.0-3.el8sat.src.rpm\nrubygem-highline-2.0.3-2.el8sat.src.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm\nrubygem-infoblox-3.0.0-4.el8sat.src.rpm\nrubygem-journald-logger-2.0.4-3.el8sat.src.rpm\nrubygem-journald-native-1.0.11-4.1.el8sat.src.rpm\nrubygem-jwt-2.2.2-2.el8sat.src.rpm\nrubygem-kafo-6.4.0-1.el8sat.src.rpm\nrubygem-kafo_parsers-1.2.1-1.el8sat.src.rpm\nrubygem-kafo_wizards-0.0.2-2.el8sat.src.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.src.rpm\nrubygem-logging-2.3.0-2.el8sat.src.rpm\nrubygem-logging-journald-2.0.0-3.el8sat.src.rpm\nrubygem-mime-types-3.3.1-2.el8sat.src.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm\nrubygem-mini_portile2-2.5.1-1.el8sat.src.rpm\nrubygem-mqtt-0.5.0-1.el8sat.src.rpm\nrubygem-msgpack-1.3.3-2.1.el8sat.src.rpm\nrubygem-multi_json-1.14.1-3.el8sat.src.rpm\nrubygem-multipart-post-2.0.0-3.el8sat.src.rpm\nrubygem-mustermann-1.1.1-1.el8sat.src.rpm\nrubygem-net-ssh-4.2.0-3.el8sat.src.rpm\nrubygem-net-ssh-krb-0.4.0-4.el8sat.src.rpm\nrubygem-netrc-0.11.0-6.el8sat.src.rpm\nrubygem-newt-0.9.7-3.1.el8sat.src.rpm\nrubygem-nokogiri-1.11.3-2.el8sat.src.rpm\nrubygem-oauth-0.5.4-5.el8sat.src.rpm\nrubygem-openscap-0.4.9-7.el8sat.src.rpm\nrubygem-openscap_parser-1.0.2-2.el8sat.src.rpm\nrubygem-powerbar-2.0.1-3.el8sat.src.rpm\nrubygem-rack-2.2.3-2.el8sat.src.rpm\nrubygem-rack-protection-2.1.0-2.el8sat.src.rpm\nrubygem-rb-inotify-0.9.7-6.el8sat.src.rpm\nrubygem-rbnacl-4.0.2-2.el8sat.src.rpm\nrubygem-redfish_client-0.5.2-2.el8sat.src.rpm\nrubygem-rest-client-2.0.2-4.el8sat.src.rpm\nrubygem-rkerberos-0.1.5-20.1.el8sat.src.rpm\nrubygem-rsec-0.4.3-5.el8sat.src.rpm\nrubygem-ruby-libvirt-0.7.1-2.1.el8sat.src.rpm\nrubygem-ruby2_keywords-0.0.4-1.el8sat.src.rpm\nrubygem-rubyipmi-0.11.0-1.el8sat.src.rpm\nrubygem-sd_notify-0.1.0-2.el8sat.src.rpm\nrubygem-sequel-5.42.0-2.el8sat.src.rpm\nrubygem-server_sent_events-0.1.2-2.el8sat.src.rpm\nrubygem-sinatra-2.1.0-3.el8sat.src.rpm\nrubygem-smart_proxy_ansible-3.3.1-2.el8sat.src.rpm\nrubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.src.rpm\nrubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el8sat.src.rpm\nrubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el8sat.src.rpm\nrubygem-smart_proxy_discovery-1.0.5-8.el8sat.src.rpm\nrubygem-smart_proxy_discovery_image-1.3.2-3.el8sat.src.rpm\nrubygem-smart_proxy_dns_infoblox-1.1.0-6.el8sat.src.rpm\nrubygem-smart_proxy_dynflow-0.6.3-1.el8sat.src.rpm\nrubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.src.rpm\nrubygem-smart_proxy_openscap-0.9.2-1.el8sat.src.rpm\nrubygem-smart_proxy_pulp-3.2.0-2.el8sat.src.rpm\nrubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el8sat.src.rpm\nrubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.src.rpm\nrubygem-sqlite3-1.3.13-7.1.el8sat.src.rpm\nrubygem-statsd-instrument-2.1.4-4.el8sat.src.rpm\nrubygem-tilt-2.0.8-5.el8sat.src.rpm\nrubygem-unf-0.1.3-9.el8sat.src.rpm\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm\nsaslwrapper-0.22-6.el8sat.src.rpm\nsatellite-6.11.0-2.el8sat.src.rpm\nsatellite-installer-6.11.0.7-1.el8sat.src.rpm\nsatellite-maintain-0.0.1-1.el8sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-3.3.0-1.el8sat.noarch.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.noarch.rpm\nansible-lint-5.0.8-3.el8pc.noarch.rpm\nansible-runner-1.4.7-1.el8ar.noarch.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el8sat.noarch.rpm\nansiblerole-insights-client-1.7.1-2.el8sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el8sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el8sat.noarch.rpm\nforeman-debug-3.1.1.21-2.el8sat.noarch.rpm\nforeman-discovery-image-3.8.2-1.el8sat.noarch.rpm\nforeman-installer-3.1.2.6-1.el8sat.noarch.rpm\nforeman-installer-katello-3.1.2.6-1.el8sat.noarch.rpm\nforeman-proxy-3.1.1.1-1.el8sat.noarch.rpm\nforeman-proxy-content-4.3.0-3.el8sat.noarch.rpm\nforeman-proxy-journald-3.1.1.1-1.el8sat.noarch.rpm\nforeman-proxy-selinux-3.1.2.1-1.el8sat.noarch.rpm\nkatello-certs-tools-2.9.0-1.el8sat.noarch.rpm\nkatello-client-bootstrap-1.7.9-1.el8sat.noarch.rpm\nkatello-common-4.3.0-3.el8sat.noarch.rpm\nkatello-debug-4.3.0-3.el8sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el8sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el8sat.noarch.rpm\npuppetlabs-stdlib-5.2.0-1.el8sat.noarch.rpm\npuppetserver-7.4.2-1.el8sat.noarch.rpm\npython2-qpid-1.37.0-1.el8.noarch.rpm\npython3-ansible-runner-1.4.7-1.el8ar.noarch.rpm\npython3-daemon-2.1.2-9.el8ar.noarch.rpm\npython3-lockfile-0.11.0-8.el8ar.noarch.rpm\npython3-pexpect-4.6-2.el8ar.noarch.rpm\npython38-aiodns-3.0.0-2.el8pc.noarch.rpm\npython38-aiofiles-0.7.0-2.el8pc.noarch.rpm\npython38-aiohttp-xmlrpc-1.5.0-1.el8pc.noarch.rpm\npython38-aioredis-2.0.0-2.el8pc.noarch.rpm\npython38-aiosignal-1.2.0-1.el8pc.noarch.rpm\npython38-ansible-builder-1.0.1-2.el8pc.noarch.rpm\npython38-asgiref-3.4.1-1.el8pc.noarch.rpm\npython38-async-lru-1.0.2-2.el8pc.noarch.rpm\npython38-async-timeout-4.0.2-1.el8pc.noarch.rpm\npython38-asyncio-throttle-1.0.2-2.el8pc.noarch.rpm\npython38-attrs-21.2.0-2.el8pc.noarch.rpm\npython38-backoff-1.11.1-1.el8pc.noarch.rpm\npython38-bindep-2.10.1-1.el8pc.noarch.rpm\npython38-bleach-3.3.1-1.el8pc.noarch.rpm\npython38-bleach-allowlist-1.0.3-2.el8pc.noarch.rpm\npython38-bracex-2.2-1.el8pc.noarch.rpm\npython38-certifi-2020.6.20-2.el8pc.noarch.rpm\npython38-charset-normalizer-2.0.7-1.el8pc.noarch.rpm\npython38-click-8.0.3-1.el8pc.noarch.rpm\npython38-click-shell-2.1-2.el8pc.noarch.rpm\npython38-colorama-0.4.4-2.el8pc.noarch.rpm\npython38-commonmark-0.9.1-4.el8pc.noarch.rpm\npython38-contextlib2-21.6.0-2.el8pc.noarch.rpm\npython38-dataclasses-0.8-2.el8pc.noarch.rpm\npython38-dateutil-2.8.2-1.el8pc.noarch.rpm\npython38-debian-0.1.42-1.el8pc.noarch.rpm\npython38-defusedxml-0.7.1-2.el8pc.noarch.rpm\npython38-diff-match-patch-20200713-2.el8pc.noarch.rpm\npython38-distro-1.6.0-2.el8pc.noarch.rpm\npython38-django-3.2.13-1.el8pc.noarch.rpm\npython38-django-currentuser-0.5.3-3.el8pc.noarch.rpm\npython38-django-filter-21.1-1.el8pc.noarch.rpm\npython38-django-guardian-2.4.0-3.el8pc.noarch.rpm\npython38-django-guid-3.2.0-2.el8pc.noarch.rpm\npython38-django-import-export-2.6.1-1.el8pc.noarch.rpm\npython38-django-lifecycle-0.9.3-1.el8pc.noarch.rpm\npython38-django-prometheus-2.1.0-2.el8pc.noarch.rpm\npython38-django-readonly-field-1.0.5-3.el8pc.noarch.rpm\npython38-djangorestframework-3.12.4-4.el8pc.noarch.rpm\npython38-djangorestframework-queryfields-1.0.0-4.el8pc.noarch.rpm\npython38-drf-access-policy-1.1.0-1.el8pc.noarch.rpm\npython38-drf-nested-routers-0.93.3-3.el8pc.noarch.rpm\npython38-drf-spectacular-0.20.1-1.el8pc.noarch.rpm\npython38-dynaconf-3.1.7-2.el8pc.noarch.rpm\npython38-ecdsa-0.13.3-3.el8pc.noarch.rpm\npython38-enrich-1.2.6-3.el8pc.noarch.rpm\npython38-et-xmlfile-1.1.0-1.el8pc.noarch.rpm\npython38-flake8-3.9.2-3.el8pc.noarch.rpm\npython38-future-0.18.2-4.el8pc.noarch.rpm\npython38-galaxy-importer-0.4.1-2.el8pc.noarch.rpm\npython38-gnupg-0.4.7-2.el8pc.noarch.rpm\npython38-gunicorn-20.1.0-3.el8pc.noarch.rpm\npython38-idna-3.3-1.el8pc.noarch.rpm\npython38-idna-ssl-1.1.0-4.el8pc.noarch.rpm\npython38-importlib-metadata-1.7.0-2.el8pc.noarch.rpm\npython38-inflection-0.5.1-2.el8pc.noarch.rpm\npython38-iniparse-0.4-34.el8pc.noarch.rpm\npython38-jinja2-3.0.2-1.el8pc.noarch.rpm\npython38-jsonschema-3.2.0-7.el8pc.noarch.rpm\npython38-markdown-3.3.4-4.el8pc.noarch.rpm\npython38-markuppy-1.14-2.el8pc.noarch.rpm\npython38-mccabe-0.6.1-2.el8pc.noarch.rpm\npython38-naya-1.1.1-1.el8pc.noarch.rpm\npython38-odfpy-1.4.1-5.el8pc.noarch.rpm\npython38-openpyxl-3.0.9-1.el8pc.noarch.rpm\npython38-packaging-21.2-1.el8pc.noarch.rpm\npython38-parsley-1.3-1.el8pc.noarch.rpm\npython38-pbr-5.6.0-1.el8pc.noarch.rpm\npython38-productmd-1.33-2.el8pc.noarch.rpm\npython38-prometheus-client-0.8.0-2.el8pc.noarch.rpm\npython38-pulp-ansible-0.10.1-1.el8pc.noarch.rpm\npython38-pulp-certguard-1.5.1-1.el8pc.noarch.rpm\npython38-pulp-cli-0.14.0-1.el8pc.noarch.rpm\npython38-pulp-container-2.9.2-1.el8pc.noarch.rpm\npython38-pulp-deb-2.16.1-1.el8pc.noarch.rpm\npython38-pulp-file-1.10.1-1.el8pc.noarch.rpm\npython38-pulp-rpm-3.17.5-1.1.el8pc.noarch.rpm\npython38-pulpcore-3.16.9-1.el8pc.noarch.rpm\npython38-pyOpenSSL-19.1.0-2.el8pc.noarch.rpm\npython38-pycodestyle-2.7.0-4.el8pc.noarch.rpm\npython38-pycparser-2.20-2.el8pc.noarch.rpm\npython38-pyflakes-2.3.1-4.el8pc.noarch.rpm\npython38-pygments-2.10.0-2.el8pc.noarch.rpm\npython38-pygtrie-2.4.2-2.el8pc.noarch.rpm\npython38-pyjwkest-1.4.2-5.el8pc.noarch.rpm\npython38-pyjwt-1.7.1-7.el8pc.noarch.rpm\npython38-pyparsing-2.4.7-2.el8pc.noarch.rpm\npython38-pytz-2021.3-1.el8pc.noarch.rpm\npython38-redis-3.5.3-2.el8pc.noarch.rpm\npython38-requests-2.26.0-3.el8pc.noarch.rpm\npython38-requirements-parser-0.2.0-2.el8pc.noarch.rpm\npython38-rich-10.12.0-1.el8pc.noarch.rpm\npython38-ruamel-yaml-0.17.17-1.el8pc.noarch.rpm\npython38-schema-0.7.5-1.el8pc.noarch.rpm\npython38-semantic-version-2.8.5-2.el8pc.noarch.rpm\npython38-six-1.16.0-1.el8pc.noarch.rpm\npython38-sqlparse-0.4.2-2.el8pc.noarch.rpm\npython38-tablib-3.1.0-1.el8pc.noarch.rpm\npython38-tenacity-7.0.0-2.el8pc.noarch.rpm\npython38-toml-0.10.2-2.el8pc.noarch.rpm\npython38-typing-extensions-3.10.0.2-1.el8pc.noarch.rpm\npython38-uritemplate-4.1.1-1.el8pc.noarch.rpm\npython38-url-normalize-1.4.3-3.el8pc.noarch.rpm\npython38-urllib3-1.26.7-1.el8pc.noarch.rpm\npython38-urlman-1.4.0-2.el8pc.noarch.rpm\npython38-wcmatch-8.3-1.el8pc.noarch.rpm\npython38-webencodings-0.5.1-2.el8pc.noarch.rpm\npython38-whitenoise-5.3.0-1.el8pc.noarch.rpm\npython38-xlrd-2.0.1-4.el8pc.noarch.rpm\npython38-xlwt-1.3.0-2.el8pc.noarch.rpm\npython38-zipp-3.4.0-3.el8pc.noarch.rpm\nqpid-tools-1.39.0-7.el8amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el8sat.noarch.rpm\nrubygem-algebrick-0.7.3-8.el8sat.noarch.rpm\nrubygem-ansi-1.5.0-3.el8sat.noarch.rpm\nrubygem-apipie-params-0.0.5-5.1.el8sat.noarch.rpm\nrubygem-bundler_ext-0.4.1-6.el8sat.noarch.rpm\nrubygem-clamp-1.1.2-7.el8sat.noarch.rpm\nrubygem-concurrent-ruby-1.1.6-3.el8sat.noarch.rpm\nrubygem-concurrent-ruby-edge-0.6.0-3.el8sat.noarch.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm\nrubygem-dynflow-1.6.4-1.el8sat.noarch.rpm\nrubygem-excon-0.76.0-2.el8sat.noarch.rpm\nrubygem-faraday-0.17.3-2.el8sat.noarch.rpm\nrubygem-faraday_middleware-0.13.1-3.el8sat.noarch.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm\nrubygem-foreman_maintain-1.0.12-1.el8sat.noarch.rpm\nrubygem-gssapi-1.2.0-8.el8sat.noarch.rpm\nrubygem-hashie-3.6.0-3.el8sat.noarch.rpm\nrubygem-highline-2.0.3-2.el8sat.noarch.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm\nrubygem-infoblox-3.0.0-4.el8sat.noarch.rpm\nrubygem-journald-logger-2.0.4-3.el8sat.noarch.rpm\nrubygem-jwt-2.2.2-2.el8sat.noarch.rpm\nrubygem-kafo-6.4.0-1.el8sat.noarch.rpm\nrubygem-kafo_parsers-1.2.1-1.el8sat.noarch.rpm\nrubygem-kafo_wizards-0.0.2-2.el8sat.noarch.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm\nrubygem-logging-2.3.0-2.el8sat.noarch.rpm\nrubygem-logging-journald-2.0.0-3.el8sat.noarch.rpm\nrubygem-mime-types-3.3.1-2.el8sat.noarch.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm\nrubygem-mini_portile2-2.5.1-1.el8sat.noarch.rpm\nrubygem-mqtt-0.5.0-1.el8sat.noarch.rpm\nrubygem-multi_json-1.14.1-3.el8sat.noarch.rpm\nrubygem-multipart-post-2.0.0-3.el8sat.noarch.rpm\nrubygem-mustermann-1.1.1-1.el8sat.noarch.rpm\nrubygem-net-ssh-4.2.0-3.el8sat.noarch.rpm\nrubygem-net-ssh-krb-0.4.0-4.el8sat.noarch.rpm\nrubygem-netrc-0.11.0-6.el8sat.noarch.rpm\nrubygem-oauth-0.5.4-5.el8sat.noarch.rpm\nrubygem-openscap-0.4.9-7.el8sat.noarch.rpm\nrubygem-openscap_parser-1.0.2-2.el8sat.noarch.rpm\nrubygem-powerbar-2.0.1-3.el8sat.noarch.rpm\nrubygem-rack-2.2.3-2.el8sat.noarch.rpm\nrubygem-rack-protection-2.1.0-2.el8sat.noarch.rpm\nrubygem-rb-inotify-0.9.7-6.el8sat.noarch.rpm\nrubygem-rbnacl-4.0.2-2.el8sat.noarch.rpm\nrubygem-redfish_client-0.5.2-2.el8sat.noarch.rpm\nrubygem-rest-client-2.0.2-4.el8sat.noarch.rpm\nrubygem-rsec-0.4.3-5.el8sat.noarch.rpm\nrubygem-ruby2_keywords-0.0.4-1.el8sat.noarch.rpm\nrubygem-rubyipmi-0.11.0-1.el8sat.noarch.rpm\nrubygem-sd_notify-0.1.0-2.el8sat.noarch.rpm\nrubygem-sequel-5.42.0-2.el8sat.noarch.rpm\nrubygem-server_sent_events-0.1.2-2.el8sat.noarch.rpm\nrubygem-sinatra-2.1.0-3.el8sat.noarch.rpm\nrubygem-smart_proxy_ansible-3.3.1-2.el8sat.noarch.rpm\nrubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.noarch.rpm\nrubygem-smart_proxy_dhcp_infoblox-0.0.16-6.el8sat.noarch.rpm\nrubygem-smart_proxy_dhcp_remote_isc-0.0.5-5.el8sat.noarch.rpm\nrubygem-smart_proxy_discovery-1.0.5-8.el8sat.noarch.rpm\nrubygem-smart_proxy_discovery_image-1.3.2-3.el8sat.noarch.rpm\nrubygem-smart_proxy_dns_infoblox-1.1.0-6.el8sat.noarch.rpm\nrubygem-smart_proxy_dynflow-0.6.3-1.el8sat.noarch.rpm\nrubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.noarch.rpm\nrubygem-smart_proxy_openscap-0.9.2-1.el8sat.noarch.rpm\nrubygem-smart_proxy_pulp-3.2.0-2.el8sat.noarch.rpm\nrubygem-smart_proxy_remote_execution_ssh-0.5.3-1.el8sat.noarch.rpm\nrubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.noarch.rpm\nrubygem-statsd-instrument-2.1.4-4.el8sat.noarch.rpm\nrubygem-tilt-2.0.8-5.el8sat.noarch.rpm\nrubygem-unf-0.1.3-9.el8sat.noarch.rpm\nsatellite-capsule-6.11.0-2.el8sat.noarch.rpm\nsatellite-common-6.11.0-2.el8sat.noarch.rpm\nsatellite-installer-6.11.0.7-1.el8sat.noarch.rpm\nsatellite-maintain-0.0.1-1.el8sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.20.0-1.el8pc.x86_64.rpm\ncreaterepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm\ncreaterepo_c-debugsource-0.20.0-1.el8pc.x86_64.rpm\ncreaterepo_c-libs-0.20.0-1.el8pc.x86_64.rpm\ncreaterepo_c-libs-debuginfo-0.20.0-1.el8pc.x86_64.rpm\ndynflow-utils-1.6.3-1.el8sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-4.1.el8sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-4.1.el8sat.x86_64.rpm\nlibcomps-0.1.18-1.el8pc.x86_64.rpm\nlibcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm\nlibcomps-debugsource-0.1.18-1.el8pc.x86_64.rpm\nlibdb-cxx-5.3.28-42.el8_4.x86_64.rpm\nlibdb-cxx-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-debugsource-5.3.28-42.el8_4.x86_64.rpm\nlibdb-java-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-sql-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-sql-devel-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-tcl-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-utils-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibsodium-1.0.17-3.el8sat.x86_64.rpm\nlibsodium-debuginfo-1.0.17-3.el8sat.x86_64.rpm\nlibsodium-debugsource-1.0.17-3.el8sat.x86_64.rpm\nlibsolv-0.7.22-1.el8pc.x86_64.rpm\nlibsolv-debuginfo-0.7.22-1.el8pc.x86_64.rpm\nlibsolv-debugsource-0.7.22-1.el8pc.x86_64.rpm\nlibsolv-demo-debuginfo-0.7.22-1.el8pc.x86_64.rpm\nlibsolv-tools-debuginfo-0.7.22-1.el8pc.x86_64.rpm\nlibwebsockets-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-debugsource-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-tests-debuginfo-2.4.2-2.el8.x86_64.rpm\npulpcore-selinux-1.3.0-1.el8pc.x86_64.rpm\npuppet-agent-7.12.1-1.el8sat.x86_64.rpm\npython-aiohttp-debugsource-3.8.1-2.el8pc.x86_64.rpm\npython-brotli-debugsource-1.0.9-1.el8pc.x86_64.rpm\npython-cchardet-debugsource-2.1.7-1.el8pc.x86_64.rpm\npython-cffi-debugsource-1.15.0-1.el8pc.x86_64.rpm\npython-cryptography-debugsource-3.1.1-1.el8pc.x86_64.rpm\npython-frozenlist-debugsource-1.3.0-1.el8pc.x86_64.rpm\npython-lxml-debugsource-4.7.1-1.el8pc.x86_64.rpm\npython-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm\npython-markupsafe-debugsource-2.0.1-2.el8pc.x86_64.rpm\npython-multidict-debugsource-5.2.0-1.el8pc.x86_64.rpm\npython-psutil-debugsource-5.7.2-2.el8sat.x86_64.rpm\npython-psycopg2-debugsource-2.9.1-1.el8pc.x86_64.rpm\npython-pycairo-debugsource-1.20.1-2.el8pc.x86_64.rpm\npython-pycares-debugsource-4.1.2-3.el8pc.x86_64.rpm\npython-pycryptodomex-debugsource-3.11.0-1.el8pc.x86_64.rpm\npython-pygobject-debugsource-3.40.1-1.el8pc.x86_64.rpm\npython-pyrsistent-debugsource-0.18.0-1.el8pc.x86_64.rpm\npython-rhsm-debugsource-1.19.2-2.el8pc.x86_64.rpm\npython-ruamel-yaml-clib-debugsource-0.2.6-1.el8pc.x86_64.rpm\npython-yarl-debugsource-1.7.2-1.el8pc.x86_64.rpm\npython2-qpid-qmf-1.39.0-7.el8amq.x86_64.rpm\npython2-saslwrapper-0.22-6.el8sat.x86_64.rpm\npython2-saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm\npython3-createrepo_c-0.20.0-1.el8pc.x86_64.rpm\npython3-createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm\npython3-libcomps-0.1.18-1.el8pc.x86_64.rpm\npython3-libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm\npython3-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm\npython3-psutil-5.7.2-2.el8sat.x86_64.rpm\npython3-psutil-debuginfo-5.7.2-2.el8sat.x86_64.rpm\npython3-qpid-proton-0.33.0-4.el8.x86_64.rpm\npython3-qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm\npython3-solv-0.7.22-1.el8pc.x86_64.rpm\npython3-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm\npython38-aiohttp-3.8.1-2.el8pc.x86_64.rpm\npython38-aiohttp-debuginfo-3.8.1-2.el8pc.x86_64.rpm\npython38-brotli-1.0.9-1.el8pc.x86_64.rpm\npython38-brotli-debuginfo-1.0.9-1.el8pc.x86_64.rpm\npython38-cchardet-2.1.7-1.el8pc.x86_64.rpm\npython38-cchardet-debuginfo-2.1.7-1.el8pc.x86_64.rpm\npython38-cffi-1.15.0-1.el8pc.x86_64.rpm\npython38-cffi-debuginfo-1.15.0-1.el8pc.x86_64.rpm\npython38-createrepo_c-0.20.0-1.el8pc.x86_64.rpm\npython38-createrepo_c-debuginfo-0.20.0-1.el8pc.x86_64.rpm\npython38-cryptography-3.1.1-1.el8pc.x86_64.rpm\npython38-cryptography-debuginfo-3.1.1-1.el8pc.x86_64.rpm\npython38-frozenlist-1.3.0-1.el8pc.x86_64.rpm\npython38-frozenlist-debuginfo-1.3.0-1.el8pc.x86_64.rpm\npython38-libcomps-0.1.18-1.el8pc.x86_64.rpm\npython38-libcomps-debuginfo-0.1.18-1.el8pc.x86_64.rpm\npython38-lxml-4.7.1-1.el8pc.x86_64.rpm\npython38-lxml-debuginfo-4.7.1-1.el8pc.x86_64.rpm\npython38-markupsafe-2.0.1-2.el8pc.x86_64.rpm\npython38-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm\npython38-multidict-5.2.0-1.el8pc.x86_64.rpm\npython38-multidict-debuginfo-5.2.0-1.el8pc.x86_64.rpm\npython38-psycopg2-2.9.1-1.el8pc.x86_64.rpm\npython38-psycopg2-debuginfo-2.9.1-1.el8pc.x86_64.rpm\npython38-pycairo-1.20.1-2.el8pc.x86_64.rpm\npython38-pycairo-debuginfo-1.20.1-2.el8pc.x86_64.rpm\npython38-pycares-4.1.2-3.el8pc.x86_64.rpm\npython38-pycares-debuginfo-4.1.2-3.el8pc.x86_64.rpm\npython38-pycryptodomex-3.11.0-1.el8pc.x86_64.rpm\npython38-pycryptodomex-debuginfo-3.11.0-1.el8pc.x86_64.rpm\npython38-pygobject-3.40.1-1.el8pc.x86_64.rpm\npython38-pygobject-debuginfo-3.40.1-1.el8pc.x86_64.rpm\npython38-pyrsistent-0.18.0-1.el8pc.x86_64.rpm\npython38-pyrsistent-debuginfo-0.18.0-1.el8pc.x86_64.rpm\npython38-pyyaml-5.4.1-3.el8pc.x86_64.rpm\npython38-rhsm-1.19.2-2.el8pc.x86_64.rpm\npython38-rhsm-debuginfo-1.19.2-2.el8pc.x86_64.rpm\npython38-ruamel-yaml-clib-0.2.6-1.el8pc.x86_64.rpm\npython38-ruamel-yaml-clib-debuginfo-0.2.6-1.el8pc.x86_64.rpm\npython38-solv-0.7.22-1.el8pc.x86_64.rpm\npython38-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm\npython38-yarl-1.7.2-1.el8pc.x86_64.rpm\npython38-yarl-debuginfo-1.7.2-1.el8pc.x86_64.rpm\nqpid-cpp-client-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-devel-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-debugsource-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-ha-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-linearstore-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-dispatch-debugsource-1.14.0-6.el8.x86_64.rpm\nqpid-dispatch-router-1.14.0-6.el8.x86_64.rpm\nqpid-dispatch-router-debuginfo-1.14.0-6.el8.x86_64.rpm\nqpid-proton-c-0.33.0-4.el8.x86_64.rpm\nqpid-proton-c-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-cpp-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-debugsource-0.33.0-4.el8.x86_64.rpm\nqpid-qmf-1.39.0-7.el8amq.x86_64.rpm\nqpid-qmf-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nruby-solv-debuginfo-0.7.22-1.el8pc.x86_64.rpm\nrubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-ffi-debuginfo-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-journald-native-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-journald-native-debuginfo-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-journald-native-debugsource-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-msgpack-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-msgpack-debuginfo-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-msgpack-debugsource-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-newt-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-newt-debugsource-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-nokogiri-1.11.3-2.el8sat.x86_64.rpm\nrubygem-nokogiri-debuginfo-1.11.3-2.el8sat.x86_64.rpm\nrubygem-nokogiri-debugsource-1.11.3-2.el8sat.x86_64.rpm\nrubygem-qpid_proton-debuginfo-0.33.0-4.el8.x86_64.rpm\nrubygem-rkerberos-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-rkerberos-debuginfo-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-rkerberos-debugsource-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-debugsource-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-sqlite3-1.3.13-7.1.el8sat.x86_64.rpm\nrubygem-sqlite3-debuginfo-1.3.13-7.1.el8sat.x86_64.rpm\nrubygem-sqlite3-debugsource-1.3.13-7.1.el8sat.x86_64.rpm\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm\nsaslwrapper-0.22-6.el8sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm\nsaslwrapper-debugsource-0.22-6.el8sat.x86_64.rpm\n\nRed Hat Satellite 6.11 for RHEL 8:\n\nSource:\nrubygem-clamp-1.1.2-7.el8sat.src.rpm\nrubygem-foreman_maintain-1.0.12-1.el8sat.src.rpm\nrubygem-highline-2.0.3-2.el8sat.src.rpm\nsatellite-clone-3.1.0-2.el8sat.src.rpm\nsatellite-maintain-0.0.1-1.el8sat.src.rpm\n\nnoarch:\nrubygem-clamp-1.1.2-7.el8sat.noarch.rpm\nrubygem-foreman_maintain-1.0.12-1.el8sat.noarch.rpm\nrubygem-highline-2.0.3-2.el8sat.noarch.rpm\nsatellite-clone-3.1.0-2.el8sat.noarch.rpm\nsatellite-maintain-0.0.1-1.el8sat.noarch.rpm\n\nRed Hat Satellite 6.11 for RHEL 8:\n\nSource:\nforeman-3.1.1.21-2.el8sat.src.rpm\nrubygem-amazing_print-1.1.0-2.el8sat.src.rpm\nrubygem-apipie-bindings-0.4.0-2.el8sat.src.rpm\nrubygem-clamp-1.1.2-7.el8sat.src.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.src.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.src.rpm\nrubygem-hammer_cli-3.1.0.1-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.src.rpm\nrubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.src.rpm\nrubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.src.rpm\nrubygem-hammer_cli_katello-1.3.1.6-1.el8sat.src.rpm\nrubygem-hashie-3.6.0-3.el8sat.src.rpm\nrubygem-highline-2.0.3-2.el8sat.src.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm\nrubygem-jwt-2.2.2-2.el8sat.src.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.src.rpm\nrubygem-locale-2.0.9-15.el8sat.src.rpm\nrubygem-logging-2.3.0-2.el8sat.src.rpm\nrubygem-mime-types-3.3.1-2.el8sat.src.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm\nrubygem-multi_json-1.14.1-3.el8sat.src.rpm\nrubygem-netrc-0.11.0-6.el8sat.src.rpm\nrubygem-oauth-0.5.4-5.el8sat.src.rpm\nrubygem-powerbar-2.0.1-3.el8sat.src.rpm\nrubygem-rest-client-2.0.2-4.el8sat.src.rpm\nrubygem-unf-0.1.3-9.el8sat.src.rpm\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm\nrubygem-unicode-0.4.4.4-4.1.el8sat.src.rpm\nrubygem-unicode-display_width-1.7.0-2.el8sat.src.rpm\nsatellite-6.11.0-2.el8sat.src.rpm\n\nnoarch:\nforeman-cli-3.1.1.21-2.el8sat.noarch.rpm\nrubygem-amazing_print-1.1.0-2.el8sat.noarch.rpm\nrubygem-apipie-bindings-0.4.0-2.el8sat.noarch.rpm\nrubygem-clamp-1.1.2-7.el8sat.noarch.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm\nrubygem-hammer_cli-3.1.0.1-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman-3.1.0.1-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_tasks-0.0.17-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_webhooks-0.0.2-1.el8sat.noarch.rpm\nrubygem-hammer_cli_katello-1.3.1.6-1.el8sat.noarch.rpm\nrubygem-hashie-3.6.0-3.el8sat.noarch.rpm\nrubygem-highline-2.0.3-2.el8sat.noarch.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm\nrubygem-jwt-2.2.2-2.el8sat.noarch.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm\nrubygem-locale-2.0.9-15.el8sat.noarch.rpm\nrubygem-logging-2.3.0-2.el8sat.noarch.rpm\nrubygem-mime-types-3.3.1-2.el8sat.noarch.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm\nrubygem-multi_json-1.14.1-3.el8sat.noarch.rpm\nrubygem-netrc-0.11.0-6.el8sat.noarch.rpm\nrubygem-oauth-0.5.4-5.el8sat.noarch.rpm\nrubygem-powerbar-2.0.1-3.el8sat.noarch.rpm\nrubygem-rest-client-2.0.2-4.el8sat.noarch.rpm\nrubygem-unf-0.1.3-9.el8sat.noarch.rpm\nrubygem-unicode-display_width-1.7.0-2.el8sat.noarch.rpm\nsatellite-cli-6.11.0-2.el8sat.noarch.rpm\n\nx86_64:\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unicode-0.4.4.4-4.1.el8sat.x86_64.rpm\nrubygem-unicode-debuginfo-0.4.4.4-4.1.el8sat.x86_64.rpm\nrubygem-unicode-debugsource-0.4.4.4-4.1.el8sat.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3200\nhttps://access.redhat.com/security/cve/CVE-2021-3584\nhttps://access.redhat.com/security/cve/CVE-2021-4142\nhttps://access.redhat.com/security/cve/CVE-2021-21290\nhttps://access.redhat.com/security/cve/CVE-2021-21295\nhttps://access.redhat.com/security/cve/CVE-2021-21409\nhttps://access.redhat.com/security/cve/CVE-2021-30151\nhttps://access.redhat.com/security/cve/CVE-2021-32839\nhttps://access.redhat.com/security/cve/CVE-2021-33928\nhttps://access.redhat.com/security/cve/CVE-2021-33929\nhttps://access.redhat.com/security/cve/CVE-2021-33930\nhttps://access.redhat.com/security/cve/CVE-2021-33938\nhttps://access.redhat.com/security/cve/CVE-2021-41136\nhttps://access.redhat.com/security/cve/CVE-2021-42550\nhttps://access.redhat.com/security/cve/CVE-2021-43797\nhttps://access.redhat.com/security/cve/CVE-2021-43818\nhttps://access.redhat.com/security/cve/CVE-2021-44420\nhttps://access.redhat.com/security/cve/CVE-2021-44568\nhttps://access.redhat.com/security/cve/CVE-2021-45115\nhttps://access.redhat.com/security/cve/CVE-2021-45116\nhttps://access.redhat.com/security/cve/CVE-2021-45452\nhttps://access.redhat.com/security/cve/CVE-2022-22818\nhttps://access.redhat.com/security/cve/CVE-2022-23633\nhttps://access.redhat.com/security/cve/CVE-2022-23634\nhttps://access.redhat.com/security/cve/CVE-2022-23833\nhttps://access.redhat.com/security/cve/CVE-2022-23837\nhttps://access.redhat.com/security/cve/CVE-2022-28346\nhttps://access.redhat.com/security/cve/CVE-2022-28347\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html/release_notes\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYsSEj9zjgjWX9erEAQj1NhAAh9dwyCl+/LFkekteujgg+I646SZTWNua\n7x7JKiF+ptoaQB3ZcbKHAwuLMK5LNzTnsq+Y+ZuhPh1EkDKlZ1LkiONw/kTgMHLB\nEEq+lqiI3Lr31NWValfQiIatXbLQIyD7ZCk9dxxkJtTGGJw+CL7W4f2naYAsei+4\niYghK8DG5C33U5K/1NpXetfQMpRihferXV15Cx/bxGMcRP+ryD9vxxq4PDMWa1UH\nzTco1EAzP3UZxpD/AqCwNmBoG4r8gxSJml6CJatiicUQ1SrTdSMj2x8jYJ8pCWXR\n2ceGJVse2rBC0cunqV3tX/NL9xu8L8Vq4lyYDzJNhoSElQ6Lb/lpu1HpQpoqqmAf\nUBA7f80opj1o80U/M/WTQaQ9dYFDua7WlzzeuP026Pohsy/M1lZicmXMCDGJZaT1\nE4ivToILRGYfhZcVBrhFgWiPUQRmFvhxpGY0cStlmpMAruGeE9saXr1LyAbQrlty\nfnm4z+pRiLowgJPPTmusYPicL0p1DwU9XMxDSTW11/zp9PK5dErL+mIYofbvrOpk\nMhTKGBJ7yOgrmKTBUNIyNupeLuFM5MUBcw+nnTyjUHPh1Vaygq//WbUD+2IZileV\n0tRbFgVrt8mCk031+OVCbsUyGPO/D9+ambl7xieynjuIOHyLC+H3PH9QghCzZAUS\naMoVmOr2Umo=+ioi\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-6682-1\nMarch 07, 2024\n\npuma vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 20.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in Puma. \n\nSoftware Description:\n- puma: threaded HTTP 1.1 server for Ruby/Rack applications\n\nDetails:\n\nZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. \nA remote attacker could possibly use this issue to perform an HTTP Request\nSmuggling attack. This issue only affected Ubuntu 20.04 LTS. \n(CVE-2020-11076)\n\nIt was discovered that Puma incorrectly handled parsing certain headers. \nA remote attacker could possibly use this issue to perform an HTTP Request\nSmuggling attack. This issue only affected Ubuntu 20.04 LTS. \n(CVE-2020-11077)\n\nJean Boussier discovered that Puma might not always release resources\nproperly after handling HTTP requests. A remote attacker could possibly\nuse this issue to read sensitive information. (CVE-2022-23634)\n\nIt was discovered that Puma incorrectly handled certain malformed headers. \nA remote attacker could use this issue to perform an HTTP Request Smuggling\nattack. (CVE-2022-24790)\n\nBen Kallus discovered that Puma incorrectly handled parsing certain headers. \nA remote attacker could use this issue to perform an HTTP Request Smuggling\nattack. (CVE-2023-40175)\n\nBartek Nowotarski discovered that Puma incorrectly handled parsing certain\nencoded content. A remote attacker could possibly use this to cause a\ndenial of service. (CVE-2024-21647)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS (Available with Ubuntu Pro):\n puma 5.5.2-2ubuntu2+esm1\n\nUbuntu 20.04 LTS (Available with Ubuntu Pro):\n puma 3.12.4-1ubuntu2+esm1\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23634"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005839"
},
{
"db": "CNVD",
"id": "CNVD-2022-10705"
},
{
"db": "VULMON",
"id": "CVE-2022-23634"
},
{
"db": "PACKETSTORM",
"id": "168079"
},
{
"db": "PACKETSTORM",
"id": "169325"
},
{
"db": "PACKETSTORM",
"id": "167709"
},
{
"db": "PACKETSTORM",
"id": "177509"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-23634",
"trust": 4.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005839",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168079",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-10705",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2529",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3282",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052603",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1101",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-23634",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169325",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167709",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "177509",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-10705"
},
{
"db": "VULMON",
"id": "CVE-2022-23634"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005839"
},
{
"db": "PACKETSTORM",
"id": "168079"
},
{
"db": "PACKETSTORM",
"id": "169325"
},
{
"db": "PACKETSTORM",
"id": "167709"
},
{
"db": "PACKETSTORM",
"id": "177509"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1101"
},
{
"db": "NVD",
"id": "CVE-2022-23634"
}
]
},
"id": "VAR-202202-1144",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-10705"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-10705"
}
]
},
"last_update_date": "2024-11-23T20:21:11.673000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[CVE-2022-23633]\u00a0Possible\u00a0exposure\u00a0of\u00a0information\u00a0vulnerability\u00a0in\u00a0Action\u00a0Pack",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html"
},
{
"title": "Patch for Puma Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/319791"
},
{
"title": "Puma Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=183289"
},
{
"title": "Debian CVElist Bug Report Logs: puma: CVE-2022-23634",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5ce6bc37b25613b93ec3dfb1b2be935c"
},
{
"title": "Red Hat: CVE-2022-23634",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-23634"
},
{
"title": "Debian Security Advisories: DSA-5146-1 puma -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=f367ad1da48cf328be9b2785d76245b3"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2022-23634"
},
{
"title": "Red Hat: Moderate: Satellite 6.11 Release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225498 - Security Advisory"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-051",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-051"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-10705"
},
{
"db": "VULMON",
"id": "CVE-2022-23634"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005839"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1101"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-404",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005839"
},
{
"db": "NVD",
"id": "CVE-2022-23634"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-28"
},
{
"trust": 1.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23634"
},
{
"trust": 1.7,
"url": "https://github.com/puma/puma/security/advisories/ghsa-rmj8-8hhh-gv5h"
},
{
"trust": 1.7,
"url": "https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb"
},
{
"trust": 1.7,
"url": "https://groups.google.com/g/ruby-security-ann/c/fktm-_7zsna/m/k2rimjblbaaj?utm_medium=email\u0026utm_source=footer\u0026pli=1"
},
{
"trust": 1.7,
"url": "https://github.com/advisories/ghsa-rmj8-8hhh-gv5h"
},
{
"trust": 1.7,
"url": "https://github.com/advisories/ghsa-wh98-p28r-vrc9"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2022/dsa-5146"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tubfj44nckj34leczrap4n5vl6usjsib/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/l7nesibfcnsr3xh7lxdpkvmsubnub43g/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/f6ywgiikl7kkts3zoaymypc7d6wq5oa5/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-23634"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l7nesibfcnsr3xh7lxdpkvmsubnub43g/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/f6ywgiikl7kkts3zoaymypc7d6wq5oa5/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tubfj44nckj34leczrap4n5vl6usjsib/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052603"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168079/gentoo-linux-security-advisory-202208-28.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3282"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2529"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/puma-information-disclosure-via-currentattributes-38239"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24790"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41136"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/404.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005391"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29509"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/puma"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28347"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21409"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44420"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30151"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21409"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30151"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42550"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22818"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42550"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32839"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html/upgrading_and_updating_red_hat_satellite"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21295"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45452"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23633"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44568"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41136"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43818"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23833"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21295"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21290"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23837"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45115"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4142"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4142"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3584"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32839"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html/release_notes"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21290"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-40175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-21647"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6682-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11076"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11077"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-10705"
},
{
"db": "VULMON",
"id": "CVE-2022-23634"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005839"
},
{
"db": "PACKETSTORM",
"id": "168079"
},
{
"db": "PACKETSTORM",
"id": "169325"
},
{
"db": "PACKETSTORM",
"id": "167709"
},
{
"db": "PACKETSTORM",
"id": "177509"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1101"
},
{
"db": "NVD",
"id": "CVE-2022-23634"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-10705"
},
{
"db": "VULMON",
"id": "CVE-2022-23634"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005839"
},
{
"db": "PACKETSTORM",
"id": "168079"
},
{
"db": "PACKETSTORM",
"id": "169325"
},
{
"db": "PACKETSTORM",
"id": "167709"
},
{
"db": "PACKETSTORM",
"id": "177509"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1101"
},
{
"db": "NVD",
"id": "CVE-2022-23634"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-10705"
},
{
"date": "2022-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23634"
},
{
"date": "2023-06-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005839"
},
{
"date": "2022-08-15T16:03:44",
"db": "PACKETSTORM",
"id": "168079"
},
{
"date": "2022-05-28T19:12:00",
"db": "PACKETSTORM",
"id": "169325"
},
{
"date": "2022-07-06T15:29:45",
"db": "PACKETSTORM",
"id": "167709"
},
{
"date": "2024-03-08T20:48:28",
"db": "PACKETSTORM",
"id": "177509"
},
{
"date": "2022-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1101"
},
{
"date": "2022-02-11T22:15:07.817000",
"db": "NVD",
"id": "CVE-2022-23634"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-10705"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23634"
},
{
"date": "2023-06-14T09:07:00",
"db": "JVNDB",
"id": "JVNDB-2022-005839"
},
{
"date": "2023-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1101"
},
{
"date": "2024-11-21T06:48:58.950000",
"db": "NVD",
"id": "CVE-2022-23634"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "167709"
},
{
"db": "PACKETSTORM",
"id": "177509"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1101"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Puma Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-10705"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1101"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1101"
}
],
"trust": 0.6
}
}
var-202201-1926
Vulnerability from variot
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::remove_dir_all standard library function is vulnerable a race condition enabling symlink following (CWE-363). An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete. Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability with 1.58.1 containing a patch. Note that the following build targets don't have usable APIs to properly mitigate the attack, and are thus still vulnerable even with a patched toolchain: macOS before version 10.10 (Yosemite) and REDOX. We recommend everyone to update to Rust 1.58.1 as soon as possible, especially people developing programs expected to run in privileged contexts (including system daemons and setuid binaries), as those have the highest risk of being affected by this. Note that adding checks in your codebase before calling remove_dir_all will not mitigate the vulnerability, as they would also be vulnerable to race conditions like remove_dir_all itself. The existing mitigation is working as intended outside of race conditions. Rust for, Time-of-check Time-of-use (TOCTOU) There is a race condition vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202210-09
https://security.gentoo.org/
Severity: Normal Title: Rust: Multiple Vulnerabilities Date: October 16, 2022 Bugs: #870166, #831638, #821157, #807052, #782367 ID: 202210-09
Synopsis
Multiple vulnerabilities have been discovered in Rust, the worst of which could result in denial of service.
Background
A systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-lang/rust < 1.63.0-r1 >= 1.63.0-r1 2 dev-lang/rust-bin < 1.64.0 >= 1.64.0
Description
Multiple vulnerabilities have been discovered in Rust. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Rust users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">\xdev-lang/rust-1.63.0-r1"
All Rust binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">\xdev-lang/rust-bin-1.64.0"
In addition, users using Portage 3.0.38 or later should ensure that packages with Rust binaries have no vulnerable code statically linked into their binaries by rebuilding the @rust-rebuild set:
# emerge --ask --oneshot --verbose @rust-rebuild
References
[ 1 ] CVE-2021-28875 https://nvd.nist.gov/vuln/detail/CVE-2021-28875 [ 2 ] CVE-2021-28876 https://nvd.nist.gov/vuln/detail/CVE-2021-28876 [ 3 ] CVE-2021-28877 https://nvd.nist.gov/vuln/detail/CVE-2021-28877 [ 4 ] CVE-2021-28878 https://nvd.nist.gov/vuln/detail/CVE-2021-28878 [ 5 ] CVE-2021-28879 https://nvd.nist.gov/vuln/detail/CVE-2021-28879 [ 6 ] CVE-2021-29922 https://nvd.nist.gov/vuln/detail/CVE-2021-29922 [ 7 ] CVE-2021-31162 https://nvd.nist.gov/vuln/detail/CVE-2021-31162 [ 8 ] CVE-2021-36317 https://nvd.nist.gov/vuln/detail/CVE-2021-36317 [ 9 ] CVE-2021-36318 https://nvd.nist.gov/vuln/detail/CVE-2021-36318 [ 10 ] CVE-2021-42574 https://nvd.nist.gov/vuln/detail/CVE-2021-42574 [ 11 ] CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 [ 12 ] CVE-2022-21658 https://nvd.nist.gov/vuln/detail/CVE-2022-21658 [ 13 ] CVE-2022-36113 https://nvd.nist.gov/vuln/detail/CVE-2022-36113 [ 14 ] CVE-2022-36114 https://nvd.nist.gov/vuln/detail/CVE-2022-36114
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202210-09
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: rust-toolset:rhel8 security, bug fix, and enhancement update Advisory ID: RHSA-2022:1894-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1894 Issue date: 2022-05-10 CVE Names: CVE-2022-21658 =====================================================================
- Summary:
An update for the rust-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries.
The following packages have been upgraded to a later upstream version: rust (1.58.0). (BZ#2002883)
Security Fix(es):
- rust: Race condition in remove_dir_all leading to removal of files outside of the directory being removed (CVE-2022-21658)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1980080 - Enable Rust wasm32-wasi target [rhel-8.6.0] 2041504 - CVE-2022-21658 rust: Race condition in remove_dir_all leading to removal of files outside of the directory being removed
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: rust-1.58.1-1.module+el8.6.0+14021+586eff1a.src.rpm rust-toolset-1.58.1-1.module+el8.6.0+14021+586eff1a.src.rpm
aarch64: cargo-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm cargo-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm clippy-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm clippy-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm rls-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm rls-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm rust-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm rust-analysis-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm rust-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm rust-debugsource-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm rust-doc-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm rust-std-static-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm rust-std-static-wasm32-unknown-unknown-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm rust-std-static-wasm32-wasi-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm rust-toolset-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm rustfmt-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm rustfmt-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm
noarch: cargo-doc-1.58.1-1.module+el8.6.0+14021+586eff1a.noarch.rpm rust-debugger-common-1.58.1-1.module+el8.6.0+14021+586eff1a.noarch.rpm rust-gdb-1.58.1-1.module+el8.6.0+14021+586eff1a.noarch.rpm rust-lldb-1.58.1-1.module+el8.6.0+14021+586eff1a.noarch.rpm rust-src-1.58.1-1.module+el8.6.0+14021+586eff1a.noarch.rpm
ppc64le: cargo-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm cargo-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm clippy-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm clippy-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm rls-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm rls-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm rust-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm rust-analysis-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm rust-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm rust-debugsource-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm rust-doc-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm rust-std-static-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm rust-std-static-wasm32-unknown-unknown-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm rust-std-static-wasm32-wasi-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm rust-toolset-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm rustfmt-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm rustfmt-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm
s390x: cargo-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm cargo-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm clippy-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm clippy-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm rls-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm rls-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm rust-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm rust-analysis-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm rust-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm rust-debugsource-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm rust-doc-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm rust-std-static-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm rust-toolset-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm rustfmt-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm rustfmt-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm
x86_64: cargo-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm cargo-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm clippy-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm clippy-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm rls-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm rls-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm rust-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm rust-analysis-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm rust-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm rust-debugsource-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm rust-doc-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm rust-std-static-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm rust-std-static-wasm32-unknown-unknown-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm rust-std-static-wasm32-wasi-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm rust-toolset-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm rustfmt-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm rustfmt-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-21658 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYnqROtzjgjWX9erEAQgkZBAAmWsVgosTaMGDpGj3gA90DdYI3IN5lBO8 tUoSTKDDatI5M1lwjSEBdDUh7nkFHAr4zSawU6tM9+d5Y/cfAVoC4bwDJleHRByz MhpBMezpVaks4KdgsDm+UQtabDAKJp3yLkDTqTp8iWrepzxJcJPiieLn95DxmKq/ TEGUovSBVOnPXQMOdOor2hxi4M3CILVPzHWHgicSu3xHHa1O81CzPszwhfBgiRP4 RkNlU29AB1m0C+SOd2ERwGU4usZt/uTOwnyLAvA763SQc8zqdIvfxvdqy4ljyEYn A/+nDZ8Evc4jMX+fpmN3i+qOPz2B1B1R1SCFPrRdg+9WUkLbtVr/KTK0xWF2MkyZ z+ggAwAPiEG7VF4kEDIdT5eeNhdqFBH58GpvKf/u/jYnxJtKw8A8+tKMHYzDrBEP OIOSaFF75aO50p/cpa8TuofWY/uE/sbEmXYp9pp0AcyrRHKY+wQUzmBB30a/1bqk znxOxZTEpgIniE/hy/zyGazsdK5+bjqk3TXPyrXtJPcCjk+e9eq1eamVRzm+Rqki /1x7PaBu1wSiQvrrQELcE6HhYW7VLfz2ANO8KWm1SH43k25uvw95YwhOK9y8chjo P9wiRBHjIxgrKTuArI6NJ/SnfMKoHy/4LTeqXU4EhEc8Na/wZOMw3UEpiS+kJYuM nFBxjty0k/4= =PIUM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-1926",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rust",
"scope": "lte",
"trust": 1.0,
"vendor": "rust lang",
"version": "1.58.0"
},
{
"model": "rust",
"scope": "gte",
"trust": 1.0,
"vendor": "rust lang",
"version": "1.0.0"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.4"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0.0"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.4"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "8.5"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.4"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "watchos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "tvos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "rust",
"scope": null,
"trust": 0.8,
"vendor": "the rust programming language",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004144"
},
{
"db": "NVD",
"id": "CVE-2022-21658"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168756"
}
],
"trust": 0.1
},
"cve": "CVE-2022-21658",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"id": "CVE-2022-21658",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"id": "VHN-407271",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.0,
"id": "CVE-2022-21658",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security-advisories@github.com",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.0,
"id": "CVE-2022-21658",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-21658",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-21658",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2022-21658",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-21658",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-1812",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-407271",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2022-21658",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407271"
},
{
"db": "VULMON",
"id": "CVE-2022-21658"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004144"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1812"
},
{
"db": "NVD",
"id": "CVE-2022-21658"
},
{
"db": "NVD",
"id": "CVE-2022-21658"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling symlink following (CWE-363). An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn\u0027t otherwise access or delete. Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability with 1.58.1 containing a patch. Note that the following build targets don\u0027t have usable APIs to properly mitigate the attack, and are thus still vulnerable even with a patched toolchain: macOS before version 10.10 (Yosemite) and REDOX. We recommend everyone to update to Rust 1.58.1 as soon as possible, especially people developing programs expected to run in privileged contexts (including system daemons and setuid binaries), as those have the highest risk of being affected by this. Note that adding checks in your codebase before calling remove_dir_all will not mitigate the vulnerability, as they would also be vulnerable to race conditions like remove_dir_all itself. The existing mitigation is working as intended outside of race conditions. Rust for, Time-of-check Time-of-use (TOCTOU) There is a race condition vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202210-09\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Rust: Multiple Vulnerabilities\n Date: October 16, 2022\n Bugs: #870166, #831638, #821157, #807052, #782367\n ID: 202210-09\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Rust, the worst of\nwhich could result in denial of service. \n\nBackground\n=========\nA systems programming language that runs blazingly fast, prevents\nsegfaults, and guarantees thread safety. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-lang/rust \u003c 1.63.0-r1 \u003e= 1.63.0-r1\n 2 dev-lang/rust-bin \u003c 1.64.0 \u003e= 1.64.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Rust. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Rust users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e\\xdev-lang/rust-1.63.0-r1\"\n\nAll Rust binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e\\xdev-lang/rust-bin-1.64.0\"\n\nIn addition, users using Portage 3.0.38 or later should ensure that\npackages with Rust binaries have no vulnerable code statically linked\ninto their binaries by rebuilding the @rust-rebuild set:\n\n # emerge --ask --oneshot --verbose @rust-rebuild\n\nReferences\n=========\n[ 1 ] CVE-2021-28875\n https://nvd.nist.gov/vuln/detail/CVE-2021-28875\n[ 2 ] CVE-2021-28876\n https://nvd.nist.gov/vuln/detail/CVE-2021-28876\n[ 3 ] CVE-2021-28877\n https://nvd.nist.gov/vuln/detail/CVE-2021-28877\n[ 4 ] CVE-2021-28878\n https://nvd.nist.gov/vuln/detail/CVE-2021-28878\n[ 5 ] CVE-2021-28879\n https://nvd.nist.gov/vuln/detail/CVE-2021-28879\n[ 6 ] CVE-2021-29922\n https://nvd.nist.gov/vuln/detail/CVE-2021-29922\n[ 7 ] CVE-2021-31162\n https://nvd.nist.gov/vuln/detail/CVE-2021-31162\n[ 8 ] CVE-2021-36317\n https://nvd.nist.gov/vuln/detail/CVE-2021-36317\n[ 9 ] CVE-2021-36318\n https://nvd.nist.gov/vuln/detail/CVE-2021-36318\n[ 10 ] CVE-2021-42574\n https://nvd.nist.gov/vuln/detail/CVE-2021-42574\n[ 11 ] CVE-2021-42694\n https://nvd.nist.gov/vuln/detail/CVE-2021-42694\n[ 12 ] CVE-2022-21658\n https://nvd.nist.gov/vuln/detail/CVE-2022-21658\n[ 13 ] CVE-2022-36113\n https://nvd.nist.gov/vuln/detail/CVE-2022-36113\n[ 14 ] CVE-2022-36114\n https://nvd.nist.gov/vuln/detail/CVE-2022-36114\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202210-09\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: rust-toolset:rhel8 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2022:1894-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1894\nIssue date: 2022-05-10\nCVE Names: CVE-2022-21658 \n=====================================================================\n\n1. Summary:\n\nAn update for the rust-toolset:rhel8 module is now available for Red Hat\nEnterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nRust Toolset provides the Rust programming language compiler rustc, the\ncargo build tool and dependency manager, and required libraries. \n\nThe following packages have been upgraded to a later upstream version: rust\n(1.58.0). (BZ#2002883)\n\nSecurity Fix(es):\n\n* rust: Race condition in remove_dir_all leading to removal of files\noutside of the directory being removed (CVE-2022-21658)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.6 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1980080 - Enable Rust wasm32-wasi target [rhel-8.6.0]\n2041504 - CVE-2022-21658 rust: Race condition in remove_dir_all leading to removal of files outside of the directory being removed\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nrust-1.58.1-1.module+el8.6.0+14021+586eff1a.src.rpm\nrust-toolset-1.58.1-1.module+el8.6.0+14021+586eff1a.src.rpm\n\naarch64:\ncargo-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm\ncargo-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm\nclippy-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm\nclippy-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm\nrls-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm\nrls-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm\nrust-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm\nrust-analysis-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm\nrust-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm\nrust-debugsource-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm\nrust-doc-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm\nrust-std-static-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm\nrust-std-static-wasm32-unknown-unknown-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm\nrust-std-static-wasm32-wasi-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm\nrust-toolset-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm\nrustfmt-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm\nrustfmt-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.aarch64.rpm\n\nnoarch:\ncargo-doc-1.58.1-1.module+el8.6.0+14021+586eff1a.noarch.rpm\nrust-debugger-common-1.58.1-1.module+el8.6.0+14021+586eff1a.noarch.rpm\nrust-gdb-1.58.1-1.module+el8.6.0+14021+586eff1a.noarch.rpm\nrust-lldb-1.58.1-1.module+el8.6.0+14021+586eff1a.noarch.rpm\nrust-src-1.58.1-1.module+el8.6.0+14021+586eff1a.noarch.rpm\n\nppc64le:\ncargo-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm\ncargo-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm\nclippy-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm\nclippy-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm\nrls-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm\nrls-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm\nrust-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm\nrust-analysis-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm\nrust-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm\nrust-debugsource-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm\nrust-doc-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm\nrust-std-static-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm\nrust-std-static-wasm32-unknown-unknown-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm\nrust-std-static-wasm32-wasi-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm\nrust-toolset-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm\nrustfmt-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm\nrustfmt-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.ppc64le.rpm\n\ns390x:\ncargo-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm\ncargo-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm\nclippy-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm\nclippy-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm\nrls-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm\nrls-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm\nrust-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm\nrust-analysis-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm\nrust-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm\nrust-debugsource-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm\nrust-doc-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm\nrust-std-static-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm\nrust-toolset-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm\nrustfmt-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm\nrustfmt-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.s390x.rpm\n\nx86_64:\ncargo-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm\ncargo-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm\nclippy-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm\nclippy-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm\nrls-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm\nrls-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm\nrust-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm\nrust-analysis-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm\nrust-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm\nrust-debugsource-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm\nrust-doc-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm\nrust-std-static-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm\nrust-std-static-wasm32-unknown-unknown-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm\nrust-std-static-wasm32-wasi-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm\nrust-toolset-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm\nrustfmt-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm\nrustfmt-debuginfo-1.58.1-1.module+el8.6.0+14021+586eff1a.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-21658\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYnqROtzjgjWX9erEAQgkZBAAmWsVgosTaMGDpGj3gA90DdYI3IN5lBO8\ntUoSTKDDatI5M1lwjSEBdDUh7nkFHAr4zSawU6tM9+d5Y/cfAVoC4bwDJleHRByz\nMhpBMezpVaks4KdgsDm+UQtabDAKJp3yLkDTqTp8iWrepzxJcJPiieLn95DxmKq/\nTEGUovSBVOnPXQMOdOor2hxi4M3CILVPzHWHgicSu3xHHa1O81CzPszwhfBgiRP4\nRkNlU29AB1m0C+SOd2ERwGU4usZt/uTOwnyLAvA763SQc8zqdIvfxvdqy4ljyEYn\nA/+nDZ8Evc4jMX+fpmN3i+qOPz2B1B1R1SCFPrRdg+9WUkLbtVr/KTK0xWF2MkyZ\nz+ggAwAPiEG7VF4kEDIdT5eeNhdqFBH58GpvKf/u/jYnxJtKw8A8+tKMHYzDrBEP\nOIOSaFF75aO50p/cpa8TuofWY/uE/sbEmXYp9pp0AcyrRHKY+wQUzmBB30a/1bqk\nznxOxZTEpgIniE/hy/zyGazsdK5+bjqk3TXPyrXtJPcCjk+e9eq1eamVRzm+Rqki\n/1x7PaBu1wSiQvrrQELcE6HhYW7VLfz2ANO8KWm1SH43k25uvw95YwhOK9y8chjo\nP9wiRBHjIxgrKTuArI6NJ/SnfMKoHy/4LTeqXU4EhEc8Na/wZOMw3UEpiS+kJYuM\nnFBxjty0k/4=\n=PIUM\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21658"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004144"
},
{
"db": "VULHUB",
"id": "VHN-407271"
},
{
"db": "VULMON",
"id": "CVE-2022-21658"
},
{
"db": "PACKETSTORM",
"id": "168756"
},
{
"db": "PACKETSTORM",
"id": "167067"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-21658",
"trust": 3.6
},
{
"db": "PACKETSTORM",
"id": "167067",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168756",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004144",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022012101",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051149",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0304",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1812",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-407271",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-21658",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407271"
},
{
"db": "VULMON",
"id": "CVE-2022-21658"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004144"
},
{
"db": "PACKETSTORM",
"id": "168756"
},
{
"db": "PACKETSTORM",
"id": "167067"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1812"
},
{
"db": "NVD",
"id": "CVE-2022-21658"
}
]
},
"id": "VAR-202201-1926",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-407271"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:19:21.806000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213186 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7JKZDTBMGAWIFJSNWKBMPO5EAKRR4BEW/"
},
{
"title": "Rust Repair measures for the competition condition problem loophole",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=181481"
},
{
"title": "Red Hat: Moderate: rust-toolset:rhel8 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221894 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1817",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1817"
},
{
"title": "xtask-wasm",
"trust": 0.1,
"url": "https://github.com/rustminded/xtask-wasm "
},
{
"title": "CVE-2022-21658 poc",
"trust": 0.1,
"url": "https://github.com/sagittarius-a/cve-2022-21658 "
},
{
"title": "rmall",
"trust": 0.1,
"url": "https://github.com/XIDY-Dex/rmall "
},
{
"title": "https://github.com/xxg1413/rust-security",
"trust": 0.1,
"url": "https://github.com/xxg1413/rust-security "
},
{
"title": "https://github.com/xxg1413/rustlang-security",
"trust": 0.1,
"url": "https://github.com/xxg1413/rustlang-security "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/nomi-sec/PoC-in-GitHub "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/soosmile/POC "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/manas3c/CVE-POC "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-21658"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004144"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1812"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-363",
"trust": 1.1
},
{
"problemtype": "CWE-367",
"trust": 1.1
},
{
"problemtype": "Time-of-check Time-of-use (TOCTOU) Race condition (CWE-367) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407271"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004144"
},
{
"db": "NVD",
"id": "CVE-2022-21658"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202210-09"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213182"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213183"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213186"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213193"
},
{
"trust": 1.8,
"url": "https://github.com/rust-lang/rust/security/advisories/ghsa-r9cc-f5pr-p3j2"
},
{
"trust": 1.8,
"url": "https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html"
},
{
"trust": 1.8,
"url": "https://github.com/rust-lang/rust/pull/93110/commits/32ed6e599bb4722efefd78bbc9cd7ec4613cb946"
},
{
"trust": 1.8,
"url": "https://github.com/rust-lang/rust/pull/93110/commits/406cc071d6cfdfdb678bf3d83d766851de95abaf"
},
{
"trust": 1.8,
"url": "https://github.com/rust-lang/rust/pull/93110/commits/4f0ad1c92ca08da6e8dc17838070975762f59714"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21658"
},
{
"trust": 1.2,
"url": "https://github.com/rust-lang/rust/pull/93110"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bk32qzlhdc2ovlpktuhnt2g3vhwhd4lx/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/c63nh72q7uhjm5v3ivyri7lvbggfqmsq/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ckgtackmkaprdpwptu26gywbelirff5n/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7jkzdtbmgawifjsnwkbmpo5eakrr4bew/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7jkzdtbmgawifjsnwkbmpo5eakrr4bew/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ckgtackmkaprdpwptu26gywbelirff5n/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bk32qzlhdc2ovlpktuhnt2g3vhwhd4lx/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/c63nh72q7uhjm5v3ivyri7lvbggfqmsq/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-21658"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168756/gentoo-linux-security-advisory-202210-09.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1141"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167067/red-hat-security-advisory-2022-1894-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/rust-file-deleting-via-std-fs-remove-dir-all-37342"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0304"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012101"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051149"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2022:1894"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/363.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/367.html"
},
{
"trust": 0.1,
"url": "https://github.com/rustminded/xtask-wasm"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2022-1817.html"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29922"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28876"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36317"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36318"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-36113"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28878"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28875"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28879"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42574"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42694"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-36114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31162"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407271"
},
{
"db": "VULMON",
"id": "CVE-2022-21658"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004144"
},
{
"db": "PACKETSTORM",
"id": "168756"
},
{
"db": "PACKETSTORM",
"id": "167067"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1812"
},
{
"db": "NVD",
"id": "CVE-2022-21658"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-407271"
},
{
"db": "VULMON",
"id": "CVE-2022-21658"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-004144"
},
{
"db": "PACKETSTORM",
"id": "168756"
},
{
"db": "PACKETSTORM",
"id": "167067"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1812"
},
{
"db": "NVD",
"id": "CVE-2022-21658"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-20T00:00:00",
"db": "VULHUB",
"id": "VHN-407271"
},
{
"date": "2022-01-20T00:00:00",
"db": "VULMON",
"id": "CVE-2022-21658"
},
{
"date": "2023-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-004144"
},
{
"date": "2022-10-17T15:13:47",
"db": "PACKETSTORM",
"id": "168756"
},
{
"date": "2022-05-11T16:32:58",
"db": "PACKETSTORM",
"id": "167067"
},
{
"date": "2022-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-1812"
},
{
"date": "2022-01-20T18:15:07.703000",
"db": "NVD",
"id": "CVE-2022-21658"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-407271"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-21658"
},
{
"date": "2023-03-23T05:19:00",
"db": "JVNDB",
"id": "JVNDB-2022-004144"
},
{
"date": "2022-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-1812"
},
{
"date": "2024-11-21T06:45:10.343000",
"db": "NVD",
"id": "CVE-2022-21658"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1812"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rust\u00a0 In \u00a0Time-of-check\u00a0Time-of-use\u00a0(TOCTOU)\u00a0 Race condition vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-004144"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "competition condition problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1812"
}
],
"trust": 0.6
}
}
var-201904-0324
Vulnerability from variot
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update. Samba Contains a permission vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. A local attacker can exploit this issue by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks. Samba is a set of free software developed by the Samba team that enables the UNIX series of operating systems to connect with the SMB/CIFS network protocol of the Microsoft Windows operating system. The software supports sharing printers, transferring data files and so on. There is a security vulnerability in Samba, which originates from the fact that the program creates files in the private/ directory as globally writable. An attacker could exploit this vulnerability to elevate privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0324",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "samba",
"scope": "lt",
"trust": 1.8,
"vendor": "samba",
"version": "4.10.2"
},
{
"model": "samba",
"scope": "gte",
"trust": 1.0,
"vendor": "samba",
"version": "4.10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.1"
},
{
"model": "samba",
"scope": "lt",
"trust": 1.0,
"vendor": "samba",
"version": "4.9.6"
},
{
"model": "samba",
"scope": "gte",
"trust": 1.0,
"vendor": "samba",
"version": "4.9.0"
},
{
"model": "directory server",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"model": "vs960hd",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "2.3.6-1720"
},
{
"model": "router manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "1.2"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "5.2"
},
{
"model": "skynas",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "samba",
"scope": "lt",
"trust": 0.8,
"vendor": "samba",
"version": "4.9 thats all 4.9.6"
},
{
"model": "samba",
"scope": "eq",
"trust": 0.3,
"vendor": "samba",
"version": "4.10.1"
},
{
"model": "samba",
"scope": "eq",
"trust": 0.3,
"vendor": "samba",
"version": "4.9.5"
},
{
"model": "samba",
"scope": "eq",
"trust": 0.3,
"vendor": "samba",
"version": "4.9.4"
},
{
"model": "samba",
"scope": "eq",
"trust": 0.3,
"vendor": "samba",
"version": "4.9.3"
},
{
"model": "samba",
"scope": "eq",
"trust": 0.3,
"vendor": "samba",
"version": "4.9.2"
},
{
"model": "samba",
"scope": "eq",
"trust": 0.3,
"vendor": "samba",
"version": "4.9.1"
},
{
"model": "samba",
"scope": "eq",
"trust": 0.3,
"vendor": "samba",
"version": "4.9"
},
{
"model": "samba",
"scope": "eq",
"trust": 0.3,
"vendor": "samba",
"version": "4.10"
},
{
"model": "samba",
"scope": "ne",
"trust": 0.3,
"vendor": "samba",
"version": "4.10.2"
},
{
"model": "samba",
"scope": "ne",
"trust": 0.3,
"vendor": "samba",
"version": "4.9.6"
}
],
"sources": [
{
"db": "BID",
"id": "107798"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003309"
},
{
"db": "NVD",
"id": "CVE-2019-3870"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:samba:samba",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003309"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bj??rn Baumbach",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-308"
}
],
"trust": 0.6
},
"cve": "CVE-2019-3870",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-3870",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-155305",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "secalert@redhat.com",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2019-3870",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2019-3870",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3870",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2019-3870",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-3870",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-308",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-155305",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155305"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003309"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-308"
},
{
"db": "NVD",
"id": "CVE-2019-3870"
},
{
"db": "NVD",
"id": "CVE-2019-3870"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update. Samba Contains a permission vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. \nA local attacker can exploit this issue by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks. Samba is a set of free software developed by the Samba team that enables the UNIX series of operating systems to connect with the SMB/CIFS network protocol of the Microsoft Windows operating system. The software supports sharing printers, transferring data files and so on. There is a security vulnerability in Samba, which originates from the fact that the program creates files in the private/ directory as globally writable. An attacker could exploit this vulnerability to elevate privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3870"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003309"
},
{
"db": "BID",
"id": "107798"
},
{
"db": "VULHUB",
"id": "VHN-155305"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3870",
"trust": 2.8
},
{
"db": "BID",
"id": "107798",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003309",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-308",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "43559",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-155305",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155305"
},
{
"db": "BID",
"id": "107798"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003309"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-308"
},
{
"db": "NVD",
"id": "CVE-2019-3870"
}
]
},
"id": "VAR-201904-0324",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155305"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:08:25.741000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2019-db21b5f1d2",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/"
},
{
"title": "FEDORA-2019-cacf88eabf",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/"
},
{
"title": "World writable files in Samba AD DC private/ dir",
"trust": 0.8,
"url": "https://www.samba.org/samba/security/CVE-2019-3870.html"
},
{
"title": "Bug 13834",
"trust": 0.8,
"url": "https://bugzilla.samba.org/show_bug.cgi?id=13834"
},
{
"title": "Samba Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91147"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003309"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-308"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.1
},
{
"problemtype": "CWE-275",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155305"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003309"
},
{
"db": "NVD",
"id": "CVE-2019-3870"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://bugzilla.samba.org/show_bug.cgi?id=13834"
},
{
"trust": 2.0,
"url": "https://www.samba.org/samba/security/cve-2019-3870.html"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3870"
},
{
"trust": 1.7,
"url": "https://support.f5.com/csp/article/k20804356"
},
{
"trust": 1.7,
"url": "https://www.synology.com/security/advisory/synology_sa_19_15"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3870"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/107798"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354galk73czwqkfug7awb6eiegfmf62/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jtjvfa3rz6g2izdtvklhrmx6qbya4gpa/"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689010"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2019-3870"
},
{
"trust": 0.9,
"url": "http://www.samba.org"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3870"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jtjvfa3rz6g2izdtvklhrmx6qbya4gpa/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6354galk73czwqkfug7awb6eiegfmf62/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/samba-privilege-escalation-via-ad-dc-world-writable-private-directory-28962"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/43559"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155305"
},
{
"db": "BID",
"id": "107798"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003309"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-308"
},
{
"db": "NVD",
"id": "CVE-2019-3870"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155305"
},
{
"db": "BID",
"id": "107798"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003309"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-308"
},
{
"db": "NVD",
"id": "CVE-2019-3870"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-09T00:00:00",
"db": "VULHUB",
"id": "VHN-155305"
},
{
"date": "2019-04-08T00:00:00",
"db": "BID",
"id": "107798"
},
{
"date": "2019-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003309"
},
{
"date": "2019-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-308"
},
{
"date": "2019-04-09T16:29:01.867000",
"db": "NVD",
"id": "CVE-2019-3870"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-155305"
},
{
"date": "2019-04-08T00:00:00",
"db": "BID",
"id": "107798"
},
{
"date": "2019-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003309"
},
{
"date": "2020-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-308"
},
{
"date": "2024-11-21T04:42:45.720000",
"db": "NVD",
"id": "CVE-2019-3870"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "107798"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-308"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samba Permissions vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003309"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-308"
}
],
"trust": 0.6
}
}
var-202205-1905
Vulnerability from variot
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-5995-1 April 04, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2345, CVE-2022-2581)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927, CVE-2022-2344)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2946)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2980)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10: vim 2:9.0.0242-1ubuntu1.3 vim-athena 2:9.0.0242-1ubuntu1.3 vim-gtk3 2:9.0.0242-1ubuntu1.3 vim-motif 2:9.0.0242-1ubuntu1.3 vim-nox 2:9.0.0242-1ubuntu1.3 vim-tiny 2:9.0.0242-1ubuntu1.3
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.5 vim-athena 2:8.2.3995-1ubuntu2.5 vim-gtk 2:8.2.3995-1ubuntu2.5 vim-gtk3 2:8.2.3995-1ubuntu2.5 vim-nox 2:8.2.3995-1ubuntu2.5 vim-tiny 2:8.2.3995-1ubuntu2.5
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.13 vim-athena 2:8.1.2269-1ubuntu5.13 vim-gtk 2:8.1.2269-1ubuntu5.13 vim-gtk3 2:8.1.2269-1ubuntu5.13 vim-nox 2:8.1.2269-1ubuntu5.13 vim-tiny 2:8.1.2269-1ubuntu5.13
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.12 vim-athena 2:8.0.1453-1ubuntu1.12 vim-gnome 2:8.0.1453-1ubuntu1.12 vim-gtk 2:8.0.1453-1ubuntu1.12 vim-gtk3 2:8.0.1453-1ubuntu1.12 vim-nox 2:8.0.1453-1ubuntu1.12 vim-tiny 2:8.0.1453-1ubuntu1.12
Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm8 vim-athena 2:7.4.052-1ubuntu3.1+esm8 vim-gnome 2:7.4.052-1ubuntu3.1+esm8 vim-gtk 2:7.4.052-1ubuntu3.1+esm8 vim-nox 2:7.4.052-1ubuntu3.1+esm8 vim-tiny 2:7.4.052-1ubuntu3.1+esm8
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5995-1 CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571, CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980
Package Information: https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3 https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5 https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13 https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-1905",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.5013"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011241"
},
{
"db": "NVD",
"id": "CVE-2022-1851"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-1851",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1851",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-423375",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1851",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1851",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1851",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1851",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-1851",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-4102",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-423375",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1851",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423375"
},
{
"db": "VULMON",
"id": "CVE-2022-1851"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011241"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4102"
},
{
"db": "NVD",
"id": "CVE-2022-1851"
},
{
"db": "NVD",
"id": "CVE-2022-1851"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. =========================================================================\nUbuntu Security Notice USN-5995-1\nApril 04, 2023\n\nvim vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,\nand Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674,\nCVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851,\nCVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125,\nCVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\nCVE-2022-2304, CVE-2022-2345, CVE-2022-2581)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04\nLTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849,\nCVE-2022-2923)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927,\nCVE-2022-2344)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,\nand Ubuntu 22.10. (CVE-2022-2946)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. \n(CVE-2022-2980)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.10:\n vim 2:9.0.0242-1ubuntu1.3\n vim-athena 2:9.0.0242-1ubuntu1.3\n vim-gtk3 2:9.0.0242-1ubuntu1.3\n vim-motif 2:9.0.0242-1ubuntu1.3\n vim-nox 2:9.0.0242-1ubuntu1.3\n vim-tiny 2:9.0.0242-1ubuntu1.3\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.5\n vim-athena 2:8.2.3995-1ubuntu2.5\n vim-gtk 2:8.2.3995-1ubuntu2.5\n vim-gtk3 2:8.2.3995-1ubuntu2.5\n vim-nox 2:8.2.3995-1ubuntu2.5\n vim-tiny 2:8.2.3995-1ubuntu2.5\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.13\n vim-athena 2:8.1.2269-1ubuntu5.13\n vim-gtk 2:8.1.2269-1ubuntu5.13\n vim-gtk3 2:8.1.2269-1ubuntu5.13\n vim-nox 2:8.1.2269-1ubuntu5.13\n vim-tiny 2:8.1.2269-1ubuntu5.13\n\nUbuntu 18.04 LTS:\n vim 2:8.0.1453-1ubuntu1.12\n vim-athena 2:8.0.1453-1ubuntu1.12\n vim-gnome 2:8.0.1453-1ubuntu1.12\n vim-gtk 2:8.0.1453-1ubuntu1.12\n vim-gtk3 2:8.0.1453-1ubuntu1.12\n vim-nox 2:8.0.1453-1ubuntu1.12\n vim-tiny 2:8.0.1453-1ubuntu1.12\n\nUbuntu 14.04 ESM:\n vim 2:7.4.052-1ubuntu3.1+esm8\n vim-athena 2:7.4.052-1ubuntu3.1+esm8\n vim-gnome 2:7.4.052-1ubuntu3.1+esm8\n vim-gtk 2:7.4.052-1ubuntu3.1+esm8\n vim-nox 2:7.4.052-1ubuntu3.1+esm8\n vim-tiny 2:7.4.052-1ubuntu3.1+esm8\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5995-1\n CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720,\n CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796,\n CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942,\n CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126,\n CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\n CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571,\n CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923,\n CVE-2022-2946, CVE-2022-2980\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3\n https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5\n https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13\n https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1851"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011241"
},
{
"db": "VULHUB",
"id": "VHN-423375"
},
{
"db": "VULMON",
"id": "CVE-2022-1851"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1851",
"trust": 3.7
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011241",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3012",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022063027",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4102",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-423375",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1851",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171681",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423375"
},
{
"db": "VULMON",
"id": "CVE-2022-1851"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011241"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4102"
},
{
"db": "NVD",
"id": "CVE-2022-1851"
}
]
},
"id": "VAR-202205-1905",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-423375"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:29:12.176000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "after\u00a0text\u00a0formatting\u00a0cursor\u00a0may\u00a0be\u00a0in\u00a0an\u00a0invalid\u00a0position Apple Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=194710"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1851"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11dbcf77118f7ec64d0ef6c1e3c087e3"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-116",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-116"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-1851 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1851"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011241"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4102"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423375"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011241"
},
{
"db": "NVD",
"id": "CVE-2022-1851"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/78d52883e10d71f23ab72a3d8b9733b00da8c9ad"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ozslfikfyu5y2km5ejkqnyhwrubdq4gj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qmfhbc5oqxdpv2sdya2juqgvcpyastjb/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qmfhbc5oqxdpv2sdya2juqgvcpyastjb/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ozslfikfyu5y2km5ejkqnyhwrubdq4gj/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-out-of-bounds-memory-reading-via-src-textformat-c-38492"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022063027"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1851/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3012"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015984"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1628.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2581"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5995-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423375"
},
{
"db": "VULMON",
"id": "CVE-2022-1851"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011241"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4102"
},
{
"db": "NVD",
"id": "CVE-2022-1851"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-423375"
},
{
"db": "VULMON",
"id": "CVE-2022-1851"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011241"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4102"
},
{
"db": "NVD",
"id": "CVE-2022-1851"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-25T00:00:00",
"db": "VULHUB",
"id": "VHN-423375"
},
{
"date": "2022-05-25T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1851"
},
{
"date": "2023-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011241"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-04-04T12:59:12",
"db": "PACKETSTORM",
"id": "171681"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-4102"
},
{
"date": "2022-05-25T13:15:07.770000",
"db": "NVD",
"id": "CVE-2022-1851"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-423375"
},
{
"date": "2023-05-03T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1851"
},
{
"date": "2023-08-21T06:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-011241"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-4102"
},
{
"date": "2024-11-21T06:41:36.563000",
"db": "NVD",
"id": "CVE-2022-1851"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-4102"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011241"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-4102"
}
],
"trust": 0.6
}
}
var-202208-0889
Vulnerability from variot
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. feep.net of libtar Products from other vendors have out-of-bounds read vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state. openEuler is an operating system of the Open Atom Open Source Foundation. There are security vulnerabilities in openEuler 20.03-LTS-SP1, 20.03-LTS-SP3, and 22.03-LTS versions of the Open Atom Open Source Foundation. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: libtar security update Advisory ID: RHSA-2023:2898-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2898 Issue date: 2023-05-16 CVE Names: CVE-2021-33643 CVE-2021-33644 CVE-2021-33645 CVE-2021-33646 ==================================================================== 1. Summary:
An update for libtar is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The libtar packages contain a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions.
Security Fix(es):
-
libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)
-
libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)
-
libtar: memory leak found in th_read() function (CVE-2021-33645)
-
libtar: memory leak found in th_read() function (CVE-2021-33646)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2121289 - CVE-2021-33643 libtar: out-of-bounds read in gnu_longlink 2121292 - CVE-2021-33644 libtar: out-of-bounds read in gnu_longname 2121295 - CVE-2021-33645 libtar: memory leak found in th_read() function 2121297 - CVE-2021-33646 libtar: memory leak found in th_read() function
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: libtar-1.2.20-17.el8.src.rpm
aarch64: libtar-1.2.20-17.el8.aarch64.rpm libtar-debuginfo-1.2.20-17.el8.aarch64.rpm libtar-debugsource-1.2.20-17.el8.aarch64.rpm
ppc64le: libtar-1.2.20-17.el8.ppc64le.rpm libtar-debuginfo-1.2.20-17.el8.ppc64le.rpm libtar-debugsource-1.2.20-17.el8.ppc64le.rpm
s390x: libtar-1.2.20-17.el8.s390x.rpm libtar-debuginfo-1.2.20-17.el8.s390x.rpm libtar-debugsource-1.2.20-17.el8.s390x.rpm
x86_64: libtar-1.2.20-17.el8.i686.rpm libtar-1.2.20-17.el8.x86_64.rpm libtar-debuginfo-1.2.20-17.el8.i686.rpm libtar-debuginfo-1.2.20-17.el8.x86_64.rpm libtar-debugsource-1.2.20-17.el8.i686.rpm libtar-debugsource-1.2.20-17.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-33643 https://access.redhat.com/security/cve/CVE-2021-33644 https://access.redhat.com/security/cve/CVE-2021-33645 https://access.redhat.com/security/cve/CVE-2021-33646 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBZGNwdNzjgjWX9erEAQjfPw//SoG/pVemP1peDGxUFDfBMBbldrFWpNro Te4tTe3YAkVgQgtnGZ8n3Arlrryk+3wfgQj3u9gdUj1w14YyEZC8hpWLCXI5iw/P Ul4dHHOnO0UW568dkaqUeJjl02o2ugRp2RZVt14yuZqLKmF9WCJW7lCZQLoqCIVp 7P3vZOQBlyU6BuGXO4Th86fpLDEZCboBQDA2QeNFvt+qNwvNxgb3A05217tfXnZ4 EpltZPIrl8pzEmmWA09XeFgIm5GXNiWjjR/fF3OHSgQ9cmXnafxWSBNiDlzHNQCk 0/z5gcvl+BJLceQoZBo6hdldHCiOF20jCxr8Nb/3sSJ+zAqQqqNsnDQ1TGs2GMDz Mx5JECSk0p79MMKR0mrP2NbCqxqEsqOkjinIa0PDlKNPFbEikA4l7fXu58KyHsr/ V9otYHvD1ilS7cTw1FGi198oodCofA+euZCQBNnWuFbnrCo1cyRBN6mjCMZwDgww ZhNWOUvAmkhtC5ebBb8zuMJ73ojSwiv886kJbEjDlG7SDGbMPHxEAgTHWZp5l+jw z36m+SegsAXE/UKHRYTFriRA5p1pyq/AVUMwhMXvQhwwNxPl2wsaUOJGFBw3Fu3n bAFXpxAngQvELHEFOtmL9fzbnFo93OTkvuz9tJpbvNOCmDBJJEN6Znhic0iWzT0p kHiakPvkvj4=I+bk -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-0889",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openeuler",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "22.03"
},
{
"model": "openeuler",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "20.03"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "libtar",
"scope": "lt",
"trust": 1.0,
"vendor": "feep",
"version": "1.2.21"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "openeuler",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "libtar",
"scope": null,
"trust": 0.8,
"vendor": "feep net",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020154"
},
{
"db": "NVD",
"id": "CVE-2021-33643"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "172362"
}
],
"trust": 0.1
},
"cve": "CVE-2021-33643",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-33643",
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-33643",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33643",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-33643",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2780",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020154"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2780"
},
{
"db": "NVD",
"id": "CVE-2021-33643"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. feep.net of libtar Products from other vendors have out-of-bounds read vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state. openEuler is an operating system of the Open Atom Open Source Foundation. There are security vulnerabilities in openEuler 20.03-LTS-SP1, 20.03-LTS-SP3, and 22.03-LTS versions of the Open Atom Open Source Foundation. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: libtar security update\nAdvisory ID: RHSA-2023:2898-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:2898\nIssue date: 2023-05-16\nCVE Names: CVE-2021-33643 CVE-2021-33644 CVE-2021-33645\n CVE-2021-33646\n====================================================================\n1. Summary:\n\nAn update for libtar is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe libtar packages contain a C library for manipulating tar archives. The\nlibrary supports both the strict POSIX tar format and many of the commonly\nused GNU extensions. \n\nSecurity Fix(es):\n\n* libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)\n\n* libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)\n\n* libtar: memory leak found in th_read() function (CVE-2021-33645)\n\n* libtar: memory leak found in th_read() function (CVE-2021-33646)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.8 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2121289 - CVE-2021-33643 libtar: out-of-bounds read in gnu_longlink\n2121292 - CVE-2021-33644 libtar: out-of-bounds read in gnu_longname\n2121295 - CVE-2021-33645 libtar: memory leak found in th_read() function\n2121297 - CVE-2021-33646 libtar: memory leak found in th_read() function\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nlibtar-1.2.20-17.el8.src.rpm\n\naarch64:\nlibtar-1.2.20-17.el8.aarch64.rpm\nlibtar-debuginfo-1.2.20-17.el8.aarch64.rpm\nlibtar-debugsource-1.2.20-17.el8.aarch64.rpm\n\nppc64le:\nlibtar-1.2.20-17.el8.ppc64le.rpm\nlibtar-debuginfo-1.2.20-17.el8.ppc64le.rpm\nlibtar-debugsource-1.2.20-17.el8.ppc64le.rpm\n\ns390x:\nlibtar-1.2.20-17.el8.s390x.rpm\nlibtar-debuginfo-1.2.20-17.el8.s390x.rpm\nlibtar-debugsource-1.2.20-17.el8.s390x.rpm\n\nx86_64:\nlibtar-1.2.20-17.el8.i686.rpm\nlibtar-1.2.20-17.el8.x86_64.rpm\nlibtar-debuginfo-1.2.20-17.el8.i686.rpm\nlibtar-debuginfo-1.2.20-17.el8.x86_64.rpm\nlibtar-debugsource-1.2.20-17.el8.i686.rpm\nlibtar-debugsource-1.2.20-17.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-33643\nhttps://access.redhat.com/security/cve/CVE-2021-33644\nhttps://access.redhat.com/security/cve/CVE-2021-33645\nhttps://access.redhat.com/security/cve/CVE-2021-33646\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZGNwdNzjgjWX9erEAQjfPw//SoG/pVemP1peDGxUFDfBMBbldrFWpNro\nTe4tTe3YAkVgQgtnGZ8n3Arlrryk+3wfgQj3u9gdUj1w14YyEZC8hpWLCXI5iw/P\nUl4dHHOnO0UW568dkaqUeJjl02o2ugRp2RZVt14yuZqLKmF9WCJW7lCZQLoqCIVp\n7P3vZOQBlyU6BuGXO4Th86fpLDEZCboBQDA2QeNFvt+qNwvNxgb3A05217tfXnZ4\nEpltZPIrl8pzEmmWA09XeFgIm5GXNiWjjR/fF3OHSgQ9cmXnafxWSBNiDlzHNQCk\n0/z5gcvl+BJLceQoZBo6hdldHCiOF20jCxr8Nb/3sSJ+zAqQqqNsnDQ1TGs2GMDz\nMx5JECSk0p79MMKR0mrP2NbCqxqEsqOkjinIa0PDlKNPFbEikA4l7fXu58KyHsr/\nV9otYHvD1ilS7cTw1FGi198oodCofA+euZCQBNnWuFbnrCo1cyRBN6mjCMZwDgww\nZhNWOUvAmkhtC5ebBb8zuMJ73ojSwiv886kJbEjDlG7SDGbMPHxEAgTHWZp5l+jw\nz36m+SegsAXE/UKHRYTFriRA5p1pyq/AVUMwhMXvQhwwNxPl2wsaUOJGFBw3Fu3n\nbAFXpxAngQvELHEFOtmL9fzbnFo93OTkvuz9tJpbvNOCmDBJJEN6Znhic0iWzT0p\nkHiakPvkvj4=I+bk\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33643"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020154"
},
{
"db": "VULHUB",
"id": "VHN-393721"
},
{
"db": "PACKETSTORM",
"id": "172362"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33643",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020154",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2780",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-393721",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172362",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393721"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020154"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2780"
},
{
"db": "NVD",
"id": "CVE-2021-33643"
}
]
},
"id": "VAR-202208-0889",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-393721"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:02:28.968000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "openEuler Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=204269"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2780"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393721"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020154"
},
{
"db": "NVD",
"id": "CVE-2021-33643"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openeuler-sa-2022-1807"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7q26qdnojdofywmjweik5xr62m2ff6ij/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/od4hebsti22fnykokk7w3x6zqe6fv3xc/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4s4pjrcjleawn2ekxglsobtl7o57v7nc/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7wx5ye66ct7y5c2hthxsfdkqwywywj2t/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5yshzy753r7xw6cikjvawi373ww3yrrj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4s4pjrcjleawn2ekxglsobtl7o57v7nc/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5yshzy753r7xw6cikjvawi373ww3yrrj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7q26qdnojdofywmjweik5xr62m2ff6ij/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7wx5ye66ct7y5c2hthxsfdkqwywywj2t/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/od4hebsti22fnykokk7w3x6zqe6fv3xc/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33643"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/libtar-four-vulnerabilities-39176"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-33643/"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33646"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33646"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33644"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33644"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393721"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020154"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2780"
},
{
"db": "NVD",
"id": "CVE-2021-33643"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-393721"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020154"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2780"
},
{
"db": "NVD",
"id": "CVE-2021-33643"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-393721"
},
{
"date": "2023-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-020154"
},
{
"date": "2023-05-16T17:07:39",
"db": "PACKETSTORM",
"id": "172362"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2780"
},
{
"date": "2022-08-10T20:15:20.450000",
"db": "NVD",
"id": "CVE-2021-33643"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-393721"
},
{
"date": "2023-09-19T08:11:00",
"db": "JVNDB",
"id": "JVNDB-2021-020154"
},
{
"date": "2022-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2780"
},
{
"date": "2023-11-07T03:35:53.637000",
"db": "NVD",
"id": "CVE-2021-33643"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2780"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "feep.net\u00a0 of \u00a0libtar\u00a0 Out-of-Bounds Read Vulnerability in Other Vendors\u0027 Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020154"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2780"
}
],
"trust": 0.6
}
}
var-202201-0356
Vulnerability from variot
vim is vulnerable to Use After Free. vim Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state. Vim is an editor based on the UNIX platform. It was found that vim was vulnerable to use-after-free flaw in the way it was treating allocated lines in user functions. A specially crafted file could crash the vim process or possibly lead to other undefined behaviors. (CVE-2022-0156)
It was found that vim was vulnerable to a 1 byte heap based out of bounds read flaw in the compile_get_env() function. A file could use that flaw to disclose 1 byte of vim's internal memory. (CVE-2022-0158)
A flaw was found in vim. The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0213)
A heap based out-of-bounds write flaw was found in vim's ops.c. This flaw allows an malicious user to trick a user to open a crafted file triggering an out-of-bounds write. This vulnerability is capable of crashing software, modify memory, and possible code execution. (CVE-2022-0261)
A flaw was found in vim. The vulnerability occurs due to reading beyond the end of a line in the utf_head_off function, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0318)
A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0351)
A flaw was found in vim. The vulnerability occurs due to Illegal memory access with large tabstop in Ex mode, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0359). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-03-14-4 macOS Monterey 12.3
macOS Monterey 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213183.
Accelerate Framework Available for: macOS Monterey Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22669: an anonymous researcher
AppKit Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team
AppleGraphicsControl Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.79.1. CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 CVE-2022-22623
FaceTime Available for: macOS Monterey Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks. CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google
Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab
IOGPUFamily Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher
Kernel Available for: macOS Monterey Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders
Kernel Available for: macOS Monterey Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn
libarchive Available for: macOS Monterey Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation. CVE-2021-36976
Login Window Available for: macOS Monterey Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher
LoginWindow Available for: macOS Monterey Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-22657: Brandon Perry of Atredis Partners
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22664: Brandon Perry of Atredis Partners
NSSpellChecker Available for: macOS Monterey Impact: A malicious application may be able to access information about a user's contacts Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2022-22644: an anonymous researcher
PackageKit Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t)
Preferences Available for: macOS Monterey Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
QuickTime Player Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing
Safari Downloads Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
Sandbox Available for: macOS Monterey Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran
Siri Available for: macOS Monterey Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)
SMB Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22651: Felix Poulin-Belanger
SoftwareUpdate Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22639: Mickey Jin (@patch1t)
System Preferences Available for: macOS Monterey Impact: An app may be able to spoof system notifications and UI Description: This issue was addressed with a new entitlement. CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)
UIKit Available for: macOS Monterey Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt
Vim Available for: macOS Monterey Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158
VoiceOver Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2021-30918: an anonymous researcher
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: macOS Monterey Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google
Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2022-22668: MrPhil17
xar Available for: macOS Monterey Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2022-22582: Richard Warren of NCC Group
Additional recognition
AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance.
Bluetooth We would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance.
Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance.
Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.
Local Authentication We would like to acknowledge an anonymous researcher for their assistance.
Notes We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance.
Password Manager We would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance.
Siri We would like to acknowledge an anonymous researcher for their assistance.
syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.
TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.
WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.
macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM 0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/ KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI= =RiA+ -----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. ========================================================================== Ubuntu Security Notice USN-6195-1 July 03, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim contained an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0128)
It was discovered that Vim did not properly manage memory when freeing allocated memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0158)
It was discovered that Vim did not properly manage memory when recording and using select mode. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0393)
It was discovered that Vim incorrectly handled certain memory operations during a visual block yank. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0407)
It was discovered that Vim contained a NULL pointer dereference vulnerability when switching tabpages. An attacker could possible use this issue to cause a denial of service. (CVE-2022-0696)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.9 vim-athena 2:8.2.3995-1ubuntu2.9 vim-gtk3 2:8.2.3995-1ubuntu2.9 vim-nox 2:8.2.3995-1ubuntu2.9 vim-tiny 2:8.2.3995-1ubuntu2.9 xxd 2:8.2.3995-1ubuntu2.9
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0356",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.8"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4040"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002945"
},
{
"db": "NVD",
"id": "CVE-2022-0156"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167788"
}
],
"trust": 0.2
},
"cve": "CVE-2022-0156",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0156",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-411554",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0156",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.5,
"id": "CVE-2022-0156",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-0156",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0156",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0156",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-0156",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-667",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-411554",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0156",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411554"
},
{
"db": "VULMON",
"id": "CVE-2022-0156"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002945"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-667"
},
{
"db": "NVD",
"id": "CVE-2022-0156"
},
{
"db": "NVD",
"id": "CVE-2022-0156"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim is vulnerable to Use After Free. vim Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state. Vim is an editor based on the UNIX platform. It was found that vim was vulnerable to use-after-free flaw in the way it was treating allocated lines in user functions. A specially crafted file could crash the vim process or possibly lead to other undefined behaviors. (CVE-2022-0156)\nIt was found that vim was vulnerable to a 1 byte heap based out of bounds read flaw in the `compile_get_env()` function. A file could use that flaw to disclose 1 byte of vim\u0027s internal memory. (CVE-2022-0158)\nA flaw was found in vim. The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0213)\nA heap based out-of-bounds write flaw was found in vim\u0027s ops.c. This flaw allows an malicious user to trick a user to open a crafted file triggering an out-of-bounds write. This vulnerability is capable of crashing software, modify memory, and possible code execution. (CVE-2022-0261)\nA flaw was found in vim. The vulnerability occurs due to reading beyond the end of a line in the utf_head_off function, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0318)\nA flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0351)\nA flaw was found in vim. The vulnerability occurs due to Illegal memory access with large tabstop in Ex mode, which can lead to a heap buffer overflow. This flaw allows an malicious user to input a specially crafted file, leading to a crash or code execution. (CVE-2022-0359). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-4 macOS Monterey 12.3\n\nmacOS Monterey 12.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213183. \n\nAccelerate Framework\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-22633: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22669: an anonymous researcher\n\nAppKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22631: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: An application may be able to read restricted memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-22648: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\nBOM\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.79.1. \nCVE-2021-22946\nCVE-2021-22947\nCVE-2021-22945\nCVE-2022-22623\n\nFaceTime\nAvailable for: macOS Monterey\nImpact: A user may send audio and video in a FaceTime call without\nknowing that they have done so\nDescription: This issue was addressed with improved checks. \nCVE-2022-22643: Sonali Luthar of the University of Virginia, Michael\nLiao of the University of Illinois at Urbana-Champaign, Rohan Pahwa\nof Rutgers University, and Bao Nguyen of the University of Florida\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22611: Xingyu Jin of Google\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-22612: Xingyu Jin of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba\nSecurity Pandora Lab\n\nIOGPUFamily\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22641: Mohamed Ghannam (@_simo36)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22613: Alex, an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22614: an anonymous researcher\nCVE-2022-22615: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22632: Keegan Saunders\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-22638: derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22640: sqrtpwn\n\nlibarchive\nAvailable for: macOS Monterey\nImpact: Multiple issues in libarchive\nDescription: Multiple memory corruption issues existed in libarchive. \nThese issues were addressed with improved input validation. \nCVE-2021-36976\n\nLogin Window\nAvailable for: macOS Monterey\nImpact: A person with access to a Mac may be able to bypass Login\nWindow\nDescription: This issue was addressed with improved checks. \nCVE-2022-22647: an anonymous researcher\n\nLoginWindow\nAvailable for: macOS Monterey\nImpact: A local attacker may be able to view the previous logged in\nuser\u2019s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2022-22656\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-22657: Brandon Perry of Atredis Partners\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22664: Brandon Perry of Atredis Partners\n\nNSSpellChecker\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access information\nabout a user\u0027s contacts\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed with improved state management. \nCVE-2022-22644: an anonymous researcher\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22617: Mickey Jin (@patch1t)\n\nPreferences\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to read other\napplications\u0027 settings\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nQuickTime Player\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-22650: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nSafari Downloads\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: The issue was addressed with improved permissions logic. \nCVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,\nKhiem Tran\n\nSiri\nAvailable for: macOS Monterey\nImpact: A person with physical access to a device may be able to use\nSiri to obtain some location information from the lock screen\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,\nMcCombs School of Business (linkedin.com/andrew-goldberg/)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22651: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22639: Mickey Jin (@patch1t)\n\nSystem Preferences\nAvailable for: macOS Monterey\nImpact: An app may be able to spoof system notifications and UI\nDescription: This issue was addressed with a new entitlement. \nCVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nUIKit\nAvailable for: macOS Monterey\nImpact: A person with physical access to an iOS device may be able to\nsee sensitive information via keyboard suggestions\nDescription: This issue was addressed with improved checks. \nCVE-2022-22621: Joey Hewitt\n\nVim\nAvailable for: macOS Monterey\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\nCVE-2022-0156\nCVE-2022-0158\n\nVoiceOver\nAvailable for: macOS Monterey\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2021-30918: an anonymous researcher\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cookie management issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232748\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232812\nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 233172\nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\nWebKit Bugzilla: 234147\nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 234966\nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro\nZero Day Initiative\n\nWebKit\nAvailable for: macOS Monterey\nImpact: A malicious website may cause unexpected cross-origin\nbehavior\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 235294\nCVE-2022-22637: Tom McKee of Google\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-22668: MrPhil17\n\nxar\nAvailable for: macOS Monterey\nImpact: A local user may be able to write arbitrary files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2022-22582: Richard Warren of NCC Group\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Omar Espino (omespino.com), Ron Masas of\nBreakPoint.sh for their assistance. \n\nBluetooth\nWe would like to acknowledge an anonymous researcher, chenyuwang\n(@mzzzz__) of Tencent Security Xuanwu Lab for their assistance. \n\nFace Gallery\nWe would like to acknowledge Tian Zhang (@KhaosT) for their\nassistance. \n\nIntel Graphics Driver\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi\nWu (@3ndy1) for their assistance. \n\nLocal Authentication\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNotes\nWe would like to acknowledge Nathaniel Ekoniak of Ennate Technologies\nfor their assistance. \n\nPassword Manager\nWe would like to acknowledge Maximilian Golla (@m33x) of Max Planck\nInstitute for Security and Privacy (MPI-SP) for their assistance. \n\nSiri\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nsyslog\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for\ntheir assistance. \n\nTCC\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their\nassistance. \n\nWebKit\nWe would like to acknowledge Abdullah Md Shaleh for their assistance. \n\nWebKit Storage\nWe would like to acknowledge Martin Bajanik of FingerprintJS for\ntheir assistance. \n\nmacOS Monterey 12.3 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p\nrhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd\nLrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC\njfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM\n0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL\nosOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa\nrizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/\nKZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB\nL1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi\nkwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ\nJSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo\nGXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI=\n=RiA+\n-----END PGP SIGNATURE-----\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. ==========================================================================\nUbuntu Security Notice USN-6195-1\nJuly 03, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim contained an out-of-bounds read vulnerability. \nAn attacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. (CVE-2022-0128)\n\nIt was discovered that Vim did not properly manage memory when freeing\nallocated memory. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. An attacker could possibly use this issue to cause a denial\nof service or execute arbitrary code. (CVE-2022-0158)\n\nIt was discovered that Vim did not properly manage memory when recording\nand using select mode. An attacker could possibly use this issue to cause\na denial of service. (CVE-2022-0393)\n\nIt was discovered that Vim incorrectly handled certain memory operations\nduring a visual block yank. An attacker could possibly use this issue to\ncause a denial of service or execute arbitrary code. (CVE-2022-0407)\n\nIt was discovered that Vim contained a NULL pointer dereference\nvulnerability when switching tabpages. An attacker could possible use this\nissue to cause a denial of service. (CVE-2022-0696)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.9\n vim-athena 2:8.2.3995-1ubuntu2.9\n vim-gtk3 2:8.2.3995-1ubuntu2.9\n vim-nox 2:8.2.3995-1ubuntu2.9\n vim-tiny 2:8.2.3995-1ubuntu2.9\n xxd 2:8.2.3995-1ubuntu2.9\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0156"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002945"
},
{
"db": "VULHUB",
"id": "VHN-411554"
},
{
"db": "VULMON",
"id": "CVE-2022-0156"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167788"
},
{
"db": "PACKETSTORM",
"id": "173275"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0156",
"trust": 3.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/15/1",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "166319",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167788",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002945",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202201-667",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022072102",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022220",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031433",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3560",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3782",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-03942",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-411554",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0156",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "173275",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411554"
},
{
"db": "VULMON",
"id": "CVE-2022-0156"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002945"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167788"
},
{
"db": "PACKETSTORM",
"id": "173275"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-667"
},
{
"db": "NVD",
"id": "CVE-2022-0156"
}
]
},
"id": "VAR-202201-0356",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411554"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:29:23.948000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213183 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/"
},
{
"title": "Vim Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=177699"
},
{
"title": "Red Hat: CVE-2022-0156",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0156"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1567",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1567"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1751",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1751"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-014",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-014"
},
{
"title": "Apple: macOS Big Sur 11.6.8",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=46307825e8223bef6aa99c76dff503a5"
},
{
"title": "Apple: macOS Monterey 12.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f1105c4a20da11497b610b14a1668180"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0156"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002945"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-667"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411554"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002945"
},
{
"db": "NVD",
"id": "CVE-2022-0156"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213183"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213344"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/mar/29"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/jul/13"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"trust": 1.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hd5s2fc2hf22a7xqxk2xxir46earvwim/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hd5s2fc2hf22a7xqxk2xxir46earvwim/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072102"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022220"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213183"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167788/apple-security-advisory-2022-07-20-3.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213344"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166319/apple-security-advisory-2022-03-14-4.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3560"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-reuse-after-free-via-vim-vsnprintf-typval-37249"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3782"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031433"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1567.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22582"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213183."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32800"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32812"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26704"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213344."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32807"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0696"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.9"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6195-1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411554"
},
{
"db": "VULMON",
"id": "CVE-2022-0156"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002945"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167788"
},
{
"db": "PACKETSTORM",
"id": "173275"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-667"
},
{
"db": "NVD",
"id": "CVE-2022-0156"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-411554"
},
{
"db": "VULMON",
"id": "CVE-2022-0156"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002945"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167788"
},
{
"db": "PACKETSTORM",
"id": "173275"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-667"
},
{
"db": "NVD",
"id": "CVE-2022-0156"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-411554"
},
{
"date": "2022-01-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0156"
},
{
"date": "2023-01-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002945"
},
{
"date": "2022-03-15T15:49:02",
"db": "PACKETSTORM",
"id": "166319"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-07-22T16:23:29",
"db": "PACKETSTORM",
"id": "167788"
},
{
"date": "2023-07-04T01:10:12",
"db": "PACKETSTORM",
"id": "173275"
},
{
"date": "2022-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-667"
},
{
"date": "2022-01-10T16:15:09.733000",
"db": "NVD",
"id": "CVE-2022-0156"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-26T00:00:00",
"db": "VULHUB",
"id": "VHN-411554"
},
{
"date": "2022-08-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0156"
},
{
"date": "2023-01-31T02:48:00",
"db": "JVNDB",
"id": "JVNDB-2022-002945"
},
{
"date": "2023-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-667"
},
{
"date": "2024-11-21T06:38:01.293000",
"db": "NVD",
"id": "CVE-2022-0156"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-667"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim\u00a0 Vulnerability in using free memory in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002945"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-667"
}
],
"trust": 0.6
}
}
var-202105-1253
Vulnerability from variot
.NET and Visual Studio Elevation of Privilege Vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A flaw was found in dotnet. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2021:1546-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1546 Issue date: 2021-05-12 CVE Names: CVE-2021-31204 ==================================================================== 1. Summary:
An update for rh-dotnet50-dotnet is now available for .NET on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.203 and .NET Runtime 5.0.6.
Security Fix(es):
- dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)
In order for the update to be complete, self-contained applications deployed using previous versions need to be recompiled and redeployed.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1956815 - CVE-2021-31204 dotnet: .NET Core single-file application privilege escalation
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet50-dotnet-5.0.203-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.203-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet50-dotnet-5.0.203-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.203-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet50-dotnet-5.0.203-1.el7_9.src.rpm
x86_64: rh-dotnet50-aspnetcore-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-apphost-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-debuginfo-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-host-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-hostfxr-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-sdk-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm rh-dotnet50-dotnet-templates-5.0-5.0.203-1.el7_9.x86_64.rpm rh-dotnet50-netstandard-targeting-pack-2.1-5.0.203-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-31204 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYJuTg9zjgjWX9erEAQi24A/+IQHDppohTDfSg+JLDlRUTIQgwofJr5sa nNxTqZqvbp+qS4q1c/C2rBtRMGwkwn3Nb1+4ea3rUcl9M2vw4ijRK1CVGiBdFUyV k+Mfj3bdBgMovspyNF/Y2vV0419hLGFRZQUIK59naa86wJWvjLpUf5fX88J65R/P O19JYiJKQKudF8LY4KDYU3uRbPJ+Fpi7mv/BLHzxFdoRclHyDhLgtiNg7fn1yDOS pZUV8fi/R4LB65hVqgrJIIJp+nut1RLrb41hPWFS+n3tG48k132D5bIQ4M5qk1nL VpiKAAKLlDtUrlsDsQHmX2Rwa+fKVK1Am1lxI5hhlGa025uzB/WvlWlxvULk+fa2 LFkEdoDfvMKEIvEhnYnpDy5w1VJqW3QcshmOWmCzqpYZVxWpsDS067uh2+b2uaHd y/Na92kAJ2x3Zl6NfXkcGYLzXKJDWH43ngjQmW2tcoGRdh8S287QCEmMA72lDd+M NWsK7q+UsX7O5INSsWja+dp1VKlbfw+Fzc8OS5ozCHZyl0ubUf2meCMwqJlsOTtg Wpj77OODn658HyJ31ItdFLOY4ftKm/SfFku11HIrmuUS8UTvuWz/Skwd1gQ2nYgv vJQSGsESo1M4SqcvPmj//ljMk3RAzxFjh2is0/3KmSe8mqFfLiuG2Wy+KpFvlGPD ryjzBqi6068=tgxd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-1253",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.5.0"
},
{
"model": "visual studio 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "8.9"
},
{
"model": "visual studio 2019",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.4.22"
},
{
"model": ".net core",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1.14"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.0"
},
{
"model": "visual studio 2019",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.9.5"
},
{
"model": "visual studio 2019",
"scope": "lt",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.7.15"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.8.0"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": ".net",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0.5"
},
{
"model": ".net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": "microsoft visual studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": ".net core",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": ".net",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001514"
},
{
"db": "NVD",
"id": "CVE-2021-31204"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162702"
},
{
"db": "PACKETSTORM",
"id": "162706"
},
{
"db": "PACKETSTORM",
"id": "162553"
},
{
"db": "PACKETSTORM",
"id": "162552"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-624"
}
],
"trust": 1.0
},
"cve": "CVE-2021-31204",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2021-31204",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-31204",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "secure@microsoft.com",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.3,
"id": "CVE-2021-31204",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-31204",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-31204",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "secure@microsoft.com",
"id": "CVE-2021-31204",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-31204",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-624",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-31204",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001514"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-624"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-31204"
},
{
"db": "NVD",
"id": "CVE-2021-31204"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET and Visual Studio Elevation of Privilege Vulnerability. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A flaw was found in dotnet. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update\nAdvisory ID: RHSA-2021:1546-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1546\nIssue date: 2021-05-12\nCVE Names: CVE-2021-31204\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet50-dotnet is now available for .NET on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now\navailable. The updated versions are .NET SDK 5.0.203 and .NET Runtime\n5.0.6. \n\nSecurity Fix(es):\n\n* dotnet: .NET Core single-file application privilege escalation\n(CVE-2021-31204)\n\nIn order for the update to be complete, self-contained applications\ndeployed using previous versions need to be recompiled and redeployed. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1956815 - CVE-2021-31204 dotnet: .NET Core single-file application privilege escalation\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.203-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.203-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.203-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.203-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet50-dotnet-5.0.203-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet50-aspnetcore-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-apphost-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-debuginfo-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-host-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-hostfxr-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-runtime-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-sdk-5.0-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-targeting-pack-5.0-5.0.6-1.el7_9.x86_64.rpm\nrh-dotnet50-dotnet-templates-5.0-5.0.203-1.el7_9.x86_64.rpm\nrh-dotnet50-netstandard-targeting-pack-2.1-5.0.203-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-31204\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYJuTg9zjgjWX9erEAQi24A/+IQHDppohTDfSg+JLDlRUTIQgwofJr5sa\nnNxTqZqvbp+qS4q1c/C2rBtRMGwkwn3Nb1+4ea3rUcl9M2vw4ijRK1CVGiBdFUyV\nk+Mfj3bdBgMovspyNF/Y2vV0419hLGFRZQUIK59naa86wJWvjLpUf5fX88J65R/P\nO19JYiJKQKudF8LY4KDYU3uRbPJ+Fpi7mv/BLHzxFdoRclHyDhLgtiNg7fn1yDOS\npZUV8fi/R4LB65hVqgrJIIJp+nut1RLrb41hPWFS+n3tG48k132D5bIQ4M5qk1nL\nVpiKAAKLlDtUrlsDsQHmX2Rwa+fKVK1Am1lxI5hhlGa025uzB/WvlWlxvULk+fa2\nLFkEdoDfvMKEIvEhnYnpDy5w1VJqW3QcshmOWmCzqpYZVxWpsDS067uh2+b2uaHd\ny/Na92kAJ2x3Zl6NfXkcGYLzXKJDWH43ngjQmW2tcoGRdh8S287QCEmMA72lDd+M\nNWsK7q+UsX7O5INSsWja+dp1VKlbfw+Fzc8OS5ozCHZyl0ubUf2meCMwqJlsOTtg\nWpj77OODn658HyJ31ItdFLOY4ftKm/SfFku11HIrmuUS8UTvuWz/Skwd1gQ2nYgv\nvJQSGsESo1M4SqcvPmj//ljMk3RAzxFjh2is0/3KmSe8mqFfLiuG2Wy+KpFvlGPD\nryjzBqi6068=tgxd\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001514"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-31204"
},
{
"db": "PACKETSTORM",
"id": "162702"
},
{
"db": "PACKETSTORM",
"id": "162706"
},
{
"db": "PACKETSTORM",
"id": "162553"
},
{
"db": "PACKETSTORM",
"id": "162552"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-31204",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001514",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162702",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162552",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021052223",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051320",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051141",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052517",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1630",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1760",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-624",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-31204",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162706",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162553",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001514"
},
{
"db": "PACKETSTORM",
"id": "162702"
},
{
"db": "PACKETSTORM",
"id": "162706"
},
{
"db": "PACKETSTORM",
"id": "162553"
},
{
"db": "PACKETSTORM",
"id": "162552"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-624"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-31204"
}
]
},
"id": "VAR-202105-1253",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-08-14T12:18:35.425000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": ".NET\u00a0and\u00a0Visual\u00a0Studio\u00a0Elevation\u00a0of\u00a0Privilege\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4F3VM3RMPE7PNNLLI3BPCSAXITQZCFCA/"
},
{
"title": "Microsoft Visual Studio Fixes for permissions and access control issues vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151246"
},
{
"title": "Red Hat: CVE-2021-31204",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-31204"
},
{
"title": "Arch Linux Advisories: [ASA-202105-22] dotnet-runtime-3.1: privilege escalation",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202105-22"
},
{
"title": "Arch Linux Advisories: [ASA-202105-20] dotnet-sdk: privilege escalation",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202105-20"
},
{
"title": "Arch Linux Advisories: [ASA-202105-21] dotnet-runtime: privilege escalation",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202105-21"
},
{
"title": "Arch Linux Advisories: [ASA-202105-23] dotnet-sdk-3.1: privilege escalation",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202105-23"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-31204 log"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/wormable-windows-bug-dos-rce/166057/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001514"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-624"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Improper authority management (CWE-269) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001514"
},
{
"db": "NVD",
"id": "CVE-2021-31204"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-31204"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31204"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31204"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4f3vm3rmpe7pnnlli3bpcsaxitqzcfca/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6m7kl3kthjvqnra3cwfutesqjarqehsz/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fvmwzpf4fr6jpfsnaidiudulhzjbvcw6/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lfxjpquyuitjmv75yn3xige3kkn5gocu/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/uv4itb3sudgr23g7xaluvkfjmzerfukf/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zwf25z3cz6lycohz7fpsfaq426jubuz4/"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20210512-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2021/at210024.html"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/fvmwzpf4fr6jpfsnaidiudulhzjbvcw6/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/uv4itb3sudgr23g7xaluvkfjmzerfukf/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4f3vm3rmpe7pnnlli3bpcsaxitqzcfca/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6m7kl3kthjvqnra3cwfutesqjarqehsz/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lfxjpquyuitjmv75yn3xige3kkn5gocu/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zwf25z3cz6lycohz7fpsfaq426jubuz4/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-may-2021-35383"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051320"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162702/red-hat-security-advisory-2021-2037-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162552/red-hat-security-advisory-2021-1546-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052223"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1630"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1760"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052517"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051141"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-31204"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/269.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/wormable-windows-bug-dos-rce/166057/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2037"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2036"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1547"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1546"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001514"
},
{
"db": "PACKETSTORM",
"id": "162702"
},
{
"db": "PACKETSTORM",
"id": "162706"
},
{
"db": "PACKETSTORM",
"id": "162553"
},
{
"db": "PACKETSTORM",
"id": "162552"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-624"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-31204"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-31204"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001514"
},
{
"db": "PACKETSTORM",
"id": "162702"
},
{
"db": "PACKETSTORM",
"id": "162706"
},
{
"db": "PACKETSTORM",
"id": "162553"
},
{
"db": "PACKETSTORM",
"id": "162552"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-624"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-31204"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-31204"
},
{
"date": "2021-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001514"
},
{
"date": "2021-05-19T14:23:23",
"db": "PACKETSTORM",
"id": "162702"
},
{
"date": "2021-05-19T14:23:53",
"db": "PACKETSTORM",
"id": "162706"
},
{
"date": "2021-05-12T13:53:06",
"db": "PACKETSTORM",
"id": "162553"
},
{
"date": "2021-05-12T13:52:59",
"db": "PACKETSTORM",
"id": "162552"
},
{
"date": "2021-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-624"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-05-11T19:15:10.327000",
"db": "NVD",
"id": "CVE-2021-31204"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-31204"
},
{
"date": "2021-05-26T09:07:00",
"db": "JVNDB",
"id": "JVNDB-2021-001514"
},
{
"date": "2022-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-624"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2023-12-29T00:15:49.127000",
"db": "NVD",
"id": "CVE-2021-31204"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-624"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET\u00a0 and \u00a0Microsoft\u00a0Visual\u00a0Studio\u00a0 Vulnerability to elevate privileges in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001514"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-624"
}
],
"trust": 0.6
}
}
var-202204-0838
Vulnerability from variot
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0838",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4763"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009751"
},
{
"db": "NVD",
"id": "CVE-2022-1381"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-1381",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1381",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-419494",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1381",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.4,
"id": "CVE-2022-1381",
"impactScore": 5.8,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-1381",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1381",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1381",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-1381",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-3649",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-419494",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1381",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419494"
},
{
"db": "VULMON",
"id": "CVE-2022-1381"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009751"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3649"
},
{
"db": "NVD",
"id": "CVE-2022-1381"
},
{
"db": "NVD",
"id": "CVE-2022-1381"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1381"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009751"
},
{
"db": "VULHUB",
"id": "VHN-419494"
},
{
"db": "VULMON",
"id": "CVE-2022-1381"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1381",
"trust": 3.6
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009751",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052018",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022061208",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3649",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-419494",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1381",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419494"
},
{
"db": "VULMON",
"id": "CVE-2022-1381"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009751"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3649"
},
{
"db": "NVD",
"id": "CVE-2022-1381"
}
]
},
"id": "VAR-202204-0838",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-419494"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:02:41.039000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\"\u00a0in\u00a0Ex\u00a0mode Apple Apple\u00a0Security\u00a0Updates",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/"
},
{
"title": "vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=190687"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1381"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1381"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009751"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3649"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419494"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009751"
},
{
"db": "NVD",
"id": "CVE-2022-1381"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x6e457nyoirwbjhkb7on44uy5avtg4hu/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kvpzve2cie2ngchzdmehpbwn3lk2uqaa/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/kvpzve2cie2ngchzdmehpbwn3lk2uqaa/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x6e457nyoirwbjhkb7on44uy5avtg4hu/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-1381"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-skip-range-38137"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1381/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022061208"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052018"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419494"
},
{
"db": "VULMON",
"id": "CVE-2022-1381"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009751"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3649"
},
{
"db": "NVD",
"id": "CVE-2022-1381"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-419494"
},
{
"db": "VULMON",
"id": "CVE-2022-1381"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009751"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3649"
},
{
"db": "NVD",
"id": "CVE-2022-1381"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-419494"
},
{
"date": "2022-04-18T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1381"
},
{
"date": "2023-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-009751"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3649"
},
{
"date": "2022-04-18T01:15:10.183000",
"db": "NVD",
"id": "CVE-2022-1381"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-04T00:00:00",
"db": "VULHUB",
"id": "VHN-419494"
},
{
"date": "2022-04-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1381"
},
{
"date": "2023-08-08T06:27:00",
"db": "JVNDB",
"id": "JVNDB-2022-009751"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3649"
},
{
"date": "2024-11-21T06:40:36.850000",
"db": "NVD",
"id": "CVE-2022-1381"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3649"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009751"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3649"
}
],
"trust": 0.6
}
}
var-202202-0152
Vulnerability from variot
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. vim/vim Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5460-1 June 06, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0943)
It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1616)
It was discovered that Vim was not properly processing latin1 data when issuing Ex commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1619)
It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers, which could cause a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-1620)
It was discovered that Vim was not properly processing invalid bytes when performing spell check operations, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1621)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm6
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5460-1 CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0152",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4440"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005994"
},
{
"db": "NVD",
"id": "CVE-2022-0729"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
}
],
"trust": 0.1
},
"cve": "CVE-2022-0729",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2022-0729",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-415704",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-0729",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0729",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-0729",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0729",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0729",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-0729",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1791",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-415704",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0729",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415704"
},
{
"db": "VULMON",
"id": "CVE-2022-0729"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005994"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1791"
},
{
"db": "NVD",
"id": "CVE-2022-0729"
},
{
"db": "NVD",
"id": "CVE-2022-0729"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. vim/vim Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-5460-1\nJune 06, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. \nAn attacker could possibly use this issue to perform illegal memory\naccess and expose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks\nfor column numbers when replacing tabs with spaces or spaces with\ntabs, which could cause a heap buffer overflow. An attacker could\npossibly use this issue to cause a denial of service or execute\narbitrary code. (CVE-2022-0572)\n\nIt was discovered that Vim was not properly performing validation of\ndata that contained special multi-byte characters, which could cause\nan out-of-bounds read. An attacker could possibly use this issue to\ncause a denial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to\ndefine indentation in a file, which could cause a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial\nof service. (CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds\nread. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2022-0729)\n\nIt was discovered that Vim was not properly performing bounds checks\nwhen executing spell suggestion commands, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-0943)\n\nIt was discovered that Vim was incorrectly performing bounds checks\nwhen processing invalid commands with composing characters in Ex\nmode, which could cause a buffer overflow. An attacker could possibly\nuse this issue to cause a denial of service or execute arbitrary\ncode. (CVE-2022-1616)\n\nIt was discovered that Vim was not properly processing latin1 data\nwhen issuing Ex commands, which could cause a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-1619)\n\nIt was discovered that Vim was not properly performing memory\nmanagement when dealing with invalid regular expression patterns in\nbuffers, which could cause a NULL pointer dereference. An attacker\ncould possibly use this issue to cause a denial of service. \n(CVE-2022-1620)\n\nIt was discovered that Vim was not properly processing invalid bytes\nwhen performing spell check operations, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-1621)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n vim 2:7.4.1689-3ubuntu1.5+esm6\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5460-1\n CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714,\n CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619,\n CVE-2022-1620, CVE-2022-1621\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0729"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005994"
},
{
"db": "VULHUB",
"id": "VHN-415704"
},
{
"db": "VULMON",
"id": "CVE-2022-0729"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0729",
"trust": 3.6
},
{
"db": "PACKETSTORM",
"id": "167419",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005994",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.2791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1056",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060635",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1791",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-415704",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0729",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415704"
},
{
"db": "VULMON",
"id": "CVE-2022-0729"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005994"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1791"
},
{
"db": "NVD",
"id": "CVE-2022-0729"
}
]
},
"id": "VAR-202202-0152",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415704"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:14:16.658000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=184512"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0729"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1579",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1579"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-077",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-077"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0729"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005994"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1791"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
},
{
"problemtype": "CWE-823",
"trust": 1.1
},
{
"problemtype": "Buffer error (CWE-119) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415704"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005994"
},
{
"db": "NVD",
"id": "CVE-2022-0729"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea"
},
{
"trust": 2.6,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hbuyqbz6gwawjrwp7aodj4khw5bckdvp/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hbuyqbz6gwawjrwp7aodj4khw5bckdvp/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1056"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2791"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-memory-corruption-via-regmatch-37650"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167419/ubuntu-security-notice-usn-5460-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060635"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-0729/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1579.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5460-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415704"
},
{
"db": "VULMON",
"id": "CVE-2022-0729"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005994"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1791"
},
{
"db": "NVD",
"id": "CVE-2022-0729"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415704"
},
{
"db": "VULMON",
"id": "CVE-2022-0729"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005994"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1791"
},
{
"db": "NVD",
"id": "CVE-2022-0729"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-415704"
},
{
"date": "2022-02-23T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0729"
},
{
"date": "2023-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005994"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-06-07T15:13:22",
"db": "PACKETSTORM",
"id": "167419"
},
{
"date": "2022-02-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1791"
},
{
"date": "2022-02-23T14:15:08.123000",
"db": "NVD",
"id": "CVE-2022-0729"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-415704"
},
{
"date": "2022-03-29T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0729"
},
{
"date": "2023-06-22T07:26:00",
"db": "JVNDB",
"id": "JVNDB-2022-005994"
},
{
"date": "2022-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1791"
},
{
"date": "2024-11-21T06:39:16.550000",
"db": "NVD",
"id": "CVE-2022-0729"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1791"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Buffer error vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005994"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1791"
}
],
"trust": 0.6
}
}
var-202203-0664
Vulnerability from variot
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. Bogus NS records supplied by the forwarders may be cached and used by name if it needs to recurse for any reason. This issue causes it to obtain and pass on potentially incorrect answers. (CVE-2021-25220) By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. (CVE-2022-2795) By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. (CVE-2022-38177) By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. (CVE-2022-38178).
For the oldstable distribution (buster), this problem has been fixed in version 1:9.11.5.P4+dfsg-5.1+deb10u7.
For the stable distribution (bullseye), this problem has been fixed in version 1:9.16.27-1~deb11u1.
We recommend that you upgrade your bind9 packages.
For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmI010UACgkQEMKTtsN8 Tjbp3xAAil38qfAIdNkaIxY2bauvTyZDWzr6KUjph0vzmLEoAFQ3bysVSGlCnZk9 IgdyfPRWQ+Bjau1/dlhNYaTlnQajbeyvCXfJcjRRgtUDCp7abZcOcb1WDu8jWLGW iRtKsvKKrTKkIou5LgDlyqZyf6OzjgRdwtm86GDPQiCaSEpmbRt+APj5tkIA9R1G ELWuZsjbIraBU0TsNfOalgNpAWtSBayxKtWB69J8rxUV69JI194A4AJ0wm9SPpFV G/TzlyHp1dUZJRLNmZOZU/dq4pPsXzh9I4QCg1kJWsVHe2ycAJKho6hr5iy43fNl MuokfI9YnU6/9SjHrQAWp1X/6MYCR8NieJ933W89/Zb8eTjTZC8EQGo6fkA287G8 glQOrJHMQyV+b97lT67+ioTHNzTEBXTih7ZDeC1TlLqypCNYhRF/ll0Hx/oeiJFU rbjh2Og9huhD5JH8z8YAvY2g81e7KdPxazuKJnQpxGutqddCuwBvyI9fovYrah9W bYD6rskLZM2x90RI2LszHisl6FV5k37PaczamlRqGgbbMb9YlnDFjJUbM8rZZgD4 +8u/AkHq2+11pTtZ40NYt1gpdidmIC/gzzha2TfZCHMs44KPMMdH+Fid1Kc6/Cq8 QygtL4M387J9HXUrlN7NDUOrDVuVqfBG+ve3i9GCZzYjwtajTAQ= =6st2 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: bind security update Advisory ID: RHSA-2023:0402-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0402 Issue date: 2023-01-24 CVE Names: CVE-2021-25220 CVE-2022-2795 ==================================================================== 1. Summary:
An update for bind is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
Security Fix(es):
-
bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220)
-
bind: processing large delegations may severely degrade resolver performance (CVE-2022-2795)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, the BIND daemon (named) will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
2064512 - CVE-2021-25220 bind: DNS forwarders - cache poisoning vulnerability 2128584 - CVE-2022-2795 bind: processing large delegations may severely degrade resolver performance
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: bind-9.11.4-26.P2.el7_9.13.src.rpm
noarch: bind-license-9.11.4-26.P2.el7_9.13.noarch.rpm
x86_64: bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.i686.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: bind-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-sdb-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: bind-9.11.4-26.P2.el7_9.13.src.rpm
noarch: bind-license-9.11.4-26.P2.el7_9.13.noarch.rpm
x86_64: bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.i686.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: bind-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-sdb-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: bind-9.11.4-26.P2.el7_9.13.src.rpm
noarch: bind-license-9.11.4-26.P2.el7_9.13.noarch.rpm
ppc64: bind-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-chroot-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.ppc.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.ppc.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-libs-9.11.4-26.P2.el7_9.13.ppc.rpm bind-libs-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.ppc.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-pkcs11-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.ppc.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-utils-9.11.4-26.P2.el7_9.13.ppc64.rpm
ppc64le: bind-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-chroot-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-libs-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-pkcs11-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-utils-9.11.4-26.P2.el7_9.13.ppc64le.rpm
s390x: bind-9.11.4-26.P2.el7_9.13.s390x.rpm bind-chroot-9.11.4-26.P2.el7_9.13.s390x.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.s390.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.s390x.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.s390.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.s390x.rpm bind-libs-9.11.4-26.P2.el7_9.13.s390.rpm bind-libs-9.11.4-26.P2.el7_9.13.s390x.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.s390.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.s390x.rpm bind-pkcs11-9.11.4-26.P2.el7_9.13.s390x.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.s390.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.s390x.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.13.s390x.rpm bind-utils-9.11.4-26.P2.el7_9.13.s390x.rpm
x86_64: bind-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.i686.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: bind-debuginfo-9.11.4-26.P2.el7_9.13.ppc.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-devel-9.11.4-26.P2.el7_9.13.ppc.rpm bind-devel-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.ppc.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.ppc.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.ppc.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-sdb-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.13.ppc64.rpm
ppc64le: bind-debuginfo-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-devel-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-sdb-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.13.ppc64le.rpm
s390x: bind-debuginfo-9.11.4-26.P2.el7_9.13.s390.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.s390x.rpm bind-devel-9.11.4-26.P2.el7_9.13.s390.rpm bind-devel-9.11.4-26.P2.el7_9.13.s390x.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.s390.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.s390x.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.s390.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.s390x.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.s390.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.s390x.rpm bind-sdb-9.11.4-26.P2.el7_9.13.s390x.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.13.s390x.rpm
x86_64: bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-sdb-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: bind-9.11.4-26.P2.el7_9.13.src.rpm
noarch: bind-license-9.11.4-26.P2.el7_9.13.noarch.rpm
x86_64: bind-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.i686.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-sdb-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-25220 https://access.redhat.com/security/cve/CVE-2022-2795 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBY9AIs9zjgjWX9erEAQiz9BAAiQvmAQ5DWdOQbHHizPAHBnKnBtNBfCT3 iaAzKQ0Yrpk26N9cdrvcBJwdrHpI28VJ3eemFUxQFseUqtAErsgfL4QqnjPjQgsp U2qLPjqbzfOrbi1CuruMMIIbtxfwvsdic8OB9Zi7XzfZjWm2X4c6Ima+QXol6x9a 8J2qdzCqhoYUXJgdpVK9nAAGsPtidcnqLYYIcTclJArp6uRSlEEk7EbNJvs2SAbj MUo5aq5BoVy2TkiMyqhT5voy6K8f4c7WbQYerNieps18541ZSr29fAzWBznr3Yns gE10Aaoa8uCxlaexFR8EahPVYe6wJAm6R62LBabEWChbzW0oxr7X2DdzX9eiOwl0 wJT0n4GHoFsCGMa+v1yybkjHIUfiW25WC7bC4QDj4fjTpbicVlnttXhQJwCJK5bb PC27GE6qi7EqwHYJa/jPenbIG38mXj/r2bwIr1qYQMLjQ8BQIneShky3ZWE4l/jd zTMwGVal8ACBYdCALx/O9QNyzaO92xHLnKl3DIoqaQdjasIfGp/G6Xc1YggKyZAP VVtXPiOIbReBVNWiBXMH1ZEQeNon4su0/MbMWrmJpwvEzYeXkuWO98LZ4dlLVuim NG/dJ6RqzT6/aqRNVyOt5s4SLIQ5DrPXoPnZRUBsbpWhP6lxPhESKA0TUg5FYz33 eDGIrZR4jEY=azJw -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 9) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. 8) - aarch64, ppc64le, s390x, x86_64
- Gentoo Linux Security Advisory GLSA 202210-25
https://security.gentoo.org/
Severity: Low Title: ISC BIND: Multiple Vulnerabilities Date: October 31, 2022 Bugs: #820563, #835439, #872206 ID: 202210-25
Synopsis
Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/bind < 9.16.33 >= 9.16.33 2 net-dns/bind-tools < 9.16.33 >= 9.16.33
Description
Multiple vulnerabilities have been discovered in ISC BIND. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All ISC BIND users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-9.16.33"
All ISC BIND-tools users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-tools-9.16.33"
References
[ 1 ] CVE-2021-25219 https://nvd.nist.gov/vuln/detail/CVE-2021-25219 [ 2 ] CVE-2021-25220 https://nvd.nist.gov/vuln/detail/CVE-2021-25220 [ 3 ] CVE-2022-0396 https://nvd.nist.gov/vuln/detail/CVE-2022-0396 [ 4 ] CVE-2022-2795 https://nvd.nist.gov/vuln/detail/CVE-2022-2795 [ 5 ] CVE-2022-2881 https://nvd.nist.gov/vuln/detail/CVE-2022-2881 [ 6 ] CVE-2022-2906 https://nvd.nist.gov/vuln/detail/CVE-2022-2906 [ 7 ] CVE-2022-3080 https://nvd.nist.gov/vuln/detail/CVE-2022-3080 [ 8 ] CVE-2022-38177 https://nvd.nist.gov/vuln/detail/CVE-2022-38177 [ 9 ] CVE-2022-38178 https://nvd.nist.gov/vuln/detail/CVE-2022-38178
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202210-25
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5332-1 March 17, 2022
bind9 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Bind.
Software Description: - bind9: Internet Domain Name Server
Details:
Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind incorrectly handled certain bogus NS records when using forwarders. A remote attacker could possibly use this issue to manipulate cache results. (CVE-2021-25220)
It was discovered that Bind incorrectly handled certain crafted TCP streams. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. This issue only affected Ubuntu 21.10. (CVE-2022-0396)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: bind9 1:9.16.15-1ubuntu1.2
Ubuntu 20.04 LTS: bind9 1:9.16.1-0ubuntu2.10
Ubuntu 18.04 LTS: bind9 1:9.11.3+dfsg-1ubuntu1.17
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0664",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.11.0"
},
{
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.12.0"
},
{
"model": "sinec ins",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.16.8"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "19.4"
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "20.4"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "21.2"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.17.0"
},
{
"model": "junos",
"scope": "lt",
"trust": 1.0,
"vendor": "juniper",
"version": "19.3"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "22.1"
},
{
"model": "bind",
"scope": "lte",
"trust": 1.0,
"vendor": "isc",
"version": "9.18.0"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "19.3"
},
{
"model": "sinec ins",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "22.2"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "21.3"
},
{
"model": "bind",
"scope": "lt",
"trust": 1.0,
"vendor": "isc",
"version": "9.11.37"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "20.3"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "20.2"
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.11.4"
},
{
"model": "bind",
"scope": "lt",
"trust": 1.0,
"vendor": "isc",
"version": "9.16.27"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "21.4"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "junos",
"scope": "eq",
"trust": 1.0,
"vendor": "juniper",
"version": "21.1"
},
{
"model": "bind",
"scope": null,
"trust": 0.8,
"vendor": "isc",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "esmpro/serveragent",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001797"
},
{
"db": "NVD",
"id": "CVE-2021-25220"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1514"
}
],
"trust": 0.6
},
"cve": "CVE-2021-25220",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-25220",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-25220",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.3,
"id": "CVE-2021-25220",
"impactScore": 4.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-25220",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-25220",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security-officer@isc.org",
"id": "CVE-2021-25220",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-25220",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1514",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-25220",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25220"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001797"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1514"
},
{
"db": "NVD",
"id": "CVE-2021-25220"
},
{
"db": "NVD",
"id": "CVE-2021-25220"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BIND 9.11.0 -\u003e 9.11.36 9.12.0 -\u003e 9.16.26 9.17.0 -\u003e 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -\u003e 9.11.36-S1 9.16.8-S1 -\u003e 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. Bogus NS records supplied by the forwarders may be cached and used by name if it needs to recurse for any reason. This issue causes it to obtain and pass on potentially incorrect answers. (CVE-2021-25220)\nBy flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver\u0027s performance, effectively denying legitimate clients access to the DNS resolution service. (CVE-2022-2795)\nBy spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. (CVE-2022-38177)\nBy spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. (CVE-2022-38178). \n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 1:9.11.5.P4+dfsg-5.1+deb10u7. \n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 1:9.16.27-1~deb11u1. \n\nWe recommend that you upgrade your bind9 packages. \n\nFor the detailed security status of bind9 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/bind9\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmI010UACgkQEMKTtsN8\nTjbp3xAAil38qfAIdNkaIxY2bauvTyZDWzr6KUjph0vzmLEoAFQ3bysVSGlCnZk9\nIgdyfPRWQ+Bjau1/dlhNYaTlnQajbeyvCXfJcjRRgtUDCp7abZcOcb1WDu8jWLGW\niRtKsvKKrTKkIou5LgDlyqZyf6OzjgRdwtm86GDPQiCaSEpmbRt+APj5tkIA9R1G\nELWuZsjbIraBU0TsNfOalgNpAWtSBayxKtWB69J8rxUV69JI194A4AJ0wm9SPpFV\nG/TzlyHp1dUZJRLNmZOZU/dq4pPsXzh9I4QCg1kJWsVHe2ycAJKho6hr5iy43fNl\nMuokfI9YnU6/9SjHrQAWp1X/6MYCR8NieJ933W89/Zb8eTjTZC8EQGo6fkA287G8\nglQOrJHMQyV+b97lT67+ioTHNzTEBXTih7ZDeC1TlLqypCNYhRF/ll0Hx/oeiJFU\nrbjh2Og9huhD5JH8z8YAvY2g81e7KdPxazuKJnQpxGutqddCuwBvyI9fovYrah9W\nbYD6rskLZM2x90RI2LszHisl6FV5k37PaczamlRqGgbbMb9YlnDFjJUbM8rZZgD4\n+8u/AkHq2+11pTtZ40NYt1gpdidmIC/gzzha2TfZCHMs44KPMMdH+Fid1Kc6/Cq8\nQygtL4M387J9HXUrlN7NDUOrDVuVqfBG+ve3i9GCZzYjwtajTAQ=\n=6st2\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: bind security update\nAdvisory ID: RHSA-2023:0402-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:0402\nIssue date: 2023-01-24\nCVE Names: CVE-2021-25220 CVE-2022-2795\n====================================================================\n1. Summary:\n\nAn update for bind is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly. \n\nSecurity Fix(es):\n\n* bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220)\n\n* bind: processing large delegations may severely degrade resolver\nperformance (CVE-2022-2795)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, the BIND daemon (named) will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2064512 - CVE-2021-25220 bind: DNS forwarders - cache poisoning vulnerability\n2128584 - CVE-2022-2795 bind: processing large delegations may severely degrade resolver performance\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nbind-9.11.4-26.P2.el7_9.13.src.rpm\n\nnoarch:\nbind-license-9.11.4-26.P2.el7_9.13.noarch.rpm\n\nx86_64:\nbind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-libs-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nbind-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-devel-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-pkcs11-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-pkcs11-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-sdb-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-sdb-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nbind-9.11.4-26.P2.el7_9.13.src.rpm\n\nnoarch:\nbind-license-9.11.4-26.P2.el7_9.13.noarch.rpm\n\nx86_64:\nbind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-libs-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nbind-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-devel-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-pkcs11-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-pkcs11-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-sdb-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-sdb-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nbind-9.11.4-26.P2.el7_9.13.src.rpm\n\nnoarch:\nbind-license-9.11.4-26.P2.el7_9.13.noarch.rpm\n\nppc64:\nbind-9.11.4-26.P2.el7_9.13.ppc64.rpm\nbind-chroot-9.11.4-26.P2.el7_9.13.ppc64.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.13.ppc.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.13.ppc64.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.13.ppc.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.13.ppc64.rpm\nbind-libs-9.11.4-26.P2.el7_9.13.ppc.rpm\nbind-libs-9.11.4-26.P2.el7_9.13.ppc64.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.13.ppc.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.13.ppc64.rpm\nbind-pkcs11-9.11.4-26.P2.el7_9.13.ppc64.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.13.ppc.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.13.ppc64.rpm\nbind-pkcs11-utils-9.11.4-26.P2.el7_9.13.ppc64.rpm\nbind-utils-9.11.4-26.P2.el7_9.13.ppc64.rpm\n\nppc64le:\nbind-9.11.4-26.P2.el7_9.13.ppc64le.rpm\nbind-chroot-9.11.4-26.P2.el7_9.13.ppc64le.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.13.ppc64le.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.13.ppc64le.rpm\nbind-libs-9.11.4-26.P2.el7_9.13.ppc64le.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.13.ppc64le.rpm\nbind-pkcs11-9.11.4-26.P2.el7_9.13.ppc64le.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.13.ppc64le.rpm\nbind-pkcs11-utils-9.11.4-26.P2.el7_9.13.ppc64le.rpm\nbind-utils-9.11.4-26.P2.el7_9.13.ppc64le.rpm\n\ns390x:\nbind-9.11.4-26.P2.el7_9.13.s390x.rpm\nbind-chroot-9.11.4-26.P2.el7_9.13.s390x.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.13.s390.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.13.s390x.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.13.s390.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.13.s390x.rpm\nbind-libs-9.11.4-26.P2.el7_9.13.s390.rpm\nbind-libs-9.11.4-26.P2.el7_9.13.s390x.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.13.s390.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.13.s390x.rpm\nbind-pkcs11-9.11.4-26.P2.el7_9.13.s390x.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.13.s390.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.13.s390x.rpm\nbind-pkcs11-utils-9.11.4-26.P2.el7_9.13.s390x.rpm\nbind-utils-9.11.4-26.P2.el7_9.13.s390x.rpm\n\nx86_64:\nbind-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-libs-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-pkcs11-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-pkcs11-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nbind-debuginfo-9.11.4-26.P2.el7_9.13.ppc.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.13.ppc64.rpm\nbind-devel-9.11.4-26.P2.el7_9.13.ppc.rpm\nbind-devel-9.11.4-26.P2.el7_9.13.ppc64.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.13.ppc.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.13.ppc64.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.13.ppc.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.13.ppc64.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.13.ppc.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.13.ppc64.rpm\nbind-sdb-9.11.4-26.P2.el7_9.13.ppc64.rpm\nbind-sdb-chroot-9.11.4-26.P2.el7_9.13.ppc64.rpm\n\nppc64le:\nbind-debuginfo-9.11.4-26.P2.el7_9.13.ppc64le.rpm\nbind-devel-9.11.4-26.P2.el7_9.13.ppc64le.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.13.ppc64le.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.13.ppc64le.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.13.ppc64le.rpm\nbind-sdb-9.11.4-26.P2.el7_9.13.ppc64le.rpm\nbind-sdb-chroot-9.11.4-26.P2.el7_9.13.ppc64le.rpm\n\ns390x:\nbind-debuginfo-9.11.4-26.P2.el7_9.13.s390.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.13.s390x.rpm\nbind-devel-9.11.4-26.P2.el7_9.13.s390.rpm\nbind-devel-9.11.4-26.P2.el7_9.13.s390x.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.13.s390.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.13.s390x.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.13.s390.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.13.s390x.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.13.s390.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.13.s390x.rpm\nbind-sdb-9.11.4-26.P2.el7_9.13.s390x.rpm\nbind-sdb-chroot-9.11.4-26.P2.el7_9.13.s390x.rpm\n\nx86_64:\nbind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-devel-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-sdb-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-sdb-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nbind-9.11.4-26.P2.el7_9.13.src.rpm\n\nnoarch:\nbind-license-9.11.4-26.P2.el7_9.13.noarch.rpm\n\nx86_64:\nbind-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-export-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-libs-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-libs-lite-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-pkcs11-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-pkcs11-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-pkcs11-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nbind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-devel-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-export-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-lite-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.13.i686.rpm\nbind-pkcs11-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-sdb-9.11.4-26.P2.el7_9.13.x86_64.rpm\nbind-sdb-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-25220\nhttps://access.redhat.com/security/cve/CVE-2022-2795\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY9AIs9zjgjWX9erEAQiz9BAAiQvmAQ5DWdOQbHHizPAHBnKnBtNBfCT3\niaAzKQ0Yrpk26N9cdrvcBJwdrHpI28VJ3eemFUxQFseUqtAErsgfL4QqnjPjQgsp\nU2qLPjqbzfOrbi1CuruMMIIbtxfwvsdic8OB9Zi7XzfZjWm2X4c6Ima+QXol6x9a\n8J2qdzCqhoYUXJgdpVK9nAAGsPtidcnqLYYIcTclJArp6uRSlEEk7EbNJvs2SAbj\nMUo5aq5BoVy2TkiMyqhT5voy6K8f4c7WbQYerNieps18541ZSr29fAzWBznr3Yns\ngE10Aaoa8uCxlaexFR8EahPVYe6wJAm6R62LBabEWChbzW0oxr7X2DdzX9eiOwl0\nwJT0n4GHoFsCGMa+v1yybkjHIUfiW25WC7bC4QDj4fjTpbicVlnttXhQJwCJK5bb\nPC27GE6qi7EqwHYJa/jPenbIG38mXj/r2bwIr1qYQMLjQ8BQIneShky3ZWE4l/jd\nzTMwGVal8ACBYdCALx/O9QNyzaO92xHLnKl3DIoqaQdjasIfGp/G6Xc1YggKyZAP\nVVtXPiOIbReBVNWiBXMH1ZEQeNon4su0/MbMWrmJpwvEzYeXkuWO98LZ4dlLVuim\nNG/dJ6RqzT6/aqRNVyOt5s4SLIQ5DrPXoPnZRUBsbpWhP6lxPhESKA0TUg5FYz33\neDGIrZR4jEY=azJw\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 9) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe Dynamic Host Configuration Protocol (DHCP) is a protocol that allows\nindividual devices on an IP network to get their own network configuration\ninformation, including an IP address, a subnet mask, and a broadcast\naddress. The dhcp packages provide a relay agent and ISC DHCP service\nrequired to enable and administer DHCP on a network. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202210-25\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: ISC BIND: Multiple Vulnerabilities\n Date: October 31, 2022\n Bugs: #820563, #835439, #872206\n ID: 202210-25\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in ISC BIND, the worst of\nwhich could result in denial of service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-dns/bind \u003c 9.16.33 \u003e= 9.16.33\n 2 net-dns/bind-tools \u003c 9.16.33 \u003e= 9.16.33\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in ISC BIND. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll ISC BIND users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-dns/bind-9.16.33\"\n\nAll ISC BIND-tools users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-dns/bind-tools-9.16.33\"\n\nReferences\n==========\n\n[ 1 ] CVE-2021-25219\n https://nvd.nist.gov/vuln/detail/CVE-2021-25219\n[ 2 ] CVE-2021-25220\n https://nvd.nist.gov/vuln/detail/CVE-2021-25220\n[ 3 ] CVE-2022-0396\n https://nvd.nist.gov/vuln/detail/CVE-2022-0396\n[ 4 ] CVE-2022-2795\n https://nvd.nist.gov/vuln/detail/CVE-2022-2795\n[ 5 ] CVE-2022-2881\n https://nvd.nist.gov/vuln/detail/CVE-2022-2881\n[ 6 ] CVE-2022-2906\n https://nvd.nist.gov/vuln/detail/CVE-2022-2906\n[ 7 ] CVE-2022-3080\n https://nvd.nist.gov/vuln/detail/CVE-2022-3080\n[ 8 ] CVE-2022-38177\n https://nvd.nist.gov/vuln/detail/CVE-2022-38177\n[ 9 ] CVE-2022-38178\n https://nvd.nist.gov/vuln/detail/CVE-2022-38178\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202210-25\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-5332-1\nMarch 17, 2022\n\nbind9 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Bind. \n\nSoftware Description:\n- bind9: Internet Domain Name Server\n\nDetails:\n\nXiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind\nincorrectly handled certain bogus NS records when using forwarders. A\nremote attacker could possibly use this issue to manipulate cache results. \n(CVE-2021-25220)\n\nIt was discovered that Bind incorrectly handled certain crafted TCP\nstreams. A remote attacker could possibly use this issue to cause Bind to\nconsume resources, leading to a denial of service. This issue only affected\nUbuntu 21.10. (CVE-2022-0396)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n bind9 1:9.16.15-1ubuntu1.2\n\nUbuntu 20.04 LTS:\n bind9 1:9.16.1-0ubuntu2.10\n\nUbuntu 18.04 LTS:\n bind9 1:9.11.3+dfsg-1ubuntu1.17\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25220"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001797"
},
{
"db": "VULMON",
"id": "CVE-2021-25220"
},
{
"db": "PACKETSTORM",
"id": "169261"
},
{
"db": "PACKETSTORM",
"id": "170724"
},
{
"db": "PACKETSTORM",
"id": "169894"
},
{
"db": "PACKETSTORM",
"id": "169846"
},
{
"db": "PACKETSTORM",
"id": "169745"
},
{
"db": "PACKETSTORM",
"id": "169773"
},
{
"db": "PACKETSTORM",
"id": "169587"
},
{
"db": "PACKETSTORM",
"id": "166356"
},
{
"db": "PACKETSTORM",
"id": "166354"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-25220",
"trust": 4.2
},
{
"db": "SIEMENS",
"id": "SSA-637483",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-258-05",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU99475301",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98927070",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001797",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "170724",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169894",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169846",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169773",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169587",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166356",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.1150",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5750",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4616",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1223",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1289",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2694",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1183",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1160",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032124",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031701",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031728",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1514",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-25220",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169261",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169745",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166354",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25220"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001797"
},
{
"db": "PACKETSTORM",
"id": "169261"
},
{
"db": "PACKETSTORM",
"id": "170724"
},
{
"db": "PACKETSTORM",
"id": "169894"
},
{
"db": "PACKETSTORM",
"id": "169846"
},
{
"db": "PACKETSTORM",
"id": "169745"
},
{
"db": "PACKETSTORM",
"id": "169773"
},
{
"db": "PACKETSTORM",
"id": "169587"
},
{
"db": "PACKETSTORM",
"id": "166356"
},
{
"db": "PACKETSTORM",
"id": "166354"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1514"
},
{
"db": "NVD",
"id": "CVE-2021-25220"
}
]
},
"id": "VAR-202203-0664",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.20766129
},
"last_update_date": "2024-11-29T21:30:09.981000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NV22-009",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV/"
},
{
"title": "Ubuntu Security Notice: USN-5332-2: Bind vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5332-2"
},
{
"title": "Red Hat: Moderate: dhcp security and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20228385 - Security Advisory"
},
{
"title": "Red Hat: Moderate: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227790 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: USN-5332-1: Bind vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5332-1"
},
{
"title": "Red Hat: Moderate: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20228068 - Security Advisory"
},
{
"title": "Red Hat: Moderate: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20230402 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-5105-1 bind9 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=16d84b908a424f50b3236db9219500e3"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-25220"
},
{
"title": "Amazon Linux 2: ALAS2-2023-2001",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-2001"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-166",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-166"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-138",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-138"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2021-25220 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25220"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001797"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-444",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001797"
},
{
"db": "NVD",
"id": "CVE-2021-25220"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://kb.isc.org/v1/docs/cve-2021-25220"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202210-25"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"trust": 1.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25220"
},
{
"trust": 1.6,
"url": "https://supportportal.juniper.net/s/article/2022-10-security-bulletin-junos-os-srx-series-cache-poisoning-vulnerability-in-bind-used-by-dns-proxy-cve-2021-25220?language=en_us"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25220"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2sxt7247qtknbq67mnrgzd23adxu6e5u/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5vx3i2u3icoiei5y7oya6cholfmnh3yq/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/api7u5e7sx7baavfnw366ffjgd6nzzkv/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/de3uavcpumakg27zl5yxsp2c3riow3jz/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nyd7us4hzrfugaj66zthfbyvp5n3oqby/"
},
{
"trust": 0.9,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-258-05"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98927070/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99475301/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nyd7us4hzrfugaj66zthfbyvp5n3oqby/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/api7u5e7sx7baavfnw366ffjgd6nzzkv/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5vx3i2u3icoiei5y7oya6cholfmnh3yq/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2sxt7247qtknbq67mnrgzd23adxu6e5u/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/de3uavcpumakg27zl5yxsp2c3riow3jz/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169846/red-hat-security-advisory-2022-8385-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1223"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1289"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/isc-bind-spoofing-via-dns-forwarders-cache-poisoning-37754"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4616"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169894/red-hat-security-advisory-2022-8068-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031728"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166356/ubuntu-security-notice-usn-5332-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1150"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1183"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1160"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169773/red-hat-security-advisory-2022-7643-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170724/red-hat-security-advisory-2023-0402-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169587/gentoo-linux-security-advisory-202210-25.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-25220/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-258-05"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5750"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031701"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2694"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032124"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0396"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5332-2"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2795"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0396"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5332-1"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/444.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-25220"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2023-2001.html"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/bind9"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0402"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8385"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7790"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2906"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2881"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25219"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3080"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38177"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/bind9/1:9.16.1-0ubuntu2.10"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/bind9/1:9.16.15-1ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/bind9/1:9.11.3+dfsg-1ubuntu1.17"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-25220"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001797"
},
{
"db": "PACKETSTORM",
"id": "169261"
},
{
"db": "PACKETSTORM",
"id": "170724"
},
{
"db": "PACKETSTORM",
"id": "169894"
},
{
"db": "PACKETSTORM",
"id": "169846"
},
{
"db": "PACKETSTORM",
"id": "169745"
},
{
"db": "PACKETSTORM",
"id": "169773"
},
{
"db": "PACKETSTORM",
"id": "169587"
},
{
"db": "PACKETSTORM",
"id": "166356"
},
{
"db": "PACKETSTORM",
"id": "166354"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1514"
},
{
"db": "NVD",
"id": "CVE-2021-25220"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-25220"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001797"
},
{
"db": "PACKETSTORM",
"id": "169261"
},
{
"db": "PACKETSTORM",
"id": "170724"
},
{
"db": "PACKETSTORM",
"id": "169894"
},
{
"db": "PACKETSTORM",
"id": "169846"
},
{
"db": "PACKETSTORM",
"id": "169745"
},
{
"db": "PACKETSTORM",
"id": "169773"
},
{
"db": "PACKETSTORM",
"id": "169587"
},
{
"db": "PACKETSTORM",
"id": "166356"
},
{
"db": "PACKETSTORM",
"id": "166354"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1514"
},
{
"db": "NVD",
"id": "CVE-2021-25220"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25220"
},
{
"date": "2022-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001797"
},
{
"date": "2022-03-28T19:12:00",
"db": "PACKETSTORM",
"id": "169261"
},
{
"date": "2023-01-25T16:07:50",
"db": "PACKETSTORM",
"id": "170724"
},
{
"date": "2022-11-16T16:09:16",
"db": "PACKETSTORM",
"id": "169894"
},
{
"date": "2022-11-15T16:40:52",
"db": "PACKETSTORM",
"id": "169846"
},
{
"date": "2022-11-08T13:44:36",
"db": "PACKETSTORM",
"id": "169745"
},
{
"date": "2022-11-08T13:49:24",
"db": "PACKETSTORM",
"id": "169773"
},
{
"date": "2022-10-31T14:50:53",
"db": "PACKETSTORM",
"id": "169587"
},
{
"date": "2022-03-17T15:54:34",
"db": "PACKETSTORM",
"id": "166356"
},
{
"date": "2022-03-17T15:54:20",
"db": "PACKETSTORM",
"id": "166354"
},
{
"date": "2022-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1514"
},
{
"date": "2022-03-23T13:15:07.680000",
"db": "NVD",
"id": "CVE-2021-25220"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-28T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25220"
},
{
"date": "2022-09-20T06:12:00",
"db": "JVNDB",
"id": "JVNDB-2022-001797"
},
{
"date": "2023-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1514"
},
{
"date": "2023-11-09T14:44:33.733000",
"db": "NVD",
"id": "CVE-2021-25220"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "166356"
},
{
"db": "PACKETSTORM",
"id": "166354"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1514"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BIND\u00a0 Cache Pollution with Incorrect Records Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001797"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "environmental issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1514"
}
],
"trust": 0.6
}
}
var-202108-2172
Vulnerability from variot
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. apple's iPadOS Products from multiple vendors, including Microsoft, contain freed memory usage vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
For the oldstable distribution (buster), this problem has been fixed in version 2.32.4-1~deb10u1.
For the stable distribution (bullseye), this problem has been fixed in version 2.32.4-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages. ========================================================================== Ubuntu Security Notice USN-5087-1 September 22, 2021
webkit2gtk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: libjavascriptcoregtk-4.0-18 2.32.4-0ubuntu0.21.04.1 libwebkit2gtk-4.0-37 2.32.4-0ubuntu0.21.04.1
Ubuntu 20.04 LTS: libjavascriptcoregtk-4.0-18 2.32.4-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 2.32.4-0ubuntu0.20.04.1
Ubuntu 18.04 LTS: libjavascriptcoregtk-4.0-18 2.32.4-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 2.32.4-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes. Information about the security content is also available at https://support.apple.com/HT212804. Description: An integer overflow was addressed with improved input validation. CVE-2021-30860: The Citizen Lab
CUPS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A permissions issue existed. CVE-2021-30827: an anonymous researcher Entry added September 20, 2021
CUPS Available for: macOS Big Sur Impact: A local user may be able to read arbitrary files as root Description: This issue was addressed with improved checks. CVE-2021-30828: an anonymous researcher Entry added September 20, 2021
CUPS Available for: macOS Big Sur Impact: A local user may be able to execute arbitrary files Description: A URI parsing issue was addressed with improved parsing. CVE-2021-30829: an anonymous researcher Entry added September 20, 2021
curl Available for: macOS Big Sur Impact: curl could potentially reveal sensitive internal information to the server using a clear-text network protocol Description: A buffer overflow was addressed with improved input validation. CVE-2021-22925 Entry added September 20, 2021
CVMS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro Entry added September 20, 2021
FontParser Available for: macOS Big Sur Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab Entry added September 20, 2021
Gatekeeper Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc. CVE-2021-30847: Mike Zhang of Pangu Lab Entry added September 20, 2021
Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30830: Zweig of Kunlun Lab Entry added September 20, 2021
Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30865: Zweig of Kunlun Lab Entry added September 20, 2021
Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2021-30857: Zweig of Kunlun Lab Entry added September 20, 2021
Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2021-30859: Apple Entry added September 20, 2021
libexpat Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed by updating expat to version 2.4.1. CVE-2013-0340: an anonymous researcher Entry added September 20, 2021
Preferences Available for: macOS Big Sur Impact: An application may be able to access restricted files Description: A validation issue existed in the handling of symlinks. CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Entry added September 20, 2021
Sandbox Available for: macOS Big Sur Impact: A user may gain access to protected parts of the file system Description: An access issue was addressed with improved access restrictions. CVE-2021-30850: an anonymous researcher Entry added September 20, 2021
SMB Available for: macOS Big Sur Impact: A local user may be able to read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs Entry added September 20, 2021
SMB Available for: macOS Big Sur Impact: A remote attacker may be able to leak memory Description: A logic issue was addressed with improved state management. CVE-2021-30858: an anonymous researcher
Additional recognition
APFS We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc. for their assistance. Entry added September 20, 2021
App Support We would like to acknowledge @CodeColorist, an anonymous researcher for their assistance. Entry added September 20, 2021
CoreML We would like to acknowledge hjy79425575 working with Trend Micro Zero Day Initiative for their assistance. Entry added September 20, 2021
CUPS We would like to acknowledge an anonymous researcher for their assistance. Entry added September 20, 2021
Kernel We would like to acknowledge Anthony Steinhauser of Google's Safeside project for their assistance. Entry added September 20, 2021
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Entry added September 20, 2021
smbx We would like to acknowledge Zhongcheng Li (CK01) for their assistance. Entry added September 20, 2021
Installation note:
This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p rhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY eJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B +CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4 5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv 4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD t6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn bwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu R7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC NlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9 4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3 85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw= =9bjT -----END PGP SIGNATURE-----
. CVE-2021-30869: Erye Hernandez of Google Threat Analysis Group, Clément Lecigne of Google Threat Analysis Group, and Ian Beer of Google Project Zero
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. 8.1) - aarch64, ppc64le, s390x, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: webkitgtk4 security update Advisory ID: RHSA-2022:0059-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0059 Issue date: 2022-01-11 CVE Names: CVE-2021-30858 ==================================================================== 1. Summary:
An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch
- Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
- webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30858)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: webkitgtk4-2.28.2-3.el7.src.rpm
x86_64: webkitgtk4-2.28.2-3.el7.i686.rpm webkitgtk4-2.28.2-3.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-3.el7.i686.rpm webkitgtk4-jsc-2.28.2-3.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: webkitgtk4-doc-2.28.2-3.el7.noarch.rpm
x86_64: webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm webkitgtk4-devel-2.28.2-3.el7.i686.rpm webkitgtk4-devel-2.28.2-3.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: webkitgtk4-2.28.2-3.el7.src.rpm
x86_64: webkitgtk4-2.28.2-3.el7.i686.rpm webkitgtk4-2.28.2-3.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-3.el7.i686.rpm webkitgtk4-jsc-2.28.2-3.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: webkitgtk4-doc-2.28.2-3.el7.noarch.rpm
x86_64: webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm webkitgtk4-devel-2.28.2-3.el7.i686.rpm webkitgtk4-devel-2.28.2-3.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: webkitgtk4-2.28.2-3.el7.src.rpm
ppc64: webkitgtk4-2.28.2-3.el7.ppc.rpm webkitgtk4-2.28.2-3.el7.ppc64.rpm webkitgtk4-debuginfo-2.28.2-3.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-3.el7.ppc64.rpm webkitgtk4-jsc-2.28.2-3.el7.ppc.rpm webkitgtk4-jsc-2.28.2-3.el7.ppc64.rpm
ppc64le: webkitgtk4-2.28.2-3.el7.ppc64le.rpm webkitgtk4-debuginfo-2.28.2-3.el7.ppc64le.rpm webkitgtk4-devel-2.28.2-3.el7.ppc64le.rpm webkitgtk4-jsc-2.28.2-3.el7.ppc64le.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.ppc64le.rpm
s390x: webkitgtk4-2.28.2-3.el7.s390.rpm webkitgtk4-2.28.2-3.el7.s390x.rpm webkitgtk4-debuginfo-2.28.2-3.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-3.el7.s390x.rpm webkitgtk4-jsc-2.28.2-3.el7.s390.rpm webkitgtk4-jsc-2.28.2-3.el7.s390x.rpm
x86_64: webkitgtk4-2.28.2-3.el7.i686.rpm webkitgtk4-2.28.2-3.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm webkitgtk4-devel-2.28.2-3.el7.i686.rpm webkitgtk4-devel-2.28.2-3.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-3.el7.i686.rpm webkitgtk4-jsc-2.28.2-3.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: webkitgtk4-doc-2.28.2-3.el7.noarch.rpm
ppc64: webkitgtk4-debuginfo-2.28.2-3.el7.ppc.rpm webkitgtk4-debuginfo-2.28.2-3.el7.ppc64.rpm webkitgtk4-devel-2.28.2-3.el7.ppc.rpm webkitgtk4-devel-2.28.2-3.el7.ppc64.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.ppc.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.ppc64.rpm
s390x: webkitgtk4-debuginfo-2.28.2-3.el7.s390.rpm webkitgtk4-debuginfo-2.28.2-3.el7.s390x.rpm webkitgtk4-devel-2.28.2-3.el7.s390.rpm webkitgtk4-devel-2.28.2-3.el7.s390x.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.s390.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: webkitgtk4-2.28.2-3.el7.src.rpm
x86_64: webkitgtk4-2.28.2-3.el7.i686.rpm webkitgtk4-2.28.2-3.el7.x86_64.rpm webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm webkitgtk4-devel-2.28.2-3.el7.i686.rpm webkitgtk4-devel-2.28.2-3.el7.x86_64.rpm webkitgtk4-jsc-2.28.2-3.el7.i686.rpm webkitgtk4-jsc-2.28.2-3.el7.x86_64.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.i686.rpm webkitgtk4-jsc-devel-2.28.2-3.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: webkitgtk4-doc-2.28.2-3.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-30858 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYd37ddzjgjWX9erEAQjIBw//X0CWLozcqp62pyxvvZD/fpR7OK8ux/kO jIhtCKZdBwK8SaLcLRvFrNvOb/qY3AZa/XbPQjzaKztuWplxDU2LZBz74mngWEW0 r43dWUacOBZq0mbNek5WiInippBLDVDlDzg8X6qwTpH6Z9EqY6EtX9ZzrXtwOthI alOkbYIVJg/4Wkrp8gXyupgT934OyEQfZkrR1SUbxlhKjdfFx7vgeqz3+G7odT75 90MTCo0Vo6XgDOS7j5xjrwQU05vtgvRJH8/OMauSyAzYQ+qPvwJP76CGC7SphGhR LzUWlk5MaCiAGalb9FFK8A4cx8dUv0VAVOP74IZs6IUjpjz4FzSmpnAfZk1xLgyQ SJ7NS1pH2zED20eo5qgSMDvfsPw9igD0DwN29cyPi9IVbLIFjdB4+42yCK6WKOyu l31tVQBHQAbOf7ArUQQdoA7pEGzibEdy3brUbQu4Bv4LCMB2zJpLOFxTzEdp0xyz RYAxA+A8+1brMlvGh8v4wmfAxTvWXuecCnG/ilyXOq1FFQq86CBmj9Da9jLB1VuP S9xKEazAcAdrxivE53wQfUt7HurjJgtjTvUCtDPCiNYZ3617vgd29ep0PtN2EAIe ADXxd0twQIQA84Cjx5TGJgrWoU/dNLFvJFQ72Wkk5Qc0R2ZEnvBYN8ylDPTDLW0s SM2WAjGpY2M=kSrx -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202202-01
https://security.gentoo.org/
Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.
Impact
An attacker, by enticing a user to visit maliciously crafted web content, may be able to execute arbitrary code, violate iframe sandboxing policy, access restricted ports on arbitrary servers, cause memory corruption, or could cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
[ 1 ] CVE-2021-30848 https://nvd.nist.gov/vuln/detail/CVE-2021-30848 [ 2 ] CVE-2021-30888 https://nvd.nist.gov/vuln/detail/CVE-2021-30888 [ 3 ] CVE-2021-30682 https://nvd.nist.gov/vuln/detail/CVE-2021-30682 [ 4 ] CVE-2021-30889 https://nvd.nist.gov/vuln/detail/CVE-2021-30889 [ 5 ] CVE-2021-30666 https://nvd.nist.gov/vuln/detail/CVE-2021-30666 [ 6 ] CVE-2021-30665 https://nvd.nist.gov/vuln/detail/CVE-2021-30665 [ 7 ] CVE-2021-30890 https://nvd.nist.gov/vuln/detail/CVE-2021-30890 [ 8 ] CVE-2021-30661 https://nvd.nist.gov/vuln/detail/CVE-2021-30661 [ 9 ] WSA-2021-0005 https://webkitgtk.org/security/WSA-2021-0005.html [ 10 ] CVE-2021-30761 https://nvd.nist.gov/vuln/detail/CVE-2021-30761 [ 11 ] CVE-2021-30897 https://nvd.nist.gov/vuln/detail/CVE-2021-30897 [ 12 ] CVE-2021-30823 https://nvd.nist.gov/vuln/detail/CVE-2021-30823 [ 13 ] CVE-2021-30734 https://nvd.nist.gov/vuln/detail/CVE-2021-30734 [ 14 ] CVE-2021-30934 https://nvd.nist.gov/vuln/detail/CVE-2021-30934 [ 15 ] CVE-2021-1871 https://nvd.nist.gov/vuln/detail/CVE-2021-1871 [ 16 ] CVE-2021-30762 https://nvd.nist.gov/vuln/detail/CVE-2021-30762 [ 17 ] WSA-2021-0006 https://webkitgtk.org/security/WSA-2021-0006.html [ 18 ] CVE-2021-30797 https://nvd.nist.gov/vuln/detail/CVE-2021-30797 [ 19 ] CVE-2021-30936 https://nvd.nist.gov/vuln/detail/CVE-2021-30936 [ 20 ] CVE-2021-30663 https://nvd.nist.gov/vuln/detail/CVE-2021-30663 [ 21 ] CVE-2021-1825 https://nvd.nist.gov/vuln/detail/CVE-2021-1825 [ 22 ] CVE-2021-30951 https://nvd.nist.gov/vuln/detail/CVE-2021-30951 [ 23 ] CVE-2021-30952 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 [ 24 ] CVE-2021-1788 https://nvd.nist.gov/vuln/detail/CVE-2021-1788 [ 25 ] CVE-2021-1820 https://nvd.nist.gov/vuln/detail/CVE-2021-1820 [ 26 ] CVE-2021-30953 https://nvd.nist.gov/vuln/detail/CVE-2021-30953 [ 27 ] CVE-2021-30749 https://nvd.nist.gov/vuln/detail/CVE-2021-30749 [ 28 ] CVE-2021-30849 https://nvd.nist.gov/vuln/detail/CVE-2021-30849 [ 29 ] CVE-2021-1826 https://nvd.nist.gov/vuln/detail/CVE-2021-1826 [ 30 ] CVE-2021-30836 https://nvd.nist.gov/vuln/detail/CVE-2021-30836 [ 31 ] CVE-2021-30954 https://nvd.nist.gov/vuln/detail/CVE-2021-30954 [ 32 ] CVE-2021-30984 https://nvd.nist.gov/vuln/detail/CVE-2021-30984 [ 33 ] CVE-2021-30851 https://nvd.nist.gov/vuln/detail/CVE-2021-30851 [ 34 ] CVE-2021-30758 https://nvd.nist.gov/vuln/detail/CVE-2021-30758 [ 35 ] CVE-2021-42762 https://nvd.nist.gov/vuln/detail/CVE-2021-42762 [ 36 ] CVE-2021-1844 https://nvd.nist.gov/vuln/detail/CVE-2021-1844 [ 37 ] CVE-2021-30689 https://nvd.nist.gov/vuln/detail/CVE-2021-30689 [ 38 ] CVE-2021-45482 https://nvd.nist.gov/vuln/detail/CVE-2021-45482 [ 39 ] CVE-2021-30858 https://nvd.nist.gov/vuln/detail/CVE-2021-30858 [ 40 ] CVE-2021-21779 https://nvd.nist.gov/vuln/detail/CVE-2021-21779 [ 41 ] WSA-2021-0004 https://webkitgtk.org/security/WSA-2021-0004.html [ 42 ] CVE-2021-30846 https://nvd.nist.gov/vuln/detail/CVE-2021-30846 [ 43 ] CVE-2021-30744 https://nvd.nist.gov/vuln/detail/CVE-2021-30744 [ 44 ] CVE-2021-30809 https://nvd.nist.gov/vuln/detail/CVE-2021-30809 [ 45 ] CVE-2021-30884 https://nvd.nist.gov/vuln/detail/CVE-2021-30884 [ 46 ] CVE-2021-30720 https://nvd.nist.gov/vuln/detail/CVE-2021-30720 [ 47 ] CVE-2021-30799 https://nvd.nist.gov/vuln/detail/CVE-2021-30799 [ 48 ] CVE-2021-30795 https://nvd.nist.gov/vuln/detail/CVE-2021-30795 [ 49 ] CVE-2021-1817 https://nvd.nist.gov/vuln/detail/CVE-2021-1817 [ 50 ] CVE-2021-21775 https://nvd.nist.gov/vuln/detail/CVE-2021-21775 [ 51 ] CVE-2021-30887 https://nvd.nist.gov/vuln/detail/CVE-2021-30887 [ 52 ] CVE-2021-21806 https://nvd.nist.gov/vuln/detail/CVE-2021-21806 [ 53 ] CVE-2021-30818 https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-2172",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.8"
},
{
"model": "iphone os",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "ipados",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "13.1"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.5.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.8"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "11.6"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021227"
},
{
"db": "NVD",
"id": "CVE-2021-30858"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "164246"
},
{
"db": "PACKETSTORM",
"id": "164196"
},
{
"db": "PACKETSTORM",
"id": "164194"
},
{
"db": "PACKETSTORM",
"id": "164277"
}
],
"trust": 0.4
},
"cve": "CVE-2021-30858",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-30858",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-390591",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-30858",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-30858",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-30858",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-30858",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-1951",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-390591",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-30858",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390591"
},
{
"db": "VULMON",
"id": "CVE-2021-30858"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021227"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1951"
},
{
"db": "NVD",
"id": "CVE-2021-30858"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. apple\u0027s iPadOS Products from multiple vendors, including Microsoft, contain freed memory usage vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. \n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 2.32.4-1~deb10u1. \n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 2.32.4-1~deb11u1. \n\nWe recommend that you upgrade your webkit2gtk packages. ==========================================================================\nUbuntu Security Notice USN-5087-1\nSeptember 22, 2021\n\nwebkit2gtk vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n libjavascriptcoregtk-4.0-18 2.32.4-0ubuntu0.21.04.1\n libwebkit2gtk-4.0-37 2.32.4-0ubuntu0.21.04.1\n\nUbuntu 20.04 LTS:\n libjavascriptcoregtk-4.0-18 2.32.4-0ubuntu0.20.04.1\n libwebkit2gtk-4.0-37 2.32.4-0ubuntu0.20.04.1\n\nUbuntu 18.04 LTS:\n libjavascriptcoregtk-4.0-18 2.32.4-0ubuntu0.18.04.1\n libwebkit2gtk-4.0-37 2.32.4-0ubuntu0.18.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK, such as Epiphany, to make all the necessary changes. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212804. \nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2021-30860: The Citizen Lab\n\nCUPS\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A permissions issue existed. \nCVE-2021-30827: an anonymous researcher\nEntry added September 20, 2021\n\nCUPS\nAvailable for: macOS Big Sur\nImpact: A local user may be able to read arbitrary files as root\nDescription: This issue was addressed with improved checks. \nCVE-2021-30828: an anonymous researcher\nEntry added September 20, 2021\n\nCUPS\nAvailable for: macOS Big Sur\nImpact: A local user may be able to execute arbitrary files\nDescription: A URI parsing issue was addressed with improved parsing. \nCVE-2021-30829: an anonymous researcher\nEntry added September 20, 2021\n\ncurl\nAvailable for: macOS Big Sur\nImpact: curl could potentially reveal sensitive internal information\nto the server using a clear-text network protocol\nDescription: A buffer overflow was addressed with improved input\nvalidation. \nCVE-2021-22925\nEntry added September 20, 2021\n\nCVMS\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro\nEntry added September 20, 2021\n\nFontParser\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted dfont file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab\nEntry added September 20, 2021\n\nGatekeeper\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved checks. \nCVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc. \nCVE-2021-30847: Mike Zhang of Pangu Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30830: Zweig of Kunlun Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30865: Zweig of Kunlun Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2021-30857: Zweig of Kunlun Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-30859: Apple\nEntry added September 20, 2021\n\nlibexpat\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed by updating expat to version\n2.4.1. \nCVE-2013-0340: an anonymous researcher\nEntry added September 20, 2021\n\nPreferences\nAvailable for: macOS Big Sur\nImpact: An application may be able to access restricted files\nDescription: A validation issue existed in the handling of symlinks. \nCVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\nEntry added September 20, 2021\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: A user may gain access to protected parts of the file system\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2021-30850: an anonymous researcher\nEntry added September 20, 2021\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs\nEntry added September 20, 2021\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to leak memory\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30858: an anonymous researcher\n\nAdditional recognition\n\nAPFS\nWe would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc. \nfor their assistance. \nEntry added September 20, 2021\n\nApp Support\nWe would like to acknowledge @CodeColorist, an anonymous researcher\nfor their assistance. \nEntry added September 20, 2021\n\nCoreML\nWe would like to acknowledge hjy79425575 working with Trend Micro\nZero Day Initiative for their assistance. \nEntry added September 20, 2021\n\nCUPS\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added September 20, 2021\n\nKernel\nWe would like to acknowledge Anthony Steinhauser of Google\u0027s Safeside\nproject for their assistance. \nEntry added September 20, 2021\n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \nEntry added September 20, 2021\n\nsmbx\nWe would like to acknowledge Zhongcheng Li (CK01) for their\nassistance. \nEntry added September 20, 2021\n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p\nrhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY\neJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B\n+CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4\n5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv\n4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD\nt6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn\nbwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu\nR7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC\nNlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9\n4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3\n85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw=\n=9bjT\n-----END PGP SIGNATURE-----\n\n\n\n. \nCVE-2021-30869: Erye Hernandez of Google Threat Analysis Group,\nCl\u00e9ment Lecigne of Google Threat Analysis Group, and Ian Beer of\nGoogle Project Zero\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. 8.1) - aarch64, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: webkitgtk4 security update\nAdvisory ID: RHSA-2022:0059-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0059\nIssue date: 2022-01-11\nCVE Names: CVE-2021-30858\n====================================================================\n1. Summary:\n\nAn update for webkitgtk4 is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch\n\n3. Description:\n\nWebKitGTK is the port of the portable web rendering engine WebKit to the\nGTK platform. \n\nSecurity Fix(es):\n\n* webkitgtk: Use-after-free leading to arbitrary code execution\n(CVE-2021-30858)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nwebkitgtk4-2.28.2-3.el7.src.rpm\n\nx86_64:\nwebkitgtk4-2.28.2-3.el7.i686.rpm\nwebkitgtk4-2.28.2-3.el7.x86_64.rpm\nwebkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm\nwebkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm\nwebkitgtk4-jsc-2.28.2-3.el7.i686.rpm\nwebkitgtk4-jsc-2.28.2-3.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nwebkitgtk4-doc-2.28.2-3.el7.noarch.rpm\n\nx86_64:\nwebkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm\nwebkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm\nwebkitgtk4-devel-2.28.2-3.el7.i686.rpm\nwebkitgtk4-devel-2.28.2-3.el7.x86_64.rpm\nwebkitgtk4-jsc-devel-2.28.2-3.el7.i686.rpm\nwebkitgtk4-jsc-devel-2.28.2-3.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nwebkitgtk4-2.28.2-3.el7.src.rpm\n\nx86_64:\nwebkitgtk4-2.28.2-3.el7.i686.rpm\nwebkitgtk4-2.28.2-3.el7.x86_64.rpm\nwebkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm\nwebkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm\nwebkitgtk4-jsc-2.28.2-3.el7.i686.rpm\nwebkitgtk4-jsc-2.28.2-3.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nwebkitgtk4-doc-2.28.2-3.el7.noarch.rpm\n\nx86_64:\nwebkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm\nwebkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm\nwebkitgtk4-devel-2.28.2-3.el7.i686.rpm\nwebkitgtk4-devel-2.28.2-3.el7.x86_64.rpm\nwebkitgtk4-jsc-devel-2.28.2-3.el7.i686.rpm\nwebkitgtk4-jsc-devel-2.28.2-3.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nwebkitgtk4-2.28.2-3.el7.src.rpm\n\nppc64:\nwebkitgtk4-2.28.2-3.el7.ppc.rpm\nwebkitgtk4-2.28.2-3.el7.ppc64.rpm\nwebkitgtk4-debuginfo-2.28.2-3.el7.ppc.rpm\nwebkitgtk4-debuginfo-2.28.2-3.el7.ppc64.rpm\nwebkitgtk4-jsc-2.28.2-3.el7.ppc.rpm\nwebkitgtk4-jsc-2.28.2-3.el7.ppc64.rpm\n\nppc64le:\nwebkitgtk4-2.28.2-3.el7.ppc64le.rpm\nwebkitgtk4-debuginfo-2.28.2-3.el7.ppc64le.rpm\nwebkitgtk4-devel-2.28.2-3.el7.ppc64le.rpm\nwebkitgtk4-jsc-2.28.2-3.el7.ppc64le.rpm\nwebkitgtk4-jsc-devel-2.28.2-3.el7.ppc64le.rpm\n\ns390x:\nwebkitgtk4-2.28.2-3.el7.s390.rpm\nwebkitgtk4-2.28.2-3.el7.s390x.rpm\nwebkitgtk4-debuginfo-2.28.2-3.el7.s390.rpm\nwebkitgtk4-debuginfo-2.28.2-3.el7.s390x.rpm\nwebkitgtk4-jsc-2.28.2-3.el7.s390.rpm\nwebkitgtk4-jsc-2.28.2-3.el7.s390x.rpm\n\nx86_64:\nwebkitgtk4-2.28.2-3.el7.i686.rpm\nwebkitgtk4-2.28.2-3.el7.x86_64.rpm\nwebkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm\nwebkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm\nwebkitgtk4-devel-2.28.2-3.el7.i686.rpm\nwebkitgtk4-devel-2.28.2-3.el7.x86_64.rpm\nwebkitgtk4-jsc-2.28.2-3.el7.i686.rpm\nwebkitgtk4-jsc-2.28.2-3.el7.x86_64.rpm\nwebkitgtk4-jsc-devel-2.28.2-3.el7.i686.rpm\nwebkitgtk4-jsc-devel-2.28.2-3.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\nwebkitgtk4-doc-2.28.2-3.el7.noarch.rpm\n\nppc64:\nwebkitgtk4-debuginfo-2.28.2-3.el7.ppc.rpm\nwebkitgtk4-debuginfo-2.28.2-3.el7.ppc64.rpm\nwebkitgtk4-devel-2.28.2-3.el7.ppc.rpm\nwebkitgtk4-devel-2.28.2-3.el7.ppc64.rpm\nwebkitgtk4-jsc-devel-2.28.2-3.el7.ppc.rpm\nwebkitgtk4-jsc-devel-2.28.2-3.el7.ppc64.rpm\n\ns390x:\nwebkitgtk4-debuginfo-2.28.2-3.el7.s390.rpm\nwebkitgtk4-debuginfo-2.28.2-3.el7.s390x.rpm\nwebkitgtk4-devel-2.28.2-3.el7.s390.rpm\nwebkitgtk4-devel-2.28.2-3.el7.s390x.rpm\nwebkitgtk4-jsc-devel-2.28.2-3.el7.s390.rpm\nwebkitgtk4-jsc-devel-2.28.2-3.el7.s390x.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nwebkitgtk4-2.28.2-3.el7.src.rpm\n\nx86_64:\nwebkitgtk4-2.28.2-3.el7.i686.rpm\nwebkitgtk4-2.28.2-3.el7.x86_64.rpm\nwebkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm\nwebkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm\nwebkitgtk4-devel-2.28.2-3.el7.i686.rpm\nwebkitgtk4-devel-2.28.2-3.el7.x86_64.rpm\nwebkitgtk4-jsc-2.28.2-3.el7.i686.rpm\nwebkitgtk4-jsc-2.28.2-3.el7.x86_64.rpm\nwebkitgtk4-jsc-devel-2.28.2-3.el7.i686.rpm\nwebkitgtk4-jsc-devel-2.28.2-3.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\nwebkitgtk4-doc-2.28.2-3.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-30858\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYd37ddzjgjWX9erEAQjIBw//X0CWLozcqp62pyxvvZD/fpR7OK8ux/kO\njIhtCKZdBwK8SaLcLRvFrNvOb/qY3AZa/XbPQjzaKztuWplxDU2LZBz74mngWEW0\nr43dWUacOBZq0mbNek5WiInippBLDVDlDzg8X6qwTpH6Z9EqY6EtX9ZzrXtwOthI\nalOkbYIVJg/4Wkrp8gXyupgT934OyEQfZkrR1SUbxlhKjdfFx7vgeqz3+G7odT75\n90MTCo0Vo6XgDOS7j5xjrwQU05vtgvRJH8/OMauSyAzYQ+qPvwJP76CGC7SphGhR\nLzUWlk5MaCiAGalb9FFK8A4cx8dUv0VAVOP74IZs6IUjpjz4FzSmpnAfZk1xLgyQ\nSJ7NS1pH2zED20eo5qgSMDvfsPw9igD0DwN29cyPi9IVbLIFjdB4+42yCK6WKOyu\nl31tVQBHQAbOf7ArUQQdoA7pEGzibEdy3brUbQu4Bv4LCMB2zJpLOFxTzEdp0xyz\nRYAxA+A8+1brMlvGh8v4wmfAxTvWXuecCnG/ilyXOq1FFQq86CBmj9Da9jLB1VuP\nS9xKEazAcAdrxivE53wQfUt7HurjJgtjTvUCtDPCiNYZ3617vgd29ep0PtN2EAIe\nADXxd0twQIQA84Cjx5TGJgrWoU/dNLFvJFQ72Wkk5Qc0R2ZEnvBYN8ylDPTDLW0s\nSM2WAjGpY2M=kSrx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202202-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: February 01, 2022\n Bugs: #779175, #801400, #813489, #819522, #820434, #829723,\n #831739\n ID: 202202-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.34.4 \u003e= 2.34.4\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in WebkitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nAn attacker, by enticing a user to visit maliciously crafted web\ncontent, may be able to execute arbitrary code, violate iframe\nsandboxing policy, access restricted ports on arbitrary servers, cause\nmemory corruption, or could cause a Denial of Service condition. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.34.4\"\n\nReferences\n=========\n[ 1 ] CVE-2021-30848\n https://nvd.nist.gov/vuln/detail/CVE-2021-30848\n[ 2 ] CVE-2021-30888\n https://nvd.nist.gov/vuln/detail/CVE-2021-30888\n[ 3 ] CVE-2021-30682\n https://nvd.nist.gov/vuln/detail/CVE-2021-30682\n[ 4 ] CVE-2021-30889\n https://nvd.nist.gov/vuln/detail/CVE-2021-30889\n[ 5 ] CVE-2021-30666\n https://nvd.nist.gov/vuln/detail/CVE-2021-30666\n[ 6 ] CVE-2021-30665\n https://nvd.nist.gov/vuln/detail/CVE-2021-30665\n[ 7 ] CVE-2021-30890\n https://nvd.nist.gov/vuln/detail/CVE-2021-30890\n[ 8 ] CVE-2021-30661\n https://nvd.nist.gov/vuln/detail/CVE-2021-30661\n[ 9 ] WSA-2021-0005\n https://webkitgtk.org/security/WSA-2021-0005.html\n[ 10 ] CVE-2021-30761\n https://nvd.nist.gov/vuln/detail/CVE-2021-30761\n[ 11 ] CVE-2021-30897\n https://nvd.nist.gov/vuln/detail/CVE-2021-30897\n[ 12 ] CVE-2021-30823\n https://nvd.nist.gov/vuln/detail/CVE-2021-30823\n[ 13 ] CVE-2021-30734\n https://nvd.nist.gov/vuln/detail/CVE-2021-30734\n[ 14 ] CVE-2021-30934\n https://nvd.nist.gov/vuln/detail/CVE-2021-30934\n[ 15 ] CVE-2021-1871\n https://nvd.nist.gov/vuln/detail/CVE-2021-1871\n[ 16 ] CVE-2021-30762\n https://nvd.nist.gov/vuln/detail/CVE-2021-30762\n[ 17 ] WSA-2021-0006\n https://webkitgtk.org/security/WSA-2021-0006.html\n[ 18 ] CVE-2021-30797\n https://nvd.nist.gov/vuln/detail/CVE-2021-30797\n[ 19 ] CVE-2021-30936\n https://nvd.nist.gov/vuln/detail/CVE-2021-30936\n[ 20 ] CVE-2021-30663\n https://nvd.nist.gov/vuln/detail/CVE-2021-30663\n[ 21 ] CVE-2021-1825\n https://nvd.nist.gov/vuln/detail/CVE-2021-1825\n[ 22 ] CVE-2021-30951\n https://nvd.nist.gov/vuln/detail/CVE-2021-30951\n[ 23 ] CVE-2021-30952\n https://nvd.nist.gov/vuln/detail/CVE-2021-30952\n[ 24 ] CVE-2021-1788\n https://nvd.nist.gov/vuln/detail/CVE-2021-1788\n[ 25 ] CVE-2021-1820\n https://nvd.nist.gov/vuln/detail/CVE-2021-1820\n[ 26 ] CVE-2021-30953\n https://nvd.nist.gov/vuln/detail/CVE-2021-30953\n[ 27 ] CVE-2021-30749\n https://nvd.nist.gov/vuln/detail/CVE-2021-30749\n[ 28 ] CVE-2021-30849\n https://nvd.nist.gov/vuln/detail/CVE-2021-30849\n[ 29 ] CVE-2021-1826\n https://nvd.nist.gov/vuln/detail/CVE-2021-1826\n[ 30 ] CVE-2021-30836\n https://nvd.nist.gov/vuln/detail/CVE-2021-30836\n[ 31 ] CVE-2021-30954\n https://nvd.nist.gov/vuln/detail/CVE-2021-30954\n[ 32 ] CVE-2021-30984\n https://nvd.nist.gov/vuln/detail/CVE-2021-30984\n[ 33 ] CVE-2021-30851\n https://nvd.nist.gov/vuln/detail/CVE-2021-30851\n[ 34 ] CVE-2021-30758\n https://nvd.nist.gov/vuln/detail/CVE-2021-30758\n[ 35 ] CVE-2021-42762\n https://nvd.nist.gov/vuln/detail/CVE-2021-42762\n[ 36 ] CVE-2021-1844\n https://nvd.nist.gov/vuln/detail/CVE-2021-1844\n[ 37 ] CVE-2021-30689\n https://nvd.nist.gov/vuln/detail/CVE-2021-30689\n[ 38 ] CVE-2021-45482\n https://nvd.nist.gov/vuln/detail/CVE-2021-45482\n[ 39 ] CVE-2021-30858\n https://nvd.nist.gov/vuln/detail/CVE-2021-30858\n[ 40 ] CVE-2021-21779\n https://nvd.nist.gov/vuln/detail/CVE-2021-21779\n[ 41 ] WSA-2021-0004\n https://webkitgtk.org/security/WSA-2021-0004.html\n[ 42 ] CVE-2021-30846\n https://nvd.nist.gov/vuln/detail/CVE-2021-30846\n[ 43 ] CVE-2021-30744\n https://nvd.nist.gov/vuln/detail/CVE-2021-30744\n[ 44 ] CVE-2021-30809\n https://nvd.nist.gov/vuln/detail/CVE-2021-30809\n[ 45 ] CVE-2021-30884\n https://nvd.nist.gov/vuln/detail/CVE-2021-30884\n[ 46 ] CVE-2021-30720\n https://nvd.nist.gov/vuln/detail/CVE-2021-30720\n[ 47 ] CVE-2021-30799\n https://nvd.nist.gov/vuln/detail/CVE-2021-30799\n[ 48 ] CVE-2021-30795\n https://nvd.nist.gov/vuln/detail/CVE-2021-30795\n[ 49 ] CVE-2021-1817\n https://nvd.nist.gov/vuln/detail/CVE-2021-1817\n[ 50 ] CVE-2021-21775\n https://nvd.nist.gov/vuln/detail/CVE-2021-21775\n[ 51 ] CVE-2021-30887\n https://nvd.nist.gov/vuln/detail/CVE-2021-30887\n[ 52 ] CVE-2021-21806\n https://nvd.nist.gov/vuln/detail/CVE-2021-21806\n[ 53 ] CVE-2021-30818\n https://nvd.nist.gov/vuln/detail/CVE-2021-30818\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202202-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-30858"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021227"
},
{
"db": "VULHUB",
"id": "VHN-390591"
},
{
"db": "VULMON",
"id": "CVE-2021-30858"
},
{
"db": "PACKETSTORM",
"id": "169119"
},
{
"db": "PACKETSTORM",
"id": "164262"
},
{
"db": "PACKETSTORM",
"id": "164246"
},
{
"db": "PACKETSTORM",
"id": "164196"
},
{
"db": "PACKETSTORM",
"id": "164194"
},
{
"db": "PACKETSTORM",
"id": "164277"
},
{
"db": "PACKETSTORM",
"id": "164982"
},
{
"db": "PACKETSTORM",
"id": "165517"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "165524"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-30858",
"trust": 4.4
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/09/20/1",
"trust": 2.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/10/27/4",
"trust": 2.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/10/27/2",
"trust": 2.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/10/26/9",
"trust": 2.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/10/27/1",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "165524",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "164982",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021227",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "164748",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164262",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164277",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021092018",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011153",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021111716",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092803",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011401",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021091322",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092317",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021110314",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021100415",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164201",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164242",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3103",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3333",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3161",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3400",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3654",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3212",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0100",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3914",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3198",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0382",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1951",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "165517",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-390591",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-30858",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169119",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164246",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164196",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164194",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165794",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390591"
},
{
"db": "VULMON",
"id": "CVE-2021-30858"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021227"
},
{
"db": "PACKETSTORM",
"id": "169119"
},
{
"db": "PACKETSTORM",
"id": "164262"
},
{
"db": "PACKETSTORM",
"id": "164246"
},
{
"db": "PACKETSTORM",
"id": "164196"
},
{
"db": "PACKETSTORM",
"id": "164194"
},
{
"db": "PACKETSTORM",
"id": "164277"
},
{
"db": "PACKETSTORM",
"id": "164982"
},
{
"db": "PACKETSTORM",
"id": "165517"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "165524"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1951"
},
{
"db": "NVD",
"id": "CVE-2021-30858"
}
]
},
"id": "VAR-202108-2172",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-390591"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T20:11:22.531000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212807 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://www.debian.org/security/2021/dsa-4975"
},
{
"title": "Apple macOS Big Sur Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=162838"
},
{
"title": "Debian Security Advisories: DSA-4975-1 webkit2gtk -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5db54186925e9bf1d208a2b11e299b67"
},
{
"title": "Debian Security Advisories: DSA-4976-1 wpewebkit -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5da73458bc4c1bfc6b9037e64c70793c"
},
{
"title": "Red Hat: CVE-2021-30858",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-30858"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1747",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1747"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-30858 log"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-015"
},
{
"title": "CVE-202130858 (Intended for testing on an Apple iOS device or a Sony Playstation 4 of any flavor)",
"trust": 0.1,
"url": "https://github.com/FitTerminator/CVE-202130858 "
},
{
"title": "CVEREV3",
"trust": 0.1,
"url": "https://github.com/KameleonReloaded/CVEREV3 "
},
{
"title": "CVE-202130858 (Intended for testing on an Apple iOS device or a Sony Playstation 4 of any flavor)",
"trust": 0.1,
"url": "https://github.com/FitTerminator/PS4-CVE-202130858 "
},
{
"title": "PS4CVE202130858",
"trust": 0.1,
"url": "https://github.com/Nazky/PS4CVE202130858 "
},
{
"title": "https://github.com/ChendoChap/PS5-Webkit-Execution",
"trust": 0.1,
"url": "https://github.com/ChendoChap/PS5-Webkit-Execution "
},
{
"title": "NIST Bulk CVE Lookup by Jay Chen\nSample output",
"trust": 0.1,
"url": "https://github.com/jaychen2/NIST-BULK-CVE-Lookup "
},
{
"title": "Known Exploited Vulnerabilities Detector",
"trust": 0.1,
"url": "https://github.com/Ostorlab/KEV "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/apple-patches-zero-days-attack/174988/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2021/09/13/apple_ios_macos_security_fixes/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-30858"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021227"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1951"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390591"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021227"
},
{
"db": "NVD",
"id": "CVE-2021-30858"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2021/sep/25"
},
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2021/sep/27"
},
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2021/sep/29"
},
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2021/sep/38"
},
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2021/sep/39"
},
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2021/sep/50"
},
{
"trust": 2.6,
"url": "http://www.openwall.com/lists/oss-security/2021/09/20/1"
},
{
"trust": 2.6,
"url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
},
{
"trust": 2.6,
"url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
},
{
"trust": 2.6,
"url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
},
{
"trust": 2.6,
"url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
},
{
"trust": 2.4,
"url": "https://support.apple.com/en-us/ht212804"
},
{
"trust": 1.9,
"url": "https://www.debian.org/security/2021/dsa-4975"
},
{
"trust": 1.9,
"url": "https://support.apple.com/en-us/ht212807"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht212824"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2021/dsa-4976"
},
{
"trust": 1.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bo6dmthzr57jdboxpsnr2mkdmcrwv265/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xynv7ask4lqvaumjxnxbs3z7rvdq2n3w/"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-30858"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bo6dmthzr57jdboxpsnr2mkdmcrwv265/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xynv7ask4lqvaumjxnxbs3z7rvdq2n3w/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0100"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0382"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021111716"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021091322"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkitgtk-wpe-webkit-multiple-vulnerabilities-36750"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011401"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3198"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3654"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-two-vulnerabilities-36384"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092803"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3212"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3333"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164242/apple-security-advisory-2021-09-20-6.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164262/ubuntu-security-notice-usn-5087-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164277/apple-security-advisory-2021-09-23-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164982/red-hat-security-advisory-2021-4686-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3914"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164201/apple-security-advisory-2021-09-13-5.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht212824"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021110314"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092317"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092018"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021100415"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3103"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3400"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164748/red-hat-security-advisory-2021-4097-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011153"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165524/red-hat-security-advisory-2022-0075-03.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3161"
},
{
"trust": 0.4,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.4,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30860"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht212804."
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://github.com/fitterminator/cve-202130858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2022-1747.html"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/webkit2gtk"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5087-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.32.4-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.32.4-0ubuntu0.21.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.32.4-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30830"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30828"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0340"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30855"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30843"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30844"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30859"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30829"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30853"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30857"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30850"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30865"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30847"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30827"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212807."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30869"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212824."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30851"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30952"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0005.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30936"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30954"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30890"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30758"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30818"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21779"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202202-01"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45482"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1871"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30809"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30795"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30661"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30666"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30689"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30951"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0004.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30888"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0006.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30836"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0075"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390591"
},
{
"db": "VULMON",
"id": "CVE-2021-30858"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021227"
},
{
"db": "PACKETSTORM",
"id": "169119"
},
{
"db": "PACKETSTORM",
"id": "164262"
},
{
"db": "PACKETSTORM",
"id": "164246"
},
{
"db": "PACKETSTORM",
"id": "164196"
},
{
"db": "PACKETSTORM",
"id": "164194"
},
{
"db": "PACKETSTORM",
"id": "164277"
},
{
"db": "PACKETSTORM",
"id": "164982"
},
{
"db": "PACKETSTORM",
"id": "165517"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "165524"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1951"
},
{
"db": "NVD",
"id": "CVE-2021-30858"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-390591"
},
{
"db": "VULMON",
"id": "CVE-2021-30858"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021227"
},
{
"db": "PACKETSTORM",
"id": "169119"
},
{
"db": "PACKETSTORM",
"id": "164262"
},
{
"db": "PACKETSTORM",
"id": "164246"
},
{
"db": "PACKETSTORM",
"id": "164196"
},
{
"db": "PACKETSTORM",
"id": "164194"
},
{
"db": "PACKETSTORM",
"id": "164277"
},
{
"db": "PACKETSTORM",
"id": "164982"
},
{
"db": "PACKETSTORM",
"id": "165517"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "165524"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1951"
},
{
"db": "NVD",
"id": "CVE-2021-30858"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-390591"
},
{
"date": "2021-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30858"
},
{
"date": "2024-07-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-021227"
},
{
"date": "2021-09-28T19:12:00",
"db": "PACKETSTORM",
"id": "169119"
},
{
"date": "2021-09-23T15:31:26",
"db": "PACKETSTORM",
"id": "164262"
},
{
"date": "2021-09-22T16:33:18",
"db": "PACKETSTORM",
"id": "164246"
},
{
"date": "2021-09-19T14:22:22",
"db": "PACKETSTORM",
"id": "164196"
},
{
"date": "2021-09-18T13:22:22",
"db": "PACKETSTORM",
"id": "164194"
},
{
"date": "2021-09-24T15:40:03",
"db": "PACKETSTORM",
"id": "164277"
},
{
"date": "2021-11-16T15:35:40",
"db": "PACKETSTORM",
"id": "164982"
},
{
"date": "2022-01-12T15:37:03",
"db": "PACKETSTORM",
"id": "165517"
},
{
"date": "2022-02-01T17:03:05",
"db": "PACKETSTORM",
"id": "165794"
},
{
"date": "2022-01-12T15:38:19",
"db": "PACKETSTORM",
"id": "165524"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1951"
},
{
"date": "2021-08-24T19:15:14.253000",
"db": "NVD",
"id": "CVE-2021-30858"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-390591"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30858"
},
{
"date": "2024-07-19T07:27:00",
"db": "JVNDB",
"id": "JVNDB-2021-021227"
},
{
"date": "2022-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1951"
},
{
"date": "2024-07-29T18:30:12.843000",
"db": "NVD",
"id": "CVE-2021-30858"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "164262"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1951"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0iPadOS\u00a0 Vulnerability related to use of freed memory in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021227"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1951"
}
],
"trust": 0.6
}
}
var-202205-0527
Vulnerability from variot
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. vim/vim for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Unfortunately that update failed to include binary packages for some architectures. This update fixes that regression.
We apologize for the inconvenience. This issue affected only Ubuntu 22.04 LTS. ========================================================================== Ubuntu Security Notice USN-5460-1 June 06, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0943)
It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1616)
It was discovered that Vim was not properly processing latin1 data when issuing Ex commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1619)
It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers, which could cause a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-1620)
It was discovered that Vim was not properly processing invalid bytes when performing spell check operations, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1621)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm6
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5460-1 CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0527",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4901"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010567"
},
{
"db": "NVD",
"id": "CVE-2022-1620"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 0.3
},
"cve": "CVE-2022-1620",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-1620",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-419733",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-1620",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1620",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-1620",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1620",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1620",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-1620",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2617",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-419733",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1620",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419733"
},
{
"db": "VULMON",
"id": "CVE-2022-1620"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010567"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2617"
},
{
"db": "NVD",
"id": "CVE-2022-1620"
},
{
"db": "NVD",
"id": "CVE-2022-1620"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. vim/vim for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Unfortunately that update failed\nto include binary packages for some architectures. This update fixes that\nregression. \n\nWe apologize for the inconvenience. This issue affected only Ubuntu 22.04 LTS. ==========================================================================\nUbuntu Security Notice USN-5460-1\nJune 06, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. \nAn attacker could possibly use this issue to perform illegal memory\naccess and expose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks\nfor column numbers when replacing tabs with spaces or spaces with\ntabs, which could cause a heap buffer overflow. An attacker could\npossibly use this issue to cause a denial of service or execute\narbitrary code. (CVE-2022-0572)\n\nIt was discovered that Vim was not properly performing validation of\ndata that contained special multi-byte characters, which could cause\nan out-of-bounds read. An attacker could possibly use this issue to\ncause a denial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to\ndefine indentation in a file, which could cause a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial\nof service. (CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds\nread. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2022-0729)\n\nIt was discovered that Vim was not properly performing bounds checks\nwhen executing spell suggestion commands, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-0943)\n\nIt was discovered that Vim was incorrectly performing bounds checks\nwhen processing invalid commands with composing characters in Ex\nmode, which could cause a buffer overflow. An attacker could possibly\nuse this issue to cause a denial of service or execute arbitrary\ncode. (CVE-2022-1616)\n\nIt was discovered that Vim was not properly processing latin1 data\nwhen issuing Ex commands, which could cause a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-1619)\n\nIt was discovered that Vim was not properly performing memory\nmanagement when dealing with invalid regular expression patterns in\nbuffers, which could cause a NULL pointer dereference. An attacker\ncould possibly use this issue to cause a denial of service. \n(CVE-2022-1620)\n\nIt was discovered that Vim was not properly processing invalid bytes\nwhen performing spell check operations, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-1621)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n vim 2:7.4.1689-3ubuntu1.5+esm6\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5460-1\n CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714,\n CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619,\n CVE-2022-1620, CVE-2022-1621\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1620"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010567"
},
{
"db": "VULHUB",
"id": "VHN-419733"
},
{
"db": "VULMON",
"id": "CVE-2022-1620"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1620",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "168420",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168395",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167419",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010567",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4617",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4641",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050911",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060635",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2617",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-419733",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1620",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419733"
},
{
"db": "VULMON",
"id": "CVE-2022-1620"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010567"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2617"
},
{
"db": "NVD",
"id": "CVE-2022-1620"
}
]
},
"id": "VAR-202205-0527",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-419733"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:50:35.034000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NULL\u00a0pointer\u00a0access\u00a0when\u00a0using\u00a0invalid\u00a0pattern Apple Apple\u00a0Security\u00a0Updates",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/"
},
{
"title": "Vim Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=193100"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1620"
},
{
"title": "Ubuntu Security Notice: USN-5613-2: Vim regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5613-2"
},
{
"title": "Ubuntu Security Notice: USN-5613-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5613-1"
},
{
"title": "Ubuntu Security Notice: USN-5460-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5460-1"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1620"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010567"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2617"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419733"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010567"
},
{
"db": "NVD",
"id": "CVE-2022-1620"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jun33257rum4rs2i4gzetkfsaxpetatg/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hip7kg7tvs5yf3qreay2gogut3yubzai/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/a6by5p7erzs7kxsbcgfcoxlmlgwuujih/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hip7kg7tvs5yf3qreay2gogut3yubzai/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/a6by5p7erzs7kxsbcgfcoxlmlgwuujih/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jun33257rum4rs2i4gzetkfsaxpetatg/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-1620"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050911"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4617"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-null-pointer-dereference-via-vim-regexec-string-38311"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167419/ubuntu-security-notice-usn-5460-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060635"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1620/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2791"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4641"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168395/ubuntu-security-notice-usn-5613-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168420/ubuntu-security-notice-usn-5613-2.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5613-2"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5613-1"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.8"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.9"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1989973"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5460-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419733"
},
{
"db": "VULMON",
"id": "CVE-2022-1620"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010567"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2617"
},
{
"db": "NVD",
"id": "CVE-2022-1620"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-419733"
},
{
"db": "VULMON",
"id": "CVE-2022-1620"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010567"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2617"
},
{
"db": "NVD",
"id": "CVE-2022-1620"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-419733"
},
{
"date": "2022-05-08T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1620"
},
{
"date": "2023-08-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010567"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-09-15T14:21:20",
"db": "PACKETSTORM",
"id": "168395"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-09-19T18:26:16",
"db": "PACKETSTORM",
"id": "168420"
},
{
"date": "2022-06-07T15:13:22",
"db": "PACKETSTORM",
"id": "167419"
},
{
"date": "2022-05-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2617"
},
{
"date": "2022-05-08T11:15:07.880000",
"db": "NVD",
"id": "CVE-2022-1620"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-419733"
},
{
"date": "2022-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1620"
},
{
"date": "2023-08-16T01:01:00",
"db": "JVNDB",
"id": "JVNDB-2022-010567"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2617"
},
{
"date": "2024-11-21T06:41:06.593000",
"db": "NVD",
"id": "CVE-2022-1620"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2617"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010567"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2617"
}
],
"trust": 0.6
}
}
var-202011-1361
Vulnerability from variot
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Intel(R) There are unspecified vulnerabilities in processor products.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: microcode_ctl security, bug fix and enhancement update Advisory ID: RHSA-2020:5183-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5183 Issue date: 2020-11-23 CVE Names: CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 =====================================================================
- Summary:
An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.3) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.3) - x86_64
- Description:
The microcode_ctl packages provide microcode updates for Intel.
Security Fix(es):
-
hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)
-
hw: Vector Register Leakage-Active (CVE-2020-8696)
-
hw: Fast forward store predictor (CVE-2020-8698)
Bug Fix(es) and Enhancement(s):
- Update Intel CPU microcode to microcode-20201112 release, addresses:
- Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;
- Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28;
- Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;
- Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;
- Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;
- Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;
- Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision 0xe0;
- Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;
- Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up to 0x2006a08;
- Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;
- Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde;
- Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up to 0xde;
- Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up to 0xe0;
- Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up to 0xde;
- Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from revision 0xd6 up to 0xde;
- Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up to 0xde;
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up to 0xde;
- Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up to 0xde;
- Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up to 0xde;
- Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up to 0xde;
- Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode from revision 0x43 up to 0x44;
- Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157 up to 0x1000159;
- Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01 up to 0x4003003;
- Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision 0x5002f01 up to 0x5003003;
- Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up to 0x40;
- Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up to 0x1e;
- Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up to 0x34;
- Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up to 0x18;
- Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78 up to 0xa0;
-
Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca up to 0xe0.
-
Disable 06-8c-01 (TGL-UP3/UP4 B1) microcode update by default.
-
Add README file to the documentation directory.
-
Add publicly-sourced codenames list to supply to gen_provides.sh; update the latter to handle the somewhat different format.
-
Add SUMMARY.intel-ucode file
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1828583 - CVE-2020-8695 hw: Information disclosure issue in Intel SGX via RAPL interface 1890355 - CVE-2020-8696 hw: Vector Register Leakage-Active 1890356 - CVE-2020-8698 hw: Fast forward store predictor
- Package List:
Red Hat Enterprise Linux Server AUS (v. 7.3):
Source: microcode_ctl-2.1-16.37.el7_3.src.rpm
x86_64: microcode_ctl-2.1-16.37.el7_3.x86_64.rpm microcode_ctl-debuginfo-2.1-16.37.el7_3.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.3):
Source: microcode_ctl-2.1-16.37.el7_3.src.rpm
x86_64: microcode_ctl-2.1-16.37.el7_3.x86_64.rpm microcode_ctl-debuginfo-2.1-16.37.el7_3.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.3):
Source: microcode_ctl-2.1-16.37.el7_3.src.rpm
x86_64: microcode_ctl-2.1-16.37.el7_3.x86_64.rpm microcode_ctl-debuginfo-2.1-16.37.el7_3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-8695 https://access.redhat.com/security/cve/CVE-2020-8696 https://access.redhat.com/security/cve/CVE-2020-8698 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX7v1LtzjgjWX9erEAQhhzBAAi0jG7U8W+Dm2A/Nq40aoLyRcGknttkV1 0wwy62OR4KUnqiP0gHB8Sjh6UpAPqhLNExc2+B8RyUB23yUe8/PRB1fUqpmf5150 mzwiORZfu572ao7GLskdc4SUydVSqY9QuTK7mTm+HGmOm2XQpics51xWjyfKM/TN 5lrrd3DXxTrXwsjva2tPJcCp9A1s3XAVjK16Fu+FcKvXsgxruUy41YxJMsY8Mxfj pPRzcXdMvPQYhvyv8y1KY2Mz5WMKdpOK83X6Y9iYL6d0g2UT1d3cw8AOHc6GYNFS MhLDUASoII2A4xWkXCOyaocrg58QFctEHGfnxwTU5ZGq/vfOduUSLE881thD+tqD qgQBaz0cp0tNr+nYXvhtyX9XE4ve/lszq5BxqnNF0xi9hP8T5DwZzXnhtZ+aZML2 3WlT3tqgkDE7hZqyqSG8Vd9ZLzVkjmnw7+tqRjIGvzN9eKQxLXg/fPkKeHGh+HOz y0zCBHlZKrKtz0lQHP48W9t6l0Rkh19hW1fIA46rW4C7erDcW78nBMJ2cTAxbBk1 ITTGOIHpUgn3882xKM/yAHUMK25Xkh2va/e8UpafYEazSM4H9T15N87UyCVneKdD s2N1tYHegx85eoOlt24Bw2RBPFHhFGWOtE0McQ09kyDKFyGJXUMqzPhBUvvJz8mE G3KPuKrDU0U= =Vap7 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4628-2 November 12, 2020
intel-microcode regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
Summary:
USN-4628-1 introduced a regression in the Intel Microcode for some processors. Unfortunately, that update prevented certain processors in the Intel Tiger Lake family from booting successfully. This update reverts the microcode update for the Tiger Lake processor family.
Please note that the 'dis_ucode_ldr' kernel command line option can be added in the boot menu to disable microcode loading for system recovery.
We apologize for the inconvenience.
Original advisory details:
Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit (RAPL) feature of some Intel processors allowed a side- channel attack based on power consumption measurements. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8695)
Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly remove sensitive information before storage or transfer in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8696)
Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly isolate shared resources in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8698)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: intel-microcode 3.20201110.0ubuntu0.20.10.2
Ubuntu 20.04 LTS: intel-microcode 3.20201110.0ubuntu0.20.04.2
Ubuntu 18.04 LTS: intel-microcode 3.20201110.0ubuntu0.18.04.2
Ubuntu 16.04 LTS: intel-microcode 3.20201110.0ubuntu0.16.04.2
Ubuntu 14.04 ESM: intel-microcode 3.20201110.0ubuntu0.14.04.2
After a standard system update you need to reboot your computer to make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1361",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic ipc477e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "21.01.15"
},
{
"model": "simatic field pg m6",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "hci storage node bios",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic ipc647e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "25.02.08"
},
{
"model": "simatic itp1000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "23.01.08"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "simatic field pg m5",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "22.01.08"
},
{
"model": "hci compute node bios",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic ipc847e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "25.02.08"
},
{
"model": "simatic ipc477e pro",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "21.01.15"
},
{
"model": "simatic ipc677e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "25.02.08"
},
{
"model": "simatic ipc427e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "21.01.15"
},
{
"model": "solidfire bios",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic ipc627e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "25.02.08"
},
{
"model": "microcode",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "hci compute node bios",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "solidfire bios",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "clustered data ontap",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "microcode",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "hci storage node bios",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013420"
},
{
"db": "NVD",
"id": "CVE-2020-8698"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:microcode:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3-1000g1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3-1000g4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3-1005g1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3-1110g4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3-1115g4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3-1120g4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3-1125g4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5-1030g4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5-1030g7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5-1035g1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5-1035g4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5-1035g7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5-1130g7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5-1135g7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7-1060g7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7-1065g7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7-1160g7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7-1165g7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7-1185g7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:microcode:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3-1000g1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3-1000g4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3-1005g1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3-1110g4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3-1115g4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3-1120g4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i3-1125g4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5-1030g4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5-1030g7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5-1035g1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5-1035g4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5-1035g7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5-1130g7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i5-1135g7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7-1060g7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7-1065g7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7-1160g7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7-1165g7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:intel:core_i7-1185g7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:hci_compute_node_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:hci_compute_node_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:hci_storage_node_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:hci_storage_node_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:solidfire_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:solidfire_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netapp:solidfire:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.01.08",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.01.08",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.01.15",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.01.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.01.15",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.01.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.01.15",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc477e_pro_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.01.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc477e_pro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "25.02.08",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "25.02.08",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "25.02.08",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "25.02.08",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "25.02.08",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "25.02.08",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "25.02.08",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "25.02.08",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "23.01.08",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "23.01.08",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8698"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "160018"
},
{
"db": "PACKETSTORM",
"id": "160035"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1657"
}
],
"trust": 0.8
},
"cve": "CVE-2020-8698",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8698",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.9,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-8698",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-8698",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-8698",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1657",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-8698",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8698"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013420"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1657"
},
{
"db": "NVD",
"id": "CVE-2020-8698"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Intel(R) There are unspecified vulnerabilities in processor products.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: microcode_ctl security, bug fix and enhancement update\nAdvisory ID: RHSA-2020:5183-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:5183\nIssue date: 2020-11-23\nCVE Names: CVE-2020-8695 CVE-2020-8696 CVE-2020-8698 \n=====================================================================\n\n1. Summary:\n\nAn update for microcode_ctl is now available for Red Hat Enterprise Linux\n7.3 Advanced Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server AUS (v. 7.3) - x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.3) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.3) - x86_64\n\n3. Description:\n\nThe microcode_ctl packages provide microcode updates for Intel. \n\nSecurity Fix(es):\n\n* hw: Information disclosure issue in Intel SGX via RAPL interface\n(CVE-2020-8695)\n\n* hw: Vector Register Leakage-Active (CVE-2020-8696)\n\n* hw: Fast forward store predictor (CVE-2020-8698)\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20201112 release, addresses:\n - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n - Addition of 06-8a-01/0x10 (LKF B2/B3) microcode at revision 0x28;\n - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n 0xe0;\n - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n to 0x2006a08;\n - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n to 0xde;\n - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n to 0xde;\n - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n to 0xe0;\n - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n to 0xde;\n - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n revision 0xd6 up to 0xde;\n - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n to 0xde;\n - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n to 0xde;\n - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n to 0xde;\n - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n to 0xde;\n - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n to 0xde;\n - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n from revision 0x43 up to 0x44;\n - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n up to 0x1000159;\n - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n up to 0x4003003;\n - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n 0x5002f01 up to 0x5003003;\n - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n to 0x40;\n - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n to 0x1e;\n - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x32 up\n to 0x34;\n - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n to 0x18;\n - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n up to 0xa0;\n - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n up to 0xe0. \n\n* Disable 06-8c-01 (TGL-UP3/UP4 B1) microcode update by default. \n\n* Add README file to the documentation directory. \n\n* Add publicly-sourced codenames list to supply to gen_provides.sh; update\n the latter to handle the somewhat different format. \n\n* Add SUMMARY.intel-ucode file\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1828583 - CVE-2020-8695 hw: Information disclosure issue in Intel SGX via RAPL interface\n1890355 - CVE-2020-8696 hw: Vector Register Leakage-Active\n1890356 - CVE-2020-8698 hw: Fast forward store predictor\n\n6. Package List:\n\nRed Hat Enterprise Linux Server AUS (v. 7.3):\n\nSource:\nmicrocode_ctl-2.1-16.37.el7_3.src.rpm\n\nx86_64:\nmicrocode_ctl-2.1-16.37.el7_3.x86_64.rpm\nmicrocode_ctl-debuginfo-2.1-16.37.el7_3.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.3):\n\nSource:\nmicrocode_ctl-2.1-16.37.el7_3.src.rpm\n\nx86_64:\nmicrocode_ctl-2.1-16.37.el7_3.x86_64.rpm\nmicrocode_ctl-debuginfo-2.1-16.37.el7_3.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.3):\n\nSource:\nmicrocode_ctl-2.1-16.37.el7_3.src.rpm\n\nx86_64:\nmicrocode_ctl-2.1-16.37.el7_3.x86_64.rpm\nmicrocode_ctl-debuginfo-2.1-16.37.el7_3.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-8695\nhttps://access.redhat.com/security/cve/CVE-2020-8696\nhttps://access.redhat.com/security/cve/CVE-2020-8698\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX7v1LtzjgjWX9erEAQhhzBAAi0jG7U8W+Dm2A/Nq40aoLyRcGknttkV1\n0wwy62OR4KUnqiP0gHB8Sjh6UpAPqhLNExc2+B8RyUB23yUe8/PRB1fUqpmf5150\nmzwiORZfu572ao7GLskdc4SUydVSqY9QuTK7mTm+HGmOm2XQpics51xWjyfKM/TN\n5lrrd3DXxTrXwsjva2tPJcCp9A1s3XAVjK16Fu+FcKvXsgxruUy41YxJMsY8Mxfj\npPRzcXdMvPQYhvyv8y1KY2Mz5WMKdpOK83X6Y9iYL6d0g2UT1d3cw8AOHc6GYNFS\nMhLDUASoII2A4xWkXCOyaocrg58QFctEHGfnxwTU5ZGq/vfOduUSLE881thD+tqD\nqgQBaz0cp0tNr+nYXvhtyX9XE4ve/lszq5BxqnNF0xi9hP8T5DwZzXnhtZ+aZML2\n3WlT3tqgkDE7hZqyqSG8Vd9ZLzVkjmnw7+tqRjIGvzN9eKQxLXg/fPkKeHGh+HOz\ny0zCBHlZKrKtz0lQHP48W9t6l0Rkh19hW1fIA46rW4C7erDcW78nBMJ2cTAxbBk1\nITTGOIHpUgn3882xKM/yAHUMK25Xkh2va/e8UpafYEazSM4H9T15N87UyCVneKdD\ns2N1tYHegx85eoOlt24Bw2RBPFHhFGWOtE0McQ09kyDKFyGJXUMqzPhBUvvJz8mE\nG3KPuKrDU0U=\n=Vap7\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-4628-2\nNovember 12, 2020\n\nintel-microcode regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nUSN-4628-1 introduced a regression in the Intel Microcode for some processors. Unfortunately,\nthat update prevented certain processors in the Intel Tiger Lake family\nfrom booting successfully. This update reverts the microcode update for\nthe Tiger Lake processor family. \n\nPlease note that the \u0027dis_ucode_ldr\u0027 kernel command line option can be\nadded in the boot menu to disable microcode loading for system recovery. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine\n Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running\n Average Power Limit (RAPL) feature of some Intel processors allowed a side-\n channel attack based on power consumption measurements. A local attacker\n could possibly use this to expose sensitive information. (CVE-2020-8695)\n \n Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that\n some Intel(R) Processors did not properly remove sensitive information\n before storage or transfer in some situations. A local attacker could\n possibly use this to expose sensitive information. (CVE-2020-8696)\n \n Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that\n some Intel(R) Processors did not properly isolate shared resources in some\n situations. A local attacker could possibly use this to expose sensitive\n information. (CVE-2020-8698)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n intel-microcode 3.20201110.0ubuntu0.20.10.2\n\nUbuntu 20.04 LTS:\n intel-microcode 3.20201110.0ubuntu0.20.04.2\n\nUbuntu 18.04 LTS:\n intel-microcode 3.20201110.0ubuntu0.18.04.2\n\nUbuntu 16.04 LTS:\n intel-microcode 3.20201110.0ubuntu0.16.04.2\n\nUbuntu 14.04 ESM:\n intel-microcode 3.20201110.0ubuntu0.14.04.2\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8698"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013420"
},
{
"db": "VULMON",
"id": "CVE-2020-8698"
},
{
"db": "PACKETSTORM",
"id": "163924"
},
{
"db": "PACKETSTORM",
"id": "163954"
},
{
"db": "PACKETSTORM",
"id": "163758"
},
{
"db": "PACKETSTORM",
"id": "163772"
},
{
"db": "PACKETSTORM",
"id": "160191"
},
{
"db": "PACKETSTORM",
"id": "160018"
},
{
"db": "PACKETSTORM",
"id": "160188"
},
{
"db": "PACKETSTORM",
"id": "160035"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8698",
"trust": 3.3
},
{
"db": "SIEMENS",
"id": "SSA-678983",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU91051134",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013420",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-22-132-05",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163772",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "160018",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "160035",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163993",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163863",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162588",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "160187",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163757",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "160407",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2604",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2905",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4124",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4327",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2797",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0423",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2721",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4017",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2355",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4200",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1664",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2945",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3959",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4153",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4033",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2672",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021083127",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021081125",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021080915",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021081834",
"trust": 0.6
},
{
"db": "LENOVO",
"id": "LEN-49266",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1657",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-8698",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163924",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163954",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163758",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160191",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160188",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8698"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013420"
},
{
"db": "PACKETSTORM",
"id": "163924"
},
{
"db": "PACKETSTORM",
"id": "163954"
},
{
"db": "PACKETSTORM",
"id": "163758"
},
{
"db": "PACKETSTORM",
"id": "163772"
},
{
"db": "PACKETSTORM",
"id": "160191"
},
{
"db": "PACKETSTORM",
"id": "160018"
},
{
"db": "PACKETSTORM",
"id": "160188"
},
{
"db": "PACKETSTORM",
"id": "160035"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1657"
},
{
"db": "NVD",
"id": "CVE-2020-8698"
}
]
},
"id": "VAR-202011-1361",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5185185333333333
},
"last_update_date": "2023-11-07T21:08:28.118000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NTAP-20201113-0006 Intel Intel\u00a0Product\u00a0Security\u00a0Center",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html"
},
{
"title": "Intel Processors Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=135724"
},
{
"title": "Red Hat: Moderate: microcode_ctl security, bug fix and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205185 - security advisory"
},
{
"title": "Red Hat: Moderate: microcode_ctl security, bug fix and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205184 - security advisory"
},
{
"title": "Red Hat: Moderate: microcode_ctl security, bug fix and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205189 - security advisory"
},
{
"title": "Red Hat: Moderate: microcode_ctl security, bug fix and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205181 - security advisory"
},
{
"title": "Red Hat: Moderate: microcode_ctl security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205083 - security advisory"
},
{
"title": "Red Hat: Moderate: microcode_ctl security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205084 - security advisory"
},
{
"title": "Red Hat: Moderate: microcode_ctl security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205190 - security advisory"
},
{
"title": "Red Hat: Moderate: microcode_ctl security, bug fix and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205182 - security advisory"
},
{
"title": "Red Hat: Moderate: microcode_ctl security, bug fix and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205183 - security advisory"
},
{
"title": "Red Hat: Moderate: microcode_ctl security, bug fix and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205369 - security advisory"
},
{
"title": "Red Hat: Moderate: microcode_ctl security, bug fix and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205085 - security advisory"
},
{
"title": "Red Hat: Moderate: microcode_ctl security, bug fix and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205188 - security advisory"
},
{
"title": "Red Hat: Moderate: microcode_ctl security, bug fix and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20205186 - security advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2020-8698 log"
},
{
"title": "Arch Linux Advisories: [ASA-202102-34] intel-ucode: information disclosure",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202102-34"
},
{
"title": "Citrix Security Bulletins: Citrix Hypervisor Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=0196318f80fa91831e1ad927f423d728"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=0bfef52a44075162940391ee650c313e"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBHF03705 rev. 6 - BIOS November 2020 Security Updates",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=892287da75187b64a9430d6c2f52fb94"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBHF03705 rev. 6 - BIOS November 2020 Security Updates",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=f872c139829b190dd155b5676016edf1"
},
{
"title": "HP: HPSBHF03705 rev. 1 - BIOS November 2020 Security Updates",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=hpsbhf03705"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8698"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013420"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1657"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-668",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013420"
},
{
"db": "NVD",
"id": "CVE-2020-8698"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8698"
},
{
"trust": 1.7,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20201113-0006/"
},
{
"trust": 1.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/maagik5cxkbpgy3r4ur5vo56m7mklz43/"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8698"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91051134/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8696"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8695"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-8695"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-8696"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163863/red-hat-security-advisory-2021-3176-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3959/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163757/red-hat-security-advisory-2021-3027-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021081834"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160035/ubuntu-security-notice-usn-4628-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4200/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4153/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160018/ubuntu-security-notice-usn-4628-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163772/red-hat-security-advisory-2021-3029-01.html"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-132-05"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4327/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160187/red-hat-security-advisory-2020-5184-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021081125"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021083127"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2355"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163993/red-hat-security-advisory-2021-3364-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/intel-processors-information-disclosure-33881"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4033/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2905"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4017/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162588/ubuntu-security-notice-usn-4628-3.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4124/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0423"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2721"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021080915"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2604"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2945"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/product_security/len-49266"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2672"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160407/red-hat-security-advisory-2020-5369-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1664"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2797"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-24511"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24512"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-24512"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24489"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-24489"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0549"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-0543"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-0549"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0543"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24511"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0548"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-0548"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/4628-1"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/668.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5185"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-05"
},
{
"trust": 0.1,
"url": "https://support.hp.com/us-en/document/c06962236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3255"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3323"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3028"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3029"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5181"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/intel-microcode/3.20201110.0ubuntu0.16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/intel-microcode/3.20201110.0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/intel-microcode/3.20201110.0ubuntu0.20.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/intel-microcode/3.20201110.0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5183"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4628-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1903883"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/intel-microcode/3.20201110.0ubuntu0.18.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/intel-microcode/3.20201110.0ubuntu0.20.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/intel-microcode/3.20201110.0ubuntu0.16.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/intel-microcode/3.20201110.0ubuntu0.20.10.2"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8698"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013420"
},
{
"db": "PACKETSTORM",
"id": "163924"
},
{
"db": "PACKETSTORM",
"id": "163954"
},
{
"db": "PACKETSTORM",
"id": "163758"
},
{
"db": "PACKETSTORM",
"id": "163772"
},
{
"db": "PACKETSTORM",
"id": "160191"
},
{
"db": "PACKETSTORM",
"id": "160018"
},
{
"db": "PACKETSTORM",
"id": "160188"
},
{
"db": "PACKETSTORM",
"id": "160035"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1657"
},
{
"db": "NVD",
"id": "CVE-2020-8698"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-8698"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013420"
},
{
"db": "PACKETSTORM",
"id": "163924"
},
{
"db": "PACKETSTORM",
"id": "163954"
},
{
"db": "PACKETSTORM",
"id": "163758"
},
{
"db": "PACKETSTORM",
"id": "163772"
},
{
"db": "PACKETSTORM",
"id": "160191"
},
{
"db": "PACKETSTORM",
"id": "160018"
},
{
"db": "PACKETSTORM",
"id": "160188"
},
{
"db": "PACKETSTORM",
"id": "160035"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1657"
},
{
"db": "NVD",
"id": "CVE-2020-8698"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-12T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8698"
},
{
"date": "2021-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013420"
},
{
"date": "2021-08-27T19:22:22",
"db": "PACKETSTORM",
"id": "163924"
},
{
"date": "2021-08-31T15:43:48",
"db": "PACKETSTORM",
"id": "163954"
},
{
"date": "2021-08-09T14:15:45",
"db": "PACKETSTORM",
"id": "163758"
},
{
"date": "2021-08-10T14:49:53",
"db": "PACKETSTORM",
"id": "163772"
},
{
"date": "2020-11-24T15:00:08",
"db": "PACKETSTORM",
"id": "160191"
},
{
"date": "2020-11-11T14:59:21",
"db": "PACKETSTORM",
"id": "160018"
},
{
"date": "2020-11-24T14:59:25",
"db": "PACKETSTORM",
"id": "160188"
},
{
"date": "2020-11-12T15:38:50",
"db": "PACKETSTORM",
"id": "160035"
},
{
"date": "2019-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1657"
},
{
"date": "2020-11-12T18:15:00",
"db": "NVD",
"id": "CVE-2020-8698"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-26T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8698"
},
{
"date": "2021-07-02T04:40:00",
"db": "JVNDB",
"id": "JVNDB-2020-013420"
},
{
"date": "2022-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1657"
},
{
"date": "2022-04-26T16:33:00",
"db": "NVD",
"id": "CVE-2020-8698"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "160018"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1657"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel(R)\u00a0 Vulnerabilities in processor products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013420"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1657"
}
],
"trust": 0.6
}
}
var-202204-1327
Vulnerability from variot
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. vim/vim Exists in a buffer error vulnerability.Service operation interruption (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: vim security update Advisory ID: RHSA-2022:5242-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5242 Issue date: 2022-06-28 CVE Names: CVE-2022-0554 CVE-2022-0943 CVE-2022-1154 CVE-2022-1420 CVE-2022-1621 CVE-2022-1629 ==================================================================== 1. Summary:
An update for vim is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64
Security Fix(es):
-
vim: Use of Out-of-range Pointer Offset in vim (CVE-2022-0554)
-
vim: Heap-based Buffer Overflow occurs in vim (CVE-2022-0943)
-
vim: Out-of-range Pointer Offset (CVE-2022-1420)
-
vim: heap buffer overflow (CVE-2022-1621)
-
vim: buffer over-read (CVE-2022-1629)
-
vim: use after free in utf_ptr2char (CVE-2022-1154)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2058483 - CVE-2022-0554 vim: Use of Out-of-range Pointer Offset in vim 2064064 - CVE-2022-0943 vim: Heap-based Buffer Overflow occurs in vim 2073013 - CVE-2022-1154 vim: use after free in utf_ptr2char 2077734 - CVE-2022-1420 vim: Out-of-range Pointer Offset 2083924 - CVE-2022-1621 vim: heap buffer overflow 2083931 - CVE-2022-1629 vim: buffer over-read
- Package List:
Red Hat Enterprise Linux AppStream (v. 9):
aarch64: vim-X11-8.2.2637-16.el9_0.2.aarch64.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-common-8.2.2637-16.el9_0.2.aarch64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm vim-enhanced-8.2.2637-16.el9_0.2.aarch64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm
ppc64le: vim-X11-8.2.2637-16.el9_0.2.ppc64le.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-common-8.2.2637-16.el9_0.2.ppc64le.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm vim-enhanced-8.2.2637-16.el9_0.2.ppc64le.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm
s390x: vim-X11-8.2.2637-16.el9_0.2.s390x.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-common-8.2.2637-16.el9_0.2.s390x.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm vim-enhanced-8.2.2637-16.el9_0.2.s390x.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm
x86_64: vim-X11-8.2.2637-16.el9_0.2.x86_64.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-common-8.2.2637-16.el9_0.2.x86_64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm vim-enhanced-8.2.2637-16.el9_0.2.x86_64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 9):
Source: vim-8.2.2637-16.el9_0.2.src.rpm
aarch64: vim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-minimal-8.2.2637-16.el9_0.2.aarch64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm
noarch: vim-filesystem-8.2.2637-16.el9_0.2.noarch.rpm
ppc64le: vim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-minimal-8.2.2637-16.el9_0.2.ppc64le.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm
s390x: vim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-minimal-8.2.2637-16.el9_0.2.s390x.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm
x86_64: vim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-minimal-8.2.2637-16.el9_0.2.x86_64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYr6V3dzjgjWX9erEAQgjKg//dM94CB7N4Qs8VgoJIWLkOPOo8LZkQ7rv NNMfLIICSC1ftk1+Yc/qYdyRQUTwzQ4ki7a9JQ4oD279rqJA0vTPQMuosEefTLi/ 3qSATQIOwsqbCCBBTCkQl7hqEMg+I+q35I/i8iAOw51Ec0EfbuoWHdQG/n8JYhTy mLmI6KcEZjRvoPJZdcxtwlAn1rwU8QC35S2x2NOF93CzP95r1ik9v/LxjJQBFVDs xbpHKU8qhmQuqqmnLgOnr8km6ufY8E2kuBfUK1/TIbi65/+ZEfKBuiF5Epfkra6B Cz3Iy8B1qwsl/FUZpzxr7xUfPRd/YEy36qh2R38DUzIzsUukk685OW06UgPJpquc 0vn2TUz2iTyNkvoocai+bDEBADWhsGNYfhBUQOa4N5Q7XBwOyg7j/J2WKIkvhECt LicGtj41J1qbKVDNSXm6hoLQnau8j3McWxjA9P4wdYPA6WzrigoWAct6y0aG1ZIv cSAAw7Wm/GQZ0VjjVBaTEJ7Ky1GHXbLw+CRVir2lgWYPGYn7nI5HNxICqP/0M8Vi 47+Pn+G+GshYhNOarGziOzvrMh7uo47WyK3dOIlBxkgflCbzNMDIUmGDQmfEWsmg qQZbciYy1FZFSEtMIKxQFSNmp6Q0DJDBXOYkVlno0GxNK7NsBtnVXTr0ga4k+0BY SbZjTjlw0C4=7TgI -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5613-2 September 19, 2022
vim regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
USN-5613-1 caused a regression in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
USN-5613-1 fixed vulnerabilities in Vim. Unfortunately that update failed to include binary packages for some architectures. This update fixes that regression.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0943)
It was discovered that Vim was using freed memory when dealing with regular expressions through its old regular expression engine. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution. (CVE-2022-1154)
It was discovered that Vim was not properly performing checks on name of lambda functions. An attacker could possibly use this issue to cause a denial of service. This issue affected only Ubuntu 22.04 LTS. (CVE-2022-1420)
It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1616)
It was discovered that Vim was not properly processing latin1 data when issuing Ex commands. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1619)
It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-1620)
It was discovered that Vim was not properly processing invalid bytes when performing spell check operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1621)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.9
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5613-2 https://ubuntu.com/security/notices/USN-5613-1 CVE-2022-0943, CVE-2022-1154, CVE-2022-1420, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621, https://launchpad.net/bugs/1989973
Package Information: https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.9
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1327",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4774"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009715"
},
{
"db": "NVD",
"id": "CVE-2022-1420"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-1420",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1420",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-419533",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1420",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.5,
"id": "CVE-2022-1420",
"impactScore": 3.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-1420",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1420",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1420",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-1420",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-3939",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-419533",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1420",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419533"
},
{
"db": "VULMON",
"id": "CVE-2022-1420"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009715"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3939"
},
{
"db": "NVD",
"id": "CVE-2022-1420"
},
{
"db": "NVD",
"id": "CVE-2022-1420"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. vim/vim Exists in a buffer error vulnerability.Service operation interruption (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: vim security update\nAdvisory ID: RHSA-2022:5242-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:5242\nIssue date: 2022-06-28\nCVE Names: CVE-2022-0554 CVE-2022-0943 CVE-2022-1154\n CVE-2022-1420 CVE-2022-1621 CVE-2022-1629\n====================================================================\n1. Summary:\n\nAn update for vim is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nSecurity Fix(es):\n\n* vim: Use of Out-of-range Pointer Offset in vim (CVE-2022-0554)\n\n* vim: Heap-based Buffer Overflow occurs in vim (CVE-2022-0943)\n\n* vim: Out-of-range Pointer Offset (CVE-2022-1420)\n\n* vim: heap buffer overflow (CVE-2022-1621)\n\n* vim: buffer over-read (CVE-2022-1629)\n\n* vim: use after free in utf_ptr2char (CVE-2022-1154)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2058483 - CVE-2022-0554 vim: Use of Out-of-range Pointer Offset in vim\n2064064 - CVE-2022-0943 vim: Heap-based Buffer Overflow occurs in vim\n2073013 - CVE-2022-1154 vim: use after free in utf_ptr2char\n2077734 - CVE-2022-1420 vim: Out-of-range Pointer Offset\n2083924 - CVE-2022-1621 vim: heap buffer overflow\n2083931 - CVE-2022-1629 vim: buffer over-read\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\naarch64:\nvim-X11-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-common-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\n\nppc64le:\nvim-X11-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-common-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\n\ns390x:\nvim-X11-8.2.2637-16.el9_0.2.s390x.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-common-8.2.2637-16.el9_0.2.s390x.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.s390x.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\n\nx86_64:\nvim-X11-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-common-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 9):\n\nSource:\nvim-8.2.2637-16.el9_0.2.src.rpm\n\naarch64:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-minimal-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\n\nnoarch:\nvim-filesystem-8.2.2637-16.el9_0.2.noarch.rpm\n\nppc64le:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-minimal-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\n\ns390x:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-minimal-8.2.2637-16.el9_0.2.s390x.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\n\nx86_64:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-minimal-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYr6V3dzjgjWX9erEAQgjKg//dM94CB7N4Qs8VgoJIWLkOPOo8LZkQ7rv\nNNMfLIICSC1ftk1+Yc/qYdyRQUTwzQ4ki7a9JQ4oD279rqJA0vTPQMuosEefTLi/\n3qSATQIOwsqbCCBBTCkQl7hqEMg+I+q35I/i8iAOw51Ec0EfbuoWHdQG/n8JYhTy\nmLmI6KcEZjRvoPJZdcxtwlAn1rwU8QC35S2x2NOF93CzP95r1ik9v/LxjJQBFVDs\nxbpHKU8qhmQuqqmnLgOnr8km6ufY8E2kuBfUK1/TIbi65/+ZEfKBuiF5Epfkra6B\nCz3Iy8B1qwsl/FUZpzxr7xUfPRd/YEy36qh2R38DUzIzsUukk685OW06UgPJpquc\n0vn2TUz2iTyNkvoocai+bDEBADWhsGNYfhBUQOa4N5Q7XBwOyg7j/J2WKIkvhECt\nLicGtj41J1qbKVDNSXm6hoLQnau8j3McWxjA9P4wdYPA6WzrigoWAct6y0aG1ZIv\ncSAAw7Wm/GQZ0VjjVBaTEJ7Ky1GHXbLw+CRVir2lgWYPGYn7nI5HNxICqP/0M8Vi\n47+Pn+G+GshYhNOarGziOzvrMh7uo47WyK3dOIlBxkgflCbzNMDIUmGDQmfEWsmg\nqQZbciYy1FZFSEtMIKxQFSNmp6Q0DJDBXOYkVlno0GxNK7NsBtnVXTr0ga4k+0BY\nSbZjTjlw0C4=7TgI\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-5613-2\nSeptember 19, 2022\n\nvim regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n\nSummary:\n\nUSN-5613-1 caused a regression in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nUSN-5613-1 fixed vulnerabilities in Vim. Unfortunately that update failed\nto include binary packages for some architectures. This update fixes that\nregression. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n It was discovered that Vim was not properly performing bounds checks\n when executing spell suggestion commands. An attacker could possibly use\n this issue to cause a denial of service or execute arbitrary code. \n (CVE-2022-0943)\n \n It was discovered that Vim was using freed memory when dealing with\n regular expressions through its old regular expression engine. If a user\n were tricked into opening a specially crafted file, an attacker could\n crash the application, leading to a denial of service, or possibly achieve\n code execution. (CVE-2022-1154)\n \n It was discovered that Vim was not properly performing checks on name of\n lambda functions. An attacker could possibly use this issue to cause a\n denial of service. This issue affected only Ubuntu 22.04 LTS. \n (CVE-2022-1420)\n \n It was discovered that Vim was incorrectly performing bounds checks\n when processing invalid commands with composing characters in Ex\n mode. An attacker could possibly use this issue to cause a denial of\n service or execute arbitrary code. (CVE-2022-1616)\n \n It was discovered that Vim was not properly processing latin1 data\n when issuing Ex commands. An attacker could possibly use this issue to\n cause a denial of service or execute arbitrary code. (CVE-2022-1619)\n \n It was discovered that Vim was not properly performing memory\n management when dealing with invalid regular expression patterns in\n buffers. An attacker could possibly use this issue to cause a denial of\n service. (CVE-2022-1620)\n \n It was discovered that Vim was not properly processing invalid bytes\n when performing spell check operations. An attacker could possibly use\n this issue to cause a denial of service or execute arbitrary code. \n (CVE-2022-1621)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.9\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5613-2\n https://ubuntu.com/security/notices/USN-5613-1\n CVE-2022-0943, CVE-2022-1154, CVE-2022-1420, CVE-2022-1616,\n CVE-2022-1619, CVE-2022-1620, CVE-2022-1621, https://launchpad.net/bugs/1989973\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.9\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1420"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009715"
},
{
"db": "VULHUB",
"id": "VHN-419533"
},
{
"db": "VULMON",
"id": "CVE-2022-1420"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1420",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "168420",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167666",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168395",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009715",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022070642",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052018",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072010",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022061208",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4617",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3226",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4641",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3939",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-419533",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1420",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419533"
},
{
"db": "VULMON",
"id": "CVE-2022-1420"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009715"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3939"
},
{
"db": "NVD",
"id": "CVE-2022-1420"
}
]
},
"id": "VAR-202204-1327",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-419533"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:58:15.771000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVPZVE2CIE2NGCHZDMEHPBWN3LK2UQAA/"
},
{
"title": "vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=191052"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1420"
},
{
"title": "Ubuntu Security Notice: USN-5613-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5613-1"
},
{
"title": "Ubuntu Security Notice: USN-5613-2: Vim regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5613-2"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1597",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1597"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1805",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1805"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-077",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-077"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1420"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009715"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3939"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-823",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "Buffer error (CWE-119) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419533"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009715"
},
{
"db": "NVD",
"id": "CVE-2022-1420"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x6e457nyoirwbjhkb7on44uy5avtg4hu/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kvpzve2cie2ngchzdmehpbwn3lk2uqaa/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/kvpzve2cie2ngchzdmehpbwn3lk2uqaa/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x6e457nyoirwbjhkb7on44uy5avtg4hu/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-1420"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4617"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070642"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-memory-corruption-via-eval-lambda-38138"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220720108"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167666/red-hat-security-advisory-2022-5242-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022061208"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1420/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4641"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168395/ubuntu-security-notice-usn-5613-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168420/ubuntu-security-notice-usn-5613-2.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052018"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3226"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5613-1"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/823.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5242"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.8"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.9"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.9"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5613-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1989973"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419533"
},
{
"db": "VULMON",
"id": "CVE-2022-1420"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009715"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3939"
},
{
"db": "NVD",
"id": "CVE-2022-1420"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-419533"
},
{
"db": "VULMON",
"id": "CVE-2022-1420"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009715"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3939"
},
{
"db": "NVD",
"id": "CVE-2022-1420"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-21T00:00:00",
"db": "VULHUB",
"id": "VHN-419533"
},
{
"date": "2022-04-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1420"
},
{
"date": "2023-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-009715"
},
{
"date": "2022-07-01T15:00:50",
"db": "PACKETSTORM",
"id": "167666"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-09-15T14:21:20",
"db": "PACKETSTORM",
"id": "168395"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-09-19T18:26:16",
"db": "PACKETSTORM",
"id": "168420"
},
{
"date": "2022-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3939"
},
{
"date": "2022-04-21T11:15:08.100000",
"db": "NVD",
"id": "CVE-2022-1420"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-04T00:00:00",
"db": "VULHUB",
"id": "VHN-419533"
},
{
"date": "2022-09-09T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1420"
},
{
"date": "2023-08-08T01:57:00",
"db": "JVNDB",
"id": "JVNDB-2022-009715"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3939"
},
{
"date": "2024-11-21T06:40:41.830000",
"db": "NVD",
"id": "CVE-2022-1420"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3939"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Buffer error vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009715"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3939"
}
],
"trust": 0.6
}
}
var-202103-0609
Vulnerability from variot
Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. When the Bluetooth plug is running (in discoverable mode), Bluetooth service requests and pairing requests are automatically accepted, allowing physically proximate attackers to pair with a device running an affected version of switchboard-plug-bluetooth without the active consent of the user. By default, elementary OS doesn't expose any services via Bluetooth that allow information to be extracted by paired Bluetooth devices. However, if such services (i.e. contact list sharing software) have been installed, it's possible that attackers have been able to extract data from such services without authorization. If no such services have been installed, attackers are only able to pair with a device running an affected version without authorization and then play audio out of the device or possibly present a HID device (keyboard, mouse, etc...) to control the device. As such, users should check the list of trusted/paired devices and remove any that are not 100% confirmed to be genuine. This is fixed in version 2.3.5. To reduce the likelihood of this vulnerability on an unpatched version, only open the Bluetooth plug for short intervals when absolutely necessary and preferably not in crowded public areas. To mitigate the risk entirely with unpatched versions, do not open the Bluetooth plug within switchboard at all, and use a different method for pairing devices if necessary (e.g. bluetoothctl CLI). DanielForé switchboard-plug-bluetooth is (DanielForé) an open source application software. A power strip bluetooth plug
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-0609",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "switchboard bluetooth plug",
"scope": "lt",
"trust": 1.0,
"vendor": "elementary",
"version": "2.3.5"
},
{
"model": "switchboard bluetooth plug",
"scope": "gte",
"trust": 1.0,
"vendor": "elementary",
"version": "2.3.0"
},
{
"model": "switchboard bluetooth plug",
"scope": null,
"trust": 0.8,
"vendor": "elementary",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004622"
},
{
"db": "NVD",
"id": "CVE-2021-21367"
}
]
},
"cve": "CVE-2021-21367",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2021-21367",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-379148",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-21367",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "security-advisories@github.com",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2021-21367",
"impactScore": 2.7,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-21367",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-21367",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2021-21367",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-21367",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-905",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-379148",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379148"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004622"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-905"
},
{
"db": "NVD",
"id": "CVE-2021-21367"
},
{
"db": "NVD",
"id": "CVE-2021-21367"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. When the Bluetooth plug is running (in discoverable mode), Bluetooth service requests and pairing requests are automatically accepted, allowing physically proximate attackers to pair with a device running an affected version of switchboard-plug-bluetooth without the active consent of the user. By default, elementary OS doesn\u0027t expose any services via Bluetooth that allow information to be extracted by paired Bluetooth devices. However, if such services (i.e. contact list sharing software) have been installed, it\u0027s possible that attackers have been able to extract data from such services without authorization. If no such services have been installed, attackers are only able to pair with a device running an affected version without authorization and then play audio out of the device or possibly present a HID device (keyboard, mouse, etc...) to control the device. As such, users should check the list of trusted/paired devices and remove any that are not 100% confirmed to be genuine. This is fixed in version 2.3.5. To reduce the likelihood of this vulnerability on an unpatched version, only open the Bluetooth plug for short intervals when absolutely necessary and preferably not in crowded public areas. To mitigate the risk entirely with unpatched versions, do not open the Bluetooth plug within switchboard at all, and use a different method for pairing devices if necessary (e.g. `bluetoothctl` CLI). DanielFor\u00e9 switchboard-plug-bluetooth is (DanielFor\u00e9) an open source application software. A power strip bluetooth plug",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21367"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004622"
},
{
"db": "VULHUB",
"id": "VHN-379148"
},
{
"db": "VULMON",
"id": "CVE-2021-21367"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-21367",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004622",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202103-905",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-379148",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-21367",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379148"
},
{
"db": "VULMON",
"id": "CVE-2021-21367"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004622"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-905"
},
{
"db": "NVD",
"id": "CVE-2021-21367"
}
]
},
"id": "VAR-202103-0609",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-379148"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:57:58.784000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2021-3dedd41a06 Fedora\u00a0Update\u00a0Notification",
"trust": 0.8,
"url": "https://github.com/elementary/switchboard-plug-bluetooth/commit/86500e645a907538abafe5225b67cc12c03e7645"
},
{
"title": "Switchboard Bluetooth Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144324"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004622"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-905"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.1
},
{
"problemtype": "Bad authentication (CWE-863) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379148"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004622"
},
{
"db": "NVD",
"id": "CVE-2021-21367"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://github.com/elementary/switchboard-plug-bluetooth/security/advisories/ghsa-5p3g-j69g-w2mq"
},
{
"trust": 1.8,
"url": "https://github.com/elementary/switchboard-plug-bluetooth/commit/86500e645a907538abafe5225b67cc12c03e7645"
},
{
"trust": 1.8,
"url": "https://github.com/elementary/switchboard-plug-bluetooth/releases/tag/2.3.5"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21367"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/av7wko5szhtf3qemx4wz576hrecig6vq/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/swuppvfg76pxqa3ahsgkyprmvz5ayhzi/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/o7tcgm4b45vlujdce5phfya5kbnhd4ra/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/o7tcgm4b45vlujdce5phfya5kbnhd4ra/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/swuppvfg76pxqa3ahsgkyprmvz5ayhzi/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/av7wko5szhtf3qemx4wz576hrecig6vq/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/switchboard-bluetooth-plug-information-disclosure-via-incorrect-authorization-34872"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/863.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198171"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379148"
},
{
"db": "VULMON",
"id": "CVE-2021-21367"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004622"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-905"
},
{
"db": "NVD",
"id": "CVE-2021-21367"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-379148"
},
{
"db": "VULMON",
"id": "CVE-2021-21367"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004622"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-905"
},
{
"db": "NVD",
"id": "CVE-2021-21367"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-12T00:00:00",
"db": "VULHUB",
"id": "VHN-379148"
},
{
"date": "2021-03-12T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21367"
},
{
"date": "2021-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004622"
},
{
"date": "2021-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-905"
},
{
"date": "2021-03-12T17:15:12.753000",
"db": "NVD",
"id": "CVE-2021-21367"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-379148"
},
{
"date": "2021-03-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21367"
},
{
"date": "2021-11-25T06:54:00",
"db": "JVNDB",
"id": "JVNDB-2021-004622"
},
{
"date": "2021-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-905"
},
{
"date": "2024-11-21T05:48:12.617000",
"db": "NVD",
"id": "CVE-2021-21367"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-905"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "elementary\u00a0OS\u00a0 for \u00a0Switchboard\u00a0Bluetooth\u00a0Plug\u00a0 Authentication Vulnerability in Microsoft",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004622"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-905"
}
],
"trust": 0.6
}
}
var-201903-0388
Vulnerability from variot
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. libssh2 Contains an integer overflow vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. libssh2 is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, perform unauthorized actions, cause denial-of-service conditions, retrieve sensitive information; other attacks may also be possible. It can execute remote commands and file transfers, and at the same time provide a secure transmission channel for remote programs. An integer overflow vulnerability exists in libssh2. The vulnerability is caused by the '_libssh2_transport_read()' function not properly checking the packet_length value from the server. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-9-26-7 Xcode 11.0
Xcode 11.0 addresses the following:
IDE SCM Available for: macOS Mojave 10.14.4 and later Impact: Multiple issues in libssh2 Description: Multiple issues were addressed by updating to version 2.16. CVE-2019-3855: Chris Coulson
ld64 Available for: macOS Mojave 10.14.4 and later Impact: Compiling code without proper input validation could lead to arbitrary code execution with user privilege Description: Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. CVE-2019-8721: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8722: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8723: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8724: Pan ZhenPeng of Qihoo 360 Nirvan Team
otool Available for: macOS Mojave 10.14.4 and later Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8738: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team CVE-2019-8739: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team
Installation note:
Xcode 11.0 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "11.0". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: libssh2 security update Advisory ID: RHSA-2019:0679-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0679 Issue date: 2019-03-28 CVE Names: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3863 ==================================================================== 1. Summary:
An update for libssh2 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le, s390x
- Description:
The libssh2 packages provide a library that implements the SSH2 protocol.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing these updated packages, all running applications using libssh2 must be restarted for this update to take effect.
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: libssh2-1.4.3-12.el7_6.2.src.rpm
x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm
x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: libssh2-1.4.3-12.el7_6.2.src.rpm
x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm
x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: libssh2-1.4.3-12.el7_6.2.src.rpm
ppc64: libssh2-1.4.3-12.el7_6.2.ppc.rpm libssh2-1.4.3-12.el7_6.2.ppc64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64.rpm
ppc64le: libssh2-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm
s390x: libssh2-1.4.3-12.el7_6.2.s390.rpm libssh2-1.4.3-12.el7_6.2.s390x.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm
x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source: libssh2-1.4.3-12.el7_6.2.src.rpm
aarch64: libssh2-1.4.3-12.el7_6.2.aarch64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.aarch64.rpm
ppc64le: libssh2-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm
s390x: libssh2-1.4.3-12.el7_6.2.s390.rpm libssh2-1.4.3-12.el7_6.2.s390x.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm
ppc64: libssh2-debuginfo-1.4.3-12.el7_6.2.ppc.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc64.rpm
ppc64le: libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc64le.rpm
s390x: libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm libssh2-devel-1.4.3-12.el7_6.2.s390.rpm libssh2-devel-1.4.3-12.el7_6.2.s390x.rpm
x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64: libssh2-debuginfo-1.4.3-12.el7_6.2.aarch64.rpm libssh2-devel-1.4.3-12.el7_6.2.aarch64.rpm
noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm
ppc64le: libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc64le.rpm
s390x: libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm libssh2-devel-1.4.3-12.el7_6.2.s390.rpm libssh2-devel-1.4.3-12.el7_6.2.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: libssh2-1.4.3-12.el7_6.2.src.rpm
x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm
x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-3855 https://access.redhat.com/security/cve/CVE-2019-3856 https://access.redhat.com/security/cve/CVE-2019-3857 https://access.redhat.com/security/cve/CVE-2019-3863 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXJznXNzjgjWX9erEAQiaLQ/+NOZQa78T9tZT0qw516dUqmfm8y03YJDd LDgRcAbSQIlYF59kO4SxBZ13APCc8ippJXzSeBS49AeQLdesjaj3bYnWXeAiDwIE wE2zqYhjBH3YUW8vmoP26sC4Ov8rijsevHQcn7PcRiTrR/gSdzU59LkxouyWokAC nFVzke+D7aQMFv6mo9EbEEH1Q85/WIfJKKB4XuCHM13L1ohLuVVQnsjxwZtq8hev FCQp1moLuyyvDGjEa0lhp05gqIoDGPccpAzlcbz/HWgkb/6nGOQeTsGkN4MPCqbA O5YilLdgg3/HASMhtWopCgLQucDI6UEdA4sqAmQFJT5sB19kfJVRDQYSKIim8Tno 7DICVw0x5p4YzexurImz5tORwsAhTsKt52Z32KEgaVfZLqBwdJP+l3mQaS4H9wZ7 z4hSB+EPaK6UbKJVq5D5/vhYJlQsSd8sDkLcz30UqNpY0o3LwqBK/8m8apikjxCu cdM0ykUZJsccAB0zwuteBP9dEvyUHFhSkpQgWDZIqHgOuE2jpCnIRpl3aRDgB+ND XkktDObjALWmIqg1Zs6+vLIDhGKG08ZNSpwaLZQrvFK59aGA/2BTDgupJh607Tv4 D/l/yO/KxEaUQa5zsFpej2gIfIFElzZc82/ZmWaViyALtpjJ/kKdC4Fzb5PlVIuH tLzz6XhldNU=R5e5 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7.5) - noarch, ppc64, ppc64le, s390x, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4431-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2019 https://www.debian.org/security/faq
Package : libssh2 CVE ID : CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 Debian Bug : 924965
Chris Coulson discovered several vulnerabilities in libssh2, a SSH2 client-side library, which could result in denial of service, information leaks or the execution of arbitrary code.
For the stable distribution (stretch), these problems have been fixed in version 1.7.0-1+deb9u1.
We recommend that you upgrade your libssh2 packages
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0388",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "libssh2",
"scope": "lt",
"trust": 1.8,
"vendor": "libssh2",
"version": "1.8.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "28"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "xcode",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 0.8,
"vendor": "fedora",
"version": "29"
},
{
"model": "ontap select deploy administration utility",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux desktop",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "none"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "aus"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "eus"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "tus"
},
{
"model": "enterprise linux workstation",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.8"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.7"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.6"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.5"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.4.3"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.4.2"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.4.1"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.4"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.3"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.2.8"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.1"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "0.3"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "0.15"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "0.11"
},
{
"model": "libssh2",
"scope": "eq",
"trust": 0.3,
"vendor": "libssh2",
"version": "0.1"
},
{
"model": "libssh2",
"scope": "ne",
"trust": 0.3,
"vendor": "libssh2",
"version": "1.8.1"
}
],
"sources": [
{
"db": "BID",
"id": "107485"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:libssh2:libssh2",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:netapp:ontap_select_administration_utility",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Coulson of Canonical Ltd.,Slackware Security Team",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
}
],
"trust": 0.6
},
"cve": "CVE-2019-3855",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-3855",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-155290",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-3855",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "secalert@redhat.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2019-3855",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3855",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3855",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2019-3855",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-3855",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-634",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-155290",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-3855",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. libssh2 Contains an integer overflow vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. libssh2 is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code, perform unauthorized actions, cause denial-of-service conditions, retrieve sensitive information; other attacks may also be possible. It can execute remote commands and file transfers, and at the same time provide a secure transmission channel for remote programs. An integer overflow vulnerability exists in libssh2. The vulnerability is caused by the \u0027_libssh2_transport_read()\u0027 function not properly checking the packet_length value from the server. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-9-26-7 Xcode 11.0\n\nXcode 11.0 addresses the following:\n\nIDE SCM\nAvailable for: macOS Mojave 10.14.4 and later\nImpact: Multiple issues in libssh2\nDescription: Multiple issues were addressed by updating to version\n2.16. \nCVE-2019-3855: Chris Coulson\n\nld64\nAvailable for: macOS Mojave 10.14.4 and later\nImpact: Compiling code without proper input validation could lead to\narbitrary code execution with user privilege\nDescription: Multiple issues in ld64 in the Xcode toolchains were\naddressed by updating to version ld64-507.4. \nCVE-2019-8721: Pan ZhenPeng of Qihoo 360 Nirvan Team\nCVE-2019-8722: Pan ZhenPeng of Qihoo 360 Nirvan Team\nCVE-2019-8723: Pan ZhenPeng of Qihoo 360 Nirvan Team\nCVE-2019-8724: Pan ZhenPeng of Qihoo 360 Nirvan Team\n\notool\nAvailable for: macOS Mojave 10.14.4 and later\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8738: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team\nCVE-2019-8739: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team\n\nInstallation note:\n\nXcode 11.0 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"11.0\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: libssh2 security update\nAdvisory ID: RHSA-2019:0679-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:0679\nIssue date: 2019-03-28\nCVE Names: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857\n CVE-2019-3863\n====================================================================\n1. Summary:\n\nAn update for libssh2 is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le, s390x\n\n3. Description:\n\nThe libssh2 packages provide a library that implements the SSH2 protocol. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing these updated packages, all running applications using\nlibssh2 must be restarted for this update to take effect. \n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nlibssh2-1.4.3-12.el7_6.2.src.rpm\n\nx86_64:\nlibssh2-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nlibssh2-docs-1.4.3-12.el7_6.2.noarch.rpm\n\nx86_64:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nlibssh2-1.4.3-12.el7_6.2.src.rpm\n\nx86_64:\nlibssh2-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nlibssh2-docs-1.4.3-12.el7_6.2.noarch.rpm\n\nx86_64:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nlibssh2-1.4.3-12.el7_6.2.src.rpm\n\nppc64:\nlibssh2-1.4.3-12.el7_6.2.ppc.rpm\nlibssh2-1.4.3-12.el7_6.2.ppc64.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc64.rpm\n\nppc64le:\nlibssh2-1.4.3-12.el7_6.2.ppc64le.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm\n\ns390x:\nlibssh2-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-1.4.3-12.el7_6.2.s390x.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm\n\nx86_64:\nlibssh2-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nlibssh2-1.4.3-12.el7_6.2.src.rpm\n\naarch64:\nlibssh2-1.4.3-12.el7_6.2.aarch64.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.aarch64.rpm\n\nppc64le:\nlibssh2-1.4.3-12.el7_6.2.ppc64le.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm\n\ns390x:\nlibssh2-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-1.4.3-12.el7_6.2.s390x.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nnoarch:\nlibssh2-docs-1.4.3-12.el7_6.2.noarch.rpm\n\nppc64:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc64.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.ppc.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.ppc64.rpm\n\nppc64le:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.ppc64le.rpm\n\ns390x:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.s390x.rpm\n\nx86_64:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.aarch64.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.aarch64.rpm\n\nnoarch:\nlibssh2-docs-1.4.3-12.el7_6.2.noarch.rpm\n\nppc64le:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.ppc64le.rpm\n\ns390x:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.s390.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.s390x.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nlibssh2-1.4.3-12.el7_6.2.src.rpm\n\nx86_64:\nlibssh2-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nnoarch:\nlibssh2-docs-1.4.3-12.el7_6.2.noarch.rpm\n\nx86_64:\nlibssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.i686.rpm\nlibssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-3855\nhttps://access.redhat.com/security/cve/CVE-2019-3856\nhttps://access.redhat.com/security/cve/CVE-2019-3857\nhttps://access.redhat.com/security/cve/CVE-2019-3863\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXJznXNzjgjWX9erEAQiaLQ/+NOZQa78T9tZT0qw516dUqmfm8y03YJDd\nLDgRcAbSQIlYF59kO4SxBZ13APCc8ippJXzSeBS49AeQLdesjaj3bYnWXeAiDwIE\nwE2zqYhjBH3YUW8vmoP26sC4Ov8rijsevHQcn7PcRiTrR/gSdzU59LkxouyWokAC\nnFVzke+D7aQMFv6mo9EbEEH1Q85/WIfJKKB4XuCHM13L1ohLuVVQnsjxwZtq8hev\nFCQp1moLuyyvDGjEa0lhp05gqIoDGPccpAzlcbz/HWgkb/6nGOQeTsGkN4MPCqbA\nO5YilLdgg3/HASMhtWopCgLQucDI6UEdA4sqAmQFJT5sB19kfJVRDQYSKIim8Tno\n7DICVw0x5p4YzexurImz5tORwsAhTsKt52Z32KEgaVfZLqBwdJP+l3mQaS4H9wZ7\nz4hSB+EPaK6UbKJVq5D5/vhYJlQsSd8sDkLcz30UqNpY0o3LwqBK/8m8apikjxCu\ncdM0ykUZJsccAB0zwuteBP9dEvyUHFhSkpQgWDZIqHgOuE2jpCnIRpl3aRDgB+ND\nXkktDObjALWmIqg1Zs6+vLIDhGKG08ZNSpwaLZQrvFK59aGA/2BTDgupJh607Tv4\nD/l/yO/KxEaUQa5zsFpej2gIfIFElzZc82/ZmWaViyALtpjJ/kKdC4Fzb5PlVIuH\ntLzz6XhldNU=R5e5\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 7.5) - noarch, ppc64, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4431-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nApril 13, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libssh2\nCVE ID : CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858\n CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862\n CVE-2019-3863\nDebian Bug : 924965\n\nChris Coulson discovered several vulnerabilities in libssh2, a SSH2\nclient-side library, which could result in denial of service,\ninformation leaks or the execution of arbitrary code. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.7.0-1+deb9u1. \n\nWe recommend that you upgrade your libssh2 packages",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3855"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "BID",
"id": "107485"
},
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"db": "PACKETSTORM",
"id": "154655"
},
{
"db": "PACKETSTORM",
"id": "152282"
},
{
"db": "PACKETSTORM",
"id": "153654"
},
{
"db": "PACKETSTORM",
"id": "153811"
},
{
"db": "PACKETSTORM",
"id": "152509"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3855",
"trust": 3.4
},
{
"db": "BID",
"id": "107485",
"trust": 2.1
},
{
"db": "PACKETSTORM",
"id": "152136",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/03/18/3",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.4341",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2340",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4083",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1274",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4479.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0911",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4226",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0996",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0894",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "152509",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "153654",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "154655",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "152282",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "153811",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "153510",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153969",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-155290",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-3855",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"db": "BID",
"id": "107485"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "PACKETSTORM",
"id": "154655"
},
{
"db": "PACKETSTORM",
"id": "152282"
},
{
"db": "PACKETSTORM",
"id": "153654"
},
{
"db": "PACKETSTORM",
"id": "153811"
},
{
"db": "PACKETSTORM",
"id": "152509"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"id": "VAR-201903-0388",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155290"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T22:03:47.806000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[SECURITY] [DLA 1730-1] libssh2 security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"title": "DSA-4431",
"trust": 0.8,
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"title": "FEDORA-2019-f31c14682f",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/"
},
{
"title": "Possible integer overflow in transport read allows out-of-bounds write",
"trust": 0.8,
"url": "https://www.libssh2.org/CVE-2019-3855.html"
},
{
"title": "NTAP-20190327-0005",
"trust": 0.8,
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"title": "Bug 1687303",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855"
},
{
"title": "RHSA-2019:0679",
"trust": 0.8,
"url": "https://access.redhat.com/errata/RHSA-2019:0679"
},
{
"title": "libssh2 Fixes for digital error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90196"
},
{
"title": "Red Hat: Important: libssh2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191652 - Security Advisory"
},
{
"title": "Red Hat: Important: libssh2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191791 - Security Advisory"
},
{
"title": "Red Hat: Important: libssh2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192399 - Security Advisory"
},
{
"title": "Red Hat: Important: libssh2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20190679 - Security Advisory"
},
{
"title": "Red Hat: Important: libssh2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191943 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: libssh2: CVE-2019-13115",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=fae8ca9a607a0d36a41864075e4d1739"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-3855"
},
{
"title": "Red Hat: Important: virt:rhel security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191175 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1254",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2019-1254"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1199",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1199"
},
{
"title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities (CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3863)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=90ea192442f00a544f31c35e3585a0e6"
},
{
"title": "Debian CVElist Bug Report Logs: libssh2: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=00191547a456d0cf5c7b101c1774a050"
},
{
"title": "Debian Security Advisories: DSA-4431-1 libssh2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=32e9048e9588619b2dfacda6369a23ee"
},
{
"title": "IBM: IBM Security Bulletin: IBM QRadar Network Security is affected by multiple libssh2 vulnerabilities (CVE-2019-3863, CVE-2019-3857, CVE-2019-3856, CVE-2019-3855)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55b92934c6d6315aa40e8be4ce2a8bf4"
},
{
"title": "IBM: IBM Security Bulletin: Vulnerabiliies in libssh2 affect PowerKVM",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=6e0e5e527a9204c06a52ef667608c6e8"
},
{
"title": "Arch Linux Advisories: [ASA-201903-13] libssh2: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201903-13"
},
{
"title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=b76ca4c2e9a0948d77d969fddc7b121b"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0cf12ffad0c479958deb0741d0970b4e"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=767e8ff3a913d6c9b177c63c24420933"
},
{
"title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Release 1801-z",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4ef3e54cc5cdc194f0526779f9480f89"
},
{
"title": "Fortinet Security Advisories: libssh2 integer overflow and out of bounds read/write vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=FG-IR-19-099"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Security vulnerabilities have been fixed in the IBM Security Access Manager Appliance",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1519a5f830589c3bab8a20f4163374ae"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "TrivyWeb",
"trust": 0.1,
"url": "https://github.com/KorayAgaya/TrivyWeb "
},
{
"title": "github_aquasecurity_trivy",
"trust": 0.1,
"url": "https://github.com/back8/github_aquasecurity_trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/simiyo/trivy "
},
{
"title": "security",
"trust": 0.1,
"url": "https://github.com/umahari/security "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Mohzeela/external-secret "
},
{
"title": "Vulnerability-Scanner-for-Containers",
"trust": 0.1,
"url": "https://github.com/t31m0/Vulnerability-Scanner-for-Containers "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/siddharthraopotukuchi/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/aquasecurity/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/knqyf263/trivy "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000S/PoC-in-GitHub "
},
{
"title": "CVE-POC",
"trust": 0.1,
"url": "https://github.com/0xT11/CVE-POC "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/nomi-sec/PoC-in-GitHub "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/hectorgie/PoC-in-GitHub "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.9
},
{
"problemtype": "CWE-787",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://packetstormsecurity.com/files/152136/slackware-security-advisory-libssh2-updates.html"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/107485"
},
{
"trust": 2.4,
"url": "https://www.debian.org/security/2019/dsa-4431"
},
{
"trust": 2.1,
"url": "https://www.libssh2.org/cve-2019-3855.html"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:0679"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:1791"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:1943"
},
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3855"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/mar/25"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/apr/25"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/sep/49"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3855"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190327-0005/"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht210609"
},
{
"trust": 1.8,
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2019/sep/42"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2019/03/18/3"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1175"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:1652"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2399"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xcwea5zclkrduk62qvvymfwlwkopx3lo/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5dk6vo2ceutajfyikwnzkekymyr3no2o/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6lunhpw64igcasz4jq2j5kdxnzn53dww/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/m7if3lnhoa75o4wzwihjlirma5ljued3/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3855\\"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5dk6vo2ceutajfyikwnzkekymyr3no2o/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/m7if3lnhoa75o4wzwihjlirma5ljued3/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6lunhpw64igcasz4jq2j5kdxnzn53dww/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xcwea5zclkrduk62qvvymfwlwkopx3lo/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-3855"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-3856"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-3857"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-3863"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190655-1.html"
},
{
"trust": 0.6,
"url": "https://fortiguard.com/psirt/fg-ir-19-099"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1115655"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1115643"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1115649"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201913982-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520674"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/libssh2-multiple-vulnerabilities-28768"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77838"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1120209"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht210609"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1116357"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2340/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4226/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1170634"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79010"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4341/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77478"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77406"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4479.2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management-module-ii-imm2-is-affected-by-multiple-vulnerabilities-in-libssh2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4083"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3856"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3857"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3863"
},
{
"trust": 0.3,
"url": "http://www.libssh2.org/"
},
{
"trust": 0.3,
"url": "https://www.libssh2.org/changes.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-3858"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-3859"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-3860"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-3861"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-3862"
},
{
"trust": 0.3,
"url": "https://www.libssh2.org/cve-2019-3856.html"
},
{
"trust": 0.3,
"url": "https://www.libssh2.org/cve-2019-3857.html"
},
{
"trust": 0.3,
"url": "https://www.libssh2.org/cve-2019-3858.html"
},
{
"trust": 0.3,
"url": "https://www.libssh2.org/cve-2019-3859.html"
},
{
"trust": 0.3,
"url": "https://www.libssh2.org/cve-2019-3860.html"
},
{
"trust": 0.3,
"url": "https://www.libssh2.org/cve-2019-3861.html"
},
{
"trust": 0.3,
"url": "https://www.libssh2.org/cve-2019-3862.html"
},
{
"trust": 0.3,
"url": "https://www.libssh2.org/cve-2019-3863.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/korayagaya/trivyweb"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8724"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8738"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8739"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/libssh2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3859"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3860"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3861"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3858"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"db": "BID",
"id": "107485"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "PACKETSTORM",
"id": "154655"
},
{
"db": "PACKETSTORM",
"id": "152282"
},
{
"db": "PACKETSTORM",
"id": "153654"
},
{
"db": "PACKETSTORM",
"id": "153811"
},
{
"db": "PACKETSTORM",
"id": "152509"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155290"
},
{
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"db": "BID",
"id": "107485"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"db": "PACKETSTORM",
"id": "154655"
},
{
"db": "PACKETSTORM",
"id": "152282"
},
{
"db": "PACKETSTORM",
"id": "153654"
},
{
"db": "PACKETSTORM",
"id": "153811"
},
{
"db": "PACKETSTORM",
"id": "152509"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-155290"
},
{
"date": "2019-03-21T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"date": "2019-03-18T00:00:00",
"db": "BID",
"id": "107485"
},
{
"date": "2019-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"date": "2019-09-29T10:11:11",
"db": "PACKETSTORM",
"id": "154655"
},
{
"date": "2019-03-28T16:23:48",
"db": "PACKETSTORM",
"id": "152282"
},
{
"date": "2019-07-16T20:10:44",
"db": "PACKETSTORM",
"id": "153654"
},
{
"date": "2019-07-30T18:13:57",
"db": "PACKETSTORM",
"id": "153811"
},
{
"date": "2019-04-15T16:33:02",
"db": "PACKETSTORM",
"id": "152509"
},
{
"date": "2019-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"date": "2019-03-21T21:29:00.433000",
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-155290"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3855"
},
{
"date": "2019-03-18T00:00:00",
"db": "BID",
"id": "107485"
},
{
"date": "2019-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002832"
},
{
"date": "2021-12-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-634"
},
{
"date": "2024-11-21T04:42:43.427000",
"db": "NVD",
"id": "CVE-2019-3855"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libssh2 Integer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002832"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-634"
}
],
"trust": 0.6
}
}
var-202210-1373
Vulnerability from variot
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. F5 Networks of nginx Products from other vendors have out-of-bounds write vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5281-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 15, 2022 https://www.debian.org/security/faq
Package : nginx CVE ID : CVE-2022-41741 CVE-2022-41742
It was discovered that parsing errors in the mp4 module of Nginx, a high-performance web and reverse proxy server, could result in denial of service, memory disclosure or potentially the execution of arbitrary code when processing a malformed mp4 file.
This module is only enabled in the nginx-extras binary package.
For the stable distribution (bullseye), these problems have been fixed in version 1.18.0-6.1+deb11u3.
We recommend that you upgrade your nginx packages.
For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNz9JcACgkQEMKTtsN8 Tjb4tg/7BRkAkF48UvvRjLolxVVuV1paSTRG8ArEeW3fHyA0fxs2UMuRL4ic1vqc i3wxAAfHvYoOnk+QBY20Ly2MN7S7OukNovKE9AZCPulyYkVjtIWNSBeY0PzCU60y RP/KCZAGoGEYi6s4SUrK194ved+7jIcybgLvvGA8FRKW3wTRvzRGMfR6NTLuP7B3 th0C5+KkapE8G5XlHWOIjv1h3Ok40cua7LtYx9RTITJ+wClvkJ6gPcCXXj/CnWWa PUvuEBwyr0PEBXfL9v1P8Eq1MmN+mWU9KeLYxIC+vcJxtpsYL67tMHIGTlDUgDVE FrXrDXi7XP/6hjl7t/J/cTPEwy/twX0emUQcUDlRNlOxh3skSmdPJP7DMu+t9UtQ suepgZ+oHfHh3gs9EWz2zRqbsVO03NjhKo9ebIjhe3H0P39cX3NN5qlSJeNTY45k VBDecnPQnhYqYuzqwXy5ZoUQDcU0Bo7zaUzeYhUsfXqrROV/tj+UTMrM2anHdQ4B kAOrCBpmGP1lLvDs2PzBcWmBtII/5VTKZep05xH0L+dZWDV07j1ekCzv3/kuKiMl GTJQ7yl3fgKjLdkjMFKQIfsm3xdYwzxjOmtEY86tUV0LjtdR2GlJtF4YdIQhA4b1 /R82ZisLfmZ4ElL+ua8iypLOe9reyO4EpVVDkeewFS64Ye1Wn3k=3mDY -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1373",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "r1"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.23.1"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "r22"
},
{
"model": "nginx ingress controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.12.4"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.22.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "r2"
},
{
"model": "nginx ingress controller",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "2.4.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "r27"
},
{
"model": "nginx",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "1.23.0"
},
{
"model": "nginx ingress controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.9.0"
},
{
"model": "nginx ingress controller",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "2.0.0"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.3"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "fedora",
"scope": "eq",
"trust": 0.8,
"vendor": "fedora",
"version": "37"
},
{
"model": "fedora",
"scope": "eq",
"trust": 0.8,
"vendor": "fedora",
"version": "36"
},
{
"model": "nginx ingress controller",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 0.8,
"vendor": "fedora",
"version": "project"
},
{
"model": "nginx",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 0.8,
"vendor": "fedora",
"version": "35"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022651"
},
{
"db": "NVD",
"id": "CVE-2022-41742"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Debian",
"sources": [
{
"db": "PACKETSTORM",
"id": "169909"
}
],
"trust": 0.1
},
"cve": "CVE-2022-41742",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-41742",
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-41742",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-41742",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "f5sirt@f5.com",
"id": "CVE-2022-41742",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-41742",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1409",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022651"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1409"
},
{
"db": "NVD",
"id": "CVE-2022-41742"
},
{
"db": "NVD",
"id": "CVE-2022-41742"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. F5 Networks of nginx Products from other vendors have out-of-bounds write vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5281-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 15, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nginx\nCVE ID : CVE-2022-41741 CVE-2022-41742\n\nIt was discovered that parsing errors in the mp4 module of Nginx, a\nhigh-performance web and reverse proxy server, could result in denial\nof service, memory disclosure or potentially the execution of arbitrary\ncode when processing a malformed mp4 file. \n\nThis module is only enabled in the nginx-extras binary package. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.18.0-6.1+deb11u3. \n\nWe recommend that you upgrade your nginx packages. \n\nFor the detailed security status of nginx please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nginx\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNz9JcACgkQEMKTtsN8\nTjb4tg/7BRkAkF48UvvRjLolxVVuV1paSTRG8ArEeW3fHyA0fxs2UMuRL4ic1vqc\ni3wxAAfHvYoOnk+QBY20Ly2MN7S7OukNovKE9AZCPulyYkVjtIWNSBeY0PzCU60y\nRP/KCZAGoGEYi6s4SUrK194ved+7jIcybgLvvGA8FRKW3wTRvzRGMfR6NTLuP7B3\nth0C5+KkapE8G5XlHWOIjv1h3Ok40cua7LtYx9RTITJ+wClvkJ6gPcCXXj/CnWWa\nPUvuEBwyr0PEBXfL9v1P8Eq1MmN+mWU9KeLYxIC+vcJxtpsYL67tMHIGTlDUgDVE\nFrXrDXi7XP/6hjl7t/J/cTPEwy/twX0emUQcUDlRNlOxh3skSmdPJP7DMu+t9UtQ\nsuepgZ+oHfHh3gs9EWz2zRqbsVO03NjhKo9ebIjhe3H0P39cX3NN5qlSJeNTY45k\nVBDecnPQnhYqYuzqwXy5ZoUQDcU0Bo7zaUzeYhUsfXqrROV/tj+UTMrM2anHdQ4B\nkAOrCBpmGP1lLvDs2PzBcWmBtII/5VTKZep05xH0L+dZWDV07j1ekCzv3/kuKiMl\nGTJQ7yl3fgKjLdkjMFKQIfsm3xdYwzxjOmtEY86tUV0LjtdR2GlJtF4YdIQhA4b1\n/R82ZisLfmZ4ElL+ua8iypLOe9reyO4EpVVDkeewFS64Ye1Wn3k=3mDY\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41742"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022651"
},
{
"db": "VULHUB",
"id": "VHN-438029"
},
{
"db": "PACKETSTORM",
"id": "169909"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-41742",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU93250330",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-165-13",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022651",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169909",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.6109",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5959",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1409",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-438029",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-438029"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022651"
},
{
"db": "PACKETSTORM",
"id": "169909"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1409"
},
{
"db": "NVD",
"id": "CVE-2022-41742"
}
]
},
"id": "VAR-202210-1373",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-438029"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:57:57.752000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2022-97de53f202 Fedora\u00a0Update\u00a0Notification",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html"
},
{
"title": "F5 Nginx Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=237346"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022651"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1409"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-438029"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022651"
},
{
"db": "NVD",
"id": "CVE-2022-41742"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://security.netapp.com/advisory/ntap-20230120-0005/"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2022/dsa-5281"
},
{
"trust": 1.7,
"url": "https://support.f5.com/csp/article/k28112382"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bprvya4fs34vwb4fefynad7z2lfcjvei/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fd6m3pvvko35wlaa7gldbs6teq26sm64/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wborrvg7vvxyoaiad64zhes2u2viukfq/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41742"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93250330/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-13"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wborrvg7vvxyoaiad64zhes2u2viukfq/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/fd6m3pvvko35wlaa7gldbs6teq26sm64/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bprvya4fs34vwb4fefynad7z2lfcjvei/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5959"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-41742/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169909/debian-security-advisory-5281-1.html"
},
{
"trust": 0.6,
"url": "http-mp4-module-39638"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/nginx-two-vulnerabilities-via-ngx-"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6109"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nginx"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41741"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-438029"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022651"
},
{
"db": "PACKETSTORM",
"id": "169909"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1409"
},
{
"db": "NVD",
"id": "CVE-2022-41742"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-438029"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022651"
},
{
"db": "PACKETSTORM",
"id": "169909"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1409"
},
{
"db": "NVD",
"id": "CVE-2022-41742"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-438029"
},
{
"date": "2023-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-022651"
},
{
"date": "2022-11-16T16:11:49",
"db": "PACKETSTORM",
"id": "169909"
},
{
"date": "2022-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1409"
},
{
"date": "2022-10-19T22:15:12.717000",
"db": "NVD",
"id": "CVE-2022-41742"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-438029"
},
{
"date": "2024-06-17T05:27:00",
"db": "JVNDB",
"id": "JVNDB-2022-022651"
},
{
"date": "2023-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1409"
},
{
"date": "2023-11-07T03:52:58.440000",
"db": "NVD",
"id": "CVE-2022-41742"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1409"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "F5\u00a0Networks\u00a0 of \u00a0nginx\u00a0 Out-of-Bounds Write Vulnerability in Other Vendors\u0027 Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022651"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1409"
}
],
"trust": 0.6
}
}
var-202206-1427
Vulnerability from variot
Buffer Over-read in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. Versions prior to Vim 8.2 have a security vulnerability due to buffer out-of-bounds reads. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7
macOS Big Sur 11.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213443.
AppleMobileFileIntegrity Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. Entry added October 27, 2022
ATS Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t) Entry added October 27, 2022
ATS Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
Calendar Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher Entry added October 27, 2022
Contacts Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved checks. CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security
GarageBand Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: A configuration issue was addressed with additional restrictions. CVE-2022-32877: Wojciech Reguła (@_r3ggi) of SecuRing Entry added October 27, 2022
ImageIO Available for: macOS Big Sur Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622 Entry added October 27, 2022
Image Processing Available for: macOS Big Sur Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added October 27, 2022
iMovie Available for: macOS Big Sur Impact: A user may be able to view sensitive user information Description: This issue was addressed by enabling hardened runtime. CVE-2022-32896: Wojciech Reguła (@_r3ggi)
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab Entry added October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero Entry updated October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32894: an anonymous researcher
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: The issue was addressed with improved bounds checks. CVE-2022-32917: an anonymous researcher
Maps Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com Entry updated October 27, 2022
MediaLibrary Available for: macOS Big Sur Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
ncurses Available for: macOS Big Sur Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537 Entry added October 27, 2022
PackageKit Available for: macOS Big Sur Impact: An app may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-32900: Mickey Jin (@patch1t)
Sandbox Available for: macOS Big Sur Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022
Security Available for: macOS Big Sur Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de) Entry added October 27, 2022
Sidecar Available for: macOS Big Sur Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital Entry added October 27, 2022
SMB Available for: macOS Big Sur Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger Entry added October 27, 2022
Vim Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 Entry added October 27, 2022
Weather Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher Entry added October 27, 2022
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer) Entry added October 27, 2022
Additional recognition
Identity Services We would like to acknowledge Joshua Jones for their assistance.
macOS Big Sur 11.7 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpYACgkQ4RjMIDke NxnDzw/7BbMWXxZ6uPMWb3LMFZlymEZMCtL5S27GA8HXiz7SU6c2wPrF1ofp8Bbz pYGy4OrK17rAb/qHIig03TVE6EJl4ScZHv7STn1gQ5ciKqud6jL16mm2BjRCm2T4 ZQtTzrQrSRHJbBSUSsnZxi5Wp9wjIA6w8JVvMqdBrnpu3yWt8Jo0tW0d/nO1EK3I QlfDgOaiZrdHN2m/Y+kjWOhRqDLe2QWObQh95Gyybi3++ctTr58PBLBYLhWgLMoV AMj69PLudFI8cEeqhDlfVK7ept2O+WLkYeI/Px5nG7YHhndr9fiR55Rz5m2Hl44k rnxDKs9hVQLwSHAo9uJ1DBUteEzgdUJWiwGxP4InnCmhlXpJl7AkVsr7bq5iaDcT o32wNfv1BEzBBvINNfw1PZ+JwNmEwugSj1UX54GFOj3B9WjGguIi0dMqOc0j6GKm xnIwzPIlHhHb/1D17kl/kTQH602w/Mf5OIlSfL/mk0CKjwR+0QvQF5HXhULJHbqJ Kpx8C1JfhnyWqBoCuh+URCKlZJ4T3P6IUgoRzuX4Jk3TDABCP5jgEZOzj76JPE1y IVt8ULLARjjUdEOzC8dZkaeGUOAerzfxIU8QJwmrnHQI3vQX7JR9MbK1S+PRJsGy 1h69HcdL2HGpjPyDf9uI2nMOntOUrTz/PqjQUzmfllq3B42RPZs= =euaC -----END PGP SIGNATURE-----
. ========================================================================== Ubuntu Security Notice USN-5723-1 November 14, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim could be made to crash when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-1674)
It was discovered that there existed a NULL pointer dereference in Vim. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-1725)
It was discovered that there existed a buffer over-read in Vim when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2124)
It was discovered that there existed a heap buffer overflow in Vim when auto-indenting lisp. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2125)
It was discovered that there existed an out of bounds read in Vim when performing spelling suggestions. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2126)
It was discovered that Vim accessed invalid memory when executing specially crafted command line expressions. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2175)
It was discovered that there existed an out-of-bounds read in Vim when auto-indenting lisp. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2183)
It was discovered that Vim accessed invalid memory when terminal size changed. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2206)
It was discovered that there existed a stack buffer overflow in Vim's spelldump. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2304)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm13 vim-athena 2:7.4.1689-3ubuntu1.5+esm13 vim-athena-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gnome 2:7.4.1689-3ubuntu1.5+esm13 vim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk3 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-nox 2:7.4.1689-3ubuntu1.5+esm13 vim-nox-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-tiny 2:7.4.1689-3ubuntu1.5+esm13
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5723-1 CVE-2022-1674, CVE-2022-1725, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1427",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.7"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.5120"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011659"
},
{
"db": "NVD",
"id": "CVE-2022-2124"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-2124",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-2124",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-426193",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-2124",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-2124",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2124",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-2124",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2124",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-1995",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-426193",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-2124",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426193"
},
{
"db": "VULMON",
"id": "CVE-2022-2124"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011659"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1995"
},
{
"db": "NVD",
"id": "CVE-2022-2124"
},
{
"db": "NVD",
"id": "CVE-2022-2124"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer Over-read in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. Versions prior to Vim 8.2 have a security vulnerability due to buffer out-of-bounds reads. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7\n\nmacOS Big Sur 11.7 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213443. \n\nAppleMobileFileIntegrity\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \nEntry added October 27, 2022\n\nATS\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\nEntry added October 27, 2022\n\nATS\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nCalendar\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\nEntry added October 27, 2022\n\nContacts\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved checks. \nCVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security\n\nGarageBand\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: A configuration issue was addressed with additional\nrestrictions. \nCVE-2022-32877: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nEntry added October 27, 2022\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\nEntry added October 27, 2022\n\nImage Processing\nAvailable for: macOS Big Sur\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\nEntry added October 27, 2022\n\niMovie\nAvailable for: macOS Big Sur\nImpact: A user may be able to view sensitive user information\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2022-32896: Wojciech Regu\u0142a (@_r3ggi)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\nEntry added October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\nEntry updated October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32894: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32917: an anonymous researcher\n\nMaps\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\nEntry updated October 27, 2022\n\nMediaLibrary\nAvailable for: macOS Big Sur\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nncurses\nAvailable for: macOS Big Sur\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\nEntry added October 27, 2022\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: An app may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32900: Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nSecurity\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\nEntry added October 27, 2022\n\nSidecar\nAvailable for: macOS Big Sur\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\nEntry added October 27, 2022\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\nEntry added October 27, 2022\n\nVim\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: This issue was addressed with improved checks. \nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\nEntry added October 27, 2022\n\nWeather\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\nEntry added October 27, 2022\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\nEntry added October 27, 2022\n\nAdditional recognition\n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nmacOS Big Sur 11.7 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpYACgkQ4RjMIDke\nNxnDzw/7BbMWXxZ6uPMWb3LMFZlymEZMCtL5S27GA8HXiz7SU6c2wPrF1ofp8Bbz\npYGy4OrK17rAb/qHIig03TVE6EJl4ScZHv7STn1gQ5ciKqud6jL16mm2BjRCm2T4\nZQtTzrQrSRHJbBSUSsnZxi5Wp9wjIA6w8JVvMqdBrnpu3yWt8Jo0tW0d/nO1EK3I\nQlfDgOaiZrdHN2m/Y+kjWOhRqDLe2QWObQh95Gyybi3++ctTr58PBLBYLhWgLMoV\nAMj69PLudFI8cEeqhDlfVK7ept2O+WLkYeI/Px5nG7YHhndr9fiR55Rz5m2Hl44k\nrnxDKs9hVQLwSHAo9uJ1DBUteEzgdUJWiwGxP4InnCmhlXpJl7AkVsr7bq5iaDcT\no32wNfv1BEzBBvINNfw1PZ+JwNmEwugSj1UX54GFOj3B9WjGguIi0dMqOc0j6GKm\nxnIwzPIlHhHb/1D17kl/kTQH602w/Mf5OIlSfL/mk0CKjwR+0QvQF5HXhULJHbqJ\nKpx8C1JfhnyWqBoCuh+URCKlZJ4T3P6IUgoRzuX4Jk3TDABCP5jgEZOzj76JPE1y\nIVt8ULLARjjUdEOzC8dZkaeGUOAerzfxIU8QJwmrnHQI3vQX7JR9MbK1S+PRJsGy\n1h69HcdL2HGpjPyDf9uI2nMOntOUrTz/PqjQUzmfllq3B42RPZs=\n=euaC\n-----END PGP SIGNATURE-----\n\n\n. ==========================================================================\nUbuntu Security Notice USN-5723-1\nNovember 14, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim could be made to crash when searching specially\ncrafted patterns. An attacker could possibly use this to crash Vim and\ncause denial of service. (CVE-2022-1674)\n\nIt was discovered that there existed a NULL pointer dereference in Vim. An\nattacker could possibly use this to crash Vim and cause denial of service. \n(CVE-2022-1725)\n\nIt was discovered that there existed a buffer over-read in Vim when\nsearching specially crafted patterns. An attacker could possibly use this\nto crash Vim and cause denial of service. (CVE-2022-2124)\n\nIt was discovered that there existed a heap buffer overflow in Vim when\nauto-indenting lisp. An attacker could possibly use this to crash Vim and\ncause denial of service. (CVE-2022-2125)\n\nIt was discovered that there existed an out of bounds read in Vim when\nperforming spelling suggestions. An attacker could possibly use this to\ncrash Vim and cause denial of service. (CVE-2022-2126)\n\nIt was discovered that Vim accessed invalid memory when executing specially\ncrafted command line expressions. An attacker could possibly use this to\ncrash Vim, access or modify memory, or execute arbitrary commands. \n(CVE-2022-2175)\n\nIt was discovered that there existed an out-of-bounds read in Vim when\nauto-indenting lisp. An attacker could possibly use this to crash Vim,\naccess or modify memory, or execute arbitrary commands. (CVE-2022-2183)\n\n\nIt was discovered that Vim accessed invalid memory when terminal size\nchanged. An attacker could possibly use this to crash Vim, access or modify\nmemory, or execute arbitrary commands. (CVE-2022-2206)\n\nIt was discovered that there existed a stack buffer overflow in Vim\u0027s\nspelldump. An attacker could possibly use this to crash Vim and cause\ndenial of service. (CVE-2022-2304)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\nvim 2:7.4.1689-3ubuntu1.5+esm13\nvim-athena 2:7.4.1689-3ubuntu1.5+esm13\nvim-athena-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gnome 2:7.4.1689-3ubuntu1.5+esm13\nvim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk3 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-nox 2:7.4.1689-3ubuntu1.5+esm13\nvim-nox-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-tiny 2:7.4.1689-3ubuntu1.5+esm13\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\nhttps://ubuntu.com/security/notices/USN-5723-1\nCVE-2022-1674, CVE-2022-1725, CVE-2022-2124, CVE-2022-2125,\nCVE-2022-2126, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\nCVE-2022-2304\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2124"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011659"
},
{
"db": "VULHUB",
"id": "VHN-426193"
},
{
"db": "VULMON",
"id": "CVE-2022-2124"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "169832"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-426193",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426193"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2124",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "169585",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169832",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011659",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1995",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3012",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5872",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169576",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-426193",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426193"
},
{
"db": "VULMON",
"id": "CVE-2022-2124"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011659"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1995"
},
{
"db": "NVD",
"id": "CVE-2022-2124"
}
]
},
"id": "VAR-202206-1427",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426193"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:21:02.510000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=212450"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-2124"
},
{
"title": "Ubuntu Security Notice: USN-5723-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5723-1"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11dbcf77118f7ec64d0ef6c1e3c087e3"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-116",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-116"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2124"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011659"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1995"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "CWE-126",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426193"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011659"
},
{
"db": "NVD",
"id": "CVE-2022-2124"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213443"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213444"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/8e9e056d-f733-4540-98b6-414bf36e0b42"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/43"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/45"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/2f074f4685897ab7212e25931eeeb0212292829f"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/u743fmjgfq35gbpcq6owmvzejpdfvewm/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gfd2a4ylbr7oirhtl7ck6ynmeiq264cn/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gfd2a4ylbr7oirhtl7ck6ynmeiq264cn/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/u743fmjgfq35gbpcq6owmvzejpdfvewm/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/8e9e056d-f733-4540-98b6-414bf36e0b42/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-2124"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2124/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169585/apple-security-advisory-2022-10-27-9.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169832/ubuntu-security-notice-usn-5723-1.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-out-of-bounds-memory-reading-via-current-quote-38628"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5872"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3012"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5723-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32881"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213443."
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213444."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426193"
},
{
"db": "VULMON",
"id": "CVE-2022-2124"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011659"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1995"
},
{
"db": "NVD",
"id": "CVE-2022-2124"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426193"
},
{
"db": "VULMON",
"id": "CVE-2022-2124"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011659"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1995"
},
{
"db": "NVD",
"id": "CVE-2022-2124"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-19T00:00:00",
"db": "VULHUB",
"id": "VHN-426193"
},
{
"date": "2022-06-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2124"
},
{
"date": "2023-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011659"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-10-31T14:50:18",
"db": "PACKETSTORM",
"id": "169585"
},
{
"date": "2022-10-31T14:42:57",
"db": "PACKETSTORM",
"id": "169576"
},
{
"date": "2022-11-15T16:38:43",
"db": "PACKETSTORM",
"id": "169832"
},
{
"date": "2022-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1995"
},
{
"date": "2022-06-19T10:15:09.210000",
"db": "NVD",
"id": "CVE-2022-2124"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-426193"
},
{
"date": "2022-10-31T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2124"
},
{
"date": "2023-08-23T07:53:00",
"db": "JVNDB",
"id": "JVNDB-2022-011659"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1995"
},
{
"date": "2024-11-21T07:00:21.690000",
"db": "NVD",
"id": "CVE-2022-2124"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1995"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011659"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1995"
}
],
"trust": 0.6
}
}
var-202204-0693
Vulnerability from variot
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri < v1.13.4 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri >= 1.13.4. There are no known workarounds for this issue. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202208-29
https://security.gentoo.org/
Severity: Low Title: Nokogiri: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #846623, #837902, #762685 ID: 202208-29
Synopsis
Multiple vulnerabilities have been discovered in Nokogiri, the worst of which could result in denial of service.
Background
Nokogiri is an HTML, XML, SAX, and Reader parser.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-ruby/nokogiri < 1.13.6 >= 1.13.6
Description
Multiple vulnerabilities have been discovered in Nokogiri. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Resolution
All Nokogiri users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">\xdev-ruby/nokogiri-1.13.6"
References
[ 1 ] CVE-2020-26247 https://nvd.nist.gov/vuln/detail/CVE-2020-26247 [ 2 ] CVE-2022-24836 https://nvd.nist.gov/vuln/detail/CVE-2022-24836 [ 3 ] CVE-2022-29181 https://nvd.nist.gov/vuln/detail/CVE-2022-29181
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-29
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Satellite 6.12 Release Advisory ID: RHSA-2022:8506-01 Product: Red Hat Satellite 6 Advisory URL: https://access.redhat.com/errata/RHSA-2022:8506 Issue date: 2022-11-16 CVE Names: CVE-2021-37136 CVE-2021-37137 CVE-2022-22818 CVE-2022-24836 CVE-2022-25648 CVE-2022-29970 CVE-2022-32209 CVE-2022-34265 ==================================================================== 1. Summary:
An update is now available for Red Hat Satellite 6.12. The release contains a new version of Satellite and important security fixes for various components. Relevant releases/architectures:
Red Hat Satellite 6.12 for RHEL 8 - noarch, x86_64
- Description:
Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.
Security Fix(es): * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) * python3-django: Possible XSS via template tag (CVE-2022-22818) * tfm-rubygem-nokogiri: ReDoS in HTML encoding detection (CVE-2022-24836) * tfm-rubygem-sinatra: Path traversal possible outside of public_dir when serving static files (CVE-2022-29970) * tfm-rubygem-git: Package vulnerable to Command Injection via git argument injection (CVE-2022-25648) * rubygem-rails-html-sanitizer: Possible XSS with certain configurations (CVE-2022-32209) * python3-django: Potential SQL injection via Trunc and Extract arguments (CVE-2022-34265)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document. Solution:
For Red Hat Satellite 6.12, see the following documentation for the release. https://access.redhat.com/documentation/en-us/red_hat_satellite/6.12
The important instructions on how to upgrade are available below. https://access.redhat.com/documentation/en-us/red_hat_satellite/6.12/html/upgrading_and_updating_red_hat_satellite
- Bugs fixed (https://bugzilla.redhat.com/):
1309740 - [RFE] As a user, I want to schedule a job and receive an e-mail summary when it completes
1703496 - Satellite audits cleanup
1732590 - Cannot add filter on same RPM name with different architectures
1775813 - A publish content view displays (Invalid Date) for the date and time of when the content view was published.
1829468 - [RFE] Be able to retrieve the software vendor package from the installed package
1830968 - [RFE] API should return simple results to understand if the repositories for hosts are enabled or not.
1834897 - [RFE] Remove the configuration 'env=Library' created by the virt-who configuration plugin in the Satellite WebUI
1850393 - [RFE] REX Pull Provider
1868175 - Red Hat Satellite should notify about published content view while removing Lifecycle environment
1868323 - "Confirm services restart" modal window grammatically does not respect that multiple systems are selected for a reboot
1870816 - Deploy script breaks when the password of hypervisor contains single quotes
1879811 - [ALL_LANG] [SAT_6.8 | 6.9 | 6.10|6.11 ] Web elements are not localized (Available Button, ON/OFF Switch Button)
1884148 - description of filter_host_parents does not match virt-who-config
1892218 - Multi-page listing when adding repositories to Content Views confuses the number of repositories to add
1892752 - Scheduled job "Create RSS notifications" does not use proxy
1894033 - [RFE] Add SSH User field to Advanced Fields in Job Invocation of SSH Command - remote_execution_ssh_user per Remote Execution task
1908841 - Capsule certs regeneration fails with an error if the organization has a ' in the name
1912941 - Verbose log outputs for Ansible jobs are reported to all Hosts present on the Job.
1925165 - [RFE] Unordered RPMs in repodata decrease compression efficiency
1930577 - when running ReX via SSH on 2242 hosts, got "Timed out reading data from server"
1931532 - When running remote execution from Satellite to an RHEL 8 with tlog enabled it fails.
1931665 - Need clearer error message when manifest is no longer valid when syncing inventory
1934210 - Bad HTTP method requests filling up /var/log/messages with stack traces
1938092 - [RFE] Insights recommendations should have url links for related knowledgebase article and c.r.c.
1940396 - [RFE] Introduction of GUI based option to be able to bulk select and remove Content View versions in Red Hat Satellite 6
1951542 - Insights Table doesnt translate the pagination strings
1952939 - [RFE] Support for Satellite Tools version-1 repository is version.
1959136 - Backtick in password causes failure during deployment of virt-who config.
1962253 - Global registration succeeded but throwing error messages when auto-attach is true
1964080 - [BUG] The != and ~ search params does not work with os_minor parameter in Satellite 6.9
1970132 - [BUG] Invalid choice for template_kind listed for os_default_template module
1970623 - [BUG] Error Can't join 'Katello::ContentFacetRepository' to association named 'hostgroup' when clicking on "Errata Installation" inside a host_collection as a non-admin user
1971747 - "Registered Content Hosts" Report is Showing the Wrong Available Kernel Version for RHEL 7.7 Client
1973329 - Provide upstream repository name value to allow a name change on the repository to not break Satellite if an enabled repository's name gets changed
1974180 - Default user input value is not set for job invocation
1981444 - "Subscription - Entitlement Report" does not show correct number of subscriptions attached/consumed
1982698 - Ansible playbook execution crash for Hosts: localhost
1982745 - Reprovisioning a host using new HostGroup does not inherit root password from the new HostGroup
1984400 - Capsule upgrade/install fails due to proxy configuration in 'HTTP(S) proxy' in settings
1989631 - Ruby warning: URI.escape is obsolete after the host is provisioned
1990119 - Documentation bug for the compute_resource module
1991557 - Many Postgres ERRORs (duplicate key) especially on RedHat repo sync
1994877 - [RFE] Example is missing in "Install packages" option in the Advanced Tab of "Register Host" form.
1994945 - hammer cannot use the cluster name or id as valid input when clusters are residing inside folders and fails with error Fog::Vsphere::Compute::NotFound error
1998477 - Add Simple content access status API to check whether SCA is enabled or disabled in Satellite
2000613 - The login page exposes version of the satellite
2001517 - [RFE] Allow "on_demand" download policy for repositories of content_type docker
2001552 - Host facts are not uploaded to satellite when content host is registered with Satellite using global registration form.
2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data
2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way
2006974 - [ALL_LANG] [SAT_6.10 | 6.11] 'No matches found' text is untranslated in search bar
2007117 - [ ALL_LANG] [SAT_6.10 | 6.11] 'Filter' string from switcher section search box is not marked as translatable string
2011312 - Misspelled word in tooltip "Toggel" instead of "Toggle"
2013611 - Hammer compute-profile create missing 'boot_order' from 'compute-attributes'
2015062 - Scap Content Page redirects to Satellite documentation instead of Scap Content
2015757 - 'Mail enabled' setting cannot be switched with the hammer user command.
2016924 - The value set by 'hammer activation-key content-override'command cannot be confirmed by 'hammer activation-key info' command.
2022065 - ansible modules don't work correctly when a HTTP?HTTPS redirect occurs
2022649 - Hammer unable to send correct value for for Job Templates in order to update ALL packages.
2024175 - [RFE] Include Tower extra vars feature when calling the API callback
2024576 - Extra audit record created on Organization create action
2024968 - [RFE] Expose parameter trusted_proxies on satellite-installer
2025892 - [RFE] Allow configuring cockpit with multiple origins through satellite-installer
2025926 - [RFE] Identify host Build Token using hammer
2027947 - HypervisorHeartbeatUpdateJob is taking long time to process and updates wrong consumer records
2028112 - Ansible roles are failed with exit status 0 but the job is showing status success and the task is also showing result success.
2033321 - Manifest refresh fails on Candlepin: One or more pools was left in an undefined state
2033381 - Remove the space at the end of foreman-proxy-certs-generate printed installer cmd
2035287 - The online backup attempt still shows a warning about mongodb when executed in Satellite 6.10
2036151 - Can't assign different networks on 2+ NICs with vNIC profiles selected
2038989 - [RFE] Satellite Security Concerns for Apache
2043126 - Non-enabled repository types make it into the apipie help-text
2043242 - [RFE] make worker show what task they are currently running
2048547 - When using async_ssh true and for some reason the script retrieve.sh fails to, the task remain stuck
2048775 - CVE-2022-22818 django: Possible XSS via '{% debug %}' template tag
2049595 - missing information about puppet attributes in API/CLI
2051648 - [RFE] Better Detail When Job Fails Due To SSH Problem
2051891 - vCPUs in RHV getting reset to one vCPU after editing a host in Satellite
2052076 - foreman-proxy does not log permissions errors when trying to read ssl_ca.pem
2053842 - The "Serve via HTTP" and "Verify SSL" options in Repo Discovery page does not functions at all in Satellite 7.0
2054011 - Submit button on Edit page of a host will revert back to a invalid page on Satellite
2054042 - [RFE] Logs in dynflow console needs more descriptive when SSH REX job fails on Satellite 7.
2054786 - {"publication":["Invalid hyperlink - Object does not exist."]} error when syncing a repository
2054969 - Navigation switch between multiple capsules don't work as expected
2055391 - After upgrade products with repositories that had Ignorable Content = drpm can no longer be modified
2055416 - redhat.satellite.content_upload ansible module with unexpected src parameter behavior
2055979 - [RFE] - use native Ansible module for Install from git job template
2056188 - The redesigned Host page in Satellite does not offers any option to invoke/schedule a remote execution job for a client system
2056702 - Import library with overlapping content can fail with unique-constraint violation
2058037 - UEFI: Grub network boot templates need to be updated
2059179 - job template selector missing id in the new rex wizard
2060651 - Cannot upload a package to a repository if the same package already exists in another repository, but is not downloaded
2062800 - OpenSCAP is using the removed puppetrun setting
2064979 - Clients can't subscribe to or enable Red Hat repositories after renewing subscriptions
2068454 - repositories/import_uploads API endpoint do require two mandatory parameters
2069306 - [RFE] Need syncable yum-format repository exports
2069440 - [RFE] new host ui details, upgrades to host status
2069634 - new host ui details, unable to read the host from different taxonomies when logged in
2070001 - Space reclaiming fails on a blank Satellite
2070535 - Content View publish fails with error PG::CardinalityViolation: ERROR: ON CONFLICT DO UPDATE command cannot affect row a second time.
2070732 - Use more accurate messaging when host statuses are cleared
2070972 - Sentence case fixes needed in the new Host page
2072696 - Creating ESX compute resource on vcenter 7.x fails with InvalidArgument: A specified parameter was not correct: deviceChange[1].device.key
2073305 - installer spams with katello-certs-check output when using custom certs
2074346 - CVE-2022-24836 nokogiri: ReDoS in HTML encoding detection
2075056 - new host ui details, repository sets, search auto-complete is missing
2076843 - CVE-2022-25648 ruby-git: package vulnerable to Command Injection via git argument injection
2077811 - new host ui, content, errata subtab, when N/A is chosen as severity filter erratas results are empty
2077822 - new host ui details, add button to navigate to old content UI
2077824 - [RFE] API to allow search by object ID on any object
2080324 - Satellite incorrectly reports email test success
2080423 - Docker pull fails with 'missing or empty Content-Length header'
2081096 - CVE-2022-29970 sinatra: path traversal possible outside of public_dir when serving static files
2084130 - CertificateCleanupJob fails with foreign key constraint violation on table cp_upstream_consumer
2085490 - Discovery and bootdisk templates don't get description populated from metadata
2088303 - Webhook raises "certificate verify failed" error even the target host is trusted by the system SSL CA bundle
2089445 - The About page under Administer still refers to IRC channel at Freenode
2089828 - default Organization and location not set for AD users
2091044 - new host ui details,ansible roles, submitting form without any roles should show warning
2092039 - Content import fails if repo labels differ and repo is already imported
2093884 - Every CV Publish+Promote action followed by an automated Capsule sync task generates a huge traceback "(ActiveRecord::RecordNotFound): Couldn't find ForemanTasks::Task::DynflowTask" in Satellite 6.11
2094019 - Missing LCE and CV label in CLI CDN configuration
2095187 - Fail to create virtwho config on nutanix env for error "Invalid option for hypervisor [ahv]"
2095820 - All errata are applied when user only selects certain errata
2096429 - Global Registration will fail if use a different language
2098240 - [RFE] Add 'System purpose' card to new host details / Overview tab
2099620 - Starting or Restarting foreman.socket will raise a harmless "TCP_NODELAY failed: Operation not supported" error in Red Hat Satellite 6.9/6.10/6.11
2100578 - satellite-clone should enable the Satellite module
2100887 - Repository sets and Errata tabs do not show toggle group when host is in Library environment but non-default content view
2101579 - Retain packages on Repository removes RPMs from Pulp but not from Katello
2101882 - CVE-2022-32209 rubygem-rails-html-sanitizer: possible xss with certain configurations
2101986 - Getting "NoPermission: Permission to perform this operation was denied." when edit host or compute profile
2102145 - 'Satellite-maintain backup online' states info about Mongo in the warning message
2102456 - [RFE] - Add static ouia-id to modal with wizard for publishing a cv
2102825 - satellite-clone fails to adjust ownership of /var/lib/pulp if it's owned by non-existing user/group
2102867 - Post upgrade to satellite 6.10, sync summary email notification shows the incorrect summary for newly added errata.
2102896 - CVE-2022-34265 python-django: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments
2103096 - After syncing a repository, it doesn't sync to the capsule automatically.
2103099 - satellite-clone fails to restore online backup on RHEL8
2103102 - MemoryError when importing large repo to disconnected Satellite
2103106 - Attempt to disable a Red Hat Repository fails with error "Cannot delete record because of dependent library_instances_inverse" if the repository is part of any CV versions in Satellite 6.10
2103110 - undefined method find' for nil:NilClass when importing content that has gpg_keys associated to it
2103129 - RHEL 9 appstream and baseos not showing as recommended repositories
2103522 - Capsule sync fails with "Parsing interrupted: The repository metadata being synced into Pulp is erroneous in a way that makes it ambiguous (duplicate NEVRAs).."
2104401 - Improve speed of manifest refresh by running RefreshIfNeeded steps concurrently
2104498 - Unable to sync jfrog artifactory-pro-rpms repository
2105048 - Error 'modulemd-yaml-error-quark' while synchronizing fedora modular repository on Satellite 6.10.
2105107 - Data issue for users on RHEL7 syncing EL8+ EPEL or Fedora Modular repositories
2105144 - Scheduling a remote execution job through API calls are using UTC instead of timezone
2105299 - Email notification shows incorrect new errata after syncing an Epel repository
2105941 - After 6.10 to 6.11 upgrade on FIPS setup, repository sync operations fail with an error "[digital envelope routines: EVP_DigestInit_ex] disabled for fips"
2106000 - Manifest Refresh should ensure environment-content association
2106090 - Running smart-proxy-openscap-send command returns "Gemfile lists the gem rsec (< 1) more than once" on Satellite 6.10.
2106091 - Exclude filter may exclude errata and packages that are needed
2106092 - Manifest refresh randomly fails with "No such file or directory" when having multile dynflow workers
2106093 - Simplify self-upgrade mechanism
2106333 - Add Satellite and Capsule 6.12 upgrade scenarios
2106659 - Inconsistent packages versioning
2106691 - Satellite 6.12 still defaults to the legacy host UI
2106700 - Invocations fail with NoMethodError - undefined methodcode' if capsule loses script feature without satellite noticing
2106885 - Upgrade to Satellite 6.11 fails in db:seed state with error "ActiveRecord::RecordInvalid: Validation failed: Name has already been taken"
2107252 - Last item in Webhooks table is overflowing
2107572 - packaging request for pull provider dependencies
2107577 - execution of roles with missing modules doesn't fail the execution
2107701 - [Pulp 3] If a modulemd metadata artifact is missing from the filesystem but has an artifact_id associated with it in database, "Verify Content Checksum" cannot fix this problem
2108169 - foreman-maintain self-upgrade enables RH repos when custom repo mentioned with --maintenance-repo-label for RHEL8
2108611 - Broken link when accessing the Registration Doc from the Satellite register hosts screen
2108637 - Remote execution fails for SSH Default when Remote Execution configured for Kerberos Authentication
2108719 - Upgrading to Satellite 6.11 fails on db:migrate stage with error "null value in column "created_at" violates not-null constraint"
2109254 - Remove orphans task going to the paused state with error "Cannot delete some instances of model 'Repository' because they are referenced through protected foreign keys" on Red Hat Satellite 6.11
2109260 - When using immediate downloads and retain_package_versions=X, all packages are downloaded and many are immediately orphaned
2109298 - ModuleStreamErratumPackages aren't indexed at first repository syncing
2109421 - Sendmail package not present on RHEL8 and needs manual configuration
2109594 - After upgrading to Satellite 6.11 , foreman log is flooded with huge tracebacks related to "unknown class DockerRegistry, ignoring" and "unknown class Container, ignoring"
2109606 - Not able to enable repositories when FIPS is enabled.
2109810 - Search for string in n-v-r.a format fails for custom packages but not for Red Hat packages
2110003 - smart-proxy consumes 100% cpu after connecting to WebConsole with krb5 auth on RHEL8
2110163 - Generate All Reports Job Fails After Upgrade to 6.11 with Missing Logger Method
2110222 - Insights client traffic through a Satellite 6.11 Capsule fails
2110731 - [ BUG ] Sync errata email notification is not workng in Satellite 6.11 whereas "Test Email" functions fine
2110872 - Moving between tabs generates "undefined method parent_task' for nil:NilClass"
2111038 - new host ui details,ansible roles, bug when all ansible roles are assigned
2111074 - After LEAPP upgrade katello_candlepin_port_t definition is missing
2111222 - Need a static ouia-id for the close button on the Confirmation Modal
2111373 - new host ui details, edit ansible roles, when assigned, wait and not confirmed, role is unassigned automatically
2111469 - Single host contains too many NICs
2111570 - AVC denials noticed for gunicorn process after upgrading the Satellite 6.11 OS from RHEL 7 to RHEL 8 using leapp
2111571 - Multiples of every module stream show in the web UI
2111578 - Rebooting Sat611 on RHEL8 removes all pulp logs
2111921 - [New Host UI] Ansible tab only shows "view all assigned roles" when at least one host specific role has been added
2112015 - After deploying custom certs on Satellite, signed by a new CA, capsule can't fetch on-demand content
2112093 - GUI shows "Capsule Authorization" disabled even if it was enabled during the creation of the webhook in Satellite 6.10
2112098 - Need to be able to provide custom cert for ISS for Red Hat CDN
2112436 - After initial build of a UEFI VM using Red Hat Satellite, the system fails to boot up with error "Partition with known EFI file not found" when VM Hardware version is 17 or above
2112979 - Don't ship foreman-proxy-selinux in capsule repos
2113013 - documentation button on capsule page goes to a broken link
2113905 - [RHSSO] [Installer][RHEL8]- RHSSO feature settings are not getting enabled and failed with HTTPD CONF issue .
2113946 - Mirroring complete ansible galaxy fails with the following message: 'NoneType' object has no attribute 'get'
2113996 - Search for non-integer job id will result in error page
2115229 - pull-provider rex jobs occassionally hanging
2115686 - [RFE] Provide a functionality in Satellite to import pre-existing Ansible playbooks into Job Templates
2115767 - Unable to apply all Errata via Remote Execution on Web UI with "Select All"
2115775 - hammer command not working for non-root user post upgrading satellite to version 6.11
2115822 - New host details UI does not work at all
2115832 - Running "satellite-maintain self-upgrade" on a Satellite\Capsule 6.11.1.1 fails with error "Error: 'satellite-maintenance-6.11.2-for-rhel-8-x86_64-rpms' does not match a valid repository ID"
2116123 - Even though the CreateRssNotifications job gets completed, It fails to fetch RSS with error '(NameError): uninitialized constant Foreman::HttpProxy::NetHttpExt' in Satellite 6.12
2116276 - Hammmer task progress command returns Error: undefined methodempty?' for nil:NilClass
2116385 - [RFE] Add deprecation warning/banner on Compute Resources page about deprecation of RHEV support
2116871 - Package "python3-pulp_manifest" is not available in Satellite Utils repository
2117382 - Only first certificate from a content credential is considered by katello when updating CDN configuration to use Network Sync
2117489 - not all dependencies are allowed by foreman-protector
2117522 - satellite-upgrade to 6.12 fails in packages-update step to resolve python dependencies
2118055 - When installing errata via katello-agent, content_action_finish_timeout is ignored and tasks don't wait for client status to finish
2118252 - dnf can't load foreman-protector.py as a regular user
2118356 - katello-pull-transport-migrate missing in RHEL9 Client repos
2118431 - Incremental export on repository exports not working correctly after syncably exporting repository
2118689 - Boding interface bondig slaves are always changed to lower case
2118694 - Upgrade fails during db:migrate with PG::ForeignKeyViolation: ERROR: ERROR: update or delete on table "katello_module_profiles" violates foreign key constraint "katello_mod_profile_rpm_mod_profile_id_fk" on table "katello_module_profile_rpms"
2118772 - Satellite upgrade to 6.12 fails during db:migrate with PG::UndefinedColumn: ERROR: column "created_at" of relation "taxable_taxonomies" does not exist
2118790 - Convert2rhel playbook tries to install RHEL8 convert2rhel package
2118950 - Unable to configure cloud connector on Satellite 6.12.0
2118966 - [Pulp3] When working with docker type repos, syslogs is flooded with warnings "The model defines the 'ACCESS_POLICY_VIEWSET_NAME' class attribute" in Satellite 6.12
2119112 - subpaths field is mandatory while creating ACS in the UI
2119117 - ACS create fails when --smart-proxy-ids option not passed with "undefined method `uniq' for nil:NilClass"
2119120 - ACS create fails when same name used with "PG::UniqueViolation: ERROR: duplicate key value violates unique constraint"
2119124 - ACS create form displays capsule names without spaces on review details page in UI
2119190 - ACS create wizard: select capsule step says "Name source"
2119234 - Timezone/timestamp issue with Ansible configuration management reports run via Capsule servers
2119688 - running ansible default roles in Satellite 6.11.1.1 shows an error page
2120148 - Remove spinner from Packages & Module streams tabs during REX job polling
2120224 - Host collections card shows empty card without any text when no host collections are present
2120299 - 'This host has errata that are applicable, but not installable' message incorrectly appears
2120327 - Discovery Organization setting is shown as Discovery Location setting
2120414 - Show arch restrictions on Repository Sets tab (new host details)
2120579 - remote execution interface missing in global registration dialog
2120632 - After Upgrading LEAPPed Satellite to 6.12 pulp is not connected to redis
2120715 - Satellite 6.11 GUI documentation URL takes to a non existing URL with 404
2120992 - Running satellite-clone on SAT6.12 fails beacuse it's not supported
2121238 - Importing a custom repository with different label but same name causes validation error
2121249 - Syncable Exports have spaces in the exported paths
2121583 - Sync of an Ansible collection repo to the Capsule fails
2121689 - foreman-maintain still enables ansible-2.9-for-rhel-8-x86_64-rpms repository for running an update to 6.11.z when no packages are installed from that repository
2121738 - host details jobs - change from list to table
2121739 - host details audits, change from list to table
2121954 - When searching for content, dropdown filters are literal search terms.
2122090 - Syncable exports not properly validated
2122214 - katello-certs-check propose not valid command for capsule
2122764 - Indexing error if a collection to be synced from galaxy doesn't have tags associated.
2122780 - Pub url is not accessible on the Satellite nor Capsule server
2122945 - Satellite manifest upload/import error: Unexpected exception occurred while executing transactional block
2123352 - Updating katello-ca package does not update certs in yggdrasild service for REX pull mode client
2123405 - [RFE] - Add rhel-6-server-els-rpms repository under recommended repositories
2124047 - Accessing an external capsule from UI, shows "Last sync failed: 404 Not Found" even if the last capsule content sync was successful in Satellite 6.12
2124051 - Ansible-type REX jobs are still delegated by satellite 6.12 to be executed via an external Capsule 6.12 even if the ansible feature is not enabled on the same
2124087 - The "Change Content Source" option does not provides steps to change the yggdrasil configuration in case putt-mqtt mode is use in Satellite 6.12
2124271 - After installing katello-agent on a RHEL 9 host, Goferd service fails to start with error AttributeError: 'Scheduler' object has no attribute 'isAlive'
2124568 - 'candlepin-validate-db' pre-upgrade check fails with "Could not open SSL root certificate file /root/.postgresql/root.crt" error for external DB setup with SSL
2124663 - Host details statuses clear button is always disabled
2124850 - failure to enable async-ssh rex mode with Couldn't enable 'script'
2124851 - Post upgrade to 6.11.z, DHCP error with wrong number of arguments for validate_supported_address
2124928 - Webhooks page in UI is broken
2125022 - Content View Versions generated by Export are still listed in Composite CVs page
2125244 - Sync of a docker type repository containing schema 1 manifest fails with error
2125317 - Fix details tab cards Expand/collapse all behavior
2125585 - Satellite can not be installed on RHEL 8.7
2125669 - Navigating to content view page from the left panel after creating a cv does not work
2127099 - Unsupported Installer report plugin exist in the downstream Satellite 6.12
2127318 - ACS create wizard: review details step displays password in plaintext when manual auth is selected
2127934 - rex pull-provider client not configured during host provisioning
2127940 - save_to_file macro does not work if the thing being saved contains a heredoc terminated with EOF
2128209 - ssh-async rex job fails with OpenSSL::SSL::SSLError
2128422 - Repository Sets on new Hosts details produces error page
2129002 - ACS create wizard: select capsule shows duplicate entries in dual-list selector widget
2131729 - Repository sets does not work on new host details page
2133468 - Upgrade fails to apply rpm.0044_noartifact_modules pulpcore migration
2139368 - can't save discovery settings on an upgraded Satellite 6.12
2139369 - can't save bootdisk settings on an upgraded Satellite 6.12
2139371 - can't save RH Cloud settings on an upgraded Satellite 6.12
- Package List:
Red Hat Satellite 6.12 for RHEL 8:
Source: ansible-collection-redhat-satellite-3.7.0-2.el8sat.src.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.src.rpm ansible-lint-5.0.8-4.el8pc.src.rpm ansible-runner-1.4.7-1.el8ar.src.rpm ansiblerole-foreman_scap_client-0.2.0-2.el8sat.src.rpm ansiblerole-insights-client-1.7.1-2.el8sat.src.rpm candlepin-4.1.15-1.el8sat.src.rpm cjson-1.7.14-5.el8sat.src.rpm createrepo_c-0.20.1-1.el8pc.src.rpm dynflow-utils-1.6.3-1.el8sat.src.rpm foreman-3.3.0.17-1.el8sat.src.rpm foreman-bootloaders-redhat-202102220000-1.el8sat.src.rpm foreman-discovery-image-3.8.2-1.el8sat.src.rpm foreman-discovery-image-service-1.0.0-4.1.el8sat.src.rpm foreman-installer-3.3.0.8-1.el8sat.src.rpm foreman-proxy-3.3.0-1.el8sat.src.rpm foreman-selinux-3.3.0-2.el8sat.src.rpm katello-4.5.0-1.el8sat.src.rpm katello-certs-tools-2.9.0-1.el8sat.src.rpm katello-client-bootstrap-1.7.9-1.el8sat.src.rpm katello-selinux-4.0.2-2.el8sat.src.rpm libcomps-0.1.18-4.el8pc.src.rpm libdb-5.3.28-42.el8_4.src.rpm libsodium-1.0.17-3.el8sat.src.rpm libsolv-0.7.22-4.el8pc.src.rpm libwebsockets-2.4.2-2.el8.src.rpm mosquitto-2.0.14-1.el8sat.src.rpm postgresql-evr-0.0.2-1.el8sat.src.rpm pulpcore-selinux-1.3.2-1.el8pc.src.rpm puppet-agent-7.12.1-1.el8sat.src.rpm puppet-agent-oauth-0.5.1-3.el8sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el8sat.src.rpm puppetlabs-stdlib-5.2.0-1.el8sat.src.rpm puppetserver-7.4.2-1.el8sat.src.rpm python-aiodns-3.0.0-3.el8pc.src.rpm python-aiofiles-0.8.0-2.el8pc.src.rpm python-aiohttp-3.8.1-3.el8pc.src.rpm python-aiohttp-xmlrpc-1.5.0-2.el8pc.src.rpm python-aioredis-2.0.1-2.el8pc.src.rpm python-aiosignal-1.2.0-2.el8pc.src.rpm python-ansible-builder-1.0.1-4.el8pc.src.rpm python-asgiref-3.5.0-2.el8pc.src.rpm python-async-lru-1.0.2-3.el8pc.src.rpm python-async-timeout-4.0.2-2.el8pc.src.rpm python-asyncio-throttle-1.0.2-3.el8pc.src.rpm python-attrs-21.4.0-2.el8pc.src.rpm python-backoff-1.11.1-2.el8pc.src.rpm python-bindep-2.10.2-4.el8pc.src.rpm python-bleach-3.3.1-2.el8pc.src.rpm python-bleach-allowlist-1.0.3-3.el8pc.src.rpm python-bracex-2.2.1-2.el8pc.src.rpm python-brotli-1.0.9-2.el8pc.src.rpm python-cchardet-2.1.7-4.el8pc.src.rpm python-certifi-2020.6.20-3.el8pc.src.rpm python-cffi-1.15.0-2.el8pc.src.rpm python-chardet-4.0.0-2.el8pc.src.rpm python-charset-normalizer-2.0.11-4.el8pc.src.rpm python-click-8.0.3-2.el8pc.src.rpm python-click-shell-2.1-3.el8pc.src.rpm python-colorama-0.4.4-3.el8pc.src.rpm python-commonmark-0.9.1-5.el8pc.src.rpm python-contextlib2-21.6.0-3.el8pc.src.rpm python-cryptography-3.4.8-1.el8pc.src.rpm python-daemon-2.1.2-9.el8ar.src.rpm python-dataclasses-0.8-3.el8pc.src.rpm python-dateutil-2.8.2-2.el8pc.src.rpm python-debian-0.1.43-2.el8pc.src.rpm python-defusedxml-0.7.1-3.el8pc.src.rpm python-diff-match-patch-20200713-3.el8pc.src.rpm python-distro-1.6.0-3.el8pc.src.rpm python-django-3.2.14-2.el8pc.src.rpm python-django-currentuser-0.5.3-5.el8pc.src.rpm python-django-filter-21.1-3.el8pc.src.rpm python-django-guardian-2.4.0-5.el8pc.src.rpm python-django-guid-3.2.2-1.el8pc.src.rpm python-django-import-export-2.7.1-6.el8pc.src.rpm python-django-lifecycle-0.9.6-3.el8pc.src.rpm python-django-prometheus-2.1.0-3.el8pc.src.rpm python-django-readonly-field-1.1.1-3.el8pc.src.rpm python-djangorestframework-3.13.1-2.el8pc.src.rpm python-djangorestframework-queryfields-1.0.0-5.el8pc.src.rpm python-drf-access-policy-1.1.0-3.el8pc.src.rpm python-drf-nested-routers-0.93.4-3.el8pc.src.rpm python-drf-spectacular-0.21.2-2.el8pc.src.rpm python-dynaconf-3.1.7-4.el8pc.src.rpm python-ecdsa-0.14.1-2.el8pc.src.rpm python-enrich-1.2.6-5.el8pc.src.rpm python-et-xmlfile-1.1.0-2.el8pc.src.rpm python-flake8-3.9.2-5.el8pc.src.rpm python-frozenlist-1.3.0-2.el8pc.src.rpm python-future-0.18.2-5.el8pc.src.rpm python-galaxy-importer-0.4.5-1.el8pc.src.rpm python-gitdb-4.0.9-2.el8pc.src.rpm python-gitpython-3.1.26-3.el8pc.src.rpm python-gnupg-0.4.8-2.el8pc.src.rpm python-gunicorn-20.1.0-5.el8pc.src.rpm python-idna-3.3-2.el8pc.src.rpm python-idna-ssl-1.1.0-5.el8pc.src.rpm python-importlib-metadata-4.10.1-2.el8pc.src.rpm python-importlib-resources-5.4.0-4.el8pc.src.rpm python-inflection-0.5.1-3.el8pc.src.rpm python-iniparse-0.4-35.el8pc.src.rpm python-jinja2-3.0.3-2.el8pc.src.rpm python-jsonschema-4.6.0-4.el8pc.src.rpm python-lockfile-0.11.0-8.el8ar.src.rpm python-lxml-4.7.1-2.el8pc.src.rpm python-markdown-3.3.6-3.el8pc.src.rpm python-markuppy-1.14-3.el8pc.src.rpm python-markupsafe-2.0.1-3.el8pc.src.rpm python-mccabe-0.6.1-3.el8pc.src.rpm python-multidict-6.0.2-2.el8pc.src.rpm python-naya-1.1.1-3.el8pc.src.rpm python-odfpy-1.4.1-6.el8pc.src.rpm python-openpyxl-3.0.9-2.el8pc.src.rpm python-packaging-21.3-1.el8pc.src.rpm python-parsley-1.3-2.el8pc.src.rpm python-pbr-5.8.0-4.el8pc.src.rpm python-pexpect-4.6-2.el8ar.src.rpm python-productmd-1.33-3.el8pc.src.rpm python-prometheus-client-0.8.0-3.el8pc.src.rpm python-psutil-5.7.2-2.el8sat.src.rpm python-psycopg2-2.9.3-2.el8pc.src.rpm python-pulp-ansible-0.13.2-2.el8pc.src.rpm python-pulp-certguard-1.5.2-3.el8pc.src.rpm python-pulp-cli-0.14.0-4.el8pc.src.rpm python-pulp-container-2.10.9-1.el8pc.src.rpm python-pulp-deb-2.18.0-3.el8pc.src.rpm python-pulp-file-1.10.2-2.el8pc.src.rpm python-pulp-rpm-3.18.7-1.el8pc.src.rpm python-pulp_manifest-3.0.0-3.el8pc.src.rpm python-pulpcore-3.18.10-1.el8pc.src.rpm python-pyOpenSSL-19.1.0-3.el8pc.src.rpm python-pycairo-1.20.1-3.el8pc.src.rpm python-pycares-4.1.2-2.el8pc.src.rpm python-pycodestyle-2.7.0-5.el8pc.src.rpm python-pycparser-2.21-2.el8pc.src.rpm python-pycryptodomex-3.14.1-2.el8pc.src.rpm python-pyflakes-2.3.1-5.el8pc.src.rpm python-pygments-2.11.2-2.el8pc.src.rpm python-pygobject-3.40.1-3.el8pc.src.rpm python-pygtrie-2.4.2-3.el8pc.src.rpm python-pyjwkest-1.4.2-6.el8pc.src.rpm python-pyjwt-1.7.1-8.el8pc.src.rpm python-pyparsing-2.4.7-3.el8pc.src.rpm python-pyrsistent-0.18.1-2.el8pc.src.rpm python-pytz-2021.3-2.el8pc.src.rpm python-pyyaml-5.4.1-4.el8pc.src.rpm python-qpid-1.37.0-1.el8.src.rpm python-redis-3.5.3-3.el8pc.src.rpm python-requests-2.27.1-2.el8pc.src.rpm python-requirements-parser-0.2.0-3.el8pc.src.rpm python-rhsm-1.19.2-3.el8pc.src.rpm python-rich-10.12.0-3.el8pc.src.rpm python-ruamel-yaml-0.17.20-2.el8pc.src.rpm python-ruamel-yaml-clib-0.2.6-2.el8pc.src.rpm python-schema-0.7.5-2.el8pc.src.rpm python-semantic-version-2.10.0-1.el8pc.src.rpm python-six-1.16.0-2.el8pc.src.rpm python-smmap-5.0.0-2.el8pc.src.rpm python-sqlparse-0.4.2-3.el8pc.src.rpm python-tablib-3.2.0-3.el8pc.src.rpm python-tenacity-7.0.0-3.el8pc.src.rpm python-toml-0.10.2-3.el8pc.src.rpm python-typing-extensions-3.10.0.2-2.el8pc.src.rpm python-uritemplate-4.1.1-2.el8pc.src.rpm python-url-normalize-1.4.3-4.el8pc.src.rpm python-urllib3-1.26.8-2.el8pc.src.rpm python-urlman-1.4.0-3.el8pc.src.rpm python-wcmatch-8.3-2.el8pc.src.rpm python-webencodings-0.5.1-3.el8pc.src.rpm python-whitenoise-6.0.0-1.el8pc.src.rpm python-xlrd-2.0.1-5.el8pc.src.rpm python-xlwt-1.3.0-3.el8pc.src.rpm python-yarl-1.7.2-2.el8pc.src.rpm python-zipp-3.4.0-4.el8pc.src.rpm qpid-cpp-1.39.0-7.el8amq.src.rpm qpid-dispatch-1.14.0-6.el8.src.rpm qpid-proton-0.33.0-4.el8.src.rpm redhat-access-insights-puppet-1.0.1-1.el8sat.src.rpm rubygem-actioncable-6.0.4.7-1.el8sat.src.rpm rubygem-actionmailbox-6.0.4.7-1.el8sat.src.rpm rubygem-actionmailer-6.0.4.7-1.el8sat.src.rpm rubygem-actionpack-6.0.4.7-1.el8sat.src.rpm rubygem-actiontext-6.0.4.7-1.el8sat.src.rpm rubygem-actionview-6.0.4.7-1.el8sat.src.rpm rubygem-activejob-6.0.4.7-1.el8sat.src.rpm rubygem-activemodel-6.0.4.7-1.el8sat.src.rpm rubygem-activerecord-6.0.4.7-1.el8sat.src.rpm rubygem-activerecord-import-1.1.0-1.el8sat.src.rpm rubygem-activerecord-session_store-2.0.0-1.el8sat.src.rpm rubygem-activestorage-6.0.4.7-1.el8sat.src.rpm rubygem-activesupport-6.0.4.7-1.el8sat.src.rpm rubygem-acts_as_list-1.0.3-2.el8sat.src.rpm rubygem-addressable-2.8.0-1.el8sat.src.rpm rubygem-algebrick-0.7.3-8.el8sat.src.rpm rubygem-amazing_print-1.1.0-2.el8sat.src.rpm rubygem-ancestry-3.0.7-2.el8sat.src.rpm rubygem-anemone-0.7.2-23.el8sat.src.rpm rubygem-angular-rails-templates-1.1.0-2.el8sat.src.rpm rubygem-ansi-1.5.0-3.el8sat.src.rpm rubygem-apipie-bindings-0.5.0-1.el8sat.src.rpm rubygem-apipie-dsl-2.4.0-1.el8sat.src.rpm rubygem-apipie-params-0.0.5-5.1.el8sat.src.rpm rubygem-apipie-rails-0.5.17-4.el8sat.src.rpm rubygem-audited-4.9.0-4.el8sat.src.rpm rubygem-azure_mgmt_compute-0.22.0-1.el8sat.src.rpm rubygem-azure_mgmt_network-0.26.1-2.el8sat.src.rpm rubygem-azure_mgmt_resources-0.18.2-1.el8sat.src.rpm rubygem-azure_mgmt_storage-0.23.0-1.el8sat.src.rpm rubygem-azure_mgmt_subscriptions-0.18.5-1.el8sat.src.rpm rubygem-bcrypt-3.1.12-4.1.el8sat.src.rpm rubygem-builder-3.2.4-2.el8sat.src.rpm rubygem-bundler_ext-0.4.1-6.el8sat.src.rpm rubygem-clamp-1.1.2-7.el8sat.src.rpm rubygem-coffee-rails-5.0.0-2.el8sat.src.rpm rubygem-coffee-script-2.4.1-5.el8sat.src.rpm rubygem-coffee-script-source-1.12.2-5.el8sat.src.rpm rubygem-colorize-0.8.1-2.el8sat.src.rpm rubygem-concurrent-ruby-1.1.6-3.el8sat.src.rpm rubygem-concurrent-ruby-edge-0.6.0-3.el8sat.src.rpm rubygem-connection_pool-2.2.2-3.el8sat.src.rpm rubygem-crass-1.0.6-2.el8sat.src.rpm rubygem-css_parser-1.4.7-5.el8sat.src.rpm rubygem-daemons-1.2.3-7.1.el8sat.src.rpm rubygem-deacon-1.0.0-5.el8sat.src.rpm rubygem-declarative-0.0.10-3.el8sat.src.rpm rubygem-declarative-option-0.1.0-3.el8sat.src.rpm rubygem-deep_cloneable-3.0.0-4.el8sat.src.rpm rubygem-deface-1.5.3-3.el8sat.src.rpm rubygem-diffy-3.0.1-6.1.el8sat.src.rpm rubygem-domain_name-0.5.20160310-5.el8sat.src.rpm rubygem-dynflow-1.6.4-1.el8sat.src.rpm rubygem-erubi-1.9.0-2.el8sat.src.rpm rubygem-excon-0.76.0-2.el8sat.src.rpm rubygem-execjs-2.7.0-5.el8sat.src.rpm rubygem-facter-4.0.51-2.el8sat.src.rpm rubygem-faraday-0.17.3-2.el8sat.src.rpm rubygem-faraday-cookie_jar-0.0.6-2.el8sat.src.rpm rubygem-faraday_middleware-0.13.1-3.el8sat.src.rpm rubygem-fast_gettext-1.4.1-5.el8sat.src.rpm rubygem-ffi-1.12.2-2.1.el8sat.src.rpm rubygem-fog-aws-3.6.5-2.el8sat.src.rpm rubygem-fog-core-2.1.0-4.el8sat.src.rpm rubygem-fog-google-1.11.0-2.el8sat.src.rpm rubygem-fog-json-1.2.0-4.el8sat.src.rpm rubygem-fog-kubevirt-1.3.3-2.el8sat.src.rpm rubygem-fog-libvirt-0.9.0-1.el8sat.src.rpm rubygem-fog-openstack-1.0.8-4.el8sat.src.rpm rubygem-fog-ovirt-2.0.2-1.el8sat.src.rpm rubygem-fog-vsphere-3.5.2-1.el8sat.src.rpm rubygem-fog-xml-0.1.2-9.el8sat.src.rpm rubygem-foreman-tasks-6.0.3-1.el8sat.src.rpm rubygem-foreman_ansible-7.1.4.1-1.el8sat.src.rpm rubygem-foreman_azure_rm-2.2.6-3.1.el8sat.src.rpm rubygem-foreman_bootdisk-19.0.7-1.el8sat.src.rpm rubygem-foreman_discovery-21.0.4-1.el8sat.src.rpm rubygem-foreman_hooks-0.3.17-3.el8sat.src.rpm rubygem-foreman_kubevirt-0.1.9-4.el8sat.src.rpm rubygem-foreman_leapp-0.1.10-2.1.el8sat.src.rpm rubygem-foreman_maintain-1.1.8-1.el8sat.src.rpm rubygem-foreman_openscap-5.2.2-2.el8sat.src.rpm rubygem-foreman_puppet-4.0.3-1.el8sat.src.rpm rubygem-foreman_remote_execution-7.2.2-1.el8sat.src.rpm rubygem-foreman_rh_cloud-6.0.42.2-1.el8sat.src.rpm rubygem-foreman_scap_client-0.5.0-1.el8sat.src.rpm rubygem-foreman_templates-9.3.0-1.1.el8sat.src.rpm rubygem-foreman_theme_satellite-10.0.0.4-1.el8sat.src.rpm rubygem-foreman_virt_who_configure-0.5.9-1.el8sat.src.rpm rubygem-foreman_webhooks-3.0.4-1.el8sat.src.rpm rubygem-formatador-0.2.1-13.el8sat.src.rpm rubygem-friendly_id-5.3.0-2.el8sat.src.rpm rubygem-fx-0.5.0-2.el8sat.src.rpm rubygem-get_process_mem-0.2.7-2.1.el8sat.src.rpm rubygem-gettext_i18n_rails-1.8.0-3.el8sat.src.rpm rubygem-git-1.11.0-1.el8sat.src.rpm rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el8sat.src.rpm rubygem-globalid-0.4.2-2.el8sat.src.rpm rubygem-google-api-client-0.33.2-2.el8sat.src.rpm rubygem-google-cloud-env-1.3.3-2.el8sat.src.rpm rubygem-googleauth-0.13.1-2.el8sat.src.rpm rubygem-graphql-1.8.14-3.el8sat.src.rpm rubygem-graphql-batch-0.3.10-3.el8sat.src.rpm rubygem-gssapi-1.2.0-8.el8sat.src.rpm rubygem-hammer_cli-3.3.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman-3.3.0.1-1.el8sat.src.rpm rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.src.rpm rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.src.rpm rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.src.rpm rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el8sat.src.rpm rubygem-hammer_cli_foreman_leapp-0.1.1-1.el8sat.src.rpm rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.src.rpm rubygem-hammer_cli_foreman_puppet-0.0.6-1.el8sat.src.rpm rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.src.rpm rubygem-hammer_cli_foreman_tasks-0.0.18-1.el8sat.src.rpm rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.src.rpm rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.src.rpm rubygem-hammer_cli_foreman_webhooks-0.0.3-1.el8sat.src.rpm rubygem-hammer_cli_katello-1.6.0.1-1.el8sat.src.rpm rubygem-hashie-3.6.0-3.el8sat.src.rpm rubygem-highline-2.0.3-2.el8sat.src.rpm rubygem-hocon-1.3.1-2.el8sat.src.rpm rubygem-http-3.3.0-2.el8sat.src.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm rubygem-http-form_data-2.1.1-2.el8sat.src.rpm rubygem-http_parser.rb-0.6.0-3.1.el8sat.src.rpm rubygem-httpclient-2.8.3-4.el8sat.src.rpm rubygem-i18n-1.8.2-2.el8sat.src.rpm rubygem-infoblox-3.0.0-4.el8sat.src.rpm rubygem-ipaddress-0.8.3-1.el8sat.src.rpm rubygem-jgrep-1.3.3-11.el8sat.src.rpm rubygem-journald-logger-2.0.4-3.el8sat.src.rpm rubygem-journald-native-1.0.11-4.1.el8sat.src.rpm rubygem-jwt-2.2.2-2.el8sat.src.rpm rubygem-kafo-6.4.0-1.el8sat.src.rpm rubygem-kafo_parsers-1.2.1-1.el8sat.src.rpm rubygem-kafo_wizards-0.0.2-2.el8sat.src.rpm rubygem-katello-4.5.0.20-1.el8sat.src.rpm rubygem-kubeclient-4.3.0-2.el8sat.src.rpm rubygem-ldap_fluff-0.6.0-1.el8sat.src.rpm rubygem-little-plugger-1.1.4-3.el8sat.src.rpm rubygem-locale-2.0.9-15.el8sat.src.rpm rubygem-logging-2.3.0-2.el8sat.src.rpm rubygem-logging-journald-2.0.0-3.el8sat.src.rpm rubygem-loofah-2.4.0-2.el8sat.src.rpm rubygem-mail-2.7.1-2.el8sat.src.rpm rubygem-marcel-1.0.1-1.el8sat.src.rpm rubygem-memoist-0.16.0-3.el8sat.src.rpm rubygem-method_source-0.9.2-3.el8sat.src.rpm rubygem-mime-types-3.3.1-2.el8sat.src.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm rubygem-mini_mime-1.0.2-2.el8sat.src.rpm rubygem-mqtt-0.5.0-1.el8sat.src.rpm rubygem-ms_rest-0.7.6-1.el8sat.src.rpm rubygem-ms_rest_azure-0.12.0-1.el8sat.src.rpm rubygem-msgpack-1.3.3-2.1.el8sat.src.rpm rubygem-multi_json-1.14.1-3.el8sat.src.rpm rubygem-multipart-post-2.0.0-3.el8sat.src.rpm rubygem-mustermann-1.1.1-1.el8sat.src.rpm rubygem-net-ldap-0.17.0-2.el8sat.src.rpm rubygem-net-ping-2.0.1-5.el8sat.src.rpm rubygem-net-scp-1.2.1-5.el8sat.src.rpm rubygem-net-ssh-4.2.0-3.el8sat.src.rpm rubygem-net-ssh-krb-0.4.0-4.el8sat.src.rpm rubygem-net_http_unix-0.2.2-2.el8sat.src.rpm rubygem-netrc-0.11.0-6.el8sat.src.rpm rubygem-newt-0.9.7-3.1.el8sat.src.rpm rubygem-nio4r-2.5.4-2.1.el8sat.src.rpm rubygem-nokogiri-1.13.8-1.el8sat.src.rpm rubygem-oauth-0.5.4-5.el8sat.src.rpm rubygem-openscap-0.4.9-7.el8sat.src.rpm rubygem-openscap_parser-1.0.2-2.el8sat.src.rpm rubygem-optimist-3.0.0-3.el8sat.src.rpm rubygem-os-1.0.0-3.el8sat.src.rpm rubygem-ovirt-engine-sdk-4.4.0-2.1.el8sat.src.rpm rubygem-ovirt_provision_plugin-2.0.3-3.el8sat.src.rpm rubygem-parallel-1.19.1-2.el8sat.src.rpm rubygem-parse-cron-0.1.4-5.el8sat.src.rpm rubygem-polyglot-0.3.5-3.1.el8sat.src.rpm rubygem-powerbar-2.0.1-3.el8sat.src.rpm rubygem-prometheus-client-1.0.0-3.el8sat.src.rpm rubygem-promise.rb-0.7.4-3.el8sat.src.rpm rubygem-public_suffix-3.0.3-3.el8sat.src.rpm rubygem-pulp_ansible_client-0.13.1-1.el8sat.src.rpm rubygem-pulp_certguard_client-1.5.0-1.el8sat.src.rpm rubygem-pulp_container_client-2.10.3-1.el8sat.src.rpm rubygem-pulp_deb_client-2.18.0-1.el8sat.src.rpm rubygem-pulp_file_client-1.10.0-1.el8sat.src.rpm rubygem-pulp_ostree_client-2.0.0-0.1.a1.el8sat.src.rpm rubygem-pulp_python_client-3.6.0-1.el8sat.src.rpm rubygem-pulp_rpm_client-3.17.4-1.el8sat.src.rpm rubygem-pulpcore_client-3.18.5-1.el8sat.src.rpm rubygem-puma-5.6.2-1.el8sat.src.rpm rubygem-puma-status-1.3-1.el8sat.src.rpm rubygem-qpid_proton-0.33.0-5.el8sat.src.rpm rubygem-quantile-0.2.0-5.el8sat.src.rpm rubygem-rabl-0.14.3-2.el8sat.src.rpm rubygem-rack-2.2.4-1.el8sat.src.rpm rubygem-rack-cors-1.0.2-3.el8sat.src.rpm rubygem-rack-jsonp-1.3.1-10.el8sat.src.rpm rubygem-rack-protection-2.2.0-1.el8sat.src.rpm rubygem-rack-test-1.1.0-5.el8sat.src.rpm rubygem-rails-6.0.4.7-1.el8sat.src.rpm rubygem-rails-dom-testing-2.0.3-7.el8sat.src.rpm rubygem-rails-html-sanitizer-1.4.3-2.el8sat.src.rpm rubygem-rails-i18n-6.0.0-3.el8sat.src.rpm rubygem-railties-6.0.4.7-1.el8sat.src.rpm rubygem-rainbow-2.2.2-1.el8sat.src.rpm rubygem-rb-inotify-0.9.7-6.el8sat.src.rpm rubygem-rbnacl-4.0.2-2.el8sat.src.rpm rubygem-rbvmomi-2.2.0-4.el8sat.src.rpm rubygem-rchardet-1.8.0-1.el8sat.src.rpm rubygem-recursive-open-struct-1.1.0-2.el8sat.src.rpm rubygem-redfish_client-0.5.2-2.el8sat.src.rpm rubygem-redis-4.5.1-1.el8sat.src.rpm rubygem-representable-3.0.4-3.el8sat.src.rpm rubygem-responders-3.0.0-4.el8sat.src.rpm rubygem-rest-client-2.0.2-4.el8sat.src.rpm rubygem-retriable-3.1.2-3.el8sat.src.rpm rubygem-rkerberos-0.1.5-20.1.el8sat.src.rpm rubygem-roadie-3.4.0-4.el8sat.src.rpm rubygem-roadie-rails-2.1.1-3.el8sat.src.rpm rubygem-robotex-1.0.0-22.el8sat.src.rpm rubygem-rsec-0.4.3-5.el8sat.src.rpm rubygem-ruby-libvirt-0.7.1-2.1.el8sat.src.rpm rubygem-ruby2_keywords-0.0.4-1.el8sat.src.rpm rubygem-ruby2ruby-2.4.2-4.el8sat.src.rpm rubygem-ruby_parser-3.10.1-4.el8sat.src.rpm rubygem-rubyipmi-0.11.0-1.el8sat.src.rpm rubygem-runcible-2.13.1-2.el8sat.src.rpm rubygem-safemode-1.3.6-2.el8sat.src.rpm rubygem-scoped_search-4.1.10-1.el8sat.src.rpm rubygem-sd_notify-0.1.0-2.el8sat.src.rpm rubygem-secure_headers-6.3.0-3.el8sat.src.rpm rubygem-sequel-5.53.0-1.el8sat.src.rpm rubygem-server_sent_events-0.1.2-2.el8sat.src.rpm rubygem-sexp_processor-4.10.0-7.el8sat.src.rpm rubygem-sidekiq-5.2.10-1.el8sat.src.rpm rubygem-signet-0.14.0-2.el8sat.src.rpm rubygem-sinatra-2.2.0-1.el8sat.src.rpm rubygem-smart_proxy_ansible-3.4.1-2.el8sat.src.rpm rubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.src.rpm rubygem-smart_proxy_dhcp_infoblox-0.0.16-7.el8sat.src.rpm rubygem-smart_proxy_dhcp_remote_isc-0.0.5-6.el8sat.src.rpm rubygem-smart_proxy_discovery-1.0.5-9.el8sat.src.rpm rubygem-smart_proxy_discovery_image-1.6.0-2.el8sat.src.rpm rubygem-smart_proxy_dns_infoblox-1.1.0-7.el8sat.src.rpm rubygem-smart_proxy_dynflow-0.8.2-1.el8sat.src.rpm rubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.src.rpm rubygem-smart_proxy_openscap-0.9.2-1.el8sat.src.rpm rubygem-smart_proxy_pulp-3.2.0-3.el8sat.src.rpm rubygem-smart_proxy_remote_execution_ssh-0.7.3-1.el8sat.src.rpm rubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.src.rpm rubygem-sprockets-4.0.2-2.el8sat.src.rpm rubygem-sprockets-rails-3.2.1-7.el8sat.src.rpm rubygem-sqlite3-1.4.2-1.el8sat.src.rpm rubygem-sshkey-1.9.0-5.el8sat.src.rpm rubygem-statsd-instrument-2.1.4-4.el8sat.src.rpm rubygem-stomp-1.4.9-2.el8sat.src.rpm rubygem-thor-1.0.1-3.el8sat.src.rpm rubygem-thread_safe-0.3.6-6.el8sat.src.rpm rubygem-tilt-2.0.8-5.el8sat.src.rpm rubygem-timeliness-0.3.10-2.el8sat.src.rpm rubygem-tzinfo-1.2.6-2.el8sat.src.rpm rubygem-uber-0.1.0-3.el8sat.src.rpm rubygem-unf-0.1.3-9.el8sat.src.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm rubygem-unicode-0.4.4.4-4.1.el8sat.src.rpm rubygem-unicode-display_width-1.7.0-2.el8sat.src.rpm rubygem-validates_lengths_from_database-0.5.0-8.el8sat.src.rpm rubygem-webpack-rails-0.9.8-6.1.el8sat.src.rpm rubygem-websocket-driver-0.7.1-2.1.el8sat.src.rpm rubygem-websocket-extensions-0.1.5-2.el8sat.src.rpm rubygem-will_paginate-3.1.7-4.el8sat.src.rpm rubygem-zeitwerk-2.2.2-2.el8sat.src.rpm saslwrapper-0.22-6.el8sat.src.rpm satellite-6.12.0-4.el8sat.src.rpm satellite-installer-6.12.0.5-1.el8sat.src.rpm satellite-maintain-0.0.1-1.el8sat.src.rpm yggdrasil-worker-forwarder-0.0.1-1.el8sat.src.rpm
noarch: ansible-collection-redhat-satellite-3.7.0-2.el8sat.noarch.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.noarch.rpm ansible-lint-5.0.8-4.el8pc.noarch.rpm ansible-runner-1.4.7-1.el8ar.noarch.rpm ansiblerole-foreman_scap_client-0.2.0-2.el8sat.noarch.rpm ansiblerole-insights-client-1.7.1-2.el8sat.noarch.rpm candlepin-4.1.15-1.el8sat.noarch.rpm candlepin-selinux-4.1.15-1.el8sat.noarch.rpm foreman-3.3.0.17-1.el8sat.noarch.rpm foreman-bootloaders-redhat-202102220000-1.el8sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202102220000-1.el8sat.noarch.rpm foreman-cli-3.3.0.17-1.el8sat.noarch.rpm foreman-debug-3.3.0.17-1.el8sat.noarch.rpm foreman-discovery-image-3.8.2-1.el8sat.noarch.rpm foreman-dynflow-sidekiq-3.3.0.17-1.el8sat.noarch.rpm foreman-ec2-3.3.0.17-1.el8sat.noarch.rpm foreman-gce-3.3.0.17-1.el8sat.noarch.rpm foreman-installer-3.3.0.8-1.el8sat.noarch.rpm foreman-installer-katello-3.3.0.8-1.el8sat.noarch.rpm foreman-journald-3.3.0.17-1.el8sat.noarch.rpm foreman-libvirt-3.3.0.17-1.el8sat.noarch.rpm foreman-openstack-3.3.0.17-1.el8sat.noarch.rpm foreman-ovirt-3.3.0.17-1.el8sat.noarch.rpm foreman-postgresql-3.3.0.17-1.el8sat.noarch.rpm foreman-proxy-3.3.0-1.el8sat.noarch.rpm foreman-proxy-journald-3.3.0-1.el8sat.noarch.rpm foreman-selinux-3.3.0-2.el8sat.noarch.rpm foreman-service-3.3.0.17-1.el8sat.noarch.rpm foreman-telemetry-3.3.0.17-1.el8sat.noarch.rpm foreman-vmware-3.3.0.17-1.el8sat.noarch.rpm katello-4.5.0-1.el8sat.noarch.rpm katello-certs-tools-2.9.0-1.el8sat.noarch.rpm katello-client-bootstrap-1.7.9-1.el8sat.noarch.rpm katello-common-4.5.0-1.el8sat.noarch.rpm katello-debug-4.5.0-1.el8sat.noarch.rpm katello-selinux-4.0.2-2.el8sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el8sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el8sat.noarch.rpm puppetlabs-stdlib-5.2.0-1.el8sat.noarch.rpm puppetserver-7.4.2-1.el8sat.noarch.rpm python2-qpid-1.37.0-1.el8.noarch.rpm python3-ansible-runner-1.4.7-1.el8ar.noarch.rpm python3-daemon-2.1.2-9.el8ar.noarch.rpm python3-lockfile-0.11.0-8.el8ar.noarch.rpm python3-pexpect-4.6-2.el8ar.noarch.rpm python39-aiodns-3.0.0-3.el8pc.noarch.rpm python39-aiofiles-0.8.0-2.el8pc.noarch.rpm python39-aiohttp-xmlrpc-1.5.0-2.el8pc.noarch.rpm python39-aioredis-2.0.1-2.el8pc.noarch.rpm python39-aiosignal-1.2.0-2.el8pc.noarch.rpm python39-ansible-builder-1.0.1-4.el8pc.noarch.rpm python39-asgiref-3.5.0-2.el8pc.noarch.rpm python39-async-lru-1.0.2-3.el8pc.noarch.rpm python39-async-timeout-4.0.2-2.el8pc.noarch.rpm python39-asyncio-throttle-1.0.2-3.el8pc.noarch.rpm python39-attrs-21.4.0-2.el8pc.noarch.rpm python39-backoff-1.11.1-2.el8pc.noarch.rpm python39-bindep-2.10.2-4.el8pc.noarch.rpm python39-bleach-3.3.1-2.el8pc.noarch.rpm python39-bleach-allowlist-1.0.3-3.el8pc.noarch.rpm python39-bracex-2.2.1-2.el8pc.noarch.rpm python39-certifi-2020.6.20-3.el8pc.noarch.rpm python39-chardet-4.0.0-2.el8pc.noarch.rpm python39-charset-normalizer-2.0.11-4.el8pc.noarch.rpm python39-click-8.0.3-2.el8pc.noarch.rpm python39-click-shell-2.1-3.el8pc.noarch.rpm python39-colorama-0.4.4-3.el8pc.noarch.rpm python39-commonmark-0.9.1-5.el8pc.noarch.rpm python39-contextlib2-21.6.0-3.el8pc.noarch.rpm python39-dataclasses-0.8-3.el8pc.noarch.rpm python39-dateutil-2.8.2-2.el8pc.noarch.rpm python39-debian-0.1.43-2.el8pc.noarch.rpm python39-defusedxml-0.7.1-3.el8pc.noarch.rpm python39-diff-match-patch-20200713-3.el8pc.noarch.rpm python39-distro-1.6.0-3.el8pc.noarch.rpm python39-django-3.2.14-2.el8pc.noarch.rpm python39-django-currentuser-0.5.3-5.el8pc.noarch.rpm python39-django-filter-21.1-3.el8pc.noarch.rpm python39-django-guardian-2.4.0-5.el8pc.noarch.rpm python39-django-guid-3.2.2-1.el8pc.noarch.rpm python39-django-import-export-2.7.1-6.el8pc.noarch.rpm python39-django-lifecycle-0.9.6-3.el8pc.noarch.rpm python39-django-prometheus-2.1.0-3.el8pc.noarch.rpm python39-django-readonly-field-1.1.1-3.el8pc.noarch.rpm python39-djangorestframework-3.13.1-2.el8pc.noarch.rpm python39-djangorestframework-queryfields-1.0.0-5.el8pc.noarch.rpm python39-drf-access-policy-1.1.0-3.el8pc.noarch.rpm python39-drf-nested-routers-0.93.4-3.el8pc.noarch.rpm python39-drf-spectacular-0.21.2-2.el8pc.noarch.rpm python39-dynaconf-3.1.7-4.el8pc.noarch.rpm python39-ecdsa-0.14.1-2.el8pc.noarch.rpm python39-enrich-1.2.6-5.el8pc.noarch.rpm python39-et-xmlfile-1.1.0-2.el8pc.noarch.rpm python39-flake8-3.9.2-5.el8pc.noarch.rpm python39-future-0.18.2-5.el8pc.noarch.rpm python39-galaxy-importer-0.4.5-1.el8pc.noarch.rpm python39-gitdb-4.0.9-2.el8pc.noarch.rpm python39-gitpython-3.1.26-3.el8pc.noarch.rpm python39-gnupg-0.4.8-2.el8pc.noarch.rpm python39-gunicorn-20.1.0-5.el8pc.noarch.rpm python39-idna-3.3-2.el8pc.noarch.rpm python39-idna-ssl-1.1.0-5.el8pc.noarch.rpm python39-importlib-metadata-4.10.1-2.el8pc.noarch.rpm python39-importlib-resources-5.4.0-4.el8pc.noarch.rpm python39-inflection-0.5.1-3.el8pc.noarch.rpm python39-iniparse-0.4-35.el8pc.noarch.rpm python39-jinja2-3.0.3-2.el8pc.noarch.rpm python39-jsonschema-4.6.0-4.el8pc.noarch.rpm python39-markdown-3.3.6-3.el8pc.noarch.rpm python39-markuppy-1.14-3.el8pc.noarch.rpm python39-mccabe-0.6.1-3.el8pc.noarch.rpm python39-naya-1.1.1-3.el8pc.noarch.rpm python39-odfpy-1.4.1-6.el8pc.noarch.rpm python39-openpyxl-3.0.9-2.el8pc.noarch.rpm python39-packaging-21.3-1.el8pc.noarch.rpm python39-parsley-1.3-2.el8pc.noarch.rpm python39-pbr-5.8.0-4.el8pc.noarch.rpm python39-productmd-1.33-3.el8pc.noarch.rpm python39-prometheus-client-0.8.0-3.el8pc.noarch.rpm python39-pulp-ansible-0.13.2-2.el8pc.noarch.rpm python39-pulp-certguard-1.5.2-3.el8pc.noarch.rpm python39-pulp-cli-0.14.0-4.el8pc.noarch.rpm python39-pulp-container-2.10.9-1.el8pc.noarch.rpm python39-pulp-deb-2.18.0-3.el8pc.noarch.rpm python39-pulp-file-1.10.2-2.el8pc.noarch.rpm python39-pulp-rpm-3.18.7-1.el8pc.noarch.rpm python39-pulp_manifest-3.0.0-3.el8pc.noarch.rpm python39-pulpcore-3.18.10-1.el8pc.noarch.rpm python39-pyOpenSSL-19.1.0-3.el8pc.noarch.rpm python39-pycodestyle-2.7.0-5.el8pc.noarch.rpm python39-pycparser-2.21-2.el8pc.noarch.rpm python39-pyflakes-2.3.1-5.el8pc.noarch.rpm python39-pygments-2.11.2-2.el8pc.noarch.rpm python39-pygtrie-2.4.2-3.el8pc.noarch.rpm python39-pyjwkest-1.4.2-6.el8pc.noarch.rpm python39-pyjwt-1.7.1-8.el8pc.noarch.rpm python39-pyparsing-2.4.7-3.el8pc.noarch.rpm python39-pytz-2021.3-2.el8pc.noarch.rpm python39-redis-3.5.3-3.el8pc.noarch.rpm python39-requests-2.27.1-2.el8pc.noarch.rpm python39-requirements-parser-0.2.0-3.el8pc.noarch.rpm python39-rich-10.12.0-3.el8pc.noarch.rpm python39-ruamel-yaml-0.17.20-2.el8pc.noarch.rpm python39-schema-0.7.5-2.el8pc.noarch.rpm python39-semantic-version-2.10.0-1.el8pc.noarch.rpm python39-six-1.16.0-2.el8pc.noarch.rpm python39-smmap-5.0.0-2.el8pc.noarch.rpm python39-sqlparse-0.4.2-3.el8pc.noarch.rpm python39-tablib-3.2.0-3.el8pc.noarch.rpm python39-tenacity-7.0.0-3.el8pc.noarch.rpm python39-toml-0.10.2-3.el8pc.noarch.rpm python39-typing-extensions-3.10.0.2-2.el8pc.noarch.rpm python39-uritemplate-4.1.1-2.el8pc.noarch.rpm python39-url-normalize-1.4.3-4.el8pc.noarch.rpm python39-urllib3-1.26.8-2.el8pc.noarch.rpm python39-urlman-1.4.0-3.el8pc.noarch.rpm python39-wcmatch-8.3-2.el8pc.noarch.rpm python39-webencodings-0.5.1-3.el8pc.noarch.rpm python39-whitenoise-6.0.0-1.el8pc.noarch.rpm python39-xlrd-2.0.1-5.el8pc.noarch.rpm python39-xlwt-1.3.0-3.el8pc.noarch.rpm python39-zipp-3.4.0-4.el8pc.noarch.rpm qpid-dispatch-tools-1.14.0-6.el8.noarch.rpm qpid-tools-1.39.0-7.el8amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el8sat.noarch.rpm rubygem-actioncable-6.0.4.7-1.el8sat.noarch.rpm rubygem-actionmailbox-6.0.4.7-1.el8sat.noarch.rpm rubygem-actionmailer-6.0.4.7-1.el8sat.noarch.rpm rubygem-actionpack-6.0.4.7-1.el8sat.noarch.rpm rubygem-actiontext-6.0.4.7-1.el8sat.noarch.rpm rubygem-actionview-6.0.4.7-1.el8sat.noarch.rpm rubygem-activejob-6.0.4.7-1.el8sat.noarch.rpm rubygem-activemodel-6.0.4.7-1.el8sat.noarch.rpm rubygem-activerecord-6.0.4.7-1.el8sat.noarch.rpm rubygem-activerecord-import-1.1.0-1.el8sat.noarch.rpm rubygem-activerecord-session_store-2.0.0-1.el8sat.noarch.rpm rubygem-activestorage-6.0.4.7-1.el8sat.noarch.rpm rubygem-activesupport-6.0.4.7-1.el8sat.noarch.rpm rubygem-acts_as_list-1.0.3-2.el8sat.noarch.rpm rubygem-addressable-2.8.0-1.el8sat.noarch.rpm rubygem-algebrick-0.7.3-8.el8sat.noarch.rpm rubygem-amazing_print-1.1.0-2.el8sat.noarch.rpm rubygem-ancestry-3.0.7-2.el8sat.noarch.rpm rubygem-anemone-0.7.2-23.el8sat.noarch.rpm rubygem-angular-rails-templates-1.1.0-2.el8sat.noarch.rpm rubygem-ansi-1.5.0-3.el8sat.noarch.rpm rubygem-apipie-bindings-0.5.0-1.el8sat.noarch.rpm rubygem-apipie-dsl-2.4.0-1.el8sat.noarch.rpm rubygem-apipie-params-0.0.5-5.1.el8sat.noarch.rpm rubygem-apipie-rails-0.5.17-4.el8sat.noarch.rpm rubygem-audited-4.9.0-4.el8sat.noarch.rpm rubygem-azure_mgmt_compute-0.22.0-1.el8sat.noarch.rpm rubygem-azure_mgmt_network-0.26.1-2.el8sat.noarch.rpm rubygem-azure_mgmt_resources-0.18.2-1.el8sat.noarch.rpm rubygem-azure_mgmt_storage-0.23.0-1.el8sat.noarch.rpm rubygem-azure_mgmt_subscriptions-0.18.5-1.el8sat.noarch.rpm rubygem-builder-3.2.4-2.el8sat.noarch.rpm rubygem-bundler_ext-0.4.1-6.el8sat.noarch.rpm rubygem-clamp-1.1.2-7.el8sat.noarch.rpm rubygem-coffee-rails-5.0.0-2.el8sat.noarch.rpm rubygem-coffee-script-2.4.1-5.el8sat.noarch.rpm rubygem-coffee-script-source-1.12.2-5.el8sat.noarch.rpm rubygem-colorize-0.8.1-2.el8sat.noarch.rpm rubygem-concurrent-ruby-1.1.6-3.el8sat.noarch.rpm rubygem-concurrent-ruby-edge-0.6.0-3.el8sat.noarch.rpm rubygem-connection_pool-2.2.2-3.el8sat.noarch.rpm rubygem-crass-1.0.6-2.el8sat.noarch.rpm rubygem-css_parser-1.4.7-5.el8sat.noarch.rpm rubygem-daemons-1.2.3-7.1.el8sat.noarch.rpm rubygem-deacon-1.0.0-5.el8sat.noarch.rpm rubygem-declarative-0.0.10-3.el8sat.noarch.rpm rubygem-declarative-option-0.1.0-3.el8sat.noarch.rpm rubygem-deep_cloneable-3.0.0-4.el8sat.noarch.rpm rubygem-deface-1.5.3-3.el8sat.noarch.rpm rubygem-diffy-3.0.1-6.1.el8sat.noarch.rpm rubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm rubygem-dynflow-1.6.4-1.el8sat.noarch.rpm rubygem-erubi-1.9.0-2.el8sat.noarch.rpm rubygem-excon-0.76.0-2.el8sat.noarch.rpm rubygem-execjs-2.7.0-5.el8sat.noarch.rpm rubygem-faraday-0.17.3-2.el8sat.noarch.rpm rubygem-faraday-cookie_jar-0.0.6-2.el8sat.noarch.rpm rubygem-faraday_middleware-0.13.1-3.el8sat.noarch.rpm rubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm rubygem-fog-aws-3.6.5-2.el8sat.noarch.rpm rubygem-fog-core-2.1.0-4.el8sat.noarch.rpm rubygem-fog-google-1.11.0-2.el8sat.noarch.rpm rubygem-fog-json-1.2.0-4.el8sat.noarch.rpm rubygem-fog-kubevirt-1.3.3-2.el8sat.noarch.rpm rubygem-fog-libvirt-0.9.0-1.el8sat.noarch.rpm rubygem-fog-openstack-1.0.8-4.el8sat.noarch.rpm rubygem-fog-ovirt-2.0.2-1.el8sat.noarch.rpm rubygem-fog-vsphere-3.5.2-1.el8sat.noarch.rpm rubygem-fog-xml-0.1.2-9.el8sat.noarch.rpm rubygem-foreman-tasks-6.0.3-1.el8sat.noarch.rpm rubygem-foreman_ansible-7.1.4.1-1.el8sat.noarch.rpm rubygem-foreman_azure_rm-2.2.6-3.1.el8sat.noarch.rpm rubygem-foreman_bootdisk-19.0.7-1.el8sat.noarch.rpm rubygem-foreman_discovery-21.0.4-1.el8sat.noarch.rpm rubygem-foreman_hooks-0.3.17-3.el8sat.noarch.rpm rubygem-foreman_kubevirt-0.1.9-4.el8sat.noarch.rpm rubygem-foreman_leapp-0.1.10-2.1.el8sat.noarch.rpm rubygem-foreman_maintain-1.1.8-1.el8sat.noarch.rpm rubygem-foreman_openscap-5.2.2-2.el8sat.noarch.rpm rubygem-foreman_puppet-4.0.3-1.el8sat.noarch.rpm rubygem-foreman_remote_execution-7.2.2-1.el8sat.noarch.rpm rubygem-foreman_remote_execution-cockpit-7.2.2-1.el8sat.noarch.rpm rubygem-foreman_rh_cloud-6.0.42.2-1.el8sat.noarch.rpm rubygem-foreman_scap_client-0.5.0-1.el8sat.noarch.rpm rubygem-foreman_templates-9.3.0-1.1.el8sat.noarch.rpm rubygem-foreman_theme_satellite-10.0.0.4-1.el8sat.noarch.rpm rubygem-foreman_virt_who_configure-0.5.9-1.el8sat.noarch.rpm rubygem-foreman_webhooks-3.0.4-1.el8sat.noarch.rpm rubygem-formatador-0.2.1-13.el8sat.noarch.rpm rubygem-friendly_id-5.3.0-2.el8sat.noarch.rpm rubygem-fx-0.5.0-2.el8sat.noarch.rpm rubygem-get_process_mem-0.2.7-2.1.el8sat.noarch.rpm rubygem-gettext_i18n_rails-1.8.0-3.el8sat.noarch.rpm rubygem-git-1.11.0-1.el8sat.noarch.rpm rubygem-gitlab-sidekiq-fetcher-0.6.0-2.el8sat.noarch.rpm rubygem-globalid-0.4.2-2.el8sat.noarch.rpm rubygem-google-api-client-0.33.2-2.el8sat.noarch.rpm rubygem-google-cloud-env-1.3.3-2.el8sat.noarch.rpm rubygem-googleauth-0.13.1-2.el8sat.noarch.rpm rubygem-graphql-1.8.14-3.el8sat.noarch.rpm rubygem-graphql-batch-0.3.10-3.el8sat.noarch.rpm rubygem-gssapi-1.2.0-8.el8sat.noarch.rpm rubygem-hammer_cli-3.3.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman-3.3.0.1-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.noarch.rpm rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_leapp-0.1.1-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_puppet-0.0.6-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_tasks-0.0.18-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.noarch.rpm rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_webhooks-0.0.3-1.el8sat.noarch.rpm rubygem-hammer_cli_katello-1.6.0.1-1.el8sat.noarch.rpm rubygem-hashie-3.6.0-3.el8sat.noarch.rpm rubygem-highline-2.0.3-2.el8sat.noarch.rpm rubygem-hocon-1.3.1-2.el8sat.noarch.rpm rubygem-http-3.3.0-2.el8sat.noarch.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm rubygem-http-form_data-2.1.1-2.el8sat.noarch.rpm rubygem-httpclient-2.8.3-4.el8sat.noarch.rpm rubygem-i18n-1.8.2-2.el8sat.noarch.rpm rubygem-infoblox-3.0.0-4.el8sat.noarch.rpm rubygem-ipaddress-0.8.3-1.el8sat.noarch.rpm rubygem-jgrep-1.3.3-11.el8sat.noarch.rpm rubygem-journald-logger-2.0.4-3.el8sat.noarch.rpm rubygem-jwt-2.2.2-2.el8sat.noarch.rpm rubygem-kafo-6.4.0-1.el8sat.noarch.rpm rubygem-kafo_parsers-1.2.1-1.el8sat.noarch.rpm rubygem-kafo_wizards-0.0.2-2.el8sat.noarch.rpm rubygem-katello-4.5.0.20-1.el8sat.noarch.rpm rubygem-kubeclient-4.3.0-2.el8sat.noarch.rpm rubygem-ldap_fluff-0.6.0-1.el8sat.noarch.rpm rubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm rubygem-locale-2.0.9-15.el8sat.noarch.rpm rubygem-logging-2.3.0-2.el8sat.noarch.rpm rubygem-logging-journald-2.0.0-3.el8sat.noarch.rpm rubygem-loofah-2.4.0-2.el8sat.noarch.rpm rubygem-mail-2.7.1-2.el8sat.noarch.rpm rubygem-marcel-1.0.1-1.el8sat.noarch.rpm rubygem-memoist-0.16.0-3.el8sat.noarch.rpm rubygem-method_source-0.9.2-3.el8sat.noarch.rpm rubygem-mime-types-3.3.1-2.el8sat.noarch.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm rubygem-mini_mime-1.0.2-2.el8sat.noarch.rpm rubygem-mqtt-0.5.0-1.el8sat.noarch.rpm rubygem-ms_rest-0.7.6-1.el8sat.noarch.rpm rubygem-ms_rest_azure-0.12.0-1.el8sat.noarch.rpm rubygem-multi_json-1.14.1-3.el8sat.noarch.rpm rubygem-multipart-post-2.0.0-3.el8sat.noarch.rpm rubygem-mustermann-1.1.1-1.el8sat.noarch.rpm rubygem-net-ldap-0.17.0-2.el8sat.noarch.rpm rubygem-net-ping-2.0.1-5.el8sat.noarch.rpm rubygem-net-scp-1.2.1-5.el8sat.noarch.rpm rubygem-net-ssh-4.2.0-3.el8sat.noarch.rpm rubygem-net-ssh-krb-0.4.0-4.el8sat.noarch.rpm rubygem-net_http_unix-0.2.2-2.el8sat.noarch.rpm rubygem-netrc-0.11.0-6.el8sat.noarch.rpm rubygem-oauth-0.5.4-5.el8sat.noarch.rpm rubygem-openscap-0.4.9-7.el8sat.noarch.rpm rubygem-openscap_parser-1.0.2-2.el8sat.noarch.rpm rubygem-optimist-3.0.0-3.el8sat.noarch.rpm rubygem-os-1.0.0-3.el8sat.noarch.rpm rubygem-ovirt_provision_plugin-2.0.3-3.el8sat.noarch.rpm rubygem-parallel-1.19.1-2.el8sat.noarch.rpm rubygem-parse-cron-0.1.4-5.el8sat.noarch.rpm rubygem-polyglot-0.3.5-3.1.el8sat.noarch.rpm rubygem-powerbar-2.0.1-3.el8sat.noarch.rpm rubygem-prometheus-client-1.0.0-3.el8sat.noarch.rpm rubygem-promise.rb-0.7.4-3.el8sat.noarch.rpm rubygem-public_suffix-3.0.3-3.el8sat.noarch.rpm rubygem-pulp_ansible_client-0.13.1-1.el8sat.noarch.rpm rubygem-pulp_certguard_client-1.5.0-1.el8sat.noarch.rpm rubygem-pulp_container_client-2.10.3-1.el8sat.noarch.rpm rubygem-pulp_deb_client-2.18.0-1.el8sat.noarch.rpm rubygem-pulp_file_client-1.10.0-1.el8sat.noarch.rpm rubygem-pulp_ostree_client-2.0.0-0.1.a1.el8sat.noarch.rpm rubygem-pulp_python_client-3.6.0-1.el8sat.noarch.rpm rubygem-pulp_rpm_client-3.17.4-1.el8sat.noarch.rpm rubygem-pulpcore_client-3.18.5-1.el8sat.noarch.rpm rubygem-puma-status-1.3-1.el8sat.noarch.rpm rubygem-quantile-0.2.0-5.el8sat.noarch.rpm rubygem-rabl-0.14.3-2.el8sat.noarch.rpm rubygem-rack-2.2.4-1.el8sat.noarch.rpm rubygem-rack-cors-1.0.2-3.el8sat.noarch.rpm rubygem-rack-jsonp-1.3.1-10.el8sat.noarch.rpm rubygem-rack-protection-2.2.0-1.el8sat.noarch.rpm rubygem-rack-test-1.1.0-5.el8sat.noarch.rpm rubygem-rails-6.0.4.7-1.el8sat.noarch.rpm rubygem-rails-dom-testing-2.0.3-7.el8sat.noarch.rpm rubygem-rails-html-sanitizer-1.4.3-2.el8sat.noarch.rpm rubygem-rails-i18n-6.0.0-3.el8sat.noarch.rpm rubygem-railties-6.0.4.7-1.el8sat.noarch.rpm rubygem-rainbow-2.2.2-1.el8sat.noarch.rpm rubygem-rb-inotify-0.9.7-6.el8sat.noarch.rpm rubygem-rbnacl-4.0.2-2.el8sat.noarch.rpm rubygem-rbvmomi-2.2.0-4.el8sat.noarch.rpm rubygem-rchardet-1.8.0-1.el8sat.noarch.rpm rubygem-recursive-open-struct-1.1.0-2.el8sat.noarch.rpm rubygem-redfish_client-0.5.2-2.el8sat.noarch.rpm rubygem-redis-4.5.1-1.el8sat.noarch.rpm rubygem-representable-3.0.4-3.el8sat.noarch.rpm rubygem-responders-3.0.0-4.el8sat.noarch.rpm rubygem-rest-client-2.0.2-4.el8sat.noarch.rpm rubygem-retriable-3.1.2-3.el8sat.noarch.rpm rubygem-roadie-3.4.0-4.el8sat.noarch.rpm rubygem-roadie-rails-2.1.1-3.el8sat.noarch.rpm rubygem-robotex-1.0.0-22.el8sat.noarch.rpm rubygem-rsec-0.4.3-5.el8sat.noarch.rpm rubygem-ruby2_keywords-0.0.4-1.el8sat.noarch.rpm rubygem-ruby2ruby-2.4.2-4.el8sat.noarch.rpm rubygem-ruby_parser-3.10.1-4.el8sat.noarch.rpm rubygem-rubyipmi-0.11.0-1.el8sat.noarch.rpm rubygem-runcible-2.13.1-2.el8sat.noarch.rpm rubygem-safemode-1.3.6-2.el8sat.noarch.rpm rubygem-scoped_search-4.1.10-1.el8sat.noarch.rpm rubygem-sd_notify-0.1.0-2.el8sat.noarch.rpm rubygem-secure_headers-6.3.0-3.el8sat.noarch.rpm rubygem-sequel-5.53.0-1.el8sat.noarch.rpm rubygem-server_sent_events-0.1.2-2.el8sat.noarch.rpm rubygem-sexp_processor-4.10.0-7.el8sat.noarch.rpm rubygem-sidekiq-5.2.10-1.el8sat.noarch.rpm rubygem-signet-0.14.0-2.el8sat.noarch.rpm rubygem-sinatra-2.2.0-1.el8sat.noarch.rpm rubygem-smart_proxy_ansible-3.4.1-2.el8sat.noarch.rpm rubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.noarch.rpm rubygem-smart_proxy_dhcp_infoblox-0.0.16-7.el8sat.noarch.rpm rubygem-smart_proxy_dhcp_remote_isc-0.0.5-6.el8sat.noarch.rpm rubygem-smart_proxy_discovery-1.0.5-9.el8sat.noarch.rpm rubygem-smart_proxy_discovery_image-1.6.0-2.el8sat.noarch.rpm rubygem-smart_proxy_dns_infoblox-1.1.0-7.el8sat.noarch.rpm rubygem-smart_proxy_dynflow-0.8.2-1.el8sat.noarch.rpm rubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.noarch.rpm rubygem-smart_proxy_openscap-0.9.2-1.el8sat.noarch.rpm rubygem-smart_proxy_pulp-3.2.0-3.el8sat.noarch.rpm rubygem-smart_proxy_remote_execution_ssh-0.7.3-1.el8sat.noarch.rpm rubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.noarch.rpm rubygem-sprockets-4.0.2-2.el8sat.noarch.rpm rubygem-sprockets-rails-3.2.1-7.el8sat.noarch.rpm rubygem-sshkey-1.9.0-5.el8sat.noarch.rpm rubygem-statsd-instrument-2.1.4-4.el8sat.noarch.rpm rubygem-stomp-1.4.9-2.el8sat.noarch.rpm rubygem-thor-1.0.1-3.el8sat.noarch.rpm rubygem-thread_safe-0.3.6-6.el8sat.noarch.rpm rubygem-tilt-2.0.8-5.el8sat.noarch.rpm rubygem-timeliness-0.3.10-2.el8sat.noarch.rpm rubygem-tzinfo-1.2.6-2.el8sat.noarch.rpm rubygem-uber-0.1.0-3.el8sat.noarch.rpm rubygem-unf-0.1.3-9.el8sat.noarch.rpm rubygem-unicode-display_width-1.7.0-2.el8sat.noarch.rpm rubygem-validates_lengths_from_database-0.5.0-8.el8sat.noarch.rpm rubygem-webpack-rails-0.9.8-6.1.el8sat.noarch.rpm rubygem-websocket-extensions-0.1.5-2.el8sat.noarch.rpm rubygem-will_paginate-3.1.7-4.el8sat.noarch.rpm rubygem-zeitwerk-2.2.2-2.el8sat.noarch.rpm satellite-6.12.0-4.el8sat.noarch.rpm satellite-cli-6.12.0-4.el8sat.noarch.rpm satellite-common-6.12.0-4.el8sat.noarch.rpm satellite-installer-6.12.0.5-1.el8sat.noarch.rpm satellite-maintain-0.0.1-1.el8sat.noarch.rpm
x86_64: cjson-1.7.14-5.el8sat.x86_64.rpm cjson-debuginfo-1.7.14-5.el8sat.x86_64.rpm cjson-debugsource-1.7.14-5.el8sat.x86_64.rpm createrepo_c-0.20.1-1.el8pc.x86_64.rpm createrepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm createrepo_c-debugsource-0.20.1-1.el8pc.x86_64.rpm createrepo_c-libs-0.20.1-1.el8pc.x86_64.rpm createrepo_c-libs-debuginfo-0.20.1-1.el8pc.x86_64.rpm dynflow-utils-1.6.3-1.el8sat.x86_64.rpm foreman-discovery-image-service-1.0.0-4.1.el8sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-4.1.el8sat.x86_64.rpm libcomps-0.1.18-4.el8pc.x86_64.rpm libcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm libcomps-debugsource-0.1.18-4.el8pc.x86_64.rpm libdb-cxx-5.3.28-42.el8_4.x86_64.rpm libdb-cxx-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-debugsource-5.3.28-42.el8_4.x86_64.rpm libdb-java-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-sql-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-sql-devel-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-tcl-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-utils-debuginfo-5.3.28-42.el8_4.x86_64.rpm libsodium-1.0.17-3.el8sat.x86_64.rpm libsodium-debuginfo-1.0.17-3.el8sat.x86_64.rpm libsodium-debugsource-1.0.17-3.el8sat.x86_64.rpm libsolv-0.7.22-4.el8pc.x86_64.rpm libsolv-debuginfo-0.7.22-4.el8pc.x86_64.rpm libsolv-debugsource-0.7.22-4.el8pc.x86_64.rpm libsolv-demo-debuginfo-0.7.22-4.el8pc.x86_64.rpm libsolv-tools-debuginfo-0.7.22-4.el8pc.x86_64.rpm libwebsockets-2.4.2-2.el8.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el8.x86_64.rpm libwebsockets-debugsource-2.4.2-2.el8.x86_64.rpm libwebsockets-tests-debuginfo-2.4.2-2.el8.x86_64.rpm mosquitto-2.0.14-1.el8sat.x86_64.rpm mosquitto-debuginfo-2.0.14-1.el8sat.x86_64.rpm mosquitto-debugsource-2.0.14-1.el8sat.x86_64.rpm postgresql-evr-0.0.2-1.el8sat.x86_64.rpm pulpcore-selinux-1.3.2-1.el8pc.x86_64.rpm puppet-agent-7.12.1-1.el8sat.x86_64.rpm python-aiohttp-debugsource-3.8.1-3.el8pc.x86_64.rpm python-brotli-debugsource-1.0.9-2.el8pc.x86_64.rpm python-cchardet-debugsource-2.1.7-4.el8pc.x86_64.rpm python-cffi-debugsource-1.15.0-2.el8pc.x86_64.rpm python-cryptography-debugsource-3.4.8-1.el8pc.x86_64.rpm python-frozenlist-debugsource-1.3.0-2.el8pc.x86_64.rpm python-lxml-debugsource-4.7.1-2.el8pc.x86_64.rpm python-markupsafe-debugsource-2.0.1-3.el8pc.x86_64.rpm python-multidict-debugsource-6.0.2-2.el8pc.x86_64.rpm python-psutil-debugsource-5.7.2-2.el8sat.x86_64.rpm python-psycopg2-debugsource-2.9.3-2.el8pc.x86_64.rpm python-pycairo-debugsource-1.20.1-3.el8pc.x86_64.rpm python-pycares-debugsource-4.1.2-2.el8pc.x86_64.rpm python-pycryptodomex-debugsource-3.14.1-2.el8pc.x86_64.rpm python-pygobject-debugsource-3.40.1-3.el8pc.x86_64.rpm python-pyrsistent-debugsource-0.18.1-2.el8pc.x86_64.rpm python-rhsm-debugsource-1.19.2-3.el8pc.x86_64.rpm python-ruamel-yaml-clib-debugsource-0.2.6-2.el8pc.x86_64.rpm python-yarl-debugsource-1.7.2-2.el8pc.x86_64.rpm python2-qpid-qmf-1.39.0-7.el8amq.x86_64.rpm python2-saslwrapper-0.22-6.el8sat.x86_64.rpm python2-saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm python3-createrepo_c-0.20.1-1.el8pc.x86_64.rpm python3-createrepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm python3-libcomps-0.1.18-4.el8pc.x86_64.rpm python3-libcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm python3-psutil-5.7.2-2.el8sat.x86_64.rpm python3-psutil-debuginfo-5.7.2-2.el8sat.x86_64.rpm python3-qpid-proton-0.33.0-4.el8.x86_64.rpm python3-qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm python3-solv-0.7.22-4.el8pc.x86_64.rpm python3-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm python39-aiohttp-3.8.1-3.el8pc.x86_64.rpm python39-aiohttp-debuginfo-3.8.1-3.el8pc.x86_64.rpm python39-brotli-1.0.9-2.el8pc.x86_64.rpm python39-brotli-debuginfo-1.0.9-2.el8pc.x86_64.rpm python39-cchardet-2.1.7-4.el8pc.x86_64.rpm python39-cchardet-debuginfo-2.1.7-4.el8pc.x86_64.rpm python39-cffi-1.15.0-2.el8pc.x86_64.rpm python39-cffi-debuginfo-1.15.0-2.el8pc.x86_64.rpm python39-createrepo_c-0.20.1-1.el8pc.x86_64.rpm python39-createrepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm python39-cryptography-3.4.8-1.el8pc.x86_64.rpm python39-cryptography-debuginfo-3.4.8-1.el8pc.x86_64.rpm python39-frozenlist-1.3.0-2.el8pc.x86_64.rpm python39-frozenlist-debuginfo-1.3.0-2.el8pc.x86_64.rpm python39-libcomps-0.1.18-4.el8pc.x86_64.rpm python39-libcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm python39-lxml-4.7.1-2.el8pc.x86_64.rpm python39-lxml-debuginfo-4.7.1-2.el8pc.x86_64.rpm python39-markupsafe-2.0.1-3.el8pc.x86_64.rpm python39-markupsafe-debuginfo-2.0.1-3.el8pc.x86_64.rpm python39-multidict-6.0.2-2.el8pc.x86_64.rpm python39-multidict-debuginfo-6.0.2-2.el8pc.x86_64.rpm python39-psycopg2-2.9.3-2.el8pc.x86_64.rpm python39-psycopg2-debuginfo-2.9.3-2.el8pc.x86_64.rpm python39-pycairo-1.20.1-3.el8pc.x86_64.rpm python39-pycairo-debuginfo-1.20.1-3.el8pc.x86_64.rpm python39-pycares-4.1.2-2.el8pc.x86_64.rpm python39-pycares-debuginfo-4.1.2-2.el8pc.x86_64.rpm python39-pycryptodomex-3.14.1-2.el8pc.x86_64.rpm python39-pycryptodomex-debuginfo-3.14.1-2.el8pc.x86_64.rpm python39-pygobject-3.40.1-3.el8pc.x86_64.rpm python39-pygobject-debuginfo-3.40.1-3.el8pc.x86_64.rpm python39-pyrsistent-0.18.1-2.el8pc.x86_64.rpm python39-pyrsistent-debuginfo-0.18.1-2.el8pc.x86_64.rpm python39-pyyaml-5.4.1-4.el8pc.x86_64.rpm python39-rhsm-1.19.2-3.el8pc.x86_64.rpm python39-rhsm-debuginfo-1.19.2-3.el8pc.x86_64.rpm python39-ruamel-yaml-clib-0.2.6-2.el8pc.x86_64.rpm python39-ruamel-yaml-clib-debuginfo-0.2.6-2.el8pc.x86_64.rpm python39-solv-0.7.22-4.el8pc.x86_64.rpm python39-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm python39-yarl-1.7.2-2.el8pc.x86_64.rpm python39-yarl-debuginfo-1.7.2-2.el8pc.x86_64.rpm qpid-cpp-client-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-devel-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-devel-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-debugsource-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-ha-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-linearstore-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-linearstore-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-dispatch-debugsource-1.14.0-6.el8.x86_64.rpm qpid-dispatch-router-1.14.0-6.el8.x86_64.rpm qpid-dispatch-router-debuginfo-1.14.0-6.el8.x86_64.rpm qpid-proton-c-0.33.0-4.el8.x86_64.rpm qpid-proton-c-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-cpp-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-debugsource-0.33.0-4.el8.x86_64.rpm qpid-qmf-1.39.0-7.el8amq.x86_64.rpm qpid-qmf-debuginfo-1.39.0-7.el8amq.x86_64.rpm ruby-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm rubygem-bcrypt-3.1.12-4.1.el8sat.x86_64.rpm rubygem-bcrypt-debuginfo-3.1.12-4.1.el8sat.x86_64.rpm rubygem-bcrypt-debugsource-3.1.12-4.1.el8sat.x86_64.rpm rubygem-facter-4.0.51-2.el8sat.x86_64.rpm rubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debuginfo-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm rubygem-http_parser.rb-0.6.0-3.1.el8sat.x86_64.rpm rubygem-http_parser.rb-debuginfo-0.6.0-3.1.el8sat.x86_64.rpm rubygem-http_parser.rb-debugsource-0.6.0-3.1.el8sat.x86_64.rpm rubygem-journald-native-1.0.11-4.1.el8sat.x86_64.rpm rubygem-journald-native-debuginfo-1.0.11-4.1.el8sat.x86_64.rpm rubygem-journald-native-debugsource-1.0.11-4.1.el8sat.x86_64.rpm rubygem-msgpack-1.3.3-2.1.el8sat.x86_64.rpm rubygem-msgpack-debuginfo-1.3.3-2.1.el8sat.x86_64.rpm rubygem-msgpack-debugsource-1.3.3-2.1.el8sat.x86_64.rpm rubygem-newt-0.9.7-3.1.el8sat.x86_64.rpm rubygem-newt-debuginfo-0.9.7-3.1.el8sat.x86_64.rpm rubygem-newt-debugsource-0.9.7-3.1.el8sat.x86_64.rpm rubygem-nio4r-2.5.4-2.1.el8sat.x86_64.rpm rubygem-nio4r-debuginfo-2.5.4-2.1.el8sat.x86_64.rpm rubygem-nio4r-debugsource-2.5.4-2.1.el8sat.x86_64.rpm rubygem-nokogiri-1.13.8-1.el8sat.x86_64.rpm rubygem-nokogiri-debuginfo-1.13.8-1.el8sat.x86_64.rpm rubygem-nokogiri-debugsource-1.13.8-1.el8sat.x86_64.rpm rubygem-ovirt-engine-sdk-4.4.0-2.1.el8sat.x86_64.rpm rubygem-ovirt-engine-sdk-debuginfo-4.4.0-2.1.el8sat.x86_64.rpm rubygem-ovirt-engine-sdk-debugsource-4.4.0-2.1.el8sat.x86_64.rpm rubygem-puma-5.6.2-1.el8sat.x86_64.rpm rubygem-puma-debuginfo-5.6.2-1.el8sat.x86_64.rpm rubygem-puma-debugsource-5.6.2-1.el8sat.x86_64.rpm rubygem-qpid_proton-0.33.0-4.el8.x86_64.rpm rubygem-qpid_proton-0.33.0-5.el8sat.x86_64.rpm rubygem-qpid_proton-debuginfo-0.33.0-4.el8.x86_64.rpm rubygem-qpid_proton-debuginfo-0.33.0-5.el8sat.x86_64.rpm rubygem-qpid_proton-debugsource-0.33.0-5.el8sat.x86_64.rpm rubygem-rkerberos-0.1.5-20.1.el8sat.x86_64.rpm rubygem-rkerberos-debuginfo-0.1.5-20.1.el8sat.x86_64.rpm rubygem-rkerberos-debugsource-0.1.5-20.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-0.7.1-2.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-debugsource-0.7.1-2.1.el8sat.x86_64.rpm rubygem-sqlite3-1.4.2-1.el8sat.x86_64.rpm rubygem-sqlite3-debuginfo-1.4.2-1.el8sat.x86_64.rpm rubygem-sqlite3-debugsource-1.4.2-1.el8sat.x86_64.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unicode-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-unicode-debuginfo-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-unicode-debugsource-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-websocket-driver-0.7.1-2.1.el8sat.x86_64.rpm rubygem-websocket-driver-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm rubygem-websocket-driver-debugsource-0.7.1-2.1.el8sat.x86_64.rpm saslwrapper-0.22-6.el8sat.x86_64.rpm saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm saslwrapper-debugsource-0.22-6.el8sat.x86_64.rpm yggdrasil-worker-forwarder-0.0.1-1.el8sat.x86_64.rpm
Red Hat Satellite 6.12 for RHEL 8:
Source: ansible-collection-redhat-satellite-3.7.0-2.el8sat.src.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.src.rpm ansible-lint-5.0.8-4.el8pc.src.rpm ansible-runner-1.4.7-1.el8ar.src.rpm ansiblerole-foreman_scap_client-0.2.0-2.el8sat.src.rpm ansiblerole-insights-client-1.7.1-2.el8sat.src.rpm cjson-1.7.14-5.el8sat.src.rpm createrepo_c-0.20.1-1.el8pc.src.rpm dynflow-utils-1.6.3-1.el8sat.src.rpm foreman-3.3.0.17-1.el8sat.src.rpm foreman-bootloaders-redhat-202102220000-1.el8sat.src.rpm foreman-discovery-image-3.8.2-1.el8sat.src.rpm foreman-discovery-image-service-1.0.0-4.1.el8sat.src.rpm foreman-installer-3.3.0.8-1.el8sat.src.rpm foreman-proxy-3.3.0-1.el8sat.src.rpm katello-4.5.0-1.el8sat.src.rpm katello-certs-tools-2.9.0-1.el8sat.src.rpm katello-client-bootstrap-1.7.9-1.el8sat.src.rpm libcomps-0.1.18-4.el8pc.src.rpm libdb-5.3.28-42.el8_4.src.rpm libsodium-1.0.17-3.el8sat.src.rpm libsolv-0.7.22-4.el8pc.src.rpm libwebsockets-2.4.2-2.el8.src.rpm mosquitto-2.0.14-1.el8sat.src.rpm pulpcore-selinux-1.3.2-1.el8pc.src.rpm puppet-agent-7.12.1-1.el8sat.src.rpm puppet-agent-oauth-0.5.1-3.el8sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el8sat.src.rpm puppetlabs-stdlib-5.2.0-1.el8sat.src.rpm puppetserver-7.4.2-1.el8sat.src.rpm python-aiodns-3.0.0-3.el8pc.src.rpm python-aiofiles-0.8.0-2.el8pc.src.rpm python-aiohttp-3.8.1-3.el8pc.src.rpm python-aiohttp-xmlrpc-1.5.0-2.el8pc.src.rpm python-aioredis-2.0.1-2.el8pc.src.rpm python-aiosignal-1.2.0-2.el8pc.src.rpm python-ansible-builder-1.0.1-4.el8pc.src.rpm python-asgiref-3.5.0-2.el8pc.src.rpm python-async-lru-1.0.2-3.el8pc.src.rpm python-async-timeout-4.0.2-2.el8pc.src.rpm python-asyncio-throttle-1.0.2-3.el8pc.src.rpm python-attrs-21.4.0-2.el8pc.src.rpm python-backoff-1.11.1-2.el8pc.src.rpm python-bindep-2.10.2-4.el8pc.src.rpm python-bleach-3.3.1-2.el8pc.src.rpm python-bleach-allowlist-1.0.3-3.el8pc.src.rpm python-bracex-2.2.1-2.el8pc.src.rpm python-brotli-1.0.9-2.el8pc.src.rpm python-cchardet-2.1.7-4.el8pc.src.rpm python-certifi-2020.6.20-3.el8pc.src.rpm python-cffi-1.15.0-2.el8pc.src.rpm python-chardet-4.0.0-2.el8pc.src.rpm python-charset-normalizer-2.0.11-4.el8pc.src.rpm python-click-8.0.3-2.el8pc.src.rpm python-click-shell-2.1-3.el8pc.src.rpm python-colorama-0.4.4-3.el8pc.src.rpm python-commonmark-0.9.1-5.el8pc.src.rpm python-contextlib2-21.6.0-3.el8pc.src.rpm python-cryptography-3.4.8-1.el8pc.src.rpm python-daemon-2.1.2-9.el8ar.src.rpm python-dataclasses-0.8-3.el8pc.src.rpm python-dateutil-2.8.2-2.el8pc.src.rpm python-debian-0.1.43-2.el8pc.src.rpm python-defusedxml-0.7.1-3.el8pc.src.rpm python-diff-match-patch-20200713-3.el8pc.src.rpm python-distro-1.6.0-3.el8pc.src.rpm python-django-3.2.14-2.el8pc.src.rpm python-django-currentuser-0.5.3-5.el8pc.src.rpm python-django-filter-21.1-3.el8pc.src.rpm python-django-guardian-2.4.0-5.el8pc.src.rpm python-django-guid-3.2.2-1.el8pc.src.rpm python-django-import-export-2.7.1-6.el8pc.src.rpm python-django-lifecycle-0.9.6-3.el8pc.src.rpm python-django-prometheus-2.1.0-3.el8pc.src.rpm python-django-readonly-field-1.1.1-3.el8pc.src.rpm python-djangorestframework-3.13.1-2.el8pc.src.rpm python-djangorestframework-queryfields-1.0.0-5.el8pc.src.rpm python-drf-access-policy-1.1.0-3.el8pc.src.rpm python-drf-nested-routers-0.93.4-3.el8pc.src.rpm python-drf-spectacular-0.21.2-2.el8pc.src.rpm python-dynaconf-3.1.7-4.el8pc.src.rpm python-ecdsa-0.14.1-2.el8pc.src.rpm python-enrich-1.2.6-5.el8pc.src.rpm python-et-xmlfile-1.1.0-2.el8pc.src.rpm python-flake8-3.9.2-5.el8pc.src.rpm python-frozenlist-1.3.0-2.el8pc.src.rpm python-future-0.18.2-5.el8pc.src.rpm python-galaxy-importer-0.4.5-1.el8pc.src.rpm python-gitdb-4.0.9-2.el8pc.src.rpm python-gitpython-3.1.26-3.el8pc.src.rpm python-gnupg-0.4.8-2.el8pc.src.rpm python-gunicorn-20.1.0-5.el8pc.src.rpm python-idna-3.3-2.el8pc.src.rpm python-idna-ssl-1.1.0-5.el8pc.src.rpm python-importlib-metadata-4.10.1-2.el8pc.src.rpm python-importlib-resources-5.4.0-4.el8pc.src.rpm python-inflection-0.5.1-3.el8pc.src.rpm python-iniparse-0.4-35.el8pc.src.rpm python-jinja2-3.0.3-2.el8pc.src.rpm python-jsonschema-4.6.0-4.el8pc.src.rpm python-lockfile-0.11.0-8.el8ar.src.rpm python-lxml-4.7.1-2.el8pc.src.rpm python-markdown-3.3.6-3.el8pc.src.rpm python-markuppy-1.14-3.el8pc.src.rpm python-markupsafe-2.0.1-3.el8pc.src.rpm python-mccabe-0.6.1-3.el8pc.src.rpm python-multidict-6.0.2-2.el8pc.src.rpm python-naya-1.1.1-3.el8pc.src.rpm python-odfpy-1.4.1-6.el8pc.src.rpm python-openpyxl-3.0.9-2.el8pc.src.rpm python-packaging-21.3-1.el8pc.src.rpm python-parsley-1.3-2.el8pc.src.rpm python-pbr-5.8.0-4.el8pc.src.rpm python-pexpect-4.6-2.el8ar.src.rpm python-productmd-1.33-3.el8pc.src.rpm python-prometheus-client-0.8.0-3.el8pc.src.rpm python-psutil-5.7.2-2.el8sat.src.rpm python-psycopg2-2.9.3-2.el8pc.src.rpm python-pulp-ansible-0.13.2-2.el8pc.src.rpm python-pulp-certguard-1.5.2-3.el8pc.src.rpm python-pulp-cli-0.14.0-4.el8pc.src.rpm python-pulp-container-2.10.9-1.el8pc.src.rpm python-pulp-deb-2.18.0-3.el8pc.src.rpm python-pulp-file-1.10.2-2.el8pc.src.rpm python-pulp-rpm-3.18.7-1.el8pc.src.rpm python-pulpcore-3.18.10-1.el8pc.src.rpm python-pyOpenSSL-19.1.0-3.el8pc.src.rpm python-pycairo-1.20.1-3.el8pc.src.rpm python-pycares-4.1.2-2.el8pc.src.rpm python-pycodestyle-2.7.0-5.el8pc.src.rpm python-pycparser-2.21-2.el8pc.src.rpm python-pycryptodomex-3.14.1-2.el8pc.src.rpm python-pyflakes-2.3.1-5.el8pc.src.rpm python-pygments-2.11.2-2.el8pc.src.rpm python-pygobject-3.40.1-3.el8pc.src.rpm python-pygtrie-2.4.2-3.el8pc.src.rpm python-pyjwkest-1.4.2-6.el8pc.src.rpm python-pyjwt-1.7.1-8.el8pc.src.rpm python-pyparsing-2.4.7-3.el8pc.src.rpm python-pyrsistent-0.18.1-2.el8pc.src.rpm python-pytz-2021.3-2.el8pc.src.rpm python-pyyaml-5.4.1-4.el8pc.src.rpm python-qpid-1.37.0-1.el8.src.rpm python-redis-3.5.3-3.el8pc.src.rpm python-requests-2.27.1-2.el8pc.src.rpm python-requirements-parser-0.2.0-3.el8pc.src.rpm python-rhsm-1.19.2-3.el8pc.src.rpm python-rich-10.12.0-3.el8pc.src.rpm python-ruamel-yaml-0.17.20-2.el8pc.src.rpm python-ruamel-yaml-clib-0.2.6-2.el8pc.src.rpm python-schema-0.7.5-2.el8pc.src.rpm python-semantic-version-2.10.0-1.el8pc.src.rpm python-six-1.16.0-2.el8pc.src.rpm python-smmap-5.0.0-2.el8pc.src.rpm python-sqlparse-0.4.2-3.el8pc.src.rpm python-tablib-3.2.0-3.el8pc.src.rpm python-tenacity-7.0.0-3.el8pc.src.rpm python-toml-0.10.2-3.el8pc.src.rpm python-typing-extensions-3.10.0.2-2.el8pc.src.rpm python-uritemplate-4.1.1-2.el8pc.src.rpm python-url-normalize-1.4.3-4.el8pc.src.rpm python-urllib3-1.26.8-2.el8pc.src.rpm python-urlman-1.4.0-3.el8pc.src.rpm python-wcmatch-8.3-2.el8pc.src.rpm python-webencodings-0.5.1-3.el8pc.src.rpm python-whitenoise-6.0.0-1.el8pc.src.rpm python-xlrd-2.0.1-5.el8pc.src.rpm python-xlwt-1.3.0-3.el8pc.src.rpm python-yarl-1.7.2-2.el8pc.src.rpm python-zipp-3.4.0-4.el8pc.src.rpm qpid-cpp-1.39.0-7.el8amq.src.rpm qpid-dispatch-1.14.0-6.el8.src.rpm qpid-proton-0.33.0-4.el8.src.rpm redhat-access-insights-puppet-1.0.1-1.el8sat.src.rpm rubygem-algebrick-0.7.3-8.el8sat.src.rpm rubygem-ansi-1.5.0-3.el8sat.src.rpm rubygem-apipie-params-0.0.5-5.1.el8sat.src.rpm rubygem-bundler_ext-0.4.1-6.el8sat.src.rpm rubygem-clamp-1.1.2-7.el8sat.src.rpm rubygem-concurrent-ruby-1.1.6-3.el8sat.src.rpm rubygem-concurrent-ruby-edge-0.6.0-3.el8sat.src.rpm rubygem-domain_name-0.5.20160310-5.el8sat.src.rpm rubygem-dynflow-1.6.4-1.el8sat.src.rpm rubygem-excon-0.76.0-2.el8sat.src.rpm rubygem-faraday-0.17.3-2.el8sat.src.rpm rubygem-faraday_middleware-0.13.1-3.el8sat.src.rpm rubygem-fast_gettext-1.4.1-5.el8sat.src.rpm rubygem-ffi-1.12.2-2.1.el8sat.src.rpm rubygem-foreman_maintain-1.1.8-1.el8sat.src.rpm rubygem-gssapi-1.2.0-8.el8sat.src.rpm rubygem-hashie-3.6.0-3.el8sat.src.rpm rubygem-highline-2.0.3-2.el8sat.src.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm rubygem-infoblox-3.0.0-4.el8sat.src.rpm rubygem-journald-logger-2.0.4-3.el8sat.src.rpm rubygem-journald-native-1.0.11-4.1.el8sat.src.rpm rubygem-jwt-2.2.2-2.el8sat.src.rpm rubygem-kafo-6.4.0-1.el8sat.src.rpm rubygem-kafo_parsers-1.2.1-1.el8sat.src.rpm rubygem-kafo_wizards-0.0.2-2.el8sat.src.rpm rubygem-little-plugger-1.1.4-3.el8sat.src.rpm rubygem-logging-2.3.0-2.el8sat.src.rpm rubygem-logging-journald-2.0.0-3.el8sat.src.rpm rubygem-mime-types-3.3.1-2.el8sat.src.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm rubygem-mqtt-0.5.0-1.el8sat.src.rpm rubygem-msgpack-1.3.3-2.1.el8sat.src.rpm rubygem-multi_json-1.14.1-3.el8sat.src.rpm rubygem-multipart-post-2.0.0-3.el8sat.src.rpm rubygem-mustermann-1.1.1-1.el8sat.src.rpm rubygem-net-ssh-4.2.0-3.el8sat.src.rpm rubygem-net-ssh-krb-0.4.0-4.el8sat.src.rpm rubygem-netrc-0.11.0-6.el8sat.src.rpm rubygem-newt-0.9.7-3.1.el8sat.src.rpm rubygem-nokogiri-1.13.8-1.el8sat.src.rpm rubygem-oauth-0.5.4-5.el8sat.src.rpm rubygem-openscap-0.4.9-7.el8sat.src.rpm rubygem-openscap_parser-1.0.2-2.el8sat.src.rpm rubygem-powerbar-2.0.1-3.el8sat.src.rpm rubygem-rack-2.2.4-1.el8sat.src.rpm rubygem-rack-protection-2.2.0-1.el8sat.src.rpm rubygem-rb-inotify-0.9.7-6.el8sat.src.rpm rubygem-rbnacl-4.0.2-2.el8sat.src.rpm rubygem-redfish_client-0.5.2-2.el8sat.src.rpm rubygem-rest-client-2.0.2-4.el8sat.src.rpm rubygem-rkerberos-0.1.5-20.1.el8sat.src.rpm rubygem-rsec-0.4.3-5.el8sat.src.rpm rubygem-ruby-libvirt-0.7.1-2.1.el8sat.src.rpm rubygem-ruby2_keywords-0.0.4-1.el8sat.src.rpm rubygem-rubyipmi-0.11.0-1.el8sat.src.rpm rubygem-sd_notify-0.1.0-2.el8sat.src.rpm rubygem-sequel-5.53.0-1.el8sat.src.rpm rubygem-server_sent_events-0.1.2-2.el8sat.src.rpm rubygem-sinatra-2.2.0-1.el8sat.src.rpm rubygem-smart_proxy_ansible-3.4.1-2.el8sat.src.rpm rubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.src.rpm rubygem-smart_proxy_dhcp_infoblox-0.0.16-7.el8sat.src.rpm rubygem-smart_proxy_dhcp_remote_isc-0.0.5-6.el8sat.src.rpm rubygem-smart_proxy_discovery-1.0.5-9.el8sat.src.rpm rubygem-smart_proxy_discovery_image-1.6.0-2.el8sat.src.rpm rubygem-smart_proxy_dns_infoblox-1.1.0-7.el8sat.src.rpm rubygem-smart_proxy_dynflow-0.8.2-1.el8sat.src.rpm rubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.src.rpm rubygem-smart_proxy_openscap-0.9.2-1.el8sat.src.rpm rubygem-smart_proxy_pulp-3.2.0-3.el8sat.src.rpm rubygem-smart_proxy_remote_execution_ssh-0.7.3-1.el8sat.src.rpm rubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.src.rpm rubygem-sqlite3-1.4.2-1.el8sat.src.rpm rubygem-statsd-instrument-2.1.4-4.el8sat.src.rpm rubygem-tilt-2.0.8-5.el8sat.src.rpm rubygem-unf-0.1.3-9.el8sat.src.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm saslwrapper-0.22-6.el8sat.src.rpm satellite-6.12.0-4.el8sat.src.rpm satellite-installer-6.12.0.5-1.el8sat.src.rpm satellite-maintain-0.0.1-1.el8sat.src.rpm
noarch: ansible-collection-redhat-satellite-3.7.0-2.el8sat.noarch.rpm ansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.noarch.rpm ansible-lint-5.0.8-4.el8pc.noarch.rpm ansible-runner-1.4.7-1.el8ar.noarch.rpm ansiblerole-foreman_scap_client-0.2.0-2.el8sat.noarch.rpm ansiblerole-insights-client-1.7.1-2.el8sat.noarch.rpm foreman-bootloaders-redhat-202102220000-1.el8sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202102220000-1.el8sat.noarch.rpm foreman-debug-3.3.0.17-1.el8sat.noarch.rpm foreman-discovery-image-3.8.2-1.el8sat.noarch.rpm foreman-installer-3.3.0.8-1.el8sat.noarch.rpm foreman-installer-katello-3.3.0.8-1.el8sat.noarch.rpm foreman-proxy-3.3.0-1.el8sat.noarch.rpm foreman-proxy-content-4.5.0-1.el8sat.noarch.rpm foreman-proxy-journald-3.3.0-1.el8sat.noarch.rpm katello-certs-tools-2.9.0-1.el8sat.noarch.rpm katello-client-bootstrap-1.7.9-1.el8sat.noarch.rpm katello-common-4.5.0-1.el8sat.noarch.rpm katello-debug-4.5.0-1.el8sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el8sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el8sat.noarch.rpm puppetlabs-stdlib-5.2.0-1.el8sat.noarch.rpm puppetserver-7.4.2-1.el8sat.noarch.rpm python2-qpid-1.37.0-1.el8.noarch.rpm python3-ansible-runner-1.4.7-1.el8ar.noarch.rpm python3-daemon-2.1.2-9.el8ar.noarch.rpm python3-lockfile-0.11.0-8.el8ar.noarch.rpm python3-pexpect-4.6-2.el8ar.noarch.rpm python39-aiodns-3.0.0-3.el8pc.noarch.rpm python39-aiofiles-0.8.0-2.el8pc.noarch.rpm python39-aiohttp-xmlrpc-1.5.0-2.el8pc.noarch.rpm python39-aioredis-2.0.1-2.el8pc.noarch.rpm python39-aiosignal-1.2.0-2.el8pc.noarch.rpm python39-ansible-builder-1.0.1-4.el8pc.noarch.rpm python39-asgiref-3.5.0-2.el8pc.noarch.rpm python39-async-lru-1.0.2-3.el8pc.noarch.rpm python39-async-timeout-4.0.2-2.el8pc.noarch.rpm python39-asyncio-throttle-1.0.2-3.el8pc.noarch.rpm python39-attrs-21.4.0-2.el8pc.noarch.rpm python39-backoff-1.11.1-2.el8pc.noarch.rpm python39-bindep-2.10.2-4.el8pc.noarch.rpm python39-bleach-3.3.1-2.el8pc.noarch.rpm python39-bleach-allowlist-1.0.3-3.el8pc.noarch.rpm python39-bracex-2.2.1-2.el8pc.noarch.rpm python39-certifi-2020.6.20-3.el8pc.noarch.rpm python39-chardet-4.0.0-2.el8pc.noarch.rpm python39-charset-normalizer-2.0.11-4.el8pc.noarch.rpm python39-click-8.0.3-2.el8pc.noarch.rpm python39-click-shell-2.1-3.el8pc.noarch.rpm python39-colorama-0.4.4-3.el8pc.noarch.rpm python39-commonmark-0.9.1-5.el8pc.noarch.rpm python39-contextlib2-21.6.0-3.el8pc.noarch.rpm python39-dataclasses-0.8-3.el8pc.noarch.rpm python39-dateutil-2.8.2-2.el8pc.noarch.rpm python39-debian-0.1.43-2.el8pc.noarch.rpm python39-defusedxml-0.7.1-3.el8pc.noarch.rpm python39-diff-match-patch-20200713-3.el8pc.noarch.rpm python39-distro-1.6.0-3.el8pc.noarch.rpm python39-django-3.2.14-2.el8pc.noarch.rpm python39-django-currentuser-0.5.3-5.el8pc.noarch.rpm python39-django-filter-21.1-3.el8pc.noarch.rpm python39-django-guardian-2.4.0-5.el8pc.noarch.rpm python39-django-guid-3.2.2-1.el8pc.noarch.rpm python39-django-import-export-2.7.1-6.el8pc.noarch.rpm python39-django-lifecycle-0.9.6-3.el8pc.noarch.rpm python39-django-prometheus-2.1.0-3.el8pc.noarch.rpm python39-django-readonly-field-1.1.1-3.el8pc.noarch.rpm python39-djangorestframework-3.13.1-2.el8pc.noarch.rpm python39-djangorestframework-queryfields-1.0.0-5.el8pc.noarch.rpm python39-drf-access-policy-1.1.0-3.el8pc.noarch.rpm python39-drf-nested-routers-0.93.4-3.el8pc.noarch.rpm python39-drf-spectacular-0.21.2-2.el8pc.noarch.rpm python39-dynaconf-3.1.7-4.el8pc.noarch.rpm python39-ecdsa-0.14.1-2.el8pc.noarch.rpm python39-enrich-1.2.6-5.el8pc.noarch.rpm python39-et-xmlfile-1.1.0-2.el8pc.noarch.rpm python39-flake8-3.9.2-5.el8pc.noarch.rpm python39-future-0.18.2-5.el8pc.noarch.rpm python39-galaxy-importer-0.4.5-1.el8pc.noarch.rpm python39-gitdb-4.0.9-2.el8pc.noarch.rpm python39-gitpython-3.1.26-3.el8pc.noarch.rpm python39-gnupg-0.4.8-2.el8pc.noarch.rpm python39-gunicorn-20.1.0-5.el8pc.noarch.rpm python39-idna-3.3-2.el8pc.noarch.rpm python39-idna-ssl-1.1.0-5.el8pc.noarch.rpm python39-importlib-metadata-4.10.1-2.el8pc.noarch.rpm python39-importlib-resources-5.4.0-4.el8pc.noarch.rpm python39-inflection-0.5.1-3.el8pc.noarch.rpm python39-iniparse-0.4-35.el8pc.noarch.rpm python39-jinja2-3.0.3-2.el8pc.noarch.rpm python39-jsonschema-4.6.0-4.el8pc.noarch.rpm python39-markdown-3.3.6-3.el8pc.noarch.rpm python39-markuppy-1.14-3.el8pc.noarch.rpm python39-mccabe-0.6.1-3.el8pc.noarch.rpm python39-naya-1.1.1-3.el8pc.noarch.rpm python39-odfpy-1.4.1-6.el8pc.noarch.rpm python39-openpyxl-3.0.9-2.el8pc.noarch.rpm python39-packaging-21.3-1.el8pc.noarch.rpm python39-parsley-1.3-2.el8pc.noarch.rpm python39-pbr-5.8.0-4.el8pc.noarch.rpm python39-productmd-1.33-3.el8pc.noarch.rpm python39-prometheus-client-0.8.0-3.el8pc.noarch.rpm python39-pulp-ansible-0.13.2-2.el8pc.noarch.rpm python39-pulp-certguard-1.5.2-3.el8pc.noarch.rpm python39-pulp-cli-0.14.0-4.el8pc.noarch.rpm python39-pulp-container-2.10.9-1.el8pc.noarch.rpm python39-pulp-deb-2.18.0-3.el8pc.noarch.rpm python39-pulp-file-1.10.2-2.el8pc.noarch.rpm python39-pulp-rpm-3.18.7-1.el8pc.noarch.rpm python39-pulpcore-3.18.10-1.el8pc.noarch.rpm python39-pyOpenSSL-19.1.0-3.el8pc.noarch.rpm python39-pycodestyle-2.7.0-5.el8pc.noarch.rpm python39-pycparser-2.21-2.el8pc.noarch.rpm python39-pyflakes-2.3.1-5.el8pc.noarch.rpm python39-pygments-2.11.2-2.el8pc.noarch.rpm python39-pygtrie-2.4.2-3.el8pc.noarch.rpm python39-pyjwkest-1.4.2-6.el8pc.noarch.rpm python39-pyjwt-1.7.1-8.el8pc.noarch.rpm python39-pyparsing-2.4.7-3.el8pc.noarch.rpm python39-pytz-2021.3-2.el8pc.noarch.rpm python39-redis-3.5.3-3.el8pc.noarch.rpm python39-requests-2.27.1-2.el8pc.noarch.rpm python39-requirements-parser-0.2.0-3.el8pc.noarch.rpm python39-rich-10.12.0-3.el8pc.noarch.rpm python39-ruamel-yaml-0.17.20-2.el8pc.noarch.rpm python39-schema-0.7.5-2.el8pc.noarch.rpm python39-semantic-version-2.10.0-1.el8pc.noarch.rpm python39-six-1.16.0-2.el8pc.noarch.rpm python39-smmap-5.0.0-2.el8pc.noarch.rpm python39-sqlparse-0.4.2-3.el8pc.noarch.rpm python39-tablib-3.2.0-3.el8pc.noarch.rpm python39-tenacity-7.0.0-3.el8pc.noarch.rpm python39-toml-0.10.2-3.el8pc.noarch.rpm python39-typing-extensions-3.10.0.2-2.el8pc.noarch.rpm python39-uritemplate-4.1.1-2.el8pc.noarch.rpm python39-url-normalize-1.4.3-4.el8pc.noarch.rpm python39-urllib3-1.26.8-2.el8pc.noarch.rpm python39-urlman-1.4.0-3.el8pc.noarch.rpm python39-wcmatch-8.3-2.el8pc.noarch.rpm python39-webencodings-0.5.1-3.el8pc.noarch.rpm python39-whitenoise-6.0.0-1.el8pc.noarch.rpm python39-xlrd-2.0.1-5.el8pc.noarch.rpm python39-xlwt-1.3.0-3.el8pc.noarch.rpm python39-zipp-3.4.0-4.el8pc.noarch.rpm qpid-tools-1.39.0-7.el8amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el8sat.noarch.rpm rubygem-algebrick-0.7.3-8.el8sat.noarch.rpm rubygem-ansi-1.5.0-3.el8sat.noarch.rpm rubygem-apipie-params-0.0.5-5.1.el8sat.noarch.rpm rubygem-bundler_ext-0.4.1-6.el8sat.noarch.rpm rubygem-clamp-1.1.2-7.el8sat.noarch.rpm rubygem-concurrent-ruby-1.1.6-3.el8sat.noarch.rpm rubygem-concurrent-ruby-edge-0.6.0-3.el8sat.noarch.rpm rubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm rubygem-dynflow-1.6.4-1.el8sat.noarch.rpm rubygem-excon-0.76.0-2.el8sat.noarch.rpm rubygem-faraday-0.17.3-2.el8sat.noarch.rpm rubygem-faraday_middleware-0.13.1-3.el8sat.noarch.rpm rubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm rubygem-foreman_maintain-1.1.8-1.el8sat.noarch.rpm rubygem-gssapi-1.2.0-8.el8sat.noarch.rpm rubygem-hashie-3.6.0-3.el8sat.noarch.rpm rubygem-highline-2.0.3-2.el8sat.noarch.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm rubygem-infoblox-3.0.0-4.el8sat.noarch.rpm rubygem-journald-logger-2.0.4-3.el8sat.noarch.rpm rubygem-jwt-2.2.2-2.el8sat.noarch.rpm rubygem-kafo-6.4.0-1.el8sat.noarch.rpm rubygem-kafo_parsers-1.2.1-1.el8sat.noarch.rpm rubygem-kafo_wizards-0.0.2-2.el8sat.noarch.rpm rubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm rubygem-logging-2.3.0-2.el8sat.noarch.rpm rubygem-logging-journald-2.0.0-3.el8sat.noarch.rpm rubygem-mime-types-3.3.1-2.el8sat.noarch.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm rubygem-mqtt-0.5.0-1.el8sat.noarch.rpm rubygem-multi_json-1.14.1-3.el8sat.noarch.rpm rubygem-multipart-post-2.0.0-3.el8sat.noarch.rpm rubygem-mustermann-1.1.1-1.el8sat.noarch.rpm rubygem-net-ssh-4.2.0-3.el8sat.noarch.rpm rubygem-net-ssh-krb-0.4.0-4.el8sat.noarch.rpm rubygem-netrc-0.11.0-6.el8sat.noarch.rpm rubygem-oauth-0.5.4-5.el8sat.noarch.rpm rubygem-openscap-0.4.9-7.el8sat.noarch.rpm rubygem-openscap_parser-1.0.2-2.el8sat.noarch.rpm rubygem-powerbar-2.0.1-3.el8sat.noarch.rpm rubygem-rack-2.2.4-1.el8sat.noarch.rpm rubygem-rack-protection-2.2.0-1.el8sat.noarch.rpm rubygem-rb-inotify-0.9.7-6.el8sat.noarch.rpm rubygem-rbnacl-4.0.2-2.el8sat.noarch.rpm rubygem-redfish_client-0.5.2-2.el8sat.noarch.rpm rubygem-rest-client-2.0.2-4.el8sat.noarch.rpm rubygem-rsec-0.4.3-5.el8sat.noarch.rpm rubygem-ruby2_keywords-0.0.4-1.el8sat.noarch.rpm rubygem-rubyipmi-0.11.0-1.el8sat.noarch.rpm rubygem-sd_notify-0.1.0-2.el8sat.noarch.rpm rubygem-sequel-5.53.0-1.el8sat.noarch.rpm rubygem-server_sent_events-0.1.2-2.el8sat.noarch.rpm rubygem-sinatra-2.2.0-1.el8sat.noarch.rpm rubygem-smart_proxy_ansible-3.4.1-2.el8sat.noarch.rpm rubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.noarch.rpm rubygem-smart_proxy_dhcp_infoblox-0.0.16-7.el8sat.noarch.rpm rubygem-smart_proxy_dhcp_remote_isc-0.0.5-6.el8sat.noarch.rpm rubygem-smart_proxy_discovery-1.0.5-9.el8sat.noarch.rpm rubygem-smart_proxy_discovery_image-1.6.0-2.el8sat.noarch.rpm rubygem-smart_proxy_dns_infoblox-1.1.0-7.el8sat.noarch.rpm rubygem-smart_proxy_dynflow-0.8.2-1.el8sat.noarch.rpm rubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.noarch.rpm rubygem-smart_proxy_openscap-0.9.2-1.el8sat.noarch.rpm rubygem-smart_proxy_pulp-3.2.0-3.el8sat.noarch.rpm rubygem-smart_proxy_remote_execution_ssh-0.7.3-1.el8sat.noarch.rpm rubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.noarch.rpm rubygem-statsd-instrument-2.1.4-4.el8sat.noarch.rpm rubygem-tilt-2.0.8-5.el8sat.noarch.rpm rubygem-unf-0.1.3-9.el8sat.noarch.rpm satellite-capsule-6.12.0-4.el8sat.noarch.rpm satellite-common-6.12.0-4.el8sat.noarch.rpm satellite-installer-6.12.0.5-1.el8sat.noarch.rpm satellite-maintain-0.0.1-1.el8sat.noarch.rpm
x86_64: cjson-1.7.14-5.el8sat.x86_64.rpm cjson-debuginfo-1.7.14-5.el8sat.x86_64.rpm cjson-debugsource-1.7.14-5.el8sat.x86_64.rpm createrepo_c-0.20.1-1.el8pc.x86_64.rpm createrepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm createrepo_c-debugsource-0.20.1-1.el8pc.x86_64.rpm createrepo_c-libs-0.20.1-1.el8pc.x86_64.rpm createrepo_c-libs-debuginfo-0.20.1-1.el8pc.x86_64.rpm dynflow-utils-1.6.3-1.el8sat.x86_64.rpm foreman-discovery-image-service-1.0.0-4.1.el8sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-4.1.el8sat.x86_64.rpm libcomps-0.1.18-4.el8pc.x86_64.rpm libcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm libcomps-debugsource-0.1.18-4.el8pc.x86_64.rpm libdb-cxx-5.3.28-42.el8_4.x86_64.rpm libdb-cxx-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-debugsource-5.3.28-42.el8_4.x86_64.rpm libdb-java-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-sql-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-sql-devel-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-tcl-debuginfo-5.3.28-42.el8_4.x86_64.rpm libdb-utils-debuginfo-5.3.28-42.el8_4.x86_64.rpm libsodium-1.0.17-3.el8sat.x86_64.rpm libsodium-debuginfo-1.0.17-3.el8sat.x86_64.rpm libsodium-debugsource-1.0.17-3.el8sat.x86_64.rpm libsolv-0.7.22-4.el8pc.x86_64.rpm libsolv-debuginfo-0.7.22-4.el8pc.x86_64.rpm libsolv-debugsource-0.7.22-4.el8pc.x86_64.rpm libsolv-demo-debuginfo-0.7.22-4.el8pc.x86_64.rpm libsolv-tools-debuginfo-0.7.22-4.el8pc.x86_64.rpm libwebsockets-2.4.2-2.el8.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el8.x86_64.rpm libwebsockets-debugsource-2.4.2-2.el8.x86_64.rpm libwebsockets-tests-debuginfo-2.4.2-2.el8.x86_64.rpm mosquitto-2.0.14-1.el8sat.x86_64.rpm mosquitto-debuginfo-2.0.14-1.el8sat.x86_64.rpm mosquitto-debugsource-2.0.14-1.el8sat.x86_64.rpm pulpcore-selinux-1.3.2-1.el8pc.x86_64.rpm puppet-agent-7.12.1-1.el8sat.x86_64.rpm python-aiohttp-debugsource-3.8.1-3.el8pc.x86_64.rpm python-brotli-debugsource-1.0.9-2.el8pc.x86_64.rpm python-cchardet-debugsource-2.1.7-4.el8pc.x86_64.rpm python-cffi-debugsource-1.15.0-2.el8pc.x86_64.rpm python-cryptography-debugsource-3.4.8-1.el8pc.x86_64.rpm python-frozenlist-debugsource-1.3.0-2.el8pc.x86_64.rpm python-lxml-debugsource-4.7.1-2.el8pc.x86_64.rpm python-markupsafe-debugsource-2.0.1-3.el8pc.x86_64.rpm python-multidict-debugsource-6.0.2-2.el8pc.x86_64.rpm python-psutil-debugsource-5.7.2-2.el8sat.x86_64.rpm python-psycopg2-debugsource-2.9.3-2.el8pc.x86_64.rpm python-pycairo-debugsource-1.20.1-3.el8pc.x86_64.rpm python-pycares-debugsource-4.1.2-2.el8pc.x86_64.rpm python-pycryptodomex-debugsource-3.14.1-2.el8pc.x86_64.rpm python-pygobject-debugsource-3.40.1-3.el8pc.x86_64.rpm python-pyrsistent-debugsource-0.18.1-2.el8pc.x86_64.rpm python-rhsm-debugsource-1.19.2-3.el8pc.x86_64.rpm python-ruamel-yaml-clib-debugsource-0.2.6-2.el8pc.x86_64.rpm python-yarl-debugsource-1.7.2-2.el8pc.x86_64.rpm python2-qpid-qmf-1.39.0-7.el8amq.x86_64.rpm python2-saslwrapper-0.22-6.el8sat.x86_64.rpm python2-saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm python3-createrepo_c-0.20.1-1.el8pc.x86_64.rpm python3-createrepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm python3-libcomps-0.1.18-4.el8pc.x86_64.rpm python3-libcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm python3-psutil-5.7.2-2.el8sat.x86_64.rpm python3-psutil-debuginfo-5.7.2-2.el8sat.x86_64.rpm python3-qpid-proton-0.33.0-4.el8.x86_64.rpm python3-qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm python3-solv-0.7.22-4.el8pc.x86_64.rpm python3-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm python39-aiohttp-3.8.1-3.el8pc.x86_64.rpm python39-aiohttp-debuginfo-3.8.1-3.el8pc.x86_64.rpm python39-brotli-1.0.9-2.el8pc.x86_64.rpm python39-brotli-debuginfo-1.0.9-2.el8pc.x86_64.rpm python39-cchardet-2.1.7-4.el8pc.x86_64.rpm python39-cchardet-debuginfo-2.1.7-4.el8pc.x86_64.rpm python39-cffi-1.15.0-2.el8pc.x86_64.rpm python39-cffi-debuginfo-1.15.0-2.el8pc.x86_64.rpm python39-createrepo_c-0.20.1-1.el8pc.x86_64.rpm python39-createrepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm python39-cryptography-3.4.8-1.el8pc.x86_64.rpm python39-cryptography-debuginfo-3.4.8-1.el8pc.x86_64.rpm python39-frozenlist-1.3.0-2.el8pc.x86_64.rpm python39-frozenlist-debuginfo-1.3.0-2.el8pc.x86_64.rpm python39-libcomps-0.1.18-4.el8pc.x86_64.rpm python39-libcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm python39-lxml-4.7.1-2.el8pc.x86_64.rpm python39-lxml-debuginfo-4.7.1-2.el8pc.x86_64.rpm python39-markupsafe-2.0.1-3.el8pc.x86_64.rpm python39-markupsafe-debuginfo-2.0.1-3.el8pc.x86_64.rpm python39-multidict-6.0.2-2.el8pc.x86_64.rpm python39-multidict-debuginfo-6.0.2-2.el8pc.x86_64.rpm python39-psycopg2-2.9.3-2.el8pc.x86_64.rpm python39-psycopg2-debuginfo-2.9.3-2.el8pc.x86_64.rpm python39-pycairo-1.20.1-3.el8pc.x86_64.rpm python39-pycairo-debuginfo-1.20.1-3.el8pc.x86_64.rpm python39-pycares-4.1.2-2.el8pc.x86_64.rpm python39-pycares-debuginfo-4.1.2-2.el8pc.x86_64.rpm python39-pycryptodomex-3.14.1-2.el8pc.x86_64.rpm python39-pycryptodomex-debuginfo-3.14.1-2.el8pc.x86_64.rpm python39-pygobject-3.40.1-3.el8pc.x86_64.rpm python39-pygobject-debuginfo-3.40.1-3.el8pc.x86_64.rpm python39-pyrsistent-0.18.1-2.el8pc.x86_64.rpm python39-pyrsistent-debuginfo-0.18.1-2.el8pc.x86_64.rpm python39-pyyaml-5.4.1-4.el8pc.x86_64.rpm python39-rhsm-1.19.2-3.el8pc.x86_64.rpm python39-rhsm-debuginfo-1.19.2-3.el8pc.x86_64.rpm python39-ruamel-yaml-clib-0.2.6-2.el8pc.x86_64.rpm python39-ruamel-yaml-clib-debuginfo-0.2.6-2.el8pc.x86_64.rpm python39-solv-0.7.22-4.el8pc.x86_64.rpm python39-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm python39-yarl-1.7.2-2.el8pc.x86_64.rpm python39-yarl-debuginfo-1.7.2-2.el8pc.x86_64.rpm qpid-cpp-client-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-devel-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-client-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-debugsource-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-ha-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-linearstore-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-linearstore-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-cpp-server-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm qpid-dispatch-debugsource-1.14.0-6.el8.x86_64.rpm qpid-dispatch-router-1.14.0-6.el8.x86_64.rpm qpid-dispatch-router-debuginfo-1.14.0-6.el8.x86_64.rpm qpid-proton-c-0.33.0-4.el8.x86_64.rpm qpid-proton-c-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-cpp-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm qpid-proton-debugsource-0.33.0-4.el8.x86_64.rpm qpid-qmf-1.39.0-7.el8amq.x86_64.rpm qpid-qmf-debuginfo-1.39.0-7.el8amq.x86_64.rpm ruby-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm rubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debuginfo-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm rubygem-journald-native-1.0.11-4.1.el8sat.x86_64.rpm rubygem-journald-native-debuginfo-1.0.11-4.1.el8sat.x86_64.rpm rubygem-journald-native-debugsource-1.0.11-4.1.el8sat.x86_64.rpm rubygem-msgpack-1.3.3-2.1.el8sat.x86_64.rpm rubygem-msgpack-debuginfo-1.3.3-2.1.el8sat.x86_64.rpm rubygem-msgpack-debugsource-1.3.3-2.1.el8sat.x86_64.rpm rubygem-newt-0.9.7-3.1.el8sat.x86_64.rpm rubygem-newt-debuginfo-0.9.7-3.1.el8sat.x86_64.rpm rubygem-newt-debugsource-0.9.7-3.1.el8sat.x86_64.rpm rubygem-nokogiri-1.13.8-1.el8sat.x86_64.rpm rubygem-nokogiri-debuginfo-1.13.8-1.el8sat.x86_64.rpm rubygem-nokogiri-debugsource-1.13.8-1.el8sat.x86_64.rpm rubygem-qpid_proton-debuginfo-0.33.0-4.el8.x86_64.rpm rubygem-rkerberos-0.1.5-20.1.el8sat.x86_64.rpm rubygem-rkerberos-debuginfo-0.1.5-20.1.el8sat.x86_64.rpm rubygem-rkerberos-debugsource-0.1.5-20.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-0.7.1-2.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm rubygem-ruby-libvirt-debugsource-0.7.1-2.1.el8sat.x86_64.rpm rubygem-sqlite3-1.4.2-1.el8sat.x86_64.rpm rubygem-sqlite3-debuginfo-1.4.2-1.el8sat.x86_64.rpm rubygem-sqlite3-debugsource-1.4.2-1.el8sat.x86_64.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm saslwrapper-0.22-6.el8sat.x86_64.rpm saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm saslwrapper-debugsource-0.22-6.el8sat.x86_64.rpm
Red Hat Satellite 6.12 for RHEL 8:
Source: rubygem-clamp-1.1.2-7.el8sat.src.rpm rubygem-foreman_maintain-1.1.8-1.el8sat.src.rpm rubygem-highline-2.0.3-2.el8sat.src.rpm satellite-clone-3.2.0-1.el8sat.src.rpm satellite-maintain-0.0.1-1.el8sat.src.rpm
noarch: rubygem-clamp-1.1.2-7.el8sat.noarch.rpm rubygem-foreman_maintain-1.1.8-1.el8sat.noarch.rpm rubygem-highline-2.0.3-2.el8sat.noarch.rpm satellite-clone-3.2.0-1.el8sat.noarch.rpm satellite-maintain-0.0.1-1.el8sat.noarch.rpm
Red Hat Satellite 6.12 for RHEL 8:
Source: foreman-3.3.0.17-1.el8sat.src.rpm python-pulp_manifest-3.0.0-3.el8pc.src.rpm rubygem-amazing_print-1.1.0-2.el8sat.src.rpm rubygem-apipie-bindings-0.5.0-1.el8sat.src.rpm rubygem-clamp-1.1.2-7.el8sat.src.rpm rubygem-domain_name-0.5.20160310-5.el8sat.src.rpm rubygem-fast_gettext-1.4.1-5.el8sat.src.rpm rubygem-ffi-1.12.2-2.1.el8sat.src.rpm rubygem-gssapi-1.2.0-8.el8sat.src.rpm rubygem-hammer_cli-3.3.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman-3.3.0.1-1.el8sat.src.rpm rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.src.rpm rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.src.rpm rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.src.rpm rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.src.rpm rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.src.rpm rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.src.rpm rubygem-hammer_cli_foreman_tasks-0.0.18-1.el8sat.src.rpm rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.src.rpm rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.src.rpm rubygem-hammer_cli_foreman_webhooks-0.0.3-1.el8sat.src.rpm rubygem-hammer_cli_katello-1.6.0.1-1.el8sat.src.rpm rubygem-hashie-3.6.0-3.el8sat.src.rpm rubygem-highline-2.0.3-2.el8sat.src.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm rubygem-jwt-2.2.2-2.el8sat.src.rpm rubygem-little-plugger-1.1.4-3.el8sat.src.rpm rubygem-locale-2.0.9-15.el8sat.src.rpm rubygem-logging-2.3.0-2.el8sat.src.rpm rubygem-mime-types-3.3.1-2.el8sat.src.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm rubygem-multi_json-1.14.1-3.el8sat.src.rpm rubygem-netrc-0.11.0-6.el8sat.src.rpm rubygem-oauth-0.5.4-5.el8sat.src.rpm rubygem-powerbar-2.0.1-3.el8sat.src.rpm rubygem-rest-client-2.0.2-4.el8sat.src.rpm rubygem-unf-0.1.3-9.el8sat.src.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm rubygem-unicode-0.4.4.4-4.1.el8sat.src.rpm rubygem-unicode-display_width-1.7.0-2.el8sat.src.rpm satellite-6.12.0-4.el8sat.src.rpm
noarch: foreman-cli-3.3.0.17-1.el8sat.noarch.rpm python39-pulp_manifest-3.0.0-3.el8pc.noarch.rpm rubygem-amazing_print-1.1.0-2.el8sat.noarch.rpm rubygem-apipie-bindings-0.5.0-1.el8sat.noarch.rpm rubygem-clamp-1.1.2-7.el8sat.noarch.rpm rubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm rubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm rubygem-gssapi-1.2.0-8.el8sat.noarch.rpm rubygem-hammer_cli-3.3.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman-3.3.0.1-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.noarch.rpm rubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_tasks-0.0.18-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.noarch.rpm rubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.noarch.rpm rubygem-hammer_cli_foreman_webhooks-0.0.3-1.el8sat.noarch.rpm rubygem-hammer_cli_katello-1.6.0.1-1.el8sat.noarch.rpm rubygem-hashie-3.6.0-3.el8sat.noarch.rpm rubygem-highline-2.0.3-2.el8sat.noarch.rpm rubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm rubygem-jwt-2.2.2-2.el8sat.noarch.rpm rubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm rubygem-locale-2.0.9-15.el8sat.noarch.rpm rubygem-logging-2.3.0-2.el8sat.noarch.rpm rubygem-mime-types-3.3.1-2.el8sat.noarch.rpm rubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm rubygem-multi_json-1.14.1-3.el8sat.noarch.rpm rubygem-netrc-0.11.0-6.el8sat.noarch.rpm rubygem-oauth-0.5.4-5.el8sat.noarch.rpm rubygem-powerbar-2.0.1-3.el8sat.noarch.rpm rubygem-rest-client-2.0.2-4.el8sat.noarch.rpm rubygem-unf-0.1.3-9.el8sat.noarch.rpm rubygem-unicode-display_width-1.7.0-2.el8sat.noarch.rpm satellite-cli-6.12.0-4.el8sat.noarch.rpm
x86_64: rubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debuginfo-1.12.2-2.1.el8sat.x86_64.rpm rubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm rubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm rubygem-unicode-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-unicode-debuginfo-0.4.4.4-4.1.el8sat.x86_64.rpm rubygem-unicode-debugsource-0.4.4.4-4.1.el8sat.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-37136 https://access.redhat.com/security/cve/CVE-2021-37137 https://access.redhat.com/security/cve/CVE-2022-22818 https://access.redhat.com/security/cve/CVE-2022-24836 https://access.redhat.com/security/cve/CVE-2022-25648 https://access.redhat.com/security/cve/CVE-2022-29970 https://access.redhat.com/security/cve/CVE-2022-32209 https://access.redhat.com/security/cve/CVE-2022-34265 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-12-13-4 macOS Ventura 13.1
macOS Ventura 13.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213532.
Accounts Available for: macOS Ventura Impact: A user may be able to view sensitive user information Description: This issue was addressed with improved data protection. CVE-2022-42843: Mickey Jin (@patch1t)
AMD Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-42847: ABC Research s.r.o.
AppleMobileFileIntegrity Available for: macOS Ventura Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed by enabling hardened runtime. CVE-2022-42865: Wojciech Reguła (@_r3ggi) of SecuRing
Bluetooth Available for: macOS Ventura Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-42854: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. (@starlabs_sg)
Boot Camp Available for: macOS Ventura Impact: An app may be able to modify protected parts of the file system Description: An access issue was addressed with improved access restrictions. CVE-2022-42853: Mickey Jin (@patch1t) of Trend Micro
CoreServices Available for: macOS Ventura Impact: An app may be able to bypass Privacy preferences Description: Multiple issues were addressed by removing the vulnerable code. CVE-2022-42859: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of Offensive Security
DriverKit Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32942: Linus Henze of Pinauten GmbH (pinauten.de)
ImageIO Available for: macOS Ventura Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-46693: Mickey Jin (@patch1t)
IOHIDFamily Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42864: Tommy Muir (@Muirey03)
IOMobileFrameBuffer Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-46690: John Aakerblom (@jaakerblom)
IOMobileFrameBuffer Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-46697: John Aakerblom (@jaakerblom) and Antonio Zekic (@antoniozekic)
iTunes Store Available for: macOS Ventura Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation. CVE-2022-42837: Weijia Dai (@dwj1210) of Momo Security
Kernel Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with additional validation. CVE-2022-46689: Ian Beer of Google Project Zero
Kernel Available for: macOS Ventura Impact: Connecting to a malicious NFS server may lead to arbitrary code execution with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-46701: Felix Poulin-Belanger
Kernel Available for: macOS Ventura Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-42842: pattern-f (@pattern_F_) of Ant Security Light-Year Lab
Kernel Available for: macOS Ventura Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2022-42861: pattern-f (@pattern_F_) of Ant Security Light-Year Lab
Kernel Available for: macOS Ventura Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42845: Adam Doupé of ASU SEFCOM
Photos Available for: macOS Ventura Impact: Shake-to-undo may allow a deleted photo to be re-surfaced without authentication Description: The issue was addressed with improved bounds checks. CVE-2022-32943: an anonymous researcher
ppp Available for: macOS Ventura Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42840: an anonymous researcher
Preferences Available for: macOS Ventura Impact: An app may be able to use arbitrary entitlements Description: A logic issue was addressed with improved state management. CVE-2022-42855: Ivan Fratric of Google Project Zero
Printing Available for: macOS Ventura Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-42862: Mickey Jin (@patch1t)
Ruby Available for: macOS Ventura Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-24836 CVE-2022-29181
Safari Available for: macOS Ventura Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2022-46695: KirtiKumar Anandrao Ramchandani
Weather Available for: macOS Ventura Impact: An app may be able to read sensitive location information Description: The issue was addressed with improved handling of caches. CVE-2022-42866: an anonymous researcher
WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 245521 CVE-2022-42867: Maddie Stone of Google Project Zero
WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. WebKit Bugzilla: 245466 CVE-2022-46691: an anonymous researcher
WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may bypass Same Origin Policy Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 246783 CVE-2022-46692: KirtiKumar Anandrao Ramchandani
WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-42852: hazbinhotel working with Trend Micro Zero Day Initiative
WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. WebKit Bugzilla: 246942 CVE-2022-46696: Samuel Groß of Google V8 Security WebKit Bugzilla: 247562 CVE-2022-46700: Samuel Groß of Google V8 Security
WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved checks. CVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 247420 CVE-2022-46699: Samuel Groß of Google V8 Security WebKit Bugzilla: 244622 CVE-2022-42863: an anonymous researcher
WebKit Available for: macOS Ventura Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1. Description: A type confusion issue was addressed with improved state handling. WebKit Bugzilla: 248266 CVE-2022-42856: Clément Lecigne of Google's Threat Analysis Group
xar Available for: macOS Ventura Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: A type confusion issue was addressed with improved checks. CVE-2022-42841: Thijs Alkemade (@xnyhps) of Computest Sector 7
Additional recognition
Kernel We would like to acknowledge Zweig of Kunlun Lab for their assistance.
Lock Screen We would like to acknowledge Kevin Mann for their assistance.
Safari Extensions We would like to acknowledge Oliver Dunk and Christian R. of 1Password for their assistance.
WebKit We would like to acknowledge an anonymous researcher and scarlet for their assistance.
macOS Ventura 13.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFYAACgkQ4RjMIDke Nxk1zRAAuqDsK19ODzl+oIO6xYMDcbiQV/ibvU9uwLtwTR8Y2wLga9V/vaaPTS6z qRkTivKEfdLMVW8Xlzl1jb+BMS0+dIjYrPAFatU8A5H2A3MLY5Trl9tTs+D8BgQJ reLRAyR6qJVwu+VMMjgrUxkQliPNYeumrmLwmKJdByYPzv4GLY5bOIf6siUAIJdB vs2zzcq6+BnoJkS1iYa+Ub5S3bSryR2i8vrSit6PcYBtLKHxUJaK2YBdA8LoqB4J wenkEaEhyilm0bpyyF0VxDuvOcotqrGa2ikScrik/N/NueMqDi9duo9kKKVia0xa Gx2cYLNDG10KBmz9w9B8YC6lNa6t7M5zmCYn8TmXTfndd7fCYbYajZNT0WxIYteK sXYPkVpqEd4KVZxtQ3MfHlx5y4FwnqBkLACnfsNCs4KatbJPEg9Qy9Mn2ymi/9He UoVt3XnQVhAgGIRV2qezjV9r0rtgnWpSKvFd9LSDcB9F6b/bzRipbxVnqdWCL1If ymeeEY8BJ7WJnFqgXzRo42+4bp4R67iNH+Z/JjUy/Z7C3f2O66fFZu2pNL1vLILA Wi/dprF13SjqCIavwWPbVL8UvfaAwBz53y38gwei6eSdsEO383r0XIIKjErGbWm6 hqHq/QKTWHQZqUFj4kUb4Ajw8Qe0j0qSrCLt4Wl11u/0r5hTRyI= =C5EK -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0693",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nokogiri",
"scope": "lt",
"trust": 1.0,
"vendor": "nokogiri",
"version": "1.13.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "nokogiri",
"scope": null,
"trust": 0.8,
"vendor": "nokogiri",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009378"
},
{
"db": "NVD",
"id": "CVE-2022-24836"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168080"
}
],
"trust": 0.1
},
"cve": "CVE-2022-24836",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-24836",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-414655",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-24836",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2022-009378",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-24836",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2022-24836",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-24836",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-2919",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-414655",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-24836",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414655"
},
{
"db": "VULMON",
"id": "CVE-2022-24836"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009378"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2919"
},
{
"db": "NVD",
"id": "CVE-2022-24836"
},
{
"db": "NVD",
"id": "CVE-2022-24836"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `\u003c v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `\u003e= 1.13.4`. There are no known workarounds for this issue. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-29\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Nokogiri: Multiple Vulnerabilities\n Date: August 14, 2022\n Bugs: #846623, #837902, #762685\n ID: 202208-29\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Nokogiri, the worst of\nwhich could result in denial of service. \n\nBackground\n=========\nNokogiri is an HTML, XML, SAX, and Reader parser. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-ruby/nokogiri \u003c 1.13.6 \u003e= 1.13.6\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Nokogiri. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nResolution\n=========\nAll Nokogiri users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e\\xdev-ruby/nokogiri-1.13.6\"\n\nReferences\n=========\n[ 1 ] CVE-2020-26247\n https://nvd.nist.gov/vuln/detail/CVE-2020-26247\n[ 2 ] CVE-2022-24836\n https://nvd.nist.gov/vuln/detail/CVE-2022-24836\n[ 3 ] CVE-2022-29181\n https://nvd.nist.gov/vuln/detail/CVE-2022-29181\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-29\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Satellite 6.12 Release\nAdvisory ID: RHSA-2022:8506-01\nProduct: Red Hat Satellite 6\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:8506\nIssue date: 2022-11-16\nCVE Names: CVE-2021-37136 CVE-2021-37137 CVE-2022-22818\n CVE-2022-24836 CVE-2022-25648 CVE-2022-29970\n CVE-2022-32209 CVE-2022-34265\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Satellite 6.12. The release contains\na new version of Satellite and important security fixes for various\ncomponents. Relevant releases/architectures:\n\nRed Hat Satellite 6.12 for RHEL 8 - noarch, x86_64\n\n3. Description:\n\nRed Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized tool. \n\nSecurity Fix(es):\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for\ndecompressed data (CVE-2021-37136)\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may\nbuffer skippable chunks in an unnecessary way (CVE-2021-37137)\n* python3-django: Possible XSS via template tag (CVE-2022-22818)\n* tfm-rubygem-nokogiri: ReDoS in HTML encoding detection (CVE-2022-24836)\n* tfm-rubygem-sinatra: Path traversal possible outside of public_dir when\nserving static files (CVE-2022-29970)\n* tfm-rubygem-git: Package vulnerable to Command Injection via git argument\ninjection (CVE-2022-25648)\n* rubygem-rails-html-sanitizer: Possible XSS with certain configurations\n(CVE-2022-32209)\n* python3-django: Potential SQL injection via Trunc and Extract arguments\n(CVE-2022-34265)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nThe items above are not a complete list of changes. This update also fixes\nseveral bugs and adds various enhancements. Documentation for these changes\nis available from the Release Notes document. Solution:\n\nFor Red Hat Satellite 6.12, see the following documentation for the\nrelease. \nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.12\n\nThe important instructions on how to upgrade are available below. \nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.12/html/upgrading_and_updating_red_hat_satellite\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1309740 - [RFE] As a user, I want to schedule a job and receive an e-mail summary when it completes\n1703496 - Satellite audits cleanup\n1732590 - Cannot add filter on same RPM name with different architectures\n1775813 - A publish content view displays (Invalid Date) for the date and time of when the content view was published. \n1829468 - [RFE] Be able to retrieve the software vendor package from the installed package\n1830968 - [RFE] API should return simple results to understand if the repositories for hosts are enabled or not. \n1834897 - [RFE] Remove the configuration \u0027env=Library\u0027 created by the virt-who configuration plugin in the Satellite WebUI\n1850393 - [RFE] REX Pull Provider\n1868175 - Red Hat Satellite should notify about published content view while removing Lifecycle environment\n1868323 - \"Confirm services restart\" modal window grammatically does not respect that multiple systems are selected for a reboot\n1870816 - Deploy script breaks when the password of hypervisor contains single quotes\n1879811 - [ALL_LANG] [SAT_6.8 | 6.9 | 6.10|6.11 ] Web elements are not localized (Available Button, ON/OFF Switch Button)\n1884148 - description of filter_host_parents does not match virt-who-config\n1892218 - Multi-page listing when adding repositories to Content Views confuses the number of repositories to add\n1892752 - Scheduled job \"Create RSS notifications\" does not use proxy\n1894033 - [RFE] Add SSH User field to Advanced Fields in Job Invocation of SSH Command - remote_execution_ssh_user per Remote Execution task\n1908841 - Capsule certs regeneration fails with an error if the organization has a `\u0027` in the name\n1912941 - Verbose log outputs for Ansible jobs are reported to all Hosts present on the Job. \n1925165 - [RFE] Unordered RPMs in repodata decrease compression efficiency\n1930577 - when running ReX via SSH on 2242 hosts, got \"Timed out reading data from server\"\n1931532 - When running remote execution from Satellite to an RHEL 8 with tlog enabled it fails. \n1931665 - Need clearer error message when manifest is no longer valid when syncing inventory\n1934210 - Bad HTTP method requests filling up /var/log/messages with stack traces\n1938092 - [RFE] Insights recommendations should have url links for related knowledgebase article and c.r.c. \n1940396 - [RFE] Introduction of GUI based option to be able to bulk select and remove Content View versions in Red Hat Satellite 6\n1951542 - Insights Table doesnt translate the pagination strings\n1952939 - [RFE] Support for Satellite Tools version-1 repository is version. \n1959136 - Backtick in password causes failure during deployment of virt-who config. \n1962253 - Global registration succeeded but throwing error messages when auto-attach is true\n1964080 - [BUG] The != and ~ search params does not work with os_minor parameter in Satellite 6.9\n1970132 - [BUG] Invalid choice for template_kind listed for os_default_template module\n1970623 - [BUG] Error Can\u0027t join \u0027Katello::ContentFacetRepository\u0027 to association named \u0027hostgroup\u0027 when clicking on \"Errata Installation\" inside a host_collection as a non-admin user\n1971747 - \"Registered Content Hosts\" Report is Showing the Wrong Available Kernel Version for RHEL 7.7 Client\n1973329 - Provide upstream repository name value to allow a name change on the repository to not break Satellite if an enabled repository\u0027s name gets changed\n1974180 - Default user input value is not set for job invocation\n1981444 - \"Subscription - Entitlement Report\" does not show correct number of subscriptions attached/consumed\n1982698 - Ansible playbook execution crash for Hosts: localhost\n1982745 - Reprovisioning a host using new HostGroup does not inherit root password from the new HostGroup\n1984400 - Capsule upgrade/install fails due to proxy configuration in \u0027HTTP(S) proxy\u0027 in settings\n1989631 - Ruby warning: URI.escape is obsolete after the host is provisioned\n1990119 - Documentation bug for the compute_resource module\n1991557 - Many Postgres ERRORs (duplicate key) especially on RedHat repo sync\n1994877 - [RFE] Example is missing in \"Install packages\" option in the Advanced Tab of \"Register Host\" form. \n1994945 - hammer cannot use the cluster name or id as valid input when clusters are residing inside folders and fails with error Fog::Vsphere::Compute::NotFound error\n1998477 - Add Simple content access status API to check whether SCA is enabled or disabled in Satellite\n2000613 - The login page exposes version of the satellite\n2001517 - [RFE] Allow \"on_demand\" download policy for repositories of content_type docker\n2001552 - Host facts are not uploaded to satellite when content host is registered with Satellite using global registration form. \n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2006974 - [ALL_LANG] [SAT_6.10 | 6.11] \u0027No matches found\u0027 text is untranslated in search bar\n2007117 - [ ALL_LANG] [SAT_6.10 | 6.11] \u0027Filter\u0027 string from switcher section search box is not marked as translatable string\n2011312 - Misspelled word in tooltip \"Toggel\" instead of \"Toggle\"\n2013611 - Hammer compute-profile create missing \u0027boot_order\u0027 from \u0027compute-attributes\u0027\n2015062 - Scap Content Page redirects to Satellite documentation instead of Scap Content\n2015757 - \u0027Mail enabled\u0027 setting cannot be switched with the hammer user command. \n2016924 - The value set by \u0027hammer activation-key content-override\u0027command cannot be confirmed by \u0027hammer activation-key info\u0027 command. \n2022065 - ansible modules don\u0027t work correctly when a HTTP?HTTPS redirect occurs\n2022649 - Hammer unable to send correct value for for Job Templates in order to update ALL packages. \n2024175 - [RFE] Include Tower extra vars feature when calling the API callback\n2024576 - Extra audit record created on Organization create action\n2024968 - [RFE] Expose parameter trusted_proxies on satellite-installer\n2025892 - [RFE] Allow configuring cockpit with multiple origins through satellite-installer\n2025926 - [RFE] Identify host Build Token using hammer\n2027947 - HypervisorHeartbeatUpdateJob is taking long time to process and updates wrong consumer records\n2028112 - Ansible roles are failed with exit status 0 but the job is showing status success and the task is also showing result success. \n2033321 - Manifest refresh fails on Candlepin: One or more pools was left in an undefined state\n2033381 - Remove the space at the end of foreman-proxy-certs-generate printed installer cmd\n2035287 - The online backup attempt still shows a warning about mongodb when executed in Satellite 6.10\n2036151 - Can\u0027t assign different networks on 2+ NICs with vNIC profiles selected\n2038989 - [RFE] Satellite Security Concerns for Apache\n2043126 - Non-enabled repository types make it into the apipie help-text\n2043242 - [RFE] make worker show what task they are currently running\n2048547 - When using async_ssh true and for some reason the script retrieve.sh fails to, the task remain stuck\n2048775 - CVE-2022-22818 django: Possible XSS via \u0027{% debug %}\u0027 template tag\n2049595 - missing information about puppet attributes in API/CLI\n2051648 - [RFE] Better Detail When Job Fails Due To SSH Problem\n2051891 - vCPUs in RHV getting reset to one vCPU after editing a host in Satellite\n2052076 - foreman-proxy does not log permissions errors when trying to read ssl_ca.pem\n2053842 - The \"Serve via HTTP\" and \"Verify SSL\" options in Repo Discovery page does not functions at all in Satellite 7.0\n2054011 - Submit button on Edit page of a host will revert back to a invalid page on Satellite\n2054042 - [RFE] Logs in dynflow console needs more descriptive when SSH REX job fails on Satellite 7. \n2054786 - {\"publication\":[\"Invalid hyperlink - Object does not exist.\"]} error when syncing a repository\n2054969 - Navigation switch between multiple capsules don\u0027t work as expected\n2055391 - After upgrade products with repositories that had Ignorable Content = drpm can no longer be modified\n2055416 - redhat.satellite.content_upload ansible module with unexpected src parameter behavior\n2055979 - [RFE] - use native Ansible module for Install from git job template\n2056188 - The redesigned Host page in Satellite does not offers any option to invoke/schedule a remote execution job for a client system\n2056702 - Import library with overlapping content can fail with unique-constraint violation\n2058037 - UEFI: Grub network boot templates need to be updated\n2059179 - job template selector missing id in the new rex wizard\n2060651 - Cannot upload a package to a repository if the same package already exists in another repository, but is not downloaded\n2062800 - OpenSCAP is using the removed puppetrun setting\n2064979 - Clients can\u0027t subscribe to or enable Red Hat repositories after renewing subscriptions\n2068454 - repositories/import_uploads API endpoint do require two mandatory parameters\n2069306 - [RFE] Need syncable yum-format repository exports\n2069440 - [RFE] new host ui details, upgrades to host status\n2069634 - new host ui details, unable to read the host from different taxonomies when logged in\n2070001 - Space reclaiming fails on a blank Satellite\n2070535 - Content View publish fails with error PG::CardinalityViolation: ERROR: ON CONFLICT DO UPDATE command cannot affect row a second time. \n2070732 - Use more accurate messaging when host statuses are cleared\n2070972 - Sentence case fixes needed in the new Host page\n2072696 - Creating ESX compute resource on vcenter 7.x fails with InvalidArgument: A specified parameter was not correct: deviceChange[1].device.key\n2073305 - installer spams with katello-certs-check output when using custom certs\n2074346 - CVE-2022-24836 nokogiri: ReDoS in HTML encoding detection\n2075056 - new host ui details, repository sets, search auto-complete is missing\n2076843 - CVE-2022-25648 ruby-git: package vulnerable to Command Injection via git argument injection\n2077811 - new host ui, content, errata subtab, when N/A is chosen as severity filter erratas results are empty\n2077822 - new host ui details, add button to navigate to old content UI\n2077824 - [RFE] API to allow search by object ID on any object\n2080324 - Satellite incorrectly reports email test success\n2080423 - Docker pull fails with \u0027missing or empty Content-Length header\u0027\n2081096 - CVE-2022-29970 sinatra: path traversal possible outside of public_dir when serving static files\n2084130 - CertificateCleanupJob fails with foreign key constraint violation on table cp_upstream_consumer\n2085490 - Discovery and bootdisk templates don\u0027t get description populated from metadata\n2088303 - Webhook raises \"certificate verify failed\" error even the target host is trusted by the system SSL CA bundle\n2089445 - The About page under Administer still refers to IRC channel at Freenode\n2089828 - default Organization and location not set for AD users\n2091044 - new host ui details,ansible roles, submitting form without any roles should show warning\n2092039 - Content import fails if repo labels differ and repo is already imported\n2093884 - Every CV Publish+Promote action followed by an automated Capsule sync task generates a huge traceback \"(ActiveRecord::RecordNotFound): Couldn\u0027t find ForemanTasks::Task::DynflowTask\" in Satellite 6.11\n2094019 - Missing LCE and CV label in CLI CDN configuration\n2095187 - Fail to create virtwho config on nutanix env for error \"Invalid option for hypervisor [ahv]\"\n2095820 - All errata are applied when user only selects certain errata\n2096429 - Global Registration will fail if use a different language\n2098240 - [RFE] Add \u0027System purpose\u0027 card to new host details / Overview tab\n2099620 - Starting or Restarting foreman.socket will raise a harmless \"TCP_NODELAY failed: Operation not supported\" error in Red Hat Satellite 6.9/6.10/6.11\n2100578 - satellite-clone should enable the Satellite module\n2100887 - Repository sets and Errata tabs do not show toggle group when host is in Library environment but non-default content view\n2101579 - Retain packages on Repository removes RPMs from Pulp but not from Katello\n2101882 - CVE-2022-32209 rubygem-rails-html-sanitizer: possible xss with certain configurations\n2101986 - Getting \"NoPermission: Permission to perform this operation was denied.\" when edit host or compute profile\n2102145 - \u0027Satellite-maintain backup online\u0027 states info about Mongo in the warning message\n2102456 - [RFE] - Add static ouia-id to modal with wizard for publishing a cv\n2102825 - satellite-clone fails to adjust ownership of /var/lib/pulp if it\u0027s owned by non-existing user/group\n2102867 - Post upgrade to satellite 6.10, sync summary email notification shows the incorrect summary for newly added errata. \n2102896 - CVE-2022-34265 python-django: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments\n2103096 - After syncing a repository, it doesn\u0027t sync to the capsule automatically. \n2103099 - satellite-clone fails to restore online backup on RHEL8\n2103102 - MemoryError when importing large repo to disconnected Satellite\n2103106 - Attempt to disable a Red Hat Repository fails with error \"Cannot delete record because of dependent library_instances_inverse\" if the repository is part of any CV versions in Satellite 6.10\n2103110 - undefined method `find\u0027 for nil:NilClass when importing content that has gpg_keys associated to it\n2103129 - RHEL 9 appstream and baseos not showing as recommended repositories\n2103522 - Capsule sync fails with \"Parsing interrupted: The repository metadata being synced into Pulp is erroneous in a way that makes it ambiguous (duplicate NEVRAs)..\"\n2104401 - Improve speed of manifest refresh by running RefreshIfNeeded steps concurrently\n2104498 - Unable to sync jfrog artifactory-pro-rpms repository\n2105048 - Error \u0027modulemd-yaml-error-quark\u0027 while synchronizing fedora modular repository on Satellite 6.10. \n2105107 - Data issue for users on RHEL7 syncing EL8+ EPEL or Fedora Modular repositories\n2105144 - Scheduling a remote execution job through API calls are using UTC instead of timezone\n2105299 - Email notification shows incorrect new errata after syncing an Epel repository\n2105941 - After 6.10 to 6.11 upgrade on FIPS setup, repository sync operations fail with an error \"[digital envelope routines: EVP_DigestInit_ex] disabled for fips\"\n2106000 - Manifest Refresh should ensure environment-content association\n2106090 - Running smart-proxy-openscap-send command returns \"Gemfile lists the gem rsec (\u003c 1) more than once\" on Satellite 6.10. \n2106091 - Exclude filter may exclude errata and packages that are needed\n2106092 - Manifest refresh randomly fails with \"No such file or directory\" when having multile dynflow workers\n2106093 - Simplify self-upgrade mechanism\n2106333 - Add Satellite and Capsule 6.12 upgrade scenarios\n2106659 - Inconsistent packages versioning\n2106691 - Satellite 6.12 still defaults to the legacy host UI\n2106700 - Invocations fail with NoMethodError - undefined method `code\u0027 if capsule loses script feature without satellite noticing\n2106885 - Upgrade to Satellite 6.11 fails in db:seed state with error \"ActiveRecord::RecordInvalid: Validation failed: Name has already been taken\"\n2107252 - Last item in Webhooks table is overflowing\n2107572 - packaging request for pull provider dependencies\n2107577 - execution of roles with missing modules doesn\u0027t fail the execution\n2107701 - [Pulp 3] If a modulemd metadata artifact is missing from the filesystem but has an artifact_id associated with it in database, \"Verify Content Checksum\" cannot fix this problem\n2108169 - foreman-maintain self-upgrade enables RH repos when custom repo mentioned with --maintenance-repo-label for RHEL8\n2108611 - Broken link when accessing the Registration Doc from the Satellite register hosts screen\n2108637 - Remote execution fails for SSH Default when Remote Execution configured for Kerberos Authentication\n2108719 - Upgrading to Satellite 6.11 fails on db:migrate stage with error \"null value in column \"created_at\" violates not-null constraint\"\n2109254 - Remove orphans task going to the paused state with error \"Cannot delete some instances of model \u0027Repository\u0027 because they are referenced through protected foreign keys\" on Red Hat Satellite 6.11\n2109260 - When using immediate downloads and retain_package_versions=X, all packages are downloaded and many are immediately orphaned\n2109298 - ModuleStreamErratumPackages aren\u0027t indexed at first repository syncing\n2109421 - Sendmail package not present on RHEL8 and needs manual configuration\n2109594 - After upgrading to Satellite 6.11 , foreman log is flooded with huge tracebacks related to \"unknown class DockerRegistry, ignoring\" and \"unknown class Container, ignoring\"\n2109606 - Not able to enable repositories when FIPS is enabled. \n2109810 - Search for string in n-v-r.a format fails for custom packages but not for Red Hat packages\n2110003 - smart-proxy consumes 100% cpu after connecting to WebConsole with krb5 auth on RHEL8\n2110163 - Generate All Reports Job Fails After Upgrade to 6.11 with Missing Logger Method\n2110222 - Insights client traffic through a Satellite 6.11 Capsule fails\n2110731 - [ BUG ] Sync errata email notification is not workng in Satellite 6.11 whereas \"Test Email\" functions fine\n2110872 - Moving between tabs generates \"undefined method `parent_task\u0027 for nil:NilClass\"\n2111038 - new host ui details,ansible roles, bug when all ansible roles are assigned\n2111074 - After LEAPP upgrade katello_candlepin_port_t definition is missing\n2111222 - Need a static ouia-id for the close button on the Confirmation Modal\n2111373 - new host ui details, edit ansible roles, when assigned, wait and not confirmed, role is unassigned automatically\n2111469 - Single host contains too many NICs\n2111570 - AVC denials noticed for gunicorn process after upgrading the Satellite 6.11 OS from RHEL 7 to RHEL 8 using leapp\n2111571 - Multiples of every module stream show in the web UI\n2111578 - Rebooting Sat611 on RHEL8 removes all pulp logs\n2111921 - [New Host UI] Ansible tab only shows \"view all assigned roles\" when at least one host specific role has been added\n2112015 - After deploying custom certs on Satellite, signed by a new CA, capsule can\u0027t fetch on-demand content\n2112093 - GUI shows \"Capsule Authorization\" disabled even if it was enabled during the creation of the webhook in Satellite 6.10\n2112098 - Need to be able to provide custom cert for ISS for Red Hat CDN\n2112436 - After initial build of a UEFI VM using Red Hat Satellite, the system fails to boot up with error \"Partition with known EFI file not found\" when VM Hardware version is 17 or above\n2112979 - Don\u0027t ship foreman-proxy-selinux in capsule repos\n2113013 - documentation button on capsule page goes to a broken link\n2113905 - [RHSSO] [Installer][RHEL8]- RHSSO feature settings are not getting enabled and failed with HTTPD CONF issue . \n2113946 - Mirroring complete ansible galaxy fails with the following message: \u0027NoneType\u0027 object has no attribute \u0027get\u0027\n2113996 - Search for non-integer job id will result in error page\n2115229 - pull-provider rex jobs occassionally hanging\n2115686 - [RFE] Provide a functionality in Satellite to import pre-existing Ansible playbooks into Job Templates\n2115767 - Unable to apply all Errata via Remote Execution on Web UI with \"Select All\"\n2115775 - hammer command not working for non-root user post upgrading satellite to version 6.11\n2115822 - New host details UI does not work at all\n2115832 - Running \"satellite-maintain self-upgrade\" on a Satellite\\Capsule 6.11.1.1 fails with error \"Error: \u0027satellite-maintenance-6.11.2-for-rhel-8-x86_64-rpms\u0027 does not match a valid repository ID\"\n2116123 - Even though the CreateRssNotifications job gets completed, It fails to fetch RSS with error \u0027(NameError): uninitialized constant Foreman::HttpProxy::NetHttpExt\u0027 in Satellite 6.12\n2116276 - Hammmer task progress command returns Error: undefined method `empty?\u0027 for nil:NilClass\n2116385 - [RFE] Add deprecation warning/banner on Compute Resources page about deprecation of RHEV support\n2116871 - Package \"python3-pulp_manifest\" is not available in Satellite Utils repository\n2117382 - Only first certificate from a content credential is considered by katello when updating CDN configuration to use Network Sync\n2117489 - not all dependencies are allowed by foreman-protector\n2117522 - satellite-upgrade to 6.12 fails in packages-update step to resolve python dependencies\n2118055 - When installing errata via katello-agent, content_action_finish_timeout is ignored and tasks don\u0027t wait for client status to finish\n2118252 - dnf can\u0027t load foreman-protector.py as a regular user\n2118356 - katello-pull-transport-migrate missing in RHEL9 Client repos\n2118431 - Incremental export on repository exports not working correctly after syncably exporting repository\n2118689 - Boding interface bondig slaves are always changed to lower case\n2118694 - Upgrade fails during db:migrate with PG::ForeignKeyViolation: ERROR: ERROR: update or delete on table \"katello_module_profiles\" violates foreign key constraint \"katello_mod_profile_rpm_mod_profile_id_fk\" on table \"katello_module_profile_rpms\"\n2118772 - Satellite upgrade to 6.12 fails during db:migrate with PG::UndefinedColumn: ERROR: column \"created_at\" of relation \"taxable_taxonomies\" does not exist\n2118790 - Convert2rhel playbook tries to install RHEL8 convert2rhel package\n2118950 - Unable to configure cloud connector on Satellite 6.12.0\n2118966 - [Pulp3] When working with docker type repos, syslogs is flooded with warnings \"The model \u003cclass \u0027pulp_container.app.models.ContainerNamespace\u0027\u003e defines the \u0027ACCESS_POLICY_VIEWSET_NAME\u0027 class attribute\" in Satellite 6.12\n2119112 - subpaths field is mandatory while creating ACS in the UI\n2119117 - ACS create fails when --smart-proxy-ids option not passed with \"undefined method `uniq\u0027 for nil:NilClass\"\n2119120 - ACS create fails when same name used with \"PG::UniqueViolation: ERROR: duplicate key value violates unique constraint\"\n2119124 - ACS create form displays capsule names without spaces on review details page in UI\n2119190 - ACS create wizard: select capsule step says \"Name source\"\n2119234 - Timezone/timestamp issue with Ansible configuration management reports run via Capsule servers\n2119688 - running ansible default roles in Satellite 6.11.1.1 shows an error page\n2120148 - Remove spinner from Packages \u0026 Module streams tabs during REX job polling\n2120224 - Host collections card shows empty card without any text when no host collections are present\n2120299 - \u0027This host has errata that are applicable, but not installable\u0027 message incorrectly appears\n2120327 - Discovery Organization setting is shown as Discovery Location setting\n2120414 - Show arch restrictions on Repository Sets tab (new host details)\n2120579 - remote execution interface missing in global registration dialog\n2120632 - After Upgrading LEAPPed Satellite to 6.12 pulp is not connected to redis\n2120715 - Satellite 6.11 GUI documentation URL takes to a non existing URL with 404\n2120992 - Running satellite-clone on SAT6.12 fails beacuse it\u0027s not supported\n2121238 - Importing a custom repository with different label but same name causes validation error\n2121249 - Syncable Exports have spaces in the exported paths\n2121583 - Sync of an Ansible collection repo to the Capsule fails\n2121689 - foreman-maintain still enables ansible-2.9-for-rhel-8-x86_64-rpms repository for running an update to 6.11.z when no packages are installed from that repository\n2121738 - host details jobs - change from list to table\n2121739 - host details audits, change from list to table\n2121954 - When searching for content, dropdown filters are literal search terms. \n2122090 - Syncable exports not properly validated\n2122214 - katello-certs-check propose not valid command for capsule\n2122764 - Indexing error if a collection to be synced from galaxy doesn\u0027t have tags associated. \n2122780 - Pub url is not accessible on the Satellite nor Capsule server\n2122945 - Satellite manifest upload/import error: Unexpected exception occurred while executing transactional block\n2123352 - Updating katello-ca package does not update certs in yggdrasild service for REX pull mode client\n2123405 - [RFE] - Add rhel-6-server-els-rpms repository under recommended repositories\n2124047 - Accessing an external capsule from UI, shows \"Last sync failed: 404 Not Found\" even if the last capsule content sync was successful in Satellite 6.12\n2124051 - Ansible-type REX jobs are still delegated by satellite 6.12 to be executed via an external Capsule 6.12 even if the ansible feature is not enabled on the same\n2124087 - The \"Change Content Source\" option does not provides steps to change the yggdrasil configuration in case putt-mqtt mode is use in Satellite 6.12\n2124271 - After installing katello-agent on a RHEL 9 host, Goferd service fails to start with error AttributeError: \u0027Scheduler\u0027 object has no attribute \u0027isAlive\u0027\n2124568 - \u0027candlepin-validate-db\u0027 pre-upgrade check fails with \"Could not open SSL root certificate file /root/.postgresql/root.crt\" error for external DB setup with SSL\n2124663 - Host details statuses clear button is always disabled\n2124850 - failure to enable async-ssh rex mode with Couldn\u0027t enable \u0027script\u0027\n2124851 - Post upgrade to 6.11.z, DHCP error with wrong number of arguments for validate_supported_address\n2124928 - Webhooks page in UI is broken\n2125022 - Content View Versions generated by Export are still listed in Composite CVs page\n2125244 - Sync of a docker type repository containing schema 1 manifest fails with error\n2125317 - Fix details tab cards Expand/collapse all behavior\n2125585 - Satellite can not be installed on RHEL 8.7\n2125669 - Navigating to content view page from the left panel after creating a cv does not work\n2127099 - Unsupported Installer report plugin exist in the downstream Satellite 6.12\n2127318 - ACS create wizard: review details step displays password in plaintext when manual auth is selected\n2127934 - rex pull-provider client not configured during host provisioning\n2127940 - save_to_file macro does not work if the thing being saved contains a heredoc terminated with EOF\n2128209 - ssh-async rex job fails with OpenSSL::SSL::SSLError\n2128422 - Repository Sets on new Hosts details produces error page\n2129002 - ACS create wizard: select capsule shows duplicate entries in dual-list selector widget\n2131729 - Repository sets does not work on new host details page\n2133468 - Upgrade fails to apply rpm.0044_noartifact_modules pulpcore migration\n2139368 - can\u0027t save discovery settings on an upgraded Satellite 6.12\n2139369 - can\u0027t save bootdisk settings on an upgraded Satellite 6.12\n2139371 - can\u0027t save RH Cloud settings on an upgraded Satellite 6.12\n\n6. Package List:\n\nRed Hat Satellite 6.12 for RHEL 8:\n\nSource:\nansible-collection-redhat-satellite-3.7.0-2.el8sat.src.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.src.rpm\nansible-lint-5.0.8-4.el8pc.src.rpm\nansible-runner-1.4.7-1.el8ar.src.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el8sat.src.rpm\nansiblerole-insights-client-1.7.1-2.el8sat.src.rpm\ncandlepin-4.1.15-1.el8sat.src.rpm\ncjson-1.7.14-5.el8sat.src.rpm\ncreaterepo_c-0.20.1-1.el8pc.src.rpm\ndynflow-utils-1.6.3-1.el8sat.src.rpm\nforeman-3.3.0.17-1.el8sat.src.rpm\nforeman-bootloaders-redhat-202102220000-1.el8sat.src.rpm\nforeman-discovery-image-3.8.2-1.el8sat.src.rpm\nforeman-discovery-image-service-1.0.0-4.1.el8sat.src.rpm\nforeman-installer-3.3.0.8-1.el8sat.src.rpm\nforeman-proxy-3.3.0-1.el8sat.src.rpm\nforeman-selinux-3.3.0-2.el8sat.src.rpm\nkatello-4.5.0-1.el8sat.src.rpm\nkatello-certs-tools-2.9.0-1.el8sat.src.rpm\nkatello-client-bootstrap-1.7.9-1.el8sat.src.rpm\nkatello-selinux-4.0.2-2.el8sat.src.rpm\nlibcomps-0.1.18-4.el8pc.src.rpm\nlibdb-5.3.28-42.el8_4.src.rpm\nlibsodium-1.0.17-3.el8sat.src.rpm\nlibsolv-0.7.22-4.el8pc.src.rpm\nlibwebsockets-2.4.2-2.el8.src.rpm\nmosquitto-2.0.14-1.el8sat.src.rpm\npostgresql-evr-0.0.2-1.el8sat.src.rpm\npulpcore-selinux-1.3.2-1.el8pc.src.rpm\npuppet-agent-7.12.1-1.el8sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el8sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el8sat.src.rpm\npuppetlabs-stdlib-5.2.0-1.el8sat.src.rpm\npuppetserver-7.4.2-1.el8sat.src.rpm\npython-aiodns-3.0.0-3.el8pc.src.rpm\npython-aiofiles-0.8.0-2.el8pc.src.rpm\npython-aiohttp-3.8.1-3.el8pc.src.rpm\npython-aiohttp-xmlrpc-1.5.0-2.el8pc.src.rpm\npython-aioredis-2.0.1-2.el8pc.src.rpm\npython-aiosignal-1.2.0-2.el8pc.src.rpm\npython-ansible-builder-1.0.1-4.el8pc.src.rpm\npython-asgiref-3.5.0-2.el8pc.src.rpm\npython-async-lru-1.0.2-3.el8pc.src.rpm\npython-async-timeout-4.0.2-2.el8pc.src.rpm\npython-asyncio-throttle-1.0.2-3.el8pc.src.rpm\npython-attrs-21.4.0-2.el8pc.src.rpm\npython-backoff-1.11.1-2.el8pc.src.rpm\npython-bindep-2.10.2-4.el8pc.src.rpm\npython-bleach-3.3.1-2.el8pc.src.rpm\npython-bleach-allowlist-1.0.3-3.el8pc.src.rpm\npython-bracex-2.2.1-2.el8pc.src.rpm\npython-brotli-1.0.9-2.el8pc.src.rpm\npython-cchardet-2.1.7-4.el8pc.src.rpm\npython-certifi-2020.6.20-3.el8pc.src.rpm\npython-cffi-1.15.0-2.el8pc.src.rpm\npython-chardet-4.0.0-2.el8pc.src.rpm\npython-charset-normalizer-2.0.11-4.el8pc.src.rpm\npython-click-8.0.3-2.el8pc.src.rpm\npython-click-shell-2.1-3.el8pc.src.rpm\npython-colorama-0.4.4-3.el8pc.src.rpm\npython-commonmark-0.9.1-5.el8pc.src.rpm\npython-contextlib2-21.6.0-3.el8pc.src.rpm\npython-cryptography-3.4.8-1.el8pc.src.rpm\npython-daemon-2.1.2-9.el8ar.src.rpm\npython-dataclasses-0.8-3.el8pc.src.rpm\npython-dateutil-2.8.2-2.el8pc.src.rpm\npython-debian-0.1.43-2.el8pc.src.rpm\npython-defusedxml-0.7.1-3.el8pc.src.rpm\npython-diff-match-patch-20200713-3.el8pc.src.rpm\npython-distro-1.6.0-3.el8pc.src.rpm\npython-django-3.2.14-2.el8pc.src.rpm\npython-django-currentuser-0.5.3-5.el8pc.src.rpm\npython-django-filter-21.1-3.el8pc.src.rpm\npython-django-guardian-2.4.0-5.el8pc.src.rpm\npython-django-guid-3.2.2-1.el8pc.src.rpm\npython-django-import-export-2.7.1-6.el8pc.src.rpm\npython-django-lifecycle-0.9.6-3.el8pc.src.rpm\npython-django-prometheus-2.1.0-3.el8pc.src.rpm\npython-django-readonly-field-1.1.1-3.el8pc.src.rpm\npython-djangorestframework-3.13.1-2.el8pc.src.rpm\npython-djangorestframework-queryfields-1.0.0-5.el8pc.src.rpm\npython-drf-access-policy-1.1.0-3.el8pc.src.rpm\npython-drf-nested-routers-0.93.4-3.el8pc.src.rpm\npython-drf-spectacular-0.21.2-2.el8pc.src.rpm\npython-dynaconf-3.1.7-4.el8pc.src.rpm\npython-ecdsa-0.14.1-2.el8pc.src.rpm\npython-enrich-1.2.6-5.el8pc.src.rpm\npython-et-xmlfile-1.1.0-2.el8pc.src.rpm\npython-flake8-3.9.2-5.el8pc.src.rpm\npython-frozenlist-1.3.0-2.el8pc.src.rpm\npython-future-0.18.2-5.el8pc.src.rpm\npython-galaxy-importer-0.4.5-1.el8pc.src.rpm\npython-gitdb-4.0.9-2.el8pc.src.rpm\npython-gitpython-3.1.26-3.el8pc.src.rpm\npython-gnupg-0.4.8-2.el8pc.src.rpm\npython-gunicorn-20.1.0-5.el8pc.src.rpm\npython-idna-3.3-2.el8pc.src.rpm\npython-idna-ssl-1.1.0-5.el8pc.src.rpm\npython-importlib-metadata-4.10.1-2.el8pc.src.rpm\npython-importlib-resources-5.4.0-4.el8pc.src.rpm\npython-inflection-0.5.1-3.el8pc.src.rpm\npython-iniparse-0.4-35.el8pc.src.rpm\npython-jinja2-3.0.3-2.el8pc.src.rpm\npython-jsonschema-4.6.0-4.el8pc.src.rpm\npython-lockfile-0.11.0-8.el8ar.src.rpm\npython-lxml-4.7.1-2.el8pc.src.rpm\npython-markdown-3.3.6-3.el8pc.src.rpm\npython-markuppy-1.14-3.el8pc.src.rpm\npython-markupsafe-2.0.1-3.el8pc.src.rpm\npython-mccabe-0.6.1-3.el8pc.src.rpm\npython-multidict-6.0.2-2.el8pc.src.rpm\npython-naya-1.1.1-3.el8pc.src.rpm\npython-odfpy-1.4.1-6.el8pc.src.rpm\npython-openpyxl-3.0.9-2.el8pc.src.rpm\npython-packaging-21.3-1.el8pc.src.rpm\npython-parsley-1.3-2.el8pc.src.rpm\npython-pbr-5.8.0-4.el8pc.src.rpm\npython-pexpect-4.6-2.el8ar.src.rpm\npython-productmd-1.33-3.el8pc.src.rpm\npython-prometheus-client-0.8.0-3.el8pc.src.rpm\npython-psutil-5.7.2-2.el8sat.src.rpm\npython-psycopg2-2.9.3-2.el8pc.src.rpm\npython-pulp-ansible-0.13.2-2.el8pc.src.rpm\npython-pulp-certguard-1.5.2-3.el8pc.src.rpm\npython-pulp-cli-0.14.0-4.el8pc.src.rpm\npython-pulp-container-2.10.9-1.el8pc.src.rpm\npython-pulp-deb-2.18.0-3.el8pc.src.rpm\npython-pulp-file-1.10.2-2.el8pc.src.rpm\npython-pulp-rpm-3.18.7-1.el8pc.src.rpm\npython-pulp_manifest-3.0.0-3.el8pc.src.rpm\npython-pulpcore-3.18.10-1.el8pc.src.rpm\npython-pyOpenSSL-19.1.0-3.el8pc.src.rpm\npython-pycairo-1.20.1-3.el8pc.src.rpm\npython-pycares-4.1.2-2.el8pc.src.rpm\npython-pycodestyle-2.7.0-5.el8pc.src.rpm\npython-pycparser-2.21-2.el8pc.src.rpm\npython-pycryptodomex-3.14.1-2.el8pc.src.rpm\npython-pyflakes-2.3.1-5.el8pc.src.rpm\npython-pygments-2.11.2-2.el8pc.src.rpm\npython-pygobject-3.40.1-3.el8pc.src.rpm\npython-pygtrie-2.4.2-3.el8pc.src.rpm\npython-pyjwkest-1.4.2-6.el8pc.src.rpm\npython-pyjwt-1.7.1-8.el8pc.src.rpm\npython-pyparsing-2.4.7-3.el8pc.src.rpm\npython-pyrsistent-0.18.1-2.el8pc.src.rpm\npython-pytz-2021.3-2.el8pc.src.rpm\npython-pyyaml-5.4.1-4.el8pc.src.rpm\npython-qpid-1.37.0-1.el8.src.rpm\npython-redis-3.5.3-3.el8pc.src.rpm\npython-requests-2.27.1-2.el8pc.src.rpm\npython-requirements-parser-0.2.0-3.el8pc.src.rpm\npython-rhsm-1.19.2-3.el8pc.src.rpm\npython-rich-10.12.0-3.el8pc.src.rpm\npython-ruamel-yaml-0.17.20-2.el8pc.src.rpm\npython-ruamel-yaml-clib-0.2.6-2.el8pc.src.rpm\npython-schema-0.7.5-2.el8pc.src.rpm\npython-semantic-version-2.10.0-1.el8pc.src.rpm\npython-six-1.16.0-2.el8pc.src.rpm\npython-smmap-5.0.0-2.el8pc.src.rpm\npython-sqlparse-0.4.2-3.el8pc.src.rpm\npython-tablib-3.2.0-3.el8pc.src.rpm\npython-tenacity-7.0.0-3.el8pc.src.rpm\npython-toml-0.10.2-3.el8pc.src.rpm\npython-typing-extensions-3.10.0.2-2.el8pc.src.rpm\npython-uritemplate-4.1.1-2.el8pc.src.rpm\npython-url-normalize-1.4.3-4.el8pc.src.rpm\npython-urllib3-1.26.8-2.el8pc.src.rpm\npython-urlman-1.4.0-3.el8pc.src.rpm\npython-wcmatch-8.3-2.el8pc.src.rpm\npython-webencodings-0.5.1-3.el8pc.src.rpm\npython-whitenoise-6.0.0-1.el8pc.src.rpm\npython-xlrd-2.0.1-5.el8pc.src.rpm\npython-xlwt-1.3.0-3.el8pc.src.rpm\npython-yarl-1.7.2-2.el8pc.src.rpm\npython-zipp-3.4.0-4.el8pc.src.rpm\nqpid-cpp-1.39.0-7.el8amq.src.rpm\nqpid-dispatch-1.14.0-6.el8.src.rpm\nqpid-proton-0.33.0-4.el8.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el8sat.src.rpm\nrubygem-actioncable-6.0.4.7-1.el8sat.src.rpm\nrubygem-actionmailbox-6.0.4.7-1.el8sat.src.rpm\nrubygem-actionmailer-6.0.4.7-1.el8sat.src.rpm\nrubygem-actionpack-6.0.4.7-1.el8sat.src.rpm\nrubygem-actiontext-6.0.4.7-1.el8sat.src.rpm\nrubygem-actionview-6.0.4.7-1.el8sat.src.rpm\nrubygem-activejob-6.0.4.7-1.el8sat.src.rpm\nrubygem-activemodel-6.0.4.7-1.el8sat.src.rpm\nrubygem-activerecord-6.0.4.7-1.el8sat.src.rpm\nrubygem-activerecord-import-1.1.0-1.el8sat.src.rpm\nrubygem-activerecord-session_store-2.0.0-1.el8sat.src.rpm\nrubygem-activestorage-6.0.4.7-1.el8sat.src.rpm\nrubygem-activesupport-6.0.4.7-1.el8sat.src.rpm\nrubygem-acts_as_list-1.0.3-2.el8sat.src.rpm\nrubygem-addressable-2.8.0-1.el8sat.src.rpm\nrubygem-algebrick-0.7.3-8.el8sat.src.rpm\nrubygem-amazing_print-1.1.0-2.el8sat.src.rpm\nrubygem-ancestry-3.0.7-2.el8sat.src.rpm\nrubygem-anemone-0.7.2-23.el8sat.src.rpm\nrubygem-angular-rails-templates-1.1.0-2.el8sat.src.rpm\nrubygem-ansi-1.5.0-3.el8sat.src.rpm\nrubygem-apipie-bindings-0.5.0-1.el8sat.src.rpm\nrubygem-apipie-dsl-2.4.0-1.el8sat.src.rpm\nrubygem-apipie-params-0.0.5-5.1.el8sat.src.rpm\nrubygem-apipie-rails-0.5.17-4.el8sat.src.rpm\nrubygem-audited-4.9.0-4.el8sat.src.rpm\nrubygem-azure_mgmt_compute-0.22.0-1.el8sat.src.rpm\nrubygem-azure_mgmt_network-0.26.1-2.el8sat.src.rpm\nrubygem-azure_mgmt_resources-0.18.2-1.el8sat.src.rpm\nrubygem-azure_mgmt_storage-0.23.0-1.el8sat.src.rpm\nrubygem-azure_mgmt_subscriptions-0.18.5-1.el8sat.src.rpm\nrubygem-bcrypt-3.1.12-4.1.el8sat.src.rpm\nrubygem-builder-3.2.4-2.el8sat.src.rpm\nrubygem-bundler_ext-0.4.1-6.el8sat.src.rpm\nrubygem-clamp-1.1.2-7.el8sat.src.rpm\nrubygem-coffee-rails-5.0.0-2.el8sat.src.rpm\nrubygem-coffee-script-2.4.1-5.el8sat.src.rpm\nrubygem-coffee-script-source-1.12.2-5.el8sat.src.rpm\nrubygem-colorize-0.8.1-2.el8sat.src.rpm\nrubygem-concurrent-ruby-1.1.6-3.el8sat.src.rpm\nrubygem-concurrent-ruby-edge-0.6.0-3.el8sat.src.rpm\nrubygem-connection_pool-2.2.2-3.el8sat.src.rpm\nrubygem-crass-1.0.6-2.el8sat.src.rpm\nrubygem-css_parser-1.4.7-5.el8sat.src.rpm\nrubygem-daemons-1.2.3-7.1.el8sat.src.rpm\nrubygem-deacon-1.0.0-5.el8sat.src.rpm\nrubygem-declarative-0.0.10-3.el8sat.src.rpm\nrubygem-declarative-option-0.1.0-3.el8sat.src.rpm\nrubygem-deep_cloneable-3.0.0-4.el8sat.src.rpm\nrubygem-deface-1.5.3-3.el8sat.src.rpm\nrubygem-diffy-3.0.1-6.1.el8sat.src.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.src.rpm\nrubygem-dynflow-1.6.4-1.el8sat.src.rpm\nrubygem-erubi-1.9.0-2.el8sat.src.rpm\nrubygem-excon-0.76.0-2.el8sat.src.rpm\nrubygem-execjs-2.7.0-5.el8sat.src.rpm\nrubygem-facter-4.0.51-2.el8sat.src.rpm\nrubygem-faraday-0.17.3-2.el8sat.src.rpm\nrubygem-faraday-cookie_jar-0.0.6-2.el8sat.src.rpm\nrubygem-faraday_middleware-0.13.1-3.el8sat.src.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.src.rpm\nrubygem-ffi-1.12.2-2.1.el8sat.src.rpm\nrubygem-fog-aws-3.6.5-2.el8sat.src.rpm\nrubygem-fog-core-2.1.0-4.el8sat.src.rpm\nrubygem-fog-google-1.11.0-2.el8sat.src.rpm\nrubygem-fog-json-1.2.0-4.el8sat.src.rpm\nrubygem-fog-kubevirt-1.3.3-2.el8sat.src.rpm\nrubygem-fog-libvirt-0.9.0-1.el8sat.src.rpm\nrubygem-fog-openstack-1.0.8-4.el8sat.src.rpm\nrubygem-fog-ovirt-2.0.2-1.el8sat.src.rpm\nrubygem-fog-vsphere-3.5.2-1.el8sat.src.rpm\nrubygem-fog-xml-0.1.2-9.el8sat.src.rpm\nrubygem-foreman-tasks-6.0.3-1.el8sat.src.rpm\nrubygem-foreman_ansible-7.1.4.1-1.el8sat.src.rpm\nrubygem-foreman_azure_rm-2.2.6-3.1.el8sat.src.rpm\nrubygem-foreman_bootdisk-19.0.7-1.el8sat.src.rpm\nrubygem-foreman_discovery-21.0.4-1.el8sat.src.rpm\nrubygem-foreman_hooks-0.3.17-3.el8sat.src.rpm\nrubygem-foreman_kubevirt-0.1.9-4.el8sat.src.rpm\nrubygem-foreman_leapp-0.1.10-2.1.el8sat.src.rpm\nrubygem-foreman_maintain-1.1.8-1.el8sat.src.rpm\nrubygem-foreman_openscap-5.2.2-2.el8sat.src.rpm\nrubygem-foreman_puppet-4.0.3-1.el8sat.src.rpm\nrubygem-foreman_remote_execution-7.2.2-1.el8sat.src.rpm\nrubygem-foreman_rh_cloud-6.0.42.2-1.el8sat.src.rpm\nrubygem-foreman_scap_client-0.5.0-1.el8sat.src.rpm\nrubygem-foreman_templates-9.3.0-1.1.el8sat.src.rpm\nrubygem-foreman_theme_satellite-10.0.0.4-1.el8sat.src.rpm\nrubygem-foreman_virt_who_configure-0.5.9-1.el8sat.src.rpm\nrubygem-foreman_webhooks-3.0.4-1.el8sat.src.rpm\nrubygem-formatador-0.2.1-13.el8sat.src.rpm\nrubygem-friendly_id-5.3.0-2.el8sat.src.rpm\nrubygem-fx-0.5.0-2.el8sat.src.rpm\nrubygem-get_process_mem-0.2.7-2.1.el8sat.src.rpm\nrubygem-gettext_i18n_rails-1.8.0-3.el8sat.src.rpm\nrubygem-git-1.11.0-1.el8sat.src.rpm\nrubygem-gitlab-sidekiq-fetcher-0.6.0-2.el8sat.src.rpm\nrubygem-globalid-0.4.2-2.el8sat.src.rpm\nrubygem-google-api-client-0.33.2-2.el8sat.src.rpm\nrubygem-google-cloud-env-1.3.3-2.el8sat.src.rpm\nrubygem-googleauth-0.13.1-2.el8sat.src.rpm\nrubygem-graphql-1.8.14-3.el8sat.src.rpm\nrubygem-graphql-batch-0.3.10-3.el8sat.src.rpm\nrubygem-gssapi-1.2.0-8.el8sat.src.rpm\nrubygem-hammer_cli-3.3.0-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman-3.3.0.1-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.src.rpm\nrubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_leapp-0.1.1-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_puppet-0.0.6-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_tasks-0.0.18-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.src.rpm\nrubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_webhooks-0.0.3-1.el8sat.src.rpm\nrubygem-hammer_cli_katello-1.6.0.1-1.el8sat.src.rpm\nrubygem-hashie-3.6.0-3.el8sat.src.rpm\nrubygem-highline-2.0.3-2.el8sat.src.rpm\nrubygem-hocon-1.3.1-2.el8sat.src.rpm\nrubygem-http-3.3.0-2.el8sat.src.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm\nrubygem-http-form_data-2.1.1-2.el8sat.src.rpm\nrubygem-http_parser.rb-0.6.0-3.1.el8sat.src.rpm\nrubygem-httpclient-2.8.3-4.el8sat.src.rpm\nrubygem-i18n-1.8.2-2.el8sat.src.rpm\nrubygem-infoblox-3.0.0-4.el8sat.src.rpm\nrubygem-ipaddress-0.8.3-1.el8sat.src.rpm\nrubygem-jgrep-1.3.3-11.el8sat.src.rpm\nrubygem-journald-logger-2.0.4-3.el8sat.src.rpm\nrubygem-journald-native-1.0.11-4.1.el8sat.src.rpm\nrubygem-jwt-2.2.2-2.el8sat.src.rpm\nrubygem-kafo-6.4.0-1.el8sat.src.rpm\nrubygem-kafo_parsers-1.2.1-1.el8sat.src.rpm\nrubygem-kafo_wizards-0.0.2-2.el8sat.src.rpm\nrubygem-katello-4.5.0.20-1.el8sat.src.rpm\nrubygem-kubeclient-4.3.0-2.el8sat.src.rpm\nrubygem-ldap_fluff-0.6.0-1.el8sat.src.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.src.rpm\nrubygem-locale-2.0.9-15.el8sat.src.rpm\nrubygem-logging-2.3.0-2.el8sat.src.rpm\nrubygem-logging-journald-2.0.0-3.el8sat.src.rpm\nrubygem-loofah-2.4.0-2.el8sat.src.rpm\nrubygem-mail-2.7.1-2.el8sat.src.rpm\nrubygem-marcel-1.0.1-1.el8sat.src.rpm\nrubygem-memoist-0.16.0-3.el8sat.src.rpm\nrubygem-method_source-0.9.2-3.el8sat.src.rpm\nrubygem-mime-types-3.3.1-2.el8sat.src.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm\nrubygem-mini_mime-1.0.2-2.el8sat.src.rpm\nrubygem-mqtt-0.5.0-1.el8sat.src.rpm\nrubygem-ms_rest-0.7.6-1.el8sat.src.rpm\nrubygem-ms_rest_azure-0.12.0-1.el8sat.src.rpm\nrubygem-msgpack-1.3.3-2.1.el8sat.src.rpm\nrubygem-multi_json-1.14.1-3.el8sat.src.rpm\nrubygem-multipart-post-2.0.0-3.el8sat.src.rpm\nrubygem-mustermann-1.1.1-1.el8sat.src.rpm\nrubygem-net-ldap-0.17.0-2.el8sat.src.rpm\nrubygem-net-ping-2.0.1-5.el8sat.src.rpm\nrubygem-net-scp-1.2.1-5.el8sat.src.rpm\nrubygem-net-ssh-4.2.0-3.el8sat.src.rpm\nrubygem-net-ssh-krb-0.4.0-4.el8sat.src.rpm\nrubygem-net_http_unix-0.2.2-2.el8sat.src.rpm\nrubygem-netrc-0.11.0-6.el8sat.src.rpm\nrubygem-newt-0.9.7-3.1.el8sat.src.rpm\nrubygem-nio4r-2.5.4-2.1.el8sat.src.rpm\nrubygem-nokogiri-1.13.8-1.el8sat.src.rpm\nrubygem-oauth-0.5.4-5.el8sat.src.rpm\nrubygem-openscap-0.4.9-7.el8sat.src.rpm\nrubygem-openscap_parser-1.0.2-2.el8sat.src.rpm\nrubygem-optimist-3.0.0-3.el8sat.src.rpm\nrubygem-os-1.0.0-3.el8sat.src.rpm\nrubygem-ovirt-engine-sdk-4.4.0-2.1.el8sat.src.rpm\nrubygem-ovirt_provision_plugin-2.0.3-3.el8sat.src.rpm\nrubygem-parallel-1.19.1-2.el8sat.src.rpm\nrubygem-parse-cron-0.1.4-5.el8sat.src.rpm\nrubygem-polyglot-0.3.5-3.1.el8sat.src.rpm\nrubygem-powerbar-2.0.1-3.el8sat.src.rpm\nrubygem-prometheus-client-1.0.0-3.el8sat.src.rpm\nrubygem-promise.rb-0.7.4-3.el8sat.src.rpm\nrubygem-public_suffix-3.0.3-3.el8sat.src.rpm\nrubygem-pulp_ansible_client-0.13.1-1.el8sat.src.rpm\nrubygem-pulp_certguard_client-1.5.0-1.el8sat.src.rpm\nrubygem-pulp_container_client-2.10.3-1.el8sat.src.rpm\nrubygem-pulp_deb_client-2.18.0-1.el8sat.src.rpm\nrubygem-pulp_file_client-1.10.0-1.el8sat.src.rpm\nrubygem-pulp_ostree_client-2.0.0-0.1.a1.el8sat.src.rpm\nrubygem-pulp_python_client-3.6.0-1.el8sat.src.rpm\nrubygem-pulp_rpm_client-3.17.4-1.el8sat.src.rpm\nrubygem-pulpcore_client-3.18.5-1.el8sat.src.rpm\nrubygem-puma-5.6.2-1.el8sat.src.rpm\nrubygem-puma-status-1.3-1.el8sat.src.rpm\nrubygem-qpid_proton-0.33.0-5.el8sat.src.rpm\nrubygem-quantile-0.2.0-5.el8sat.src.rpm\nrubygem-rabl-0.14.3-2.el8sat.src.rpm\nrubygem-rack-2.2.4-1.el8sat.src.rpm\nrubygem-rack-cors-1.0.2-3.el8sat.src.rpm\nrubygem-rack-jsonp-1.3.1-10.el8sat.src.rpm\nrubygem-rack-protection-2.2.0-1.el8sat.src.rpm\nrubygem-rack-test-1.1.0-5.el8sat.src.rpm\nrubygem-rails-6.0.4.7-1.el8sat.src.rpm\nrubygem-rails-dom-testing-2.0.3-7.el8sat.src.rpm\nrubygem-rails-html-sanitizer-1.4.3-2.el8sat.src.rpm\nrubygem-rails-i18n-6.0.0-3.el8sat.src.rpm\nrubygem-railties-6.0.4.7-1.el8sat.src.rpm\nrubygem-rainbow-2.2.2-1.el8sat.src.rpm\nrubygem-rb-inotify-0.9.7-6.el8sat.src.rpm\nrubygem-rbnacl-4.0.2-2.el8sat.src.rpm\nrubygem-rbvmomi-2.2.0-4.el8sat.src.rpm\nrubygem-rchardet-1.8.0-1.el8sat.src.rpm\nrubygem-recursive-open-struct-1.1.0-2.el8sat.src.rpm\nrubygem-redfish_client-0.5.2-2.el8sat.src.rpm\nrubygem-redis-4.5.1-1.el8sat.src.rpm\nrubygem-representable-3.0.4-3.el8sat.src.rpm\nrubygem-responders-3.0.0-4.el8sat.src.rpm\nrubygem-rest-client-2.0.2-4.el8sat.src.rpm\nrubygem-retriable-3.1.2-3.el8sat.src.rpm\nrubygem-rkerberos-0.1.5-20.1.el8sat.src.rpm\nrubygem-roadie-3.4.0-4.el8sat.src.rpm\nrubygem-roadie-rails-2.1.1-3.el8sat.src.rpm\nrubygem-robotex-1.0.0-22.el8sat.src.rpm\nrubygem-rsec-0.4.3-5.el8sat.src.rpm\nrubygem-ruby-libvirt-0.7.1-2.1.el8sat.src.rpm\nrubygem-ruby2_keywords-0.0.4-1.el8sat.src.rpm\nrubygem-ruby2ruby-2.4.2-4.el8sat.src.rpm\nrubygem-ruby_parser-3.10.1-4.el8sat.src.rpm\nrubygem-rubyipmi-0.11.0-1.el8sat.src.rpm\nrubygem-runcible-2.13.1-2.el8sat.src.rpm\nrubygem-safemode-1.3.6-2.el8sat.src.rpm\nrubygem-scoped_search-4.1.10-1.el8sat.src.rpm\nrubygem-sd_notify-0.1.0-2.el8sat.src.rpm\nrubygem-secure_headers-6.3.0-3.el8sat.src.rpm\nrubygem-sequel-5.53.0-1.el8sat.src.rpm\nrubygem-server_sent_events-0.1.2-2.el8sat.src.rpm\nrubygem-sexp_processor-4.10.0-7.el8sat.src.rpm\nrubygem-sidekiq-5.2.10-1.el8sat.src.rpm\nrubygem-signet-0.14.0-2.el8sat.src.rpm\nrubygem-sinatra-2.2.0-1.el8sat.src.rpm\nrubygem-smart_proxy_ansible-3.4.1-2.el8sat.src.rpm\nrubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.src.rpm\nrubygem-smart_proxy_dhcp_infoblox-0.0.16-7.el8sat.src.rpm\nrubygem-smart_proxy_dhcp_remote_isc-0.0.5-6.el8sat.src.rpm\nrubygem-smart_proxy_discovery-1.0.5-9.el8sat.src.rpm\nrubygem-smart_proxy_discovery_image-1.6.0-2.el8sat.src.rpm\nrubygem-smart_proxy_dns_infoblox-1.1.0-7.el8sat.src.rpm\nrubygem-smart_proxy_dynflow-0.8.2-1.el8sat.src.rpm\nrubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.src.rpm\nrubygem-smart_proxy_openscap-0.9.2-1.el8sat.src.rpm\nrubygem-smart_proxy_pulp-3.2.0-3.el8sat.src.rpm\nrubygem-smart_proxy_remote_execution_ssh-0.7.3-1.el8sat.src.rpm\nrubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.src.rpm\nrubygem-sprockets-4.0.2-2.el8sat.src.rpm\nrubygem-sprockets-rails-3.2.1-7.el8sat.src.rpm\nrubygem-sqlite3-1.4.2-1.el8sat.src.rpm\nrubygem-sshkey-1.9.0-5.el8sat.src.rpm\nrubygem-statsd-instrument-2.1.4-4.el8sat.src.rpm\nrubygem-stomp-1.4.9-2.el8sat.src.rpm\nrubygem-thor-1.0.1-3.el8sat.src.rpm\nrubygem-thread_safe-0.3.6-6.el8sat.src.rpm\nrubygem-tilt-2.0.8-5.el8sat.src.rpm\nrubygem-timeliness-0.3.10-2.el8sat.src.rpm\nrubygem-tzinfo-1.2.6-2.el8sat.src.rpm\nrubygem-uber-0.1.0-3.el8sat.src.rpm\nrubygem-unf-0.1.3-9.el8sat.src.rpm\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm\nrubygem-unicode-0.4.4.4-4.1.el8sat.src.rpm\nrubygem-unicode-display_width-1.7.0-2.el8sat.src.rpm\nrubygem-validates_lengths_from_database-0.5.0-8.el8sat.src.rpm\nrubygem-webpack-rails-0.9.8-6.1.el8sat.src.rpm\nrubygem-websocket-driver-0.7.1-2.1.el8sat.src.rpm\nrubygem-websocket-extensions-0.1.5-2.el8sat.src.rpm\nrubygem-will_paginate-3.1.7-4.el8sat.src.rpm\nrubygem-zeitwerk-2.2.2-2.el8sat.src.rpm\nsaslwrapper-0.22-6.el8sat.src.rpm\nsatellite-6.12.0-4.el8sat.src.rpm\nsatellite-installer-6.12.0.5-1.el8sat.src.rpm\nsatellite-maintain-0.0.1-1.el8sat.src.rpm\nyggdrasil-worker-forwarder-0.0.1-1.el8sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-3.7.0-2.el8sat.noarch.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.noarch.rpm\nansible-lint-5.0.8-4.el8pc.noarch.rpm\nansible-runner-1.4.7-1.el8ar.noarch.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el8sat.noarch.rpm\nansiblerole-insights-client-1.7.1-2.el8sat.noarch.rpm\ncandlepin-4.1.15-1.el8sat.noarch.rpm\ncandlepin-selinux-4.1.15-1.el8sat.noarch.rpm\nforeman-3.3.0.17-1.el8sat.noarch.rpm\nforeman-bootloaders-redhat-202102220000-1.el8sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202102220000-1.el8sat.noarch.rpm\nforeman-cli-3.3.0.17-1.el8sat.noarch.rpm\nforeman-debug-3.3.0.17-1.el8sat.noarch.rpm\nforeman-discovery-image-3.8.2-1.el8sat.noarch.rpm\nforeman-dynflow-sidekiq-3.3.0.17-1.el8sat.noarch.rpm\nforeman-ec2-3.3.0.17-1.el8sat.noarch.rpm\nforeman-gce-3.3.0.17-1.el8sat.noarch.rpm\nforeman-installer-3.3.0.8-1.el8sat.noarch.rpm\nforeman-installer-katello-3.3.0.8-1.el8sat.noarch.rpm\nforeman-journald-3.3.0.17-1.el8sat.noarch.rpm\nforeman-libvirt-3.3.0.17-1.el8sat.noarch.rpm\nforeman-openstack-3.3.0.17-1.el8sat.noarch.rpm\nforeman-ovirt-3.3.0.17-1.el8sat.noarch.rpm\nforeman-postgresql-3.3.0.17-1.el8sat.noarch.rpm\nforeman-proxy-3.3.0-1.el8sat.noarch.rpm\nforeman-proxy-journald-3.3.0-1.el8sat.noarch.rpm\nforeman-selinux-3.3.0-2.el8sat.noarch.rpm\nforeman-service-3.3.0.17-1.el8sat.noarch.rpm\nforeman-telemetry-3.3.0.17-1.el8sat.noarch.rpm\nforeman-vmware-3.3.0.17-1.el8sat.noarch.rpm\nkatello-4.5.0-1.el8sat.noarch.rpm\nkatello-certs-tools-2.9.0-1.el8sat.noarch.rpm\nkatello-client-bootstrap-1.7.9-1.el8sat.noarch.rpm\nkatello-common-4.5.0-1.el8sat.noarch.rpm\nkatello-debug-4.5.0-1.el8sat.noarch.rpm\nkatello-selinux-4.0.2-2.el8sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el8sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el8sat.noarch.rpm\npuppetlabs-stdlib-5.2.0-1.el8sat.noarch.rpm\npuppetserver-7.4.2-1.el8sat.noarch.rpm\npython2-qpid-1.37.0-1.el8.noarch.rpm\npython3-ansible-runner-1.4.7-1.el8ar.noarch.rpm\npython3-daemon-2.1.2-9.el8ar.noarch.rpm\npython3-lockfile-0.11.0-8.el8ar.noarch.rpm\npython3-pexpect-4.6-2.el8ar.noarch.rpm\npython39-aiodns-3.0.0-3.el8pc.noarch.rpm\npython39-aiofiles-0.8.0-2.el8pc.noarch.rpm\npython39-aiohttp-xmlrpc-1.5.0-2.el8pc.noarch.rpm\npython39-aioredis-2.0.1-2.el8pc.noarch.rpm\npython39-aiosignal-1.2.0-2.el8pc.noarch.rpm\npython39-ansible-builder-1.0.1-4.el8pc.noarch.rpm\npython39-asgiref-3.5.0-2.el8pc.noarch.rpm\npython39-async-lru-1.0.2-3.el8pc.noarch.rpm\npython39-async-timeout-4.0.2-2.el8pc.noarch.rpm\npython39-asyncio-throttle-1.0.2-3.el8pc.noarch.rpm\npython39-attrs-21.4.0-2.el8pc.noarch.rpm\npython39-backoff-1.11.1-2.el8pc.noarch.rpm\npython39-bindep-2.10.2-4.el8pc.noarch.rpm\npython39-bleach-3.3.1-2.el8pc.noarch.rpm\npython39-bleach-allowlist-1.0.3-3.el8pc.noarch.rpm\npython39-bracex-2.2.1-2.el8pc.noarch.rpm\npython39-certifi-2020.6.20-3.el8pc.noarch.rpm\npython39-chardet-4.0.0-2.el8pc.noarch.rpm\npython39-charset-normalizer-2.0.11-4.el8pc.noarch.rpm\npython39-click-8.0.3-2.el8pc.noarch.rpm\npython39-click-shell-2.1-3.el8pc.noarch.rpm\npython39-colorama-0.4.4-3.el8pc.noarch.rpm\npython39-commonmark-0.9.1-5.el8pc.noarch.rpm\npython39-contextlib2-21.6.0-3.el8pc.noarch.rpm\npython39-dataclasses-0.8-3.el8pc.noarch.rpm\npython39-dateutil-2.8.2-2.el8pc.noarch.rpm\npython39-debian-0.1.43-2.el8pc.noarch.rpm\npython39-defusedxml-0.7.1-3.el8pc.noarch.rpm\npython39-diff-match-patch-20200713-3.el8pc.noarch.rpm\npython39-distro-1.6.0-3.el8pc.noarch.rpm\npython39-django-3.2.14-2.el8pc.noarch.rpm\npython39-django-currentuser-0.5.3-5.el8pc.noarch.rpm\npython39-django-filter-21.1-3.el8pc.noarch.rpm\npython39-django-guardian-2.4.0-5.el8pc.noarch.rpm\npython39-django-guid-3.2.2-1.el8pc.noarch.rpm\npython39-django-import-export-2.7.1-6.el8pc.noarch.rpm\npython39-django-lifecycle-0.9.6-3.el8pc.noarch.rpm\npython39-django-prometheus-2.1.0-3.el8pc.noarch.rpm\npython39-django-readonly-field-1.1.1-3.el8pc.noarch.rpm\npython39-djangorestframework-3.13.1-2.el8pc.noarch.rpm\npython39-djangorestframework-queryfields-1.0.0-5.el8pc.noarch.rpm\npython39-drf-access-policy-1.1.0-3.el8pc.noarch.rpm\npython39-drf-nested-routers-0.93.4-3.el8pc.noarch.rpm\npython39-drf-spectacular-0.21.2-2.el8pc.noarch.rpm\npython39-dynaconf-3.1.7-4.el8pc.noarch.rpm\npython39-ecdsa-0.14.1-2.el8pc.noarch.rpm\npython39-enrich-1.2.6-5.el8pc.noarch.rpm\npython39-et-xmlfile-1.1.0-2.el8pc.noarch.rpm\npython39-flake8-3.9.2-5.el8pc.noarch.rpm\npython39-future-0.18.2-5.el8pc.noarch.rpm\npython39-galaxy-importer-0.4.5-1.el8pc.noarch.rpm\npython39-gitdb-4.0.9-2.el8pc.noarch.rpm\npython39-gitpython-3.1.26-3.el8pc.noarch.rpm\npython39-gnupg-0.4.8-2.el8pc.noarch.rpm\npython39-gunicorn-20.1.0-5.el8pc.noarch.rpm\npython39-idna-3.3-2.el8pc.noarch.rpm\npython39-idna-ssl-1.1.0-5.el8pc.noarch.rpm\npython39-importlib-metadata-4.10.1-2.el8pc.noarch.rpm\npython39-importlib-resources-5.4.0-4.el8pc.noarch.rpm\npython39-inflection-0.5.1-3.el8pc.noarch.rpm\npython39-iniparse-0.4-35.el8pc.noarch.rpm\npython39-jinja2-3.0.3-2.el8pc.noarch.rpm\npython39-jsonschema-4.6.0-4.el8pc.noarch.rpm\npython39-markdown-3.3.6-3.el8pc.noarch.rpm\npython39-markuppy-1.14-3.el8pc.noarch.rpm\npython39-mccabe-0.6.1-3.el8pc.noarch.rpm\npython39-naya-1.1.1-3.el8pc.noarch.rpm\npython39-odfpy-1.4.1-6.el8pc.noarch.rpm\npython39-openpyxl-3.0.9-2.el8pc.noarch.rpm\npython39-packaging-21.3-1.el8pc.noarch.rpm\npython39-parsley-1.3-2.el8pc.noarch.rpm\npython39-pbr-5.8.0-4.el8pc.noarch.rpm\npython39-productmd-1.33-3.el8pc.noarch.rpm\npython39-prometheus-client-0.8.0-3.el8pc.noarch.rpm\npython39-pulp-ansible-0.13.2-2.el8pc.noarch.rpm\npython39-pulp-certguard-1.5.2-3.el8pc.noarch.rpm\npython39-pulp-cli-0.14.0-4.el8pc.noarch.rpm\npython39-pulp-container-2.10.9-1.el8pc.noarch.rpm\npython39-pulp-deb-2.18.0-3.el8pc.noarch.rpm\npython39-pulp-file-1.10.2-2.el8pc.noarch.rpm\npython39-pulp-rpm-3.18.7-1.el8pc.noarch.rpm\npython39-pulp_manifest-3.0.0-3.el8pc.noarch.rpm\npython39-pulpcore-3.18.10-1.el8pc.noarch.rpm\npython39-pyOpenSSL-19.1.0-3.el8pc.noarch.rpm\npython39-pycodestyle-2.7.0-5.el8pc.noarch.rpm\npython39-pycparser-2.21-2.el8pc.noarch.rpm\npython39-pyflakes-2.3.1-5.el8pc.noarch.rpm\npython39-pygments-2.11.2-2.el8pc.noarch.rpm\npython39-pygtrie-2.4.2-3.el8pc.noarch.rpm\npython39-pyjwkest-1.4.2-6.el8pc.noarch.rpm\npython39-pyjwt-1.7.1-8.el8pc.noarch.rpm\npython39-pyparsing-2.4.7-3.el8pc.noarch.rpm\npython39-pytz-2021.3-2.el8pc.noarch.rpm\npython39-redis-3.5.3-3.el8pc.noarch.rpm\npython39-requests-2.27.1-2.el8pc.noarch.rpm\npython39-requirements-parser-0.2.0-3.el8pc.noarch.rpm\npython39-rich-10.12.0-3.el8pc.noarch.rpm\npython39-ruamel-yaml-0.17.20-2.el8pc.noarch.rpm\npython39-schema-0.7.5-2.el8pc.noarch.rpm\npython39-semantic-version-2.10.0-1.el8pc.noarch.rpm\npython39-six-1.16.0-2.el8pc.noarch.rpm\npython39-smmap-5.0.0-2.el8pc.noarch.rpm\npython39-sqlparse-0.4.2-3.el8pc.noarch.rpm\npython39-tablib-3.2.0-3.el8pc.noarch.rpm\npython39-tenacity-7.0.0-3.el8pc.noarch.rpm\npython39-toml-0.10.2-3.el8pc.noarch.rpm\npython39-typing-extensions-3.10.0.2-2.el8pc.noarch.rpm\npython39-uritemplate-4.1.1-2.el8pc.noarch.rpm\npython39-url-normalize-1.4.3-4.el8pc.noarch.rpm\npython39-urllib3-1.26.8-2.el8pc.noarch.rpm\npython39-urlman-1.4.0-3.el8pc.noarch.rpm\npython39-wcmatch-8.3-2.el8pc.noarch.rpm\npython39-webencodings-0.5.1-3.el8pc.noarch.rpm\npython39-whitenoise-6.0.0-1.el8pc.noarch.rpm\npython39-xlrd-2.0.1-5.el8pc.noarch.rpm\npython39-xlwt-1.3.0-3.el8pc.noarch.rpm\npython39-zipp-3.4.0-4.el8pc.noarch.rpm\nqpid-dispatch-tools-1.14.0-6.el8.noarch.rpm\nqpid-tools-1.39.0-7.el8amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el8sat.noarch.rpm\nrubygem-actioncable-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-actionmailbox-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-actionmailer-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-actionpack-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-actiontext-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-actionview-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-activejob-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-activemodel-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-activerecord-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-activerecord-import-1.1.0-1.el8sat.noarch.rpm\nrubygem-activerecord-session_store-2.0.0-1.el8sat.noarch.rpm\nrubygem-activestorage-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-activesupport-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-acts_as_list-1.0.3-2.el8sat.noarch.rpm\nrubygem-addressable-2.8.0-1.el8sat.noarch.rpm\nrubygem-algebrick-0.7.3-8.el8sat.noarch.rpm\nrubygem-amazing_print-1.1.0-2.el8sat.noarch.rpm\nrubygem-ancestry-3.0.7-2.el8sat.noarch.rpm\nrubygem-anemone-0.7.2-23.el8sat.noarch.rpm\nrubygem-angular-rails-templates-1.1.0-2.el8sat.noarch.rpm\nrubygem-ansi-1.5.0-3.el8sat.noarch.rpm\nrubygem-apipie-bindings-0.5.0-1.el8sat.noarch.rpm\nrubygem-apipie-dsl-2.4.0-1.el8sat.noarch.rpm\nrubygem-apipie-params-0.0.5-5.1.el8sat.noarch.rpm\nrubygem-apipie-rails-0.5.17-4.el8sat.noarch.rpm\nrubygem-audited-4.9.0-4.el8sat.noarch.rpm\nrubygem-azure_mgmt_compute-0.22.0-1.el8sat.noarch.rpm\nrubygem-azure_mgmt_network-0.26.1-2.el8sat.noarch.rpm\nrubygem-azure_mgmt_resources-0.18.2-1.el8sat.noarch.rpm\nrubygem-azure_mgmt_storage-0.23.0-1.el8sat.noarch.rpm\nrubygem-azure_mgmt_subscriptions-0.18.5-1.el8sat.noarch.rpm\nrubygem-builder-3.2.4-2.el8sat.noarch.rpm\nrubygem-bundler_ext-0.4.1-6.el8sat.noarch.rpm\nrubygem-clamp-1.1.2-7.el8sat.noarch.rpm\nrubygem-coffee-rails-5.0.0-2.el8sat.noarch.rpm\nrubygem-coffee-script-2.4.1-5.el8sat.noarch.rpm\nrubygem-coffee-script-source-1.12.2-5.el8sat.noarch.rpm\nrubygem-colorize-0.8.1-2.el8sat.noarch.rpm\nrubygem-concurrent-ruby-1.1.6-3.el8sat.noarch.rpm\nrubygem-concurrent-ruby-edge-0.6.0-3.el8sat.noarch.rpm\nrubygem-connection_pool-2.2.2-3.el8sat.noarch.rpm\nrubygem-crass-1.0.6-2.el8sat.noarch.rpm\nrubygem-css_parser-1.4.7-5.el8sat.noarch.rpm\nrubygem-daemons-1.2.3-7.1.el8sat.noarch.rpm\nrubygem-deacon-1.0.0-5.el8sat.noarch.rpm\nrubygem-declarative-0.0.10-3.el8sat.noarch.rpm\nrubygem-declarative-option-0.1.0-3.el8sat.noarch.rpm\nrubygem-deep_cloneable-3.0.0-4.el8sat.noarch.rpm\nrubygem-deface-1.5.3-3.el8sat.noarch.rpm\nrubygem-diffy-3.0.1-6.1.el8sat.noarch.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm\nrubygem-dynflow-1.6.4-1.el8sat.noarch.rpm\nrubygem-erubi-1.9.0-2.el8sat.noarch.rpm\nrubygem-excon-0.76.0-2.el8sat.noarch.rpm\nrubygem-execjs-2.7.0-5.el8sat.noarch.rpm\nrubygem-faraday-0.17.3-2.el8sat.noarch.rpm\nrubygem-faraday-cookie_jar-0.0.6-2.el8sat.noarch.rpm\nrubygem-faraday_middleware-0.13.1-3.el8sat.noarch.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm\nrubygem-fog-aws-3.6.5-2.el8sat.noarch.rpm\nrubygem-fog-core-2.1.0-4.el8sat.noarch.rpm\nrubygem-fog-google-1.11.0-2.el8sat.noarch.rpm\nrubygem-fog-json-1.2.0-4.el8sat.noarch.rpm\nrubygem-fog-kubevirt-1.3.3-2.el8sat.noarch.rpm\nrubygem-fog-libvirt-0.9.0-1.el8sat.noarch.rpm\nrubygem-fog-openstack-1.0.8-4.el8sat.noarch.rpm\nrubygem-fog-ovirt-2.0.2-1.el8sat.noarch.rpm\nrubygem-fog-vsphere-3.5.2-1.el8sat.noarch.rpm\nrubygem-fog-xml-0.1.2-9.el8sat.noarch.rpm\nrubygem-foreman-tasks-6.0.3-1.el8sat.noarch.rpm\nrubygem-foreman_ansible-7.1.4.1-1.el8sat.noarch.rpm\nrubygem-foreman_azure_rm-2.2.6-3.1.el8sat.noarch.rpm\nrubygem-foreman_bootdisk-19.0.7-1.el8sat.noarch.rpm\nrubygem-foreman_discovery-21.0.4-1.el8sat.noarch.rpm\nrubygem-foreman_hooks-0.3.17-3.el8sat.noarch.rpm\nrubygem-foreman_kubevirt-0.1.9-4.el8sat.noarch.rpm\nrubygem-foreman_leapp-0.1.10-2.1.el8sat.noarch.rpm\nrubygem-foreman_maintain-1.1.8-1.el8sat.noarch.rpm\nrubygem-foreman_openscap-5.2.2-2.el8sat.noarch.rpm\nrubygem-foreman_puppet-4.0.3-1.el8sat.noarch.rpm\nrubygem-foreman_remote_execution-7.2.2-1.el8sat.noarch.rpm\nrubygem-foreman_remote_execution-cockpit-7.2.2-1.el8sat.noarch.rpm\nrubygem-foreman_rh_cloud-6.0.42.2-1.el8sat.noarch.rpm\nrubygem-foreman_scap_client-0.5.0-1.el8sat.noarch.rpm\nrubygem-foreman_templates-9.3.0-1.1.el8sat.noarch.rpm\nrubygem-foreman_theme_satellite-10.0.0.4-1.el8sat.noarch.rpm\nrubygem-foreman_virt_who_configure-0.5.9-1.el8sat.noarch.rpm\nrubygem-foreman_webhooks-3.0.4-1.el8sat.noarch.rpm\nrubygem-formatador-0.2.1-13.el8sat.noarch.rpm\nrubygem-friendly_id-5.3.0-2.el8sat.noarch.rpm\nrubygem-fx-0.5.0-2.el8sat.noarch.rpm\nrubygem-get_process_mem-0.2.7-2.1.el8sat.noarch.rpm\nrubygem-gettext_i18n_rails-1.8.0-3.el8sat.noarch.rpm\nrubygem-git-1.11.0-1.el8sat.noarch.rpm\nrubygem-gitlab-sidekiq-fetcher-0.6.0-2.el8sat.noarch.rpm\nrubygem-globalid-0.4.2-2.el8sat.noarch.rpm\nrubygem-google-api-client-0.33.2-2.el8sat.noarch.rpm\nrubygem-google-cloud-env-1.3.3-2.el8sat.noarch.rpm\nrubygem-googleauth-0.13.1-2.el8sat.noarch.rpm\nrubygem-graphql-1.8.14-3.el8sat.noarch.rpm\nrubygem-graphql-batch-0.3.10-3.el8sat.noarch.rpm\nrubygem-gssapi-1.2.0-8.el8sat.noarch.rpm\nrubygem-hammer_cli-3.3.0-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman-3.3.0.1-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_kubevirt-0.1.5-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_leapp-0.1.1-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_puppet-0.0.6-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_tasks-0.0.18-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_webhooks-0.0.3-1.el8sat.noarch.rpm\nrubygem-hammer_cli_katello-1.6.0.1-1.el8sat.noarch.rpm\nrubygem-hashie-3.6.0-3.el8sat.noarch.rpm\nrubygem-highline-2.0.3-2.el8sat.noarch.rpm\nrubygem-hocon-1.3.1-2.el8sat.noarch.rpm\nrubygem-http-3.3.0-2.el8sat.noarch.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm\nrubygem-http-form_data-2.1.1-2.el8sat.noarch.rpm\nrubygem-httpclient-2.8.3-4.el8sat.noarch.rpm\nrubygem-i18n-1.8.2-2.el8sat.noarch.rpm\nrubygem-infoblox-3.0.0-4.el8sat.noarch.rpm\nrubygem-ipaddress-0.8.3-1.el8sat.noarch.rpm\nrubygem-jgrep-1.3.3-11.el8sat.noarch.rpm\nrubygem-journald-logger-2.0.4-3.el8sat.noarch.rpm\nrubygem-jwt-2.2.2-2.el8sat.noarch.rpm\nrubygem-kafo-6.4.0-1.el8sat.noarch.rpm\nrubygem-kafo_parsers-1.2.1-1.el8sat.noarch.rpm\nrubygem-kafo_wizards-0.0.2-2.el8sat.noarch.rpm\nrubygem-katello-4.5.0.20-1.el8sat.noarch.rpm\nrubygem-kubeclient-4.3.0-2.el8sat.noarch.rpm\nrubygem-ldap_fluff-0.6.0-1.el8sat.noarch.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm\nrubygem-locale-2.0.9-15.el8sat.noarch.rpm\nrubygem-logging-2.3.0-2.el8sat.noarch.rpm\nrubygem-logging-journald-2.0.0-3.el8sat.noarch.rpm\nrubygem-loofah-2.4.0-2.el8sat.noarch.rpm\nrubygem-mail-2.7.1-2.el8sat.noarch.rpm\nrubygem-marcel-1.0.1-1.el8sat.noarch.rpm\nrubygem-memoist-0.16.0-3.el8sat.noarch.rpm\nrubygem-method_source-0.9.2-3.el8sat.noarch.rpm\nrubygem-mime-types-3.3.1-2.el8sat.noarch.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm\nrubygem-mini_mime-1.0.2-2.el8sat.noarch.rpm\nrubygem-mqtt-0.5.0-1.el8sat.noarch.rpm\nrubygem-ms_rest-0.7.6-1.el8sat.noarch.rpm\nrubygem-ms_rest_azure-0.12.0-1.el8sat.noarch.rpm\nrubygem-multi_json-1.14.1-3.el8sat.noarch.rpm\nrubygem-multipart-post-2.0.0-3.el8sat.noarch.rpm\nrubygem-mustermann-1.1.1-1.el8sat.noarch.rpm\nrubygem-net-ldap-0.17.0-2.el8sat.noarch.rpm\nrubygem-net-ping-2.0.1-5.el8sat.noarch.rpm\nrubygem-net-scp-1.2.1-5.el8sat.noarch.rpm\nrubygem-net-ssh-4.2.0-3.el8sat.noarch.rpm\nrubygem-net-ssh-krb-0.4.0-4.el8sat.noarch.rpm\nrubygem-net_http_unix-0.2.2-2.el8sat.noarch.rpm\nrubygem-netrc-0.11.0-6.el8sat.noarch.rpm\nrubygem-oauth-0.5.4-5.el8sat.noarch.rpm\nrubygem-openscap-0.4.9-7.el8sat.noarch.rpm\nrubygem-openscap_parser-1.0.2-2.el8sat.noarch.rpm\nrubygem-optimist-3.0.0-3.el8sat.noarch.rpm\nrubygem-os-1.0.0-3.el8sat.noarch.rpm\nrubygem-ovirt_provision_plugin-2.0.3-3.el8sat.noarch.rpm\nrubygem-parallel-1.19.1-2.el8sat.noarch.rpm\nrubygem-parse-cron-0.1.4-5.el8sat.noarch.rpm\nrubygem-polyglot-0.3.5-3.1.el8sat.noarch.rpm\nrubygem-powerbar-2.0.1-3.el8sat.noarch.rpm\nrubygem-prometheus-client-1.0.0-3.el8sat.noarch.rpm\nrubygem-promise.rb-0.7.4-3.el8sat.noarch.rpm\nrubygem-public_suffix-3.0.3-3.el8sat.noarch.rpm\nrubygem-pulp_ansible_client-0.13.1-1.el8sat.noarch.rpm\nrubygem-pulp_certguard_client-1.5.0-1.el8sat.noarch.rpm\nrubygem-pulp_container_client-2.10.3-1.el8sat.noarch.rpm\nrubygem-pulp_deb_client-2.18.0-1.el8sat.noarch.rpm\nrubygem-pulp_file_client-1.10.0-1.el8sat.noarch.rpm\nrubygem-pulp_ostree_client-2.0.0-0.1.a1.el8sat.noarch.rpm\nrubygem-pulp_python_client-3.6.0-1.el8sat.noarch.rpm\nrubygem-pulp_rpm_client-3.17.4-1.el8sat.noarch.rpm\nrubygem-pulpcore_client-3.18.5-1.el8sat.noarch.rpm\nrubygem-puma-status-1.3-1.el8sat.noarch.rpm\nrubygem-quantile-0.2.0-5.el8sat.noarch.rpm\nrubygem-rabl-0.14.3-2.el8sat.noarch.rpm\nrubygem-rack-2.2.4-1.el8sat.noarch.rpm\nrubygem-rack-cors-1.0.2-3.el8sat.noarch.rpm\nrubygem-rack-jsonp-1.3.1-10.el8sat.noarch.rpm\nrubygem-rack-protection-2.2.0-1.el8sat.noarch.rpm\nrubygem-rack-test-1.1.0-5.el8sat.noarch.rpm\nrubygem-rails-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-rails-dom-testing-2.0.3-7.el8sat.noarch.rpm\nrubygem-rails-html-sanitizer-1.4.3-2.el8sat.noarch.rpm\nrubygem-rails-i18n-6.0.0-3.el8sat.noarch.rpm\nrubygem-railties-6.0.4.7-1.el8sat.noarch.rpm\nrubygem-rainbow-2.2.2-1.el8sat.noarch.rpm\nrubygem-rb-inotify-0.9.7-6.el8sat.noarch.rpm\nrubygem-rbnacl-4.0.2-2.el8sat.noarch.rpm\nrubygem-rbvmomi-2.2.0-4.el8sat.noarch.rpm\nrubygem-rchardet-1.8.0-1.el8sat.noarch.rpm\nrubygem-recursive-open-struct-1.1.0-2.el8sat.noarch.rpm\nrubygem-redfish_client-0.5.2-2.el8sat.noarch.rpm\nrubygem-redis-4.5.1-1.el8sat.noarch.rpm\nrubygem-representable-3.0.4-3.el8sat.noarch.rpm\nrubygem-responders-3.0.0-4.el8sat.noarch.rpm\nrubygem-rest-client-2.0.2-4.el8sat.noarch.rpm\nrubygem-retriable-3.1.2-3.el8sat.noarch.rpm\nrubygem-roadie-3.4.0-4.el8sat.noarch.rpm\nrubygem-roadie-rails-2.1.1-3.el8sat.noarch.rpm\nrubygem-robotex-1.0.0-22.el8sat.noarch.rpm\nrubygem-rsec-0.4.3-5.el8sat.noarch.rpm\nrubygem-ruby2_keywords-0.0.4-1.el8sat.noarch.rpm\nrubygem-ruby2ruby-2.4.2-4.el8sat.noarch.rpm\nrubygem-ruby_parser-3.10.1-4.el8sat.noarch.rpm\nrubygem-rubyipmi-0.11.0-1.el8sat.noarch.rpm\nrubygem-runcible-2.13.1-2.el8sat.noarch.rpm\nrubygem-safemode-1.3.6-2.el8sat.noarch.rpm\nrubygem-scoped_search-4.1.10-1.el8sat.noarch.rpm\nrubygem-sd_notify-0.1.0-2.el8sat.noarch.rpm\nrubygem-secure_headers-6.3.0-3.el8sat.noarch.rpm\nrubygem-sequel-5.53.0-1.el8sat.noarch.rpm\nrubygem-server_sent_events-0.1.2-2.el8sat.noarch.rpm\nrubygem-sexp_processor-4.10.0-7.el8sat.noarch.rpm\nrubygem-sidekiq-5.2.10-1.el8sat.noarch.rpm\nrubygem-signet-0.14.0-2.el8sat.noarch.rpm\nrubygem-sinatra-2.2.0-1.el8sat.noarch.rpm\nrubygem-smart_proxy_ansible-3.4.1-2.el8sat.noarch.rpm\nrubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.noarch.rpm\nrubygem-smart_proxy_dhcp_infoblox-0.0.16-7.el8sat.noarch.rpm\nrubygem-smart_proxy_dhcp_remote_isc-0.0.5-6.el8sat.noarch.rpm\nrubygem-smart_proxy_discovery-1.0.5-9.el8sat.noarch.rpm\nrubygem-smart_proxy_discovery_image-1.6.0-2.el8sat.noarch.rpm\nrubygem-smart_proxy_dns_infoblox-1.1.0-7.el8sat.noarch.rpm\nrubygem-smart_proxy_dynflow-0.8.2-1.el8sat.noarch.rpm\nrubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.noarch.rpm\nrubygem-smart_proxy_openscap-0.9.2-1.el8sat.noarch.rpm\nrubygem-smart_proxy_pulp-3.2.0-3.el8sat.noarch.rpm\nrubygem-smart_proxy_remote_execution_ssh-0.7.3-1.el8sat.noarch.rpm\nrubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.noarch.rpm\nrubygem-sprockets-4.0.2-2.el8sat.noarch.rpm\nrubygem-sprockets-rails-3.2.1-7.el8sat.noarch.rpm\nrubygem-sshkey-1.9.0-5.el8sat.noarch.rpm\nrubygem-statsd-instrument-2.1.4-4.el8sat.noarch.rpm\nrubygem-stomp-1.4.9-2.el8sat.noarch.rpm\nrubygem-thor-1.0.1-3.el8sat.noarch.rpm\nrubygem-thread_safe-0.3.6-6.el8sat.noarch.rpm\nrubygem-tilt-2.0.8-5.el8sat.noarch.rpm\nrubygem-timeliness-0.3.10-2.el8sat.noarch.rpm\nrubygem-tzinfo-1.2.6-2.el8sat.noarch.rpm\nrubygem-uber-0.1.0-3.el8sat.noarch.rpm\nrubygem-unf-0.1.3-9.el8sat.noarch.rpm\nrubygem-unicode-display_width-1.7.0-2.el8sat.noarch.rpm\nrubygem-validates_lengths_from_database-0.5.0-8.el8sat.noarch.rpm\nrubygem-webpack-rails-0.9.8-6.1.el8sat.noarch.rpm\nrubygem-websocket-extensions-0.1.5-2.el8sat.noarch.rpm\nrubygem-will_paginate-3.1.7-4.el8sat.noarch.rpm\nrubygem-zeitwerk-2.2.2-2.el8sat.noarch.rpm\nsatellite-6.12.0-4.el8sat.noarch.rpm\nsatellite-cli-6.12.0-4.el8sat.noarch.rpm\nsatellite-common-6.12.0-4.el8sat.noarch.rpm\nsatellite-installer-6.12.0.5-1.el8sat.noarch.rpm\nsatellite-maintain-0.0.1-1.el8sat.noarch.rpm\n\nx86_64:\ncjson-1.7.14-5.el8sat.x86_64.rpm\ncjson-debuginfo-1.7.14-5.el8sat.x86_64.rpm\ncjson-debugsource-1.7.14-5.el8sat.x86_64.rpm\ncreaterepo_c-0.20.1-1.el8pc.x86_64.rpm\ncreaterepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm\ncreaterepo_c-debugsource-0.20.1-1.el8pc.x86_64.rpm\ncreaterepo_c-libs-0.20.1-1.el8pc.x86_64.rpm\ncreaterepo_c-libs-debuginfo-0.20.1-1.el8pc.x86_64.rpm\ndynflow-utils-1.6.3-1.el8sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-4.1.el8sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-4.1.el8sat.x86_64.rpm\nlibcomps-0.1.18-4.el8pc.x86_64.rpm\nlibcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm\nlibcomps-debugsource-0.1.18-4.el8pc.x86_64.rpm\nlibdb-cxx-5.3.28-42.el8_4.x86_64.rpm\nlibdb-cxx-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-debugsource-5.3.28-42.el8_4.x86_64.rpm\nlibdb-java-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-sql-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-sql-devel-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-tcl-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-utils-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibsodium-1.0.17-3.el8sat.x86_64.rpm\nlibsodium-debuginfo-1.0.17-3.el8sat.x86_64.rpm\nlibsodium-debugsource-1.0.17-3.el8sat.x86_64.rpm\nlibsolv-0.7.22-4.el8pc.x86_64.rpm\nlibsolv-debuginfo-0.7.22-4.el8pc.x86_64.rpm\nlibsolv-debugsource-0.7.22-4.el8pc.x86_64.rpm\nlibsolv-demo-debuginfo-0.7.22-4.el8pc.x86_64.rpm\nlibsolv-tools-debuginfo-0.7.22-4.el8pc.x86_64.rpm\nlibwebsockets-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-debugsource-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-tests-debuginfo-2.4.2-2.el8.x86_64.rpm\nmosquitto-2.0.14-1.el8sat.x86_64.rpm\nmosquitto-debuginfo-2.0.14-1.el8sat.x86_64.rpm\nmosquitto-debugsource-2.0.14-1.el8sat.x86_64.rpm\npostgresql-evr-0.0.2-1.el8sat.x86_64.rpm\npulpcore-selinux-1.3.2-1.el8pc.x86_64.rpm\npuppet-agent-7.12.1-1.el8sat.x86_64.rpm\npython-aiohttp-debugsource-3.8.1-3.el8pc.x86_64.rpm\npython-brotli-debugsource-1.0.9-2.el8pc.x86_64.rpm\npython-cchardet-debugsource-2.1.7-4.el8pc.x86_64.rpm\npython-cffi-debugsource-1.15.0-2.el8pc.x86_64.rpm\npython-cryptography-debugsource-3.4.8-1.el8pc.x86_64.rpm\npython-frozenlist-debugsource-1.3.0-2.el8pc.x86_64.rpm\npython-lxml-debugsource-4.7.1-2.el8pc.x86_64.rpm\npython-markupsafe-debugsource-2.0.1-3.el8pc.x86_64.rpm\npython-multidict-debugsource-6.0.2-2.el8pc.x86_64.rpm\npython-psutil-debugsource-5.7.2-2.el8sat.x86_64.rpm\npython-psycopg2-debugsource-2.9.3-2.el8pc.x86_64.rpm\npython-pycairo-debugsource-1.20.1-3.el8pc.x86_64.rpm\npython-pycares-debugsource-4.1.2-2.el8pc.x86_64.rpm\npython-pycryptodomex-debugsource-3.14.1-2.el8pc.x86_64.rpm\npython-pygobject-debugsource-3.40.1-3.el8pc.x86_64.rpm\npython-pyrsistent-debugsource-0.18.1-2.el8pc.x86_64.rpm\npython-rhsm-debugsource-1.19.2-3.el8pc.x86_64.rpm\npython-ruamel-yaml-clib-debugsource-0.2.6-2.el8pc.x86_64.rpm\npython-yarl-debugsource-1.7.2-2.el8pc.x86_64.rpm\npython2-qpid-qmf-1.39.0-7.el8amq.x86_64.rpm\npython2-saslwrapper-0.22-6.el8sat.x86_64.rpm\npython2-saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm\npython3-createrepo_c-0.20.1-1.el8pc.x86_64.rpm\npython3-createrepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm\npython3-libcomps-0.1.18-4.el8pc.x86_64.rpm\npython3-libcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm\npython3-psutil-5.7.2-2.el8sat.x86_64.rpm\npython3-psutil-debuginfo-5.7.2-2.el8sat.x86_64.rpm\npython3-qpid-proton-0.33.0-4.el8.x86_64.rpm\npython3-qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm\npython3-solv-0.7.22-4.el8pc.x86_64.rpm\npython3-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm\npython39-aiohttp-3.8.1-3.el8pc.x86_64.rpm\npython39-aiohttp-debuginfo-3.8.1-3.el8pc.x86_64.rpm\npython39-brotli-1.0.9-2.el8pc.x86_64.rpm\npython39-brotli-debuginfo-1.0.9-2.el8pc.x86_64.rpm\npython39-cchardet-2.1.7-4.el8pc.x86_64.rpm\npython39-cchardet-debuginfo-2.1.7-4.el8pc.x86_64.rpm\npython39-cffi-1.15.0-2.el8pc.x86_64.rpm\npython39-cffi-debuginfo-1.15.0-2.el8pc.x86_64.rpm\npython39-createrepo_c-0.20.1-1.el8pc.x86_64.rpm\npython39-createrepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm\npython39-cryptography-3.4.8-1.el8pc.x86_64.rpm\npython39-cryptography-debuginfo-3.4.8-1.el8pc.x86_64.rpm\npython39-frozenlist-1.3.0-2.el8pc.x86_64.rpm\npython39-frozenlist-debuginfo-1.3.0-2.el8pc.x86_64.rpm\npython39-libcomps-0.1.18-4.el8pc.x86_64.rpm\npython39-libcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm\npython39-lxml-4.7.1-2.el8pc.x86_64.rpm\npython39-lxml-debuginfo-4.7.1-2.el8pc.x86_64.rpm\npython39-markupsafe-2.0.1-3.el8pc.x86_64.rpm\npython39-markupsafe-debuginfo-2.0.1-3.el8pc.x86_64.rpm\npython39-multidict-6.0.2-2.el8pc.x86_64.rpm\npython39-multidict-debuginfo-6.0.2-2.el8pc.x86_64.rpm\npython39-psycopg2-2.9.3-2.el8pc.x86_64.rpm\npython39-psycopg2-debuginfo-2.9.3-2.el8pc.x86_64.rpm\npython39-pycairo-1.20.1-3.el8pc.x86_64.rpm\npython39-pycairo-debuginfo-1.20.1-3.el8pc.x86_64.rpm\npython39-pycares-4.1.2-2.el8pc.x86_64.rpm\npython39-pycares-debuginfo-4.1.2-2.el8pc.x86_64.rpm\npython39-pycryptodomex-3.14.1-2.el8pc.x86_64.rpm\npython39-pycryptodomex-debuginfo-3.14.1-2.el8pc.x86_64.rpm\npython39-pygobject-3.40.1-3.el8pc.x86_64.rpm\npython39-pygobject-debuginfo-3.40.1-3.el8pc.x86_64.rpm\npython39-pyrsistent-0.18.1-2.el8pc.x86_64.rpm\npython39-pyrsistent-debuginfo-0.18.1-2.el8pc.x86_64.rpm\npython39-pyyaml-5.4.1-4.el8pc.x86_64.rpm\npython39-rhsm-1.19.2-3.el8pc.x86_64.rpm\npython39-rhsm-debuginfo-1.19.2-3.el8pc.x86_64.rpm\npython39-ruamel-yaml-clib-0.2.6-2.el8pc.x86_64.rpm\npython39-ruamel-yaml-clib-debuginfo-0.2.6-2.el8pc.x86_64.rpm\npython39-solv-0.7.22-4.el8pc.x86_64.rpm\npython39-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm\npython39-yarl-1.7.2-2.el8pc.x86_64.rpm\npython39-yarl-debuginfo-1.7.2-2.el8pc.x86_64.rpm\nqpid-cpp-client-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-devel-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-devel-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-debugsource-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-ha-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-linearstore-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-dispatch-debugsource-1.14.0-6.el8.x86_64.rpm\nqpid-dispatch-router-1.14.0-6.el8.x86_64.rpm\nqpid-dispatch-router-debuginfo-1.14.0-6.el8.x86_64.rpm\nqpid-proton-c-0.33.0-4.el8.x86_64.rpm\nqpid-proton-c-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-cpp-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-debugsource-0.33.0-4.el8.x86_64.rpm\nqpid-qmf-1.39.0-7.el8amq.x86_64.rpm\nqpid-qmf-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nruby-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm\nrubygem-bcrypt-3.1.12-4.1.el8sat.x86_64.rpm\nrubygem-bcrypt-debuginfo-3.1.12-4.1.el8sat.x86_64.rpm\nrubygem-bcrypt-debugsource-3.1.12-4.1.el8sat.x86_64.rpm\nrubygem-facter-4.0.51-2.el8sat.x86_64.rpm\nrubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-ffi-debuginfo-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-http_parser.rb-0.6.0-3.1.el8sat.x86_64.rpm\nrubygem-http_parser.rb-debuginfo-0.6.0-3.1.el8sat.x86_64.rpm\nrubygem-http_parser.rb-debugsource-0.6.0-3.1.el8sat.x86_64.rpm\nrubygem-journald-native-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-journald-native-debuginfo-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-journald-native-debugsource-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-msgpack-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-msgpack-debuginfo-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-msgpack-debugsource-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-newt-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-newt-debugsource-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-nio4r-2.5.4-2.1.el8sat.x86_64.rpm\nrubygem-nio4r-debuginfo-2.5.4-2.1.el8sat.x86_64.rpm\nrubygem-nio4r-debugsource-2.5.4-2.1.el8sat.x86_64.rpm\nrubygem-nokogiri-1.13.8-1.el8sat.x86_64.rpm\nrubygem-nokogiri-debuginfo-1.13.8-1.el8sat.x86_64.rpm\nrubygem-nokogiri-debugsource-1.13.8-1.el8sat.x86_64.rpm\nrubygem-ovirt-engine-sdk-4.4.0-2.1.el8sat.x86_64.rpm\nrubygem-ovirt-engine-sdk-debuginfo-4.4.0-2.1.el8sat.x86_64.rpm\nrubygem-ovirt-engine-sdk-debugsource-4.4.0-2.1.el8sat.x86_64.rpm\nrubygem-puma-5.6.2-1.el8sat.x86_64.rpm\nrubygem-puma-debuginfo-5.6.2-1.el8sat.x86_64.rpm\nrubygem-puma-debugsource-5.6.2-1.el8sat.x86_64.rpm\nrubygem-qpid_proton-0.33.0-4.el8.x86_64.rpm\nrubygem-qpid_proton-0.33.0-5.el8sat.x86_64.rpm\nrubygem-qpid_proton-debuginfo-0.33.0-4.el8.x86_64.rpm\nrubygem-qpid_proton-debuginfo-0.33.0-5.el8sat.x86_64.rpm\nrubygem-qpid_proton-debugsource-0.33.0-5.el8sat.x86_64.rpm\nrubygem-rkerberos-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-rkerberos-debuginfo-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-rkerberos-debugsource-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-debugsource-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-sqlite3-1.4.2-1.el8sat.x86_64.rpm\nrubygem-sqlite3-debuginfo-1.4.2-1.el8sat.x86_64.rpm\nrubygem-sqlite3-debugsource-1.4.2-1.el8sat.x86_64.rpm\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unicode-0.4.4.4-4.1.el8sat.x86_64.rpm\nrubygem-unicode-debuginfo-0.4.4.4-4.1.el8sat.x86_64.rpm\nrubygem-unicode-debugsource-0.4.4.4-4.1.el8sat.x86_64.rpm\nrubygem-websocket-driver-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-websocket-driver-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-websocket-driver-debugsource-0.7.1-2.1.el8sat.x86_64.rpm\nsaslwrapper-0.22-6.el8sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm\nsaslwrapper-debugsource-0.22-6.el8sat.x86_64.rpm\nyggdrasil-worker-forwarder-0.0.1-1.el8sat.x86_64.rpm\n\nRed Hat Satellite 6.12 for RHEL 8:\n\nSource:\nansible-collection-redhat-satellite-3.7.0-2.el8sat.src.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.src.rpm\nansible-lint-5.0.8-4.el8pc.src.rpm\nansible-runner-1.4.7-1.el8ar.src.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el8sat.src.rpm\nansiblerole-insights-client-1.7.1-2.el8sat.src.rpm\ncjson-1.7.14-5.el8sat.src.rpm\ncreaterepo_c-0.20.1-1.el8pc.src.rpm\ndynflow-utils-1.6.3-1.el8sat.src.rpm\nforeman-3.3.0.17-1.el8sat.src.rpm\nforeman-bootloaders-redhat-202102220000-1.el8sat.src.rpm\nforeman-discovery-image-3.8.2-1.el8sat.src.rpm\nforeman-discovery-image-service-1.0.0-4.1.el8sat.src.rpm\nforeman-installer-3.3.0.8-1.el8sat.src.rpm\nforeman-proxy-3.3.0-1.el8sat.src.rpm\nkatello-4.5.0-1.el8sat.src.rpm\nkatello-certs-tools-2.9.0-1.el8sat.src.rpm\nkatello-client-bootstrap-1.7.9-1.el8sat.src.rpm\nlibcomps-0.1.18-4.el8pc.src.rpm\nlibdb-5.3.28-42.el8_4.src.rpm\nlibsodium-1.0.17-3.el8sat.src.rpm\nlibsolv-0.7.22-4.el8pc.src.rpm\nlibwebsockets-2.4.2-2.el8.src.rpm\nmosquitto-2.0.14-1.el8sat.src.rpm\npulpcore-selinux-1.3.2-1.el8pc.src.rpm\npuppet-agent-7.12.1-1.el8sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el8sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el8sat.src.rpm\npuppetlabs-stdlib-5.2.0-1.el8sat.src.rpm\npuppetserver-7.4.2-1.el8sat.src.rpm\npython-aiodns-3.0.0-3.el8pc.src.rpm\npython-aiofiles-0.8.0-2.el8pc.src.rpm\npython-aiohttp-3.8.1-3.el8pc.src.rpm\npython-aiohttp-xmlrpc-1.5.0-2.el8pc.src.rpm\npython-aioredis-2.0.1-2.el8pc.src.rpm\npython-aiosignal-1.2.0-2.el8pc.src.rpm\npython-ansible-builder-1.0.1-4.el8pc.src.rpm\npython-asgiref-3.5.0-2.el8pc.src.rpm\npython-async-lru-1.0.2-3.el8pc.src.rpm\npython-async-timeout-4.0.2-2.el8pc.src.rpm\npython-asyncio-throttle-1.0.2-3.el8pc.src.rpm\npython-attrs-21.4.0-2.el8pc.src.rpm\npython-backoff-1.11.1-2.el8pc.src.rpm\npython-bindep-2.10.2-4.el8pc.src.rpm\npython-bleach-3.3.1-2.el8pc.src.rpm\npython-bleach-allowlist-1.0.3-3.el8pc.src.rpm\npython-bracex-2.2.1-2.el8pc.src.rpm\npython-brotli-1.0.9-2.el8pc.src.rpm\npython-cchardet-2.1.7-4.el8pc.src.rpm\npython-certifi-2020.6.20-3.el8pc.src.rpm\npython-cffi-1.15.0-2.el8pc.src.rpm\npython-chardet-4.0.0-2.el8pc.src.rpm\npython-charset-normalizer-2.0.11-4.el8pc.src.rpm\npython-click-8.0.3-2.el8pc.src.rpm\npython-click-shell-2.1-3.el8pc.src.rpm\npython-colorama-0.4.4-3.el8pc.src.rpm\npython-commonmark-0.9.1-5.el8pc.src.rpm\npython-contextlib2-21.6.0-3.el8pc.src.rpm\npython-cryptography-3.4.8-1.el8pc.src.rpm\npython-daemon-2.1.2-9.el8ar.src.rpm\npython-dataclasses-0.8-3.el8pc.src.rpm\npython-dateutil-2.8.2-2.el8pc.src.rpm\npython-debian-0.1.43-2.el8pc.src.rpm\npython-defusedxml-0.7.1-3.el8pc.src.rpm\npython-diff-match-patch-20200713-3.el8pc.src.rpm\npython-distro-1.6.0-3.el8pc.src.rpm\npython-django-3.2.14-2.el8pc.src.rpm\npython-django-currentuser-0.5.3-5.el8pc.src.rpm\npython-django-filter-21.1-3.el8pc.src.rpm\npython-django-guardian-2.4.0-5.el8pc.src.rpm\npython-django-guid-3.2.2-1.el8pc.src.rpm\npython-django-import-export-2.7.1-6.el8pc.src.rpm\npython-django-lifecycle-0.9.6-3.el8pc.src.rpm\npython-django-prometheus-2.1.0-3.el8pc.src.rpm\npython-django-readonly-field-1.1.1-3.el8pc.src.rpm\npython-djangorestframework-3.13.1-2.el8pc.src.rpm\npython-djangorestframework-queryfields-1.0.0-5.el8pc.src.rpm\npython-drf-access-policy-1.1.0-3.el8pc.src.rpm\npython-drf-nested-routers-0.93.4-3.el8pc.src.rpm\npython-drf-spectacular-0.21.2-2.el8pc.src.rpm\npython-dynaconf-3.1.7-4.el8pc.src.rpm\npython-ecdsa-0.14.1-2.el8pc.src.rpm\npython-enrich-1.2.6-5.el8pc.src.rpm\npython-et-xmlfile-1.1.0-2.el8pc.src.rpm\npython-flake8-3.9.2-5.el8pc.src.rpm\npython-frozenlist-1.3.0-2.el8pc.src.rpm\npython-future-0.18.2-5.el8pc.src.rpm\npython-galaxy-importer-0.4.5-1.el8pc.src.rpm\npython-gitdb-4.0.9-2.el8pc.src.rpm\npython-gitpython-3.1.26-3.el8pc.src.rpm\npython-gnupg-0.4.8-2.el8pc.src.rpm\npython-gunicorn-20.1.0-5.el8pc.src.rpm\npython-idna-3.3-2.el8pc.src.rpm\npython-idna-ssl-1.1.0-5.el8pc.src.rpm\npython-importlib-metadata-4.10.1-2.el8pc.src.rpm\npython-importlib-resources-5.4.0-4.el8pc.src.rpm\npython-inflection-0.5.1-3.el8pc.src.rpm\npython-iniparse-0.4-35.el8pc.src.rpm\npython-jinja2-3.0.3-2.el8pc.src.rpm\npython-jsonschema-4.6.0-4.el8pc.src.rpm\npython-lockfile-0.11.0-8.el8ar.src.rpm\npython-lxml-4.7.1-2.el8pc.src.rpm\npython-markdown-3.3.6-3.el8pc.src.rpm\npython-markuppy-1.14-3.el8pc.src.rpm\npython-markupsafe-2.0.1-3.el8pc.src.rpm\npython-mccabe-0.6.1-3.el8pc.src.rpm\npython-multidict-6.0.2-2.el8pc.src.rpm\npython-naya-1.1.1-3.el8pc.src.rpm\npython-odfpy-1.4.1-6.el8pc.src.rpm\npython-openpyxl-3.0.9-2.el8pc.src.rpm\npython-packaging-21.3-1.el8pc.src.rpm\npython-parsley-1.3-2.el8pc.src.rpm\npython-pbr-5.8.0-4.el8pc.src.rpm\npython-pexpect-4.6-2.el8ar.src.rpm\npython-productmd-1.33-3.el8pc.src.rpm\npython-prometheus-client-0.8.0-3.el8pc.src.rpm\npython-psutil-5.7.2-2.el8sat.src.rpm\npython-psycopg2-2.9.3-2.el8pc.src.rpm\npython-pulp-ansible-0.13.2-2.el8pc.src.rpm\npython-pulp-certguard-1.5.2-3.el8pc.src.rpm\npython-pulp-cli-0.14.0-4.el8pc.src.rpm\npython-pulp-container-2.10.9-1.el8pc.src.rpm\npython-pulp-deb-2.18.0-3.el8pc.src.rpm\npython-pulp-file-1.10.2-2.el8pc.src.rpm\npython-pulp-rpm-3.18.7-1.el8pc.src.rpm\npython-pulpcore-3.18.10-1.el8pc.src.rpm\npython-pyOpenSSL-19.1.0-3.el8pc.src.rpm\npython-pycairo-1.20.1-3.el8pc.src.rpm\npython-pycares-4.1.2-2.el8pc.src.rpm\npython-pycodestyle-2.7.0-5.el8pc.src.rpm\npython-pycparser-2.21-2.el8pc.src.rpm\npython-pycryptodomex-3.14.1-2.el8pc.src.rpm\npython-pyflakes-2.3.1-5.el8pc.src.rpm\npython-pygments-2.11.2-2.el8pc.src.rpm\npython-pygobject-3.40.1-3.el8pc.src.rpm\npython-pygtrie-2.4.2-3.el8pc.src.rpm\npython-pyjwkest-1.4.2-6.el8pc.src.rpm\npython-pyjwt-1.7.1-8.el8pc.src.rpm\npython-pyparsing-2.4.7-3.el8pc.src.rpm\npython-pyrsistent-0.18.1-2.el8pc.src.rpm\npython-pytz-2021.3-2.el8pc.src.rpm\npython-pyyaml-5.4.1-4.el8pc.src.rpm\npython-qpid-1.37.0-1.el8.src.rpm\npython-redis-3.5.3-3.el8pc.src.rpm\npython-requests-2.27.1-2.el8pc.src.rpm\npython-requirements-parser-0.2.0-3.el8pc.src.rpm\npython-rhsm-1.19.2-3.el8pc.src.rpm\npython-rich-10.12.0-3.el8pc.src.rpm\npython-ruamel-yaml-0.17.20-2.el8pc.src.rpm\npython-ruamel-yaml-clib-0.2.6-2.el8pc.src.rpm\npython-schema-0.7.5-2.el8pc.src.rpm\npython-semantic-version-2.10.0-1.el8pc.src.rpm\npython-six-1.16.0-2.el8pc.src.rpm\npython-smmap-5.0.0-2.el8pc.src.rpm\npython-sqlparse-0.4.2-3.el8pc.src.rpm\npython-tablib-3.2.0-3.el8pc.src.rpm\npython-tenacity-7.0.0-3.el8pc.src.rpm\npython-toml-0.10.2-3.el8pc.src.rpm\npython-typing-extensions-3.10.0.2-2.el8pc.src.rpm\npython-uritemplate-4.1.1-2.el8pc.src.rpm\npython-url-normalize-1.4.3-4.el8pc.src.rpm\npython-urllib3-1.26.8-2.el8pc.src.rpm\npython-urlman-1.4.0-3.el8pc.src.rpm\npython-wcmatch-8.3-2.el8pc.src.rpm\npython-webencodings-0.5.1-3.el8pc.src.rpm\npython-whitenoise-6.0.0-1.el8pc.src.rpm\npython-xlrd-2.0.1-5.el8pc.src.rpm\npython-xlwt-1.3.0-3.el8pc.src.rpm\npython-yarl-1.7.2-2.el8pc.src.rpm\npython-zipp-3.4.0-4.el8pc.src.rpm\nqpid-cpp-1.39.0-7.el8amq.src.rpm\nqpid-dispatch-1.14.0-6.el8.src.rpm\nqpid-proton-0.33.0-4.el8.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el8sat.src.rpm\nrubygem-algebrick-0.7.3-8.el8sat.src.rpm\nrubygem-ansi-1.5.0-3.el8sat.src.rpm\nrubygem-apipie-params-0.0.5-5.1.el8sat.src.rpm\nrubygem-bundler_ext-0.4.1-6.el8sat.src.rpm\nrubygem-clamp-1.1.2-7.el8sat.src.rpm\nrubygem-concurrent-ruby-1.1.6-3.el8sat.src.rpm\nrubygem-concurrent-ruby-edge-0.6.0-3.el8sat.src.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.src.rpm\nrubygem-dynflow-1.6.4-1.el8sat.src.rpm\nrubygem-excon-0.76.0-2.el8sat.src.rpm\nrubygem-faraday-0.17.3-2.el8sat.src.rpm\nrubygem-faraday_middleware-0.13.1-3.el8sat.src.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.src.rpm\nrubygem-ffi-1.12.2-2.1.el8sat.src.rpm\nrubygem-foreman_maintain-1.1.8-1.el8sat.src.rpm\nrubygem-gssapi-1.2.0-8.el8sat.src.rpm\nrubygem-hashie-3.6.0-3.el8sat.src.rpm\nrubygem-highline-2.0.3-2.el8sat.src.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm\nrubygem-infoblox-3.0.0-4.el8sat.src.rpm\nrubygem-journald-logger-2.0.4-3.el8sat.src.rpm\nrubygem-journald-native-1.0.11-4.1.el8sat.src.rpm\nrubygem-jwt-2.2.2-2.el8sat.src.rpm\nrubygem-kafo-6.4.0-1.el8sat.src.rpm\nrubygem-kafo_parsers-1.2.1-1.el8sat.src.rpm\nrubygem-kafo_wizards-0.0.2-2.el8sat.src.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.src.rpm\nrubygem-logging-2.3.0-2.el8sat.src.rpm\nrubygem-logging-journald-2.0.0-3.el8sat.src.rpm\nrubygem-mime-types-3.3.1-2.el8sat.src.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm\nrubygem-mqtt-0.5.0-1.el8sat.src.rpm\nrubygem-msgpack-1.3.3-2.1.el8sat.src.rpm\nrubygem-multi_json-1.14.1-3.el8sat.src.rpm\nrubygem-multipart-post-2.0.0-3.el8sat.src.rpm\nrubygem-mustermann-1.1.1-1.el8sat.src.rpm\nrubygem-net-ssh-4.2.0-3.el8sat.src.rpm\nrubygem-net-ssh-krb-0.4.0-4.el8sat.src.rpm\nrubygem-netrc-0.11.0-6.el8sat.src.rpm\nrubygem-newt-0.9.7-3.1.el8sat.src.rpm\nrubygem-nokogiri-1.13.8-1.el8sat.src.rpm\nrubygem-oauth-0.5.4-5.el8sat.src.rpm\nrubygem-openscap-0.4.9-7.el8sat.src.rpm\nrubygem-openscap_parser-1.0.2-2.el8sat.src.rpm\nrubygem-powerbar-2.0.1-3.el8sat.src.rpm\nrubygem-rack-2.2.4-1.el8sat.src.rpm\nrubygem-rack-protection-2.2.0-1.el8sat.src.rpm\nrubygem-rb-inotify-0.9.7-6.el8sat.src.rpm\nrubygem-rbnacl-4.0.2-2.el8sat.src.rpm\nrubygem-redfish_client-0.5.2-2.el8sat.src.rpm\nrubygem-rest-client-2.0.2-4.el8sat.src.rpm\nrubygem-rkerberos-0.1.5-20.1.el8sat.src.rpm\nrubygem-rsec-0.4.3-5.el8sat.src.rpm\nrubygem-ruby-libvirt-0.7.1-2.1.el8sat.src.rpm\nrubygem-ruby2_keywords-0.0.4-1.el8sat.src.rpm\nrubygem-rubyipmi-0.11.0-1.el8sat.src.rpm\nrubygem-sd_notify-0.1.0-2.el8sat.src.rpm\nrubygem-sequel-5.53.0-1.el8sat.src.rpm\nrubygem-server_sent_events-0.1.2-2.el8sat.src.rpm\nrubygem-sinatra-2.2.0-1.el8sat.src.rpm\nrubygem-smart_proxy_ansible-3.4.1-2.el8sat.src.rpm\nrubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.src.rpm\nrubygem-smart_proxy_dhcp_infoblox-0.0.16-7.el8sat.src.rpm\nrubygem-smart_proxy_dhcp_remote_isc-0.0.5-6.el8sat.src.rpm\nrubygem-smart_proxy_discovery-1.0.5-9.el8sat.src.rpm\nrubygem-smart_proxy_discovery_image-1.6.0-2.el8sat.src.rpm\nrubygem-smart_proxy_dns_infoblox-1.1.0-7.el8sat.src.rpm\nrubygem-smart_proxy_dynflow-0.8.2-1.el8sat.src.rpm\nrubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.src.rpm\nrubygem-smart_proxy_openscap-0.9.2-1.el8sat.src.rpm\nrubygem-smart_proxy_pulp-3.2.0-3.el8sat.src.rpm\nrubygem-smart_proxy_remote_execution_ssh-0.7.3-1.el8sat.src.rpm\nrubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.src.rpm\nrubygem-sqlite3-1.4.2-1.el8sat.src.rpm\nrubygem-statsd-instrument-2.1.4-4.el8sat.src.rpm\nrubygem-tilt-2.0.8-5.el8sat.src.rpm\nrubygem-unf-0.1.3-9.el8sat.src.rpm\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm\nsaslwrapper-0.22-6.el8sat.src.rpm\nsatellite-6.12.0-4.el8sat.src.rpm\nsatellite-installer-6.12.0.5-1.el8sat.src.rpm\nsatellite-maintain-0.0.1-1.el8sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-3.7.0-2.el8sat.noarch.rpm\nansible-collection-redhat-satellite_operations-1.2.3-1.el8sat.noarch.rpm\nansible-lint-5.0.8-4.el8pc.noarch.rpm\nansible-runner-1.4.7-1.el8ar.noarch.rpm\nansiblerole-foreman_scap_client-0.2.0-2.el8sat.noarch.rpm\nansiblerole-insights-client-1.7.1-2.el8sat.noarch.rpm\nforeman-bootloaders-redhat-202102220000-1.el8sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202102220000-1.el8sat.noarch.rpm\nforeman-debug-3.3.0.17-1.el8sat.noarch.rpm\nforeman-discovery-image-3.8.2-1.el8sat.noarch.rpm\nforeman-installer-3.3.0.8-1.el8sat.noarch.rpm\nforeman-installer-katello-3.3.0.8-1.el8sat.noarch.rpm\nforeman-proxy-3.3.0-1.el8sat.noarch.rpm\nforeman-proxy-content-4.5.0-1.el8sat.noarch.rpm\nforeman-proxy-journald-3.3.0-1.el8sat.noarch.rpm\nkatello-certs-tools-2.9.0-1.el8sat.noarch.rpm\nkatello-client-bootstrap-1.7.9-1.el8sat.noarch.rpm\nkatello-common-4.5.0-1.el8sat.noarch.rpm\nkatello-debug-4.5.0-1.el8sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el8sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el8sat.noarch.rpm\npuppetlabs-stdlib-5.2.0-1.el8sat.noarch.rpm\npuppetserver-7.4.2-1.el8sat.noarch.rpm\npython2-qpid-1.37.0-1.el8.noarch.rpm\npython3-ansible-runner-1.4.7-1.el8ar.noarch.rpm\npython3-daemon-2.1.2-9.el8ar.noarch.rpm\npython3-lockfile-0.11.0-8.el8ar.noarch.rpm\npython3-pexpect-4.6-2.el8ar.noarch.rpm\npython39-aiodns-3.0.0-3.el8pc.noarch.rpm\npython39-aiofiles-0.8.0-2.el8pc.noarch.rpm\npython39-aiohttp-xmlrpc-1.5.0-2.el8pc.noarch.rpm\npython39-aioredis-2.0.1-2.el8pc.noarch.rpm\npython39-aiosignal-1.2.0-2.el8pc.noarch.rpm\npython39-ansible-builder-1.0.1-4.el8pc.noarch.rpm\npython39-asgiref-3.5.0-2.el8pc.noarch.rpm\npython39-async-lru-1.0.2-3.el8pc.noarch.rpm\npython39-async-timeout-4.0.2-2.el8pc.noarch.rpm\npython39-asyncio-throttle-1.0.2-3.el8pc.noarch.rpm\npython39-attrs-21.4.0-2.el8pc.noarch.rpm\npython39-backoff-1.11.1-2.el8pc.noarch.rpm\npython39-bindep-2.10.2-4.el8pc.noarch.rpm\npython39-bleach-3.3.1-2.el8pc.noarch.rpm\npython39-bleach-allowlist-1.0.3-3.el8pc.noarch.rpm\npython39-bracex-2.2.1-2.el8pc.noarch.rpm\npython39-certifi-2020.6.20-3.el8pc.noarch.rpm\npython39-chardet-4.0.0-2.el8pc.noarch.rpm\npython39-charset-normalizer-2.0.11-4.el8pc.noarch.rpm\npython39-click-8.0.3-2.el8pc.noarch.rpm\npython39-click-shell-2.1-3.el8pc.noarch.rpm\npython39-colorama-0.4.4-3.el8pc.noarch.rpm\npython39-commonmark-0.9.1-5.el8pc.noarch.rpm\npython39-contextlib2-21.6.0-3.el8pc.noarch.rpm\npython39-dataclasses-0.8-3.el8pc.noarch.rpm\npython39-dateutil-2.8.2-2.el8pc.noarch.rpm\npython39-debian-0.1.43-2.el8pc.noarch.rpm\npython39-defusedxml-0.7.1-3.el8pc.noarch.rpm\npython39-diff-match-patch-20200713-3.el8pc.noarch.rpm\npython39-distro-1.6.0-3.el8pc.noarch.rpm\npython39-django-3.2.14-2.el8pc.noarch.rpm\npython39-django-currentuser-0.5.3-5.el8pc.noarch.rpm\npython39-django-filter-21.1-3.el8pc.noarch.rpm\npython39-django-guardian-2.4.0-5.el8pc.noarch.rpm\npython39-django-guid-3.2.2-1.el8pc.noarch.rpm\npython39-django-import-export-2.7.1-6.el8pc.noarch.rpm\npython39-django-lifecycle-0.9.6-3.el8pc.noarch.rpm\npython39-django-prometheus-2.1.0-3.el8pc.noarch.rpm\npython39-django-readonly-field-1.1.1-3.el8pc.noarch.rpm\npython39-djangorestframework-3.13.1-2.el8pc.noarch.rpm\npython39-djangorestframework-queryfields-1.0.0-5.el8pc.noarch.rpm\npython39-drf-access-policy-1.1.0-3.el8pc.noarch.rpm\npython39-drf-nested-routers-0.93.4-3.el8pc.noarch.rpm\npython39-drf-spectacular-0.21.2-2.el8pc.noarch.rpm\npython39-dynaconf-3.1.7-4.el8pc.noarch.rpm\npython39-ecdsa-0.14.1-2.el8pc.noarch.rpm\npython39-enrich-1.2.6-5.el8pc.noarch.rpm\npython39-et-xmlfile-1.1.0-2.el8pc.noarch.rpm\npython39-flake8-3.9.2-5.el8pc.noarch.rpm\npython39-future-0.18.2-5.el8pc.noarch.rpm\npython39-galaxy-importer-0.4.5-1.el8pc.noarch.rpm\npython39-gitdb-4.0.9-2.el8pc.noarch.rpm\npython39-gitpython-3.1.26-3.el8pc.noarch.rpm\npython39-gnupg-0.4.8-2.el8pc.noarch.rpm\npython39-gunicorn-20.1.0-5.el8pc.noarch.rpm\npython39-idna-3.3-2.el8pc.noarch.rpm\npython39-idna-ssl-1.1.0-5.el8pc.noarch.rpm\npython39-importlib-metadata-4.10.1-2.el8pc.noarch.rpm\npython39-importlib-resources-5.4.0-4.el8pc.noarch.rpm\npython39-inflection-0.5.1-3.el8pc.noarch.rpm\npython39-iniparse-0.4-35.el8pc.noarch.rpm\npython39-jinja2-3.0.3-2.el8pc.noarch.rpm\npython39-jsonschema-4.6.0-4.el8pc.noarch.rpm\npython39-markdown-3.3.6-3.el8pc.noarch.rpm\npython39-markuppy-1.14-3.el8pc.noarch.rpm\npython39-mccabe-0.6.1-3.el8pc.noarch.rpm\npython39-naya-1.1.1-3.el8pc.noarch.rpm\npython39-odfpy-1.4.1-6.el8pc.noarch.rpm\npython39-openpyxl-3.0.9-2.el8pc.noarch.rpm\npython39-packaging-21.3-1.el8pc.noarch.rpm\npython39-parsley-1.3-2.el8pc.noarch.rpm\npython39-pbr-5.8.0-4.el8pc.noarch.rpm\npython39-productmd-1.33-3.el8pc.noarch.rpm\npython39-prometheus-client-0.8.0-3.el8pc.noarch.rpm\npython39-pulp-ansible-0.13.2-2.el8pc.noarch.rpm\npython39-pulp-certguard-1.5.2-3.el8pc.noarch.rpm\npython39-pulp-cli-0.14.0-4.el8pc.noarch.rpm\npython39-pulp-container-2.10.9-1.el8pc.noarch.rpm\npython39-pulp-deb-2.18.0-3.el8pc.noarch.rpm\npython39-pulp-file-1.10.2-2.el8pc.noarch.rpm\npython39-pulp-rpm-3.18.7-1.el8pc.noarch.rpm\npython39-pulpcore-3.18.10-1.el8pc.noarch.rpm\npython39-pyOpenSSL-19.1.0-3.el8pc.noarch.rpm\npython39-pycodestyle-2.7.0-5.el8pc.noarch.rpm\npython39-pycparser-2.21-2.el8pc.noarch.rpm\npython39-pyflakes-2.3.1-5.el8pc.noarch.rpm\npython39-pygments-2.11.2-2.el8pc.noarch.rpm\npython39-pygtrie-2.4.2-3.el8pc.noarch.rpm\npython39-pyjwkest-1.4.2-6.el8pc.noarch.rpm\npython39-pyjwt-1.7.1-8.el8pc.noarch.rpm\npython39-pyparsing-2.4.7-3.el8pc.noarch.rpm\npython39-pytz-2021.3-2.el8pc.noarch.rpm\npython39-redis-3.5.3-3.el8pc.noarch.rpm\npython39-requests-2.27.1-2.el8pc.noarch.rpm\npython39-requirements-parser-0.2.0-3.el8pc.noarch.rpm\npython39-rich-10.12.0-3.el8pc.noarch.rpm\npython39-ruamel-yaml-0.17.20-2.el8pc.noarch.rpm\npython39-schema-0.7.5-2.el8pc.noarch.rpm\npython39-semantic-version-2.10.0-1.el8pc.noarch.rpm\npython39-six-1.16.0-2.el8pc.noarch.rpm\npython39-smmap-5.0.0-2.el8pc.noarch.rpm\npython39-sqlparse-0.4.2-3.el8pc.noarch.rpm\npython39-tablib-3.2.0-3.el8pc.noarch.rpm\npython39-tenacity-7.0.0-3.el8pc.noarch.rpm\npython39-toml-0.10.2-3.el8pc.noarch.rpm\npython39-typing-extensions-3.10.0.2-2.el8pc.noarch.rpm\npython39-uritemplate-4.1.1-2.el8pc.noarch.rpm\npython39-url-normalize-1.4.3-4.el8pc.noarch.rpm\npython39-urllib3-1.26.8-2.el8pc.noarch.rpm\npython39-urlman-1.4.0-3.el8pc.noarch.rpm\npython39-wcmatch-8.3-2.el8pc.noarch.rpm\npython39-webencodings-0.5.1-3.el8pc.noarch.rpm\npython39-whitenoise-6.0.0-1.el8pc.noarch.rpm\npython39-xlrd-2.0.1-5.el8pc.noarch.rpm\npython39-xlwt-1.3.0-3.el8pc.noarch.rpm\npython39-zipp-3.4.0-4.el8pc.noarch.rpm\nqpid-tools-1.39.0-7.el8amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el8sat.noarch.rpm\nrubygem-algebrick-0.7.3-8.el8sat.noarch.rpm\nrubygem-ansi-1.5.0-3.el8sat.noarch.rpm\nrubygem-apipie-params-0.0.5-5.1.el8sat.noarch.rpm\nrubygem-bundler_ext-0.4.1-6.el8sat.noarch.rpm\nrubygem-clamp-1.1.2-7.el8sat.noarch.rpm\nrubygem-concurrent-ruby-1.1.6-3.el8sat.noarch.rpm\nrubygem-concurrent-ruby-edge-0.6.0-3.el8sat.noarch.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm\nrubygem-dynflow-1.6.4-1.el8sat.noarch.rpm\nrubygem-excon-0.76.0-2.el8sat.noarch.rpm\nrubygem-faraday-0.17.3-2.el8sat.noarch.rpm\nrubygem-faraday_middleware-0.13.1-3.el8sat.noarch.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm\nrubygem-foreman_maintain-1.1.8-1.el8sat.noarch.rpm\nrubygem-gssapi-1.2.0-8.el8sat.noarch.rpm\nrubygem-hashie-3.6.0-3.el8sat.noarch.rpm\nrubygem-highline-2.0.3-2.el8sat.noarch.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm\nrubygem-infoblox-3.0.0-4.el8sat.noarch.rpm\nrubygem-journald-logger-2.0.4-3.el8sat.noarch.rpm\nrubygem-jwt-2.2.2-2.el8sat.noarch.rpm\nrubygem-kafo-6.4.0-1.el8sat.noarch.rpm\nrubygem-kafo_parsers-1.2.1-1.el8sat.noarch.rpm\nrubygem-kafo_wizards-0.0.2-2.el8sat.noarch.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm\nrubygem-logging-2.3.0-2.el8sat.noarch.rpm\nrubygem-logging-journald-2.0.0-3.el8sat.noarch.rpm\nrubygem-mime-types-3.3.1-2.el8sat.noarch.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm\nrubygem-mqtt-0.5.0-1.el8sat.noarch.rpm\nrubygem-multi_json-1.14.1-3.el8sat.noarch.rpm\nrubygem-multipart-post-2.0.0-3.el8sat.noarch.rpm\nrubygem-mustermann-1.1.1-1.el8sat.noarch.rpm\nrubygem-net-ssh-4.2.0-3.el8sat.noarch.rpm\nrubygem-net-ssh-krb-0.4.0-4.el8sat.noarch.rpm\nrubygem-netrc-0.11.0-6.el8sat.noarch.rpm\nrubygem-oauth-0.5.4-5.el8sat.noarch.rpm\nrubygem-openscap-0.4.9-7.el8sat.noarch.rpm\nrubygem-openscap_parser-1.0.2-2.el8sat.noarch.rpm\nrubygem-powerbar-2.0.1-3.el8sat.noarch.rpm\nrubygem-rack-2.2.4-1.el8sat.noarch.rpm\nrubygem-rack-protection-2.2.0-1.el8sat.noarch.rpm\nrubygem-rb-inotify-0.9.7-6.el8sat.noarch.rpm\nrubygem-rbnacl-4.0.2-2.el8sat.noarch.rpm\nrubygem-redfish_client-0.5.2-2.el8sat.noarch.rpm\nrubygem-rest-client-2.0.2-4.el8sat.noarch.rpm\nrubygem-rsec-0.4.3-5.el8sat.noarch.rpm\nrubygem-ruby2_keywords-0.0.4-1.el8sat.noarch.rpm\nrubygem-rubyipmi-0.11.0-1.el8sat.noarch.rpm\nrubygem-sd_notify-0.1.0-2.el8sat.noarch.rpm\nrubygem-sequel-5.53.0-1.el8sat.noarch.rpm\nrubygem-server_sent_events-0.1.2-2.el8sat.noarch.rpm\nrubygem-sinatra-2.2.0-1.el8sat.noarch.rpm\nrubygem-smart_proxy_ansible-3.4.1-2.el8sat.noarch.rpm\nrubygem-smart_proxy_container_gateway-1.0.6-1.el8sat.noarch.rpm\nrubygem-smart_proxy_dhcp_infoblox-0.0.16-7.el8sat.noarch.rpm\nrubygem-smart_proxy_dhcp_remote_isc-0.0.5-6.el8sat.noarch.rpm\nrubygem-smart_proxy_discovery-1.0.5-9.el8sat.noarch.rpm\nrubygem-smart_proxy_discovery_image-1.6.0-2.el8sat.noarch.rpm\nrubygem-smart_proxy_dns_infoblox-1.1.0-7.el8sat.noarch.rpm\nrubygem-smart_proxy_dynflow-0.8.2-1.el8sat.noarch.rpm\nrubygem-smart_proxy_dynflow_core-0.4.1-1.el8sat.noarch.rpm\nrubygem-smart_proxy_openscap-0.9.2-1.el8sat.noarch.rpm\nrubygem-smart_proxy_pulp-3.2.0-3.el8sat.noarch.rpm\nrubygem-smart_proxy_remote_execution_ssh-0.7.3-1.el8sat.noarch.rpm\nrubygem-smart_proxy_shellhooks-0.9.2-2.el8sat.noarch.rpm\nrubygem-statsd-instrument-2.1.4-4.el8sat.noarch.rpm\nrubygem-tilt-2.0.8-5.el8sat.noarch.rpm\nrubygem-unf-0.1.3-9.el8sat.noarch.rpm\nsatellite-capsule-6.12.0-4.el8sat.noarch.rpm\nsatellite-common-6.12.0-4.el8sat.noarch.rpm\nsatellite-installer-6.12.0.5-1.el8sat.noarch.rpm\nsatellite-maintain-0.0.1-1.el8sat.noarch.rpm\n\nx86_64:\ncjson-1.7.14-5.el8sat.x86_64.rpm\ncjson-debuginfo-1.7.14-5.el8sat.x86_64.rpm\ncjson-debugsource-1.7.14-5.el8sat.x86_64.rpm\ncreaterepo_c-0.20.1-1.el8pc.x86_64.rpm\ncreaterepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm\ncreaterepo_c-debugsource-0.20.1-1.el8pc.x86_64.rpm\ncreaterepo_c-libs-0.20.1-1.el8pc.x86_64.rpm\ncreaterepo_c-libs-debuginfo-0.20.1-1.el8pc.x86_64.rpm\ndynflow-utils-1.6.3-1.el8sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-4.1.el8sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-4.1.el8sat.x86_64.rpm\nlibcomps-0.1.18-4.el8pc.x86_64.rpm\nlibcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm\nlibcomps-debugsource-0.1.18-4.el8pc.x86_64.rpm\nlibdb-cxx-5.3.28-42.el8_4.x86_64.rpm\nlibdb-cxx-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-debugsource-5.3.28-42.el8_4.x86_64.rpm\nlibdb-java-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-sql-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-sql-devel-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-tcl-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibdb-utils-debuginfo-5.3.28-42.el8_4.x86_64.rpm\nlibsodium-1.0.17-3.el8sat.x86_64.rpm\nlibsodium-debuginfo-1.0.17-3.el8sat.x86_64.rpm\nlibsodium-debugsource-1.0.17-3.el8sat.x86_64.rpm\nlibsolv-0.7.22-4.el8pc.x86_64.rpm\nlibsolv-debuginfo-0.7.22-4.el8pc.x86_64.rpm\nlibsolv-debugsource-0.7.22-4.el8pc.x86_64.rpm\nlibsolv-demo-debuginfo-0.7.22-4.el8pc.x86_64.rpm\nlibsolv-tools-debuginfo-0.7.22-4.el8pc.x86_64.rpm\nlibwebsockets-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-debugsource-2.4.2-2.el8.x86_64.rpm\nlibwebsockets-tests-debuginfo-2.4.2-2.el8.x86_64.rpm\nmosquitto-2.0.14-1.el8sat.x86_64.rpm\nmosquitto-debuginfo-2.0.14-1.el8sat.x86_64.rpm\nmosquitto-debugsource-2.0.14-1.el8sat.x86_64.rpm\npulpcore-selinux-1.3.2-1.el8pc.x86_64.rpm\npuppet-agent-7.12.1-1.el8sat.x86_64.rpm\npython-aiohttp-debugsource-3.8.1-3.el8pc.x86_64.rpm\npython-brotli-debugsource-1.0.9-2.el8pc.x86_64.rpm\npython-cchardet-debugsource-2.1.7-4.el8pc.x86_64.rpm\npython-cffi-debugsource-1.15.0-2.el8pc.x86_64.rpm\npython-cryptography-debugsource-3.4.8-1.el8pc.x86_64.rpm\npython-frozenlist-debugsource-1.3.0-2.el8pc.x86_64.rpm\npython-lxml-debugsource-4.7.1-2.el8pc.x86_64.rpm\npython-markupsafe-debugsource-2.0.1-3.el8pc.x86_64.rpm\npython-multidict-debugsource-6.0.2-2.el8pc.x86_64.rpm\npython-psutil-debugsource-5.7.2-2.el8sat.x86_64.rpm\npython-psycopg2-debugsource-2.9.3-2.el8pc.x86_64.rpm\npython-pycairo-debugsource-1.20.1-3.el8pc.x86_64.rpm\npython-pycares-debugsource-4.1.2-2.el8pc.x86_64.rpm\npython-pycryptodomex-debugsource-3.14.1-2.el8pc.x86_64.rpm\npython-pygobject-debugsource-3.40.1-3.el8pc.x86_64.rpm\npython-pyrsistent-debugsource-0.18.1-2.el8pc.x86_64.rpm\npython-rhsm-debugsource-1.19.2-3.el8pc.x86_64.rpm\npython-ruamel-yaml-clib-debugsource-0.2.6-2.el8pc.x86_64.rpm\npython-yarl-debugsource-1.7.2-2.el8pc.x86_64.rpm\npython2-qpid-qmf-1.39.0-7.el8amq.x86_64.rpm\npython2-saslwrapper-0.22-6.el8sat.x86_64.rpm\npython2-saslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm\npython3-createrepo_c-0.20.1-1.el8pc.x86_64.rpm\npython3-createrepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm\npython3-libcomps-0.1.18-4.el8pc.x86_64.rpm\npython3-libcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm\npython3-psutil-5.7.2-2.el8sat.x86_64.rpm\npython3-psutil-debuginfo-5.7.2-2.el8sat.x86_64.rpm\npython3-qpid-proton-0.33.0-4.el8.x86_64.rpm\npython3-qpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm\npython3-solv-0.7.22-4.el8pc.x86_64.rpm\npython3-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm\npython39-aiohttp-3.8.1-3.el8pc.x86_64.rpm\npython39-aiohttp-debuginfo-3.8.1-3.el8pc.x86_64.rpm\npython39-brotli-1.0.9-2.el8pc.x86_64.rpm\npython39-brotli-debuginfo-1.0.9-2.el8pc.x86_64.rpm\npython39-cchardet-2.1.7-4.el8pc.x86_64.rpm\npython39-cchardet-debuginfo-2.1.7-4.el8pc.x86_64.rpm\npython39-cffi-1.15.0-2.el8pc.x86_64.rpm\npython39-cffi-debuginfo-1.15.0-2.el8pc.x86_64.rpm\npython39-createrepo_c-0.20.1-1.el8pc.x86_64.rpm\npython39-createrepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm\npython39-cryptography-3.4.8-1.el8pc.x86_64.rpm\npython39-cryptography-debuginfo-3.4.8-1.el8pc.x86_64.rpm\npython39-frozenlist-1.3.0-2.el8pc.x86_64.rpm\npython39-frozenlist-debuginfo-1.3.0-2.el8pc.x86_64.rpm\npython39-libcomps-0.1.18-4.el8pc.x86_64.rpm\npython39-libcomps-debuginfo-0.1.18-4.el8pc.x86_64.rpm\npython39-lxml-4.7.1-2.el8pc.x86_64.rpm\npython39-lxml-debuginfo-4.7.1-2.el8pc.x86_64.rpm\npython39-markupsafe-2.0.1-3.el8pc.x86_64.rpm\npython39-markupsafe-debuginfo-2.0.1-3.el8pc.x86_64.rpm\npython39-multidict-6.0.2-2.el8pc.x86_64.rpm\npython39-multidict-debuginfo-6.0.2-2.el8pc.x86_64.rpm\npython39-psycopg2-2.9.3-2.el8pc.x86_64.rpm\npython39-psycopg2-debuginfo-2.9.3-2.el8pc.x86_64.rpm\npython39-pycairo-1.20.1-3.el8pc.x86_64.rpm\npython39-pycairo-debuginfo-1.20.1-3.el8pc.x86_64.rpm\npython39-pycares-4.1.2-2.el8pc.x86_64.rpm\npython39-pycares-debuginfo-4.1.2-2.el8pc.x86_64.rpm\npython39-pycryptodomex-3.14.1-2.el8pc.x86_64.rpm\npython39-pycryptodomex-debuginfo-3.14.1-2.el8pc.x86_64.rpm\npython39-pygobject-3.40.1-3.el8pc.x86_64.rpm\npython39-pygobject-debuginfo-3.40.1-3.el8pc.x86_64.rpm\npython39-pyrsistent-0.18.1-2.el8pc.x86_64.rpm\npython39-pyrsistent-debuginfo-0.18.1-2.el8pc.x86_64.rpm\npython39-pyyaml-5.4.1-4.el8pc.x86_64.rpm\npython39-rhsm-1.19.2-3.el8pc.x86_64.rpm\npython39-rhsm-debuginfo-1.19.2-3.el8pc.x86_64.rpm\npython39-ruamel-yaml-clib-0.2.6-2.el8pc.x86_64.rpm\npython39-ruamel-yaml-clib-debuginfo-0.2.6-2.el8pc.x86_64.rpm\npython39-solv-0.7.22-4.el8pc.x86_64.rpm\npython39-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm\npython39-yarl-1.7.2-2.el8pc.x86_64.rpm\npython39-yarl-debuginfo-1.7.2-2.el8pc.x86_64.rpm\nqpid-cpp-client-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-devel-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-client-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-debugsource-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-ha-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-linearstore-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-cpp-server-rdma-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nqpid-dispatch-debugsource-1.14.0-6.el8.x86_64.rpm\nqpid-dispatch-router-1.14.0-6.el8.x86_64.rpm\nqpid-dispatch-router-debuginfo-1.14.0-6.el8.x86_64.rpm\nqpid-proton-c-0.33.0-4.el8.x86_64.rpm\nqpid-proton-c-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-cpp-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-debuginfo-0.33.0-4.el8.x86_64.rpm\nqpid-proton-debugsource-0.33.0-4.el8.x86_64.rpm\nqpid-qmf-1.39.0-7.el8amq.x86_64.rpm\nqpid-qmf-debuginfo-1.39.0-7.el8amq.x86_64.rpm\nruby-solv-debuginfo-0.7.22-4.el8pc.x86_64.rpm\nrubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-ffi-debuginfo-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-journald-native-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-journald-native-debuginfo-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-journald-native-debugsource-1.0.11-4.1.el8sat.x86_64.rpm\nrubygem-msgpack-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-msgpack-debuginfo-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-msgpack-debugsource-1.3.3-2.1.el8sat.x86_64.rpm\nrubygem-newt-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-newt-debugsource-0.9.7-3.1.el8sat.x86_64.rpm\nrubygem-nokogiri-1.13.8-1.el8sat.x86_64.rpm\nrubygem-nokogiri-debuginfo-1.13.8-1.el8sat.x86_64.rpm\nrubygem-nokogiri-debugsource-1.13.8-1.el8sat.x86_64.rpm\nrubygem-qpid_proton-debuginfo-0.33.0-4.el8.x86_64.rpm\nrubygem-rkerberos-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-rkerberos-debuginfo-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-rkerberos-debugsource-0.1.5-20.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-debuginfo-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-ruby-libvirt-debugsource-0.7.1-2.1.el8sat.x86_64.rpm\nrubygem-sqlite3-1.4.2-1.el8sat.x86_64.rpm\nrubygem-sqlite3-debuginfo-1.4.2-1.el8sat.x86_64.rpm\nrubygem-sqlite3-debugsource-1.4.2-1.el8sat.x86_64.rpm\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm\nsaslwrapper-0.22-6.el8sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-6.el8sat.x86_64.rpm\nsaslwrapper-debugsource-0.22-6.el8sat.x86_64.rpm\n\nRed Hat Satellite 6.12 for RHEL 8:\n\nSource:\nrubygem-clamp-1.1.2-7.el8sat.src.rpm\nrubygem-foreman_maintain-1.1.8-1.el8sat.src.rpm\nrubygem-highline-2.0.3-2.el8sat.src.rpm\nsatellite-clone-3.2.0-1.el8sat.src.rpm\nsatellite-maintain-0.0.1-1.el8sat.src.rpm\n\nnoarch:\nrubygem-clamp-1.1.2-7.el8sat.noarch.rpm\nrubygem-foreman_maintain-1.1.8-1.el8sat.noarch.rpm\nrubygem-highline-2.0.3-2.el8sat.noarch.rpm\nsatellite-clone-3.2.0-1.el8sat.noarch.rpm\nsatellite-maintain-0.0.1-1.el8sat.noarch.rpm\n\nRed Hat Satellite 6.12 for RHEL 8:\n\nSource:\nforeman-3.3.0.17-1.el8sat.src.rpm\npython-pulp_manifest-3.0.0-3.el8pc.src.rpm\nrubygem-amazing_print-1.1.0-2.el8sat.src.rpm\nrubygem-apipie-bindings-0.5.0-1.el8sat.src.rpm\nrubygem-clamp-1.1.2-7.el8sat.src.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.src.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.src.rpm\nrubygem-ffi-1.12.2-2.1.el8sat.src.rpm\nrubygem-gssapi-1.2.0-8.el8sat.src.rpm\nrubygem-hammer_cli-3.3.0-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman-3.3.0.1-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.src.rpm\nrubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_tasks-0.0.18-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.src.rpm\nrubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.src.rpm\nrubygem-hammer_cli_foreman_webhooks-0.0.3-1.el8sat.src.rpm\nrubygem-hammer_cli_katello-1.6.0.1-1.el8sat.src.rpm\nrubygem-hashie-3.6.0-3.el8sat.src.rpm\nrubygem-highline-2.0.3-2.el8sat.src.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.src.rpm\nrubygem-jwt-2.2.2-2.el8sat.src.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.src.rpm\nrubygem-locale-2.0.9-15.el8sat.src.rpm\nrubygem-logging-2.3.0-2.el8sat.src.rpm\nrubygem-mime-types-3.3.1-2.el8sat.src.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.src.rpm\nrubygem-multi_json-1.14.1-3.el8sat.src.rpm\nrubygem-netrc-0.11.0-6.el8sat.src.rpm\nrubygem-oauth-0.5.4-5.el8sat.src.rpm\nrubygem-powerbar-2.0.1-3.el8sat.src.rpm\nrubygem-rest-client-2.0.2-4.el8sat.src.rpm\nrubygem-unf-0.1.3-9.el8sat.src.rpm\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.src.rpm\nrubygem-unicode-0.4.4.4-4.1.el8sat.src.rpm\nrubygem-unicode-display_width-1.7.0-2.el8sat.src.rpm\nsatellite-6.12.0-4.el8sat.src.rpm\n\nnoarch:\nforeman-cli-3.3.0.17-1.el8sat.noarch.rpm\npython39-pulp_manifest-3.0.0-3.el8pc.noarch.rpm\nrubygem-amazing_print-1.1.0-2.el8sat.noarch.rpm\nrubygem-apipie-bindings-0.5.0-1.el8sat.noarch.rpm\nrubygem-clamp-1.1.2-7.el8sat.noarch.rpm\nrubygem-domain_name-0.5.20160310-5.el8sat.noarch.rpm\nrubygem-fast_gettext-1.4.1-5.el8sat.noarch.rpm\nrubygem-gssapi-1.2.0-8.el8sat.noarch.rpm\nrubygem-hammer_cli-3.3.0-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman-3.3.0.1-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_admin-1.1.0-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_ansible-0.3.4-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_azure_rm-0.2.2-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_discovery-1.1.0-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_openscap-0.1.13-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_remote_execution-0.2.2-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_tasks-0.0.18-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_templates-0.2.0-2.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_virt_who_configure-0.0.9-1.el8sat.noarch.rpm\nrubygem-hammer_cli_foreman_webhooks-0.0.3-1.el8sat.noarch.rpm\nrubygem-hammer_cli_katello-1.6.0.1-1.el8sat.noarch.rpm\nrubygem-hashie-3.6.0-3.el8sat.noarch.rpm\nrubygem-highline-2.0.3-2.el8sat.noarch.rpm\nrubygem-http-cookie-1.0.2-5.1.el8sat.noarch.rpm\nrubygem-jwt-2.2.2-2.el8sat.noarch.rpm\nrubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm\nrubygem-locale-2.0.9-15.el8sat.noarch.rpm\nrubygem-logging-2.3.0-2.el8sat.noarch.rpm\nrubygem-mime-types-3.3.1-2.el8sat.noarch.rpm\nrubygem-mime-types-data-3.2018.0812-5.el8sat.noarch.rpm\nrubygem-multi_json-1.14.1-3.el8sat.noarch.rpm\nrubygem-netrc-0.11.0-6.el8sat.noarch.rpm\nrubygem-oauth-0.5.4-5.el8sat.noarch.rpm\nrubygem-powerbar-2.0.1-3.el8sat.noarch.rpm\nrubygem-rest-client-2.0.2-4.el8sat.noarch.rpm\nrubygem-unf-0.1.3-9.el8sat.noarch.rpm\nrubygem-unicode-display_width-1.7.0-2.el8sat.noarch.rpm\nsatellite-cli-6.12.0-4.el8sat.noarch.rpm\n\nx86_64:\nrubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-ffi-debuginfo-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpm\nrubygem-unf_ext-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debuginfo-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unf_ext-debugsource-0.0.7.2-4.1.el8sat.x86_64.rpm\nrubygem-unicode-0.4.4.4-4.1.el8sat.x86_64.rpm\nrubygem-unicode-debuginfo-0.4.4.4-4.1.el8sat.x86_64.rpm\nrubygem-unicode-debugsource-0.4.4.4-4.1.el8sat.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-37136\nhttps://access.redhat.com/security/cve/CVE-2021-37137\nhttps://access.redhat.com/security/cve/CVE-2022-22818\nhttps://access.redhat.com/security/cve/CVE-2022-24836\nhttps://access.redhat.com/security/cve/CVE-2022-25648\nhttps://access.redhat.com/security/cve/CVE-2022-29970\nhttps://access.redhat.com/security/cve/CVE-2022-32209\nhttps://access.redhat.com/security/cve/CVE-2022-34265\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-12-13-4 macOS Ventura 13.1\n\nmacOS Ventura 13.1 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213532. \n\nAccounts\nAvailable for: macOS Ventura\nImpact: A user may be able to view sensitive user information\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42843: Mickey Jin (@patch1t)\n\nAMD\nAvailable for: macOS Ventura\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-42847: ABC Research s.r.o. \n\nAppleMobileFileIntegrity\nAvailable for: macOS Ventura\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2022-42865: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nBluetooth\nAvailable for: macOS Ventura\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42854: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. \nLtd. (@starlabs_sg)\n\nBoot Camp\nAvailable for: macOS Ventura\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42853: Mickey Jin (@patch1t) of Trend Micro\n\nCoreServices\nAvailable for: macOS Ventura\nImpact: An app may be able to bypass Privacy preferences\nDescription: Multiple issues were addressed by removing the\nvulnerable code. \nCVE-2022-42859: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of\nOffensive Security\n\nDriverKit\nAvailable for: macOS Ventura\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32942: Linus Henze of Pinauten GmbH (pinauten.de)\n\nImageIO\nAvailable for: macOS Ventura\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-46693: Mickey Jin (@patch1t)\n\nIOHIDFamily\nAvailable for: macOS Ventura\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42864: Tommy Muir (@Muirey03)\n\nIOMobileFrameBuffer\nAvailable for: macOS Ventura\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-46690: John Aakerblom (@jaakerblom)\n\nIOMobileFrameBuffer\nAvailable for: macOS Ventura\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: An out-of-bounds access issue was addressed with\nimproved bounds checking. \nCVE-2022-46697: John Aakerblom (@jaakerblom) and Antonio Zekic\n(@antoniozekic)\n\niTunes Store\nAvailable for: macOS Ventura\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: An issue existed in the parsing of URLs. This issue was\naddressed with improved input validation. \nCVE-2022-42837: Weijia Dai (@dwj1210) of Momo Security\n\nKernel\nAvailable for: macOS Ventura\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2022-46689: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: macOS Ventura\nImpact: Connecting to a malicious NFS server may lead to arbitrary\ncode execution with kernel privileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-46701: Felix Poulin-Belanger\n\nKernel\nAvailable for: macOS Ventura\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42842: pattern-f (@pattern_F_) of Ant Security Light-Year\nLab\n\nKernel\nAvailable for: macOS Ventura\nImpact: An app may be able to break out of its sandbox\nDescription: This issue was addressed with improved checks. \nCVE-2022-42861: pattern-f (@pattern_F_) of Ant Security Light-Year\nLab\n\nKernel\nAvailable for: macOS Ventura\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42845: Adam Doup\u00e9 of ASU SEFCOM\n\nPhotos\nAvailable for: macOS Ventura\nImpact: Shake-to-undo may allow a deleted photo to be re-surfaced\nwithout authentication\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32943: an anonymous researcher\n\nppp\nAvailable for: macOS Ventura\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42840: an anonymous researcher\n\nPreferences\nAvailable for: macOS Ventura\nImpact: An app may be able to use arbitrary entitlements\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42855: Ivan Fratric of Google Project Zero\n\nPrinting\nAvailable for: macOS Ventura\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-42862: Mickey Jin (@patch1t)\n\nRuby\nAvailable for: macOS Ventura\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-24836\nCVE-2022-29181\n\nSafari\nAvailable for: macOS Ventura\nImpact: Visiting a website that frames malicious content may lead to\nUI spoofing\nDescription: A spoofing issue existed in the handling of URLs. This\nissue was addressed with improved input validation. \nCVE-2022-46695: KirtiKumar Anandrao Ramchandani\n\nWeather\nAvailable for: macOS Ventura\nImpact: An app may be able to read sensitive location information\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2022-42866: an anonymous researcher\n\nWebKit\nAvailable for: macOS Ventura\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 245521\nCVE-2022-42867: Maddie Stone of Google Project Zero\n\nWebKit\nAvailable for: macOS Ventura\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 245466\nCVE-2022-46691: an anonymous researcher\n\nWebKit\nAvailable for: macOS Ventura\nImpact: Processing maliciously crafted web content may bypass Same\nOrigin Policy\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 246783\nCVE-2022-46692: KirtiKumar Anandrao Ramchandani\n\nWebKit\nAvailable for: macOS Ventura\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42852: hazbinhotel working with Trend Micro Zero Day\nInitiative\n\nWebKit\nAvailable for: macOS Ventura\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nWebKit Bugzilla: 246942\nCVE-2022-46696: Samuel Gro\u00df of Google V8 Security\nWebKit Bugzilla: 247562\nCVE-2022-46700: Samuel Gro\u00df of Google V8 Security\n\nWebKit\nAvailable for: macOS Ventura\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nWebKit\nAvailable for: macOS Ventura\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 247420\nCVE-2022-46699: Samuel Gro\u00df of Google V8 Security\nWebKit Bugzilla: 244622\nCVE-2022-42863: an anonymous researcher\n\nWebKit\nAvailable for: macOS Ventura\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. Apple is aware of a report that this issue\nmay have been actively exploited against versions of iOS released\nbefore iOS 15.1. \nDescription: A type confusion issue was addressed with improved state\nhandling. \nWebKit Bugzilla: 248266\nCVE-2022-42856: Cl\u00e9ment Lecigne of Google\u0027s Threat Analysis Group\n\nxar\nAvailable for: macOS Ventura\nImpact: Processing a maliciously crafted package may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-42841: Thijs Alkemade (@xnyhps) of Computest Sector 7\n\nAdditional recognition\n\nKernel\nWe would like to acknowledge Zweig of Kunlun Lab for their\nassistance. \n\nLock Screen\nWe would like to acknowledge Kevin Mann for their assistance. \n\nSafari Extensions\nWe would like to acknowledge Oliver Dunk and Christian R. of\n1Password for their assistance. \n\nWebKit\nWe would like to acknowledge an anonymous researcher and scarlet for\ntheir assistance. \n\nmacOS Ventura 13.1 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFYAACgkQ4RjMIDke\nNxk1zRAAuqDsK19ODzl+oIO6xYMDcbiQV/ibvU9uwLtwTR8Y2wLga9V/vaaPTS6z\nqRkTivKEfdLMVW8Xlzl1jb+BMS0+dIjYrPAFatU8A5H2A3MLY5Trl9tTs+D8BgQJ\nreLRAyR6qJVwu+VMMjgrUxkQliPNYeumrmLwmKJdByYPzv4GLY5bOIf6siUAIJdB\nvs2zzcq6+BnoJkS1iYa+Ub5S3bSryR2i8vrSit6PcYBtLKHxUJaK2YBdA8LoqB4J\nwenkEaEhyilm0bpyyF0VxDuvOcotqrGa2ikScrik/N/NueMqDi9duo9kKKVia0xa\nGx2cYLNDG10KBmz9w9B8YC6lNa6t7M5zmCYn8TmXTfndd7fCYbYajZNT0WxIYteK\nsXYPkVpqEd4KVZxtQ3MfHlx5y4FwnqBkLACnfsNCs4KatbJPEg9Qy9Mn2ymi/9He\nUoVt3XnQVhAgGIRV2qezjV9r0rtgnWpSKvFd9LSDcB9F6b/bzRipbxVnqdWCL1If\nymeeEY8BJ7WJnFqgXzRo42+4bp4R67iNH+Z/JjUy/Z7C3f2O66fFZu2pNL1vLILA\nWi/dprF13SjqCIavwWPbVL8UvfaAwBz53y38gwei6eSdsEO383r0XIIKjErGbWm6\nhqHq/QKTWHQZqUFj4kUb4Ajw8Qe0j0qSrCLt4Wl11u/0r5hTRyI=\n=C5EK\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24836"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009378"
},
{
"db": "VULHUB",
"id": "VHN-414655"
},
{
"db": "VULMON",
"id": "CVE-2022-24836"
},
{
"db": "PACKETSTORM",
"id": "168080"
},
{
"db": "PACKETSTORM",
"id": "169918"
},
{
"db": "PACKETSTORM",
"id": "170314"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-414655",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414655"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-24836",
"trust": 3.7
},
{
"db": "PACKETSTORM",
"id": "169918",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168080",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "170314",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009378",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.2370",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5991",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5085",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022061209",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2919",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-414655",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-24836",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414655"
},
{
"db": "VULMON",
"id": "CVE-2022-24836"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009378"
},
{
"db": "PACKETSTORM",
"id": "168080"
},
{
"db": "PACKETSTORM",
"id": "169918"
},
{
"db": "PACKETSTORM",
"id": "170314"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2919"
},
{
"db": "NVD",
"id": "CVE-2022-24836"
}
]
},
"id": "VAR-202204-0693",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-414655"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:26:39.276000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213532",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html"
},
{
"title": "Nokogiri Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=189272"
},
{
"title": "Debian CVElist Bug Report Logs: ruby-nokogiri: CVE-2022-24836: Inefficient Regular Expression Complexity",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=79dbad086cc593150a70fab91362597f"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1595",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1595"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-24836"
},
{
"title": "Red Hat: Important: Satellite 6.12 Release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20228506 - Security Advisory"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-062",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-062"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-24836"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009378"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2919"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-1333",
"trust": 1.0
},
{
"problemtype": "Inefficient regular expression complexity (CWE-1333) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414655"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009378"
},
{
"db": "NVD",
"id": "CVE-2022-24836"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-29"
},
{
"trust": 1.8,
"url": "https://github.com/sparklemotion/nokogiri/security/advisories/ghsa-crjr-9rc5-ghw8"
},
{
"trust": 1.8,
"url": "https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00013.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213532"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/dec/23"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24836"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6dhcowma5pqtiqimdena7r2y5bdyaiym/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ouplbuzvm4wpfsxbep2js3r6lmkrtlfc/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xmdcwrqxjq3tfsetpcefmq6rr6me5ua3/"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00010.html"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xmdcwrqxjq3tfsetpcefmq6rr6me5ua3/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ouplbuzvm4wpfsxbep2js3r6lmkrtlfc/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6dhcowma5pqtiqimdena7r2y5bdyaiym/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-24836"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168080/gentoo-linux-security-advisory-202208-29.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5085"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-24836/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170314/apple-security-advisory-2022-12-13-4.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2370"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5991"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022061209"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213532"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169918/red-hat-security-advisory-2022-8506-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/nokogiri-overload-via-regular-expression-backtracking-38131"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29181"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/1333.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009787"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1595.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26247"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.12/html/upgrading_and_updating_red_hat_satellite"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29970"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32209"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8506"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22818"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25648"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32209"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37136"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.12"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22818"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34265"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-34265"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37136"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42841"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42847"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42845"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213532."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42853"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42843"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42852"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42837"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414655"
},
{
"db": "VULMON",
"id": "CVE-2022-24836"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009378"
},
{
"db": "PACKETSTORM",
"id": "168080"
},
{
"db": "PACKETSTORM",
"id": "169918"
},
{
"db": "PACKETSTORM",
"id": "170314"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2919"
},
{
"db": "NVD",
"id": "CVE-2022-24836"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-414655"
},
{
"db": "VULMON",
"id": "CVE-2022-24836"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009378"
},
{
"db": "PACKETSTORM",
"id": "168080"
},
{
"db": "PACKETSTORM",
"id": "169918"
},
{
"db": "PACKETSTORM",
"id": "170314"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2919"
},
{
"db": "NVD",
"id": "CVE-2022-24836"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-414655"
},
{
"date": "2022-04-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-24836"
},
{
"date": "2023-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-009378"
},
{
"date": "2022-08-15T16:03:50",
"db": "PACKETSTORM",
"id": "168080"
},
{
"date": "2022-11-17T13:22:43",
"db": "PACKETSTORM",
"id": "169918"
},
{
"date": "2022-12-22T02:11:48",
"db": "PACKETSTORM",
"id": "170314"
},
{
"date": "2022-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2919"
},
{
"date": "2022-04-11T22:15:07.347000",
"db": "NVD",
"id": "CVE-2022-24836"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-414655"
},
{
"date": "2022-11-08T00:00:00",
"db": "VULMON",
"id": "CVE-2022-24836"
},
{
"date": "2023-08-04T07:54:00",
"db": "JVNDB",
"id": "JVNDB-2022-009378"
},
{
"date": "2022-12-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2919"
},
{
"date": "2024-11-21T06:51:12.280000",
"db": "NVD",
"id": "CVE-2022-24836"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "169918"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2919"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nokogiri\u00a0 Inefficient Regular Expression Complexity Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009378"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2919"
}
],
"trust": 0.6
}
}
var-201406-0117
Vulnerability from variot
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. OpenSSL is prone to a denial-of-service vulnerability. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. OpenSSL prior to 0.9.8za, 1.0.0m, and 1.0.1h are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201407-05
http://security.gentoo.org/
Severity: High Title: OpenSSL: Multiple vulnerabilities Date: July 27, 2014 Bugs: #512506 ID: 201407-05
Synopsis
Multiple vulnerabilities have been found in OpenSSL, possibly allowing remote attackers to execute arbitrary code.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1h-r1"
References
[ 1 ] CVE-2010-5298 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298 [ 2 ] CVE-2014-0195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195 [ 3 ] CVE-2014-0198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198 [ 4 ] CVE-2014-0221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221 [ 5 ] CVE-2014-0224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224 [ 6 ] CVE-2014-3470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470 [ 7 ] OpenSSL Security Advisory [05 Jun 2014] http://www.openssl.org/news/secadv_20140605.txt
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201407-05.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . 7) - x86_64
HP Systems Insight Manager v7.3 Hotfix kit HP Systems Insight Manager v7.2 Hotfix kit
http://h18013.www1.hp.com/products/servers/management/hpsim/download.html
NOTE: No reboot of the system is required after applying the HP SIM Hotfix kit.
The attack can only be performed between a vulnerable client and server.
Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and researching this issue. This issue was reported to OpenSSL on 1st May 2014 via JPCERT/CC.
The fix was developed by Stephen Henson of the OpenSSL core team partly based on an original patch from KIKUCHI Masashi.
DTLS recursion flaw (CVE-2014-0221)
By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack.
Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This issue was reported to OpenSSL on 9th May 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
Thanks to Jüri Aedla for reporting this issue. This issue was reported to OpenSSL on 23rd April 2014 via HP ZDI.
The fix was developed by Stephen Henson of the OpenSSL core team. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
This issue was reported in public. The fix was developed by Matt Caswell of the OpenSSL development team.
SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
This issue was reported in public.
Thanks to Felix Gröbert and Ivan Fratrić at Google for discovering this issue. This issue was reported to OpenSSL on 28th May 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
Other issues
OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" Reported by Yuval Yarom and Naomi Benger. This issue was previously fixed in OpenSSL 1.0.1g.
References
URL for this Security Advisory: http://www.openssl.org/news/secadv_20140605.txt
Note: the online version of the advisory may be updated with additional details over time.
Release Date: 2014-06-12 Last Updated: 2014-06-12
Potential Security Impact: Remote Denial of Service (DoS), code execution, security restriction bypass, disclosure of information, or unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, bypass security restrictions, disclose information, or allow unauthorized access.
References:
CVE-2014-0076 Remote Denial of Service (DoS) CVE-2014-0195 Remote Unauthorized Access CVE-2014-0221 Remote Denial of Service (DoS) CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information CVE-2014-3470 Remote Code Execution or Unauthorized Access SSRT101590, SSRT101596
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before 0.9.8za
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-0076 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following updates to resolve these vulnerabilities. The updates are available from the following location using ftp:
ftp://srt03046:Secure12@ftp.usa.hp.com
User name: srt03046 Password: Secure12 ( NOTE: Case sensitive)
HP-UX Release HP-UX OpenSSL version
B.11.11 (11i v1) A.00.09.08za.001_HP-UX_B.11.11_32+64.depot
B.11.23 (11i v2) A.00.09.08za.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3) A.00.09.08za.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08za or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08za.001 or subsequent
HP-UX B.11.23
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08za.002 or subsequent
HP-UX B.11.31
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08za.003 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 12 June 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Summary
VMware product updates address OpenSSL security vulnerabilities. Problem Description
a.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2014-0224, CVE-2014-0198,
CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to
these issues. The most important of these issues is
CVE-2014-0224.
CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to
be of moderate severity. Exploitation is highly unlikely or is
mitigated due to the application configuration.
CVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL
Security Advisory (see Reference section below), do not affect
any VMware products. For readability
the affected products have been split into 3 tables below,
based on the different client-server configurations and
deployment scenarios. Applying these patches to
affected servers will mitigate the affected clients (See Table 1
below). can be mitigated by using a secure network such as
VPN (see Table 2 below).
Clients and servers that are deployed on an isolated network are
less exposed to CVE-2014-0224 (see Table 3 below). The affected
products are typically deployed to communicate over the
management network.
RECOMMENDATIONS
VMware recommends customers evaluate and deploy patches for
affected Servers in Table 1 below as these patches become
available. Patching these servers will remove the ability to
exploit the vulnerability described in CVE-2014-0224 on both
clients and servers. VMware recommends customers consider
applying patches to products listed in Table 2 & 3 as required.
Column 4 of the following tables lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======= ======= =============
ESXi 5.5 ESXi ESXi550-
201406401-SG
Big Data Extensions 1.1 patch pending
Charge Back Manager 2.6 patch pending
Horizon Workspace Server
GATEWAY 1.8.1 patch pending
Horizon Workspace Server
GATEWAY 1.5 patch pending
Horizon Workspace Server
DATA 1.8.1 patch pending
Horizon Mirage Edge Gateway 4.4.2 patch pending
Horizon View 5.3.1 patch pending
Horizon View Feature Pack 5.3 SP2 patch pending
NSX for Multi-Hypervisor 4.1.2 patch pending
NSX for Multi-Hypervisor 4.0.3 patch pending
NSX for vSphere 6.0.4 patch pending
NVP 3.2.2 patch pending
vCAC 6.0.1 patch pending
vCloud Networking and Security 5.5.2 patch pending
vCloud Networking and Security 5.1.2 patch pending
vFabric Web Server 5.3.4 patch pending
vCHS - DPS-Data Protection 2.0 patch pending
Service
Table 2
========
Affected clients running a vulnerable version of OpenSSL 0.9.8
or 1.0.1 and communicating over an untrusted network.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======= ======= =============
vCSA 5.5 patch pending
vCSA 5.1 patch pending
vCSA 5.0 patch pending
ESXi 5.1 ESXi patch pending
ESXi 5.0 ESXi patch pending
Workstation 10.0.2 any patch pending
Workstation 9.0.3 any patch pending
Fusion 6.x OSX patch pending
Fusion 5.x OSX patch pending
Player 10.0.2 any patch pending
Player 9.0.3 any patch pending
Chargeback Manager 2.5.x patch pending
Horizon Workspace Client for 1.8.1 OSX patch pending
Mac
Horizon Workspace Client for 1.5 OSX patch pending
Mac
Horizon Workspace Client for 1.8.1 Windows patch pending
Windows
Horizon Workspace Client for 1.5 Windows patch pending
OVF Tool 3.5.1 patch pending
OVF Tool 3.0.1 patch pending
vCenter Operations Manager 5.8.1 patch pending
vCenter Support Assistant 5.5.0 patch pending
vCenter Support Assistant 5.5.1 patch pending
vCD 5.1.2 patch pending
vCD 5.1.3 patch pending
vCD 5.5.1.1 patch pending
vCenter Site Recovery Manager 5.0.3.1 patch pending
Table 3
=======
The following table lists all affected clients running a
vulnerable version of OpenSSL 0.9.8 or 1.0.1 and communicating
over an untrusted network.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======= ======= =============
vCenter Server 5.5 any patch pending
vCenter Server 5.1 any patch pending
vCenter Server 5.0 any patch pending
Update Manager 5.5 Windows patch pending
Update Manager 5.1 Windows patch pending
Update Manager 5.0 Windows patch pending
Config Manager (VCM) 5.6 patch pending
Horizon View Client 5.3.1 patch pending
Horizon View Client 4.x patch pending
Horizon Workspace 1.8.1 patch pending
Horizon Workspace 1.5 patch pending
ITBM Standard 1.0.1 patch pending
ITBM Standard 1.0 patch pending
Studio 2.6.0.0 patch pending
Usage Meter 3.3 patch pending
vCenter Chargeback Manager 2.6 patch pending
vCenter Converter Standalone 5.5 patch pending
vCenter Converter Standalone 5.1 patch pending
vCD (VCHS) 5.6.2 patch pending
vCenter Site Recovery Manager 5.5.1 patch pending
vCenter Site Recovery Manager 5.1.1 patch pending
vFabric Application Director 5.2.0 patch pending
vFabric Application Director 5.0.0 patch pending
View Client 5.3.1 patch pending
View Client 4.x patch pending
VIX API 5.5 patch pending
VIX API 1.12 patch pending
vMA (Management Assistant) 5.1.0.1 patch pending
VMware Data Recovery 2.0.3 patch pending
VMware vSphere CLI 5.5 patch pending
vSphere Replication 5.5.1 patch pending
vSphere Replication 5.6 patch pending
vSphere SDK for Perl 5.5 patch pending
vSphere Storage Appliance 5.5.1 patch pending
vSphere Storage Appliance 5.1.3 patch pending
vSphere Support Assistant 5.5.1 patch pending
vSphere Support Assistant 5.5.0 patch pending
vSphere Virtual Disk 5.5 patch pending
Development Kit
vSphere Virtual Disk 5.1 patch pending
Development Kit
vSphere Virtual Disk 5.0 patch pending
Development Kit
- Solution
ESXi 5.5
Download: https://www.vmware.com/patchmgr/download.portal
Release Notes and Remediation Instructions: http://kb.vmware.com/kb/2077359
- Change Log
2014-06-10 VMSA-2014-0006 Initial security advisory in conjunction with the release of ESXi 5.5 updates on 2014-06-10
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html
Twitter https://twitter.com/VMwareSRC
Copyright 2014 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2014:0625-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0625.html Issue date: 2014-06-05 CVE Names: CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224)
Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433
A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195)
Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)
A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221)
A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)
Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Gröbert and Ivan Fratrić of Google as the original reporters of CVE-2014-3470.
All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1087195 - CVE-2010-5298 openssl: freelist misuse causing a possible use-after-free 1093837 - CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write() 1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability 1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake 1103598 - CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment 1103600 - CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-perl-1.0.1e-16.el6_5.14.i686.rpm openssl-static-1.0.1e-16.el6_5.14.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
ppc64: openssl-1.0.1e-16.el6_5.14.ppc.rpm openssl-1.0.1e-16.el6_5.14.ppc64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.ppc.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm openssl-devel-1.0.1e-16.el6_5.14.ppc.rpm openssl-devel-1.0.1e-16.el6_5.14.ppc64.rpm
s390x: openssl-1.0.1e-16.el6_5.14.s390.rpm openssl-1.0.1e-16.el6_5.14.s390x.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.s390.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm openssl-devel-1.0.1e-16.el6_5.14.s390.rpm openssl-devel-1.0.1e-16.el6_5.14.s390x.rpm
x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-perl-1.0.1e-16.el6_5.14.i686.rpm openssl-static-1.0.1e-16.el6_5.14.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm openssl-perl-1.0.1e-16.el6_5.14.ppc64.rpm openssl-static-1.0.1e-16.el6_5.14.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm openssl-perl-1.0.1e-16.el6_5.14.s390x.rpm openssl-static-1.0.1e-16.el6_5.14.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-perl-1.0.1e-16.el6_5.14.i686.rpm openssl-static-1.0.1e-16.el6_5.14.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2010-5298.html https://www.redhat.com/security/data/cve/CVE-2014-0195.html https://www.redhat.com/security/data/cve/CVE-2014-0198.html https://www.redhat.com/security/data/cve/CVE-2014-0221.html https://www.redhat.com/security/data/cve/CVE-2014-0224.html https://www.redhat.com/security/data/cve/CVE-2014-3470.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/articles/904433 https://access.redhat.com/site/solutions/905793
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTkGAKXlSAg2UNWIIRAnrwAJ9sLrj3wCAZhJU00jxgt03unDAHywCfVjUB pJJhdOUzRUL8R2haDM4xrsk= =hZF8 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. ============================================================================ Ubuntu Security Notice USN-2232-3 June 23, 2014
openssl regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 13.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
USN-2232-1 introduced a regression in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use renegotiation, such as PostgreSQL. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195) Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. (CVE-2014-0224) Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.4
Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.6
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.16
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.19
After a standard system update you need to reboot your computer to make all the necessary changes. Corrected: 2014-06-05 12:32:38 UTC (stable/10, 10.0-STABLE) 2014-06-05 12:33:23 UTC (releng/10.0, 10.0-RELEASE-p5) 2014-06-05 12:53:06 UTC (stable/9, 9.3-BETA1) 2014-06-05 12:53:06 UTC (stable/9, 9.3-BETA1-p2) 2014-06-05 12:33:23 UTC (releng/9.2, 9.2-RELEASE-p8) 2014-06-05 12:33:23 UTC (releng/9.1, 9.1-RELEASE-p15) 2014-06-05 12:32:38 UTC (stable/8, 8.4-STABLE) 2014-06-05 12:33:23 UTC (releng/8.4, 8.4-RELEASE-p12) CVE Name: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background
FreeBSD includes software from the OpenSSL Project.
II. [CVE-2014-3470]
III. [CVE-2014-3470]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 10.0]
fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-10.patch
fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-10.patch.asc
gpg --verify openssl-10.patch.asc
[FreeBSD 9.x and 8.x]
fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-9.patch
fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-9.patch.asc
gpg --verify openssl-9.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as described in .
Restart all deamons using the library, or reboot the system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r267103 releng/8.4/ r267104 stable/9/ r267106 releng/9.1/ r267104 releng/9.2/ r267104 stable/10/ r267103 releng/10.0/ r267104
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII.
CVE-2014-0221
Imre Rad discovered the processing of DTLS hello packets is
susceptible to denial of service.
Additional information can be found at http://www.openssl.org/news/secadv_20140605.txt
For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u10. You can use the tool checkrestart from the package debian-goodies to detect affected programs or reboot your system. There's also a forthcoming security update for the Linux kernel later the day (CVE-2014-3153), so you need to reboot anyway. Perfect timing, isn't it?
For the unstable distribution (sid), these problems will be fixed soon. HP System Management Homepage versions 7.3.2 and earlier for Linux and Windows. HP System Management Homepage v7.2.4.1 is available for Windows 2003 only.
HP System Management Homepage v7.2.4.1 for Windows x86: http://www.hp.com/swpublishing/MTX-d775367b0a28449ca05660778b ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v98702
HP System Management Homepage v7.2.4.1 for Windows x64: http://www.hp.com/swpublishing/MTX-3a7aa5e233904ebe847a5e1555 ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v98704
HP System Management Homepage v7.3.3.1 for Windows x86: http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05 ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v98696
HP System Management Homepage v7.3.3.1 for Windows x64: http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba ftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v98698
HP System Management Homepage v7.3.3.1 for Linux x86: http://www.hp.com/swpublishing/MTX-511c3e0b2f6f4f6bbc796fc619 ftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1980463820/v98694
HP System Management Homepage v7.3.3.1 for Linux x64: http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93 ftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1507410135/v98693
NOTE: HP System Management Homepage v7.3.3.1 for Linux x86 still contains OpenSSL v1.0.0d. As long as all other products which SMH V7.3.3.1 for Linux x86 communicates with have been upgraded to the latest versions, it will not be vulnerable to the exploits described in CVE-2014-0224. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004
OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address the following:
apache_mod_php Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Multiple vulnerabilities in PHP 5.4.24 Description: Multiple vulnerabilities existed in PHP 5.4.24, the most serious of which may have led to arbitrary code execution. This update addresses the issues by updating PHP to version 5.4.30 CVE-ID CVE-2013-7345 CVE-2014-0185 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-3981 CVE-2014-4049
Bluetooth Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of a Bluetooth API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4390 : Ian Beer of Google Project Zero
CoreGraphics Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or an information disclosure Description: An out of bounds memory read existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program
CoreGraphics Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program
Foundation Available for: OS X Mavericks 10.9 to 10.9.4 Impact: An application using NSXMLParser may be misused to disclose information Description: An XML External Entity issue existed in NSXMLParser's handling of XML. This issue was addressed by not loading external entities across origins. CVE-ID CVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)
Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Compiling untrusted GLSL shaders may lead to an unexpected application termination or arbitrary code execution Description: A user-space buffer overflow existed in the shader compiler. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4393 : Apple
Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple validation issues existed in some integrated graphics driver routines. These issues were addressed through improved bounds checking. CVE-ID CVE-2014-4394 : Ian Beer of Google Project Zero CVE-2014-4395 : Ian Beer of Google Project Zero CVE-2014-4396 : Ian Beer of Google Project Zero CVE-2014-4397 : Ian Beer of Google Project Zero CVE-2014-4398 : Ian Beer of Google Project Zero CVE-2014-4399 : Ian Beer of Google Project Zero CVE-2014-4400 : Ian Beer of Google Project Zero CVE-2014-4401 : Ian Beer of Google Project Zero CVE-2014-4416 : Ian Beer of Google Project Zero
IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2014-4376 : Ian Beer of Google Project Zero
IOAcceleratorFamily Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds read issue existed in the handling of an IOAcceleratorFamily function. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4402 : Ian Beer of Google Project Zero
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of an IOHIDFamily function. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4379 : Ian Beer of Google Project Zero
IOKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata. CVE-ID CVE-2014-4388 : @PanguTeam
IOKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4389 : Ian Beer of Google Project Zero
Kernel Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A local user can infer kernel addresses and bypass kernel address space layout randomization Description: In some cases, the CPU Global Descriptor Table was allocated at a predictable address. This issue was addressed through always allocating the Global Descriptor Table at random addresses. CVE-ID CVE-2014-4403 : Ian Beer of Google Project Zero
Libnotify Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with root privileges Description: An out-of-bounds write issue existed in Libnotify. This issue was addressed through improved bounds checking CVE-ID CVE-2014-4381 : Ian Beer of Google Project Zero
OpenSSL Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Multiple vulnerabilities in OpenSSL 0.9.8y, including one that may lead to arbitrary code execution Description: Multiple vulnerabilities existed in OpenSSL 0.9.8y. CVE-ID CVE-2014-0076 CVE-2014-0195 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470
QT Media Foundation Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of RLE encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1391 : Fernando Munoz working with iDefense VCP, Tom Gallagher & Paul Bates working with HP's Zero Day Initiative
QT Media Foundation Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Playing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of MIDI files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4350 : s3tm3m working with HP's Zero Day Initiative
QT Media Foundation Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of the 'mvhd' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4979 : Andrea Micalizzi aka rgod working with HP's Zero Day Initiative
ruby Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A remote attacker may be able to cause arbitrary code execution Description: A heap buffer overflow existed in LibYAML's handling of percent-encoded characters in a URI. This issue was addressed through improved bounds checking. This update addresses the issues by updating LibYAML to version 0.1.6 CVE-ID CVE-2014-2525
Note: OS X Mavericks 10.9.5 includes the security content of Safari 7.0.6: http://support.apple.com/kb/HT6367
OS X Mavericks v10.9.5 and Security Update 2014-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUGkP0AAoJEBcWfLTuOo7tygQP/1vHYXtWy6492Tjj6ycymWa+ Ct0eCCBU/AUi5ODNDeV9ddWkuFeXKbgQSHoPU19IPcIBAKnYUupVJSJ/cEHfSthh CiROjJw8Bt8comn04BgggHieLveN1xQCXQDcO29kBIpQr394XKS0lNXP//Z0oG5V sCnEDPz/0R92mwT5XkKD9WC7G/WjybS5V7BjEbdzDOn4qdTVje05xI5pof+fkeQ1 hFHo7uTCDkSzLH2YxrQHifNVyItz8AgnNHwH7zc6XmNtiNFkiFP/KU6BYyr8WiTQ Jb3pyLB/Xvmbd0kuETnDNvV0oJc88G38a++xZPnuM7zQrW/TQkkKQpiqKtYAiJuw ZhUoky620/7HULegcYtsTyuDFyEN6whdSmHLFCJzk2oZXZ7MPA8ywCFB8Y79rohW 5MTe/zVUSxxYBgVXpkmhPwXYSTINeUJGJA1RQtXhC2Hh6O2jeqJP2H0hTmgsCBRA 3X/2CGoyAAgoKTJwgXk07tBbJWf+wQwAvUN9L1Yph+uOvvUzqFt8LNEGw9jVPsZl QHcSEW/Ef/HK/OLwVZiPqse6lRJAdRZl5//vm4408jnXfJCy6KnvxcsO4Z1yTyoP kCXdWlSLBiidcRRWBfoQBSC3gANcx9a56ItWieEvJrdNOiyhb+gqEk7XraOlb/gf k4w2RKNm0Fv+kdNoFAnd =gpVc -----END PGP SIGNATURE-----
.
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).
The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt
Updated Packages:
Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201406-0117",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "storage",
"scope": "eq",
"trust": 1.3,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "smartcloud provisioning",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8za"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0m"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "19"
},
{
"model": "linux enterprise workstation extension",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "20"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "*"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.1"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "mariadb",
"scope": "gte",
"trust": 1.0,
"vendor": "mariadb",
"version": "10.0.0"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1h"
},
{
"model": "mariadb",
"scope": "lt",
"trust": 1.0,
"vendor": "mariadb",
"version": "10.0.13"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5"
},
{
"model": "bladecenter advanced management module 3.66e",
"scope": null,
"trust": 0.9,
"vendor": "ibm",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "api management",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "3.0 (ibm pureapplication system and xen)"
},
{
"model": "api management",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "3.0 (vmware)"
},
{
"model": "hardware management console",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7 release 7.6.0 sp3"
},
{
"model": "hardware management console",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7 release 7.7.0 sp3"
},
{
"model": "infosphere master data management",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "patient hub 10.0"
},
{
"model": "infosphere master data management",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "provider hub 10.0"
},
{
"model": "infosphere master data management",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "standard/advanced edition 11.0"
},
{
"model": "infosphere master data management",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "standard/advanced edition 11.3"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "patient hub 9.5"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "patient hub 9.7"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "provider hub 9.5"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "provider hub 9.7"
},
{
"model": "mobile messaging \u0026 m2m",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "client pack (linux and windows for platforms eclipse paho mqtt c client library ) of support pac ma9b"
},
{
"model": "sdk,",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "for node.js 1.1.0.3"
},
{
"model": "security access manager for mobile the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "security access manager for web the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "security access manager for web the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "smartcloud orchestrator",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "smartcloud orchestrator",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "2.3 fp1"
},
{
"model": "smartcloud provisioning",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "2.1 for ibm provided software virtual appliance"
},
{
"model": "smartcloud provisioning",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "2.3 fp1"
},
{
"model": "tivoli management framework",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "4.1.1 (linux-ix86 and linux-s390)"
},
{
"model": "tivoli workload scheduler",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "distributed 8.4.0 fp07"
},
{
"model": "tivoli workload scheduler",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "distributed 8.5.0 fp04"
},
{
"model": "tivoli workload scheduler",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "distributed 8.5.1 fp05"
},
{
"model": "tivoli workload scheduler",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "distributed 8.6.0 fp03"
},
{
"model": "tivoli workload scheduler",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "distributed 9.1.0 fp01"
},
{
"model": "tivoli workload scheduler",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "distributed 9.2.0 ga level"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7.1 (linux and windows for platforms paho mqtt c client library )"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7.5 (linux and windows for platforms paho mqtt c client library )"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "for hp nonstop server 5.3.1"
},
{
"model": "tivoli composite application manager",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "for transactions 7.2"
},
{
"model": "tivoli composite application manager",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "for transactions 7.3"
},
{
"model": "tivoli composite application manager",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "for transactions 7.4"
},
{
"model": "openssl",
"scope": "lt",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.8 thats all 0.9.8za"
},
{
"model": "openssl",
"scope": "lt",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.0 thats all 1.0.0m"
},
{
"model": "openssl",
"scope": "lt",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.1 thats all 1.0.1h"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.7.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.8.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.9 to 10.9.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.7.5"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 4.63"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 4.71"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 5.0"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 5.1"
},
{
"model": "vm virtualbox",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "3.2.24"
},
{
"model": "vm virtualbox",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "4.0.26"
},
{
"model": "vm virtualbox",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "4.1.34"
},
{
"model": "vm virtualbox",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "4.2.26"
},
{
"model": "vm virtualbox",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "4.3.14"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "storage",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1"
},
{
"model": "l20/300",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "lto6 drive",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "lx/30a",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "integrated system ha database ready",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "symfoware",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "analytics server"
},
{
"model": "symfoware",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "server"
},
{
"model": "project openssl 1.0.0a",
"scope": null,
"trust": 0.6,
"vendor": "openssl",
"version": null
},
{
"model": "one-x mobile sip for ios",
"scope": "eq",
"trust": 0.6,
"vendor": "avaya",
"version": "6.2.2"
},
{
"model": "project openssl 0.9.8m",
"scope": null,
"trust": 0.6,
"vendor": "openssl",
"version": null
},
{
"model": "one-x mobile sip for ios",
"scope": "eq",
"trust": 0.6,
"vendor": "avaya",
"version": "6.2.5"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.8v"
},
{
"model": "one-x mobile sip for ios",
"scope": "eq",
"trust": 0.6,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "project openssl 0.9.8n",
"scope": null,
"trust": 0.6,
"vendor": "openssl",
"version": null
},
{
"model": "one-x mobile sip for ios",
"scope": "eq",
"trust": 0.6,
"vendor": "avaya",
"version": "6.2.3"
},
{
"model": "one-x mobile sip for ios",
"scope": "eq",
"trust": 0.6,
"vendor": "avaya",
"version": "6.2.4"
},
{
"model": "one-x mobile sip for ios",
"scope": "eq",
"trust": 0.6,
"vendor": "avaya",
"version": "6.2.1"
},
{
"model": "project openssl 0.9.8o",
"scope": null,
"trust": 0.6,
"vendor": "openssl",
"version": null
},
{
"model": "storevirtual 1tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433011.5"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.3.3"
},
{
"model": "chrome for android",
"scope": "ne",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.141"
},
{
"model": "tandberg mxp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8800"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5600v210.1"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "90000"
},
{
"model": "arx",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "6.1"
},
{
"model": "systems director storage control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.1.0"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.6.1"
},
{
"model": "cp1543-1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "computer telephony integration object server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ace application control engine module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "i v5r3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "proventia network security controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.470"
},
{
"model": "project openssl 1.0.0g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.1.3"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3"
},
{
"model": "point software check point security gateway r71",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.0"
},
{
"model": "9.1-release-p15",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.7"
},
{
"model": "storevirtual 450gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.6"
},
{
"model": "vpn client v100r001c02spc702",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "api management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "chrome for android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1"
},
{
"model": "one-x communicator for microsoft windows",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "31005.1.2"
},
{
"model": "release-p4",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "9.1"
},
{
"model": "manageone v100r002c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0"
},
{
"model": "firepass",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "6.0"
},
{
"model": "tivoli workload scheduler distributed ga level",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "10.0-release-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.6"
},
{
"model": "prime access registrar appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storevirtual vsa software",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.6"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "tivoli netcool/system service monitor fp11",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "storevirtual 600gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.0"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "agile controller v100r001c00spc200",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "project openssl 1.0.0h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "9.1--releng",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "smart update manager for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.3.5"
},
{
"model": "mds switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "client applications",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.3"
},
{
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.6"
},
{
"model": "telepresence tx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "90000"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.2.2"
},
{
"model": "ftp server",
"scope": "eq",
"trust": 0.3,
"vendor": "cerberus",
"version": "7.0.0.2"
},
{
"model": "db2 workgroup server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.211"
},
{
"model": "updatexpress system packs installer",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.61"
},
{
"model": "usg5000 v300r001c10sph201",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "snapdrive for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.3"
},
{
"model": "project openssl 0.9.8y",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "asg2000 v100r001c10sph001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "wireless lan controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "client applications",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "infosphere master data management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0"
},
{
"model": "vsm v200r002c00spc503",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "big-ip edge gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "3.1.4"
},
{
"model": "storevirtual fc 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.5"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30000"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32200"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "security access manager for web appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "s5900 v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.6"
},
{
"model": "watson explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0"
},
{
"model": "documentum content server p05",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "7.1"
},
{
"model": "jabber video for telepresence",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security network intrusion prevention system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "storevirtual 600gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.0"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "storevirtual fc 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.5"
},
{
"model": "tivoli workload scheduler distributed fp05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "tivoli workload scheduler distributed fp01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0"
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1"
},
{
"model": "snapdrive for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"model": "10.0-rc3-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "storevirtual 600gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453011.5"
},
{
"model": "one-x communicator for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "x1.0.5"
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3200"
},
{
"model": "s2750\u0026s5700\u0026s6700 v100r006",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "linerate",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "1.6.1"
},
{
"model": "storevirtual 3tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.0"
},
{
"model": "ssl for openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.4-453"
},
{
"model": "security network intrusion prevention system gx5208-v2",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "9.2-release-p7",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "advanced settings utility",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.60"
},
{
"model": "9.1-release-p11",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "automation stratix",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "590015.6.3"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.5"
},
{
"model": "nexus series fabric extenders",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "20000"
},
{
"model": "intelligencecenter",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "3.2"
},
{
"model": "project openssl 1.0.1f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "storevirtual 600gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "413012.0"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.3.2"
},
{
"model": "documentum content server p02",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "7.1"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "big-iq cloud",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "communicator for android",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "oncommand workflow automation",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "enterprise manager",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "3.0"
},
{
"model": "desktop collaboration experience dx650",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "automation stratix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "59000"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "big-iq security",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "storevirtual hybrid storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433511.5"
},
{
"model": "communicator for android",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0.2"
},
{
"model": "client applications",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.2"
},
{
"model": "telepresence system series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30000"
},
{
"model": "one-x communicator for microsoft windows",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.9"
},
{
"model": "tivoli workload scheduler for applications fp02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "enterprise manager",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "3.1"
},
{
"model": "storevirtual hybrid san solution",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.5"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.5"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "41005.1.21"
},
{
"model": "storevirtual vsa software",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.0"
},
{
"model": "telepresence ip gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "open systems snapvault 3.0.1p6",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "smart update manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0"
},
{
"model": "key",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "0"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "51005.2"
},
{
"model": "worklight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.0"
},
{
"model": "tivoli netcool/system service monitor fp13",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "9.3-beta1-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "idp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "security network intrusion prevention system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "tandberg mxp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7700"
},
{
"model": "client applications",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "cloudburst",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2"
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "413012.0"
},
{
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.6.1"
},
{
"model": "operations orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.05"
},
{
"model": "firepass",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "6.1"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50000"
},
{
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.6.6"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.1"
},
{
"model": "ddos secure",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": "5.14.1-1"
},
{
"model": "9.3-beta1-p2",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60000"
},
{
"model": "vsm v200r002c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "powervu d9190 comditional access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storevirtual 3tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453011.5"
},
{
"model": "i v5r3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "10.0-release-p2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "infosphere master data management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "security network intrusion prevention system gx5008",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "storevirtual china hybrid storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.5"
},
{
"model": "softco v200r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "s2700\u0026s3700 v100r006c05+v100r06h",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor s6800t v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 4tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.6"
},
{
"model": "storevirtual 900gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.5"
},
{
"model": "telepresence mcu series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asg2000 v100r001c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "idp 5.1r4",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "security network intrusion prevention system gx4004",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "security network intrusion prevention system gv1000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "nac manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "db2 connect unlimited advanced edition for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "smc2.0 v100r002c01b017sp17",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "463012.6"
},
{
"model": "one-x communicator for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "x1.0.4"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "89450"
},
{
"model": "icewall sso dfw",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "usg2000 v300r001c10sph201",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.9"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3"
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.5"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "storevirtual 600gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.5"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "2.1.5"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "storevirtual 900gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.5"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.3.2.6"
},
{
"model": "ecns600 v100r002c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace u19** v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "project openssl 1.0.0c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "sbr carrier",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "7.5"
},
{
"model": "spa112 2-port phone adapter",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "universal small cell series software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70003.4.20"
},
{
"model": "oceanstor s5600t v100r005c30spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "one-x communicator for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "x1.0.2"
},
{
"model": "db2 connect enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "storevirtual china hybrid san solution",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.5"
},
{
"model": "psb email and server security",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "10.00"
},
{
"model": "toolscenter suite",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.53"
},
{
"model": "unified communications series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5000"
},
{
"model": "8.4-release-p12",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "netcool/system service monitor fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.014"
},
{
"model": "bbm for android",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "0"
},
{
"model": "systems director storage control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.6.0"
},
{
"model": "tivoli management framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1"
},
{
"model": "security information and event management hf11",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.3.2"
},
{
"model": "operations orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.02"
},
{
"model": "snapdrive for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.12"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.4"
},
{
"model": "linerate",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.2.1"
},
{
"model": "aura experience portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "storevirtual 450gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.6"
},
{
"model": "one-x communicator for microsoft windows",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.5"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "storevirtual 3tb mdl sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.0"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "3.1.12"
},
{
"model": "tivoli netcool/system service monitor fp9",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "communicator for ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0.1"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "storevirtual 450gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "svn2200 v200r001c01hp0001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual fc 900gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.0"
},
{
"model": "db2 connect application server advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "project openssl beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "usg9500 v300r001c01spc300",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.7"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.2"
},
{
"model": "client applications",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"model": "storevirtual 1tb mdl sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.5"
},
{
"model": "storevirtual 450gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.6"
},
{
"model": "open systems snapvault",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.6"
},
{
"model": "8.4-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "storevirtual 1tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.6"
},
{
"model": "arx",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "6.2"
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.6"
},
{
"model": "ecns610 v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "9.2-release-p8",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "protection service for email",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "7.5"
},
{
"model": "proventia network security controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.913"
},
{
"model": "oceanstor s5600t v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace iad v300r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual fc 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.6"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "telepresence server on virtual machine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "db2 connect application server edition fp7",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "2.1.5-2"
},
{
"model": "big-ip wom",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "open systems snapvault",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.6.1"
},
{
"model": "oceanstor s5800t v100r005",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.2"
},
{
"model": "security network intrusion prevention system gx4002",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "oceanstor s5800t v100r005c30spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "vdi communicator",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0.2"
},
{
"model": "operations orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.7.4"
},
{
"model": "icewall sso dfw r3",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0"
},
{
"model": "release-p5",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "9.1"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.7.0"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "2.1.2"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.2"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.25"
},
{
"model": "storevirtual 3tb mdl sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453011.5"
},
{
"model": "tandberg mxp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9900"
},
{
"model": "d9036 modular encoding platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "10.0-rc1-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "blackberry os",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "10.0.92743"
},
{
"model": "storevirtual 450gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453011.5"
},
{
"model": "tivoli netcool/system service monitor fp7",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "sterling b2b integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "icewall mcrp",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1"
},
{
"model": "snapdrive for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "guardium database activity monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "chrome for android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.59"
},
{
"model": "systems director storage control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.2.1"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "project openssl 0.9.8s",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "telepresence serial gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linerate",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "1.6"
},
{
"model": "elog v100r003c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"model": "systems director storage control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.3.0"
},
{
"model": "ata series analog telephone adaptor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1900"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.5"
},
{
"model": "flare experience for ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.2.1"
},
{
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "89610"
},
{
"model": "storevirtual fc 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.0"
},
{
"model": "storevirtual hybrid storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"model": "worklight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"model": "9.2-prerelease",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "storevirtual 450gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433011.5"
},
{
"model": "prime lan management solution",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cms r17ac.h",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "infosphere master data management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "storevirtual 1tb mdl china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.0"
},
{
"model": "db2 enterprise server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "db2 connect application server advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "blackberry os",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "10.0.10"
},
{
"model": "ucs central",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "dynamic system analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.60"
},
{
"model": "s7700\u0026s9700 v200r003",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "1.0.6"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.3"
},
{
"model": "freedome for android",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "0"
},
{
"model": "proventia network security controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1768"
},
{
"model": "nac guest server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "dsr-1000n 1.09.b61",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "simatic wincc oa p002",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.12"
},
{
"model": "unity connection",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "idp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.1"
},
{
"model": "oceanstor s2200t v100r005c30spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "icewall sso dfw r1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0"
},
{
"model": "db2 advanced enterprise server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"model": "db2 express edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "security enterprise scanner",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "spa232d multi-line dect ata",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "policy center v100r003c00spc305",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5600v19.7"
},
{
"model": "solaris",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.20.5.0"
},
{
"model": "infosphere guardium",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "sbr carrier",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "ios software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "i v5r4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "ios xe software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32400"
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"model": "10.0-release-p5",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "oncommand unified manager core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1"
},
{
"model": "storevirtual 600gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "413011.5"
},
{
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "storevirtual 2tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.6"
},
{
"model": "anyconnect secure mobility client for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "dsr-500n 1.09.b61",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "video surveillance series ip camera",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40000"
},
{
"model": "anyconnect secure mobility client for desktop platforms",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "filenet system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "spa510 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "idp 4.1r3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "storevirtual vsa software",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.5"
},
{
"model": "storevirtual 900gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.6"
},
{
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "usg9500 v200r001c01sph902",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "enterprise linux server eus 6.5.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "prime performance manager for sps",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storevirtual 4tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.0"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"model": "s7700\u0026s9700 v200r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "87100"
},
{
"model": "sterling file gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "storevirtual 900gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.0"
},
{
"model": "s3900 v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "collaboration services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "unified communications widgets click to call",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "softco v100r003",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "telepresence t series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified attendant console advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ftp server",
"scope": "eq",
"trust": 0.3,
"vendor": "cerberus",
"version": "7.0.0.1"
},
{
"model": "proventia network security controller 1.0.3352m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "storevirtual 450gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.5"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5600v310.1"
},
{
"model": "telepresence system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10000"
},
{
"model": "fastsetup",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.11"
},
{
"model": "flare experience for ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.2"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32100"
},
{
"model": "db2 connect unlimited edition for system i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "2.1.5-3"
},
{
"model": "client applications",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.1"
},
{
"model": "jabber for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security information and event management",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.4"
},
{
"model": "security network intrusion prevention system gx5208",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.14"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "security network intrusion prevention system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "operations analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.3.2.4"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.213"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "manageone v100r001c02",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "one-x communicator for microsoft windows",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.7"
},
{
"model": "storevirtual 1tb mdl sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.6"
},
{
"model": "tivoli netcool/system service monitor fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "s7700\u0026s9700 v100r006",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "31005.2"
},
{
"model": "point software check point security gateway r77",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "s6900 v100r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "ucs b-series servers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.29"
},
{
"model": "linerate",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.2"
},
{
"model": "client applications",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.28"
},
{
"model": "storevirtual hybrid san solution",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.6"
},
{
"model": "universal small cell series software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50003.4.2.0"
},
{
"model": "big-iq device",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "cloudburst",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "big-ip webaccelerator",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9"
},
{
"model": "documentum content server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "6.7"
},
{
"model": "storevirtual 4tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453011.5"
},
{
"model": "security analytics platform",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "7.0"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "77109.7"
},
{
"model": "systems director storage control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.4.1"
},
{
"model": "guardium database activity monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "quantum policy suite",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "9.2-rc2-p2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "point software check point security gateway r70",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "tivoli netcool/system service monitor fp10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "463012.0"
},
{
"model": "storevirtual china hybrid storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.6"
},
{
"model": "telepresence mxp series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "infosphere balanced warehouse c4000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.2"
},
{
"model": "smart update manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.4"
},
{
"model": "flare experience for ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.2.2"
},
{
"model": "communicator for ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70100"
},
{
"model": "srg1200\u00262200\u00263200 v100r002c02spc800",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.2"
},
{
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "2.1"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "infosphere guardium",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.5"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.2"
},
{
"model": "prime data center network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storevirtual 1tb mdl china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433011.5"
},
{
"model": "infosphere balanced warehouse d5100",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "cc v200r001c31",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "s12700 v200r005+v200r005hp0",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "xenmobile app controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "2.10"
},
{
"model": "blackberry os",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "10.0.10648"
},
{
"model": "xenmobile app controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "2.9"
},
{
"model": "oceanstor s5500t v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storevirtual china hybrid san solution",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.6"
},
{
"model": "security information and event management hf3",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.1.4"
},
{
"model": "documentum content server sp2 p13",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "6.7"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "icewall sso dfw r2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0"
},
{
"model": "agent desktop for cisco unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "messaging secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "7.1"
},
{
"model": "i v5r4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "smart update manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0"
},
{
"model": "storevirtual 450gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.5"
},
{
"model": "s2750\u0026s5700\u0026s6700 v200r005+v200r005hp0",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "41005.1.2"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "point software check point security gateway r75",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "anyconnect secure mobility client",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.3"
},
{
"model": "documentum content server sp2 p14",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "6.7"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.1"
},
{
"model": "ecns600 v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "web gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.4.2.1"
},
{
"model": "snapdrive for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.3"
},
{
"model": "jabber voice for iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "9.3-prerelease",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "unified ip conference phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "88310"
},
{
"model": "project openssl 1.0.0e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "storevirtual 450gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.5"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "hardware management console release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v77.8"
},
{
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.6.5"
},
{
"model": "8.4-releng",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "infosphere balanced warehouse c3000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "big-ip edge gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "security network intrusion prevention system gx7800",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security network intrusion prevention system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "storevirtual fc 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473011.5"
},
{
"model": "storevirtual 1tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.5"
},
{
"model": "storevirtual hybrid storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.0"
},
{
"model": "operations orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.03"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.2.0.9"
},
{
"model": "puredata system for operational analytics a1791",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "dsm v100r002c05spc615",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "project openssl 0.9.8t",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vdi communicator",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "big-ip edge gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "10.1"
},
{
"model": "icewall sso certd r3",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0"
},
{
"model": "storevirtual 450gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.5"
},
{
"model": "storevirtual vsa software",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.5"
},
{
"model": "paging server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "ace application control engine module ace20",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "hyperdp oceanstor n8500 v200r001c09",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "agent desktop for cisco unified contact center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "telepresence system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11000"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "ape",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "hyperdp v200r001c91spc201",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "unified attendant console",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "dsr-500 1.09.b61",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "s3900 v100r005",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor s5600t v100r005",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 2tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.0"
},
{
"model": "ace application control engine module ace10",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5600v110.1"
},
{
"model": "rox",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "20"
},
{
"model": "storevirtual 450gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.6"
},
{
"model": "tivoli workload scheduler distributed fp07",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "smart update manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.1"
},
{
"model": "manageone v100r002c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "463011.5"
},
{
"model": "arx",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "6.4"
},
{
"model": "esight-ewl v300r001c10spc300",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "ave2000 v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.0"
},
{
"model": "snapdrive for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"model": "tivoli workload scheduler distributed fp02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "telepresence integrator c series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.1"
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473011.5"
},
{
"model": "usg9300 v200r001c01sph902",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "anyoffice v200r002c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "digital media players series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "43000"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60000"
},
{
"model": "big-ip wom",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "31005.1.1"
},
{
"model": "bbm for android",
"scope": "ne",
"trust": 0.3,
"vendor": "rim",
"version": "2.2.1.40"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "13.10"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.0.0"
},
{
"model": "snapdrive for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.1"
},
{
"model": "usg9500 usg9500 v300r001c20",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace u2990 v200r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "big-ip edge gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "telepresence isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32410"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.2.3"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "systems director storage control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.4.0"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.8"
},
{
"model": "telepresence ex series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "one-x mobile ces for iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"model": "storevirtual 900gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473011.5"
},
{
"model": "big-ip webaccelerator",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"model": "oceanstor s6800t v100r005c30spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "manageone v100r001c02 spc901",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "security information and event management",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "oceanstor s2600t v100r005",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "email and server security",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "11.00"
},
{
"model": "psb email and server security",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "9.20"
},
{
"model": "isoc v200r001c02spc202",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "9000"
},
{
"model": "storevirtual 2tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453011.5"
},
{
"model": "9.2-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "ons series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154000"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.2"
},
{
"model": "unified intelligent contact management enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "webapp secure",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "anyconnect secure mobility client for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "9.1-release-p14",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.1-release-p3",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3"
},
{
"model": "aura system manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "policy center v100r003c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "colorqube ps",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "88704.76.0"
},
{
"model": "updatexpress system packs installer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.60"
},
{
"model": "video surveillance 4300e/4500e high-definition ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "smart update manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "6.4.1"
},
{
"model": "one-x communicator for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "x1.0"
},
{
"model": "big-ip edge gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "watson explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.3"
},
{
"model": "jabber video for ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ctpos 6.6r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.3.2.2"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "51005.1"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "webex connect client for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.12"
},
{
"model": "cognos planning fp3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "email and server security",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "10.00"
},
{
"model": "softco v200r001c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "413012.6"
},
{
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "5.1"
},
{
"model": "security access manager for mobile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "flare experience for microsoft windows",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1.2"
},
{
"model": "agile controller v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "nip2000\u00265000 v100r002c10hp0001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "tapi service provider",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence isdn gw mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83210"
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "smc2.0 v100r002c01b017sp16",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "big-ip wom",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "blackberry link",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "1.2"
},
{
"model": "one-x mobile ces for android",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"model": "physical access gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "session border controller enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "89410"
},
{
"model": "project openssl 0.9.8u",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "isoc v200r001c01spc101",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "5000"
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "watson explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.0"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3.1"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "31005.1"
},
{
"model": "security access manager for web appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.1"
},
{
"model": "10.0-beta",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "documentum content server p06",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "7.1"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "project openssl 1.0.0d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "prime network analysis module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.6"
},
{
"model": "project openssl 1.0.1e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.4"
},
{
"model": "isoc v200r001c00spc202",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "3000"
},
{
"model": "small business isa500 series integrated security appliances",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "flare experience for microsoft windows",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1.1"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.3.28"
},
{
"model": "storevirtual hybrid san solution",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433511.5"
},
{
"model": "systems insight manager 7.3.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "storevirtual 600gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.5"
},
{
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "88310"
},
{
"model": "9.1-release-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"model": "idp 4.1r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "usg9500 usg9500 v300r001c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "smartcloud provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "tandberg codian mse model",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83200"
},
{
"model": "uma v200r001c00spc200",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "big-ip webaccelerator",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "isoc v200r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "3000"
},
{
"model": "storevirtual 450gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.0"
},
{
"model": "big-iq security",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.1"
},
{
"model": "simatic wincc oa",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.12"
},
{
"model": "eupp v100r001c10spc002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "rox",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "10"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.8"
},
{
"model": "operations orchestration",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.0"
},
{
"model": "db2 connect application server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "5.0"
},
{
"model": "9.1-rc2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "rational application developer for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "stunnel",
"scope": "ne",
"trust": 0.3,
"vendor": "stunnel",
"version": "5.02"
},
{
"model": "big-iq cloud",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.2"
},
{
"model": "sbr carrier",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "7.6"
},
{
"model": "flex system fc5022",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.0"
},
{
"model": "storevirtual china hybrid storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433511.5"
},
{
"model": "oceanstor s5500t v100r005",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "videoscape anyres live",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "storevirtual 450gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.0"
},
{
"model": "documentum content server p07",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "7.1"
},
{
"model": "wag310g wireless-g adsl2+ gateway with voip",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.6.4"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "jabber for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified wireless ip phone series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "29200"
},
{
"model": "one-x mobile for blackberry",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"model": "storevirtual 1tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.0"
},
{
"model": "ida pro",
"scope": "eq",
"trust": 0.3,
"vendor": "hex ray",
"version": "6.5"
},
{
"model": "chrome for android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0"
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.6"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "prime optical for sps",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.2"
},
{
"model": "9.2-rc2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433011.5"
},
{
"model": "flare experience for microsoft windows",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1.5"
},
{
"model": "icewall sso agent option",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.02007"
},
{
"model": "open systems snapvault",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "security network intrusion prevention system gx4004-v2",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "documentum content server",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "7.1"
},
{
"model": "storevirtual 600gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.6"
},
{
"model": "smart call home",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "oncommand unified manager core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "project openssl beta5",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.0"
},
{
"model": "insight control server deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.0"
},
{
"model": "big-ip wom",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"model": "firepass",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "7.0"
},
{
"model": "storevirtual 3tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.5"
},
{
"model": "linerate",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.2.4"
},
{
"model": "ecns610 v100r003c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.3"
},
{
"model": "documentum content server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "6.7"
},
{
"model": "chrome for android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025308"
},
{
"model": "storevirtual china hybrid san solution",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433511.5"
},
{
"model": "chrome for android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.99"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.13"
},
{
"model": "hardware management console release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v77.9"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "8.4-release-p8",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "colorqube ps",
"scope": "eq",
"trust": 0.3,
"vendor": "xerox",
"version": "85704.76.0"
},
{
"model": "oceanstor s6800t v100r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "big-ip edge gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "snapdrive for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "chrome for android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0"
},
{
"model": "project openssl 0.9.8m beta1",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "security network intrusion prevention system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "project openssl 0.9.8q",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.11"
},
{
"model": "manageone v100r002c10 spc320",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "svn2200 v200r001c01spc600",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "rational application developer for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "safe profile",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "0"
},
{
"model": "jabber software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "big-ip webaccelerator",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "db2 advanced workgroup server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "ssl for openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.4-467"
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473011.5"
},
{
"model": "flare experience for microsoft windows",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1.4"
},
{
"model": "big-iq security",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.0"
},
{
"model": "eupp v100r001c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.3.2"
},
{
"model": "security network intrusion prevention system gx6116",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "telepresence system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "13000"
},
{
"model": "linerate",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.2.3"
},
{
"model": "uma-db v2r1coospc101",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "security information and event management hf6",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.2.2"
},
{
"model": "project openssl 0.9.8g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "telepresence exchange system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "cms r17",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "usg9300 usg9300 v100r003c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "sterling file gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "oncommand unified manager core package 5.2.1p1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7600-"
},
{
"model": "espace u2990 v200r001c02",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 3tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.6"
},
{
"model": "9.1-release-p7",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "dsr-1000n rev. a1",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "svn5500 v200r001c01spc600",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "blackberry os",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "10.2.0.1055"
},
{
"model": "tivoli netcool/system service monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "snapdrive for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.2"
},
{
"model": "jabber voice for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "onepk all-in-one vm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "idp 4.2r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "big-ip webaccelerator",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "db2 developer edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "linerate",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "1.6.3"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "tivoli netcool/system service monitor fp6",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "8.4-rc1-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "isoc v200r001c02",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "9000"
},
{
"model": "big-ip wom",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "security information and event management",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.1"
},
{
"model": "10.0-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "ddos secure",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"model": "tivoli storage flashcopy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "security network intrusion prevention system gx5108",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "storevirtual fc 900gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433011.5"
},
{
"model": "db2 enterprise server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "tivoli workload scheduler for applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.03"
},
{
"model": "storevirtual 900gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.0"
},
{
"model": "i v5r3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "hardware management console release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v77.7"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.2"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "idp series 5.1r4",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8x"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.23"
},
{
"model": "logcenter v200r003c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "dynamic system analysis",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.61"
},
{
"model": "db2 express edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "telepresence supervisor mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "80500"
},
{
"model": "infosphere master data management server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "storevirtual 3tb mdl sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.5"
},
{
"model": "watson explorer",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.4"
},
{
"model": "s7700\u0026s9700 v200r005",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "flare experience for microsoft windows",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "application networking manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "oceanstor s2600t v100r005c30spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "tivoli workload scheduler distributed fp03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "project openssl 1.0.1h",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "storevirtual 450gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.5"
},
{
"model": "9.2-rc1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "systems director storage control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.2.0"
},
{
"model": "jabber for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.3"
},
{
"model": "telepresence video communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "3.1.10"
},
{
"model": "blackberry os",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "10.1.0.2354"
},
{
"model": "one-x communicator for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "x1.0.3"
},
{
"model": "enterprise manager",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "2.1"
},
{
"model": "db2 purescale feature",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "big-iq security",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "idp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "4.1"
},
{
"model": "project openssl 1.0.0f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "db2 express edition fp7",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "99710"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "storevirtual fc 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "ftp server",
"scope": "ne",
"trust": 0.3,
"vendor": "cerberus",
"version": "7.0.0.3"
},
{
"model": "ata analog telephone adaptor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1870"
},
{
"model": "project openssl 1.0.0b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.1"
},
{
"model": "one-x communicator for microsoft windows",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.2"
},
{
"model": "expressway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.6"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "57100"
},
{
"model": "storevirtual 1tb mdl sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.0"
},
{
"model": "proventia network security controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1209"
},
{
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4.1"
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.0"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.1.2"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.2"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "point software check point security gateway r76",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
},
{
"model": "security information and event management ga",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.4.0"
},
{
"model": "big-ip edge gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"model": "tsm v100r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "2.1.5-1"
},
{
"model": "usg9500 v300r001c20sph102",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual fc 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433011.5"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "asa cx context-aware security",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.1d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "unified im and presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security network intrusion prevention system gv200",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "wincc oa 3.12-p001-3.12-p008",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "elog v100r003c01spc503",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "big-ip edge gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "hardware management console release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v77.6"
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3100"
},
{
"model": "big-ip wom",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "s5900 v100r005",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "s6900 v100r005",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual hybrid storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.5"
},
{
"model": "storevirtual 3tb mdl sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.6"
},
{
"model": "storevirtual fc 900gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.5"
},
{
"model": "fusionsphere v100r003",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "tsm v100r002c07spc219",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "one-x mobile lite for android",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"model": "arx",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "6.1.1"
},
{
"model": "espace iad v300r002c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "documentum content server sp1 p28",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "6.7"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.24"
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5"
},
{
"model": "big-iq cloud",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.0"
},
{
"model": "security network intrusion prevention system gx7412-10",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "9.2-rc3-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "s2750\u0026s5700\u0026s6700 v200r003",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.0"
},
{
"model": "unified series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "79000"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "aura experience portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "tivoli netcool/system service monitor fp3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "hyperdp v200r001c09spc501",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "big-ip webaccelerator",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "toolscenter suite",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.52"
},
{
"model": "telepresence",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "13100"
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453011.5"
},
{
"model": "project openssl 1.0.1b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.0k",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "usg2000 v300r001c10spc200",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 600gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "413012.5"
},
{
"model": "one-x communicator for microsoft windows",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "10.0-stable",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.6.7"
},
{
"model": "storevirtual 900gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.0"
},
{
"model": "big-ip wom",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10500"
},
{
"model": "flare experience for microsoft windows",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1.3"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "snapdrive for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "8.4-release-p7",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "operations analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "aura utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.6"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "big-ip wom",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "db2 workgroup server edition fp7",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "svn5500 v200r001c01hp0001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "infosphere master data management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "9.1-releng",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "agent desktop for cisco unified contact center enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "vdi communicator",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0.3"
},
{
"model": "oceanstor s5500t v100r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "one-x communicator for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "x1.0.1"
},
{
"model": "telepresence profile series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "espace iad v300r001c07",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 900gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433011.5"
},
{
"model": "9.2-rc1-p2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "413012.5"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.7"
},
{
"model": "dsr-1000 rev. a1",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.4"
},
{
"model": "db2 connect unlimited advanced edition for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "linerate",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "1.6.2"
},
{
"model": "one-x communicator for microsoft windows",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2.1"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "9.1"
},
{
"model": "one-x mobile lite for iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"model": "documentum content server sp2 p16",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "6.7"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30000"
},
{
"model": "sterling connect:express for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.5.0.9"
},
{
"model": "storevirtual 1tb mdl china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.5"
},
{
"model": "proactive network operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "algo audit and compliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.0.2"
},
{
"model": "project openssl 0.9.8f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "9.1-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "ip video phone e20",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "storevirtual 900gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433011.5"
},
{
"model": "project openssl beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "mate products",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.1a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "one-x communicator for microsoft windows",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.4"
},
{
"model": "storevirtual 4tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.5"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "3.1.9"
},
{
"model": "srg1200\u00262200\u00263200 v100r002c02hp0001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.2"
},
{
"model": "security network intrusion prevention system gx3002",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "big-ip wom",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "db2 connect enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "56000"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "messaging secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "7.5"
},
{
"model": "jabber guest",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "8.4-release-p9",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "77009.7"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "s2750\u0026s5700\u0026s6700 v200r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace u19** v100r001c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.3.1"
},
{
"model": "uma v200r001c00spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 450gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.6"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.4"
},
{
"model": "telepresence content server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "oceanstor s6800t v100r005",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "project openssl 0.9.8w",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "digital media players series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "44000"
},
{
"model": "vdi communicator",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0.1"
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.5"
},
{
"model": "storevirtual 450gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.0"
},
{
"model": "project openssl 1.0.1g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"model": "storevirtual 600gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "413012.6"
},
{
"model": "ips",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "espace usm v100r001 v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "idp series",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "storevirtual 1tb mdl sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433011.5"
},
{
"model": "oncommand unified manager core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5"
},
{
"model": "tivoli netcool/system service monitor fp12",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "storevirtual 900gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.5"
},
{
"model": "nexus switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "31640"
},
{
"model": "fusionsphere v100r003c10spc600",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "telepresence advanced media gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security analytics platform",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "6.0"
},
{
"model": "tivoli workload scheduler distributed fp03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0"
},
{
"model": "smc2.0 v100r002c01b025sp07",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "s2700\u0026s3700 v100r006",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "project openssl 0.9.8r",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "espace cc v200r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "protection service for email",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "7.1"
},
{
"model": "isoc v200r001c01",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "5000"
},
{
"model": "storevirtual 600gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473011.5"
},
{
"model": "linerate",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.2.2"
},
{
"model": "project openssl beta4",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.0"
},
{
"model": "esight-ewl v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "hyperdp oceanstor n8500 v200r001c91",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "guardium database activity monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "storevirtual hybrid san solution",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.11"
},
{
"model": "project openssl 1.0.0l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "9.1-release-p12",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "simatic wincc oa",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.8"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "oic v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.3"
},
{
"model": "icewall sso dfw certd",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "spa300 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5"
},
{
"model": "communicator for microsoft windows",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "project openssl 0.9.8p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "telepresence isdn link",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "big-ip webaccelerator",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.4"
},
{
"model": "storevirtual fc 900gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.6"
},
{
"model": "snapdrive for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"model": "websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.06"
},
{
"model": "secure access control server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ctpos 6.6r2",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.1"
},
{
"model": "big-ip webaccelerator",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "virtualization experience media engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "jabber im for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "small cell factory recovery root filesystem",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.99.4"
},
{
"model": "big-ip edge gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "ftp server",
"scope": "eq",
"trust": 0.3,
"vendor": "cerberus",
"version": "7.0"
},
{
"model": "enterprise manager",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "2.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"model": "storevirtual china hybrid storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.0"
},
{
"model": "espace vtm v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "spa122 ata with router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storevirtual fc 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.6"
},
{
"model": "infosphere guardium",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "project openssl 1.0.1c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "chrome for android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0"
},
{
"model": "spa525 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "data ontap smi-s agent",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "cp1543-1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "1.1.25"
},
{
"model": "advanced settings utility",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.52"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.4.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "algo audit and compliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "systems director storage control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.3.1"
},
{
"model": "espace u2980 v100r001c02",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "linerate",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.3"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.4"
},
{
"model": "identity service engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "9.2-release-p3",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "s12700 v200r005",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "8.4-release-p11",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "tivoli workload scheduler distributed fp04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "oceanstor s2200t v100r005",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.0"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "41005.1.1"
},
{
"model": "enterprise manager",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "3.1.1"
},
{
"model": "s7-1500",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "s2900 v100r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5600v39.7"
},
{
"model": "open source security information management",
"scope": "ne",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.10"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70000"
},
{
"model": "usg5000 v300r001c10spc200",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual china hybrid san solution",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.0"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "51005.1.1"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.9"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.1.5.1"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 0.3,
"vendor": "stunnel",
"version": "5.00"
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.0"
},
{
"model": "one-x communicator for microsoft windows",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.0.4"
},
{
"model": "one-x communicator for microsoft windows",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.8"
},
{
"model": "s5900 v100r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "esight v2r3c10spc201",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.0"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.4"
},
{
"model": "insight control server deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "project openssl 0.9.8l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.13"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70000"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "s3900 v100r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "anyoffice emm",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "2.6.0601.0090"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "ssl for openvms",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "1.4-476"
},
{
"model": "project openssl 1.0.0i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "security network intrusion prevention system gx7412",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "big-iq device",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.3"
},
{
"model": "i v5r4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "storevirtual 1tb mdl china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.6"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "51005.1.21"
},
{
"model": "usg9500 usg9500 v200r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "s2750\u0026s5700\u0026s6700 v200r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "one-x communicator for microsoft windows",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "rox",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "11.16"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "prime network services controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "oic v100r001c00spc402",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "documentum content server",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "7.0"
},
{
"model": "icewall sso dfw",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0"
},
{
"model": "s7700\u0026s9700 v200r005+v200r005hp0",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "9.2-releng",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.010"
},
{
"model": "dsr-1000 1.09.b61",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.10"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "tivoli storage flashcopy manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "insight control server deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.2"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "1.0.4"
},
{
"model": "vtm v100r001c30",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "oceanstor s5500t v100r005c30spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 2tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.5"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.4.1"
},
{
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "99510"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "41005.1"
},
{
"model": "storevirtual 900gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.6"
},
{
"model": "insight control server deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "espace u2980 v100r001 v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "cloudburst",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "tivoli netcool/system service monitor fp8",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "watson explorer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "8.4-rc2-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.3"
},
{
"model": "one-x communicator for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "x2.0.10"
},
{
"model": "idp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "4.2"
},
{
"model": "spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "20500"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.4.1"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.1.5.2"
},
{
"model": "blackberry os",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "10.1.0.1880"
},
{
"model": "db2 connect unlimited edition for system i",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "8.4-stable",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "telepresence ip vcr series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence sx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "db2 connect unlimited edition for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "documentum content server sp1 p26",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "6.7"
},
{
"model": "chrome for android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0"
},
{
"model": "9.2-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "systems director storage control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.1.1"
},
{
"model": "tivoli netcool/system service monitor fp4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "project openssl 1.0.0j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "eupp v100r001c01spc101",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.5"
},
{
"model": "ecns600 v100r003c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 600gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.6"
},
{
"model": "oceanstor s2600t v100r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "ssl for openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.4-471"
},
{
"model": "communicator for android",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0.1"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1.9"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5600v29.7"
},
{
"model": "security information and event management",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.3"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.3"
},
{
"model": "arx",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "6.0"
},
{
"model": "aura presence services sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "db2 connect application server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "storevirtual 450gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.0"
},
{
"model": "ave2000 v100r001c00sph001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 900gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.6"
},
{
"model": "tivoli netcool/system service monitor fp5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "documentum content server sp2 p15",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "6.7"
},
{
"model": "tivoli workload scheduler for applications fp01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "arx",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "6.3"
},
{
"model": "9.2-release-p5",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "10.0-rc2-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.4.13"
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.5"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "31005.1.21"
},
{
"model": "one-x communicator for microsoft windows",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "463012.5"
},
{
"model": "nac appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "vpn client v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "metro ethernet series access devices",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12000"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "prime network",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.5"
},
{
"model": "prime infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ace application control engine appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "9.1-rc1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 0.3,
"vendor": "stunnel",
"version": "5.01"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "41005.2"
},
{
"model": "tivoli network manager ip edition fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.94"
},
{
"model": "project openssl 1.0.0m",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "dsr-500n rev. a1",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "security network intrusion prevention system gx5008-v2",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "ios xr software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "413011.5"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.8.0"
},
{
"model": "nip2000\u00265000 v100r002c10spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "sterling b2b integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "chrome for android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.166"
},
{
"model": "eupp v100r001c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.0.3"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "dsr-500 rev. a1",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "guardium database activity monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.27"
},
{
"model": "oceanstor s5800t v100r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "blackberry os",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "10.1"
},
{
"model": "jabber for mac",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "big-iq cloud",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.1"
},
{
"model": "storevirtual 450gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453011.5"
},
{
"model": "unified series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "69000"
},
{
"model": "tivoli netcool/system service monitor fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "one-x communicator for microsoft windows",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.6"
},
{
"model": "oceanstor s5600t v100r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "db2 enterprise server edition fp7",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2 connect unlimited edition for system z",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "linerate",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.3.1"
},
{
"model": "security network protection",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "51005.1.2"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "unified communications manager session management edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "video surveillance ptz ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "snapdrive for unix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "client applications",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"model": "9.1-release-p10",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "security module for cisco network registar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "sbr carrier",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "8.0"
},
{
"model": "open systems snapvault",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "project openssl 0.9.8za",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "storevirtual 450gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433011.5"
},
{
"model": "telepresence system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "500-320"
},
{
"model": "chrome for android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0"
},
{
"model": "security network intrusion prevention system gx5108-v2",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.9"
},
{
"model": "s6900 v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "db2 workgroup server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "proventia network security controller 1.0.3350m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "dsm v100r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "telepresence mx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "insight control server deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "css series content services switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "115000"
},
{
"model": "telepresence system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "500-370"
},
{
"model": "tivoli workload scheduler distributed fp04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "oceanstor s5800t v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "rational clearquest",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2.10"
},
{
"model": "web gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.3.2.10"
},
{
"model": "security network intrusion prevention system gx7412-05",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "icewall mcrp",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0"
},
{
"model": "storevirtual 450gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433011.5"
},
{
"model": "s7700\u0026s9700 v200r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "9.3-beta1",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "security analytics platform",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "7.1"
},
{
"model": "espace usm v100r001c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "67898"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002767"
},
{
"db": "NVD",
"id": "CVE-2014-3470"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:api_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:hardware_management_console",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:infosphere_master_data_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:initiate_master_data_service",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:mobile_messaging%26m2m",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:java_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ibm:security_access_manager_for_mobile_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ibm:security_access_manager_for_web_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:smartcloud_orchestrator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:smartcloud_provisioning",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:tivoli_management_framework",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:tivoli_workload_scheduler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:websphere_mq",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:tivoli_composite_application_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:openssl:openssl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:virtualization_secure_global_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:vm_virtualbox",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:redhat:storage",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:hitachi:l20_300",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:hitachi:lto6_drive",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:hitachi:lx_30a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:integrated_system_ha_database_ready",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:symfoware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002767"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "127159"
},
{
"db": "PACKETSTORM",
"id": "127136"
},
{
"db": "PACKETSTORM",
"id": "127362"
},
{
"db": "PACKETSTORM",
"id": "127086"
},
{
"db": "PACKETSTORM",
"id": "128001"
}
],
"trust": 0.5
},
"cve": "CVE-2014-3470",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-3470",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3470",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-3470",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULMON",
"id": "CVE-2014-3470",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3470"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002767"
},
{
"db": "NVD",
"id": "CVE-2014-3470"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. OpenSSL is prone to a denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. \nOpenSSL prior to 0.9.8za, 1.0.0m, and 1.0.1h are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201407-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: OpenSSL: Multiple vulnerabilities\n Date: July 27, 2014\n Bugs: #512506\n ID: 201407-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, possibly allowing\nremote attackers to execute arbitrary code. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1h-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-5298\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298\n[ 2 ] CVE-2014-0195\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195\n[ 3 ] CVE-2014-0198\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198\n[ 4 ] CVE-2014-0221\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221\n[ 5 ] CVE-2014-0224\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224\n[ 6 ] CVE-2014-3470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470\n[ 7 ] OpenSSL Security Advisory [05 Jun 2014]\n http://www.openssl.org/news/secadv_20140605.txt\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201407-05.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. 7) - x86_64\n\n3. \n\nHP Systems Insight Manager v7.3 Hotfix kit\nHP Systems Insight Manager v7.2 Hotfix kit\n\nhttp://h18013.www1.hp.com/products/servers/management/hpsim/download.html\n\nNOTE: No reboot of the system is required after applying the HP SIM Hotfix\nkit. \n\nThe attack can only be performed between a vulnerable client *and*\nserver. \n\nThanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 1st May\n2014 via JPCERT/CC. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team partly based\non an original patch from KIKUCHI Masashi. \n\nDTLS recursion flaw (CVE-2014-0221)\n====================================\n\nBy sending an invalid DTLS handshake to an OpenSSL DTLS client the code\ncan be made to recurse eventually crashing in a DoS attack. \n\nThanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This\nissue was reported to OpenSSL on 9th May 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nThanks to J\u00fcri Aedla for reporting this issue. This issue was\nreported to OpenSSL on 23rd April 2014 via HP ZDI. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. This flaw\nonly affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is\nenabled, which is not the default and not common. \n\nThis issue was reported in public. The fix was developed by\nMatt Caswell of the OpenSSL development team. \n\nSSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)\n===============================================================================\n \nA race condition in the ssl3_read_bytes function can allow remote\nattackers to inject data across sessions or cause a denial of service. \nThis flaw only affects multithreaded applications using OpenSSL 1.0.0\nand 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the\ndefault and not common. \n\nThis issue was reported in public. \n\nThanks to Felix Gr\u00f6bert and Ivan Fratri\u0107 at Google for discovering this\nissue. This issue was reported to OpenSSL on 28th May 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nOther issues\n============\n\nOpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for\nCVE-2014-0076: Fix for the attack described in the paper \"Recovering\nOpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack\"\nReported by Yuval Yarom and Naomi Benger. This issue was previously\nfixed in OpenSSL 1.0.1g. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20140605.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nRelease Date: 2014-06-12\nLast Updated: 2014-06-12\n\nPotential Security Impact: Remote Denial of Service (DoS), code execution,\nsecurity restriction bypass, disclosure of information, or unauthorized\naccess\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running\nOpenSSL. These vulnerabilities could be exploited remotely to create a Denial\nof Service (DoS), execute code, bypass security restrictions, disclose\ninformation, or allow unauthorized access. \n\nReferences:\n\nCVE-2014-0076 Remote Denial of Service (DoS)\nCVE-2014-0195 Remote Unauthorized Access\nCVE-2014-0221 Remote Denial of Service (DoS)\nCVE-2014-0224 Remote Unauthorized Access or Disclosure of Information\nCVE-2014-3470 Remote Code Execution or Unauthorized Access\nSSRT101590, SSRT101596\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before 0.9.8za\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-0076 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates to resolve these vulnerabilities. The\nupdates are available from the following location using ftp:\n\nftp://srt03046:Secure12@ftp.usa.hp.com\n\nUser name: srt03046\nPassword: Secure12 ( NOTE: Case sensitive)\n\nHP-UX Release\n HP-UX OpenSSL version\n\nB.11.11 (11i v1)\n A.00.09.08za.001_HP-UX_B.11.11_32+64.depot\n\nB.11.23 (11i v2)\n A.00.09.08za.002_HP-UX_B.11.23_IA-PA.depot\n\nB.11.31 (11i v3)\n A.00.09.08za.003_HP-UX_B.11.31_IA-PA.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08za or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08za.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08za.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08za.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 12 June 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. Summary\n\n VMware product updates address OpenSSL security vulnerabilities. Problem Description\n\n a. \n \n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n\n has assigned the names CVE-2014-0224, CVE-2014-0198, \n CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to\n these issues. The most important of these issues is \n CVE-2014-0224. \n\n CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to\n be of moderate severity. Exploitation is highly unlikely or is\n mitigated due to the application configuration. \n\n CVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL \n Security Advisory (see Reference section below), do not affect\n any VMware products. For readability\n the affected products have been split into 3 tables below, \n based on the different client-server configurations and\n deployment scenarios. Applying these patches to \n affected servers will mitigate the affected clients (See Table 1\n below). can be mitigated by using a secure network such as \n VPN (see Table 2 below). \n \n Clients and servers that are deployed on an isolated network are\n less exposed to CVE-2014-0224 (see Table 3 below). The affected\n products are typically deployed to communicate over the\n management network. \n\n RECOMMENDATIONS\n\n VMware recommends customers evaluate and deploy patches for\n affected Servers in Table 1 below as these patches become\n available. Patching these servers will remove the ability to\n exploit the vulnerability described in CVE-2014-0224 on both\n clients and servers. VMware recommends customers consider \n applying patches to products listed in Table 2 \u0026 3 as required. \n\n Column 4 of the following tables lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch \n ============== ======= ======= =============\n ESXi 5.5 ESXi ESXi550-\n 201406401-SG \n\n Big Data Extensions 1.1 patch pending \n Charge Back Manager 2.6 patch pending \n\n Horizon Workspace Server \n GATEWAY 1.8.1 patch pending \n Horizon Workspace Server \n GATEWAY 1.5 patch pending \n\n Horizon Workspace Server \n DATA 1.8.1 patch pending \n\n Horizon Mirage Edge Gateway 4.4.2 patch pending \n Horizon View 5.3.1 patch pending \n\n Horizon View Feature Pack 5.3 SP2 patch pending \n\n NSX for Multi-Hypervisor 4.1.2 patch pending \n NSX for Multi-Hypervisor 4.0.3 patch pending \n NSX for vSphere 6.0.4 patch pending \n NVP 3.2.2 patch pending \n vCAC 6.0.1 patch pending \n\n vCloud Networking and Security 5.5.2 \t\t patch pending \n vCloud Networking and Security 5.1.2 \t\t patch pending \n\n vFabric Web Server 5.3.4 patch pending \n\n vCHS - DPS-Data Protection 2.0 patch pending \n Service\n\n Table 2\n ========\n Affected clients running a vulnerable version of OpenSSL 0.9.8 \n or 1.0.1 and communicating over an untrusted network. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch \n ============== ======= ======= =============\n vCSA 5.5 patch pending \n vCSA 5.1 patch pending \n vCSA 5.0 patch pending \n\n\n ESXi 5.1 ESXi patch pending \n ESXi 5.0 ESXi patch pending \n\n Workstation 10.0.2 any patch pending \n Workstation 9.0.3 any patch pending \n Fusion 6.x OSX patch pending \n Fusion 5.x OSX patch pending \n Player 10.0.2 any patch pending \n Player 9.0.3 any patch pending \n\n Chargeback Manager 2.5.x patch pending \n\n Horizon Workspace Client for 1.8.1 OSX patch pending \n Mac\n Horizon Workspace Client for 1.5 OSX patch pending \n Mac\n Horizon Workspace Client for 1.8.1 Windows patch pending \n Windows \n Horizon Workspace Client for 1.5 Windows patch pending \n\n OVF Tool 3.5.1 patch pending \n OVF Tool 3.0.1 patch pending \n\n vCenter Operations Manager 5.8.1 patch pending \n\n vCenter Support Assistant 5.5.0 patch pending \n vCenter Support Assistant 5.5.1 patch pending \n \n vCD 5.1.2 patch pending \n vCD 5.1.3 patch pending \n vCD 5.5.1.1 patch pending \n vCenter Site Recovery Manager 5.0.3.1 patch pending \n\n Table 3\n =======\n The following table lists all affected clients running a\n vulnerable version of OpenSSL 0.9.8 or 1.0.1 and communicating\n over an untrusted network. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch \n ============== ======= ======= =============\n vCenter Server 5.5 any patch pending\n vCenter Server 5.1 any patch pending\n vCenter Server 5.0 any patch pending\n\n Update Manager 5.5 Windows patch pending\n Update Manager 5.1 Windows patch pending\n Update Manager 5.0 Windows patch pending \n\n Config Manager (VCM) 5.6 patch pending \n\n Horizon View Client 5.3.1 patch pending \n Horizon View Client 4.x patch pending\n Horizon Workspace 1.8.1 patch pending \n Horizon Workspace 1.5 patch pending \n \n \n ITBM Standard 1.0.1 patch pending \n ITBM Standard 1.0 patch pending \n \n Studio 2.6.0.0 patch pending \n \n Usage Meter 3.3 patch pending \n vCenter Chargeback Manager 2.6 patch pending \n vCenter Converter Standalone 5.5 patch pending \n vCenter Converter Standalone 5.1 patch pending \n vCD (VCHS) 5.6.2 patch pending \n \n vCenter Site Recovery Manager 5.5.1 patch pending \n vCenter Site Recovery Manager 5.1.1 patch pending\n\n vFabric Application Director 5.2.0 patch pending \n vFabric Application Director 5.0.0 patch pending \n View Client 5.3.1 patch pending \n View Client 4.x patch pending\n VIX API 5.5 patch pending \n VIX API 1.12 patch pending \n \n vMA (Management Assistant) 5.1.0.1 patch pending \n \n\n VMware Data Recovery 2.0.3 patch pending \n \n VMware vSphere CLI 5.5 patch pending \n \n vSphere Replication 5.5.1 patch pending \n vSphere Replication 5.6 patch pending \n vSphere SDK for Perl 5.5 patch pending \n vSphere Storage Appliance 5.5.1 patch pending \n vSphere Storage Appliance 5.1.3 patch pending \n vSphere Support Assistant 5.5.1 patch pending \n vSphere Support Assistant 5.5.0 patch pending\n vSphere Virtual Disk 5.5 patch pending \n Development Kit \n vSphere Virtual Disk 5.1 patch pending \n Development Kit\n vSphere Virtual Disk 5.0 patch pending \n Development Kit\n \n 4. Solution\n\n ESXi 5.5\n ----------------------------\n\n Download:\n https://www.vmware.com/patchmgr/download.portal\n\n Release Notes and Remediation Instructions:\n http://kb.vmware.com/kb/2077359\n\n 5. Change Log\n\n 2014-06-10 VMSA-2014-0006\n Initial security advisory in conjunction with the release of\n ESXi 5.5 updates on 2014-06-10\n\n- -----------------------------------------------------------------------\n \n7. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n security-announce at lists.vmware.com\n bugtraq at securityfocus.com\n fulldisclosure at seclists.org\n\n E-mail: security at vmware.com\n PGP key at: http://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n VMware Security Response Policy\n https://www.vmware.com/support/policies/security_response.html\n\n VMware Lifecycle Support Phases\n https://www.vmware.com/support/policies/lifecycle.html\n \n Twitter\n https://twitter.com/VMwareSRC\n\n Copyright 2014 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2014:0625-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0625.html\nIssue date: 2014-06-05\nCVE Names: CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 \n CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues. \nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470. \n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1087195 - CVE-2010-5298 openssl: freelist misuse causing a possible use-after-free\n1093837 - CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()\n1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability\n1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake\n1103598 - CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment\n1103600 - CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.14.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\n\nppc64:\nopenssl-1.0.1e-16.el6_5.14.ppc.rpm\nopenssl-1.0.1e-16.el6_5.14.ppc64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.ppc.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.ppc.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-16.el6_5.14.s390.rpm\nopenssl-1.0.1e-16.el6_5.14.s390x.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.s390.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.s390.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.14.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.ppc64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.s390x.rpm\nopenssl-static-1.0.1e-16.el6_5.14.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.14.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2010-5298.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0195.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0198.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0221.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0224.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3470.html\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/site/articles/904433\nhttps://access.redhat.com/site/solutions/905793\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTkGAKXlSAg2UNWIIRAnrwAJ9sLrj3wCAZhJU00jxgt03unDAHywCfVjUB\npJJhdOUzRUL8R2haDM4xrsk=\n=hZF8\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. ============================================================================\nUbuntu Security Notice USN-2232-3\nJune 23, 2014\n\nopenssl regression\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 13.10\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nUSN-2232-1 introduced a regression in OpenSSL. The upstream fix for\nCVE-2014-0224 caused a regression for certain applications that use\nrenegotiation, such as PostgreSQL. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and\n Ubuntu 14.04 LTS. (CVE-2014-0195)\n Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. \n (CVE-2014-0224)\n Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled\n anonymous ECDH ciphersuites. This issue only\n affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. \n (CVE-2014-3470)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.4\n\nUbuntu 13.10:\n libssl1.0.0 1.0.1e-3ubuntu1.6\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.16\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.19\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. \nCorrected: 2014-06-05 12:32:38 UTC (stable/10, 10.0-STABLE)\n 2014-06-05 12:33:23 UTC (releng/10.0, 10.0-RELEASE-p5)\n 2014-06-05 12:53:06 UTC (stable/9, 9.3-BETA1)\n 2014-06-05 12:53:06 UTC (stable/9, 9.3-BETA1-p2)\n 2014-06-05 12:33:23 UTC (releng/9.2, 9.2-RELEASE-p8)\n 2014-06-05 12:33:23 UTC (releng/9.1, 9.1-RELEASE-p15)\n 2014-06-05 12:32:38 UTC (stable/8, 8.4-STABLE)\n 2014-06-05 12:33:23 UTC (releng/8.4, 8.4-RELEASE-p12)\nCVE Name: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII. [CVE-2014-3470]\n\nIII. [CVE-2014-3470]\n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.0]\n# fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-10.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-10.patch.asc\n# gpg --verify openssl-10.patch.asc\n\n[FreeBSD 9.x and 8.x]\n# fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-9.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-9.patch.asc\n# gpg --verify openssl-9.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\n3) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r267103\nreleng/8.4/ r267104\nstable/9/ r267106\nreleng/9.1/ r267104\nreleng/9.2/ r267104\nstable/10/ r267103\nreleng/10.0/ r267104\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. \n\nCVE-2014-0221\n\n Imre Rad discovered the processing of DTLS hello packets is \n susceptible to denial of service. \n\nAdditional information can be found at \nhttp://www.openssl.org/news/secadv_20140605.txt\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u10. You can use the tool checkrestart from the package\ndebian-goodies to detect affected programs or reboot your system. There\u0027s\nalso a forthcoming security update for the Linux kernel later the day\n(CVE-2014-3153), so you need to reboot anyway. Perfect timing, isn\u0027t it?\n\nFor the unstable distribution (sid), these problems will be fixed soon. \nHP System Management Homepage versions 7.3.2 and earlier for Linux and\nWindows. HP System Management Homepage v7.2.4.1 is available for\nWindows 2003 only. \n\nHP System Management Homepage v7.2.4.1 for Windows x86:\nhttp://www.hp.com/swpublishing/MTX-d775367b0a28449ca05660778b\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v98702\n\nHP System Management Homepage v7.2.4.1 for Windows x64:\nhttp://www.hp.com/swpublishing/MTX-3a7aa5e233904ebe847a5e1555\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v98704\n\nHP System Management Homepage v7.3.3.1 for Windows x86:\nhttp://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p11160892/v98696\n\nHP System Management Homepage v7.3.3.1 for Windows x64:\nhttp://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba\nftp://ftp.hp.com/pub/softlib2/software1/sc-windows/p221526337/v98698\n\nHP System Management Homepage v7.3.3.1 for Linux x86:\nhttp://www.hp.com/swpublishing/MTX-511c3e0b2f6f4f6bbc796fc619\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1980463820/v98694\n\nHP System Management Homepage v7.3.3.1 for Linux x64:\nhttp://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-linux/p1507410135/v98693\n\nNOTE: HP System Management Homepage v7.3.3.1 for Linux x86 still contains\nOpenSSL v1.0.0d. As long as all other products which SMH V7.3.3.1 for Linux\nx86 communicates with have been upgraded to the latest versions, it will not\nbe vulnerable to the exploits described in CVE-2014-0224. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update\n2014-004\n\nOS X Mavericks 10.9.5 and Security Update 2014-004 are now available\nand address the following:\n\napache_mod_php\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: Multiple vulnerabilities in PHP 5.4.24\nDescription: Multiple vulnerabilities existed in PHP 5.4.24, the\nmost serious of which may have led to arbitrary code execution. This\nupdate addresses the issues by updating PHP to version 5.4.30\nCVE-ID\nCVE-2013-7345\nCVE-2014-0185\nCVE-2014-0207\nCVE-2014-0237\nCVE-2014-0238\nCVE-2014-1943\nCVE-2014-2270\nCVE-2014-3478\nCVE-2014-3479\nCVE-2014-3480\nCVE-2014-3487\nCVE-2014-3515\nCVE-2014-3981\nCVE-2014-4049\n\nBluetooth\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A validation issue existed in the handling of a\nBluetooth API call. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-4390 : Ian Beer of Google Project Zero\n\nCoreGraphics\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or an information disclosure\nDescription: An out of bounds memory read existed in the handling of\nPDF files. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with\nthe iSIGHT Partners GVP Program\n\nCoreGraphics\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An integer overflow existed in the handling of PDF\nfiles. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with\nthe iSIGHT Partners GVP Program\n\nFoundation\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: An application using NSXMLParser may be misused to disclose\ninformation\nDescription: An XML External Entity issue existed in NSXMLParser\u0027s\nhandling of XML. This issue was addressed by not loading external\nentities across origins. \nCVE-ID\nCVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)\n\nIntel Graphics Driver\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: Compiling untrusted GLSL shaders may lead to an unexpected\napplication termination or arbitrary code execution\nDescription: A user-space buffer overflow existed in the shader\ncompiler. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4393 : Apple\n\nIntel Graphics Driver\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: Multiple validation issues existed in some integrated\ngraphics driver routines. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4394 : Ian Beer of Google Project Zero\nCVE-2014-4395 : Ian Beer of Google Project Zero\nCVE-2014-4396 : Ian Beer of Google Project Zero\nCVE-2014-4397 : Ian Beer of Google Project Zero\nCVE-2014-4398 : Ian Beer of Google Project Zero\nCVE-2014-4399 : Ian Beer of Google Project Zero\nCVE-2014-4400 : Ian Beer of Google Project Zero\nCVE-2014-4401 : Ian Beer of Google Project Zero\nCVE-2014-4416 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A null pointer dereference existed in the handling of\nIOKit API arguments. This issue was addressed through improved\nvalidation of IOKit API arguments. \nCVE-ID\nCVE-2014-4376 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An out-of-bounds read issue existed in the handling of\nan IOAcceleratorFamily function. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4402 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A local user can read kernel pointers, which can be used to\nbypass kernel address space layout randomization\nDescription: An out-of-bounds read issue existed in the handling of\nan IOHIDFamily function. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2014-4379 : Ian Beer of Google Project Zero\n\nIOKit\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A validation issue existed in the handling of certain\nmetadata fields of IODataQueue objects. This issue was addressed\nthrough improved validation of metadata. \nCVE-ID\nCVE-2014-4388 : @PanguTeam\n\nIOKit\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An integer overflow existed in the handling of IOKit\nfunctions. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4389 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: A local user can infer kernel addresses and bypass kernel\naddress space layout randomization\nDescription: In some cases, the CPU Global Descriptor Table was\nallocated at a predictable address. This issue was addressed through\nalways allocating the Global Descriptor Table at random addresses. \nCVE-ID\nCVE-2014-4403 : Ian Beer of Google Project Zero\n\nLibnotify\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with root privileges\nDescription: An out-of-bounds write issue existed in Libnotify. This\nissue was addressed through improved bounds checking\nCVE-ID\nCVE-2014-4381 : Ian Beer of Google Project Zero\n\nOpenSSL\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact: Multiple vulnerabilities in OpenSSL 0.9.8y, including one\nthat may lead to arbitrary code execution\nDescription: Multiple vulnerabilities existed in OpenSSL 0.9.8y. \nCVE-ID\nCVE-2014-0076\nCVE-2014-0195\nCVE-2014-0221\nCVE-2014-0224\nCVE-2014-3470\n\nQT Media Foundation\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nRLE encoded movie files. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2014-1391 : Fernando Munoz working with iDefense VCP, Tom\nGallagher \u0026 Paul Bates working with HP\u0027s Zero Day Initiative\n\nQT Media Foundation\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact: Playing a maliciously crafted MIDI file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of MIDI\nfiles. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4350 : s3tm3m working with HP\u0027s Zero Day Initiative\n\nQT Media Foundation\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nthe \u0027mvhd\u0027 atoms. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-4979 : Andrea Micalizzi aka rgod working with HP\u0027s Zero Day\nInitiative\n\nruby\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A heap buffer overflow existed in LibYAML\u0027s handling of\npercent-encoded characters in a URI. This issue was addressed through\nimproved bounds checking. This update addresses the issues by\nupdating LibYAML to version 0.1.6\nCVE-ID\nCVE-2014-2525\n\n\nNote: OS X Mavericks 10.9.5 includes the security content of\nSafari 7.0.6: http://support.apple.com/kb/HT6367\n\nOS X Mavericks v10.9.5 and Security Update 2014-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJUGkP0AAoJEBcWfLTuOo7tygQP/1vHYXtWy6492Tjj6ycymWa+\nCt0eCCBU/AUi5ODNDeV9ddWkuFeXKbgQSHoPU19IPcIBAKnYUupVJSJ/cEHfSthh\nCiROjJw8Bt8comn04BgggHieLveN1xQCXQDcO29kBIpQr394XKS0lNXP//Z0oG5V\nsCnEDPz/0R92mwT5XkKD9WC7G/WjybS5V7BjEbdzDOn4qdTVje05xI5pof+fkeQ1\nhFHo7uTCDkSzLH2YxrQHifNVyItz8AgnNHwH7zc6XmNtiNFkiFP/KU6BYyr8WiTQ\nJb3pyLB/Xvmbd0kuETnDNvV0oJc88G38a++xZPnuM7zQrW/TQkkKQpiqKtYAiJuw\nZhUoky620/7HULegcYtsTyuDFyEN6whdSmHLFCJzk2oZXZ7MPA8ywCFB8Y79rohW\n5MTe/zVUSxxYBgVXpkmhPwXYSTINeUJGJA1RQtXhC2Hh6O2jeqJP2H0hTmgsCBRA\n3X/2CGoyAAgoKTJwgXk07tBbJWf+wQwAvUN9L1Yph+uOvvUzqFt8LNEGw9jVPsZl\nQHcSEW/Ef/HK/OLwVZiPqse6lRJAdRZl5//vm4408jnXfJCy6KnvxcsO4Z1yTyoP\nkCXdWlSLBiidcRRWBfoQBSC3gANcx9a56ItWieEvJrdNOiyhb+gqEk7XraOlb/gf\nk4w2RKNm0Fv+kdNoFAnd\n=gpVc\n-----END PGP SIGNATURE-----\n\n. \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate\u0026#039;s unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a CertificateVerify\n message, which allows remote attackers to obtain access without\n knowledge of a private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority with DH support\n (CVE-2015-0205). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3470"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002767"
},
{
"db": "BID",
"id": "67898"
},
{
"db": "PACKETSTORM",
"id": "127630"
},
{
"db": "PACKETSTORM",
"id": "127042"
},
{
"db": "PACKETSTORM",
"id": "128001"
},
{
"db": "PACKETSTORM",
"id": "126961"
},
{
"db": "PACKETSTORM",
"id": "127086"
},
{
"db": "PACKETSTORM",
"id": "127045"
},
{
"db": "PACKETSTORM",
"id": "126927"
},
{
"db": "VULMON",
"id": "CVE-2014-3470"
},
{
"db": "PACKETSTORM",
"id": "127166"
},
{
"db": "PACKETSTORM",
"id": "126957"
},
{
"db": "PACKETSTORM",
"id": "126937"
},
{
"db": "PACKETSTORM",
"id": "127362"
},
{
"db": "PACKETSTORM",
"id": "127136"
},
{
"db": "PACKETSTORM",
"id": "127159"
},
{
"db": "PACKETSTORM",
"id": "128315"
},
{
"db": "PACKETSTORM",
"id": "131044"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3470",
"trust": 3.7
},
{
"db": "MCAFEE",
"id": "SB10075",
"trust": 1.4
},
{
"db": "BID",
"id": "67898",
"trust": 1.4
},
{
"db": "JUNIPER",
"id": "JSA10629",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "59916",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58742",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59659",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58977",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59310",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59191",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59483",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59189",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59721",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59431",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59282",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59362",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59491",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59300",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60571",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59287",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58939",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58337",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59162",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59364",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59449",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59192",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59990",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59167",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58945",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59126",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58716",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "61254",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59175",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59442",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59655",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59459",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59445",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59451",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59264",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59306",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58579",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59518",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59490",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59440",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59120",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59666",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59514",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59784",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58615",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59460",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59284",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59495",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59413",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58713",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58714",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59365",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59438",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59223",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59441",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59525",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58797",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59301",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59450",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59340",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59895",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59342",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59669",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59437",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58667",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-234763",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-14-198-03",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU93868849",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002767",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-14-198-03G",
"trust": 0.4
},
{
"db": "DLINK",
"id": "SAP10045",
"trust": 0.3
},
{
"db": "ICS CERT",
"id": "ICSA-17-094-04",
"trust": 0.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-198-03F",
"trust": 0.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-198-03B",
"trust": 0.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-198-03C",
"trust": 0.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-198-03D",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2014-3470",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128315",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127159",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127136",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127362",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126937",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126957",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131044",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127166",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127630",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126927",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127045",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127086",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126961",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128001",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127042",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3470"
},
{
"db": "BID",
"id": "67898"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002767"
},
{
"db": "PACKETSTORM",
"id": "128315"
},
{
"db": "PACKETSTORM",
"id": "127159"
},
{
"db": "PACKETSTORM",
"id": "127136"
},
{
"db": "PACKETSTORM",
"id": "127362"
},
{
"db": "PACKETSTORM",
"id": "126937"
},
{
"db": "PACKETSTORM",
"id": "126957"
},
{
"db": "PACKETSTORM",
"id": "131044"
},
{
"db": "PACKETSTORM",
"id": "127166"
},
{
"db": "PACKETSTORM",
"id": "127630"
},
{
"db": "PACKETSTORM",
"id": "126927"
},
{
"db": "PACKETSTORM",
"id": "127045"
},
{
"db": "PACKETSTORM",
"id": "127086"
},
{
"db": "PACKETSTORM",
"id": "126961"
},
{
"db": "PACKETSTORM",
"id": "128001"
},
{
"db": "PACKETSTORM",
"id": "127042"
},
{
"db": "NVD",
"id": "CVE-2014-3470"
}
]
},
"id": "VAR-201406-0117",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4195407518181817
},
"last_update_date": "2024-11-29T19:53:19.104000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT6443",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6443"
},
{
"title": "HT6443",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6443?viewlocale=ja_JP"
},
{
"title": "KB36051",
"trust": 0.8,
"url": "http://www.blackberry.com/btsc/KB36051"
},
{
"title": "cisco-sa-20140605-openssl",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://fedoraproject.org/ja/"
},
{
"title": "HIRT-PUB14010",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/hirt/publications/hirt-pub14010/index.html"
},
{
"title": "6060",
"trust": 0.8,
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6060\u0026myns=phmc\u0026mync=E"
},
{
"title": "6061",
"trust": 0.8,
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6061\u0026myns=phmc\u0026mync=E"
},
{
"title": "1676062",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
},
{
"title": "4037761",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037761"
},
{
"title": "1676419",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
},
{
"title": "1676128",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676128"
},
{
"title": "1676496",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676496"
},
{
"title": "1676655",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
},
{
"title": "00001841",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
},
{
"title": "1677695",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
},
{
"title": "00001843",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
},
{
"title": "1677828",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
},
{
"title": "1673137",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
},
{
"title": "1678167",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
},
{
"title": "1676035",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
},
{
"title": "1678289",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
},
{
"title": "2079783",
"trust": 0.8,
"url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=2079783"
},
{
"title": "7015264",
"trust": 0.8,
"url": "http://www.novell.com/support/kb/doc.php?id=7015264"
},
{
"title": "7015300",
"trust": 0.8,
"url": "http://www.novell.com/support/kb/doc.php?id=7015300"
},
{
"title": "SB10075",
"trust": 0.8,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
},
{
"title": "Fix CVE-2014-3470",
"trust": 0.8,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8011cd56e39a433b1837465259a9bd24a38727fb"
},
{
"title": "Anonymous ECDH denial of service (CVE-2014-3470)",
"trust": 0.8,
"url": "http://www.openssl.org/news/secadv_20140605.txt"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2014",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html"
},
{
"title": "Bug 1103600",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103600"
},
{
"title": "SA80",
"trust": 0.8,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80"
},
{
"title": "Huawei-SA-20140613-OpenSSL",
"trust": 0.8,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
},
{
"title": "January 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2015_critical_patch_update"
},
{
"title": "CVE-2014-3470 Denial of Service(DOS) vulnerability in OpenSSL",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_3470_denial_of"
},
{
"title": "Splunk Enterprise 6.1.2, 6.0.5 and 5.0.9 address two vulnerabilities - July 1, 2014",
"trust": 0.8,
"url": "http://www.splunk.com/view/SP-CAAAM2D"
},
{
"title": "TLSA-2014-6",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2014/TLSA-2014-6j.html"
},
{
"title": "VMSA-2014-0006",
"trust": 0.8,
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html"
},
{
"title": "34549",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34549"
},
{
"title": "OpenSSL\u306e\u8106\u5f31\u6027(CVE-2014-0224\u4ed6)\u306b\u3088\u308b\u30c6\u30fc\u30d7\u30e9\u30a4\u30d6\u30e9\u30ea\u88c5\u7f6e\u3078\u306e\u5f71\u97ff\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/openssl_cve20140224_tape_library.html"
},
{
"title": "cisco-sa-20140605-openssl",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/JP/112/1122/1122700_cisco-sa-20140605-openssl-j.html"
},
{
"title": "Symfoware Server: OpenSSL\u306e\u8106\u5f31\u6027(CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470)(2014\u5e747\u670815\u65e5)",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201404.html"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2014/07/10/fireeye_patches_os_torpedo_exploitdb_disclosure/"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b92b65104373bc8476811ff1b99cd369"
},
{
"title": "Red Hat: CVE-2014-3470",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-3470"
},
{
"title": "Ubuntu Security Notice: openssl regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2232-3"
},
{
"title": "Ubuntu Security Notice: openssl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2232-4"
},
{
"title": "Ubuntu Security Notice: openssl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2232-1"
},
{
"title": "Ubuntu Security Notice: openssl regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2232-2"
},
{
"title": "Debian Security Advisories: DSA-2950-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=909292f2afe623fbec51f7ab6b32f790"
},
{
"title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=07d14df4883f21063a053cea8d2239c6"
},
{
"title": "Amazon Linux AMI: ALAS-2014-349",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-349"
},
{
"title": "Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=eee4d8c3e2b11de5b15ee65d96af6c60"
},
{
"title": "Symantec Security Advisories: SA80 : OpenSSL Security Advisory 05-Jun-2014",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=dd4667746d163d08265dfdd4c98e4201"
},
{
"title": "Citrix Security Bulletins: Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=afbd3a710e98424e558b1b21482abad6"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2014-3470 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/PotterXma/linux-deployment-standard "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/hrbrmstr/internetdb "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3470"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002767"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002767"
},
{
"db": "NVD",
"id": "CVE-2014-3470"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.openssl.org/news/secadv_20140605.txt"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
},
{
"trust": 1.4,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa80"
},
{
"trust": 1.4,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
},
{
"trust": 1.4,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676496"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676615"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501"
},
{
"trust": 1.4,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095754"
},
{
"trust": 1.4,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095755"
},
{
"trust": 1.4,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095756"
},
{
"trust": 1.4,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095757"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071"
},
{
"trust": 1.4,
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675626"
},
{
"trust": 1.4,
"url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6"
},
{
"trust": 1.4,
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15342.html"
},
{
"trust": 1.4,
"url": "http://support.citrix.com/article/ctx140876"
},
{
"trust": 1.2,
"url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103600"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/67898"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58797"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59191"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58579"
},
{
"trust": 1.1,
"url": "http://www.blackberry.com/btsc/kb36051"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59438"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59301"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59450"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59491"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59721"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59655"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59659"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59162"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59120"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58939"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59666"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59126"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59490"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59442"
},
{
"trust": 1.1,
"url": "http://www.novell.com/support/kb/doc.php?id=7015300"
},
{
"trust": 1.1,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
},
{
"trust": 1.1,
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=6060\u0026myns=phmc\u0026mync=e"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59514"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59495"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59669"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59413"
},
{
"trust": 1.1,
"url": "http://www.novell.com/support/kb/doc.php?id=7015264"
},
{
"trust": 1.1,
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=6061\u0026myns=phmc\u0026mync=e"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037761"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59300"
},
{
"trust": 1.1,
"url": "http://www.splunk.com/view/sp-caaam2d"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59895"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59459"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59451"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59342"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59916"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59990"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60571"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59784"
},
{
"trust": 1.1,
"url": "http://support.apple.com/kb/ht6443"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2014/dec/23"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
},
{
"trust": 1.1,
"url": "https://www.novell.com/support/kb/doc.php?id=7015271"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=140499827729550\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"trust": 1.1,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59365"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59364"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59362"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59340"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59310"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59306"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59287"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59284"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59282"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59264"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59223"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59192"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59189"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59175"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59167"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58977"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58945"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58742"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58716"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58714"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58713"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58667"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58615"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58337"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html"
},
{
"trust": 1.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=kb29195"
},
{
"trust": 1.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020163"
},
{
"trust": 1.1,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0006.html"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:106"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:105"
},
{
"trust": 1.1,
"url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
},
{
"trust": 1.1,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21676793"
},
{
"trust": 1.1,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/61254"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59525"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59518"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59483"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59460"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59449"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59445"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59441"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59440"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59437"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59431"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf"
},
{
"trust": 1.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=8011cd56e39a433b1837465259a9bd24a38727fb"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93868849/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3470"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298"
},
{
"trust": 0.5,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.5,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.5,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03g"
},
{
"trust": 0.4,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0625.html"
},
{
"trust": 0.3,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_3470_denial_of"
},
{
"trust": 0.3,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10045"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list\u0026showdraft=false"
},
{
"trust": 0.3,
"url": "http://www.cerberusftp.com/products/releasenotes.html"
},
{
"trust": 0.3,
"url": "http://googlechromereleases.blogspot.com/2014/06/chrome-for-android-update.html"
},
{
"trust": 0.3,
"url": "http://blogs.citrix.com/2014/06/06/citrix-security-advisory-for-openssl-vulnerabilities-june-2014/"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2014/aug/att-93/esa-2014-079.txt"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678123"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678073"
},
{
"trust": 0.3,
"url": "http://openssl.org/"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100181245"
},
{
"trust": 0.3,
"url": "http://www8.hp.com/us/en/software-solutions/operations-analytics-operations-analysis/"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21686583"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685551"
},
{
"trust": 0.3,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096059"
},
{
"trust": 0.3,
"url": "http://www.marshut.com/ixwnpv/stunnel-5-02-released.html"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100181099"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100180978"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03d"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04"
},
{
"trust": 0.3,
"url": "http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=98ec479ee69ccb916d2ea4b09943faf5?nocount=true\u0026externalid=kb36051\u0026sliceid=1\u0026cmd=\u0026forward=nonthreadedkc\u0026command=show\u0026kcid=kb36051\u0026viewe"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04355095"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04343424"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04345210"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349175"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349789"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349897"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04363613"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368523"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04378799"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04379485"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04337774"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05301946"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04336637"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678356"
},
{
"trust": 0.3,
"url": "https://www-01.ibm.com/support/docview.wss?uid=swg21681494"
},
{
"trust": 0.3,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095940"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678413"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676889"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676673"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678660"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676041"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676128"
},
{
"trust": 0.3,
"url": "https://www.xerox.com/download/security/security-bulletin/33a01-5228bdf5d027e/cert_security_mini-_bulletin_xrx15ao_for_cq8570-cq8870_v1-0.pdf"
},
{
"trust": 0.3,
"url": "http://www.checkpoint.com/defense/advisories/public/2014/cpai-10-jun3.html"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100181079"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020200"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676356"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676276"
},
{
"trust": 0.3,
"url": "http://forums.alienvault.com/discussion/3054/security-advisory-alienvault-v4-10-0-addresses-several-vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-345106.htm"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676793"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021009"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676840"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020163"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678104"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682023"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682026"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682025"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682024"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690128"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678289"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03b"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03c"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03f"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020976"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020952"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987"
},
{
"trust": 0.3,
"url": "http://www.ubuntu.com/usn/usn-2232-4/"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.2,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/site/solutions/905793"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0224.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/site/articles/11258"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0198.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/site/articles/904433"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2010-5298.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2014-3470.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0221.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0195.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2014-3470"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3470"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2232-3/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4378"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3487"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4379"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0238"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0185"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4376"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4377"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4350"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2525"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0237"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3480"
},
{
"trust": 0.1,
"url": "http://www.vsecurity.com/)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2270"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0207"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3515"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht6367"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3479"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1391"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4374"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3981"
},
{
"trust": 0.1,
"url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal/swdepot/displayp"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-511c3e0b2f6f4f6bbc796fc619"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-bd9a1cf60e344c549c4888db93"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-3395d737d98f42149125b9bb05"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-3a7aa5e233904ebe847a5e1555"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-d775367b0a28449ca05660778b"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-e8076c2a35804685ad65b2b1ba"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221\u003e"
},
{
"trust": 0.1,
"url": "http://www.freebsd.org/handbook/makeworld.html\u003e."
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-14:14/openssl-10.patch.asc"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-14:14/openssl-9.patch.asc"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-14:14/openssl-10.patch"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470\u003e"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/\u003e."
},
{
"trust": 0.1,
"url": "http://www.openssl.org/news/secadv_20140605.txt\u003e"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/advisories/freebsd-sa-14:14.openssl.asc\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195\u003e"
},
{
"trust": 0.1,
"url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-14:14/openssl-9.patch"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
},
{
"trust": 0.1,
"url": "http://openssl.org/news/secadv_20150319.txt"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
},
{
"trust": 0.1,
"url": "http://openssl.org/news/secadv_20150108.txt"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2232-3"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2232-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1332643"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.16"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.19"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3470"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-5298"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0221"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0198"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0224"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0195"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://twitter.com/vmwaresrc"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1055"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/2077359"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/support/policies/lifecycle.html"
},
{
"trust": 0.1,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/patchmgr/download.portal"
},
{
"trust": 0.1,
"url": "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
},
{
"trust": 0.1,
"url": "http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library/ind"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0679.html"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-3470"
},
{
"db": "BID",
"id": "67898"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002767"
},
{
"db": "PACKETSTORM",
"id": "128315"
},
{
"db": "PACKETSTORM",
"id": "127159"
},
{
"db": "PACKETSTORM",
"id": "127136"
},
{
"db": "PACKETSTORM",
"id": "127362"
},
{
"db": "PACKETSTORM",
"id": "126937"
},
{
"db": "PACKETSTORM",
"id": "126957"
},
{
"db": "PACKETSTORM",
"id": "131044"
},
{
"db": "PACKETSTORM",
"id": "127166"
},
{
"db": "PACKETSTORM",
"id": "127630"
},
{
"db": "PACKETSTORM",
"id": "126927"
},
{
"db": "PACKETSTORM",
"id": "127045"
},
{
"db": "PACKETSTORM",
"id": "127086"
},
{
"db": "PACKETSTORM",
"id": "126961"
},
{
"db": "PACKETSTORM",
"id": "128001"
},
{
"db": "PACKETSTORM",
"id": "127042"
},
{
"db": "NVD",
"id": "CVE-2014-3470"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2014-3470"
},
{
"db": "BID",
"id": "67898"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002767"
},
{
"db": "PACKETSTORM",
"id": "128315"
},
{
"db": "PACKETSTORM",
"id": "127159"
},
{
"db": "PACKETSTORM",
"id": "127136"
},
{
"db": "PACKETSTORM",
"id": "127362"
},
{
"db": "PACKETSTORM",
"id": "126937"
},
{
"db": "PACKETSTORM",
"id": "126957"
},
{
"db": "PACKETSTORM",
"id": "131044"
},
{
"db": "PACKETSTORM",
"id": "127166"
},
{
"db": "PACKETSTORM",
"id": "127630"
},
{
"db": "PACKETSTORM",
"id": "126927"
},
{
"db": "PACKETSTORM",
"id": "127045"
},
{
"db": "PACKETSTORM",
"id": "127086"
},
{
"db": "PACKETSTORM",
"id": "126961"
},
{
"db": "PACKETSTORM",
"id": "128001"
},
{
"db": "PACKETSTORM",
"id": "127042"
},
{
"db": "NVD",
"id": "CVE-2014-3470"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-05T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3470"
},
{
"date": "2014-06-05T00:00:00",
"db": "BID",
"id": "67898"
},
{
"date": "2014-06-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002767"
},
{
"date": "2014-09-19T15:26:13",
"db": "PACKETSTORM",
"id": "128315"
},
{
"date": "2014-06-19T23:12:50",
"db": "PACKETSTORM",
"id": "127159"
},
{
"date": "2014-06-17T23:11:00",
"db": "PACKETSTORM",
"id": "127136"
},
{
"date": "2014-07-06T18:53:39",
"db": "PACKETSTORM",
"id": "127362"
},
{
"date": "2014-06-05T19:57:42",
"db": "PACKETSTORM",
"id": "126937"
},
{
"date": "2014-06-05T21:06:55",
"db": "PACKETSTORM",
"id": "126957"
},
{
"date": "2015-03-27T20:42:44",
"db": "PACKETSTORM",
"id": "131044"
},
{
"date": "2014-06-24T00:52:51",
"db": "PACKETSTORM",
"id": "127166"
},
{
"date": "2014-07-28T20:36:25",
"db": "PACKETSTORM",
"id": "127630"
},
{
"date": "2014-06-05T15:17:27",
"db": "PACKETSTORM",
"id": "126927"
},
{
"date": "2014-06-11T23:18:46",
"db": "PACKETSTORM",
"id": "127045"
},
{
"date": "2014-06-13T13:31:32",
"db": "PACKETSTORM",
"id": "127086"
},
{
"date": "2014-06-05T21:13:52",
"db": "PACKETSTORM",
"id": "126961"
},
{
"date": "2014-08-26T11:11:00",
"db": "PACKETSTORM",
"id": "128001"
},
{
"date": "2014-06-11T00:10:53",
"db": "PACKETSTORM",
"id": "127042"
},
{
"date": "2014-06-05T21:55:07.880000",
"db": "NVD",
"id": "CVE-2014-3470"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2014-3470"
},
{
"date": "2018-10-11T12:00:00",
"db": "BID",
"id": "67898"
},
{
"date": "2015-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002767"
},
{
"date": "2024-11-21T02:08:10.227000",
"db": "NVD",
"id": "CVE-2014-3470"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "67898"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL of s3_clnt.c of ssl3_send_client_key_exchange Service disruption in functions (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002767"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "67898"
}
],
"trust": 0.3
}
}
var-202108-1267
Vulnerability from variot
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. apple's Safari Integer overflow vulnerabilities exist in products from multiple vendors.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. (CVE-2020-22592) A use after free issue was addressed with improved memory management. (CVE-2020-27918) "Clear History and Website Data" did not clear the history. A user may be unable to fully delete browsing history. (CVE-2020-29623) This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1765) A use after free issue was addressed with improved memory management. (CVE-2021-1789) A port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. (CVE-2021-1799) This issue was addressed with improved iframe sandbox enforcement. (CVE-2021-1801) A memory corruption issue was addressed with improved state management. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870) A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775) A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779) An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. The victim needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806) A use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30663) A memory corruption issue was addressed with improved state management. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30720) Multiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30734) Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. (CVE-2021-30744) Multiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30758) A memory corruption issue was addressed with improved state management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30761) A use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30762) A use after free issue was addressed with improved memory management. (CVE-2021-30797) Multiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30799) A use-after-free flaw was found in WebKitGTK. (CVE-2021-30809) A confusion type flaw was found in WebKitGTK. (CVE-2021-30818) An out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30836) A memory corruption issue was addressed with improved memory handling. (CVE-2021-30846) A memory corruption issue was addressed with improved memory handling. (CVE-2021-30848) Multiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30887) An information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888) A buffer overflow flaw was found in WebKitGTK. (CVE-2021-30934) A use after free issue was addressed with improved memory management. (CVE-2021-30936) A use after free issue was addressed with improved memory management. (CVE-2021-30984) ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912) BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762) A segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45483) A use after free issue was addressed with improved memory management. (CVE-2022-22592) A cookie management issue was addressed with improved state management. (CVE-2022-22662) A logic issue in the handling of concurrent media was addressed with improved state handling. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-22677) A memory corruption issue was addressed with improved state management. (CVE-2022-26700) A use after free issue was addressed with improved memory management. (CVE-2022-26709) A use after free issue was addressed with improved memory management. (CVE-2022-26710) A memory corruption issue was addressed with improved state management. (CVE-2022-26716) A use after free issue was addressed with improved memory management. (CVE-2022-26717) A memory corruption issue was addressed with improved state management. (CVE-2022-26719) In WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. (CVE-2022-32792) Multiple out-of-bounds write issues were addressed with improved bounds checking. An app may be able to disclose kernel memory. (CVE-2022-32793) The issue was addressed with improved UI handling. Visiting a website that frames malicious content may lead to UI spoofing. (CVE-2022-32885) An out-of-bounds write issue was addressed with improved bounds checking. (CVE-2022-32923) The issue was addressed with improved UI handling. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-42856) A memory corruption issue was addressed with improved state management. (CVE-2022-42863) A use after free issue was addressed with improved memory management. (CVE-2022-42867) A memory consumption issue was addressed with improved memory handling. (CVE-2022-46698) A memory corruption issue was addressed with improved state management. (CVE-2022-46700) A flaw was found in the WebKitGTK package. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529) A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358) A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360) A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361) A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362) A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363) The vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932) The vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954) An out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. (CVE-2023-28204) A use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373) N/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-12-15-6 watchOS 8.3
watchOS 8.3 addresses the following issues. CVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab
CFNetwork Proxies Available for: Apple Watch Series 3 and later Impact: User traffic might unexpectedly be leaked to a proxy server despite PAC configurations Description: A logic issue was addressed with improved state management. CVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab
CoreAudio Available for: Apple Watch Series 3 and later Impact: Playing a malicious audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab
Crash Reporter Available for: Apple Watch Series 3 and later Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30916: Zweig of Kunlun Lab
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30937: Sergei Glazunov of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30927: Xinru Chi of Pangu Lab CVE-2021-30980: Xinru Chi of Pangu Lab
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30949: Ian Beer of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2021-30955: Zweig of Kunlun Lab
Preferences Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to elevate privileges Description: A race condition was addressed with improved state handling. CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions. CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved restrictions. CVE-2021-30946: @gorelics
Sandbox Available for: Apple Watch Series 3 and later Impact: An application may be able to access a user's files Description: An access issue was addressed with additional sandbox restrictions. CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security
TCC Available for: Apple Watch Series 3 and later Impact: A local user may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30767: @gorelics
TCC Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass Privacy preferences Description: An inherited permissions issue was addressed with additional restrictions. CVE-2021-30954: Kunlun Lab
Additional recognition
Bluetooth We would like to acknowledge Haram Park, Korea University for their assistance.
ColorSync We would like to acknowledge Mateusz Jurczyk of Google Project Zero for their assistance.
Contacts We would like to acknowledge Minchan Park (03stin) for their assistance.
Kernel We would like to acknowledge Amit Klein of Bar-Ilan University's Center for Research in Applied Cryptography and Cyber Security for their assistance.
WebKit We would like to acknowledge Peter Snyder of Brave and Soroush Karami for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p rhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn wkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1 eG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh TL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj t1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+ wlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz xnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS rwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj FPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj zn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI 1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+ -----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202202-01
https://security.gentoo.org/
Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
[ 1 ] CVE-2021-30848 https://nvd.nist.gov/vuln/detail/CVE-2021-30848 [ 2 ] CVE-2021-30888 https://nvd.nist.gov/vuln/detail/CVE-2021-30888 [ 3 ] CVE-2021-30682 https://nvd.nist.gov/vuln/detail/CVE-2021-30682 [ 4 ] CVE-2021-30889 https://nvd.nist.gov/vuln/detail/CVE-2021-30889 [ 5 ] CVE-2021-30666 https://nvd.nist.gov/vuln/detail/CVE-2021-30666 [ 6 ] CVE-2021-30665 https://nvd.nist.gov/vuln/detail/CVE-2021-30665 [ 7 ] CVE-2021-30890 https://nvd.nist.gov/vuln/detail/CVE-2021-30890 [ 8 ] CVE-2021-30661 https://nvd.nist.gov/vuln/detail/CVE-2021-30661 [ 9 ] WSA-2021-0005 https://webkitgtk.org/security/WSA-2021-0005.html [ 10 ] CVE-2021-30761 https://nvd.nist.gov/vuln/detail/CVE-2021-30761 [ 11 ] CVE-2021-30897 https://nvd.nist.gov/vuln/detail/CVE-2021-30897 [ 12 ] CVE-2021-30823 https://nvd.nist.gov/vuln/detail/CVE-2021-30823 [ 13 ] CVE-2021-30734 https://nvd.nist.gov/vuln/detail/CVE-2021-30734 [ 14 ] CVE-2021-30934 https://nvd.nist.gov/vuln/detail/CVE-2021-30934 [ 15 ] CVE-2021-1871 https://nvd.nist.gov/vuln/detail/CVE-2021-1871 [ 16 ] CVE-2021-30762 https://nvd.nist.gov/vuln/detail/CVE-2021-30762 [ 17 ] WSA-2021-0006 https://webkitgtk.org/security/WSA-2021-0006.html [ 18 ] CVE-2021-30797 https://nvd.nist.gov/vuln/detail/CVE-2021-30797 [ 19 ] CVE-2021-30936 https://nvd.nist.gov/vuln/detail/CVE-2021-30936 [ 20 ] CVE-2021-30663 https://nvd.nist.gov/vuln/detail/CVE-2021-30663 [ 21 ] CVE-2021-1825 https://nvd.nist.gov/vuln/detail/CVE-2021-1825 [ 22 ] CVE-2021-30951 https://nvd.nist.gov/vuln/detail/CVE-2021-30951 [ 23 ] CVE-2021-30952 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 [ 24 ] CVE-2021-1788 https://nvd.nist.gov/vuln/detail/CVE-2021-1788 [ 25 ] CVE-2021-1820 https://nvd.nist.gov/vuln/detail/CVE-2021-1820 [ 26 ] CVE-2021-30953 https://nvd.nist.gov/vuln/detail/CVE-2021-30953 [ 27 ] CVE-2021-30749 https://nvd.nist.gov/vuln/detail/CVE-2021-30749 [ 28 ] CVE-2021-30849 https://nvd.nist.gov/vuln/detail/CVE-2021-30849 [ 29 ] CVE-2021-1826 https://nvd.nist.gov/vuln/detail/CVE-2021-1826 [ 30 ] CVE-2021-30836 https://nvd.nist.gov/vuln/detail/CVE-2021-30836 [ 31 ] CVE-2021-30954 https://nvd.nist.gov/vuln/detail/CVE-2021-30954 [ 32 ] CVE-2021-30984 https://nvd.nist.gov/vuln/detail/CVE-2021-30984 [ 33 ] CVE-2021-30851 https://nvd.nist.gov/vuln/detail/CVE-2021-30851 [ 34 ] CVE-2021-30758 https://nvd.nist.gov/vuln/detail/CVE-2021-30758 [ 35 ] CVE-2021-42762 https://nvd.nist.gov/vuln/detail/CVE-2021-42762 [ 36 ] CVE-2021-1844 https://nvd.nist.gov/vuln/detail/CVE-2021-1844 [ 37 ] CVE-2021-30689 https://nvd.nist.gov/vuln/detail/CVE-2021-30689 [ 38 ] CVE-2021-45482 https://nvd.nist.gov/vuln/detail/CVE-2021-45482 [ 39 ] CVE-2021-30858 https://nvd.nist.gov/vuln/detail/CVE-2021-30858 [ 40 ] CVE-2021-21779 https://nvd.nist.gov/vuln/detail/CVE-2021-21779 [ 41 ] WSA-2021-0004 https://webkitgtk.org/security/WSA-2021-0004.html [ 42 ] CVE-2021-30846 https://nvd.nist.gov/vuln/detail/CVE-2021-30846 [ 43 ] CVE-2021-30744 https://nvd.nist.gov/vuln/detail/CVE-2021-30744 [ 44 ] CVE-2021-30809 https://nvd.nist.gov/vuln/detail/CVE-2021-30809 [ 45 ] CVE-2021-30884 https://nvd.nist.gov/vuln/detail/CVE-2021-30884 [ 46 ] CVE-2021-30720 https://nvd.nist.gov/vuln/detail/CVE-2021-30720 [ 47 ] CVE-2021-30799 https://nvd.nist.gov/vuln/detail/CVE-2021-30799 [ 48 ] CVE-2021-30795 https://nvd.nist.gov/vuln/detail/CVE-2021-30795 [ 49 ] CVE-2021-1817 https://nvd.nist.gov/vuln/detail/CVE-2021-1817 [ 50 ] CVE-2021-21775 https://nvd.nist.gov/vuln/detail/CVE-2021-21775 [ 51 ] CVE-2021-30887 https://nvd.nist.gov/vuln/detail/CVE-2021-30887 [ 52 ] CVE-2021-21806 https://nvd.nist.gov/vuln/detail/CVE-2021-21806 [ 53 ] CVE-2021-30818 https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update Advisory ID: RHSA-2022:1777-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1777 Issue date: 2022-05-10 CVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 =====================================================================
- Summary:
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: webkit2gtk3-2.34.6-1.el8.src.rpm
aarch64: webkit2gtk3-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm
ppc64le: webkit2gtk3-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm
s390x: webkit2gtk3-2.34.6-1.el8.s390x.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm
x86_64: webkit2gtk3-2.34.6-1.el8.i686.rpm webkit2gtk3-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm webkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-30809 https://access.redhat.com/security/cve/CVE-2021-30818 https://access.redhat.com/security/cve/CVE-2021-30823 https://access.redhat.com/security/cve/CVE-2021-30836 https://access.redhat.com/security/cve/CVE-2021-30846 https://access.redhat.com/security/cve/CVE-2021-30848 https://access.redhat.com/security/cve/CVE-2021-30849 https://access.redhat.com/security/cve/CVE-2021-30851 https://access.redhat.com/security/cve/CVE-2021-30884 https://access.redhat.com/security/cve/CVE-2021-30887 https://access.redhat.com/security/cve/CVE-2021-30888 https://access.redhat.com/security/cve/CVE-2021-30889 https://access.redhat.com/security/cve/CVE-2021-30890 https://access.redhat.com/security/cve/CVE-2021-30897 https://access.redhat.com/security/cve/CVE-2021-30934 https://access.redhat.com/security/cve/CVE-2021-30936 https://access.redhat.com/security/cve/CVE-2021-30951 https://access.redhat.com/security/cve/CVE-2021-30952 https://access.redhat.com/security/cve/CVE-2021-30953 https://access.redhat.com/security/cve/CVE-2021-30954 https://access.redhat.com/security/cve/CVE-2021-30984 https://access.redhat.com/security/cve/CVE-2021-45481 https://access.redhat.com/security/cve/CVE-2021-45482 https://access.redhat.com/security/cve/CVE-2021-45483 https://access.redhat.com/security/cve/CVE-2022-22589 https://access.redhat.com/security/cve/CVE-2022-22590 https://access.redhat.com/security/cve/CVE-2022-22592 https://access.redhat.com/security/cve/CVE-2022-22594 https://access.redhat.com/security/cve/CVE-2022-22620 https://access.redhat.com/security/cve/CVE-2022-22637 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
For the oldstable distribution (buster), these problems have been fixed in version 2.34.4-1~deb10u1.
For the stable distribution (bullseye), these problems have been fixed in version 2.34.4-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1267",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.1"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "8.3"
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "8.3"
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "tvos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021204"
},
{
"db": "NVD",
"id": "CVE-2021-30952"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
}
],
"trust": 0.3
},
"cve": "CVE-2021-30952",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-30952",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-390685",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-30952",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-30952",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-30952",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-30952",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-2056",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-390685",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-30952",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390685"
},
{
"db": "VULMON",
"id": "CVE-2021-30952"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021204"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2056"
},
{
"db": "NVD",
"id": "CVE-2021-30952"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. apple\u0027s Safari Integer overflow vulnerabilities exist in products from multiple vendors.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. (CVE-2020-22592)\nA use after free issue was addressed with improved memory management. (CVE-2020-27918)\n\"Clear History and Website Data\" did not clear the history. A user may be unable to fully delete browsing history. (CVE-2020-29623)\nThis issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1765)\nA use after free issue was addressed with improved memory management. (CVE-2021-1789)\nA port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. (CVE-2021-1799)\nThis issue was addressed with improved iframe sandbox enforcement. (CVE-2021-1801)\nA memory corruption issue was addressed with improved state management. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870)\nA use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\nA use-after-free vulnerability exists in the way Webkit\u0027s GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779)\nAn exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. The victim needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806)\nA use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30663)\nA memory corruption issue was addressed with improved state management. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30720)\nMultiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30734)\nDescription: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. (CVE-2021-30744)\nMultiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30758)\nA memory corruption issue was addressed with improved state management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30761)\nA use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30762)\nA use after free issue was addressed with improved memory management. (CVE-2021-30797)\nMultiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30799)\nA use-after-free flaw was found in WebKitGTK. (CVE-2021-30809)\nA confusion type flaw was found in WebKitGTK. (CVE-2021-30818)\nAn out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30836)\nA memory corruption issue was addressed with improved memory handling. (CVE-2021-30846)\nA memory corruption issue was addressed with improved memory handling. (CVE-2021-30848)\nMultiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30887)\nAn information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888)\nA buffer overflow flaw was found in WebKitGTK. (CVE-2021-30934)\nA use after free issue was addressed with improved memory management. (CVE-2021-30936)\nA use after free issue was addressed with improved memory management. (CVE-2021-30984)\n** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912)\nBubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762)\nA segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45483)\nA use after free issue was addressed with improved memory management. (CVE-2022-22592)\nA cookie management issue was addressed with improved state management. (CVE-2022-22662)\nA logic issue in the handling of concurrent media was addressed with improved state handling. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-22677)\nA memory corruption issue was addressed with improved state management. (CVE-2022-26700)\nA use after free issue was addressed with improved memory management. (CVE-2022-26709)\nA use after free issue was addressed with improved memory management. (CVE-2022-26710)\nA memory corruption issue was addressed with improved state management. (CVE-2022-26716)\nA use after free issue was addressed with improved memory management. (CVE-2022-26717)\nA memory corruption issue was addressed with improved state management. (CVE-2022-26719)\nIn WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. (CVE-2022-32792)\nMultiple out-of-bounds write issues were addressed with improved bounds checking. An app may be able to disclose kernel memory. (CVE-2022-32793)\nThe issue was addressed with improved UI handling. Visiting a website that frames malicious content may lead to UI spoofing. (CVE-2022-32885)\nAn out-of-bounds write issue was addressed with improved bounds checking. (CVE-2022-32923)\nThe issue was addressed with improved UI handling. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-42856)\nA memory corruption issue was addressed with improved state management. (CVE-2022-42863)\nA use after free issue was addressed with improved memory management. (CVE-2022-42867)\nA memory consumption issue was addressed with improved memory handling. (CVE-2022-46698)\nA memory corruption issue was addressed with improved state management. (CVE-2022-46700)\nA flaw was found in the WebKitGTK package. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529)\nA use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358)\nA use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360)\nA use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361)\nA use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362)\nA use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363)\nThe vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932)\nThe vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954)\nAn out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. (CVE-2023-28204)\nA use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373)\nN/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-12-15-6 watchOS 8.3\n\nwatchOS 8.3 addresses the following issues. \nCVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab\n\nCFNetwork Proxies\nAvailable for: Apple Watch Series 3 and later\nImpact: User traffic might unexpectedly be leaked to a proxy server\ndespite PAC configurations\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: Apple Watch Series 3 and later\nImpact: Playing a malicious audio file may lead to arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab\n\nCrash Reporter\nAvailable for: Apple Watch Series 3 and later\nImpact: A local attacker may be able to elevate their privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year\nLab, Mickey Jin (@patch1t) of Trend Micro\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30916: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2021-30937: Sergei Glazunov of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30927: Xinru Chi of Pangu Lab\nCVE-2021-30980: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30949: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30955: Zweig of Kunlun Lab\n\nPreferences\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A validation issue related to hard link behavior was\naddressed with improved sandbox restrictions. \nCVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30946: @gorelics\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to access a user\u0027s files\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30767: @gorelics\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: An inherited permissions issue was addressed with\nadditional restrictions. \nCVE-2021-30954: Kunlun Lab\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Haram Park, Korea University for their\nassistance. \n\nColorSync\nWe would like to acknowledge Mateusz Jurczyk of Google Project Zero\nfor their assistance. \n\nContacts\nWe would like to acknowledge Minchan Park (03stin) for their\nassistance. \n\nKernel\nWe would like to acknowledge Amit Klein of Bar-Ilan University\u0027s\nCenter for Research in Applied Cryptography and Cyber Security for\ntheir assistance. \n\nWebKit\nWe would like to acknowledge Peter Snyder of Brave and Soroush Karami\nfor their assistance. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p\nrhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn\nwkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1\neG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh\nTL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj\nt1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+\nwlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz\nxnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS\nrwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj\nFPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj\nzn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI\n1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+\n-----END PGP SIGNATURE-----\n\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202202-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: February 01, 2022\n Bugs: #779175, #801400, #813489, #819522, #820434, #829723,\n #831739\n ID: 202202-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.34.4 \u003e= 2.34.4\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in WebkitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.34.4\"\n\nReferences\n=========\n[ 1 ] CVE-2021-30848\n https://nvd.nist.gov/vuln/detail/CVE-2021-30848\n[ 2 ] CVE-2021-30888\n https://nvd.nist.gov/vuln/detail/CVE-2021-30888\n[ 3 ] CVE-2021-30682\n https://nvd.nist.gov/vuln/detail/CVE-2021-30682\n[ 4 ] CVE-2021-30889\n https://nvd.nist.gov/vuln/detail/CVE-2021-30889\n[ 5 ] CVE-2021-30666\n https://nvd.nist.gov/vuln/detail/CVE-2021-30666\n[ 6 ] CVE-2021-30665\n https://nvd.nist.gov/vuln/detail/CVE-2021-30665\n[ 7 ] CVE-2021-30890\n https://nvd.nist.gov/vuln/detail/CVE-2021-30890\n[ 8 ] CVE-2021-30661\n https://nvd.nist.gov/vuln/detail/CVE-2021-30661\n[ 9 ] WSA-2021-0005\n https://webkitgtk.org/security/WSA-2021-0005.html\n[ 10 ] CVE-2021-30761\n https://nvd.nist.gov/vuln/detail/CVE-2021-30761\n[ 11 ] CVE-2021-30897\n https://nvd.nist.gov/vuln/detail/CVE-2021-30897\n[ 12 ] CVE-2021-30823\n https://nvd.nist.gov/vuln/detail/CVE-2021-30823\n[ 13 ] CVE-2021-30734\n https://nvd.nist.gov/vuln/detail/CVE-2021-30734\n[ 14 ] CVE-2021-30934\n https://nvd.nist.gov/vuln/detail/CVE-2021-30934\n[ 15 ] CVE-2021-1871\n https://nvd.nist.gov/vuln/detail/CVE-2021-1871\n[ 16 ] CVE-2021-30762\n https://nvd.nist.gov/vuln/detail/CVE-2021-30762\n[ 17 ] WSA-2021-0006\n https://webkitgtk.org/security/WSA-2021-0006.html\n[ 18 ] CVE-2021-30797\n https://nvd.nist.gov/vuln/detail/CVE-2021-30797\n[ 19 ] CVE-2021-30936\n https://nvd.nist.gov/vuln/detail/CVE-2021-30936\n[ 20 ] CVE-2021-30663\n https://nvd.nist.gov/vuln/detail/CVE-2021-30663\n[ 21 ] CVE-2021-1825\n https://nvd.nist.gov/vuln/detail/CVE-2021-1825\n[ 22 ] CVE-2021-30951\n https://nvd.nist.gov/vuln/detail/CVE-2021-30951\n[ 23 ] CVE-2021-30952\n https://nvd.nist.gov/vuln/detail/CVE-2021-30952\n[ 24 ] CVE-2021-1788\n https://nvd.nist.gov/vuln/detail/CVE-2021-1788\n[ 25 ] CVE-2021-1820\n https://nvd.nist.gov/vuln/detail/CVE-2021-1820\n[ 26 ] CVE-2021-30953\n https://nvd.nist.gov/vuln/detail/CVE-2021-30953\n[ 27 ] CVE-2021-30749\n https://nvd.nist.gov/vuln/detail/CVE-2021-30749\n[ 28 ] CVE-2021-30849\n https://nvd.nist.gov/vuln/detail/CVE-2021-30849\n[ 29 ] CVE-2021-1826\n https://nvd.nist.gov/vuln/detail/CVE-2021-1826\n[ 30 ] CVE-2021-30836\n https://nvd.nist.gov/vuln/detail/CVE-2021-30836\n[ 31 ] CVE-2021-30954\n https://nvd.nist.gov/vuln/detail/CVE-2021-30954\n[ 32 ] CVE-2021-30984\n https://nvd.nist.gov/vuln/detail/CVE-2021-30984\n[ 33 ] CVE-2021-30851\n https://nvd.nist.gov/vuln/detail/CVE-2021-30851\n[ 34 ] CVE-2021-30758\n https://nvd.nist.gov/vuln/detail/CVE-2021-30758\n[ 35 ] CVE-2021-42762\n https://nvd.nist.gov/vuln/detail/CVE-2021-42762\n[ 36 ] CVE-2021-1844\n https://nvd.nist.gov/vuln/detail/CVE-2021-1844\n[ 37 ] CVE-2021-30689\n https://nvd.nist.gov/vuln/detail/CVE-2021-30689\n[ 38 ] CVE-2021-45482\n https://nvd.nist.gov/vuln/detail/CVE-2021-45482\n[ 39 ] CVE-2021-30858\n https://nvd.nist.gov/vuln/detail/CVE-2021-30858\n[ 40 ] CVE-2021-21779\n https://nvd.nist.gov/vuln/detail/CVE-2021-21779\n[ 41 ] WSA-2021-0004\n https://webkitgtk.org/security/WSA-2021-0004.html\n[ 42 ] CVE-2021-30846\n https://nvd.nist.gov/vuln/detail/CVE-2021-30846\n[ 43 ] CVE-2021-30744\n https://nvd.nist.gov/vuln/detail/CVE-2021-30744\n[ 44 ] CVE-2021-30809\n https://nvd.nist.gov/vuln/detail/CVE-2021-30809\n[ 45 ] CVE-2021-30884\n https://nvd.nist.gov/vuln/detail/CVE-2021-30884\n[ 46 ] CVE-2021-30720\n https://nvd.nist.gov/vuln/detail/CVE-2021-30720\n[ 47 ] CVE-2021-30799\n https://nvd.nist.gov/vuln/detail/CVE-2021-30799\n[ 48 ] CVE-2021-30795\n https://nvd.nist.gov/vuln/detail/CVE-2021-30795\n[ 49 ] CVE-2021-1817\n https://nvd.nist.gov/vuln/detail/CVE-2021-1817\n[ 50 ] CVE-2021-21775\n https://nvd.nist.gov/vuln/detail/CVE-2021-21775\n[ 51 ] CVE-2021-30887\n https://nvd.nist.gov/vuln/detail/CVE-2021-30887\n[ 52 ] CVE-2021-21806\n https://nvd.nist.gov/vuln/detail/CVE-2021-21806\n[ 53 ] CVE-2021-30818\n https://nvd.nist.gov/vuln/detail/CVE-2021-30818\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202202-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2022:1777-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1777\nIssue date: 2022-05-10\nCVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 \n CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 \n CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 \n CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 \n CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 \n CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 \n CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 \n CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 \n CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 \n CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 \n=====================================================================\n\n1. Summary:\n\nAn update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nWebKitGTK is the port of the portable web rendering engine WebKit to the\nGTK platform. \n\nThe following packages have been upgraded to a later upstream version:\nwebkit2gtk3 (2.34.6). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.6 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nwebkit2gtk3-2.34.6-1.el8.src.rpm\n\naarch64:\nwebkit2gtk3-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\n\nppc64le:\nwebkit2gtk3-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\n\ns390x:\nwebkit2gtk3-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm\n\nx86_64:\nwebkit2gtk3-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-30809\nhttps://access.redhat.com/security/cve/CVE-2021-30818\nhttps://access.redhat.com/security/cve/CVE-2021-30823\nhttps://access.redhat.com/security/cve/CVE-2021-30836\nhttps://access.redhat.com/security/cve/CVE-2021-30846\nhttps://access.redhat.com/security/cve/CVE-2021-30848\nhttps://access.redhat.com/security/cve/CVE-2021-30849\nhttps://access.redhat.com/security/cve/CVE-2021-30851\nhttps://access.redhat.com/security/cve/CVE-2021-30884\nhttps://access.redhat.com/security/cve/CVE-2021-30887\nhttps://access.redhat.com/security/cve/CVE-2021-30888\nhttps://access.redhat.com/security/cve/CVE-2021-30889\nhttps://access.redhat.com/security/cve/CVE-2021-30890\nhttps://access.redhat.com/security/cve/CVE-2021-30897\nhttps://access.redhat.com/security/cve/CVE-2021-30934\nhttps://access.redhat.com/security/cve/CVE-2021-30936\nhttps://access.redhat.com/security/cve/CVE-2021-30951\nhttps://access.redhat.com/security/cve/CVE-2021-30952\nhttps://access.redhat.com/security/cve/CVE-2021-30953\nhttps://access.redhat.com/security/cve/CVE-2021-30954\nhttps://access.redhat.com/security/cve/CVE-2021-30984\nhttps://access.redhat.com/security/cve/CVE-2021-45481\nhttps://access.redhat.com/security/cve/CVE-2021-45482\nhttps://access.redhat.com/security/cve/CVE-2021-45483\nhttps://access.redhat.com/security/cve/CVE-2022-22589\nhttps://access.redhat.com/security/cve/CVE-2022-22590\nhttps://access.redhat.com/security/cve/CVE-2022-22592\nhttps://access.redhat.com/security/cve/CVE-2022-22594\nhttps://access.redhat.com/security/cve/CVE-2022-22620\nhttps://access.redhat.com/security/cve/CVE-2022-22637\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.34.4-1~deb10u1. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.34.4-1~deb11u1. \n\nWe recommend that you upgrade your webkit2gtk packages",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-30952"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021204"
},
{
"db": "VULHUB",
"id": "VHN-390685"
},
{
"db": "VULMON",
"id": "CVE-2021-30952"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "169195"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-30952",
"trust": 4.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/21/2",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "167037",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165360",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021204",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022012631",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121510",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121434",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051140",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012301",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0371",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0899",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4260",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0405",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2056",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "165359",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165358",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-390685",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-30952",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165794",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169186",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169195",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390685"
},
{
"db": "VULMON",
"id": "CVE-2021-30952"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021204"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2056"
},
{
"db": "NVD",
"id": "CVE-2021-30952"
}
]
},
"id": "VAR-202108-1267",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-390685"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:47:25.452000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212980 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://www.debian.org/security/2022/dsa-5060"
},
{
"title": "Apple iOS and iPadOS Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174544"
},
{
"title": "Red Hat: CVE-2021-30952",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-30952"
},
{
"title": "Debian Security Advisories: DSA-5060-1 webkit2gtk -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=743b4956bba0b69beefec691bcb80a4f"
},
{
"title": "Debian Security Advisories: DSA-5061-1 wpewebkit -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=de655d6c12336519b9a7054c0eb4670d"
},
{
"title": "Amazon Linux 2: ALAS2-2023-2088",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-2088"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-30952"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021204"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2056"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.1
},
{
"problemtype": "Integer overflow or wraparound (CWE-190) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390685"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021204"
},
{
"db": "NVD",
"id": "CVE-2021-30952"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.openwall.com/lists/oss-security/2022/01/21/2"
},
{
"trust": 2.4,
"url": "https://support.apple.com/en-us/ht212976"
},
{
"trust": 2.4,
"url": "https://support.apple.com/en-us/ht212982"
},
{
"trust": 1.9,
"url": "https://www.debian.org/security/2022/dsa-5060"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2022/dsa-5061"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212975"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212978"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212980"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30952"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-30952"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30936"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30984"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30953"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30951"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30954"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30934"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0371"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-37064"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167037/red-hat-security-advisory-2022-1777-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121510"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkitgtk-multiple-vulnerabilities-37345"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051140"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4260"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0405"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121434"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0899"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165360/apple-security-advisory-2021-12-15-7.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012301"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012631"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30966"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30926"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30957"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30958"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30960"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30916"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30945"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30939"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30955"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30937"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30980"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30949"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30947"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30887"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30884"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30890"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30818"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45482"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30809"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30889"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30823"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30888"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30836"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2023-2088.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30995"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212980."
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212975."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30767"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30964"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212982."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1820"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30762"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0005.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30758"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21779"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202202-01"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1871"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30795"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30661"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30666"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30689"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0004.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0006.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21806"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22592"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22637"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30809"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30846"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30890"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22620"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30887"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22590"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30936"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30848"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45483"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30849"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30836"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45481"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30818"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30951"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30984"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30954"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22590"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30884"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/webkit2gtk"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/wpewebkit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390685"
},
{
"db": "VULMON",
"id": "CVE-2021-30952"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021204"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2056"
},
{
"db": "NVD",
"id": "CVE-2021-30952"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-390685"
},
{
"db": "VULMON",
"id": "CVE-2021-30952"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021204"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2056"
},
{
"db": "NVD",
"id": "CVE-2021-30952"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-390685"
},
{
"date": "2021-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30952"
},
{
"date": "2024-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-021204"
},
{
"date": "2021-12-17T19:19:55",
"db": "PACKETSTORM",
"id": "165358"
},
{
"date": "2021-12-17T19:20:06",
"db": "PACKETSTORM",
"id": "165359"
},
{
"date": "2021-12-17T19:23:27",
"db": "PACKETSTORM",
"id": "165360"
},
{
"date": "2022-02-01T17:03:05",
"db": "PACKETSTORM",
"id": "165794"
},
{
"date": "2022-05-11T15:50:41",
"db": "PACKETSTORM",
"id": "167037"
},
{
"date": "2022-01-28T20:12:00",
"db": "PACKETSTORM",
"id": "169186"
},
{
"date": "2022-01-28T20:12:00",
"db": "PACKETSTORM",
"id": "169195"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2056"
},
{
"date": "2021-08-24T19:15:21.777000",
"db": "NVD",
"id": "CVE-2021-30952"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-25T00:00:00",
"db": "VULHUB",
"id": "VHN-390685"
},
{
"date": "2022-02-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30952"
},
{
"date": "2024-07-18T07:57:00",
"db": "JVNDB",
"id": "JVNDB-2021-021204"
},
{
"date": "2022-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2056"
},
{
"date": "2023-11-07T03:34:01.360000",
"db": "NVD",
"id": "CVE-2021-30952"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2056"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0Safari\u00a0 Integer overflow vulnerability in products from multiple vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021204"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2056"
}
],
"trust": 0.6
}
}
var-202010-1567
Vulnerability from variot
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process. Apache Ant Contains an unspecified vulnerability.Information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apache Ant is a set of automation tools for Java software development developed by the Apache Software Foundation. This tool is mainly used for software compilation, testing and deployment. The vulnerability stems from the fact that the network system or product lacks correct verification of user input data during the operation process of user input to construct commands, data structures, or records, and does not filter or correctly filter out special elements in it, resulting in parsing or failure of the system or product. Wrong way of interpreting. Linux Security Advisory GLSA 202011-18
https://security.gentoo.org/
Severity: Normal Title: Apache Ant: Insecure temporary file Date: November 16, 2020 Bugs: #745768 ID: 202011-18
Synopsis
Apache Ant uses various insecure temporary files possibly allowing local code execution.
Background
Ant is a Java-based build tool similar to ‘make’ that uses XML configuration files.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/ant < 1.10.9 >= 1.10.9
Description
A previous fix for a security vulnerability involving insecure temporary files has been found to be incomplete.
Impact
A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All Apache Ant users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/ant-1.10.9"
References
[ 1 ] CVE-2020-11979 https://nvd.nist.gov/vuln/detail/CVE-2020-11979 [ 2 ] GLSA-202007-34 https://security.gentoo.org/glsa/202007-34
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202011-18
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. Bugs fixed (https://bugzilla.redhat.com/):
1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1903702 - CVE-2020-11979 ant: insecure temporary file 1921322 - CVE-2021-21615 jenkins: Filesystem traversal by privileged users 1925140 - CVE-2021-21608 jenkins: Stored XSS vulnerability in button labels 1925141 - CVE-2021-21609 jenkins: Missing permission check for paths with specific prefix 1925143 - CVE-2021-21605 jenkins: Path traversal vulnerability in agent names 1925145 - CVE-2021-21611 jenkins: Stored XSS vulnerability on new item page 1925151 - CVE-2021-21610 jenkins: Reflected XSS vulnerability in markup formatter preview 1925156 - CVE-2021-21607 jenkins: Excessive memory allocation in graph URLs leads to denial of service 1925157 - CVE-2021-21604 jenkins: Improper handling of REST API XML deserialization errors 1925159 - CVE-2021-21606 jenkins: Arbitrary file existence check in file fingerprints 1925160 - CVE-2021-21603 jenkins: XSS vulnerability in notification bar 1925161 - CVE-2021-21602 jenkins: Arbitrary file read vulnerability in workspace browsers 1925674 - Placeholder bug for OCP 4.6.0 rpm release
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 3.11.394 bug fix and security update Advisory ID: RHSA-2021:0637-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:0637 Issue date: 2021-03-03 CVE Names: CVE-2020-1945 CVE-2020-2304 CVE-2020-2305 CVE-2020-2306 CVE-2020-2307 CVE-2020-2308 CVE-2020-2309 CVE-2020-11979 CVE-2020-25658 ==================================================================== 1. Summary:
Red Hat OpenShift Container Platform release 3.11.394 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat OpenShift Container Platform 3.11 - noarch, ppc64le, x86_64
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
-
jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2304)
-
jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2305)
-
ant: Insecure temporary file vulnerability (CVE-2020-1945)
-
jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure (CVE-2020-2306)
-
jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes plug-in (CVE-2020-2307)
-
jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates (CVE-2020-2308)
-
jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes plug-in allows enumerating credentials IDs (CVE-2020-2309)
-
ant: Insecure temporary file (CVE-2020-11979)
-
python-rsa: Bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.394. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:0638
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r elease_notes.html
This update fixes the following bugs among others:
-
Previously, the restart-cluster playbook did not evaluate the defined cluster size for ops clusters. This was causing come clusters to never complete their restart. This bug fix passes the logging ops cluster size, allowing restarts of ops clusters to complete successfully. (BZ#1879407)
-
Previously, the
openshift_named_certificatesrole checked the contents of theca-bundle.crtfile during cluster installation. This caused the check to fail during initial installation because theca-bundle.crtfile is not yet created in that scenario. This bug fix allows the cluster to skip checking theca-bundle.crtfile if it does not exist, resulting in initial installations succeeding. (BZ#1920567) -
Previously, if the
openshift_releaseattribute was not set in the Ansible inventory file, the nodes of the cluster would fail during an upgrade. This was caused by thecluster_facts.ymlfile being gathered before theopenshift_releaseattribute was defined by the upgrade playbook. Now thecluster_facts.ymlfile is gathered after theopenshift_versionrole runs and theopenshift_releaseattribute is set, allowing for successful node upgrades. (BZ#1921353)
All OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images.
- Solution:
Before applying this update, ensure all previously released errata relevant to your system is applied.
See the following documentation, which will be updated shortly for release 3.11.394, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r elease_notes.html
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258.
- Bugs fixed (https://bugzilla.redhat.com/):
1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1849003 - fact dicts returned are of type string rather than dict 1873346 - In-place upgrade of OCP 3.11 does not upgrade Kuryr components 1879407 - The restart-cluster playbook doesn't take into account that openshift_logging_es_ops_cluster_size could be different from openshift_logging_es_cluster_size 1889972 - CVE-2020-25658 python-rsa: bleichenbacher timing oracle attack against RSA decryption 1895939 - CVE-2020-2304 jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks 1895940 - CVE-2020-2305 jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks 1895941 - CVE-2020-2306 jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure 1895945 - CVE-2020-2307 jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin 1895946 - CVE-2020-2308 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates 1895947 - CVE-2020-2309 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs 1903699 - Prometheus consumes all available memory 1903702 - CVE-2020-11979 ant: insecure temporary file 1918392 - Unable to access kibana URLafter enabling HTTP2 on Haproxy router 1920567 - [release-3.11] - ca-bundle.crt(/etc/origin/master/ca-bundle.crt) is missing on the fresh installation process 1921353 - OCP 3.11.374 Upgrade fails with Either OpenShift needs to be installed or openshift_release needs to be specified 1924614 - Provide jenkins agent image for maven36 1924811 - Provide jenkins agent image for maven36 1929170 - kuryr-cni pods in crashloop after updating OCP due to RuntimeError caused by attempting to delete eth0 host interface 1929216 - KeyError: 'addresses' in kuryr-controller when Endpoints' slice only lists notReadyAddresses
- Package List:
Red Hat OpenShift Container Platform 3.11:
Source: atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.src.rpm atomic-openshift-3.11.394-1.git.0.e03a88e.el7.src.rpm atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.src.rpm atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.src.rpm atomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.src.rpm atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.src.rpm atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.src.rpm atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.src.rpm atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.src.rpm golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.src.rpm golang-github-prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.src.rpm golang-github-prometheus-node_exporter-3.11.394-1.git.1062.8adc4b8.el7.src.rpm golang-github-prometheus-prometheus-3.11.394-1.git.5026.2c9627f.el7.src.rpm haproxy-1.8.28-1.el7.src.rpm jenkins-2-plugins-3.11.1612862361-1.el7.src.rpm jenkins-2.263.3.1612433584-1.el7.src.rpm openshift-ansible-3.11.394-6.git.0.47ec25d.el7.src.rpm openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.src.rpm openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.src.rpm openshift-kuryr-3.11.394-1.git.1490.16ed375.el7.src.rpm python-rsa-4.5-3.el7.src.rpm
noarch: atomic-openshift-docker-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm atomic-openshift-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm jenkins-2-plugins-3.11.1612862361-1.el7.noarch.rpm jenkins-2.263.3.1612433584-1.el7.noarch.rpm openshift-ansible-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-docs-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-playbooks-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-roles-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-ansible-test-3.11.394-6.git.0.47ec25d.el7.noarch.rpm openshift-kuryr-cni-3.11.394-1.git.1490.16ed375.el7.noarch.rpm openshift-kuryr-common-3.11.394-1.git.1490.16ed375.el7.noarch.rpm openshift-kuryr-controller-3.11.394-1.git.1490.16ed375.el7.noarch.rpm python2-kuryr-kubernetes-3.11.394-1.git.1490.16ed375.el7.noarch.rpm python2-rsa-4.5-3.el7.noarch.rpm
ppc64le: atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm atomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm atomic-openshift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.ppc64le.rpm atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.ppc64le.rpm atomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.ppc64le.rpm atomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.ppc64le.rpm atomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.ppc64le.rpm atomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.ppc64le.rpm golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.ppc64le.rpm haproxy-debuginfo-1.8.28-1.el7.ppc64le.rpm haproxy18-1.8.28-1.el7.ppc64le.rpm openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.ppc64le.rpm openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.ppc64le.rpm prometheus-3.11.394-1.git.5026.2c9627f.el7.ppc64le.rpm prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.ppc64le.rpm prometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.ppc64le.rpm
x86_64: atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm atomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm atomic-openshift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-clients-redistributable-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.x86_64.rpm atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.x86_64.rpm atomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.x86_64.rpm atomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.x86_64.rpm atomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.x86_64.rpm atomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.x86_64.rpm atomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.x86_64.rpm golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.x86_64.rpm haproxy-debuginfo-1.8.28-1.el7.x86_64.rpm haproxy18-1.8.28-1.el7.x86_64.rpm openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.x86_64.rpm openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.x86_64.rpm prometheus-3.11.394-1.git.5026.2c9627f.el7.x86_64.rpm prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.x86_64.rpm prometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-1945 https://access.redhat.com/security/cve/CVE-2020-2304 https://access.redhat.com/security/cve/CVE-2020-2305 https://access.redhat.com/security/cve/CVE-2020-2306 https://access.redhat.com/security/cve/CVE-2020-2307 https://access.redhat.com/security/cve/CVE-2020-2308 https://access.redhat.com/security/cve/CVE-2020-2309 https://access.redhat.com/security/cve/CVE-2020-11979 https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYD+BmNzjgjWX9erEAQjE+Q//ZZiX1bD9qOdi3w9TpwdZLagxnE5NTy5Z Ru/GN0qaTIBHo8QHZqgt6jBT5ADfW0KgEdA3N+fi43f4ud5fO+2eQcdE4oeSAE93 T5PAL+UBlb4ykAqQQnLVMO8G5Hc2IOw68wZjC+YFcEB36FnZifCk/z14OdUR3WyT g5ohmXKJw3ojfOsPK0ZIePS4V7RwTosagKHdyVa+tpxxVlkcZf2q08e5U7YkkhKv d/4UzYfGYtpm8ozYde1Cvs6cCU2ar7VQjsGW597BgSMXYESDqnPTKUJ5y8btFTwL j5z0ZSc96MBOkyebqxqhNdeFwg4liCl0RhBSUBhsG6e40Du8+3+LPUS579R1cp8N qCW0ODujVh804XNOXSqGAbmPXb6BL8uIY6j4kdzfZH4xgBGG1oOhiUcjPrJQkohD 7fRf/aLCtRno9d98oylMuxPWEf4XfeltF4zin8hWdvBlfSxfy6aGjdmXcHWIP3Es 4jL7h5IBtTn/8IXO5kXUlBeHOTNfjA48W/MmxyN6TNoTFrrsgR1pk7RUCxjAgOi/ Nk/IYlBheWb1Bvm/QCMpA5qDUSNZnmADw6BBRoViE+/DKBM9/DEUX6KOq6H3Ak0v wA7QOAVVk2COxBJCsmy7EJUJYMuyfrNkovukWKHUQQuDFcjy5nWYbGmmejX/STB2 +rElYOcZkO0=9NLN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"_id": null,
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.1"
},
{
"_id": null,
"model": "retail regular price optimization",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"_id": null,
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.6"
},
{
"_id": null,
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.0"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "retail item planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1.0"
},
{
"_id": null,
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"_id": null,
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"_id": null,
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"_id": null,
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.9"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"_id": null,
"model": "gradle",
"scope": "lt",
"trust": 1.0,
"vendor": "gradle",
"version": "6.8.0"
},
{
"_id": null,
"model": "storagetek acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1"
},
{
"_id": null,
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.9"
},
{
"_id": null,
"model": "retail merchandise financial planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"_id": null,
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"_id": null,
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"_id": null,
"model": "real-time decision server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"_id": null,
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"_id": null,
"model": "retail eftlink",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.0.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.8.0"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"_id": null,
"model": "retail replenishment optimization",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.2.0"
},
{
"_id": null,
"model": "timesten in-memory database",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.2.8.27"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"_id": null,
"model": "ant",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.10.8"
},
{
"_id": null,
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "banking treasury management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.4"
},
{
"_id": null,
"model": "enterprise repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"_id": null,
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.5.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"_id": null,
"model": "retail advanced inventory planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"_id": null,
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"_id": null,
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.2"
},
{
"_id": null,
"model": "retail macro space optimization",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.4"
},
{
"_id": null,
"model": "retail category management planning \\\u0026 optimization",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "api gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.4.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"_id": null,
"model": "retail size profile optimization",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "storagetek tape analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.6.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"_id": null,
"model": "real-time decision server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0.0"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.0.0"
},
{
"_id": null,
"model": "retail eftlink",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"_id": null,
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.11"
},
{
"_id": null,
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "ant",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "gradle",
"scope": null,
"trust": 0.8,
"vendor": "gradle",
"version": null
},
{
"_id": null,
"model": "oracle banking platform",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"_id": null,
"model": "oracle enterprise repository",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"_id": null,
"model": "oracle financial services analytical applications infrastructure",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"_id": null,
"model": "primavera gateway",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"_id": null,
"model": "primavera unifier",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"_id": null,
"model": "oracle retail financial integration",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"_id": null,
"model": "oracle retail integration bus",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"_id": null,
"model": "oracle retail service backbone",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"_id": null,
"model": "oracle retail store inventory management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"_id": null,
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012067"
},
{
"db": "NVD",
"id": "CVE-2020-11979"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "161644"
},
{
"db": "PACKETSTORM",
"id": "161454"
},
{
"db": "PACKETSTORM",
"id": "161647"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-015"
}
],
"trust": 0.9
},
"cve": "CVE-2020-11979",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-11979",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-164611",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-11979",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-11979",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-11979",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-11979",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-015",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-164611",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-11979",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164611"
},
{
"db": "VULMON",
"id": "CVE-2020-11979"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012067"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-015"
},
{
"db": "NVD",
"id": "CVE-2020-11979"
}
]
},
"description": {
"_id": null,
"data": "As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process. Apache Ant Contains an unspecified vulnerability.Information may be tampered with. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apache Ant is a set of automation tools for Java software development developed by the Apache Software Foundation. This tool is mainly used for software compilation, testing and deployment. The vulnerability stems from the fact that the network system or product lacks correct verification of user input data during the operation process of user input to construct commands, data structures, or records, and does not filter or correctly filter out special elements in it, resulting in parsing or failure of the system or product. Wrong way of interpreting. \n Linux Security Advisory GLSA 202011-18\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Apache Ant: Insecure temporary file\n Date: November 16, 2020\n Bugs: #745768\n ID: 202011-18\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nApache Ant uses various insecure temporary files possibly allowing\nlocal code execution. \n\nBackground\n==========\n\nAnt is a Java-based build tool similar to \u2018make\u2019 that uses XML\nconfiguration files. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/ant \u003c 1.10.9 \u003e= 1.10.9 \n\nDescription\n===========\n\nA previous fix for a security vulnerability involving insecure\ntemporary files has been found to be incomplete. \n\nImpact\n======\n\nA local attacker could perform symlink attacks to overwrite arbitrary\nfiles with the privileges of the user running the application. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache Ant users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/ant-1.10.9\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-11979\n https://nvd.nist.gov/vuln/detail/CVE-2020-11979\n[ 2 ] GLSA-202007-34\n https://security.gentoo.org/glsa/202007-34\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202011-18\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability\n1903702 - CVE-2020-11979 ant: insecure temporary file\n1921322 - CVE-2021-21615 jenkins: Filesystem traversal by privileged users\n1925140 - CVE-2021-21608 jenkins: Stored XSS vulnerability in button labels\n1925141 - CVE-2021-21609 jenkins: Missing permission check for paths with specific prefix\n1925143 - CVE-2021-21605 jenkins: Path traversal vulnerability in agent names\n1925145 - CVE-2021-21611 jenkins: Stored XSS vulnerability on new item page\n1925151 - CVE-2021-21610 jenkins: Reflected XSS vulnerability in markup formatter preview\n1925156 - CVE-2021-21607 jenkins: Excessive memory allocation in graph URLs leads to denial of service\n1925157 - CVE-2021-21604 jenkins: Improper handling of REST API XML deserialization errors\n1925159 - CVE-2021-21606 jenkins: Arbitrary file existence check in file fingerprints\n1925160 - CVE-2021-21603 jenkins: XSS vulnerability in notification bar\n1925161 - CVE-2021-21602 jenkins: Arbitrary file read vulnerability in workspace browsers\n1925674 - Placeholder bug for OCP 4.6.0 rpm release\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 3.11.394 bug fix and security update\nAdvisory ID: RHSA-2021:0637-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0637\nIssue date: 2021-03-03\nCVE Names: CVE-2020-1945 CVE-2020-2304 CVE-2020-2305\n CVE-2020-2306 CVE-2020-2307 CVE-2020-2308\n CVE-2020-2309 CVE-2020-11979 CVE-2020-25658\n====================================================================\n1. Summary:\n\nRed Hat OpenShift Container Platform release 3.11.394 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat OpenShift Container Platform 3.11 - noarch, ppc64le, x86_64\n\n3. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* jenkins-2-plugins/subversion: XML parser is not preventing XML external\nentity (XXE) attacks (CVE-2020-2304)\n\n* jenkins-2-plugins/mercurial: XML parser is not preventing XML external\nentity (XXE) attacks (CVE-2020-2305)\n\n* ant: Insecure temporary file vulnerability (CVE-2020-1945)\n\n* jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint\ncould result in information disclosure (CVE-2020-2306)\n\n* jenkins-2-plugins/kubernetes: Jenkins controller environment variables\nare accessible in Kubernetes plug-in (CVE-2020-2307)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes\nPlugin allows listing pod templates (CVE-2020-2308)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes\nplug-in allows enumerating credentials IDs (CVE-2020-2309)\n\n* ant: Insecure temporary file (CVE-2020-11979)\n\n* python-rsa: Bleichenbacher timing oracle attack against RSA decryption\n(CVE-2020-25658)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 3.11.394. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:0638\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r\nelease_notes.html\n\nThis update fixes the following bugs among others:\n\n* Previously, the restart-cluster playbook did not evaluate the defined\ncluster size for ops clusters. This was causing come clusters to never\ncomplete their restart. This bug fix passes the logging ops cluster size,\nallowing restarts of ops clusters to complete successfully. (BZ#1879407)\n\n* Previously, the `openshift_named_certificates` role checked the contents\nof the `ca-bundle.crt` file during cluster installation. This caused the\ncheck to fail during initial installation because the `ca-bundle.crt` file\nis not yet created in that scenario. This bug fix allows the cluster to\nskip checking the `ca-bundle.crt` file if it does not exist, resulting in\ninitial installations succeeding. (BZ#1920567)\n\n* Previously, if the `openshift_release` attribute was not set in the\nAnsible inventory file, the nodes of the cluster would fail during an\nupgrade. This was caused by the `cluster_facts.yml` file being gathered\nbefore the `openshift_release` attribute was defined by the upgrade\nplaybook. Now the `cluster_facts.yml` file is gathered after the\n`openshift_version` role runs and the `openshift_release` attribute is set,\nallowing for successful node upgrades. (BZ#1921353)\n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to these\nupdated packages and images. \n\n4. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system is applied. \n\nSee the following documentation, which will be updated shortly for release\n3.11.394, for important instructions on how to upgrade your cluster and\nfully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r\nelease_notes.html\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability\n1849003 - fact dicts returned are of type string rather than dict\n1873346 - In-place upgrade of OCP 3.11 does not upgrade Kuryr components\n1879407 - The restart-cluster playbook doesn\u0027t take into account that openshift_logging_es_ops_cluster_size could be different from openshift_logging_es_cluster_size\n1889972 - CVE-2020-25658 python-rsa: bleichenbacher timing oracle attack against RSA decryption\n1895939 - CVE-2020-2304 jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks\n1895940 - CVE-2020-2305 jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks\n1895941 - CVE-2020-2306 jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure\n1895945 - CVE-2020-2307 jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin\n1895946 - CVE-2020-2308 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates\n1895947 - CVE-2020-2309 jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs\n1903699 - Prometheus consumes all available memory\n1903702 - CVE-2020-11979 ant: insecure temporary file\n1918392 - Unable to access kibana URLafter enabling HTTP2 on Haproxy router\n1920567 - [release-3.11] - ca-bundle.crt(/etc/origin/master/ca-bundle.crt) is missing on the fresh installation process\n1921353 - OCP 3.11.374 Upgrade fails with Either OpenShift needs to be installed or openshift_release needs to be specified\n1924614 - Provide jenkins agent image for maven36\n1924811 - Provide jenkins agent image for maven36\n1929170 - kuryr-cni pods in crashloop after updating OCP due to RuntimeError caused by attempting to delete eth0 host interface\n1929216 - KeyError: \u0027addresses\u0027 in kuryr-controller when Endpoints\u0027 slice only lists notReadyAddresses\n\n6. Package List:\n\nRed Hat OpenShift Container Platform 3.11:\n\nSource:\natomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.src.rpm\natomic-openshift-3.11.394-1.git.0.e03a88e.el7.src.rpm\natomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.src.rpm\natomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.src.rpm\natomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.src.rpm\natomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.src.rpm\natomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.src.rpm\natomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.src.rpm\natomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.src.rpm\ngolang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.src.rpm\ngolang-github-prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.src.rpm\ngolang-github-prometheus-node_exporter-3.11.394-1.git.1062.8adc4b8.el7.src.rpm\ngolang-github-prometheus-prometheus-3.11.394-1.git.5026.2c9627f.el7.src.rpm\nhaproxy-1.8.28-1.el7.src.rpm\njenkins-2-plugins-3.11.1612862361-1.el7.src.rpm\njenkins-2.263.3.1612433584-1.el7.src.rpm\nopenshift-ansible-3.11.394-6.git.0.47ec25d.el7.src.rpm\nopenshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.src.rpm\nopenshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.src.rpm\nopenshift-kuryr-3.11.394-1.git.1490.16ed375.el7.src.rpm\npython-rsa-4.5-3.el7.src.rpm\n\nnoarch:\natomic-openshift-docker-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm\natomic-openshift-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm\njenkins-2-plugins-3.11.1612862361-1.el7.noarch.rpm\njenkins-2.263.3.1612433584-1.el7.noarch.rpm\nopenshift-ansible-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-ansible-docs-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-ansible-playbooks-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-ansible-roles-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-ansible-test-3.11.394-6.git.0.47ec25d.el7.noarch.rpm\nopenshift-kuryr-cni-3.11.394-1.git.1490.16ed375.el7.noarch.rpm\nopenshift-kuryr-common-3.11.394-1.git.1490.16ed375.el7.noarch.rpm\nopenshift-kuryr-controller-3.11.394-1.git.1490.16ed375.el7.noarch.rpm\npython2-kuryr-kubernetes-3.11.394-1.git.1490.16ed375.el7.noarch.rpm\npython2-rsa-4.5-3.el7.noarch.rpm\n\nppc64le:\natomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm\natomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm\natomic-openshift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.ppc64le.rpm\natomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.ppc64le.rpm\natomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.ppc64le.rpm\natomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.ppc64le.rpm\natomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.ppc64le.rpm\natomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm\natomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.ppc64le.rpm\ngolang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.ppc64le.rpm\nhaproxy-debuginfo-1.8.28-1.el7.ppc64le.rpm\nhaproxy18-1.8.28-1.el7.ppc64le.rpm\nopenshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.ppc64le.rpm\nopenshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.ppc64le.rpm\nprometheus-3.11.394-1.git.5026.2c9627f.el7.ppc64le.rpm\nprometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.ppc64le.rpm\nprometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.ppc64le.rpm\n\nx86_64:\natomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm\natomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm\natomic-openshift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-clients-redistributable-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.x86_64.rpm\natomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.x86_64.rpm\natomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.x86_64.rpm\natomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.x86_64.rpm\natomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.x86_64.rpm\natomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.x86_64.rpm\natomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm\natomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.x86_64.rpm\ngolang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.x86_64.rpm\nhaproxy-debuginfo-1.8.28-1.el7.x86_64.rpm\nhaproxy18-1.8.28-1.el7.x86_64.rpm\nopenshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.x86_64.rpm\nopenshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.x86_64.rpm\nprometheus-3.11.394-1.git.5026.2c9627f.el7.x86_64.rpm\nprometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.x86_64.rpm\nprometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-1945\nhttps://access.redhat.com/security/cve/CVE-2020-2304\nhttps://access.redhat.com/security/cve/CVE-2020-2305\nhttps://access.redhat.com/security/cve/CVE-2020-2306\nhttps://access.redhat.com/security/cve/CVE-2020-2307\nhttps://access.redhat.com/security/cve/CVE-2020-2308\nhttps://access.redhat.com/security/cve/CVE-2020-2309\nhttps://access.redhat.com/security/cve/CVE-2020-11979\nhttps://access.redhat.com/security/cve/CVE-2020-25658\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYD+BmNzjgjWX9erEAQjE+Q//ZZiX1bD9qOdi3w9TpwdZLagxnE5NTy5Z\nRu/GN0qaTIBHo8QHZqgt6jBT5ADfW0KgEdA3N+fi43f4ud5fO+2eQcdE4oeSAE93\nT5PAL+UBlb4ykAqQQnLVMO8G5Hc2IOw68wZjC+YFcEB36FnZifCk/z14OdUR3WyT\ng5ohmXKJw3ojfOsPK0ZIePS4V7RwTosagKHdyVa+tpxxVlkcZf2q08e5U7YkkhKv\nd/4UzYfGYtpm8ozYde1Cvs6cCU2ar7VQjsGW597BgSMXYESDqnPTKUJ5y8btFTwL\nj5z0ZSc96MBOkyebqxqhNdeFwg4liCl0RhBSUBhsG6e40Du8+3+LPUS579R1cp8N\nqCW0ODujVh804XNOXSqGAbmPXb6BL8uIY6j4kdzfZH4xgBGG1oOhiUcjPrJQkohD\n7fRf/aLCtRno9d98oylMuxPWEf4XfeltF4zin8hWdvBlfSxfy6aGjdmXcHWIP3Es\n4jL7h5IBtTn/8IXO5kXUlBeHOTNfjA48W/MmxyN6TNoTFrrsgR1pk7RUCxjAgOi/\nNk/IYlBheWb1Bvm/QCMpA5qDUSNZnmADw6BBRoViE+/DKBM9/DEUX6KOq6H3Ak0v\nwA7QOAVVk2COxBJCsmy7EJUJYMuyfrNkovukWKHUQQuDFcjy5nWYbGmmejX/STB2\n+rElYOcZkO0=9NLN\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11979"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012067"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-164611"
},
{
"db": "VULMON",
"id": "CVE-2020-11979"
},
{
"db": "PACKETSTORM",
"id": "160093"
},
{
"db": "PACKETSTORM",
"id": "161644"
},
{
"db": "PACKETSTORM",
"id": "161454"
},
{
"db": "PACKETSTORM",
"id": "161647"
}
],
"trust": 2.7
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-11979",
"trust": 3.0
},
{
"db": "PACKETSTORM",
"id": "160093",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161644",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161454",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012067",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042112",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042640",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072823",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042536",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042536",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012312",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042319",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072778",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6025",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0771",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0599",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0315",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1653",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-015",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161647",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2020-57125",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-164611",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-11979",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164611"
},
{
"db": "VULMON",
"id": "CVE-2020-11979"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012067"
},
{
"db": "PACKETSTORM",
"id": "160093"
},
{
"db": "PACKETSTORM",
"id": "161644"
},
{
"db": "PACKETSTORM",
"id": "161454"
},
{
"db": "PACKETSTORM",
"id": "161647"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-015"
},
{
"db": "NVD",
"id": "CVE-2020-11979"
}
]
},
"id": "VAR-202010-1567",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-164611"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:35:47.808000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Apache\u00a0Ant\u00a0insecure\u00a0temporary\u00a0file\u00a0vulnerability Oracle Oracle\u00a0Critical\u00a0Patch\u00a0Update",
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E"
},
{
"title": "Apache Ant Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=130249"
},
{
"title": "Debian CVElist Bug Report Logs: ant: CVE-2020-11979",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=2a449f8fc892d50c69e07a3668964924"
},
{
"title": "IBM: Security Bulletin: Vulnerability in Apache Ant affects IBM Spectrum Symphony",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3dd0d4ffb8383347639c4ccc74310f32"
},
{
"title": "Arch Linux Advisories: [ASA-202012-5] ant: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202012-5"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-11979 log"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.6.17 security and packages update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210423 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: Apache Ant Vulnerabilities Affect IBM Control Center (CVE-2020-1945, CVE-2020-11979)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=141b2e54160a76a0f41beef4db28270e"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0bf006d622ea4a9435b282864e760566"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c47c09015d1429df4a71453000607351"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-11979"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012067"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-015"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-379",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Other (CWE-Other) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-74",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164611"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012067"
},
{
"db": "NVD",
"id": "CVE-2020-11979"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202011-18"
},
{
"trust": 1.8,
"url": "https://github.com/gradle/gradle/security/advisories/ghsa-j45w-qrgf-25vm"
},
{
"trust": 1.8,
"url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3cdev.ant.apache.org%3e"
},
{
"trust": 1.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11979"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3cdev.creadur.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3cdev.creadur.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3cdev.creadur.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3cdev.creadur.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/u3nrqq7ecii4zngw7gbc225lvympqekb/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3cdev.creadur.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3cdev.creadur.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/aalw42fwnq35f7kb3jvrc6nbvv7aayyi/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3cdev.creadur.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/dybrn5c2rw7jry75ib7q7zvkzchwaqws/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/u3nrqq7ecii4zngw7gbc225lvympqekb/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/dybrn5c2rw7jry75ib7q7zvkzchwaqws/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/aalw42fwnq35f7kb3jvrc6nbvv7aayyi/"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3cdev.creadur.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3cdev.creadur.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3cdev.creadur.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3cdev.creadur.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3cdev.creadur.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3cdev.creadur.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3cdev.creadur.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-ant-affects-ibm-spectrum-symphony/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-gradle-version-in-ibp-javaenv-and-dind-images-depends-on-vulnerable-apache-ant/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0315/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0599"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042536"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160093/gentoo-linux-security-advisory-202011-18.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072778"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042112"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-apache-ant-as-used-by-ibm-qradar-siem-is-vulnerable-to-insecure-temporary-files-cve-2020-11979/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012312"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-ant-information-disclosure-via-fixcrlf-task-temporary-files-permissions-33683"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161454/red-hat-security-advisory-2021-0423-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1653"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042319"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042536"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-as-mitigation-for-cve-2020-1945-apache-ant-1-10-8-changed-the-permissions-of-temporary-files-it-created-so-that-only-the-current-user-was-allowed-to-access-them/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161644/red-hat-security-advisory-2021-0429-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerability-issues-affect-ibm-spectrum-symphony-7-3-1/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-apache-ant-vulnerabilities-affect-ibm-control-center-cve-2020-1945-cve-2020-11979/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0771"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072823"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6025"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042640"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1945"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1945"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11979"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21607"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21606"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21608"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21609"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21602"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21608"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21603"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21603"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21611"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21605"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21610"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21607"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21605"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21609"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21602"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21604"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21604"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21615"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21610"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21615"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21606"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21611"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202007-34"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.5/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0429"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0428"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0423"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:0424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25658"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2306"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2306"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2307"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:0638"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2309"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2309"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0637"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2304"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2307"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25658"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164611"
},
{
"db": "VULMON",
"id": "CVE-2020-11979"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012067"
},
{
"db": "PACKETSTORM",
"id": "160093"
},
{
"db": "PACKETSTORM",
"id": "161644"
},
{
"db": "PACKETSTORM",
"id": "161454"
},
{
"db": "PACKETSTORM",
"id": "161647"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-015"
},
{
"db": "NVD",
"id": "CVE-2020-11979"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-164611",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-11979",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012067",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "160093",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "161644",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "161454",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "161647",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202010-015",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-11979",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-10-01T00:00:00",
"db": "VULHUB",
"id": "VHN-164611",
"ident": null
},
{
"date": "2020-10-01T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11979",
"ident": null
},
{
"date": "2021-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012067",
"ident": null
},
{
"date": "2020-11-16T17:15:41",
"db": "PACKETSTORM",
"id": "160093",
"ident": null
},
{
"date": "2021-03-03T15:53:12",
"db": "PACKETSTORM",
"id": "161644",
"ident": null
},
{
"date": "2021-02-18T14:14:45",
"db": "PACKETSTORM",
"id": "161454",
"ident": null
},
{
"date": "2021-03-03T15:53:58",
"db": "PACKETSTORM",
"id": "161647",
"ident": null
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975",
"ident": null
},
{
"date": "2020-10-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-015",
"ident": null
},
{
"date": "2020-10-01T20:15:13.033000",
"db": "NVD",
"id": "CVE-2020-11979",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-164611",
"ident": null
},
{
"date": "2021-04-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11979",
"ident": null
},
{
"date": "2021-04-22T08:19:00",
"db": "JVNDB",
"id": "JVNDB-2020-012067",
"ident": null
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975",
"ident": null
},
{
"date": "2023-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-015",
"ident": null
},
{
"date": "2024-11-21T04:59:02.170000",
"db": "NVD",
"id": "CVE-2020-11979",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-015"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Apache\u00a0Ant\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012067"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-015"
}
],
"trust": 1.2
}
}
var-202103-1442
Vulnerability from variot
An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. Vendor is responsible for this vulnerability CID-20c40794eb85 It is published as. This vulnerability is CVE-2019-2308 Vulnerabilities related to.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This update provides the corresponding Linux kernel updates targeted specifically for Raspberry Pi devices in those same Ubuntu Releases. ========================================================================== Ubuntu Security Notice USN-4949-1 May 11, 2021
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle, linux-raspi vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3489)
Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3491)
It was discovered that the Nouveau GPU driver in the Linux kernel did not properly handle error conditions in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25639)
Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Sch\xf6nherr discovered that the Xen paravirtualization backend in the Linux kernel did not properly propagate errors to frontend drivers in some situations. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-26930)
Jan Beulich discovered that multiple Xen backends in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). A local attacker could possibly use this to gain elevated privileges. (CVE-2021-28375)
It was discovered that the Freescale Gianfar Ethernet driver for the Linux kernel did not properly handle receive queue overrun when jumbo frames were enabled in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2021-29264)
It was discovered that the USB/IP driver in the Linux kernel contained race conditions during the update of local and shared status. An attacker could use this to cause a denial of service (system crash). An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-29266)
It was discovered that the TIPC protocol implementation in the Linux kernel did not properly validate passed encryption key sizes. A local attacker could use this to cause a denial of service (system crash). A local attacker could use this to cause a denial of service (system crash). (CVE-2021-29650)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: linux-image-5.8.0-1024-raspi 5.8.0-1024.27 linux-image-5.8.0-1024-raspi-nolpae 5.8.0-1024.27 linux-image-5.8.0-1027-kvm 5.8.0-1027.29 linux-image-5.8.0-1029-oracle 5.8.0-1029.30 linux-image-5.8.0-1031-gcp 5.8.0-1031.32 linux-image-5.8.0-1032-azure 5.8.0-1032.34 linux-image-5.8.0-1033-aws 5.8.0-1033.35 linux-image-5.8.0-53-generic 5.8.0-53.60 linux-image-5.8.0-53-generic-64k 5.8.0-53.60 linux-image-5.8.0-53-generic-lpae 5.8.0-53.60 linux-image-5.8.0-53-lowlatency 5.8.0-53.60 linux-image-aws 5.8.0.1033.35 linux-image-azure 5.8.0.1032.32 linux-image-gcp 5.8.0.1031.31 linux-image-generic 5.8.0.53.58 linux-image-generic-64k 5.8.0.53.58 linux-image-generic-lpae 5.8.0.53.58 linux-image-gke 5.8.0.1031.31 linux-image-kvm 5.8.0.1027.29 linux-image-lowlatency 5.8.0.53.58 linux-image-oem-20.04 5.8.0.53.58 linux-image-oracle 5.8.0.1029.28 linux-image-raspi 5.8.0.1024.27 linux-image-raspi-nolpae 5.8.0.1024.27 linux-image-virtual 5.8.0.53.58
Ubuntu 20.04 LTS: linux-image-5.8.0-53-generic 5.8.0-53.60~20.04.1 linux-image-5.8.0-53-generic-64k 5.8.0-53.60~20.04.1 linux-image-5.8.0-53-generic-lpae 5.8.0-53.60~20.04.1 linux-image-5.8.0-53-lowlatency 5.8.0-53.60~20.04.1 linux-image-generic-64k-hwe-20.04 5.8.0.53.60~20.04.37 linux-image-generic-hwe-20.04 5.8.0.53.60~20.04.37 linux-image-generic-lpae-hwe-20.04 5.8.0.53.60~20.04.37 linux-image-lowlatency-hwe-20.04 5.8.0.53.60~20.04.37 linux-image-virtual-hwe-20.04 5.8.0.53.60~20.04.37
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://ubuntu.com/security/notices/USN-4949-1 CVE-2020-25639, CVE-2021-26930, CVE-2021-26931, CVE-2021-28375, CVE-2021-29264, CVE-2021-29265, CVE-2021-29266, CVE-2021-29646, CVE-2021-29650, CVE-2021-3489, CVE-2021-3490, CVE-2021-3491
Package Information: https://launchpad.net/ubuntu/+source/linux/5.8.0-53.60 https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1033.35 https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1032.34 https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1031.32 https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1027.29 https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1029.30 https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1024.27 https://launchpad.net/ubuntu/+source/linux-hwe-5.8/5.8.0-53.60~20.04.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1442",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.5"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "solidfire baseboard management controller",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.11.7"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.4.106"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.11"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.10.24"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.1"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "kernel",
"scope": null,
"trust": 0.8,
"vendor": "linux",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004458"
},
{
"db": "NVD",
"id": "CVE-2021-28375"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "162167"
},
{
"db": "PACKETSTORM",
"id": "162695"
},
{
"db": "PACKETSTORM",
"id": "162541"
},
{
"db": "PACKETSTORM",
"id": "162550"
},
{
"db": "PACKETSTORM",
"id": "162543"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-961"
}
],
"trust": 1.1
},
"cve": "CVE-2021-28375",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-28375",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-387803",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-28375",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-28375",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-28375",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-28375",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-961",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-387803",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-387803"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004458"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-961"
},
{
"db": "NVD",
"id": "CVE-2021-28375"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. Vendor is responsible for this vulnerability CID-20c40794eb85 It is published as. This vulnerability is CVE-2019-2308 Vulnerabilities related to.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This update provides the corresponding\nLinux kernel updates targeted specifically for Raspberry Pi devices\nin those same Ubuntu Releases. ==========================================================================\nUbuntu Security Notice USN-4949-1\nMay 11, 2021\n\nlinux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm,\nlinux-oracle, linux-raspi vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. A local attacker could use this to cause a\ndenial of service (system crash) or execute arbitrary code. (CVE-2021-3489)\n\nManfred Paul discovered that the eBPF implementation in the Linux kernel\ndid not properly track bounds on bitwise operations. A local attacker could\nuse this to cause a denial of service (system crash) or execute arbitrary\ncode. A local attacker could use this to cause a denial of service\n(system crash) or execute arbitrary code. (CVE-2021-3491)\n\nIt was discovered that the Nouveau GPU driver in the Linux kernel did not\nproperly handle error conditions in some situations. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2020-25639)\n\nOlivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Sch\\xf6nherr\ndiscovered that the Xen paravirtualization backend in the Linux kernel did\nnot properly propagate errors to frontend drivers in some situations. An\nattacker in a guest VM could possibly use this to cause a denial of service\n(host domain crash). (CVE-2021-26930)\n\nJan Beulich discovered that multiple Xen backends in the Linux kernel did\nnot properly handle certain error conditions under paravirtualization. An\nattacker in a guest VM could possibly use this to cause a denial of service\n(host domain crash). A local\nattacker could possibly use this to gain elevated privileges. \n(CVE-2021-28375)\n\nIt was discovered that the Freescale Gianfar Ethernet driver for the Linux\nkernel did not properly handle receive queue overrun when jumbo frames were\nenabled in some situations. An attacker could use this to cause a denial of\nservice (system crash). (CVE-2021-29264)\n\nIt was discovered that the USB/IP driver in the Linux kernel contained race\nconditions during the update of local and shared status. An attacker could\nuse this to cause a denial of service (system crash). An attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2021-29266)\n\nIt was discovered that the TIPC protocol implementation in the Linux kernel\ndid not properly validate passed encryption key sizes. A local attacker\ncould use this to cause a denial of service (system crash). A local attacker could use this\nto cause a denial of service (system crash). (CVE-2021-29650)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n linux-image-5.8.0-1024-raspi 5.8.0-1024.27\n linux-image-5.8.0-1024-raspi-nolpae 5.8.0-1024.27\n linux-image-5.8.0-1027-kvm 5.8.0-1027.29\n linux-image-5.8.0-1029-oracle 5.8.0-1029.30\n linux-image-5.8.0-1031-gcp 5.8.0-1031.32\n linux-image-5.8.0-1032-azure 5.8.0-1032.34\n linux-image-5.8.0-1033-aws 5.8.0-1033.35\n linux-image-5.8.0-53-generic 5.8.0-53.60\n linux-image-5.8.0-53-generic-64k 5.8.0-53.60\n linux-image-5.8.0-53-generic-lpae 5.8.0-53.60\n linux-image-5.8.0-53-lowlatency 5.8.0-53.60\n linux-image-aws 5.8.0.1033.35\n linux-image-azure 5.8.0.1032.32\n linux-image-gcp 5.8.0.1031.31\n linux-image-generic 5.8.0.53.58\n linux-image-generic-64k 5.8.0.53.58\n linux-image-generic-lpae 5.8.0.53.58\n linux-image-gke 5.8.0.1031.31\n linux-image-kvm 5.8.0.1027.29\n linux-image-lowlatency 5.8.0.53.58\n linux-image-oem-20.04 5.8.0.53.58\n linux-image-oracle 5.8.0.1029.28\n linux-image-raspi 5.8.0.1024.27\n linux-image-raspi-nolpae 5.8.0.1024.27\n linux-image-virtual 5.8.0.53.58\n\nUbuntu 20.04 LTS:\n linux-image-5.8.0-53-generic 5.8.0-53.60~20.04.1\n linux-image-5.8.0-53-generic-64k 5.8.0-53.60~20.04.1\n linux-image-5.8.0-53-generic-lpae 5.8.0-53.60~20.04.1\n linux-image-5.8.0-53-lowlatency 5.8.0-53.60~20.04.1\n linux-image-generic-64k-hwe-20.04 5.8.0.53.60~20.04.37\n linux-image-generic-hwe-20.04 5.8.0.53.60~20.04.37\n linux-image-generic-lpae-hwe-20.04 5.8.0.53.60~20.04.37\n linux-image-lowlatency-hwe-20.04 5.8.0.53.60~20.04.37\n linux-image-virtual-hwe-20.04 5.8.0.53.60~20.04.37\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n https://ubuntu.com/security/notices/USN-4949-1\n CVE-2020-25639, CVE-2021-26930, CVE-2021-26931, CVE-2021-28375,\n CVE-2021-29264, CVE-2021-29265, CVE-2021-29266, CVE-2021-29646,\n CVE-2021-29650, CVE-2021-3489, CVE-2021-3490, CVE-2021-3491\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/linux/5.8.0-53.60\n https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1033.35\n https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1032.34\n https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1031.32\n https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1027.29\n https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1029.30\n https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1024.27\n https://launchpad.net/ubuntu/+source/linux-hwe-5.8/5.8.0-53.60~20.04.1\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-28375"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004458"
},
{
"db": "VULHUB",
"id": "VHN-387803"
},
{
"db": "PACKETSTORM",
"id": "162167"
},
{
"db": "PACKETSTORM",
"id": "162695"
},
{
"db": "PACKETSTORM",
"id": "162541"
},
{
"db": "PACKETSTORM",
"id": "162550"
},
{
"db": "PACKETSTORM",
"id": "162543"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-28375",
"trust": 3.0
},
{
"db": "PACKETSTORM",
"id": "162167",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162695",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162541",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004458",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202103-961",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.1231",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1307",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1299",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2136",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1623",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2606",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1694",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162550",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162543",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-387803",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-387803"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004458"
},
{
"db": "PACKETSTORM",
"id": "162167"
},
{
"db": "PACKETSTORM",
"id": "162695"
},
{
"db": "PACKETSTORM",
"id": "162541"
},
{
"db": "PACKETSTORM",
"id": "162550"
},
{
"db": "PACKETSTORM",
"id": "162543"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-961"
},
{
"db": "NVD",
"id": "CVE-2021-28375"
}
]
},
"id": "VAR-202103-1442",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-387803"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:38:10.423000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "restrict\u00a0user\u00a0apps\u00a0from\u00a0sending\u00a0kernel\u00a0RPC\u00a0messages",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMRQVOTASD3VZP6GE4JJHE27QU6FHTZ6/"
},
{
"title": "Linux kernel Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144241"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004458"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-961"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.1
},
{
"problemtype": "Improper authority management (CWE-269) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-387803"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004458"
},
{
"db": "NVD",
"id": "CVE-2021-28375"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28375"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210401-0003/"
},
{
"trust": 1.7,
"url": "https://git.kernel.org/linus/20c40794eb85ea29852d7bc37c55713802a543d6"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/omrqvotasd3vzp6ge4jjhe27qu6fhtz6/"
},
{
"trust": 1.0,
"url": "https://lore.kernel.org/stable/yd03ew7+6v0xph6l%40kroah.com/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xaunydtge6mb4nwl2sihpcodclet3jzb/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tjpvqzpy3dhpv5i3ivnmsmo6d3pkzisx/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xaunydtge6mb4nwl2sihpcodclet3jzb/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/omrqvotasd3vzp6ge4jjhe27qu6fhtz6/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tjpvqzpy3dhpv5i3ivnmsmo6d3pkzisx/"
},
{
"trust": 0.7,
"url": "https://lore.kernel.org/stable/yd03ew7+6v0xph6l@kroah.com/"
},
{
"trust": 0.6,
"url": "https://source.android.com/security/bulletin/2021-08-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1623"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1766"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162167/ubuntu-security-notice-usn-4911-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2606"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1307"
},
{
"trust": 0.6,
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202110-0000001162680040"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-28375"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1231"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162695/ubuntu-security-notice-usn-4945-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2136"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/linux-kernel-privilege-escalation-via-fastrpc-internal-invoke-34854"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1299"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1694"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162541/ubuntu-security-notice-usn-4945-1.html"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25639"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29650"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28038"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29265"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30002"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-4945-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28660"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29646"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4911-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oem-5.10/5.10.0-1021.22"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28950"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1035.38"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1035.38~18.04.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4945-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1047.49~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1043.45"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1047.49"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1043.46~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1015.16"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1015.16~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1044.47~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1043.46"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1048.50~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.4.0-73.82"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1039.40"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-73.82~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1045.49"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke-5.4/5.4.0-1043.45~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1048.50"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1029.30"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1024.27"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26930"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4949-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1027.29"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe-5.8/5.8.0-53.60~20.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29266"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3489"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.8.0-53.60"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26931"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1031.32"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1032.34"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3490"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1033.35"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35519"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4947-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oem-5.6/5.6.0-1056.60"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-387803"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004458"
},
{
"db": "PACKETSTORM",
"id": "162167"
},
{
"db": "PACKETSTORM",
"id": "162695"
},
{
"db": "PACKETSTORM",
"id": "162541"
},
{
"db": "PACKETSTORM",
"id": "162550"
},
{
"db": "PACKETSTORM",
"id": "162543"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-961"
},
{
"db": "NVD",
"id": "CVE-2021-28375"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-387803"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004458"
},
{
"db": "PACKETSTORM",
"id": "162167"
},
{
"db": "PACKETSTORM",
"id": "162695"
},
{
"db": "PACKETSTORM",
"id": "162541"
},
{
"db": "PACKETSTORM",
"id": "162550"
},
{
"db": "PACKETSTORM",
"id": "162543"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-961"
},
{
"db": "NVD",
"id": "CVE-2021-28375"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-15T00:00:00",
"db": "VULHUB",
"id": "VHN-387803"
},
{
"date": "2021-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004458"
},
{
"date": "2021-04-13T22:55:55",
"db": "PACKETSTORM",
"id": "162167"
},
{
"date": "2021-05-19T14:19:27",
"db": "PACKETSTORM",
"id": "162695"
},
{
"date": "2021-05-12T13:50:45",
"db": "PACKETSTORM",
"id": "162541"
},
{
"date": "2021-05-12T13:52:46",
"db": "PACKETSTORM",
"id": "162550"
},
{
"date": "2021-05-12T13:51:05",
"db": "PACKETSTORM",
"id": "162543"
},
{
"date": "2021-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-961"
},
{
"date": "2021-03-15T05:15:13.740000",
"db": "NVD",
"id": "CVE-2021-28375"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-387803"
},
{
"date": "2021-11-22T08:57:00",
"db": "JVNDB",
"id": "JVNDB-2021-004458"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-961"
},
{
"date": "2024-11-21T05:59:36.483000",
"db": "NVD",
"id": "CVE-2021-28375"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "162167"
},
{
"db": "PACKETSTORM",
"id": "162695"
},
{
"db": "PACKETSTORM",
"id": "162541"
},
{
"db": "PACKETSTORM",
"id": "162550"
},
{
"db": "PACKETSTORM",
"id": "162543"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-961"
}
],
"trust": 1.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux\u00a0Kernel\u00a0 Vulnerability in privilege management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004458"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-961"
}
],
"trust": 0.6
}
}
var-202103-1240
Vulnerability from variot
A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. Vendor exploits this vulnerability CID-dbcc7d57bffc Is published as.Denial of service (DoS) It may be put into a state. A physically proximate attacker could use this issue to inject packets. ========================================================================== Ubuntu Security Notice USN-4948-1 May 11, 2021
linux-oem-5.10 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux-oem-5.10: Linux kernel for OEM systems
Details:
Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3489)
Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3491)
Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25670)
Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly deallocate memory in certain error situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-25671, CVE-2020-25672)
It was discovered that the Xen paravirtualization backend in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). A local attacker could use this to cause a denial of service. (CVE-2021-28951)
John Stultz discovered that the audio driver for Qualcomm SDM845 systems in the Linux kernel did not properly validate port ID numbers. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-28964)
Vince Weaver discovered that the perf subsystem in the Linux kernel did not properly handle certain PEBS records properly for some Intel Haswell processors. A local attacker could use this cause a denial of service (system crash). (CVE-2021-28971)
It was discovered that the RPA PCI Hotplug driver implementation in the Linux kernel did not properly handle device name writes via sysfs, leading to a buffer overflow. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-28972)
It was discovered that the Freescale Gianfar Ethernet driver for the Linux kernel did not properly handle receive queue overrun when jumbo frames were enabled in some situations. An attacker could use this to cause a denial of service (system crash). An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-29266)
It was discovered that the TIPC protocol implementation in the Linux kernel did not properly validate passed encryption key sizes. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-29646)
It was discovered that the Qualcomm IPC router implementation in the Linux kernel did not properly initialize memory passed to user space. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-29647)
It was discovered that the BPF user mode driver implementation in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). A local attacker could use this to cause a denial of service (system crash). (CVE-2021-29650)
Felix Wilhelm discovered that the KVM implementation in the Linux kernel for AMD processors contained race conditions on nested VMCB controls. A local attacker in a guest vm could possibly use this to gain elevated privileges. (CVE-2021-29657)
Dan Carpenter discovered that the block device manager (dm) implementation in the Linux kernel contained a buffer overflow in the ioctl for listing devices. A privileged local attacker could use this to cause a denial of service (system crash). (CVE-2021-31916)
马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3483)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: linux-image-5.10.0-1026-oem 5.10.0-1026.27 linux-image-oem-20.04b 5.10.0.1026.27
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://ubuntu.com/security/notices/USN-4948-1 CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2021-28688, CVE-2021-28951, CVE-2021-28952, CVE-2021-28964, CVE-2021-28971, CVE-2021-28972, CVE-2021-29264, CVE-2021-29266, CVE-2021-29646, CVE-2021-29647, CVE-2021-29649, CVE-2021-29650, CVE-2021-29657, CVE-2021-31916, CVE-2021-3483, CVE-2021-3489, CVE-2021-3490, CVE-2021-3491
Package Information: https://launchpad.net/ubuntu/+source/linux-oem-5.10/5.10.0-1026.27
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1240",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "solidfire baseboard management controller",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "aff a250",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "lte",
"trust": 1.0,
"vendor": "linux",
"version": "5.11.8"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fas 500f",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "lte",
"trust": 0.8,
"vendor": "linux",
"version": "5.11.8 until"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004731"
},
{
"db": "NVD",
"id": "CVE-2021-28964"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "162969"
},
{
"db": "PACKETSTORM",
"id": "162981"
},
{
"db": "PACKETSTORM",
"id": "162939"
},
{
"db": "PACKETSTORM",
"id": "166568"
},
{
"db": "PACKETSTORM",
"id": "162549"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1265"
}
],
"trust": 1.1
},
"cve": "CVE-2021-28964",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"id": "CVE-2021-28964",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"id": "VHN-388477",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.0,
"id": "CVE-2021-28964",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 4.7,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-28964",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-28964",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-28964",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1265",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-388477",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2021-28964",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388477"
},
{
"db": "VULMON",
"id": "CVE-2021-28964"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004731"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1265"
},
{
"db": "NVD",
"id": "CVE-2021-28964"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. Vendor exploits this vulnerability CID-dbcc7d57bffc Is published as.Denial of service (DoS) It may be put into a state. A physically proximate\nattacker could use this issue to inject packets. ==========================================================================\nUbuntu Security Notice USN-4948-1\nMay 11, 2021\n\nlinux-oem-5.10 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. \n\nSoftware Description:\n- linux-oem-5.10: Linux kernel for OEM systems\n\nDetails:\n\nRyota Shiga discovered that the eBPF implementation in the Linux kernel did\nnot properly verify that a BPF program only reserved as much memory for a\nring buffer as was allocated. A local attacker could use this to cause a\ndenial of service (system crash) or execute arbitrary code. (CVE-2021-3489)\n\nManfred Paul discovered that the eBPF implementation in the Linux kernel\ndid not properly track bounds on bitwise operations. A local attacker could\nuse this to cause a denial of service (system crash) or execute arbitrary\ncode. A local attacker could use this to cause a denial of service\n(system crash) or execute arbitrary code. (CVE-2021-3491)\n\nKiyin (\u5c39\u4eae) discovered that the NFC LLCP protocol implementation in the\nLinux kernel contained a reference counting error. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2020-25670)\n\nKiyin (\u5c39\u4eae) discovered that the NFC LLCP protocol implementation in the\nLinux kernel did not properly deallocate memory in certain error\nsituations. A local attacker could use this to cause a denial of service\n(memory exhaustion). (CVE-2020-25671, CVE-2020-25672)\n\nIt was discovered that the Xen paravirtualization backend in the Linux\nkernel did not properly deallocate memory in some situations. A local\nattacker could use this to cause a denial of service (memory exhaustion). A local attacker could\nuse this to cause a denial of service. (CVE-2021-28951)\n\nJohn Stultz discovered that the audio driver for Qualcomm SDM845 systems in\nthe Linux kernel did not properly validate port ID numbers. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. \nA local attacker could possibly use this to cause a denial of service\n(system crash). (CVE-2021-28964)\n\nVince Weaver discovered that the perf subsystem in the Linux kernel did\nnot properly handle certain PEBS records properly for some Intel Haswell\nprocessors. A local attacker could use this cause a denial of service\n(system crash). (CVE-2021-28971)\n\nIt was discovered that the RPA PCI Hotplug driver implementation in the\nLinux kernel did not properly handle device name writes via sysfs, leading\nto a buffer overflow. A privileged attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2021-28972)\n\nIt was discovered that the Freescale Gianfar Ethernet driver for the Linux\nkernel did not properly handle receive queue overrun when jumbo frames were\nenabled in some situations. An attacker could use this to cause a denial of\nservice (system crash). An attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2021-29266)\n\nIt was discovered that the TIPC protocol implementation in the Linux kernel\ndid not properly validate passed encryption key sizes. A local attacker\ncould use this to cause a denial of service (system crash). \n(CVE-2021-29646)\n\nIt was discovered that the Qualcomm IPC router implementation in the Linux\nkernel did not properly initialize memory passed to user space. A local\nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2021-29647)\n\nIt was discovered that the BPF user mode driver implementation in the Linux\nkernel did not properly deallocate memory in some situations. A local\nattacker could use this to cause a denial of service (memory exhaustion). A local attacker could use this\nto cause a denial of service (system crash). (CVE-2021-29650)\n\nFelix Wilhelm discovered that the KVM implementation in the Linux kernel\nfor AMD processors contained race conditions on nested VMCB controls. A\nlocal attacker in a guest vm could possibly use this to gain elevated\nprivileges. (CVE-2021-29657)\n\nDan Carpenter discovered that the block device manager (dm) implementation\nin the Linux kernel contained a buffer overflow in the ioctl for listing\ndevices. A privileged local attacker could use this to cause a denial of\nservice (system crash). (CVE-2021-31916)\n\n\u9a6c\u54f2\u5b87 discovered that the IEEE 1394 (Firewire) nosy packet sniffer\ndriver in the Linux kernel did not properly perform reference counting in\nsome situations, leading to a use-after-free vulnerability. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2021-3483)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\n linux-image-5.10.0-1026-oem 5.10.0-1026.27\n linux-image-oem-20.04b 5.10.0.1026.27\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n https://ubuntu.com/security/notices/USN-4948-1\n CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2021-28688,\n CVE-2021-28951, CVE-2021-28952, CVE-2021-28964, CVE-2021-28971,\n CVE-2021-28972, CVE-2021-29264, CVE-2021-29266, CVE-2021-29646,\n CVE-2021-29647, CVE-2021-29649, CVE-2021-29650, CVE-2021-29657,\n CVE-2021-31916, CVE-2021-3483, CVE-2021-3489, CVE-2021-3490,\n CVE-2021-3491\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/linux-oem-5.10/5.10.0-1026.27\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-28964"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004731"
},
{
"db": "VULHUB",
"id": "VHN-388477"
},
{
"db": "VULMON",
"id": "CVE-2021-28964"
},
{
"db": "PACKETSTORM",
"id": "162969"
},
{
"db": "PACKETSTORM",
"id": "162981"
},
{
"db": "PACKETSTORM",
"id": "162939"
},
{
"db": "PACKETSTORM",
"id": "166568"
},
{
"db": "PACKETSTORM",
"id": "162549"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-28964",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "166568",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162939",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162981",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162549",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004731",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1265",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.1919",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1299",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1625",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1655",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2217",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1231",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2136",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1307",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1964",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1408",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1946",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1694",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162969",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-388477",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-28964",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388477"
},
{
"db": "VULMON",
"id": "CVE-2021-28964"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004731"
},
{
"db": "PACKETSTORM",
"id": "162969"
},
{
"db": "PACKETSTORM",
"id": "162981"
},
{
"db": "PACKETSTORM",
"id": "162939"
},
{
"db": "PACKETSTORM",
"id": "166568"
},
{
"db": "PACKETSTORM",
"id": "162549"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1265"
},
{
"db": "NVD",
"id": "CVE-2021-28964"
}
]
},
"id": "VAR-202103-1240",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-388477"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:41:43.591000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "btrfs",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4VCKIOXCOZGXBEZMO5LGGV5MWCHO6FT3/"
},
{
"title": "Linux kernel Repair measures for the competition condition problem loophole",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145653"
},
{
"title": "Red Hat: CVE-2021-28964",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-28964"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-28964 log"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-28964"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004731"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1265"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 1.1
},
{
"problemtype": "Race condition (CWE-362) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388477"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004731"
},
{
"db": "NVD",
"id": "CVE-2021-28964"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28964"
},
{
"trust": 1.8,
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dbcc7d57bffc0c8cac9dac11bec548597d59a6a5"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210430-0003/"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4vckioxcozgxbezmo5lggv5mwcho6ft3/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ptrnpqtz4gvs46sz4obxy5ydogvpstgq/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/t2s3i4slrnruqdofyus6iuazmqnmpnlg/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4vckioxcozgxbezmo5lggv5mwcho6ft3/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/t2s3i4slrnruqdofyus6iuazmqnmpnlg/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ptrnpqtz4gvs46sz4obxy5ydogvpstgq/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162939/ubuntu-security-notice-usn-4979-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1919"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162981/ubuntu-security-notice-usn-4984-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1964"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2217"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162549/ubuntu-security-notice-usn-4948-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1655"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1946"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1307"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1625"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/linux-kernel-denial-of-service-via-get-old-root-34912"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1231"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166568/ubuntu-security-notice-usn-5361-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2136"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1299"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1694"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1408"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31916"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28972"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29647"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28971"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3483"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25670"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28688"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28950"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25673"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28660"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28952"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33033"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28964"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198508"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1046.50"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-74.83~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1040.41"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke-5.4/5.4.0-1044.46~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1044.47~18.04.2"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4982-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1044.47"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1016.17"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1048.50"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.4.0-74.83"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1046.50~18.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1044.46"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1048.50~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1049.51~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1016.17~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1049.51"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1033.35"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28038"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4984-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.8.0-55.62"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1028.30"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1035.37"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1031.32"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1032.34"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe-5.8/5.8.0-55.62~20.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3428"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1092.94"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4979-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1115.128"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1103.110"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1100.113"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1072.80"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-144.148"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1103.112"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37159"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4083"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26145"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5361-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45486"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3702"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12888"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39636"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43976"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4948-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29650"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oem-5.10/5.10.0-1026.27"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29266"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3489"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29657"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29649"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28951"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3490"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29646"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388477"
},
{
"db": "VULMON",
"id": "CVE-2021-28964"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004731"
},
{
"db": "PACKETSTORM",
"id": "162969"
},
{
"db": "PACKETSTORM",
"id": "162981"
},
{
"db": "PACKETSTORM",
"id": "162939"
},
{
"db": "PACKETSTORM",
"id": "166568"
},
{
"db": "PACKETSTORM",
"id": "162549"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1265"
},
{
"db": "NVD",
"id": "CVE-2021-28964"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-388477"
},
{
"db": "VULMON",
"id": "CVE-2021-28964"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004731"
},
{
"db": "PACKETSTORM",
"id": "162969"
},
{
"db": "PACKETSTORM",
"id": "162981"
},
{
"db": "PACKETSTORM",
"id": "162939"
},
{
"db": "PACKETSTORM",
"id": "166568"
},
{
"db": "PACKETSTORM",
"id": "162549"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1265"
},
{
"db": "NVD",
"id": "CVE-2021-28964"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-388477"
},
{
"date": "2021-03-22T00:00:00",
"db": "VULMON",
"id": "CVE-2021-28964"
},
{
"date": "2021-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004731"
},
{
"date": "2021-06-04T13:36:04",
"db": "PACKETSTORM",
"id": "162969"
},
{
"date": "2021-06-04T22:09:37",
"db": "PACKETSTORM",
"id": "162981"
},
{
"date": "2021-06-03T14:55:48",
"db": "PACKETSTORM",
"id": "162939"
},
{
"date": "2022-04-01T15:43:33",
"db": "PACKETSTORM",
"id": "166568"
},
{
"date": "2021-05-12T13:52:40",
"db": "PACKETSTORM",
"id": "162549"
},
{
"date": "2021-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1265"
},
{
"date": "2021-03-22T09:15:13.517000",
"db": "NVD",
"id": "CVE-2021-28964"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-388477"
},
{
"date": "2021-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-28964"
},
{
"date": "2021-11-29T06:03:00",
"db": "JVNDB",
"id": "JVNDB-2021-004731"
},
{
"date": "2022-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1265"
},
{
"date": "2024-11-21T06:00:27.570000",
"db": "NVD",
"id": "CVE-2021-28964"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "162969"
},
{
"db": "PACKETSTORM",
"id": "162939"
},
{
"db": "PACKETSTORM",
"id": "166568"
},
{
"db": "PACKETSTORM",
"id": "162549"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1265"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux\u00a0Kernel\u00a0 Race Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004731"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "competition condition problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1265"
}
],
"trust": 0.6
}
}
var-202202-0103
Vulnerability from variot
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. vim/vim Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: vim security update Advisory ID: RHSA-2022:5242-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5242 Issue date: 2022-06-28 CVE Names: CVE-2022-0554 CVE-2022-0943 CVE-2022-1154 CVE-2022-1420 CVE-2022-1621 CVE-2022-1629 ==================================================================== 1. Summary:
An update for vim is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64
Security Fix(es):
-
vim: Use of Out-of-range Pointer Offset in vim (CVE-2022-0554)
-
vim: Heap-based Buffer Overflow occurs in vim (CVE-2022-0943)
-
vim: Out-of-range Pointer Offset (CVE-2022-1420)
-
vim: heap buffer overflow (CVE-2022-1621)
-
vim: buffer over-read (CVE-2022-1629)
-
vim: use after free in utf_ptr2char (CVE-2022-1154)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 9):
aarch64: vim-X11-8.2.2637-16.el9_0.2.aarch64.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-common-8.2.2637-16.el9_0.2.aarch64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm vim-enhanced-8.2.2637-16.el9_0.2.aarch64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm
ppc64le: vim-X11-8.2.2637-16.el9_0.2.ppc64le.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-common-8.2.2637-16.el9_0.2.ppc64le.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm vim-enhanced-8.2.2637-16.el9_0.2.ppc64le.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm
s390x: vim-X11-8.2.2637-16.el9_0.2.s390x.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-common-8.2.2637-16.el9_0.2.s390x.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm vim-enhanced-8.2.2637-16.el9_0.2.s390x.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm
x86_64: vim-X11-8.2.2637-16.el9_0.2.x86_64.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-common-8.2.2637-16.el9_0.2.x86_64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm vim-enhanced-8.2.2637-16.el9_0.2.x86_64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 9):
Source: vim-8.2.2637-16.el9_0.2.src.rpm
aarch64: vim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-minimal-8.2.2637-16.el9_0.2.aarch64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm
noarch: vim-filesystem-8.2.2637-16.el9_0.2.noarch.rpm
ppc64le: vim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-minimal-8.2.2637-16.el9_0.2.ppc64le.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm
s390x: vim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-minimal-8.2.2637-16.el9_0.2.s390x.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm
x86_64: vim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-minimal-8.2.2637-16.el9_0.2.x86_64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-6026-1 April 19, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and
expose sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-4166)
It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4192)
It was discovered that Vim was incorrectly handling virtual column position operations, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4193)
It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0213)
It was discovered that Vim was incorrectly performing read and write operations when in visual block mode, going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0261, CVE-2022-0318)
It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319)
It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0351)
It was discovered that Vim was not properly handling memory allocation when processing data in Ex mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0359)
It was discovered that Vim was not properly performing bounds checks when executing line operations in Visual mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361, CVE-2022-0368)
It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0408)
It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0629)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. (CVE-2022-2207)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.7
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.14
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.13
Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm9
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13
macOS Ventura 13 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213488.
Accelerate Framework Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36)
AppleAVD Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to cause a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, an anonymous researcher
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc.
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved checks. CVE-2022-32890: Mickey Jin (@patch1t)
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2022-42796: an anonymous researcher
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022
AVEVideoEncoder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o.
Calendar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher
CFNetwork Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)
ColorSync Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. CVE-2022-26730: David Hoyt of Hoyt LLC
Crash Reporter Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection. CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike
curl Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.84.0. CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208
Directory Utility Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: A logic issue was addressed with improved checks. CVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc.
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03)
Exchange Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher
FaceTime Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2022-32935: Bistrit Dahal Entry added October 27, 2022
Find My Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A malicious application may be able to read sensitive location information Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security, Wojciech Reguła of SecuRing (wojciechregula.blog)
Finder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges Description: This issue was addressed with improved validation of symlinks. CVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies LTD
GPU Drivers Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi)
Grapher Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution Description: The issue was addressed with improved memory handling. CVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)
Heimdal Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-3437: Evgeny Legerov of Intevydis Entry added October 25, 2022
Image Processing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)
ImageIO Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622
Intel Graphics Driver Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-32936: Antonio Zekic (@antoniozekic)
IOHIDFamily Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom) Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero Entry added October 27, 2022
Mail Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: This issue was addressed with improved data protection. CVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security
Maps Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com
MediaLibrary Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
Model I/O Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: The issue was addressed with improved memory handling. CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security Light-Year Lab Entry added October 27, 2022
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: A denial-of-service issue was addressed with improved validation. CVE-2022-29458
Notes Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to track user activity Description: This issue was addressed with improved data protection. CVE-2022-42818: Gustav Hansen from WithSecure
Notifications Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer
PackageKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A race condition was addressed with improved state handling. CVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Photos Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection. CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022
Ruby Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Security Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania
Sidecar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital
Siri Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)
SMB Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger
Software Update Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro
SQLite Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690
Vim Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0696 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1381 CVE-2022-1420 CVE-2022-1725 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126
Weather Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc (@xmzyshypnc1)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose internal states of the app Description: A correctness issue in the JIT was addressed with improved checks. WebKit Bugzilla: 242964 CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab Entry added October 27, 2022
WebKit PDF Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative
WebKit Sandboxing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab
zlib Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022
Additional recognition
Airport We would like to acknowledge Joseph Salazar Acuña and Renato Llamoca of Intrado-Life & Safety/Globant for their assistance. AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance.
FaceTime We would like to acknowledge an anonymous researcher for their assistance.
FileVault We would like to acknowledge Timothy Perfitt of Twocanoes Software for their assistance.
Find My We would like to acknowledge an anonymous researcher for their assistance.
Identity Services We would like to acknowledge Joshua Jones for their assistance.
IOAcceleratorFamily We would like to acknowledge Antonio Zekic (@antoniozekic) for their assistance.
Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous researcher for their assistance.
Mail We would like to acknowledge an anonymous researcher for their assistance.
Mail Drafts We would like to acknowledge an anonymous researcher for their assistance.
Networking We would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video Communications for their assistance.
Photo Booth We would like to acknowledge Prashanth Kannan of Dremio for their assistance.
Quick Look We would like to acknowledge Hilary “It’s off by a Pixel” Street for their assistance.
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
smbx We would like to acknowledge HD Moore of runZero Asset Inventory for their assistance.
System We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.
System Settings We would like to acknowledge Bjorn Hellenbrand for their assistance.
UIKit We would like to acknowledge Aleczander Ewing for their assistance.
WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance.
WebRTC We would like to acknowledge an anonymous researcher for their assistance.
macOS Ventura 13 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke Nxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC /v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5 hyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb h3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z Eois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ qdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok r5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ MzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv tswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY +aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU w3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA= =lIdC -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0103",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4327"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005314"
},
{
"db": "NVD",
"id": "CVE-2022-0554"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 0.2
},
"cve": "CVE-2022-0554",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0554",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-414500",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0554",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2022-0554",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-0554",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0554",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0554",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-0554",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-971",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-414500",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0554",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414500"
},
{
"db": "VULMON",
"id": "CVE-2022-0554"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005314"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-971"
},
{
"db": "NVD",
"id": "CVE-2022-0554"
},
{
"db": "NVD",
"id": "CVE-2022-0554"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. vim/vim Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: vim security update\nAdvisory ID: RHSA-2022:5242-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:5242\nIssue date: 2022-06-28\nCVE Names: CVE-2022-0554 CVE-2022-0943 CVE-2022-1154\n CVE-2022-1420 CVE-2022-1621 CVE-2022-1629\n====================================================================\n1. Summary:\n\nAn update for vim is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nSecurity Fix(es):\n\n* vim: Use of Out-of-range Pointer Offset in vim (CVE-2022-0554)\n\n* vim: Heap-based Buffer Overflow occurs in vim (CVE-2022-0943)\n\n* vim: Out-of-range Pointer Offset (CVE-2022-1420)\n\n* vim: heap buffer overflow (CVE-2022-1621)\n\n* vim: buffer over-read (CVE-2022-1629)\n\n* vim: use after free in utf_ptr2char (CVE-2022-1154)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\naarch64:\nvim-X11-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-common-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\n\nppc64le:\nvim-X11-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-common-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\n\ns390x:\nvim-X11-8.2.2637-16.el9_0.2.s390x.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-common-8.2.2637-16.el9_0.2.s390x.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.s390x.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\n\nx86_64:\nvim-X11-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-common-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 9):\n\nSource:\nvim-8.2.2637-16.el9_0.2.src.rpm\n\naarch64:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-minimal-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\n\nnoarch:\nvim-filesystem-8.2.2637-16.el9_0.2.noarch.rpm\n\nppc64le:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-minimal-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\n\ns390x:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-minimal-8.2.2637-16.el9_0.2.s390x.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\n\nx86_64:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-minimal-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-6026-1\nApril 19, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An \nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS. \n(CVE-2021-4166)\n\nIt was discovered that Vim was using freed memory when dealing with regular\nexpressions inside a visual selection. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu\n20.04 LTS. (CVE-2021-4192)\n\nIt was discovered that Vim was incorrectly handling virtual column position\noperations, which could result in an out-of-bounds read. An attacker could\npossibly use this issue to expose sensitive information. This issue only\naffected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. \n(CVE-2021-4193)\n\nIt was discovered that Vim was not properly performing bounds checks when\nupdating windows present on a screen, which could result in a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0213)\n\nIt was discovered that Vim was incorrectly performing read and write\noperations when in visual block mode, going beyond the end of a line and\ncausing a heap buffer overflow. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu\n22.04 LTS. (CVE-2022-0261, CVE-2022-0318)\n\nIt was discovered that Vim was incorrectly handling window exchanging\noperations when in Visual mode, which could result in an out-of-bounds read. \nAn attacker could possibly use this issue to expose sensitive information. \n(CVE-2022-0319)\n\nIt was discovered that Vim was incorrectly handling recursion when parsing\nconditional expressions. An attacker could possibly use this issue to cause\na denial of service or execute arbitrary code. (CVE-2022-0351)\n\nIt was discovered that Vim was not properly handling memory allocation when\nprocessing data in Ex mode, which could result in a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. (CVE-2022-0359)\n\nIt was discovered that Vim was not properly performing bounds checks when\nexecuting line operations in Visual mode, which could result in a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. This issue only affected\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361,\nCVE-2022-0368)\n\nIt was discovered that Vim was not properly handling loop conditions when\nlooking for spell suggestions, which could result in a stack buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0408)\n\nIt was discovered that Vim was incorrectly handling memory access when\nexecuting buffer operations, which could result in the usage of freed\nmemory. An attacker could possibly use this issue to execute arbitrary\ncode. (CVE-2022-0443)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks for\ncolumn numbers when replacing tabs with spaces or spaces with tabs, which\ncould cause a heap buffer overflow. An attacker could possibly use this\nissue to cause a denial of service or execute arbitrary code. \n(CVE-2022-0572)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS and\nUbuntu 22.04 LTS. (CVE-2022-0629)\n\nIt was discovered that Vim was not properly performing validation of data\nthat contained special multi-byte characters, which could cause an\nout-of-bounds read. An attacker could possibly use this issue to cause a\ndenial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to define\nindentation in a file, which could cause a heap buffer overflow. An\nattacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds read. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0729)\n\nIt was discovered that Vim incorrectly handled memory access. An attacker\ncould potentially use this issue to cause the corruption of sensitive\ninformation, a crash, or arbitrary code execution. (CVE-2022-2207)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.7\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.14\n\nUbuntu 18.04 LTS:\n vim 2:8.0.1453-1ubuntu1.13\n\nUbuntu 14.04 ESM:\n vim 2:7.4.052-1ubuntu3.1+esm9\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13\n\nmacOS Ventura 13 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213488. \n\nAccelerate Framework\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\n\nAppleAVD\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to cause a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, an anonymous researcher\n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32890: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-42796: an anonymous researcher\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42798: Anonymous working with Trend Micro Zero Day\nInitiative\nEntry added October 27, 2022\n\nAVEVideoEncoder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32940: ABC Research s.r.o. \n\nCalendar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\n\nCFNetwork\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A certificate validation issue existed in the handling\nof WKWebView. This issue was addressed with improved validation. \nCVE-2022-42813: Jonathan Zhang of Open Computing Facility\n(ocf.berkeley.edu)\n\nColorSync\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the processing of\nICC profiles. This issue was addressed with improved input\nvalidation. \nCVE-2022-26730: David Hoyt of Hoyt LLC\n\nCrash Reporter\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\n\ncurl\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.84.0. \nCVE-2022-32205\nCVE-2022-32206\nCVE-2022-32207\nCVE-2022-32208\n\nDirectory Utility\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc. \n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32915: Tommy Muir (@Muirey03)\n\nExchange\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\n\nFaceTime\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen \nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2022-32935: Bistrit Dahal\nEntry added October 27, 2022\n\nFind My\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A malicious application may be able to read sensitive\nlocation information\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security,\nWojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nFinder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted DMG file may lead to\narbitrary code execution with system privileges\nDescription: This issue was addressed with improved validation of\nsymlinks. \nCVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies\nLTD\n\nGPU Drivers\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32947: Asahi Lina (@LinaAsahi)\n\nGrapher\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted gcx file may lead to\nunexpected app termination or arbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)\n\nHeimdal\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-3437: Evgeny Legerov of Intevydis\nEntry added October 25, 2022\n\nImage Processing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nImageIO\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\n\nIntel Graphics Driver\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-32936: Antonio Zekic (@antoniozekic)\n\nIOHIDFamily\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-42820: Peter Pan ZhenPeng of STAR Labs\n\nIOKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42806: Tingting Yin of Tsinghua University\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-42808: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: A race condition was addressed with improved locking. \nCVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42801: Ian Beer of Google Project Zero\nEntry added October 27, 2022\n\nMail\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security\n\nMaps\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\n\nMediaLibrary\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nModel I/O\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security\nLight-Year Lab\nEntry added October 27, 2022\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-29458\n\nNotes\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to track\nuser activity\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42818: Gustav Hansen from WithSecure\n\nNotifications\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\n\nPackageKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nPhotos\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-42829: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42830: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42831: an anonymous researcher\nCVE-2022-42832: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A buffer overflow may result in arbitrary code execution \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32941: an anonymous researcher\nEntry added October 27, 2022\n\nRuby\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: A memory corruption issue was addressed by updating Ruby\nto version 2.6.10. \nCVE-2022-28739\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32862: an anonymous researcher\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-42811: Justin Bui (@slyd0g) of Snowflake\n\nSecurity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\n\nShortcuts\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A shortcut may be able to check the existence of an arbitrary\npath on the file system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of\nComputer Science of. Romania\n\nSidecar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\n\nSiri\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)\n\nSMB\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\n\nSoftware Update\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro\n\nSQLite\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\n\nVim\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2022-0261\nCVE-2022-0318\nCVE-2022-0319\nCVE-2022-0351\nCVE-2022-0359\nCVE-2022-0361\nCVE-2022-0368\nCVE-2022-0392\nCVE-2022-0554\nCVE-2022-0572\nCVE-2022-0629\nCVE-2022-0685\nCVE-2022-0696\nCVE-2022-0714\nCVE-2022-0729\nCVE-2022-0943\nCVE-2022-1381\nCVE-2022-1420\nCVE-2022-1725\nCVE-2022-1616\nCVE-2022-1619\nCVE-2022-1620\nCVE-2022-1621\nCVE-2022-1629\nCVE-2022-1674\nCVE-2022-1733\nCVE-2022-1735\nCVE-2022-1769\nCVE-2022-1927\nCVE-2022-1942\nCVE-2022-1968\nCVE-2022-1851\nCVE-2022-1897\nCVE-2022-1898\nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\n\nWeather\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc\n(@xmzyshypnc1)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243693\nCVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 244622\nCVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 245058\nCVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser\nVulnerability Research, Ryan Shin of IAAI SecLab at Korea University,\nDohyun Lee (@l33d0hyun) of DNSLab at Korea University\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\ninternal states of the app\nDescription: A correctness issue in the JIT was addressed with\nimproved checks. \nWebKit Bugzilla: 242964\nCVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab\nEntry added October 27, 2022\n\nWebKit PDF\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 242781\nCVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend\nMicro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\n\nzlib\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution \nDescription: This issue was addressed with improved checks. \nCVE-2022-37434: Evgeny Legerov\nCVE-2022-42800: Evgeny Legerov\nEntry added October 27, 2022\n\nAdditional recognition\n\nAirport\nWe would like to acknowledge Joseph Salazar Acu\u00f1a and Renato Llamoca\nof Intrado-Life \u0026 Safety/Globant for their assistance. \nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nFileVault\nWe would like to acknowledge Timothy Perfitt of Twocanoes Software\nfor their assistance. \n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nIOAcceleratorFamily\nWe would like to acknowledge Antonio Zekic (@antoniozekic) for their\nassistance. \n\nKernel\nWe would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud\n(@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University,\nand Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous\nresearcher for their assistance. \n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMail Drafts\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNetworking\nWe would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video\nCommunications for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \n\nQuick Look\nWe would like to acknowledge Hilary \u201cIt\u2019s off by a Pixel\u201d Street for\ntheir assistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nsmbx\nWe would like to acknowledge HD Moore of runZero Asset Inventory for\ntheir assistance. \n\nSystem\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\nSystem Settings\nWe would like to acknowledge Bjorn Hellenbrand for their assistance. \n\nUIKit\nWe would like to acknowledge Aleczander Ewing for their assistance. \n\nWebKit\nWe would like to acknowledge Maddie Stone of Google Project Zero,\nNarendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an\nanonymous researcher for their assistance. \n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nmacOS Ventura 13 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke\nNxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC\n/v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5\nhyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb\nh3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z\nEois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ\nqdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok\nr5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ\nMzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv\ntswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY\n+aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU\nw3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA=\n=lIdC\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0554"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005314"
},
{
"db": "VULHUB",
"id": "VHN-414500"
},
{
"db": "VULMON",
"id": "CVE-2022-0554"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0554",
"trust": 4.0
},
{
"db": "PACKETSTORM",
"id": "169561",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167666",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167419",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005314",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202202-971",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.1056",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3226",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072010",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070642",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060635",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169551",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-414500",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0554",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171934",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414500"
},
{
"db": "VULMON",
"id": "CVE-2022-0554"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005314"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-971"
},
{
"db": "NVD",
"id": "CVE-2022-0554"
}
]
},
"id": "VAR-202202-0103",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-414500"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:02:44.129000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "may\u00a0end\u00a0up\u00a0with\u00a0no\u00a0current\u00a0buffer Apple Apple\u00a0Security\u00a0Updates",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"title": "vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=184874"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1771",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1771"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1579",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1579"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0554"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005314"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-971"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
},
{
"problemtype": "CWE-823",
"trust": 1.1
},
{
"problemtype": "Buffer error (CWE-119) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414500"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005314"
},
{
"db": "NVD",
"id": "CVE-2022-0554"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070642"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1056"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-memory-corruption-via-do-buffer-ext-37653"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220720108"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167666/red-hat-security-advisory-2022-5242-01.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167419/ubuntu-security-notice-usn-5460-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060635"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169561/apple-security-advisory-2022-10-27-5.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2791"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3226"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht213488."
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2022-1771.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5242"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.13"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6026-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.7"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5460-1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414500"
},
{
"db": "VULMON",
"id": "CVE-2022-0554"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005314"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-971"
},
{
"db": "NVD",
"id": "CVE-2022-0554"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-414500"
},
{
"db": "VULMON",
"id": "CVE-2022-0554"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005314"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-971"
},
{
"db": "NVD",
"id": "CVE-2022-0554"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-10T00:00:00",
"db": "VULHUB",
"id": "VHN-414500"
},
{
"date": "2022-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0554"
},
{
"date": "2023-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005314"
},
{
"date": "2022-07-01T15:00:50",
"db": "PACKETSTORM",
"id": "167666"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-04-19T13:03:56",
"db": "PACKETSTORM",
"id": "171934"
},
{
"date": "2022-10-31T14:22:32",
"db": "PACKETSTORM",
"id": "169561"
},
{
"date": "2022-06-07T15:13:22",
"db": "PACKETSTORM",
"id": "167419"
},
{
"date": "2022-10-31T14:19:00",
"db": "PACKETSTORM",
"id": "169551"
},
{
"date": "2022-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-971"
},
{
"date": "2022-02-10T22:15:07.483000",
"db": "NVD",
"id": "CVE-2022-0554"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-02T00:00:00",
"db": "VULHUB",
"id": "VHN-414500"
},
{
"date": "2022-03-29T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0554"
},
{
"date": "2023-05-26T07:19:00",
"db": "JVNDB",
"id": "JVNDB-2022-005314"
},
{
"date": "2022-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-971"
},
{
"date": "2024-11-21T06:38:54.230000",
"db": "NVD",
"id": "CVE-2022-0554"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-971"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Buffer error vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005314"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-971"
}
],
"trust": 0.6
}
}
var-202204-0432
Vulnerability from variot
Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. Subversion of mod_dav_svn Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state. Apache Subversion is an open source version control system of the Apache Foundation. The system is compatible with the Concurrent Versions System (CVS). Apache Subversion has a resource management error vulnerability that stems from a use-after-free bug in mod_dav_svn. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: subversion:1.10 security update Advisory ID: RHSA-2022:2237-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2237 Issue date: 2022-05-12 CVE Names: CVE-2022-24070 ==================================================================== 1. Summary:
An update for the subversion:1.10 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.
Security Fix(es):
- subversion: Subversion's mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
- Package List:
Red Hat Enterprise Linux AppStream E4S (v. 8.1):
Source: libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.src.rpm subversion-1.10.2-3.module+el8.1.0+15169+c14f14c4.src.rpm utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.src.rpm
aarch64: libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.aarch64.rpm libserf-debuginfo-1.3.9-9.module+el8.1.0+9889+0a9c19c4.aarch64.rpm libserf-debugsource-1.3.9-9.module+el8.1.0+9889+0a9c19c4.aarch64.rpm mod_dav_svn-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm mod_dav_svn-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-debugsource-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-devel-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-devel-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-gnome-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-gnome-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-libs-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-libs-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-perl-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-perl-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-tools-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm subversion-tools-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.aarch64.rpm utf8proc-debuginfo-2.1.1-5.module+el8.1.0+9889+0a9c19c4.aarch64.rpm utf8proc-debugsource-2.1.1-5.module+el8.1.0+9889+0a9c19c4.aarch64.rpm
noarch: subversion-javahl-1.10.2-3.module+el8.1.0+15169+c14f14c4.noarch.rpm
ppc64le: libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm libserf-debuginfo-1.3.9-9.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm libserf-debugsource-1.3.9-9.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm mod_dav_svn-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm mod_dav_svn-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-debugsource-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-devel-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-devel-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-gnome-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-gnome-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-libs-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-libs-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-perl-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-perl-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-tools-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm subversion-tools-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm utf8proc-debuginfo-2.1.1-5.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm utf8proc-debugsource-2.1.1-5.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm
s390x: libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.s390x.rpm libserf-debuginfo-1.3.9-9.module+el8.1.0+9889+0a9c19c4.s390x.rpm libserf-debugsource-1.3.9-9.module+el8.1.0+9889+0a9c19c4.s390x.rpm mod_dav_svn-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm mod_dav_svn-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-debugsource-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-devel-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-devel-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-gnome-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-gnome-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-libs-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-libs-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-perl-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-perl-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-tools-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm subversion-tools-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.s390x.rpm utf8proc-debuginfo-2.1.1-5.module+el8.1.0+9889+0a9c19c4.s390x.rpm utf8proc-debugsource-2.1.1-5.module+el8.1.0+9889+0a9c19c4.s390x.rpm
x86_64: libserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.x86_64.rpm libserf-debuginfo-1.3.9-9.module+el8.1.0+9889+0a9c19c4.x86_64.rpm libserf-debugsource-1.3.9-9.module+el8.1.0+9889+0a9c19c4.x86_64.rpm mod_dav_svn-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm mod_dav_svn-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-debugsource-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-devel-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-devel-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-gnome-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-gnome-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-libs-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-libs-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-perl-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-perl-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-tools-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm subversion-tools-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm utf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.x86_64.rpm utf8proc-debuginfo-2.1.1-5.module+el8.1.0+9889+0a9c19c4.x86_64.rpm utf8proc-debugsource-2.1.1-5.module+el8.1.0+9889+0a9c19c4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-24070 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. 9) - aarch64, ppc64le, s390x, x86_64
- ========================================================================== Ubuntu Security Notice USN-5372-1 April 12, 2022
subversion vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Subversion.
Software Description: - subversion: Advanced version control system
Details:
Evgeny Kotkov discovered that Subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially use this issue to retrieve information about private paths. (CVE-2021-28544)
Thomas Wei\xdfschuh discovered that Subversion servers did not properly handle memory in certain configurations. A remote attacker could potentially use this issue to cause a denial of service or other unspecified impact. (CVE-2022-24070)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: libapache2-mod-svn 1.14.1-3ubuntu0.1 libsvn-java 1.14.1-3ubuntu0.1 libsvn-perl 1.14.1-3ubuntu0.1 libsvn1 1.14.1-3ubuntu0.1 python3-subversion 1.14.1-3ubuntu0.1 ruby-svn 1.14.1-3ubuntu0.1 subversion 1.14.1-3ubuntu0.1 subversion-tools 1.14.1-3ubuntu0.1
Ubuntu 20.04 LTS: libapache2-mod-svn 1.13.0-3ubuntu0.1 libsvn-java 1.13.0-3ubuntu0.1 libsvn-perl 1.13.0-3ubuntu0.1 libsvn1 1.13.0-3ubuntu0.1 python-subversion 1.13.0-3ubuntu0.1 ruby-svn 1.13.0-3ubuntu0.1 subversion 1.13.0-3ubuntu0.1 subversion-tools 1.13.0-3ubuntu0.1
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-07-20-2 macOS Monterey 12.5
macOS Monterey 12.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213345.
APFS Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03)
AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32810: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32840: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2022-32845: Mohamed Ghannam (@_simo36)
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: This issue was addressed with improved checks. CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security
Audio Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher
Audio Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32825: John Aakerblom (@jaakerblom)
Automation Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved checks. CVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Calendar Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: The issue was addressed with improved handling of caches. CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security
CoreMedia Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)
CoreText Available for: macOS Monterey Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg)
File System Events Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant
GPU Drivers Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: Multiple out-of-bounds write issues were addressed with improved bounds checking. CVE-2022-32793: an anonymous researcher
GPU Drivers Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-32821: John Aakerblom (@jaakerblom)
iCloud Photo Library Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones
ICU Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-32841: hjy79425575 ImageIO Available for: macOS Monterey Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)
Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2022-32811: ABC Research s.r.o
Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.
Kernel Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32813: Xinru Chi of Pangu Lab CVE-2022-32815: Xinru Chi of Pangu Lab
Kernel Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32817: Xinru Chi of Pangu Lab
Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32829: an anonymous researcher
Liblouis Available for: macOS Monterey Impact: An app may cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)
libxml2 Available for: macOS Monterey Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823
Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: An issue in the handling of environment variables was addressed with improved validation. CVE-2022-32786: Mickey Jin (@patch1t)
PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2022-32800: Mickey Jin (@patch1t)
PluginKit Available for: macOS Monterey Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro
PS Normalizer Available for: macOS Monterey Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz
SMB Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: A user in a privileged network position may be able to leak sensitive information Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)
Software Update Available for: macOS Monterey Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin)
Spindump Available for: macOS Monterey Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed with improved file handling. CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Spotlight Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: This issue was addressed with improved checks. CVE-2022-32801: Joshua Mason (@josh@jhu.edu)
subversion Available for: macOS Monterey Impact: Multiple issues in subversion Description: Multiple issues were addressed by updating subversion. CVE-2021-28544: Evgeny Kotkov, visualsvn.com CVE-2022-24070: Evgeny Kotkov, visualsvn.com CVE-2022-29046: Evgeny Kotkov, visualsvn.com CVE-2022-29048: Evgeny Kotkov, visualsvn.com
TCC Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An access issue was addressed with improvements to the sandbox. CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
WebKit Available for: macOS Monterey Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 239316 CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. WebKit Bugzilla: 240720 CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative
WebRTC Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 242339 CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team
Wi-Fi Available for: macOS Monterey Impact: An app may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks. CVE-2022-32837: Wang Yu of Cyberserval
Wi-Fi Available for: macOS Monterey Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval
Windows Server Available for: macOS Monterey Impact: An app may be able to capture a user’s screen Description: A logic issue was addressed with improved checks. CVE-2022-32848: Jeremy Legendre of MacEnhance
Additional recognition
802.1X We would like to acknowledge Shin Sun of National Taiwan University for their assistance.
AppleMobileFileIntegrity We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
Calendar We would like to acknowledge Joshua Jones for their assistance.
configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
DiskArbitration We would like to acknowledge Mike Cush for their assistance.
macOS Monterey 12.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p rhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b /Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh 6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn Er5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa mcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9 V1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr pfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD TY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q WqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV fz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n DJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg= =ibIr -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0432",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "subversion",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "1.10.0"
},
{
"model": "subversion",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "1.10.8"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "subversion",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "1.14.2"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "subversion",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "1.14.0"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "subversion",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009515"
},
{
"db": "NVD",
"id": "CVE-2022-24070"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "167455"
},
{
"db": "PACKETSTORM",
"id": "167158"
},
{
"db": "PACKETSTORM",
"id": "167165"
},
{
"db": "PACKETSTORM",
"id": "167374"
},
{
"db": "PACKETSTORM",
"id": "167244"
}
],
"trust": 0.5
},
"cve": "CVE-2022-24070",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-24070",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-413621",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-24070",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-24070",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-24070",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-24070",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-2957",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-413621",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-24070",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413621"
},
{
"db": "VULMON",
"id": "CVE-2022-24070"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009515"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2957"
},
{
"db": "NVD",
"id": "CVE-2022-24070"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Subversion\u0027s mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. Subversion of mod_dav_svn Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state. Apache Subversion is an open source version control system of the Apache Foundation. The system is compatible with the Concurrent Versions System (CVS). Apache Subversion has a resource management error vulnerability that stems from a use-after-free bug in mod_dav_svn. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: subversion:1.10 security update\nAdvisory ID: RHSA-2022:2237-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:2237\nIssue date: 2022-05-12\nCVE Names: CVE-2022-24070\n====================================================================\n1. Summary:\n\nAn update for the subversion:1.10 module is now available for Red Hat\nEnterprise Linux 8.1 Update Services for SAP Solutions. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nSubversion (SVN) is a concurrent version control system which enables one\nor more users to collaborate in developing and maintaining a hierarchy of\nfiles and directories while keeping a history of all changes. \n\nSecurity Fix(es):\n\n* subversion: Subversion\u0027s mod_dav_svn is vulnerable to memory corruption\n(CVE-2022-24070)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, for the update to take effect, you\nmust restart the httpd daemon, if you are using mod_dav_svn, and the\nsvnserve daemon, if you are serving Subversion repositories via the svn://\nprotocol. \n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream E4S (v. 8.1):\n\nSource:\nlibserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.src.rpm\nsubversion-1.10.2-3.module+el8.1.0+15169+c14f14c4.src.rpm\nutf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.src.rpm\n\naarch64:\nlibserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.aarch64.rpm\nlibserf-debuginfo-1.3.9-9.module+el8.1.0+9889+0a9c19c4.aarch64.rpm\nlibserf-debugsource-1.3.9-9.module+el8.1.0+9889+0a9c19c4.aarch64.rpm\nmod_dav_svn-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm\nmod_dav_svn-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm\nsubversion-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm\nsubversion-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm\nsubversion-debugsource-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm\nsubversion-devel-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm\nsubversion-devel-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm\nsubversion-gnome-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm\nsubversion-gnome-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm\nsubversion-libs-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm\nsubversion-libs-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm\nsubversion-perl-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm\nsubversion-perl-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm\nsubversion-tools-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm\nsubversion-tools-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.aarch64.rpm\nutf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.aarch64.rpm\nutf8proc-debuginfo-2.1.1-5.module+el8.1.0+9889+0a9c19c4.aarch64.rpm\nutf8proc-debugsource-2.1.1-5.module+el8.1.0+9889+0a9c19c4.aarch64.rpm\n\nnoarch:\nsubversion-javahl-1.10.2-3.module+el8.1.0+15169+c14f14c4.noarch.rpm\n\nppc64le:\nlibserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm\nlibserf-debuginfo-1.3.9-9.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm\nlibserf-debugsource-1.3.9-9.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm\nmod_dav_svn-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm\nmod_dav_svn-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm\nsubversion-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm\nsubversion-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm\nsubversion-debugsource-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm\nsubversion-devel-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm\nsubversion-devel-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm\nsubversion-gnome-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm\nsubversion-gnome-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm\nsubversion-libs-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm\nsubversion-libs-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm\nsubversion-perl-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm\nsubversion-perl-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm\nsubversion-tools-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm\nsubversion-tools-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.ppc64le.rpm\nutf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm\nutf8proc-debuginfo-2.1.1-5.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm\nutf8proc-debugsource-2.1.1-5.module+el8.1.0+9889+0a9c19c4.ppc64le.rpm\n\ns390x:\nlibserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.s390x.rpm\nlibserf-debuginfo-1.3.9-9.module+el8.1.0+9889+0a9c19c4.s390x.rpm\nlibserf-debugsource-1.3.9-9.module+el8.1.0+9889+0a9c19c4.s390x.rpm\nmod_dav_svn-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm\nmod_dav_svn-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm\nsubversion-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm\nsubversion-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm\nsubversion-debugsource-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm\nsubversion-devel-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm\nsubversion-devel-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm\nsubversion-gnome-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm\nsubversion-gnome-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm\nsubversion-libs-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm\nsubversion-libs-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm\nsubversion-perl-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm\nsubversion-perl-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm\nsubversion-tools-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm\nsubversion-tools-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.s390x.rpm\nutf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.s390x.rpm\nutf8proc-debuginfo-2.1.1-5.module+el8.1.0+9889+0a9c19c4.s390x.rpm\nutf8proc-debugsource-2.1.1-5.module+el8.1.0+9889+0a9c19c4.s390x.rpm\n\nx86_64:\nlibserf-1.3.9-9.module+el8.1.0+9889+0a9c19c4.x86_64.rpm\nlibserf-debuginfo-1.3.9-9.module+el8.1.0+9889+0a9c19c4.x86_64.rpm\nlibserf-debugsource-1.3.9-9.module+el8.1.0+9889+0a9c19c4.x86_64.rpm\nmod_dav_svn-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm\nmod_dav_svn-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm\nsubversion-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm\nsubversion-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm\nsubversion-debugsource-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm\nsubversion-devel-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm\nsubversion-devel-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm\nsubversion-gnome-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm\nsubversion-gnome-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm\nsubversion-libs-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm\nsubversion-libs-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm\nsubversion-perl-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm\nsubversion-perl-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm\nsubversion-tools-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm\nsubversion-tools-debuginfo-1.10.2-3.module+el8.1.0+15169+c14f14c4.x86_64.rpm\nutf8proc-2.1.1-5.module+el8.1.0+9889+0a9c19c4.x86_64.rpm\nutf8proc-debuginfo-2.1.1-5.module+el8.1.0+9889+0a9c19c4.x86_64.rpm\nutf8proc-debugsource-2.1.1-5.module+el8.1.0+9889+0a9c19c4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-24070\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. 9) - aarch64, ppc64le, s390x, x86_64\n\n3. ==========================================================================\nUbuntu Security Notice USN-5372-1\nApril 12, 2022\n\nsubversion vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Subversion. \n\nSoftware Description:\n- subversion: Advanced version control system\n\nDetails:\n\nEvgeny Kotkov discovered that Subversion servers did not properly follow\npath-based authorization rules in certain cases. An attacker could\npotentially use this issue to retrieve information about private paths. \n(CVE-2021-28544)\n\nThomas Wei\\xdfschuh discovered that Subversion servers did not properly handle\nmemory in certain configurations. A remote attacker could potentially use\nthis issue to cause a denial of service or other unspecified impact. \n(CVE-2022-24070)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n libapache2-mod-svn 1.14.1-3ubuntu0.1\n libsvn-java 1.14.1-3ubuntu0.1\n libsvn-perl 1.14.1-3ubuntu0.1\n libsvn1 1.14.1-3ubuntu0.1\n python3-subversion 1.14.1-3ubuntu0.1\n ruby-svn 1.14.1-3ubuntu0.1\n subversion 1.14.1-3ubuntu0.1\n subversion-tools 1.14.1-3ubuntu0.1\n\nUbuntu 20.04 LTS:\n libapache2-mod-svn 1.13.0-3ubuntu0.1\n libsvn-java 1.13.0-3ubuntu0.1\n libsvn-perl 1.13.0-3ubuntu0.1\n libsvn1 1.13.0-3ubuntu0.1\n python-subversion 1.13.0-3ubuntu0.1\n ruby-svn 1.13.0-3ubuntu0.1\n subversion 1.13.0-3ubuntu0.1\n subversion-tools 1.13.0-3ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-07-20-2 macOS Monterey 12.5\n\nmacOS Monterey 12.5 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213345. \n\nAPFS\nAvailable for: macOS Monterey\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32832: Tommy Muir (@Muirey03)\n\nAppleMobileFileIntegrity\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32810: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32840: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to break out of its sandbox\nDescription: This issue was addressed with improved checks. \nCVE-2022-32845: Mohamed Ghannam (@_simo36)\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu\nSecurity, Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security\nCVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security\nCVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security\n\nAudio\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-32820: an anonymous researcher\n\nAudio\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32825: John Aakerblom (@jaakerblom)\n\nAutomation\nAvailable for: macOS Monterey\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nCalendar\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security\n\nCoreMedia\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom\n(@jaakerblom)\n\nCoreText\nAvailable for: macOS Monterey\nImpact: A remote user may cause an unexpected app termination or\narbitrary code execution\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\nFile System Events\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32819: Joshua Mason of Mandiant\n\nGPU Drivers\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: Multiple out-of-bounds write issues were addressed with\nimproved bounds checking. \nCVE-2022-32793: an anonymous researcher\n\nGPU Drivers\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\niCloud Photo Library\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2022-32849: Joshua Jones\n\nICU\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may result in\ndisclosure of process memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32841: hjy79425575\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing an image may lead to a denial-of-service\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-32785: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2022-32811: ABC Research s.r.o\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. \n\nKernel\nAvailable for: macOS Monterey\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32813: Xinru Chi of Pangu Lab\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32817: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32829: an anonymous researcher\n\nLiblouis\nAvailable for: macOS Monterey\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: This issue was addressed with improved checks. \nCVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China\n(nipc.org.cn)\n\nlibxml2\nAvailable for: macOS Monterey\nImpact: An app may be able to leak sensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-32823\n\nMulti-Touch\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\nMulti-Touch\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: An issue in the handling of environment variables was\naddressed with improved validation. \nCVE-2022-32786: Mickey Jin (@patch1t)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed with improved checks. \nCVE-2022-32800: Mickey Jin (@patch1t)\n\nPluginKit\nAvailable for: macOS Monterey\nImpact: An app may be able to read arbitrary files\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro\n\nPS Normalizer\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted Postscript file may result\nin unexpected app termination or disclosure of process memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32843: Kai Lu of Zscaler\u0027s ThreatLabz\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A user in a privileged network position may be able to leak\nsensitive information\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)\n\nSoftware Update\nAvailable for: macOS Monterey\nImpact: A user in a privileged network position can track a user\u2019s\nactivity\nDescription: This issue was addressed by using HTTPS when sending\ninformation over the network. \nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\nSpindump\nAvailable for: macOS Monterey\nImpact: An app may be able to overwrite arbitrary files\nDescription: This issue was addressed with improved file handling. \nCVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nSpotlight\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32801: Joshua Mason (@josh@jhu.edu)\n\nsubversion\nAvailable for: macOS Monterey\nImpact: Multiple issues in subversion\nDescription: Multiple issues were addressed by updating subversion. \nCVE-2021-28544: Evgeny Kotkov, visualsvn.com\nCVE-2022-24070: Evgeny Kotkov, visualsvn.com\nCVE-2022-29046: Evgeny Kotkov, visualsvn.com\nCVE-2022-29048: Evgeny Kotkov, visualsvn.com\n\nTCC\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: An access issue was addressed with improvements to the\nsandbox. \nCVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Visiting a website that frames malicious content may lead to\nUI spoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 239316\nCVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nWebKit Bugzilla: 240720\nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero\nDay Initiative\n\nWebRTC\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. \nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 242339\nCVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: An app may be able to cause unexpected system termination or\nwrite kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32837: Wang Yu of Cyberserval\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A remote user may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32847: Wang Yu of Cyberserval\n\nWindows Server\nAvailable for: macOS Monterey\nImpact: An app may be able to capture a user\u2019s screen\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32848: Jeremy Legendre of MacEnhance\n\nAdditional recognition\n\n802.1X\nWe would like to acknowledge Shin Sun of National Taiwan University\nfor their assistance. \n\nAppleMobileFileIntegrity\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a\n(@_r3ggi) of SecuRing for their assistance. \n\nCalendar\nWe would like to acknowledge Joshua Jones for their assistance. \n\nconfigd\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a\n(@_r3ggi) of SecuRing for their assistance. \n\nDiskArbitration\nWe would like to acknowledge Mike Cush for their assistance. \n\nmacOS Monterey 12.5 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p\nrhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b\n/Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh\n6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn\nEr5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa\nmcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9\nV1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr\npfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD\nTY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q\nWqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV\nfz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n\nDJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg=\n=ibIr\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24070"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009515"
},
{
"db": "VULHUB",
"id": "VHN-413621"
},
{
"db": "VULMON",
"id": "CVE-2022-24070"
},
{
"db": "PACKETSTORM",
"id": "167455"
},
{
"db": "PACKETSTORM",
"id": "167158"
},
{
"db": "PACKETSTORM",
"id": "167165"
},
{
"db": "PACKETSTORM",
"id": "167374"
},
{
"db": "PACKETSTORM",
"id": "166704"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "PACKETSTORM",
"id": "167244"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-24070",
"trust": 4.1
},
{
"db": "PACKETSTORM",
"id": "167374",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167165",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167244",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167455",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167787",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009515",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167280",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167159",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166704",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022041263",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051234",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051741",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052711",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060923",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072101",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041402",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052804",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1641",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2525",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2639",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3559",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1596",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2345",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2848",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2377",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2957",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167158",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167126",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2022-38524",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-413621",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-24070",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413621"
},
{
"db": "VULMON",
"id": "CVE-2022-24070"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009515"
},
{
"db": "PACKETSTORM",
"id": "167455"
},
{
"db": "PACKETSTORM",
"id": "167158"
},
{
"db": "PACKETSTORM",
"id": "167165"
},
{
"db": "PACKETSTORM",
"id": "167374"
},
{
"db": "PACKETSTORM",
"id": "166704"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "PACKETSTORM",
"id": "167244"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2957"
},
{
"db": "NVD",
"id": "CVE-2022-24070"
}
]
},
"id": "VAR-202204-0432",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-413621"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T21:28:17.148000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213345",
"trust": 0.8,
"url": "https://cwiki.apache.org/confluence/display/HTTPD/ModuleLife"
},
{
"title": "Apache Subversion Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190233"
},
{
"title": "Ubuntu Security Notice: USN-5372-1: Subversion vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5372-1"
},
{
"title": "Ubuntu Security Notice: USN-5450-1: Subversion vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5450-1"
},
{
"title": "Red Hat: Important: subversion:1.14 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224722 - Security Advisory"
},
{
"title": "Red Hat: Important: subversion:1.10 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222236 - Security Advisory"
},
{
"title": "Red Hat: Important: subversion:1.10 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222234 - Security Advisory"
},
{
"title": "Red Hat: Important: subversion:1.14 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224941 - Security Advisory"
},
{
"title": "Red Hat: Important: subversion security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224591 - Security Advisory"
},
{
"title": "Red Hat: Important: subversion:1.10 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222237 - Security Advisory"
},
{
"title": "Red Hat: Important: subversion:1.10 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222222 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-5119-1 subversion -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=92807168ef39b4ee91e68837b0467938"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2022-24070"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-076",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-076"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-149",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-149"
},
{
"title": "Apple: macOS Monterey 12.5",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=c765c13fa342a7957a4e91e6dc3d34f4"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-24070"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009515"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2957"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413621"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009515"
},
{
"db": "NVD",
"id": "CVE-2022-24070"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.debian.org/security/2022/dsa-5119"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213345"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/jul/18"
},
{
"trust": 1.8,
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=65861"
},
{
"trust": 1.8,
"url": "https://cwiki.apache.org/confluence/display/httpd/modulelife"
},
{
"trust": 1.8,
"url": "https://issues.apache.org/jira/browse/svn-4880"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24070"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/yjpmcwcgwbn3qwcdvilwqwpc75rr67lt/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pz4arnglmgybkydx2b7drbnmf6eh3a6r/"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24070"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/yjpmcwcgwbn3qwcdvilwqwpc75rr67lt/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/pz4arnglmgybkydx2b7drbnmf6eh3a6r/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2525"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3559"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-24070/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052804"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1596"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2848"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167165/red-hat-security-advisory-2022-2236-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060923"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213345"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167244/red-hat-security-advisory-2022-4722-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167374/red-hat-security-advisory-2022-4591-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167280/ubuntu-security-notice-usn-5450-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167455/red-hat-security-advisory-2022-4941-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2377"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051741"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052711"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-subversion-memory-corruption-via-mod-dav-svn-38023"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1641"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167787/apple-security-advisory-2022-07-20-2.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041263"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2639"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072101"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167159/red-hat-security-advisory-2022-2234-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041402"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166704/ubuntu-security-notice-usn-5372-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051234"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2345"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5372-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28544"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4941"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2237"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4591"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.14.1-3ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.13.0-3ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2294"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213345."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32792"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29046"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29048"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32793"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26981"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32789"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4722"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413621"
},
{
"db": "VULMON",
"id": "CVE-2022-24070"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009515"
},
{
"db": "PACKETSTORM",
"id": "167455"
},
{
"db": "PACKETSTORM",
"id": "167158"
},
{
"db": "PACKETSTORM",
"id": "167165"
},
{
"db": "PACKETSTORM",
"id": "167374"
},
{
"db": "PACKETSTORM",
"id": "166704"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "PACKETSTORM",
"id": "167244"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2957"
},
{
"db": "NVD",
"id": "CVE-2022-24070"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-413621"
},
{
"db": "VULMON",
"id": "CVE-2022-24070"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009515"
},
{
"db": "PACKETSTORM",
"id": "167455"
},
{
"db": "PACKETSTORM",
"id": "167158"
},
{
"db": "PACKETSTORM",
"id": "167165"
},
{
"db": "PACKETSTORM",
"id": "167374"
},
{
"db": "PACKETSTORM",
"id": "166704"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "PACKETSTORM",
"id": "167244"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2957"
},
{
"db": "NVD",
"id": "CVE-2022-24070"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-12T00:00:00",
"db": "VULHUB",
"id": "VHN-413621"
},
{
"date": "2022-04-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-24070"
},
{
"date": "2023-08-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-009515"
},
{
"date": "2022-06-09T16:10:49",
"db": "PACKETSTORM",
"id": "167455"
},
{
"date": "2022-05-12T16:35:35",
"db": "PACKETSTORM",
"id": "167158"
},
{
"date": "2022-05-13T16:05:30",
"db": "PACKETSTORM",
"id": "167165"
},
{
"date": "2022-06-03T15:34:36",
"db": "PACKETSTORM",
"id": "167374"
},
{
"date": "2022-04-13T15:00:52",
"db": "PACKETSTORM",
"id": "166704"
},
{
"date": "2022-07-22T16:22:49",
"db": "PACKETSTORM",
"id": "167787"
},
{
"date": "2022-05-24T17:34:17",
"db": "PACKETSTORM",
"id": "167244"
},
{
"date": "2022-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2957"
},
{
"date": "2022-04-12T18:15:09.137000",
"db": "NVD",
"id": "CVE-2022-24070"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-413621"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-24070"
},
{
"date": "2023-08-07T01:41:00",
"db": "JVNDB",
"id": "JVNDB-2022-009515"
},
{
"date": "2022-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2957"
},
{
"date": "2024-11-21T06:49:45.943000",
"db": "NVD",
"id": "CVE-2022-24070"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "166704"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2957"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Subversion\u00a0 of \u00a0mod_dav_svn\u00a0 Vulnerability in using free memory in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009515"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2957"
}
],
"trust": 0.6
}
}
var-202101-0567
Vulnerability from variot
There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. binutils Has NULL A pointer dereference vulnerability exists.Denial of service (DoS) It may be put into a state. GNU Binutils (GNU Binary Utilities or binutils) is a set of programming language tool programs developed by the GNU community. The program is primarily designed to handle object files in various formats and provides linkers, assemblers, and other tools for object files and archives. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-24
https://security.gentoo.org/
Severity: Normal Title: Binutils: Multiple vulnerabilities Date: July 10, 2021 Bugs: #678806, #761957, #764170 ID: 202107-24
Synopsis
Multiple vulnerabilities have been found in Binutils, the worst of which could result in a Denial of Service condition.
Background
The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 sys-devel/binutils < 2.35.2 >= 2.35.2
Description
Multiple vulnerabilities have been discovered in Binutils. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Binutils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.35.2"
References
[ 1 ] CVE-2019-9070 https://nvd.nist.gov/vuln/detail/CVE-2019-9070 [ 2 ] CVE-2019-9071 https://nvd.nist.gov/vuln/detail/CVE-2019-9071 [ 3 ] CVE-2019-9072 https://nvd.nist.gov/vuln/detail/CVE-2019-9072 [ 4 ] CVE-2019-9073 https://nvd.nist.gov/vuln/detail/CVE-2019-9073 [ 5 ] CVE-2019-9074 https://nvd.nist.gov/vuln/detail/CVE-2019-9074 [ 6 ] CVE-2019-9075 https://nvd.nist.gov/vuln/detail/CVE-2019-9075 [ 7 ] CVE-2019-9076 https://nvd.nist.gov/vuln/detail/CVE-2019-9076 [ 8 ] CVE-2019-9077 https://nvd.nist.gov/vuln/detail/CVE-2019-9077 [ 9 ] CVE-2020-19599 https://nvd.nist.gov/vuln/detail/CVE-2020-19599 [ 10 ] CVE-2020-35448 https://nvd.nist.gov/vuln/detail/CVE-2020-35448 [ 11 ] CVE-2020-35493 https://nvd.nist.gov/vuln/detail/CVE-2020-35493 [ 12 ] CVE-2020-35494 https://nvd.nist.gov/vuln/detail/CVE-2020-35494 [ 13 ] CVE-2020-35495 https://nvd.nist.gov/vuln/detail/CVE-2020-35495 [ 14 ] CVE-2020-35496 https://nvd.nist.gov/vuln/detail/CVE-2020-35496 [ 15 ] CVE-2020-35507 https://nvd.nist.gov/vuln/detail/CVE-2020-35507
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202107-24
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0567",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "binutils",
"scope": "lt",
"trust": 1.0,
"vendor": "gnu",
"version": "2.34"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "hci compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire \\\u0026 hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "brocade fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "solidfire\\, enterprise sds \\\u0026 hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ontap select deploy utility",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "hci management node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "binutils",
"scope": null,
"trust": 0.8,
"vendor": "gnu",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "hci compute node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015126"
},
{
"db": "NVD",
"id": "CVE-2020-35496"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "163455"
}
],
"trust": 0.1
},
"cve": "CVE-2020-35496",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-35496",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-377692",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2020-35496",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-35496",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-35496",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-35496",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-054",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-377692",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-35496",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377692"
},
{
"db": "VULMON",
"id": "CVE-2020-35496"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015126"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-054"
},
{
"db": "NVD",
"id": "CVE-2020-35496"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There\u0027s a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. binutils Has NULL A pointer dereference vulnerability exists.Denial of service (DoS) It may be put into a state. GNU Binutils (GNU Binary Utilities or binutils) is a set of programming language tool programs developed by the GNU community. The program is primarily designed to handle object files in various formats and provides linkers, assemblers, and other tools for object files and archives. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202107-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Binutils: Multiple vulnerabilities\n Date: July 10, 2021\n Bugs: #678806, #761957, #764170\n ID: 202107-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Binutils, the worst of\nwhich could result in a Denial of Service condition. \n\nBackground\n==========\n\nThe GNU Binutils are a collection of tools to create, modify and\nanalyse binary files. Many of the files use BFD, the Binary File\nDescriptor library, to do low-level manipulation. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 sys-devel/binutils \u003c 2.35.2 \u003e= 2.35.2 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Binutils. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Binutils users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=sys-devel/binutils-2.35.2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-9070\n https://nvd.nist.gov/vuln/detail/CVE-2019-9070\n[ 2 ] CVE-2019-9071\n https://nvd.nist.gov/vuln/detail/CVE-2019-9071\n[ 3 ] CVE-2019-9072\n https://nvd.nist.gov/vuln/detail/CVE-2019-9072\n[ 4 ] CVE-2019-9073\n https://nvd.nist.gov/vuln/detail/CVE-2019-9073\n[ 5 ] CVE-2019-9074\n https://nvd.nist.gov/vuln/detail/CVE-2019-9074\n[ 6 ] CVE-2019-9075\n https://nvd.nist.gov/vuln/detail/CVE-2019-9075\n[ 7 ] CVE-2019-9076\n https://nvd.nist.gov/vuln/detail/CVE-2019-9076\n[ 8 ] CVE-2019-9077\n https://nvd.nist.gov/vuln/detail/CVE-2019-9077\n[ 9 ] CVE-2020-19599\n https://nvd.nist.gov/vuln/detail/CVE-2020-19599\n[ 10 ] CVE-2020-35448\n https://nvd.nist.gov/vuln/detail/CVE-2020-35448\n[ 11 ] CVE-2020-35493\n https://nvd.nist.gov/vuln/detail/CVE-2020-35493\n[ 12 ] CVE-2020-35494\n https://nvd.nist.gov/vuln/detail/CVE-2020-35494\n[ 13 ] CVE-2020-35495\n https://nvd.nist.gov/vuln/detail/CVE-2020-35495\n[ 14 ] CVE-2020-35496\n https://nvd.nist.gov/vuln/detail/CVE-2020-35496\n[ 15 ] CVE-2020-35507\n https://nvd.nist.gov/vuln/detail/CVE-2020-35507\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202107-24\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35496"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015126"
},
{
"db": "VULHUB",
"id": "VHN-377692"
},
{
"db": "VULMON",
"id": "CVE-2020-35496"
},
{
"db": "PACKETSTORM",
"id": "163455"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35496",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "163455",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015126",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.3660",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-054",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-377692",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-35496",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377692"
},
{
"db": "VULMON",
"id": "CVE-2020-35496"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015126"
},
{
"db": "PACKETSTORM",
"id": "163455"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-054"
},
{
"db": "NVD",
"id": "CVE-2020-35496"
}
]
},
"id": "VAR-202101-0567",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-377692"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:53:37.126000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug\u00a025308 NetAppNetApp\u00a0Advisory",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"title": "GNU Binutils Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138318"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-35496"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015126"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-054"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377692"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015126"
},
{
"db": "NVD",
"id": "CVE-2020-35496"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911444"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202107-24"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35496"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4kok3qwsvoujwj54hvgifwnlwq5zy4s6/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4kok3qwsvoujwj54hvgifwnlwq5zy4s6/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnu-binutils-affect-ibm-netezza-analytics/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3660"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/binutils-null-pointer-dereference-via-bfd-pef-scan-start-address-34255"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnu-binutils-affect-ibm-netezza-analytics-for-nps/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163455/gentoo-linux-security-advisory-202107-24.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnu-binutils-affect-ibm-netezza-performance-server/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2020-35496"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35495"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-19599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9071"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9077"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35493"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9073"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9072"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35448"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35507"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9076"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9075"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35494"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377692"
},
{
"db": "VULMON",
"id": "CVE-2020-35496"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015126"
},
{
"db": "PACKETSTORM",
"id": "163455"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-054"
},
{
"db": "NVD",
"id": "CVE-2020-35496"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-377692"
},
{
"db": "VULMON",
"id": "CVE-2020-35496"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015126"
},
{
"db": "PACKETSTORM",
"id": "163455"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-054"
},
{
"db": "NVD",
"id": "CVE-2020-35496"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-04T00:00:00",
"db": "VULHUB",
"id": "VHN-377692"
},
{
"date": "2021-01-04T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35496"
},
{
"date": "2021-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015126"
},
{
"date": "2021-07-11T12:01:11",
"db": "PACKETSTORM",
"id": "163455"
},
{
"date": "2021-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-054"
},
{
"date": "2021-01-04T15:15:14.323000",
"db": "NVD",
"id": "CVE-2020-35496"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-377692"
},
{
"date": "2022-09-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35496"
},
{
"date": "2021-09-10T07:10:00",
"db": "JVNDB",
"id": "JVNDB-2020-015126"
},
{
"date": "2022-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-054"
},
{
"date": "2024-11-21T05:27:25.543000",
"db": "NVD",
"id": "CVE-2020-35496"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-054"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "binutils\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015126"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-054"
}
],
"trust": 0.6
}
}
var-202206-1424
Vulnerability from variot
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. There is a security vulnerability in versions prior to vim 8.2.4956. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7
macOS Big Sur 11.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213443.
AppleMobileFileIntegrity Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. Entry added October 27, 2022
ATS Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t) Entry added October 27, 2022
ATS Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
Calendar Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher Entry added October 27, 2022
Contacts Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved checks. CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security
GarageBand Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: A configuration issue was addressed with additional restrictions. CVE-2022-32877: Wojciech Reguła (@_r3ggi) of SecuRing Entry added October 27, 2022
ImageIO Available for: macOS Big Sur Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622 Entry added October 27, 2022
Image Processing Available for: macOS Big Sur Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added October 27, 2022
iMovie Available for: macOS Big Sur Impact: A user may be able to view sensitive user information Description: This issue was addressed by enabling hardened runtime. CVE-2022-32896: Wojciech Reguła (@_r3ggi)
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab Entry added October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero Entry updated October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32894: an anonymous researcher
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: The issue was addressed with improved bounds checks. CVE-2022-32917: an anonymous researcher
Maps Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com Entry updated October 27, 2022
MediaLibrary Available for: macOS Big Sur Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
ncurses Available for: macOS Big Sur Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537 Entry added October 27, 2022
PackageKit Available for: macOS Big Sur Impact: An app may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-32900: Mickey Jin (@patch1t)
Sandbox Available for: macOS Big Sur Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022
Security Available for: macOS Big Sur Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de) Entry added October 27, 2022
Sidecar Available for: macOS Big Sur Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital Entry added October 27, 2022
SMB Available for: macOS Big Sur Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger Entry added October 27, 2022
Vim Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 Entry added October 27, 2022
Weather Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher Entry added October 27, 2022
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer) Entry added October 27, 2022
Additional recognition
Identity Services We would like to acknowledge Joshua Jones for their assistance.
macOS Big Sur 11.7 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpYACgkQ4RjMIDke NxnDzw/7BbMWXxZ6uPMWb3LMFZlymEZMCtL5S27GA8HXiz7SU6c2wPrF1ofp8Bbz pYGy4OrK17rAb/qHIig03TVE6EJl4ScZHv7STn1gQ5ciKqud6jL16mm2BjRCm2T4 ZQtTzrQrSRHJbBSUSsnZxi5Wp9wjIA6w8JVvMqdBrnpu3yWt8Jo0tW0d/nO1EK3I QlfDgOaiZrdHN2m/Y+kjWOhRqDLe2QWObQh95Gyybi3++ctTr58PBLBYLhWgLMoV AMj69PLudFI8cEeqhDlfVK7ept2O+WLkYeI/Px5nG7YHhndr9fiR55Rz5m2Hl44k rnxDKs9hVQLwSHAo9uJ1DBUteEzgdUJWiwGxP4InnCmhlXpJl7AkVsr7bq5iaDcT o32wNfv1BEzBBvINNfw1PZ+JwNmEwugSj1UX54GFOj3B9WjGguIi0dMqOc0j6GKm xnIwzPIlHhHb/1D17kl/kTQH602w/Mf5OIlSfL/mk0CKjwR+0QvQF5HXhULJHbqJ Kpx8C1JfhnyWqBoCuh+URCKlZJ4T3P6IUgoRzuX4Jk3TDABCP5jgEZOzj76JPE1y IVt8ULLARjjUdEOzC8dZkaeGUOAerzfxIU8QJwmrnHQI3vQX7JR9MbK1S+PRJsGy 1h69HcdL2HGpjPyDf9uI2nMOntOUrTz/PqjQUzmfllq3B42RPZs= =euaC -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1424",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4956"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011649"
},
{
"db": "NVD",
"id": "CVE-2022-1720"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-1720",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1720",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-422484",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1720",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1720",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-1720",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1720",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1720",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-1720",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2058",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-422484",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1720",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422484"
},
{
"db": "VULMON",
"id": "CVE-2022-1720"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011649"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2058"
},
{
"db": "NVD",
"id": "CVE-2022-1720"
},
{
"db": "NVD",
"id": "CVE-2022-1720"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. There is a security vulnerability in versions prior to vim 8.2.4956. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7\n\nmacOS Big Sur 11.7 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213443. \n\nAppleMobileFileIntegrity\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \nEntry added October 27, 2022\n\nATS\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\nEntry added October 27, 2022\n\nATS\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nCalendar\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\nEntry added October 27, 2022\n\nContacts\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved checks. \nCVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security\n\nGarageBand\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: A configuration issue was addressed with additional\nrestrictions. \nCVE-2022-32877: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nEntry added October 27, 2022\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\nEntry added October 27, 2022\n\nImage Processing\nAvailable for: macOS Big Sur\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\nEntry added October 27, 2022\n\niMovie\nAvailable for: macOS Big Sur\nImpact: A user may be able to view sensitive user information\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2022-32896: Wojciech Regu\u0142a (@_r3ggi)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\nEntry added October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\nEntry updated October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32894: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32917: an anonymous researcher\n\nMaps\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\nEntry updated October 27, 2022\n\nMediaLibrary\nAvailable for: macOS Big Sur\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nncurses\nAvailable for: macOS Big Sur\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\nEntry added October 27, 2022\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: An app may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32900: Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nSecurity\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\nEntry added October 27, 2022\n\nSidecar\nAvailable for: macOS Big Sur\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\nEntry added October 27, 2022\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\nEntry added October 27, 2022\n\nVim\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: This issue was addressed with improved checks. \nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\nEntry added October 27, 2022\n\nWeather\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\nEntry added October 27, 2022\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\nEntry added October 27, 2022\n\nAdditional recognition\n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nmacOS Big Sur 11.7 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpYACgkQ4RjMIDke\nNxnDzw/7BbMWXxZ6uPMWb3LMFZlymEZMCtL5S27GA8HXiz7SU6c2wPrF1ofp8Bbz\npYGy4OrK17rAb/qHIig03TVE6EJl4ScZHv7STn1gQ5ciKqud6jL16mm2BjRCm2T4\nZQtTzrQrSRHJbBSUSsnZxi5Wp9wjIA6w8JVvMqdBrnpu3yWt8Jo0tW0d/nO1EK3I\nQlfDgOaiZrdHN2m/Y+kjWOhRqDLe2QWObQh95Gyybi3++ctTr58PBLBYLhWgLMoV\nAMj69PLudFI8cEeqhDlfVK7ept2O+WLkYeI/Px5nG7YHhndr9fiR55Rz5m2Hl44k\nrnxDKs9hVQLwSHAo9uJ1DBUteEzgdUJWiwGxP4InnCmhlXpJl7AkVsr7bq5iaDcT\no32wNfv1BEzBBvINNfw1PZ+JwNmEwugSj1UX54GFOj3B9WjGguIi0dMqOc0j6GKm\nxnIwzPIlHhHb/1D17kl/kTQH602w/Mf5OIlSfL/mk0CKjwR+0QvQF5HXhULJHbqJ\nKpx8C1JfhnyWqBoCuh+URCKlZJ4T3P6IUgoRzuX4Jk3TDABCP5jgEZOzj76JPE1y\nIVt8ULLARjjUdEOzC8dZkaeGUOAerzfxIU8QJwmrnHQI3vQX7JR9MbK1S+PRJsGy\n1h69HcdL2HGpjPyDf9uI2nMOntOUrTz/PqjQUzmfllq3B42RPZs=\n=euaC\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1720"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011649"
},
{
"db": "VULHUB",
"id": "VHN-422484"
},
{
"db": "VULMON",
"id": "CVE-2022-1720"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-422484",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422484"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1720",
"trust": 3.8
},
{
"db": "PACKETSTORM",
"id": "169585",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011649",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2058",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3012",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169576",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2022-68098",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-422484",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1720",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422484"
},
{
"db": "VULMON",
"id": "CVE-2022-1720"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011649"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2058"
},
{
"db": "NVD",
"id": "CVE-2022-1720"
}
]
},
"id": "VAR-202206-1424",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-422484"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:01:12.289000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213444 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=198476"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11dbcf77118f7ec64d0ef6c1e3c087e3"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-116",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-116"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1720"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011649"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2058"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-126",
"trust": 1.1
},
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422484"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011649"
},
{
"db": "NVD",
"id": "CVE-2022-1720"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213443"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213444"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/43"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/45"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gfd2a4ylbr7oirhtl7ck6ynmeiq264cn/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/u743fmjgfq35gbpcq6owmvzejpdfvewm/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gfd2a4ylbr7oirhtl7ck6ynmeiq264cn/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/u743fmjgfq35gbpcq6owmvzejpdfvewm/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-out-of-bounds-memory-reading-via-grab-file-name-38630"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169585/apple-security-advisory-2022-10-27-9.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1720/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3012"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/126.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015984"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1628.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32881"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213443."
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213444."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422484"
},
{
"db": "VULMON",
"id": "CVE-2022-1720"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011649"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2058"
},
{
"db": "NVD",
"id": "CVE-2022-1720"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-422484"
},
{
"db": "VULMON",
"id": "CVE-2022-1720"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011649"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2058"
},
{
"db": "NVD",
"id": "CVE-2022-1720"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-422484"
},
{
"date": "2022-06-20T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1720"
},
{
"date": "2023-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011649"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-10-31T14:50:18",
"db": "PACKETSTORM",
"id": "169585"
},
{
"date": "2022-10-31T14:42:57",
"db": "PACKETSTORM",
"id": "169576"
},
{
"date": "2022-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2058"
},
{
"date": "2022-06-20T15:15:10.267000",
"db": "NVD",
"id": "CVE-2022-1720"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-422484"
},
{
"date": "2022-08-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1720"
},
{
"date": "2023-08-23T07:02:00",
"db": "JVNDB",
"id": "JVNDB-2022-011649"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2058"
},
{
"date": "2023-11-07T03:42:08.393000",
"db": "NVD",
"id": "CVE-2022-1720"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2058"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011649"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2058"
}
],
"trust": 0.6
}
}
var-202101-0220
Vulnerability from variot
A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. dnsmasq There is a security check vulnerability in.Information may be tampered with. Dnsmasq is a lightweight DNS forwarding and DHCP and TFTP server written in C language. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Bug Fix(es):
- Previously, the Red Hat Virtualization Host (RHV-H) repository (rhvh-4-for-rhel-8-x86_64-rpms) did not include the libsmbclient package, which is a dependency for the sssd-ad package. Consequently, the sssd-ad package failed to install.
With this update, the libsmbclient is now in the RHV-H repository, and sssd-ad now installs on RHV-H. (BZ#1868967)
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update Advisory ID: RHSA-2020:5633-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:5633 Issue date: 2021-02-24 CVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14553 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 CVE-2019-6977 CVE-2019-6978 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-9455 CVE-2019-9458 CVE-2019-11068 CVE-2019-12614 CVE-2019-13050 CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 CVE-2019-15917 CVE-2019-15925 CVE-2019-16167 CVE-2019-16168 CVE-2019-16231 CVE-2019-16233 CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 CVE-2019-18197 CVE-2019-18808 CVE-2019-18809 CVE-2019-19046 CVE-2019-19056 CVE-2019-19062 CVE-2019-19063 CVE-2019-19068 CVE-2019-19072 CVE-2019-19221 CVE-2019-19319 CVE-2019-19332 CVE-2019-19447 CVE-2019-19524 CVE-2019-19533 CVE-2019-19537 CVE-2019-19543 CVE-2019-19602 CVE-2019-19767 CVE-2019-19770 CVE-2019-19906 CVE-2019-19956 CVE-2019-20054 CVE-2019-20218 CVE-2019-20386 CVE-2019-20387 CVE-2019-20388 CVE-2019-20454 CVE-2019-20636 CVE-2019-20807 CVE-2019-20812 CVE-2019-20907 CVE-2019-20916 CVE-2020-0305 CVE-2020-0444 CVE-2020-1716 CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 CVE-2020-1971 CVE-2020-2574 CVE-2020-2752 CVE-2020-2922 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-6405 CVE-2020-7595 CVE-2020-7774 CVE-2020-8177 CVE-2020-8492 CVE-2020-8563 CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-9327 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 CVE-2020-10732 CVE-2020-10749 CVE-2020-10751 CVE-2020-10763 CVE-2020-10773 CVE-2020-10774 CVE-2020-10942 CVE-2020-11565 CVE-2020-11668 CVE-2020-11793 CVE-2020-12465 CVE-2020-12655 CVE-2020-12659 CVE-2020-12770 CVE-2020-12826 CVE-2020-13249 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 CVE-2020-14381 CVE-2020-14382 CVE-2020-14391 CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 CVE-2020-15862 CVE-2020-15999 CVE-2020-16166 CVE-2020-24490 CVE-2020-24659 CVE-2020-25211 CVE-2020-25641 CVE-2020-25658 CVE-2020-25661 CVE-2020-25662 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 CVE-2020-25694 CVE-2020-25696 CVE-2020-26160 CVE-2020-27813 CVE-2020-27846 CVE-2020-28362 CVE-2020-29652 CVE-2021-2007 CVE-2021-3121 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.7.0 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.0. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2020:5634
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-x86_64
The image digest is sha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-s390x
The image digest is sha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le
The image digest is sha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6
All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor.
Security Fix(es):
-
crewjam/saml: authentication bypass in saml authentication (CVE-2020-27846)
-
golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)
-
gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
-
nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)
-
kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider (CVE-2020-8563)
-
containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters (CVE-2020-10749)
-
heketi: gluster-block volume password details available in logs (CVE-2020-10763)
-
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
-
jwt-go: access restriction bypass vulnerability (CVE-2020-26160)
-
golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)
-
golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For OpenShift Container Platform 4.7, see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html.
- Bugs fixed (https://bugzilla.redhat.com/):
1620608 - Restoring deployment config with history leads to weird state
1752220 - [OVN] Network Policy fails to work when project label gets overwritten
1756096 - Local storage operator should implement must-gather spec
1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs
1768255 - installer reports 100% complete but failing components
1770017 - Init containers restart when the exited container is removed from node.
1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating
1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset
1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale
1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating create commands
1784298 - "Displaying with reduced resolution due to large dataset." would show under some conditions
1785399 - Under condition of heavy pod creation, creation fails with 'error reserving pod name ...: name is reserved"
1797766 - Resource Requirements" specDescriptor fields - CPU and Memory injects empty string YAML editor
1801089 - [OVN] Installation failed and monitoring pod not created due to some network error.
1805025 - [OSP] Machine status doesn't become "Failed" when creating a machine with invalid image
1805639 - Machine status should be "Failed" when creating a machine with invalid machine configuration
1806000 - CRI-O failing with: error reserving ctr name
1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be
1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be
1810438 - Installation logs are not gathered from OCP nodes
1812085 - kubernetes-networking-namespace-pods dashboard doesn't exist
1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation
1813012 - EtcdDiscoveryDomain no longer needed
1813949 - openshift-install doesn't use env variables for OS_* for some of API endpoints
1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use
1819053 - loading OpenAPI spec for "v1beta1.metrics.k8s.io" failed with: OpenAPI spec does not exist
1819457 - Package Server is in 'Cannot update' status despite properly working
1820141 - [RFE] deploy qemu-quest-agent on the nodes
1822744 - OCS Installation CI test flaking
1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario
1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool
1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file
1829723 - User workload monitoring alerts fire out of the box
1832968 - oc adm catalog mirror does not mirror the index image itself
1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN
1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters
1834995 - olmFull suite always fails once th suite is run on the same cluster
1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz
1837953 - Replacing masters doesn't work for ovn-kubernetes 4.4
1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks
1838751 - [oVirt][Tracker] Re-enable skipped network tests
1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups
1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed
1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP
1841119 - Get rid of config patches and pass flags directly to kcm
1841175 - When an Install Plan gets deleted, OLM does not create a new one
1841381 - Issue with memoryMB validation
1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option
1844727 - Etcd container leaves grep and lsof zombie processes
1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs
1847074 - Filter bar layout issues at some screen widths on search page
1848358 - CRDs with preserveUnknownFields:true don't reflect in status that they are non-structural
1849543 - [4.5]kubeletconfig's description will show multiple lines for finalizers when upgrade from 4.4.8->4.5
1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service
1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard
1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing
1851693 - The oc apply should return errors instead of hanging there when failing to create the CRD
1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service
1853115 - the restriction of --cloud option should be shown in help text.
1853116 - --to option does not work with --credentials-requests flag.
1853352 - [v2v][UI] Storage Class fields Should Not be empty in VM disks view
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1854567 - "Installed Operators" list showing "duplicated" entries during installation
1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present
1855351 - Inconsistent Installer reactions to Ctrl-C during user input process
1855408 - OVN cluster unstable after running minimal scale test
1856351 - Build page should show metrics for when the build ran, not the last 30 minutes
1856354 - New APIServices missing from OpenAPI definitions
1857446 - ARO/Azure: excessive pod memory allocation causes node lockup
1857877 - Operator upgrades can delete existing CSV before completion
1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed
1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created
1860136 - default ingress does not propagate annotations to route object on update
1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as "Failed"
1860518 - unable to stop a crio pod
1861383 - Route with haproxy.router.openshift.io/timeout: 365d kills the ingress controller
1862430 - LSO: PV creation lock should not be acquired in a loop
1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group.
1862608 - Virtual media does not work on hosts using BIOS, only UEFI
1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network
1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff
1865839 - rpm-ostree fails with "System transaction in progress" when moving to kernel-rt
1866043 - Configurable table column headers can be illegible
1866087 - Examining agones helm chart resources results in "Oh no!"
1866261 - Need to indicate the intentional behavior for Ansible in the create api help info
1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement
1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity
1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there’s no indication on which labels offer tooltip/help
1866340 - [RHOCS Usability Study][Dashboard] It was not clear why “No persistent storage alerts” was prominently displayed
1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations
1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le & s390x
1866482 - Few errors are seen when oc adm must-gather is run
1866605 - No metadata.generation set for build and buildconfig objects
1866873 - MCDDrainError "Drain failed on , updates may be blocked" missing rendered node name
1866901 - Deployment strategy for BMO allows multiple pods to run at the same time
1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure.
1867165 - Cannot assign static address to baremetal install bootstrap vm
1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig
1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS
1867477 - HPA monitoring cpu utilization fails for deployments which have init containers
1867518 - [oc] oc should not print so many goroutines when ANY command fails
1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on 250 node cluster
1867965 - OpenShift Console Deployment Edit overwrites deployment yaml
1868004 - opm index add appears to produce image with wrong registry server binary
1868065 - oc -o jsonpath prints possible warning / bug "Unable to decode server response into a Table"
1868104 - Baremetal actuator should not delete Machine objects
1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead
1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters
1868527 - OpenShift Storage using VMWare vSAN receives error "Failed to add disk 'scsi0:2'" when mounted pod is created on separate node
1868645 - After a disaster recovery pods a stuck in "NodeAffinity" state and not running
1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation
1868765 - [vsphere][ci] could not reserve an IP address: no available addresses
1868770 - catalogSource named "redhat-operators" deleted in a disconnected cluster
1868976 - Prometheus error opening query log file on EBS backed PVC
1869293 - The configmap name looks confusing in aide-ds pod logs
1869606 - crio's failing to delete a network namespace
1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes
1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run [Conformance]
1870373 - Ingress Operator reports available when DNS fails to provision
1870467 - D/DC Part of Helm / Operator Backed should not have HPA
1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json
1870800 - [4.6] Managed Column not appearing on Pods Details page
1871170 - e2e tests are needed to validate the functionality of the etcdctl container
1872001 - EtcdDiscoveryDomain no longer needed
1872095 - content are expanded to the whole line when only one column in table on Resource Details page
1872124 - Could not choose device type as "disk" or "part" when create localvolumeset from web console
1872128 - Can't run container with hostPort on ipv6 cluster
1872166 - 'Silences' link redirects to unexpected 'Alerts' view after creating a silence in the Developer perspective
1872251 - [aws-ebs-csi-driver] Verify job in CI doesn't check for vendor dir sanity
1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them
1872821 - [DOC] Typo in Ansible Operator Tutorial
1872907 - Fail to create CR from generated Helm Base Operator
1872923 - Click "Cancel" button on the "initialization-resource" creation form page should send users to the "Operator details" page instead of "Install Operator" page (previous page)
1873007 - [downstream] failed to read config when running the operator-sdk in the home path
1873030 - Subscriptions without any candidate operators should cause resolution to fail
1873043 - Bump to latest available 1.19.x k8s
1873114 - Nodes goes into NotReady state (VMware)
1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem
1873305 - Failed to power on /inspect node when using Redfish protocol
1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information
1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: “?” button/icon in Developer Console ->Navigation
1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working
1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name > 63 characters
1874057 - Pod stuck in CreateContainerError - error msg="container_linux.go:348: starting container process caused \"chdir to cwd (\\"/mount-point\\") set in config.json failed: permission denied\""
1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver
1874192 - [RFE] "Create Backing Store" page doesn't allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider
1874240 - [vsphere] unable to deprovision - Runtime error list attached objects
1874248 - Include validation for vcenter host in the install-config
1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6
1874583 - apiserver tries and fails to log an event when shutting down
1874584 - add retry for etcd errors in kube-apiserver
1874638 - Missing logging for nbctl daemon
1874736 - [downstream] no version info for the helm-operator
1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution
1874968 - Accessibility: The project selection drop down is a keyboard trap
1875247 - Dependency resolution error "found more than one head for channel" is unhelpful for users
1875516 - disabled scheduling is easy to miss in node page of OCP console
1875598 - machine status is Running for a master node which has been terminated from the console
1875806 - When creating a service of type "LoadBalancer" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes.
1876166 - need to be able to disable kube-apiserver connectivity checks
1876469 - Invalid doc link on yaml template schema description
1876701 - podCount specDescriptor change doesn't take effect on operand details page
1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt
1876935 - AWS volume snapshot is not deleted after the cluster is destroyed
1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted
1877105 - add redfish to enabled_bios_interfaces
1877116 - e2e aws calico tests fail with rpc error: code = ResourceExhausted
1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown
1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only 'rootDevices'
1877681 - Manually created PV can not be used
1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53
1877740 - RHCOS unable to get ip address during first boot
1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5
1877919 - panic in multus-admission-controller
1877924 - Cannot set BIOS config using Redfish with Dell iDracs
1878022 - Met imagestreamimport error when import the whole image repository
1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default "Filesystem Name" instead of providing a textbox, & the name should be validated
1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status
1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM
1878766 - CPU consumption on nodes is higher than the CPU count of the node.
1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus.
1878823 - "oc adm release mirror" generating incomplete imageContentSources when using "--to" and "--to-release-image"
1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode
1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used
1878953 - RBAC error shows when normal user access pvc upload page
1878956 - oc api-resources does not include API version
1878972 - oc adm release mirror removes the architecture information
1879013 - [RFE]Improve CD-ROM interface selection
1879056 - UI should allow to change or unset the evictionStrategy
1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled
1879094 - RHCOS dhcp kernel parameters not working as expected
1879099 - Extra reboot during 4.5 -> 4.6 upgrade
1879244 - Error adding container to network "ipvlan-host-local": "master" field is required
1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder
1879282 - Update OLM references to point to the OLM's new doc site
1879283 - panic after nil pointer dereference in pkg/daemon/update.go
1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests
1879419 - [RFE]Improve boot source description for 'Container' and ‘URL’
1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted.
1879565 - IPv6 installation fails on node-valid-hostname
1879777 - Overlapping, divergent openshift-machine-api namespace manifests
1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with 'Basic', skipping basic authentication in Log message in thanos-querier pod the oauth-proxy
1879930 - Annotations shouldn't be removed during object reconciliation
1879976 - No other channel visible from console
1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc.
1880148 - dns daemonset rolls out slowly in large clusters
1880161 - Actuator Update calls should have fixed retry time
1880259 - additional network + OVN network installation failed
1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as "Failed"
1880410 - Convert Pipeline Visualization node to SVG
1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn
1880443 - broken machine pool management on OpenStack
1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s.
1880473 - IBM Cloudpak operators installation stuck "UpgradePending" with InstallPlan status updates failing due to size limitation
1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables)
1880785 - CredentialsRequest missing description in oc explain
1880787 - No description for Provisioning CRD for oc explain
1880902 - need dnsPlocy set in crd ingresscontrollers
1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster
1881027 - Cluster installation fails at with error : the container name \"assisted-installer\" is already in use
1881046 - [OSP] openstack-cinder-csi-driver-operator doesn't contain required manifests and assets
1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node
1881268 - Image uploading failed but wizard claim the source is available
1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration
1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup
1881881 - unable to specify target port manually resulting in application not reachable
1881898 - misalignment of sub-title in quick start headers
1882022 - [vsphere][ipi] directory path is incomplete, terraform can't find the cluster
1882057 - Not able to select access modes for snapshot and clone
1882140 - No description for spec.kubeletConfig
1882176 - Master recovery instructions don't handle IP change well
1882191 - Installation fails against external resources which lack DNS Subject Alternative Name
1882209 - [ BateMetal IPI ] local coredns resolution not working
1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from "Too large resource version"
1882268 - [e2e][automation]Add Integration Test for Snapshots
1882361 - Retrieve and expose the latest report for the cluster
1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use
1882556 - git:// protocol in origin tests is not currently proxied
1882569 - CNO: Replacing masters doesn't work for ovn-kubernetes 4.4
1882608 - Spot instance not getting created on AzureGovCloud
1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance
1882649 - IPI installer labels all images it uploads into glance as qcow2
1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic
1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page
1882660 - Operators in a namespace should be installed together when approve one
1882667 - [ovn] br-ex Link not found when scale up RHEL worker
1882723 - [vsphere]Suggested mimimum value for providerspec not working
1882730 - z systems not reporting correct core count in recording rule
1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully
1882781 - nameserver= option to dracut creates extra NM connection profile
1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined
1882844 - [IPI on vsphere] Executing 'openshift-installer destroy cluster' leaves installer tag categories in vsphere
1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability
1883388 - Bare Metal Hosts Details page doesn't show Mainitenance and Power On/Off status
1883422 - operator-sdk cleanup fail after installing operator with "run bundle" without installmode and og with ownnamespace
1883425 - Gather top installplans and their count
1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2
1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel]
1883538 - must gather report "cannot file manila/aws ebs/ovirt csi related namespaces and objects" error
1883560 - operator-registry image needs clean up in /tmp
1883563 - Creating duplicate namespace from create namespace modal breaks the UI
1883614 - [OCP 4.6] [UI] UI should not describe power cycle as "graceful"
1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate
1883660 - e2e-metal-ipi CI job consistently failing on 4.4
1883765 - [user workload monitoring] improve latency of Thanos sidecar when streaming read requests
1883766 - [e2e][automation] Adjust tests for UI changes
1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations
1883773 - opm alpha bundle build fails on win10 home
1883790 - revert "force cert rotation every couple days for development" in 4.7
1883803 - node pull secret feature is not working as expected
1883836 - Jenkins imagestream ubi8 and nodejs12 update
1883847 - The UI does not show checkbox for enable encryption at rest for OCS
1883853 - go list -m all does not work
1883905 - race condition in opm index add --overwrite-latest
1883946 - Understand why trident CSI pods are getting deleted by OCP
1884035 - Pods are illegally transitioning back to pending
1884041 - e2e should provide error info when minimum number of pods aren't ready in kube-system namespace
1884131 - oauth-proxy repository should run tests
1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied
1884221 - IO becomes unhealthy due to a file change
1884258 - Node network alerts should work on ratio rather than absolute values
1884270 - Git clone does not support SCP-style ssh locations
1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout
1884435 - vsphere - loopback is randomly not being added to resolver
1884565 - oauth-proxy crashes on invalid usage
1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy
1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users
1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment
1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu.
1884632 - Adding BYOK disk encryption through DES
1884654 - Utilization of a VMI is not populated
1884655 - KeyError on self._existing_vifs[port_id]
1884664 - Operator install page shows "installing..." instead of going to install status page
1884672 - Failed to inspect hardware. Reason: unable to start inspection: 'idrac'
1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure
1884724 - Quick Start: Serverless quickstart doesn't match Operator install steps
1884739 - Node process segfaulted
1884824 - Update baremetal-operator libraries to k8s 1.19
1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping
1885138 - Wrong detection of pending state in VM details
1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2
1885165 - NoRunningOvnMaster alert falsely triggered
1885170 - Nil pointer when verifying images
1885173 - [e2e][automation] Add test for next run configuration feature
1885179 - oc image append fails on push (uploading a new layer)
1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig
1885218 - [e2e][automation] Add virtctl to gating script
1885223 - Sync with upstream (fix panicking cluster-capacity binary)
1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2
1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2
1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2
1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2
1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2
1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2
1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI
1885315 - unit tests fail on slow disks
1885319 - Remove redundant use of group and kind of DataVolumeTemplate
1885343 - Console doesn't load in iOS Safari when using self-signed certificates
1885344 - 4.7 upgrade - dummy bug for 1880591
1885358 - add p&f configuration to protect openshift traffic
1885365 - MCO does not respect the install section of systemd files when enabling
1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating
1885398 - CSV with only Webhook conversion can't be installed
1885403 - Some OLM events hide the underlying errors
1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case
1885425 - opm index add cannot batch add multiple bundles that use skips
1885543 - node tuning operator builds and installs an unsigned RPM
1885644 - Panic output due to timeouts in openshift-apiserver
1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU < 30 || totalMemory < 72 GiB for initial deployment
1885702 - Cypress: Fix 'aria-hidden-focus' accesibility violations
1885706 - Cypress: Fix 'link-name' accesibility violation
1885761 - DNS fails to resolve in some pods
1885856 - Missing registry v1 protocol usage metric on telemetry
1885864 - Stalld service crashed under the worker node
1885930 - [release 4.7] Collect ServiceAccount statistics
1885940 - kuryr/demo image ping not working
1886007 - upgrade test with service type load balancer will never work
1886022 - Move range allocations to CRD's
1886028 - [BM][IPI] Failed to delete node after scale down
1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas
1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd
1886154 - System roles are not present while trying to create new role binding through web console
1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5->4.6 causes broadcast storm
1886168 - Remove Terminal Option for Windows Nodes
1886200 - greenwave / CVP is failing on bundle validations, cannot stage push
1886229 - Multipath support for RHCOS sysroot
1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage
1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status
1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL
1886397 - Move object-enum to console-shared
1886423 - New Affinities don't contain ID until saving
1886435 - Azure UPI uses deprecated command 'group deployment'
1886449 - p&f: add configuration to protect oauth server traffic
1886452 - layout options doesn't gets selected style on click i.e grey background
1886462 - IO doesn't recognize namespaces - 2 resources with the same name in 2 namespaces -> only 1 gets collected
1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest
1886524 - Change default terminal command for Windows Pods
1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution
1886600 - panic: assignment to entry in nil map
1886620 - Application behind service load balancer with PDB is not disrupted
1886627 - Kube-apiserver pods restarting/reinitializing periodically
1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider
1886636 - Panic in machine-config-operator
1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer.
1886751 - Gather MachineConfigPools
1886766 - PVC dropdown has 'Persistent Volume' Label
1886834 - ovn-cert is mandatory in both master and node daemonsets
1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState
1886861 - ordered-values.yaml not honored if values.schema.json provided
1886871 - Neutron ports created for hostNetworking pods
1886890 - Overwrite jenkins-agent-base imagestream
1886900 - Cluster-version operator fills logs with "Manifest: ..." spew
1886922 - [sig-network] pods should successfully create sandboxes by getting pod
1886973 - Local storage operator doesn't include correctly populate LocalVolumeDiscoveryResult in console
1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO
1887010 - Imagepruner met error "Job has reached the specified backoff limit" which causes image registry degraded
1887026 - FC volume attach fails with “no fc disk found” error on OCP 4.6 PowerVM cluster
1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6
1887046 - Event for LSO need update to avoid confusion
1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image
1887375 - User should be able to specify volumeMode when creating pvc from web-console
1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console
1887392 - openshift-apiserver: delegated authn/z should have ttl > metrics/healthz/readyz/openapi interval
1887428 - oauth-apiserver service should be monitored by prometheus
1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting "degraded: False"
1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data
1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes
1887465 - Deleted project is still referenced
1887472 - unable to edit application group for KSVC via gestures (shift+Drag)
1887488 - OCP 4.6: Topology Manager OpenShift E2E test fails: gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface
1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster
1887525 - Failures to set master HardwareDetails cannot easily be debugged
1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable
1887585 - ovn-masters stuck in crashloop after scale test
1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade.
1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator
1887740 - cannot install descheduler operator after uninstalling it
1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events
1887750 - oc explain localvolumediscovery returns empty description
1887751 - oc explain localvolumediscoveryresult returns empty description
1887778 - Add ContainerRuntimeConfig gatherer
1887783 - PVC upload cannot continue after approve the certificate
1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard
1887799 - User workload monitoring prometheus-config-reloader OOM
1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky
1887863 - Installer panics on invalid flavor
1887864 - Clean up dependencies to avoid invalid scan flagging
1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison
1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig
1888015 - workaround kubelet graceful termination of static pods bug
1888028 - prevent extra cycle in aggregated apiservers
1888036 - Operator details shows old CRD versions
1888041 - non-terminating pods are going from running to pending
1888072 - Setting Supermicro node to PXE boot via Redfish doesn't take affect
1888073 - Operator controller continuously busy looping
1888118 - Memory requests not specified for image registry operator
1888150 - Install Operand Form on OperatorHub is displaying unformatted text
1888172 - PR 209 didn't update the sample archive, but machineset and pdbs are now namespaced
1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build
1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5
1888311 - p&f: make SAR traffic from oauth and openshift apiserver exempt
1888363 - namespaces crash in dev
1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created
1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected
1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC
1888494 - imagepruner pod is error when image registry storage is not configured
1888565 - [OSP] machine-config-daemon-firstboot.service failed with "error reading osImageURL from rpm-ostree"
1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error
1888601 - The poddisruptionbudgets is using the operator service account, instead of gather
1888657 - oc doesn't know its name
1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable
1888671 - Document the Cloud Provider's ignore-volume-az setting
1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image
1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s", cr.GetName()
1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set
1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster
1888866 - AggregatedAPIDown permanently firing after removing APIService
1888870 - JS error when using autocomplete in YAML editor
1888874 - hover message are not shown for some properties
1888900 - align plugins versions
1888985 - Cypress: Fix 'Ensures buttons have discernible text' accesibility violation
1889213 - The error message of uploading failure is not clear enough
1889267 - Increase the time out for creating template and upload image in the terraform
1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages)
1889374 - Kiali feature won't work on fresh 4.6 cluster
1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode
1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade
1889515 - Accessibility - The symbols e.g checkmark in the Node > overview page has no text description, label, or other accessible information
1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance
1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown
1889577 - Resources are not shown on project workloads page
1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment
1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages
1889692 - Selected Capacity is showing wrong size
1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15
1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off
1889710 - Prometheus metrics on disk take more space compared to OCP 4.5
1889721 - opm index add semver-skippatch mode does not respect prerelease versions
1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn't see the Disk tab
1889767 - [vsphere] Remove certificate from upi-installer image
1889779 - error when destroying a vSphere installation that failed early
1889787 - OCP is flooding the oVirt engine with auth errors
1889838 - race in Operator update after fix from bz1888073
1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1
1889863 - Router prints incorrect log message for namespace label selector
1889891 - Backport timecache LRU fix
1889912 - Drains can cause high CPU usage
1889921 - Reported Degraded=False Available=False pair does not make sense
1889928 - [e2e][automation] Add more tests for golden os
1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName
1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings
1890074 - MCO extension kernel-headers is invalid
1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest
1890130 - multitenant mode consistently fails CI
1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e
1890145 - The mismatched of font size for Status Ready and Health Check secondary text
1890180 - FieldDependency x-descriptor doesn't support non-sibling fields
1890182 - DaemonSet with existing owner garbage collected
1890228 - AWS: destroy stuck on route53 hosted zone not found
1890235 - e2e: update Protractor's checkErrors logging
1890250 - workers may fail to join the cluster during an update from 4.5
1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member
1890270 - External IP doesn't work if the IP address is not assigned to a node
1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability
1890456 - [vsphere] mapi_instance_create_failed doesn't work on vsphere
1890467 - unable to edit an application without a service
1890472 - [Kuryr] Bulk port creation exception not completely formatted
1890494 - Error assigning Egress IP on GCP
1890530 - cluster-policy-controller doesn't gracefully terminate
1890630 - [Kuryr] Available port count not correctly calculated for alerts
1890671 - [SA] verify-image-signature using service account does not work
1890677 - 'oc image info' claims 'does not exist' for application/vnd.oci.image.manifest.v1+json manifest
1890808 - New etcd alerts need to be added to the monitoring stack
1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn't sync the "overall" sha it syncs only the sub arch sha.
1890984 - Rename operator-webhook-config to sriov-operator-webhook-config
1890995 - wew-app should provide more insight into why image deployment failed
1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call
1891047 - Helm chart fails to install using developer console because of TLS certificate error
1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler
1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI
1891108 - p&f: Increase the concurrency share of workload-low priority level
1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine)
1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown
1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn't meet requirements of chart)
1891362 - Wrong metrics count for openshift_build_result_total
1891368 - fync should be fsync for etcdHighFsyncDurations alert's annotations.message
1891374 - fync should be fsync for etcdHighFsyncDurations critical alert's annotations.message
1891376 - Extra text in Cluster Utilization charts
1891419 - Wrong detail head on network policy detail page.
1891459 - Snapshot tests should report stderr of failed commands
1891498 - Other machine config pools do not show during update
1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage
1891551 - Clusterautoscaler doesn't scale up as expected
1891552 - Handle missing labels as empty.
1891555 - The windows oc.exe binary does not have version metadata
1891559 - kuryr-cni cannot start new thread
1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11
1891625 - [Release 4.7] Mutable LoadBalancer Scope
1891702 - installer get pending when additionalTrustBundle is added into install-config.yaml
1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails
1891740 - OperatorStatusChanged is noisy
1891758 - the authentication operator may spam DeploymentUpdated event endlessly
1891759 - Dockerfile builds cannot change /etc/pki/ca-trust
1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1
1891825 - Error message not very informative in case of mode mismatch
1891898 - The ClusterServiceVersion can define Webhooks that cannot be created.
1891951 - UI should show warning while creating pools with compression on
1891952 - [Release 4.7] Apps Domain Enhancement
1891993 - 4.5 to 4.6 upgrade doesn't remove deployments created by marketplace
1891995 - OperatorHub displaying old content
1891999 - Storage efficiency card showing wrong compression ratio
1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version GLIBC_2.28' not found (required by ./opm)
1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector.
1892198 - TypeError in 'Performance Profile' tab displayed for 'Performance Addon Operator'
1892288 - assisted install workflow creates excessive control-plane disruption
1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config
1892358 - [e2e][automation] update feature gate for kubevirt-gating job
1892376 - Deleted netnamespace could not be re-created
1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky
1892393 - TestListPackages is flaky
1892448 - MCDPivotError alert/metric missing
1892457 - NTO-shipped stalld needs to use FIFO for boosting.
1892467 - linuxptp-daemon crash
1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env
1892653 - User is unable to create KafkaSource with v1beta
1892724 - VFS added to the list of devices of the nodeptpdevice CRD
1892799 - Mounting additionalTrustBundle in the operator
1893117 - Maintenance mode on vSphere blocks installation.
1893351 - TLS secrets are not able to edit on console.
1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots
1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky "worker" assumption when guessing about ingress availability
1893546 - Deploy using virtual media fails on node cleaning step
1893601 - overview filesystem utilization of OCP is showing the wrong values
1893645 - oc describe route SIGSEGV
1893648 - Ironic image building process is not compatible with UEFI secure boot
1893724 - OperatorHub generates incorrect RBAC
1893739 - Force deletion doesn't work for snapshots if snapshotclass is already deleted
1893776 - No useful metrics for image pull time available, making debugging issues there impossible
1893798 - Lots of error messages starting with "get namespace to enqueue Alertmanager instances failed" in the logs of prometheus-operator
1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD
1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS
1893926 - Some "Dynamic PV (block volmode)" pattern storage e2e tests are wrongly skipped
1893944 - Wrong product name for Multicloud Object Gateway
1893953 - (release-4.7) Gather default StatefulSet configs
1893956 - Installation always fails at "failed to initialize the cluster: Cluster operator image-registry is still updating"
1893963 - [Testday] Workloads-> Virtualization is not loading for Firefox browser
1893972 - Should skip e2e test cases as early as possible
1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without 'https://'
1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective
1894025 - OCP 4.5 to 4.6 upgrade for "aws-ebs-csi-driver-operator" fails when "defaultNodeSelector" is set
1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used.
1894065 - tag new packages to enable TLS support
1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0
1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries
1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM
1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted
1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI)
1894216 - Improve OpenShift Web Console availability
1894275 - Fix CRO owners file to reflect node owner
1894278 - "database is locked" error when adding bundle to index image
1894330 - upgrade channels needs to be updated for 4.7
1894342 - oauth-apiserver logs many "[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient"
1894374 - Dont prevent the user from uploading a file with incorrect extension
1894432 - [oVirt] sometimes installer timeout on tmp_import_vm
1894477 - bash syntax error in nodeip-configuration.service
1894503 - add automated test for Polarion CNV-5045
1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform
1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets
1894645 - Cinder volume provisioning crashes on nil cloud provider
1894677 - image-pruner job is panicking: klog stack
1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0
1894860 - 'backend' CI job passing despite failing tests
1894910 - Update the node to use the real-time kernel fails
1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package
1895065 - Schema / Samples / Snippets Tabs are all selected at the same time
1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI
1895141 - panic in service-ca injector
1895147 - Remove memory limits on openshift-dns
1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation
1895268 - The bundleAPIs should NOT be empty
1895309 - [OCP v47] The RHEL node scaleup fails due to "No package matching 'cri-o-1.19.*' found available" on OCP 4.7 cluster
1895329 - The infra index filled with warnings "WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release"
1895360 - Machine Config Daemon removes a file although its defined in the dropin
1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1
1895372 - Web console going blank after selecting any operator to install from OperatorHub
1895385 - Revert KUBELET_LOG_LEVEL back to level 3
1895423 - unable to edit an application with a custom builder image
1895430 - unable to edit custom template application
1895509 - Backup taken on one master cannot be restored on other masters
1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image
1895838 - oc explain description contains '/'
1895908 - "virtio" option is not available when modifying a CD-ROM to disk type
1895909 - e2e-metal-ipi-ovn-dualstack is failing
1895919 - NTO fails to load kernel modules
1895959 - configuring webhook token authentication should prevent cluster upgrades
1895979 - Unable to get coreos-installer with --copy-network to work
1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV
1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded)
1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed
1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest
1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded
1896244 - Found a panic in storage e2e test
1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general
1896302 - [e2e][automation] Fix 4.6 test failures
1896365 - [Migration]The SDN migration cannot revert under some conditions
1896384 - [ovirt IPI]: local coredns resolution not working
1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6
1896529 - Incorrect instructions in the Serverless operator and application quick starts
1896645 - documentationBaseURL needs to be updated for 4.7
1896697 - [Descheduler] policy.yaml param in cluster configmap is empty
1896704 - Machine API components should honour cluster wide proxy settings
1896732 - "Attach to Virtual Machine OS" button should not be visible on old clusters
1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection is incompatible with SR-IOV operator
1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails
1896918 - start creating new-style Secrets for AWS
1896923 - DNS pod /metrics exposed on anonymous http port
1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters
1897003 - VNC console cannot be connected after visit it in new window
1897008 - Cypress: reenable check for 'aria-hidden-focus' rule & checkA11y test for modals
1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO
1897039 - router pod keeps printing log: template "msg"="router reloaded" "output"="[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option 'http-use-htx' is deprecated and ignored
1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV.
1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces
1897138 - oVirt provider uses depricated cluster-api project
1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly
1897252 - Firing alerts are not showing up in console UI after cluster is up for some time
1897354 - Operator installation showing success, but Provided APIs are missing
1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with "connection refused"
1897412 - [sriov]disableDrain did not be updated in CRD of manifest
1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page
1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to 'localhost'
1897520 - After restarting nodes the image-registry co is in degraded true state.
1897584 - Add casc plugins
1897603 - Cinder volume attachment detection failure in Kubelet
1897604 - Machine API deployment fails: Kube-Controller-Manager can't reach API: "Unauthorized"
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests
1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition
1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannotCreate OCS Cluster Service1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing
1897897 - ptp lose sync openshift 4.6
1898036 - no network after reboot (IPI)
1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically
1898097 - mDNS floods the baremetal network
1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem
1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied
1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster
1898174 - [OVN] EgressIP does not guard against node IP assignment
1898194 - GCP: can't install on custom machine types
1898238 - Installer validations allow same floating IP for API and Ingress
1898268 - [OVN]:make checkbroken on 4.6
1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default
1898320 - Incorrect Apostrophe Translation of "it's" in Scheduling Disabled Popover
1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display.
1898407 - [Deployment timing regression] Deployment takes longer with 4.7
1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service
1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine
1898500 - Failure to upgrade operator when a Service is included in a Bundle
1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic
1898532 - Display names defined in specDescriptors not respected
1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted
1898613 - Whereabouts should exclude IPv6 ranges
1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase
1898679 - Operand creation form - Required "type: object" properties (Accordion component) are missing red asterisk
1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability
1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator
1898839 - Wrong YAML in operator metadata
1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job
1898873 - Remove TechPreview Badge from Monitoring
1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way
1899111 - [RFE] Update jenkins-maven-agen to maven36
1899128 - VMI details screen -> show the warning that it is preferable to have a VM only if the VM actually does not exist
1899175 - bump the RHCOS boot images for 4.7
1899198 - Use new packages for ipa ramdisks
1899200 - In Installed Operators page I cannot search for an Operator by it's name
1899220 - Support AWS IMDSv2
1899350 - configure-ovs.sh doesn't configure bonding options
1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error "An error occurred Not Found"
1899459 - Failed to start monitoring pods once the operator removed from override list of CVO
1899515 - Passthrough credentials are not immediately re-distributed on update
1899575 - update discovery burst to reflect lots of CRDs on openshift clusters
1899582 - update discovery burst to reflect lots of CRDs on openshift clusters
1899588 - Operator objects are re-created after all other associated resources have been deleted
1899600 - Increased etcd fsync latency as of OCP 4.6
1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup
1899627 - Project dashboard Active status using small icon
1899725 - Pods table does not wrap well with quick start sidebar open
1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD)
1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality
1899835 - catalog-operator repeatedly crashes with "runtime error: index out of range [0] with length 0"
1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap
1899853 - additionalSecurityGroupIDs not working for master nodes
1899922 - NP changes sometimes influence new pods.
1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet
1900008 - Fix internationalized sentence fragments in ImageSearch.tsx
1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx
1900020 - Remove ' from internationalized keys
1900022 - Search Page - Top labels field is not applied to selected Pipeline resources
1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently
1900126 - Creating a VM results in suggestion to create a default storage class when one already exists
1900138 - [OCP on RHV] Remove insecure mode from the installer
1900196 - stalld is not restarted after crash
1900239 - Skip "subPath should be able to unmount" NFS test
1900322 - metal3 pod's toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists
1900377 - [e2e][automation] create new css selector for active users
1900496 - (release-4.7) Collect spec config for clusteroperator resources
1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks
1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue
1900759 - include qemu-guest-agent by default
1900790 - Track all resource counts via telemetry
1900835 - Multus errors when cachefile is not found
1900935 -oc adm release mirrorpanic panic: runtime error
1900989 - accessing the route cannot wake up the idled resources
1901040 - When scaling down the status of the node is stuck on deleting
1901057 - authentication operator health check failed when installing a cluster behind proxy
1901107 - pod donut shows incorrect information
1901111 - Installer dependencies are broken
1901200 - linuxptp-daemon crash when enable debug log level
1901301 - CBO should handle platform=BM without provisioning CR
1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly
1901363 - High Podready Latency due to timed out waiting for annotations
1901373 - redundant bracket on snapshot restore button
1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with "timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true"
1901395 - "Edit virtual machine template" action link should be removed
1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting
1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP
1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema
1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod "before all" hook for "creates the resource instance"
1901604 - CNO blocks editing Kuryr options
1901675 - [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should allow multicast traffic in namespaces where it is enabled
1901909 - The device plugin pods / cni pod are restarted every 5 minutes
1901982 - [sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service
1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error
1902059 - Wire a real signer for service accout issuer
1902091 -cluster-image-registry-operatorpod leaves connections open when fails connecting S3 storage
1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service
1902157 - The DaemonSet machine-api-termination-handler couldn't allocate Pod
1902253 - MHC status doesnt set RemediationsAllowed = 0
1902299 - Failed to mirror operator catalog - error: destination registry required
1902545 - Cinder csi driver node pod should add nodeSelector for Linux
1902546 - Cinder csi driver node pod doesn't run on master node
1902547 - Cinder csi driver controller pod doesn't run on master node
1902552 - Cinder csi driver does not use the downstream images
1902595 - Project workloads list view doesn't show alert icon and hover message
1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent
1902601 - Cinder csi driver pods run as BestEffort qosClass
1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group
1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails
1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked
1902824 - failed to generate semver informed package manifest: unable to determine default channel
1902894 - hybrid-overlay-node crashing trying to get node object during initialization
1902969 - Cannot load vmi detail page
1902981 - It should default to current namespace when create vm from template
1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file via s3:// URI
1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry
1903034 - OLM continuously printing debug logs
1903062 - [Cinder csi driver] Deployment mounted volume have no write access
1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready
1903107 - Enable vsphere-problem-detector e2e tests
1903164 - OpenShift YAML editor jumps to top every few seconds
1903165 - Improve Canary Status Condition handling for e2e tests
1903172 - Column Management: Fix sticky footer on scroll
1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled
1903188 - [Descheduler] cluster log reports failed to validate server configuration" err="unsupported log format:
1903192 - Role name missing on create role binding form
1903196 - Popover positioning is misaligned for Overview Dashboard status items
1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends.
1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components
1903248 - Backport Upstream Static Pod UID patch
1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests]
1903290 - Kubelet repeatedly log the same log line from exited containers
1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption.
1903382 - Panic when task-graph is canceled with a TaskNode with no tasks
1903400 - Migrate a VM which is not running goes to pending state
1903402 - Nic/Disk on VMI overview should link to VMI's nic/disk page
1903414 - NodePort is not working when configuring an egress IP address
1903424 - mapi_machine_phase_transition_seconds_sum doesn't work
1903464 - "Evaluating rule failed" for "record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum" and "record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum"
1903639 - Hostsubnet gatherer produces wrong output
1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service
1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started
1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image
1903717 - Handle different Pod selectors for metal3 Deployment
1903733 - Scale up followed by scale down can delete all running workers
1903917 - Failed to load "Developer Catalog" page
1903999 - Httplog response code is always zero
1904026 - The quota controllers should resync on new resources and make progress
1904064 - Automated cleaning is disabled by default
1904124 - DHCP to static lease script doesn't work correctly if starting with infinite leases
1904125 - Boostrap VM .ign image gets added into 'default' pool instead of <cluster-name>-<id>-bootstrap
1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails
1904133 - KubeletConfig flooded with failure conditions
1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart
1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi !
1904244 - MissingKey errors for two plugins using i18next.t
1904262 - clusterresourceoverride-operator has version: 1.0.0 every build
1904296 - VPA-operator has version: 1.0.0 every build
1904297 - The index image generated by "opm index prune" leaves unrelated images
1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards
1904385 - [oVirt] registry cannot mount volume on 4.6.4 -> 4.6.6 upgrade
1904497 - vsphere-problem-detector: Run on vSphere cloud only
1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set
1904502 - vsphere-problem-detector: allow longer timeouts for some operations
1904503 - vsphere-problem-detector: emit alerts
1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody)
1904578 - metric scraping for vsphere problem detector is not configured
1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -> 4.6.6 upgrade
1904663 - IPI pointer customization MachineConfig always generated
1904679 - [Feature:ImageInfo] Image info should display information about images
1904683 -[sig-builds][Feature:Builds] s2i build with a root user imagetests use docker.io image
1904684 - [sig-cli] oc debug ensure it works with image streams
1904713 - Helm charts with kubeVersion restriction are filtered incorrectly
1904776 - Snapshot modal alert is not pluralized
1904824 - Set vSphere hostname from guestinfo before NM starts
1904941 - Insights status is always showing a loading icon
1904973 - KeyError: 'nodeName' on NP deletion
1904985 - Prometheus and thanos sidecar targets are down
1904993 - Many ampersand special characters are found in strings
1905066 - QE - Monitoring test cases - smoke test suite automation
1905074 - QE -Gherkin linter to maintain standards
1905100 - Too many haproxy processes in default-router pod causing high load average
1905104 - Snapshot modal disk items missing keys
1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm
1905119 - Race in AWS EBS determining whether custom CA bundle is used
1905128 - [e2e][automation] e2e tests succeed without actually execute
1905133 - operator conditions special-resource-operator
1905141 - vsphere-problem-detector: report metrics through telemetry
1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures
1905194 - Detecting broken connections to the Kube API takes up to 15 minutes
1905221 - CVO transitions from "Initializing" to "Updating" despite not attempting many manifests
1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP
1905253 - Inaccurate text at bottom of Events page
1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory
1905299 - OLM fails to update operator
1905307 - Provisioning CR is missing from must-gather
1905319 - cluster-samples-operator containers are not requesting required memory resource
1905320 - csi-snapshot-webhook is not requesting required memory resource
1905323 - dns-operator is not requesting required memory resource
1905324 - ingress-operator is not requesting required memory resource
1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory
1905328 - Changing the bound token service account issuer invalids previously issued bound tokens
1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory
1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory
1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails
1905347 - QE - Design Gherkin Scenarios
1905348 - QE - Design Gherkin Scenarios
1905362 - [sriov] Error message 'Fail to update DaemonSet' always shown in sriov operator pod
1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted
1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input
1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation
1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1
1905404 - The example of "Remove the entrypoint on the mysql:latest image" foroc image appenddoes not work
1905416 - Hyperlink not working from Operator Description
1905430 - usbguard extension fails to install because of missing correct protobuf dependency version
1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads
1905502 - Test flake - unable to get https transport for ephemeral-registry
1905542 - [GSS] The "External" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6.
1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs
1905610 - Fix typo in export script
1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster
1905640 - Subscription manual approval test is flaky
1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry
1905696 - ClusterMoreUpdatesModal component did not get internationalized
1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes
1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project
1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster
1905792 - [OVN]Cannot create egressfirewalll with dnsName
1905889 - Should create SA for each namespace that the operator scoped
1905920 - Quickstart exit and restart
1905941 - Page goes to error after create catalogsource
1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711
1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters
1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected
1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it
1906118 - OCS feature detection constantly polls storageclusters and storageclasses
1906120 - 'Create Role Binding' form not setting user or group value when created from a user or group resource
1906121 - [oc] After new-project creation, the kubeconfig file does not set the project
1906134 - OLM should not create OperatorConditions for copied CSVs
1906143 - CBO supports log levels
1906186 - i18n: Translators are not able to translatethiswithout context for alert manager config
1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots
1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize.
1906276 -oc image appendcan't work with multi-arch image with --filter-by-os='.*'
1906318 - use proper term for Authorized SSH Keys
1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional
1906356 - Unify Clone PVC boot source flow with URL/Container boot source
1906397 - IPA has incorrect kernel command line arguments
1906441 - HorizontalNav and NavBar have invalid keys
1906448 - Deploy using virtualmedia with provisioning network disabled fails - 'Failed to connect to the agent' in ironic-conductor log
1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project
1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node's memory and killing them
1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures
1906511 - Root reprovisioning tests flaking often in CI
1906517 - Validation is not robust enough and may prevent to generate install-confing.
1906518 - Update snapshot API CRDs to v1
1906519 - Update LSO CRDs to use v1
1906570 - Number of disruptions caused by reboots on a cluster cannot be measured
1906588 - [ci][sig-builds] nodes is forbidden: User "e2e-test-jenkins-pipeline-xfghs-user" cannot list resource "nodes" in API group "" at the cluster scope
1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs
1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs
1906679 - quick start panel styles are not loaded
1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber
1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form
1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created
1906689 - user can pin to nav configmaps and secrets multiple times
1906691 - Add doc which describes disabling helm chart repository
1906713 - Quick starts not accesible for a developer user
1906718 - helm chart "provided by Redhat" is misspelled
1906732 - Machine API proxy support should be tested
1906745 - Update Helm endpoints to use Helm 3.4.x
1906760 - performance issues with topology constantly re-rendering
1906766 - localizedAutoscaled&Autoscalingpod texts overlap with the pod ring
1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section
1906769 - topology fails to load with non-kubeadmin user
1906770 - shortcuts on mobiles view occupies a lot of space
1906798 - Dev catalog customization doesn't update console-config ConfigMap
1906806 - Allow installing extra packages in ironic container images
1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer
1906835 - Topology view shows add page before then showing full project workloads
1906840 - ClusterOperator should not have status "Updating" if operator version is the same as the release version
1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy
1906860 - Bump kube dependencies to v1.20 for Net Edge components
1906864 - Quick Starts Tour: Need to adjust vertical spacing
1906866 - Translations of Sample-Utils
1906871 - White screen when sort by name in monitoring alerts page
1906872 - Pipeline Tech Preview Badge Alignment
1906875 - Provide an option to force backup even when API is not available.
1906877 - Placeholder' value in search filter do not match column heading in Vulnerabilities
1906879 - Add missing i18n keys
1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install
1906896 - No Alerts causes odd empty Table (Need no content message)
1906898 - Missing User RoleBindings in the Project Access Web UI
1906899 - Quick Start - Highlight Bounding Box Issue
1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1
1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers
1906935 - Delete resources when Provisioning CR is deleted
1906968 - Must-gather should support collecting kubernetes-nmstate resources
1906986 - Ensure failed pod adds are retried even if the pod object doesn't change
1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt
1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change
1907211 - beta promotion of p&f switched storage version to v1beta1, making downgrades impossible.
1907269 - Tooltips data are different when checking stack or not checking stack for the same time
1907280 - Install tour of OCS not available.
1907282 - Topology page breaks with white screen
1907286 - The default mhc machine-api-termination-handler couldn't watch spot instance
1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent
1907293 - Increase timeouts in e2e tests
1907295 - Gherkin script for improve management for helm
1907299 - Advanced Subscription Badge for KMS and Arbiter not present
1907303 - Align VM template list items by baseline
1907304 - Use PF styles for selected template card in VM Wizard
1907305 - Drop 'ISO' from CDROM boot source message
1907307 - Support and provider labels should be passed on between templates and sources
1907310 - Pin action should be renamed to favorite
1907312 - VM Template source popover is missing info about added date
1907313 - ClusterOperator objects cannot be overriden with cvo-overrides
1907328 - iproute-tc package is missing in ovn-kube image
1907329 - CLUSTER_PROFILE env. variable is not used by the CVO
1907333 - Node stuck in degraded state, mcp reports "Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached"
1907373 - Rebase to kube 1.20.0
1907375 - Bump to latest available 1.20.x k8s - workloads team
1907378 - Gather netnamespaces networking info
1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity
1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn't match the CSV one
1907390 - prometheus-adapter: panic after k8s 1.20 bump
1907399 - build log icon link on topology nodes cause app to reload
1907407 - Buildah version not accessible
1907421 - [4.6.1]oc-image-mirror command failed on "error: unable to copy layer"
1907453 - Dev Perspective -> running vm details -> resources -> no data
1907454 - Install PodConnectivityCheck CRD with CNO
1907459 - "The Boot source is also maintained by Red Hat." is always shown for all boot sources
1907475 - Unable to estimate the error rate of ingress across the connected fleet
1907480 -Active alertssection throwing forbidden error for users.
1907518 - Kamelets/Eventsource should be shown to user if they have create access
1907543 - Korean timestamps are shown when users' language preferences are set to German-en-en-US
1907610 - Update kubernetes deps to 1.20
1907612 - Update kubernetes deps to 1.20
1907621 - openshift/installer: bump cluster-api-provider-kubevirt version
1907628 - Installer does not set primary subnet consistently
1907632 - Operator Registry should update its kubernetes dependencies to 1.20
1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters
1907644 - fix up handling of non-critical annotations on daemonsets/deployments
1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?)
1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication
1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail
1907767 - [e2e][automation]update test suite for kubevirt plugin
1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don't allow master and worker nodes to boot
1907792 - Theoverridesof the OperatorCondition cannot block the operator upgrade
1907793 - Surface support info in VM template details
1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage
1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set
1907863 - Quickstarts status not updating when starting the tour
1907872 - dual stack with an ipv6 network fails on bootstrap phase
1907874 - QE - Design Gherkin Scenarios for epic ODC-5057
1907875 - No response when try to expand pvc with an invalid size
1907876 - Refactoring record package to make gatherer configurable
1907877 - QE - Automation- pipelines builder scripts
1907883 - Fix Pipleine creation without namespace issue
1907888 - Fix pipeline list page loader
1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form
1907892 - Unable to edit application deployed using "From Devfile" option
1907893 - navSortUtils.spec.ts unit test failure
1907896 - When a workload is added, Topology does not place the new items well
1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template
1907924 - Enable madvdontneed in OpenShift Images
1907929 - Enable madvdontneed in OpenShift System Components Part 2
1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot
1907947 - The kubeconfig saved in tenantcluster shouldn't include anything that is not related to the current context
1907948 - OCM-O bump to k8s 1.20
1907952 - bump to k8s 1.20
1907972 - Update OCM link to open Insights tab
1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI
1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916
1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni
1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk
1908035 - dynamic-demo-plugin build does not generate dist directory
1908135 - quick search modal is not centered over topology
1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled
1908159 - [AWS C2S] MCO fails to sync cloud config
1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384)
1908180 - Add source for template is stucking in preparing pvc
1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens
1908231 - [Migration] The pods ovnkube-node are in CrashLoopBackOff after SDN to OVN
1908277 - QE - Automation- pipelines actions scripts
1908280 - Documentation describingignore-volume-azis incorrect
1908296 - Fix pipeline builder form yaml switcher validation issue
1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI
1908323 - Create button missing for PLR in the search page
1908342 - The new pv_collector_total_pv_count is not reported via telemetry
1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name
1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots
1908349 - Volume snapshot tests are failing after 1.20 rebase
1908353 - QE - Automation- pipelines runs scripts
1908361 - bump to k8s 1.20
1908367 - QE - Automation- pipelines triggers scripts
1908370 - QE - Automation- pipelines secrets scripts
1908375 - QE - Automation- pipelines workspaces scripts
1908381 - Go Dependency Fixes for Devfile Lib
1908389 - Loadbalancer Sync failing on Azure
1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived
1908407 - Backport Upstream 95269 to fix potential crash in kubelet
1908410 - Exclude Yarn from VSCode search
1908425 - Create Role Binding form subject type and name are undefined when All Project is selected
1908431 - When the marketplace-operator pod get's restarted, the custom catalogsources are gone, as well as the pods
1908434 - Remove &apos from metal3-plugin internationalized strings
1908437 - Operator backed with no icon has no badge associated with the CSV tag
1908459 - bump to k8s 1.20
1908461 - Add bugzilla component to OWNERS file
1908462 - RHCOS 4.6 ostree removed dhclient
1908466 - CAPO AZ Screening/Validating
1908467 - Zoom in and zoom out in topology package should be sentence case
1908468 - [Azure][4.7] Installer can't properly parse instance type with non integer memory size
1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster
1908471 - OLM should bump k8s dependencies to 1.20
1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests
1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM
1908545 - VM clone dialog does not open
1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard
1908562 - Pod readiness is not being observed in real world cases
1908565 - [4.6] Cannot filter the platform/arch of the index image
1908573 - Align the style of flavor
1908583 - bootstrap does not run on additional networks if configured for master in install-config
1908596 - Race condition on operator installation
1908598 - Persistent Dashboard shows events for all provisioners
1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state
1908648 - Skip TestKernelType test on OKD, adjust TestExtensions
1908650 - The title of customize wizard is inconsistent
1908654 - cluster-api-provider: volumes and disks names shouldn't change by machine-api-operator
1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s]
1908687 - Option to save user settings separate when using local bridge (affects console developers only)
1908697 - Showkubectl diff command in the oc diff help page
1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom
1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds
1908717 - "missing unit character in duration" error in some network dashboards
1908746 - [Safari] Drop Shadow doesn't works as expected on hover on workload
1908747 - stale S3 CredentialsRequest in CCO manifest
1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase
1908830 - RHCOS 4.6 - Missing Initiatorname
1908868 - Update empty state message for EventSources and Channels tab
1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes
1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference
1908888 - Dualstack does not work with multiple gateways
1908889 - Bump CNO to k8s 1.20
1908891 - TestDNSForwarding DNS operator e2e test is failing frequently
1908914 - CNO: upgrade nodes before masters
1908918 - Pipeline builder yaml view sidebar is not responsive
1908960 - QE - Design Gherkin Scenarios
1908971 - Gherkin Script for pipeline debt 4.7
1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated
1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console
1908998 - [cinder-csi-driver] doesn't detect the credentials change
1909004 - "No datapoints found" for RHEL node's filesystem graph
1909005 - i18n: workloads list view heading is not translated
1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects
1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type
1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware
1909067 - Web terminal should keep latest output when connection closes
1909070 - PLR and TR Logs component is not streaming as fast as tkn
1909092 - Error Message should not confuse user on Channel form
1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page
1909108 - Machine API components should use 1.20 dependencies
1909116 - Catalog Sort Items dropdown is not aligned on Firefox
1909198 - Move Sink action option is not working
1909207 - Accessibility Issue on monitoring page
1909236 - Remove pinned icon overlap on resource name
1909249 - Intermittent packet drop from pod to pod
1909276 - Accessibility Issue on create project modal
1909289 - oc debug of an init container no longer works
1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2
1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle
1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it
1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O
1909464 - Build operator-registry with golang-1.15
1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found
1909521 - Add kubevirt cluster type for e2e-test workflow
1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created
1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node
1909610 - Fix available capacity when no storage class selected
1909678 - scale up / down buttons available on pod details side panel
1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART
1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined
1909739 - Arbiter request data changes
1909744 - cluster-api-provider-openstack: Bump gophercloud
1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline
1909791 - Update standalone kube-proxy config for EndpointSlice
1909792 - Empty states for some details page subcomponents are not i18ned
1909815 - Perspective switcher is only half-i18ned
1909821 - OCS 4.7 LSO installation blocked because of Error "Invalid value: "integer": spec.flexibleScaling in body
1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn't installed in CI
1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing
1909911 - [OVN]EgressFirewall caused a segfault
1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument
1909958 - Support Quick Start Highlights Properly
1909978 - ignore-volume-az = yes not working on standard storageClass
1909981 - Improve statement in template select step
1909992 - Fail to pull the bundle image when using the private index image
1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev
1910036 - QE - Design Gherkin Scenarios ODC-4504
1910049 - UPI: ansible-galaxy is not supported
1910127 - [UPI on oVirt]: Improve UPI Documentation
1910140 - fix the api dashboard with changes in upstream kube 1.20
1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment's containers with the OPERATOR_CONDITION_NAME Environment Variable
1910165 - DHCP to static lease script doesn't handle multiple addresses
1910305 - [Descheduler] - The minKubeVersion should be 1.20.0
1910409 - Notification drawer is not localized for i18n
1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials
1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation
1910501 - Installed Operators->Operand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page
1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work
1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready
1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability
1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded
1910739 - Redfish-virtualmedia (idrac) deploy fails on "The Virtual Media image server is already connected"
1910753 - Support Directory Path to Devfile
1910805 - Missing translation for Pipeline status and breadcrumb text
1910829 - Cannot delete a PVC if the dv's phase is WaitForFirstConsumer
1910840 - Show Nonexistent command info in theoc rollback -hhelp page
1910859 - breadcrumbs doesn't use last namespace
1910866 - Unify templates string
1910870 - Unify template dropdown action
1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6
1911129 - Monitoring charts renders nothing when switching from a Deployment to "All workloads"
1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard
1911212 - [MSTR-998] API Performance Dashboard "Period" drop-down has a choice "$__auto_interval_period" which can bring "1:154: parse error: missing unit character in duration"
1911213 - Wrong and misleading warning for VMs that were created manually (not from template)
1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created
1911269 - waiting for the build message present when build exists
1911280 - Builder images are not detected for Dotnet, Httpd, NGINX
1911307 - Pod Scale-up requires extra privileges in OpenShift web-console
1911381 - "Select Persistent Volume Claim project" shows in customize wizard when select a source available template
1911382 - "source volumeMode (Block) and target volumeMode (Filesystem) do not match" shows in VM Error
1911387 - Hit error - "Cannot read property 'value' of undefined" while creating VM from template
1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation
1911418 - [v2v] The target storage class name is not displayed if default storage class is used
1911434 - git ops empty state page displays icon with watermark
1911443 - SSH Cretifiaction field should be validated
1911465 - IOPS display wrong unit
1911474 - Devfile Application Group Does Not Delete Cleanly (errors)
1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController
1911574 - Expose volume mode on Upload Data form
1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined
1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel
1911656 - using 'operator-sdk run bundle' to install operator successfully, but the command output said 'Failed to run bundle''
1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state
1911782 - Descheduler should not evict pod used local storage by the PVC
1911796 - uploading flow being displayed before submitting the form
1912066 - The ansible type operator's manager container is not stable when managing the CR
1912077 - helm operator's default rbac forbidden
1912115 - [automation] Analyze job keep failing because of 'JavaScript heap out of memory'
1912237 - Rebase CSI sidecars for 4.7
1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page
1912409 - Fix flow schema deployment
1912434 - Update guided tour modal title
1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken
1912523 - Standalone pod status not updating in topology graph
1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion
1912558 - TaskRun list and detail screen doesn't show Pending status
1912563 - p&f: carry 97206: clean up executing request on panic
1912565 - OLM macOS local build broken by moby/term dependency
1912567 - [OCP on RHV] Node becomes to 'NotReady' status when shutdown vm from RHV UI only on the second deletion
1912577 - 4.1/4.2->4.3->...-> 4.7 upgrade is stuck during 4.6->4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff
1912590 - publicImageRepository not being populated
1912640 - Go operator's controller pods is forbidden
1912701 - Handle dual-stack configuration for NIC IP
1912703 - multiple queries can't be plotted in the same graph under some conditons
1912730 - Operator backed: In-context should support visual connector if SBO is not installed
1912828 - Align High Performance VMs with High Performance in RHV-UI
1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates
1912852 - VM from wizard - available VM templates - "storage" field is "0 B"
1912888 - recycler template should be moved to KCM operator
1912907 - Helm chart repository index can contain unresolvable relative URL's
1912916 - Set external traffic policy to cluster for IBM platform
1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller
1912938 - Update confirmation modal for quick starts
1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment
1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment
1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver
1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver
1912977 - rebase upstream static-provisioner
1913006 - Remove etcd v2 specific alerts with etcd_http* metrics
1913011 - [OVN] Pod's external traffic not use egressrouter macvlan ip as a source ip
1913037 - update static-provisioner base image
1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state
1913085 - Regression OLM uses scoped client for CRD installation
1913096 - backport: cadvisor machine metrics are missing in k8s 1.19
1913132 - The installation of Openshift Virtualization reports success early before it 's succeeded eventually
1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root
1913196 - Guided Tour doesn't handle resizing of browser
1913209 - Support modal should be shown for community supported templates
1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort
1913249 - update info alert this template is not aditable
1913285 - VM list empty state should link to virtualization quick starts
1913289 - Rebase AWS EBS CSI driver for 4.7
1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled
1913297 - Remove restriction of taints for arbiter node
1913306 - unnecessary scroll bar is present on quick starts panel
1913325 - 1.20 rebase for openshift-apiserver
1913331 - Import from git: Fails to detect Java builder
1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used
1913343 - (release-4.7) Added changelog file for insights-operator
1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator
1913371 - Missing i18n key "Administrator" in namespace "console-app" and language "en."
1913386 - users can see metrics of namespaces for which they don't have rights when monitoring own services with prometheus user workloads
1913420 - Time duration setting of resources is not being displayed
1913536 - 4.6.9 -> 4.7 upgrade hangs. RHEL 7.9 worker stuck on "error enabling unit: Failed to execute operation: File exists\\n\"
1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase
1913560 - Normal user cannot load template on the new wizard
1913563 - "Virtual Machine" is not on the same line in create button when logged with normal user
1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table
1913568 - Normal user cannot create template
1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker
1913585 - Topology descriptive text fixes
1913608 - Table data contains data value None after change time range in graph and change back
1913651 - Improved Red Hat image and crashlooping OpenShift pod collection
1913660 - Change location and text of Pipeline edit flow alert
1913685 - OS field not disabled when creating a VM from a template
1913716 - Include additional use of existing libraries
1913725 - Refactor Insights Operator Plugin states
1913736 - Regression: fails to deploy computes when using root volumes
1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes
1913751 - add third-party network plugin test suite to openshift-tests
1913783 - QE-To fix the merging pr issue, commenting the afterEach() block
1913807 - Template support badge should not be shown for community supported templates
1913821 - Need definitive steps about uninstalling descheduler operator
1913851 - Cluster Tasks are not sorted in pipeline builder
1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists
1913951 - Update the Devfile Sample Repo to an Official Repo Host
1913960 - Cluster Autoscaler should use 1.20 dependencies
1913969 - Field dependency descriptor can sometimes cause an exception
1914060 - Disk created from 'Import via Registry' cannot be used as boot disk
1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy
1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks)
1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances
1914125 - Still using /dev/vde as default device path when create localvolume
1914183 - Empty NAD page is missing link to quickstarts
1914196 - target port infrom dockerfileflow does nothing
1914204 - Creating VM from dev perspective may fail with template not found error
1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets
1914212 - [e2e][automation] Add test to validate bootable disk souce
1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes
1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows
1914287 - Bring back selfLink
1914301 - User VM Template source should show the same provider as template itself
1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs
1914309 - /terminal page when WTO not installed shows nonsensical error
1914334 - order of getting started samples is arbitrary
1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel] timeout on s390x
1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI
1914405 - Quick search modal should be opened when coming back from a selection
1914407 - Its not clear that node-ca is running as non-root
1914427 - Count of pods on the dashboard is incorrect
1914439 - Typo in SRIOV port create command example
1914451 - cluster-storage-operator pod running as root
1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true
1914642 - Customize Wizard Storage tab does not pass validation
1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling
1914793 - device names should not be translated
1914894 - Warn about using non-groupified api version
1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug
1914932 - Put correct resource name in relatedObjects
1914938 - PVC disk is not shown on customization wizard general tab
1914941 - VM Template rootdisk is not deleted after fetching default disk bus
1914975 - Collect logs from openshift-sdn namespace
1915003 - No estimate of average node readiness during lifetime of a cluster
1915027 - fix MCS blocking iptables rules
1915041 - s3:ListMultipartUploadParts is relied on implicitly
1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons
1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours
1915085 - Pods created and rapidly terminated get stuck
1915114 - [aws-c2s] worker machines are not create during install
1915133 - Missing default pinned nav items in dev perspective
1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource
1915187 - Remove the "Tech preview" tag in web-console for volumesnapshot
1915188 - Remove HostSubnet anonymization
1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment
1915217 - OKD payloads expect to be signed with production keys
1915220 - Remove dropdown workaround for user settings
1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure
1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod
1915277 - [e2e][automation]fix cdi upload form test
1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout
1915304 - Updating scheduling component builder & base images to be consistent with ART
1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node
1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection
1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod
1915357 - Dev Catalog doesn't load anything if virtualization operator is installed
1915379 - New template wizard should require provider and make support input a dropdown type
1915408 - Failure in operator-registry kind e2e test
1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation
1915460 - Cluster name size might affect installations
1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance
1915540 - Silent 4.7 RHCOS install failure on ppc64le
1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI)
1915582 - p&f: carry upstream pr 97860
1915594 - [e2e][automation] Improve test for disk validation
1915617 - Bump bootimage for various fixes
1915624 - "Please fill in the following field: Template provider" blocks customize wizard
1915627 - Translate Guided Tour text.
1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error
1915647 - Intermittent White screen when the connector dragged to revision
1915649 - "Template support" pop up is not a warning; checkbox text should be rephrased
1915654 - [e2e][automation] Add a verification for Afinity modal should hint "Matching node found"
1915661 - Can't run the 'oc adm prune' command in a pod
1915672 - Kuryr doesn't work with selfLink disabled.
1915674 - Golden image PVC creation - storage size should be taken from the template
1915685 - Message for not supported template is not clear enough
1915760 - Need to increase timeout to wait rhel worker get ready
1915793 - quick starts panel syncs incorrectly across browser windows
1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster
1915818 - vsphere-problem-detector: use "_totals" in metrics
1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol
1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version
1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0
1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics
1915885 - Kuryr doesn't support workers running on multiple subnets
1915898 - TaskRun log output shows "undefined" in streaming
1915907 - test/cmd/builds.sh uses docker.io
1915912 - sig-storage-csi-snapshotter image not available
1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder & base images to be consistent with ART
1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard
1915939 - Resizing the browser window removes Web Terminal Icon
1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance]
1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7
1915962 - ROKS: manifest with machine health check fails to apply in 4.7
1915972 - Global configuration breadcrumbs do not work as expected
1915981 - Install ethtool and conntrack in container for debugging
1915995 - "Edit RoleBinding Subject" action under RoleBinding list page kebab actions causes unhandled exception
1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups
1916021 - OLM enters infinite loop if Pending CSV replaces itself
1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry
1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert's annotations
1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk
1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration
1916145 - Explicitly set minimum versions of python libraries
1916164 - Update csi-driver-nfs builder & base images to be consistent with ART
1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7
1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third
1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2
1916379 - error metrics from vsphere-problem-detector should be gauge
1916382 - Can't create ext4 filesystems with Ignition
1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving 'verified: false' even for verified updates
1916401 - Deleting an ingress controller with a bad DNS Record hangs
1916417 - [Kuryr] Must-gather does not have all Custom Resources information
1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image
1916454 - teach CCO about upgradeability from 4.6 to 4.7
1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation
1916502 - Boot disk mirroring fails with mdadm error
1916524 - Two rootdisk shows on storage step
1916580 - Default yaml is broken for VM and VM template
1916621 - oc adm node-logs examples are wrong
1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret.
1916692 - Possibly fails to destroy LB and thus cluster
1916711 - Update Kube dependencies in MCO to 1.20.0
1916747 - remove links to quick starts if virtualization operator isn't updated to 2.6
1916764 - editing a workload with no application applied, will auto fill the app
1916834 - Pipeline Metrics - Text Updates
1916843 - collect logs from openshift-sdn-controller pod
1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed
1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually
1916888 - OCS wizard Donor chart does not get updated whenDevice Typeis edited
1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error "Forbidden: cannot specify lbFloatingIP and apiFloatingIP together"
1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace
1917101 - [UPI on oVirt] - 'RHCOS image' topic isn't located in the right place in UPI document
1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to '"ProxyConfigController" controller failed to sync "key"' error
1917117 - Common templates - disks screen: invalid disk name
1917124 - Custom template - clone existing PVC - the name of the target VM's data volume is hard-coded; only one VM can be created
1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator
1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable.
1917148 - [oVirt] Consume 23-10 ovirt sdk
1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened
1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console
1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory
1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7
1917327 - annotations.message maybe wrong for NTOPodsNotReady alert
1917367 - Refactor periodic.go
1917371 - Add docs on how to use the built-in profiler
1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console
1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui
1917484 - [BM][IPI] Failed to scale down machineset
1917522 - Deprecate --filter-by-os in oc adm catalog mirror
1917537 - controllers continuously busy reconciling operator
1917551 - use min_over_time for vsphere prometheus alerts
1917585 - OLM Operator install page missing i18n
1917587 - Manila CSI operator becomes degraded if user doesn't have permissions to list share types
1917605 - Deleting an exgw causes pods to no longer route to other exgws
1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API
1917656 - Add to Project/application for eventSources from topology shows 404
1917658 - Show TP badge for sources powered by camel connectors in create flow
1917660 - Editing parallelism of job get error info
1917678 - Could not provision pv when no symlink and target found on rhel worker
1917679 - Hide double CTA in admin pipelineruns tab
1917683 -NodeTextFileCollectorScrapeErroralert in OCP 4.6 cluster.
1917759 - Console operator panics after setting plugin that does not exists to the console-operator config
1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0
1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0
1917799 - Gather s list of names and versions of installed OLM operators
1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error
1917814 - Show Broker create option in eventing under admin perspective
1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types
1917872 - [oVirt] rebase on latest SDK 2021-01-12
1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image
1917938 - upgrade version of dnsmasq package
1917942 - Canary controller causes panic in ingress-operator
1918019 - Undesired scrollbars in markdown area of QuickStart
1918068 - Flaky olm integration tests
1918085 - reversed name of job and namespace in cvo log
1918112 - Flavor is not editable if a customize VM is created from cli
1918129 - Update IO sample archive with missing resources & remove IP anonymization from clusteroperator resources
1918132 - i18n: Volume Snapshot Contents menu is not translated
1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2
1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn't be installed on OSP
1918153 - When&character is set as an environment variable in a build config it is getting converted as\u00261918185 - Capitalization on PLR details page
1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections
1918318 - Kamelet connector's are not shown in eventing section under Admin perspective
1918351 - Gather SAP configuration (SCC & ClusterRoleBinding)
1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews
1918395 - [ovirt] increase livenessProbe period
1918415 - MCD nil pointer on dropins
1918438 - [ja_JP, zh_CN] Serverless i18n misses
1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig
1918471 - CustomNoUpgrade Feature gates are not working correctly
1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk
1918622 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART
1918623 - Updating ose-jenkins-agent-nodejs-12 builder & base images to be consistent with ART
1918625 - Updating ose-jenkins-agent-nodejs-10 builder & base images to be consistent with ART
1918635 - Updating openshift-jenkins-2 builder & base images to be consistent with ART #1197
1918639 - Event listener with triggerRef crashes the console
1918648 - Subscription page doesn't show InstallPlan correctly
1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack
1918748 - helmchartrepo is not http(s)_proxy-aware
1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI
1918803 - Need dedicated details page w/ global config breadcrumbs for 'KnativeServing' plugin
1918826 - Insights popover icons are not horizontally aligned
1918879 - need better debug for bad pull secrets
1918958 - The default NMstate instance from the operator is incorrect
1919097 - Close bracket ")" missing at the end of the sentence in the UI
1919231 - quick search modal cut off on smaller screens
1919259 - Make "Add x" singular in Pipeline Builder
1919260 - VM Template list actions should not wrap
1919271 - NM prepender script doesn't support systemd-resolved
1919341 - Updating ose-jenkins-agent-maven builder & base images to be consistent with ART
1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry
1919379 - dotnet logo out of date
1919387 - Console login fails with no error when it can't write to localStorage
1919396 - A11y Violation: svg-img-alt on Pod Status ring
1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren't verified
1919750 - Search InstallPlans got Minified React error
1919778 - Upgrade is stuck in insights operator Degraded with "Source clusterconfig could not be retrieved" until insights operator pod is manually deleted
1919823 - OCP 4.7 Internationalization Chinese tranlate issue
1919851 - Visualization does not render when Pipeline & Task share same name
1919862 - The tip information foroc new-project --skip-config-writeis wrong
1919876 - VM created via customize wizard cannot inherit template's PVC attributes
1919877 - Click on KSVC breaks with white screen
1919879 - The toolbox container name is changed from 'toolbox-root' to 'toolbox-' in a chroot environment
1919945 - user entered name value overridden by default value when selecting a git repository
1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference
1919970 - NTO does not update when the tuned profile is updated.
1919999 - Bump Cluster Resource Operator Golang Versions
1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration
1920200 - user-settings network error results in infinite loop of requests
1920205 - operator-registry e2e tests not working properly
1920214 - Bump golang to 1.15 in cluster-resource-override-admission
1920248 - re-running the pipelinerun with pipelinespec crashes the UI
1920320 - VM template field is "Not available" if it's created from common template
1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode isDisk Mode1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs
1920390 - Monitoring > Metrics graph shifts to the left when clicking the "Stacked" option and when toggling data series lines on / off
1920426 - Egress Router CNI OWNERS file should have ovn-k team members
1920427 - Need to updateoc loginhelp page since we don't support prompt interactively for the username
1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time
1920438 - openshift-tuned panics on turning debugging on/off.
1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn
1920481 - kuryr-cni pods using unreasonable amount of CPU
1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof
1920524 - Topology graph crashes adding Open Data Hub operator
1920526 - catalog operator causing CPU spikes and bad etcd performance
1920551 - Boot Order is not editable for Templates in "openshift" namespace
1920555 - bump cluster-resource-override-admission api dependencies
1920571 - fcp multipath will not recover failed paths automatically
1920619 - Remove default scheduler profile value
1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present
1920674 - MissingKey errors in bindings namespace
1920684 - Text in language preferences modal is misleading
1920695 - CI is broken because of bad image registry reference in the Makefile
1920756 - update generic-admission-server library to get the system:masters authorization optimization
1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for "network-check-target" failed when "defaultNodeSelector" is set
1920771 - i18n: Delete persistent volume claim drop down is not translated
1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI
1920912 - Unable to power off BMH from console
1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by "2"
1920984 - [e2e][automation] some menu items names are out dated
1921013 - Gather PersistentVolume definition (if any) used in image registry config
1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior)
1921087 - 'start next quick start' link doesn't work and is unintuitive
1921088 - test-cmd is failing on volumes.sh pretty consistently
1921248 - Clarify the kubelet configuration cr description
1921253 - Text filter default placeholder text not internationalized
1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window
1921275 - Panic in authentication-operator in (*deploymentController).updateOperatorDeploymentInfo
1921277 - Fix Warning and Info log statements to handle arguments
1921281 - oc get -o yaml --export returns "error: unknown flag: --export"
1921458 - [SDK] Gracefully handle therun bundle-upgradeif the lower version operator doesn't exist
1921556 - [OCS with Vault]: OCS pods didn't comeup after deploying with Vault details from UI
1921572 - For external source (i.e GitHub Source) form view as well shows yaml
1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass
1921610 - Pipeline metrics font size inconsistency
1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1921655 - [OSP] Incorrect error handling during cloudinfo generation
1921713 - [e2e][automation] fix failing VM migration tests
1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view
1921774 - delete application modal errors when a resource cannot be found
1921806 - Explore page APIResourceLinks aren't i18ned
1921823 - CheckBoxControls not internationalized
1921836 - AccessTableRows don't internationalize "User" or "Group"
1921857 - Test flake when hitting router in e2e tests due to one router not being up to date
1921880 - Dynamic plugins are not initialized on console load in production mode
1921911 - Installer PR #4589 is causing leak of IAM role policy bindings
1921921 - "Global Configuration" breadcrumb does not use sentence case
1921949 - Console bug - source code URL broken for gitlab self-hosted repositories
1921954 - Subscription-related constraints in ResolutionFailed events are misleading
1922015 - buttons in modal header are invisible on Safari
1922021 - Nodes terminal page 'Expand' 'Collapse' button not translated
1922050 - [e2e][automation] Improve vm clone tests
1922066 - Cannot create VM from custom template which has extra disk
1922098 - Namespace selection dialog is not closed after select a namespace
1922099 - Updated Readme documentation for QE code review and setup
1922146 - Egress Router CNI doesn't have logging support.
1922267 - Collect specific ADFS error
1922292 - Bump RHCOS boot images for 4.7
1922454 - CRI-O doesn't enable pprof by default
1922473 - reconcile LSO images for 4.8
1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace
1922782 - Source registry missing docker:// in yaml
1922907 - Interop UI Tests - step implementation for updating feature files
1922911 - Page crash when click the "Stacked" checkbox after clicking the data series toggle buttons
1922991 - "verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build" test fails on OKD
1923003 - WebConsole Insights widget showing "Issues pending" when the cluster doesn't report anything
1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources
1923102 - [vsphere-problem-detector-operator] pod's version is not correct
1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot
1923674 - k8s 1.20 vendor dependencies
1923721 - PipelineRun running status icon is not rotating
1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios
1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator
1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator
1923874 - Unable to specify values with % in kubeletconfig
1923888 - Fixes error metadata gathering
1923892 - Update arch.md after refactor.
1923894 - "installed" operator status in operatorhub page does not reflect the real status of operator
1923895 - Changelog generation.
1923911 - [e2e][automation] Improve tests for vm details page and list filter
1923945 - PVC Name and Namespace resets when user changes os/flavor/workload
1923951 - EventSources showsundefined` in project
1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins
1924046 - Localhost: Refreshing on a Project removes it from nav item urls
1924078 - Topology quick search View all results footer should be sticky.
1924081 - NTO should ship the latest Tuned daemon release 2.15
1924084 - backend tests incorrectly hard-code artifacts dir
1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build
1924135 - Under sufficient load, CRI-O may segfault
1924143 - Code Editor Decorator url is broken for Bitbucket repos
1924188 - Language selector dropdown doesn't always pre-select the language
1924365 - Add extra disk for VM which use boot source PXE
1924383 - Degraded network operator during upgrade to 4.7.z
1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box.
1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on
1924583 - Deprectaed templates are listed in the Templates screen
1924870 - pick upstream pr#96901: plumb context with request deadline
1924955 - Images from Private external registry not working in deploy Image
1924961 - k8sutil.TrimDNS1123Label creates invalid values
1924985 - Build egress-router-cni for both RHEL 7 and 8
1925020 - Console demo plugin deployment image shoult not point to dockerhub
1925024 - Remove extra validations on kafka source form view net section
1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running
1925072 - NTO needs to ship the current latest stalld v1.7.0
1925163 - Missing info about dev catalog in boot source template column
1925200 - Monitoring Alert icon is missing on the workload in Topology view
1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1
1925319 - bash syntax error in configure-ovs.sh script
1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data
1925516 - Pipeline Metrics Tooltips are overlapping data
1925562 - Add new ArgoCD link from GitOps application environments page
1925596 - Gitops details page image and commit id text overflows past card boundary
1926556 - 'excessive etcd leader changes' test case failing in serial job because prometheus data is wiped by machine set test
1926588 - The tarball of operator-sdk is not ready for ocp4.7
1927456 - 4.7 still points to 4.6 catalog images
1927500 - API server exits non-zero on 2 SIGTERM signals
1929278 - Monitoring workloads using too high a priorityclass
1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api
1929920 - Cluster monitoring documentation link is broken - 404 not found
- References:
https://access.redhat.com/security/cve/CVE-2018-10103 https://access.redhat.com/security/cve/CVE-2018-10105 https://access.redhat.com/security/cve/CVE-2018-14461 https://access.redhat.com/security/cve/CVE-2018-14462 https://access.redhat.com/security/cve/CVE-2018-14463 https://access.redhat.com/security/cve/CVE-2018-14464 https://access.redhat.com/security/cve/CVE-2018-14465 https://access.redhat.com/security/cve/CVE-2018-14466 https://access.redhat.com/security/cve/CVE-2018-14467 https://access.redhat.com/security/cve/CVE-2018-14468 https://access.redhat.com/security/cve/CVE-2018-14469 https://access.redhat.com/security/cve/CVE-2018-14470 https://access.redhat.com/security/cve/CVE-2018-14553 https://access.redhat.com/security/cve/CVE-2018-14879 https://access.redhat.com/security/cve/CVE-2018-14880 https://access.redhat.com/security/cve/CVE-2018-14881 https://access.redhat.com/security/cve/CVE-2018-14882 https://access.redhat.com/security/cve/CVE-2018-16227 https://access.redhat.com/security/cve/CVE-2018-16228 https://access.redhat.com/security/cve/CVE-2018-16229 https://access.redhat.com/security/cve/CVE-2018-16230 https://access.redhat.com/security/cve/CVE-2018-16300 https://access.redhat.com/security/cve/CVE-2018-16451 https://access.redhat.com/security/cve/CVE-2018-16452 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-3884 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-6977 https://access.redhat.com/security/cve/CVE-2019-6978 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-9455 https://access.redhat.com/security/cve/CVE-2019-9458 https://access.redhat.com/security/cve/CVE-2019-11068 https://access.redhat.com/security/cve/CVE-2019-12614 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13225 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15165 https://access.redhat.com/security/cve/CVE-2019-15166 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-15917 https://access.redhat.com/security/cve/CVE-2019-15925 https://access.redhat.com/security/cve/CVE-2019-16167 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2019-16231 https://access.redhat.com/security/cve/CVE-2019-16233 https://access.redhat.com/security/cve/CVE-2019-16935 https://access.redhat.com/security/cve/CVE-2019-17450 https://access.redhat.com/security/cve/CVE-2019-17546 https://access.redhat.com/security/cve/CVE-2019-18197 https://access.redhat.com/security/cve/CVE-2019-18808 https://access.redhat.com/security/cve/CVE-2019-18809 https://access.redhat.com/security/cve/CVE-2019-19046 https://access.redhat.com/security/cve/CVE-2019-19056 https://access.redhat.com/security/cve/CVE-2019-19062 https://access.redhat.com/security/cve/CVE-2019-19063 https://access.redhat.com/security/cve/CVE-2019-19068 https://access.redhat.com/security/cve/CVE-2019-19072 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2019-19319 https://access.redhat.com/security/cve/CVE-2019-19332 https://access.redhat.com/security/cve/CVE-2019-19447 https://access.redhat.com/security/cve/CVE-2019-19524 https://access.redhat.com/security/cve/CVE-2019-19533 https://access.redhat.com/security/cve/CVE-2019-19537 https://access.redhat.com/security/cve/CVE-2019-19543 https://access.redhat.com/security/cve/CVE-2019-19602 https://access.redhat.com/security/cve/CVE-2019-19767 https://access.redhat.com/security/cve/CVE-2019-19770 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20054 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2019-20386 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20636 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-20812 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2019-20916 https://access.redhat.com/security/cve/CVE-2020-0305 https://access.redhat.com/security/cve/CVE-2020-0444 https://access.redhat.com/security/cve/CVE-2020-1716 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-2574 https://access.redhat.com/security/cve/CVE-2020-2752 https://access.redhat.com/security/cve/CVE-2020-2922 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3898 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-7774 https://access.redhat.com/security/cve/CVE-2020-8177 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-8563 https://access.redhat.com/security/cve/CVE-2020-8566 https://access.redhat.com/security/cve/CVE-2020-8619 https://access.redhat.com/security/cve/CVE-2020-8622 https://access.redhat.com/security/cve/CVE-2020-8623 https://access.redhat.com/security/cve/CVE-2020-8624 https://access.redhat.com/security/cve/CVE-2020-8647 https://access.redhat.com/security/cve/CVE-2020-8648 https://access.redhat.com/security/cve/CVE-2020-8649 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-10732 https://access.redhat.com/security/cve/CVE-2020-10749 https://access.redhat.com/security/cve/CVE-2020-10751 https://access.redhat.com/security/cve/CVE-2020-10763 https://access.redhat.com/security/cve/CVE-2020-10773 https://access.redhat.com/security/cve/CVE-2020-10774 https://access.redhat.com/security/cve/CVE-2020-10942 https://access.redhat.com/security/cve/CVE-2020-11565 https://access.redhat.com/security/cve/CVE-2020-11668 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-12465 https://access.redhat.com/security/cve/CVE-2020-12655 https://access.redhat.com/security/cve/CVE-2020-12659 https://access.redhat.com/security/cve/CVE-2020-12770 https://access.redhat.com/security/cve/CVE-2020-12826 https://access.redhat.com/security/cve/CVE-2020-13249 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2020-14019 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14381 https://access.redhat.com/security/cve/CVE-2020-14382 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15157 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-15862 https://access.redhat.com/security/cve/CVE-2020-15999 https://access.redhat.com/security/cve/CVE-2020-16166 https://access.redhat.com/security/cve/CVE-2020-24490 https://access.redhat.com/security/cve/CVE-2020-24659 https://access.redhat.com/security/cve/CVE-2020-25211 https://access.redhat.com/security/cve/CVE-2020-25641 https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/cve/CVE-2020-25661 https://access.redhat.com/security/cve/CVE-2020-25662 https://access.redhat.com/security/cve/CVE-2020-25681 https://access.redhat.com/security/cve/CVE-2020-25682 https://access.redhat.com/security/cve/CVE-2020-25683 https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/cve/CVE-2020-25687 https://access.redhat.com/security/cve/CVE-2020-25694 https://access.redhat.com/security/cve/CVE-2020-25696 https://access.redhat.com/security/cve/CVE-2020-26160 https://access.redhat.com/security/cve/CVE-2020-27813 https://access.redhat.com/security/cve/CVE-2020-27846 https://access.redhat.com/security/cve/CVE-2020-28362 https://access.redhat.com/security/cve/CVE-2020-29652 https://access.redhat.com/security/cve/CVE-2021-2007 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T lmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H EmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8 4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4 mWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL ISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy Ae5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk 4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM uR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG krzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv RjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6 McvuEaxco7U= =sw8i -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 7) - aarch64, ppc64le, s390x
- Bugs fixed (https://bugzilla.redhat.com/):
1732329 - Virtual Machine is missing documentation of its properties in yaml editor
1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv
1791753 - [RFE] [SSP] Template validator should check validations in template's parent template
1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic
1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration
1848956 - KMP requires downtime for CA stabilization during certificate rotation
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1853911 - VM with dot in network name fails to start with unclear message
1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show"
1856347 - SR-IOV : Missing network name for sriov during vm setup
1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS
1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination
1860714 - No API information from oc explain
1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints
1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem
1866593 - CDI is not handling vm disk clone
1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs
1868817 - Container-native Virtualization 2.6.0 Images
1873771 - Improve the VMCreationFailed error message caused by VM low memory
1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it
1878499 - DV import doesn't recover from scratch space PVC deletion
1879108 - Inconsistent naming of "oc virt" command in help text
1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running
1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT
1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability
1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message
1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used
1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, before the NodeNetworkConfigurationPolicy is applied
1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Security Fix(es):
-
dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)
-
dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)
-
dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: dnsmasq-2.76-16.el7_9.1.src.rpm
x86_64: dnsmasq-2.76-16.el7_9.1.x86_64.rpm dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
Source: dnsmasq-2.76-16.el7_9.1.src.rpm
x86_64: dnsmasq-2.76-16.el7_9.1.x86_64.rpm dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm dnsmasq-utils-2.76-16.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: dnsmasq-2.76-16.el7_9.1.src.rpm
ppc64: dnsmasq-2.76-16.el7_9.1.ppc64.rpm dnsmasq-debuginfo-2.76-16.el7_9.1.ppc64.rpm
ppc64le: dnsmasq-2.76-16.el7_9.1.ppc64le.rpm dnsmasq-debuginfo-2.76-16.el7_9.1.ppc64le.rpm
s390x: dnsmasq-2.76-16.el7_9.1.s390x.rpm dnsmasq-debuginfo-2.76-16.el7_9.1.s390x.rpm
x86_64: dnsmasq-2.76-16.el7_9.1.x86_64.rpm dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: dnsmasq-debuginfo-2.76-16.el7_9.1.ppc64.rpm dnsmasq-utils-2.76-16.el7_9.1.ppc64.rpm
ppc64le: dnsmasq-debuginfo-2.76-16.el7_9.1.ppc64le.rpm dnsmasq-utils-2.76-16.el7_9.1.ppc64le.rpm
s390x: dnsmasq-debuginfo-2.76-16.el7_9.1.s390x.rpm dnsmasq-utils-2.76-16.el7_9.1.s390x.rpm
x86_64: dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm dnsmasq-utils-2.76-16.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: dnsmasq-2.76-16.el7_9.1.src.rpm
x86_64: dnsmasq-2.76-16.el7_9.1.x86_64.rpm dnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
-
8.1) - aarch64, ppc64le, s390x, x86_64
-
Gentoo Linux Security Advisory GLSA 202101-17
https://security.gentoo.org/
Severity: Normal Title: Dnsmasq: Multiple vulnerabilities Date: January 22, 2021 Bugs: #766126 ID: 202101-17
Synopsis
Multiple vulnerabilities have been found in Dnsmasq, the worst of which may allow remote attackers to execute arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/dnsmasq < 2.83 >= 2.83
Description
Multiple vulnerabilities have been discovered in Dnsmasq.
Impact
An attacker, by sending specially crafted DNS replies, could possibly execute arbitrary code with the privileges of the process, perform a cache poisoning attack or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Dnsmasq users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.83"
References
[ 1 ] CVE-2020-25681 https://nvd.nist.gov/vuln/detail/CVE-2020-25681 [ 2 ] CVE-2020-25682 https://nvd.nist.gov/vuln/detail/CVE-2020-25682 [ 3 ] CVE-2020-25683 https://nvd.nist.gov/vuln/detail/CVE-2020-25683 [ 4 ] CVE-2020-25684 https://nvd.nist.gov/vuln/detail/CVE-2020-25684 [ 5 ] CVE-2020-25685 https://nvd.nist.gov/vuln/detail/CVE-2020-25685 [ 6 ] CVE-2020-25686 https://nvd.nist.gov/vuln/detail/CVE-2020-25686 [ 7 ] CVE-2020-25687 https://nvd.nist.gov/vuln/detail/CVE-2020-25687
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202101-17
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0220",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "eos",
"scope": "lt",
"trust": 1.0,
"vendor": "arista",
"version": "4.24.5m"
},
{
"model": "eos",
"scope": "gte",
"trust": 1.0,
"vendor": "arista",
"version": "4.22"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "eos",
"scope": "gte",
"trust": 1.0,
"vendor": "arista",
"version": "4.21"
},
{
"model": "eos",
"scope": "lt",
"trust": 1.0,
"vendor": "arista",
"version": "4.23.7m"
},
{
"model": "eos",
"scope": "lt",
"trust": 1.0,
"vendor": "arista",
"version": "4.25.2f"
},
{
"model": "eos",
"scope": "gte",
"trust": 1.0,
"vendor": "arista",
"version": "4.23"
},
{
"model": "eos",
"scope": "lt",
"trust": 1.0,
"vendor": "arista",
"version": "4.22.9m"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "eos",
"scope": "gte",
"trust": 1.0,
"vendor": "arista",
"version": "4.24"
},
{
"model": "eos",
"scope": "lt",
"trust": 1.0,
"vendor": "arista",
"version": "4.21.14m"
},
{
"model": "eos",
"scope": "gte",
"trust": 1.0,
"vendor": "arista",
"version": "4.25"
},
{
"model": "dnsmasq",
"scope": "lt",
"trust": 1.0,
"vendor": "thekelleys",
"version": "2.83"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "dnsmasq",
"scope": null,
"trust": 0.8,
"vendor": "thekelleys",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.6,
"vendor": "dnsmasq",
"version": "2.83"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16431"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015547"
},
{
"db": "NVD",
"id": "CVE-2020-25684"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "161281"
},
{
"db": "PACKETSTORM",
"id": "161546"
},
{
"db": "PACKETSTORM",
"id": "161020"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161017"
},
{
"db": "PACKETSTORM",
"id": "161013"
},
{
"db": "PACKETSTORM",
"id": "161014"
}
],
"trust": 0.7
},
"cve": "CVE-2020-25684",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-25684",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-16431",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2020-25684",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.7,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-25684",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-25684",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2020-25684",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2021-16431",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-25684",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16431"
},
{
"db": "VULMON",
"id": "CVE-2020-25684"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015547"
},
{
"db": "NVD",
"id": "CVE-2020-25684"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query\u0027s attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. dnsmasq There is a security check vulnerability in.Information may be tampered with. Dnsmasq is a lightweight DNS forwarding and DHCP and TFTP server written in C language. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. \n\nBug Fix(es):\n\n* Previously, the Red Hat Virtualization Host (RHV-H) repository\n(rhvh-4-for-rhel-8-x86_64-rpms) did not include the libsmbclient package,\nwhich is a dependency for the sssd-ad package. Consequently, the sssd-ad\npackage failed to install. \n\nWith this update, the libsmbclient is now in the RHV-H repository, and\nsssd-ad now installs on RHV-H. (BZ#1868967)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2020:5633-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:5633\nIssue date: 2021-02-24\nCVE Names: CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 \n CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 \n CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 \n CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 \n CVE-2018-14553 CVE-2018-14879 CVE-2018-14880 \n CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 \n CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 \n CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 \n CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 \n CVE-2019-6977 CVE-2019-6978 CVE-2019-8625 \n CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 \n CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 \n CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 \n CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 \n CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 \n CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 \n CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 \n CVE-2019-8846 CVE-2019-9455 CVE-2019-9458 \n CVE-2019-11068 CVE-2019-12614 CVE-2019-13050 \n CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 \n CVE-2019-15165 CVE-2019-15166 CVE-2019-15903 \n CVE-2019-15917 CVE-2019-15925 CVE-2019-16167 \n CVE-2019-16168 CVE-2019-16231 CVE-2019-16233 \n CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 \n CVE-2019-18197 CVE-2019-18808 CVE-2019-18809 \n CVE-2019-19046 CVE-2019-19056 CVE-2019-19062 \n CVE-2019-19063 CVE-2019-19068 CVE-2019-19072 \n CVE-2019-19221 CVE-2019-19319 CVE-2019-19332 \n CVE-2019-19447 CVE-2019-19524 CVE-2019-19533 \n CVE-2019-19537 CVE-2019-19543 CVE-2019-19602 \n CVE-2019-19767 CVE-2019-19770 CVE-2019-19906 \n CVE-2019-19956 CVE-2019-20054 CVE-2019-20218 \n CVE-2019-20386 CVE-2019-20387 CVE-2019-20388 \n CVE-2019-20454 CVE-2019-20636 CVE-2019-20807 \n CVE-2019-20812 CVE-2019-20907 CVE-2019-20916 \n CVE-2020-0305 CVE-2020-0444 CVE-2020-1716 \n CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 \n CVE-2020-1971 CVE-2020-2574 CVE-2020-2752 \n CVE-2020-2922 CVE-2020-3862 CVE-2020-3864 \n CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 \n CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 \n CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 \n CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 \n CVE-2020-6405 CVE-2020-7595 CVE-2020-7774 \n CVE-2020-8177 CVE-2020-8492 CVE-2020-8563 \n CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 \n CVE-2020-8623 CVE-2020-8624 CVE-2020-8647 \n CVE-2020-8648 CVE-2020-8649 CVE-2020-9327 \n CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 \n CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 \n CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 \n CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 \n CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 \n CVE-2020-10732 CVE-2020-10749 CVE-2020-10751 \n CVE-2020-10763 CVE-2020-10773 CVE-2020-10774 \n CVE-2020-10942 CVE-2020-11565 CVE-2020-11668 \n CVE-2020-11793 CVE-2020-12465 CVE-2020-12655 \n CVE-2020-12659 CVE-2020-12770 CVE-2020-12826 \n CVE-2020-13249 CVE-2020-13630 CVE-2020-13631 \n CVE-2020-13632 CVE-2020-14019 CVE-2020-14040 \n CVE-2020-14381 CVE-2020-14382 CVE-2020-14391 \n CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 \n CVE-2020-15862 CVE-2020-15999 CVE-2020-16166 \n CVE-2020-24490 CVE-2020-24659 CVE-2020-25211 \n CVE-2020-25641 CVE-2020-25658 CVE-2020-25661 \n CVE-2020-25662 CVE-2020-25681 CVE-2020-25682 \n CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 \n CVE-2020-25686 CVE-2020-25687 CVE-2020-25694 \n CVE-2020-25696 CVE-2020-26160 CVE-2020-27813 \n CVE-2020-27846 CVE-2020-28362 CVE-2020-29652 \n CVE-2021-2007 CVE-2021-3121 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.7.0 is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.0. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2020:5634\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-x86_64\n\nThe image digest is\nsha256:d74b1cfa81f8c9cc23336aee72d8ae9c9905e62c4874b071317a078c316f8a70\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-s390x\n\nThe image digest is\nsha256:a68ca03d87496ddfea0ac26b82af77231583a58a7836b95de85efe5e390ad45d\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.0-ppc64le\n\nThe image digest is\nsha256:bc7b04e038c8ff3a33b827f4ee19aa79b26e14c359a7dcc1ced9f3b58e5f1ac6\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. \n\nSecurity Fix(es):\n\n* crewjam/saml: authentication bypass in saml authentication\n(CVE-2020-27846)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil\npointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\n* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)\n\n* kubernetes: Secret leaks in kube-controller-manager when using vSphere\nProvider (CVE-2020-8563)\n\n* containernetworking/plugins: IPv6 router advertisements allow for MitM\nattacks on IPv4 clusters (CVE-2020-10749)\n\n* heketi: gluster-block volume password details available in logs\n(CVE-2020-10763)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of\nservice (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers\n(CVE-2020-28362)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nFor OpenShift Container Platform 4.7, see the following documentation,\nwhich\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1620608 - Restoring deployment config with history leads to weird state\n1752220 - [OVN] Network Policy fails to work when project label gets overwritten\n1756096 - Local storage operator should implement must-gather spec\n1756173 - /etc/udev/rules.d/66-azure-storage.rules missing from initramfs\n1768255 - installer reports 100% complete but failing components\n1770017 - Init containers restart when the exited container is removed from node. \n1775057 - [MSTR-485] Cluster is abnormal after etcd backup/restore when the backup is conducted during etcd encryption is migrating\n1775444 - RFE: k8s cpu manager does not restrict /usr/bin/pod cpuset\n1777038 - Cluster scaled beyond host subnet limits does not fire alert or cleanly report why it cannot scale\n1777224 - InfraID in metadata.json and .openshift_install_state.json is not consistent when repeating `create` commands\n1784298 - \"Displaying with reduced resolution due to large dataset.\" would show under some conditions\n1785399 - Under condition of heavy pod creation, creation fails with \u0027error reserving pod name ...: name is reserved\"\n1797766 - Resource Requirements\" specDescriptor fields - CPU and Memory injects empty string YAML editor\n1801089 - [OVN] Installation failed and monitoring pod not created due to some network error. \n1805025 - [OSP] Machine status doesn\u0027t become \"Failed\" when creating a machine with invalid image\n1805639 - Machine status should be \"Failed\" when creating a machine with invalid machine configuration\n1806000 - CRI-O failing with: error reserving ctr name\n1806915 - openshift-service-ca: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be\n1806917 - openshift-service-ca-operator: Some core components are in openshift.io/run-level 1 and are bypassing SCC, but should not be\n1810438 - Installation logs are not gathered from OCP nodes\n1812085 - kubernetes-networking-namespace-pods dashboard doesn\u0027t exist\n1812412 - Monitoring Dashboard: on restricted cluster, query timed out in expression evaluation\n1813012 - EtcdDiscoveryDomain no longer needed\n1813949 - openshift-install doesn\u0027t use env variables for OS_* for some of API endpoints\n1816812 - OpenShift test suites are not resilient to rate limited registries (like docker.io) and cannot control their dependencies for offline use\n1819053 - loading OpenAPI spec for \"v1beta1.metrics.k8s.io\" failed with: OpenAPI spec does not exist\n1819457 - Package Server is in \u0027Cannot update\u0027 status despite properly working\n1820141 - [RFE] deploy qemu-quest-agent on the nodes\n1822744 - OCS Installation CI test flaking\n1824038 - Integration Tests: StaleElementReferenceError in OLM single-installmode scenario\n1825892 - StorageClasses and PVs are not cleaned completely after running the csi verification tool\n1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file\n1829723 - User workload monitoring alerts fire out of the box\n1832968 - oc adm catalog mirror does not mirror the index image itself\n1833012 - Lower OVNKubernetes HTTP E/W performance compared with OpenShiftSDN\n1833220 - CVE-2020-10749 containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters\n1834995 - olmFull suite always fails once th suite is run on the same cluster\n1836017 - vSphere UPI: Both Internal and External load balancers for kube-apiserver should use /readyz\n1837953 - Replacing masters doesn\u0027t work for ovn-kubernetes 4.4\n1838352 - OperatorExited, Pending marketplace-operator-... pod for several weeks\n1838751 - [oVirt][Tracker] Re-enable skipped network tests\n1839239 - csi-snapshot-controller flickers Degraded=True on etcd hiccups\n1840759 - [aws-ebs-csi-driver] The volume created by aws ebs csi driver can not be deleted when the cluster is destroyed\n1841039 - authentication-operator: Add e2e test for password grants to Keycloak being set as OIDC IdP\n1841119 - Get rid of config patches and pass flags directly to kcm\n1841175 - When an Install Plan gets deleted, OLM does not create a new one\n1841381 - Issue with memoryMB validation\n1841885 - oc adm catalog mirror command attempts to pull from registry.redhat.io when using --from-dir option\n1844727 - Etcd container leaves grep and lsof zombie processes\n1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs\n1847074 - Filter bar layout issues at some screen widths on search page\n1848358 - CRDs with preserveUnknownFields:true don\u0027t reflect in status that they are non-structural\n1849543 - [4.5]kubeletconfig\u0027s description will show multiple lines for finalizers when upgrade from 4.4.8-\u003e4.5\n1851103 - Use of NetworkManager-wait-online.service in rhcos-growpart.service\n1851203 - [GSS] [RFE] Need a simpler representation of capactiy breakdown in total usage and per project breakdown in OCS 4 dashboard\n1851351 - OCP 4.4.9: EtcdMemberIPMigratorDegraded: rpc error: code = Canceled desc = grpc: the client connection is closing\n1851693 - The `oc apply` should return errors instead of hanging there when failing to create the CRD\n1852289 - Upgrade testsuite fails on ppc64le environment - Unsupported LoadBalancer service\n1853115 - the restriction of --cloud option should be shown in help text. \n1853116 - `--to` option does not work with `--credentials-requests` flag. \n1853352 - [v2v][UI] Storage Class fields Should Not be empty in VM disks view\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1854567 - \"Installed Operators\" list showing \"duplicated\" entries during installation\n1855325 - [Feature:Prometheus][Conformance] Prometheus when installed on the cluster [Top Level] [Feature:Prometheus][Conformance] Prometheus when installed on the cluster should report telemetry if a cloud.openshift.com token is present\n1855351 - Inconsistent Installer reactions to Ctrl-C during user input process\n1855408 - OVN cluster unstable after running minimal scale test\n1856351 - Build page should show metrics for when the build ran, not the last 30 minutes\n1856354 - New APIServices missing from OpenAPI definitions\n1857446 - ARO/Azure: excessive pod memory allocation causes node lockup\n1857877 - Operator upgrades can delete existing CSV before completion\n1858578 - [v2v] [ui] VM import RHV to CNV Target VM Name longer than 63 chars should not be allowed\n1859174 - [IPI][OSP] Having errors from 4.3 to 4.6 about Security group rule already created\n1860136 - default ingress does not propagate annotations to route object on update\n1860322 - [OCPv4.5.2] after unexpected shutdown one of RHV Hypervisors, OCP worker nodes machine are marked as \"Failed\"\n1860518 - unable to stop a crio pod\n1861383 - Route with `haproxy.router.openshift.io/timeout: 365d` kills the ingress controller\n1862430 - LSO: PV creation lock should not be acquired in a loop\n1862489 - LSO autoprovisioning should exclude top level disks that are part of LVM volume group. \n1862608 - Virtual media does not work on hosts using BIOS, only UEFI\n1862918 - [v2v] User should only select SRIOV network when importin vm with SRIOV network\n1865743 - Some pods are stuck in ContainerCreating and some sdn pods are in CrashLoopBackOff\n1865839 - rpm-ostree fails with \"System transaction in progress\" when moving to kernel-rt\n1866043 - Configurable table column headers can be illegible\n1866087 - Examining agones helm chart resources results in \"Oh no!\"\n1866261 - Need to indicate the intentional behavior for Ansible in the `create api` help info\n1866298 - [RHOCS Usability Study][Installation] Labeling the namespace should be a part of the installation flow or be clearer as a requirement\n1866320 - [RHOCS Usability Study][Dashboard] Users were confused by Available Capacity and the Total Capacity\n1866334 - [RHOCS Usability Study][Installation] On the Operator installation page, there\u2019s no indication on which labels offer tooltip/help\n1866340 - [RHOCS Usability Study][Dashboard] It was not clear why \u201cNo persistent storage alerts\u201d was prominently displayed\n1866343 - [RHOCS Usability Study][Dashboard] User wanted to know the time frame for Data Consumption, e.g I/O Operations\n1866445 - kola --basic-qemu-scenarios scenario fail on ppc64le \u0026 s390x\n1866482 - Few errors are seen when oc adm must-gather is run\n1866605 - No metadata.generation set for build and buildconfig objects\n1866873 - MCDDrainError \"Drain failed on , updates may be blocked\" missing rendered node name\n1866901 - Deployment strategy for BMO allows multiple pods to run at the same time\n1866925 - openshift-install destroy cluster should fail quickly when provided with invalid credentials on Azure. \n1867165 - Cannot assign static address to baremetal install bootstrap vm\n1867380 - When using webhooks in OCP 4.5 fails to rollout latest deploymentconfig\n1867400 - [OCs 4.5]UI should not allow creation of second storagecluster of different mode in a single OCS\n1867477 - HPA monitoring cpu utilization fails for deployments which have init containers\n1867518 - [oc] oc should not print so many goroutines when ANY command fails\n1867608 - ds/machine-config-daemon takes 100+ minutes to rollout on 250 node cluster\n1867965 - OpenShift Console Deployment Edit overwrites deployment yaml\n1868004 - opm index add appears to produce image with wrong registry server binary\n1868065 - oc -o jsonpath prints possible warning / bug \"Unable to decode server response into a Table\"\n1868104 - Baremetal actuator should not delete Machine objects\n1868125 - opm index add is not creating an index with valid images when --permissive flag is added, the index is empty instead\n1868384 - CLI does not save login credentials as expected when using the same username in multiple clusters\n1868527 - OpenShift Storage using VMWare vSAN receives error \"Failed to add disk \u0027scsi0:2\u0027\" when mounted pod is created on separate node\n1868645 - After a disaster recovery pods a stuck in \"NodeAffinity\" state and not running\n1868748 - ClusterProvisioningIP in baremetal platform has wrong JSON annotation\n1868765 - [vsphere][ci] could not reserve an IP address: no available addresses\n1868770 - catalogSource named \"redhat-operators\" deleted in a disconnected cluster\n1868976 - Prometheus error opening query log file on EBS backed PVC\n1869293 - The configmap name looks confusing in aide-ds pod logs\n1869606 - crio\u0027s failing to delete a network namespace\n1870337 - [sig-storage] Managed cluster should have no crashlooping recycler pods over four minutes\n1870342 - [sig-scheduling] SchedulerPredicates [Serial] validates resource limits of pods that are allowed to run [Conformance]\n1870373 - Ingress Operator reports available when DNS fails to provision\n1870467 - D/DC Part of Helm / Operator Backed should not have HPA\n1870728 - openshift-install creates expired ignition files from stale .openshift_install_state.json\n1870800 - [4.6] Managed Column not appearing on Pods Details page\n1871170 - e2e tests are needed to validate the functionality of the etcdctl container\n1872001 - EtcdDiscoveryDomain no longer needed\n1872095 - content are expanded to the whole line when only one column in table on Resource Details page\n1872124 - Could not choose device type as \"disk\" or \"part\" when create localvolumeset from web console\n1872128 - Can\u0027t run container with hostPort on ipv6 cluster\n1872166 - \u0027Silences\u0027 link redirects to unexpected \u0027Alerts\u0027 view after creating a silence in the Developer perspective\n1872251 - [aws-ebs-csi-driver] Verify job in CI doesn\u0027t check for vendor dir sanity\n1872786 - Rules in kube-apiserver.rules are taking too long and consuming too much memory for Prometheus to evaluate them\n1872821 - [DOC] Typo in Ansible Operator Tutorial\n1872907 - Fail to create CR from generated Helm Base Operator\n1872923 - Click \"Cancel\" button on the \"initialization-resource\" creation form page should send users to the \"Operator details\" page instead of \"Install Operator\" page (previous page)\n1873007 - [downstream] failed to read config when running the operator-sdk in the home path\n1873030 - Subscriptions without any candidate operators should cause resolution to fail\n1873043 - Bump to latest available 1.19.x k8s\n1873114 - Nodes goes into NotReady state (VMware)\n1873288 - Changing Cluster-Wide Pull Secret Does Not Trigger Updates In Kubelet Filesystem\n1873305 - Failed to power on /inspect node when using Redfish protocol\n1873326 - Accessibility - The symbols e.g checkmark in the overview page has no text description, label, or other accessible information\n1873480 - Accessibility - No text description, alt text, label, or other accessible information associated with the help icon: \u201c?\u201d button/icon in Developer Console -\u003eNavigation\n1873556 - [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working\n1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name \u003e 63 characters\n1874057 - Pod stuck in CreateContainerError - error msg=\"container_linux.go:348: starting container process caused \\\"chdir to cwd (\\\\\\\"/mount-point\\\\\\\") set in config.json failed: permission denied\\\"\"\n1874074 - [CNV] Windows 2019 Default Template Not Defaulting to Proper NIC/Storage Driver\n1874192 - [RFE] \"Create Backing Store\" page doesn\u0027t allow to select already defined k8s secret as target bucket credentials when Google Cloud Storage is selected as a provider\n1874240 - [vsphere] unable to deprovision - Runtime error list attached objects\n1874248 - Include validation for vcenter host in the install-config\n1874340 - vmware: NodeClockNotSynchronising alert is triggered in openshift cluster after upgrading form 4.4.16 to 4.5.6\n1874583 - apiserver tries and fails to log an event when shutting down\n1874584 - add retry for etcd errors in kube-apiserver\n1874638 - Missing logging for nbctl daemon\n1874736 - [downstream] no version info for the helm-operator\n1874901 - add utm_source parameter to Red Hat Marketplace URLs for attribution\n1874968 - Accessibility: The project selection drop down is a keyboard trap\n1875247 - Dependency resolution error \"found more than one head for channel\" is unhelpful for users\n1875516 - disabled scheduling is easy to miss in node page of OCP console\n1875598 - machine status is Running for a master node which has been terminated from the console\n1875806 - When creating a service of type \"LoadBalancer\" (Kuryr,OVN) communication through this loadbalancer failes after 2-5 minutes. \n1876166 - need to be able to disable kube-apiserver connectivity checks\n1876469 - Invalid doc link on yaml template schema description\n1876701 - podCount specDescriptor change doesn\u0027t take effect on operand details page\n1876815 - Installer uses the environment variable OS_CLOUD for manifest generation despite explicit prompt\n1876935 - AWS volume snapshot is not deleted after the cluster is destroyed\n1877071 - vSphere IPI - Nameserver limits were exceeded, some nameservers have been omitted\n1877105 - add redfish to enabled_bios_interfaces\n1877116 - e2e aws calico tests fail with `rpc error: code = ResourceExhausted`\n1877273 - [OVN] EgressIP cannot fail over to available nodes after one egressIP node shutdown\n1877648 - [sriov]VF from allocatable and capacity of node is incorrect when the policy is only \u0027rootDevices\u0027\n1877681 - Manually created PV can not be used\n1877693 - dnsrecords specify recordTTL as 30 but the value is null in AWS Route 53\n1877740 - RHCOS unable to get ip address during first boot\n1877812 - [ROKS] IBM cloud failed to terminate OSDs when upgraded between internal builds of OCS 4.5\n1877919 - panic in multus-admission-controller\n1877924 - Cannot set BIOS config using Redfish with Dell iDracs\n1878022 - Met imagestreamimport error when import the whole image repository\n1878086 - OCP 4.6+OCS 4.6(multiple SC) Internal Mode- UI should populate the default \"Filesystem Name\" instead of providing a textbox, \u0026 the name should be validated\n1878301 - [4.6] [UI] Unschedulable used to always be displayed when Node is Ready status\n1878701 - After deleting and recreating a VM with same name, the VM events contain the events from the old VM\n1878766 - CPU consumption on nodes is higher than the CPU count of the node. \n1878772 - On the nodes there are up to 547 zombie processes caused by thanos and Prometheus. \n1878823 - \"oc adm release mirror\" generating incomplete imageContentSources when using \"--to\" and \"--to-release-image\"\n1878845 - 4.5 to 4.6.rc.4 upgrade failure: authentication operator health check connection refused for multitenant mode\n1878900 - Installer complains about not enough vcpu for the baremetal flavor where generic bm flavor is being used\n1878953 - RBAC error shows when normal user access pvc upload page\n1878956 - `oc api-resources` does not include API version\n1878972 - oc adm release mirror removes the architecture information\n1879013 - [RFE]Improve CD-ROM interface selection\n1879056 - UI should allow to change or unset the evictionStrategy\n1879057 - [CSI Certificate Test] Test failed for CSI certification tests for CSIdriver openshift-storage.rbd.csi.ceph.com with RWX enabled\n1879094 - RHCOS dhcp kernel parameters not working as expected\n1879099 - Extra reboot during 4.5 -\u003e 4.6 upgrade\n1879244 - Error adding container to network \"ipvlan-host-local\": \"master\" field is required\n1879248 - OLM Cert Dir for Webhooks does not align SDK/Kubebuilder\n1879282 - Update OLM references to point to the OLM\u0027s new doc site\n1879283 - panic after nil pointer dereference in pkg/daemon/update.go\n1879365 - Overlapping, divergent openshift-cluster-storage-operator manifests\n1879419 - [RFE]Improve boot source description for \u0027Container\u0027 and \u2018URL\u2019\n1879430 - openshift-object-counts quota is not dynamically updating as the resource is deleted. \n1879565 - IPv6 installation fails on node-valid-hostname\n1879777 - Overlapping, divergent openshift-machine-api namespace manifests\n1879878 - Messages flooded in thanos-querier pod- oauth-proxy container: Authorization header does not start with \u0027Basic\u0027, skipping basic authentication in Log message in thanos-querier pod the oauth-proxy\n1879930 - Annotations shouldn\u0027t be removed during object reconciliation\n1879976 - No other channel visible from console\n1880068 - image pruner is not aware of image policy annotation, StatefulSets, etc. \n1880148 - dns daemonset rolls out slowly in large clusters\n1880161 - Actuator Update calls should have fixed retry time\n1880259 - additional network + OVN network installation failed\n1880389 - Pipeline Runs with skipped Tasks incorrectly show Tasks as \"Failed\"\n1880410 - Convert Pipeline Visualization node to SVG\n1880417 - [vmware] Fail to boot with Secure Boot enabled, kernel lockdown denies iopl access to afterburn\n1880443 - broken machine pool management on OpenStack\n1880450 - Host failed to install because its installation stage joined took longer than expected 20m0s. \n1880473 - IBM Cloudpak operators installation stuck \"UpgradePending\" with InstallPlan status updates failing due to size limitation\n1880680 - [4.3] [Tigera plugin] - openshift-kube-proxy fails - Failed to execute iptables-restore: exit status 4 (iptables-restore v1.8.4 (nf_tables)\n1880785 - CredentialsRequest missing description in `oc explain`\n1880787 - No description for Provisioning CRD for `oc explain`\n1880902 - need dnsPlocy set in crd ingresscontrollers\n1880913 - [DeScheduler] - change loglevel from Info to Error when priority class given in the descheduler params is not present in the cluster\n1881027 - Cluster installation fails at with error : the container name \\\"assisted-installer\\\" is already in use\n1881046 - [OSP] openstack-cinder-csi-driver-operator doesn\u0027t contain required manifests and assets\n1881155 - operator install authentication: Authentication require functional ingress which requires at least one schedulable and ready node\n1881268 - Image uploading failed but wizard claim the source is available\n1881322 - kube-scheduler not scheduling pods for certificates not renewed automatically after nodes restoration\n1881347 - [v2v][ui]VM Import Wizard does not call Import provider cleanup\n1881881 - unable to specify target port manually resulting in application not reachable\n1881898 - misalignment of sub-title in quick start headers\n1882022 - [vsphere][ipi] directory path is incomplete, terraform can\u0027t find the cluster\n1882057 - Not able to select access modes for snapshot and clone\n1882140 - No description for spec.kubeletConfig\n1882176 - Master recovery instructions don\u0027t handle IP change well\n1882191 - Installation fails against external resources which lack DNS Subject Alternative Name\n1882209 - [ BateMetal IPI ] local coredns resolution not working\n1882210 - [release 4.7] insights-operator: Fix bug in reflector not recovering from \"Too large resource version\"\n1882268 - [e2e][automation]Add Integration Test for Snapshots\n1882361 - Retrieve and expose the latest report for the cluster\n1882485 - dns-node-resolver corrupts /etc/hosts if internal registry is not in use\n1882556 - git:// protocol in origin tests is not currently proxied\n1882569 - CNO: Replacing masters doesn\u0027t work for ovn-kubernetes 4.4\n1882608 - Spot instance not getting created on AzureGovCloud\n1882630 - Fstype is changed after deleting pv provisioned by localvolumeset instance\n1882649 - IPI installer labels all images it uploads into glance as qcow2\n1882653 - The Approval should display the Manual after the APPROVAL changed to Manual from the Automatic\n1882658 - [RFE] Volume Snapshot is not listed under inventory in Project Details page\n1882660 - Operators in a namespace should be installed together when approve one\n1882667 - [ovn] br-ex Link not found when scale up RHEL worker\n1882723 - [vsphere]Suggested mimimum value for providerspec not working\n1882730 - z systems not reporting correct core count in recording rule\n1882750 - [sig-api-machinery][Feature:APIServer][Late] kubelet terminates kube-apiserver gracefully\n1882781 - nameserver= option to dracut creates extra NM connection profile\n1882785 - Multi-Arch CI Jobs destroy libvirt network but occasionally leave it defined\n1882844 - [IPI on vsphere] Executing \u0027openshift-installer destroy cluster\u0027 leaves installer tag categories in vsphere\n1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability\n1883388 - Bare Metal Hosts Details page doesn\u0027t show Mainitenance and Power On/Off status\n1883422 - operator-sdk cleanup fail after installing operator with \"run bundle\" without installmode and og with ownnamespace\n1883425 - Gather top installplans and their count\n1883502 - Logging is broken due to mix of k8s.io/klog v1 and v2\n1883523 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel]\n1883538 - must gather report \"cannot file manila/aws ebs/ovirt csi related namespaces and objects\" error\n1883560 - operator-registry image needs clean up in /tmp\n1883563 - Creating duplicate namespace from create namespace modal breaks the UI\n1883614 - [OCP 4.6] [UI] UI should not describe power cycle as \"graceful\"\n1883642 - [sig-imageregistry][Feature:ImageTriggers][Serial] ImageStream admission TestImageStreamAdmitSpecUpdate\n1883660 - e2e-metal-ipi CI job consistently failing on 4.4\n1883765 - [user workload monitoring] improve latency of Thanos sidecar when streaming read requests\n1883766 - [e2e][automation] Adjust tests for UI changes\n1883768 - [user workload monitoring] The Prometheus operator should discard invalid TLS configurations\n1883773 - opm alpha bundle build fails on win10 home\n1883790 - revert \"force cert rotation every couple days for development\" in 4.7\n1883803 - node pull secret feature is not working as expected\n1883836 - Jenkins imagestream ubi8 and nodejs12 update\n1883847 - The UI does not show checkbox for enable encryption at rest for OCS\n1883853 - go list -m all does not work\n1883905 - race condition in opm index add --overwrite-latest\n1883946 - Understand why trident CSI pods are getting deleted by OCP\n1884035 - Pods are illegally transitioning back to pending\n1884041 - e2e should provide error info when minimum number of pods aren\u0027t ready in kube-system namespace\n1884131 - oauth-proxy repository should run tests\n1884165 - Repos should be disabled in -firstboot.service before OS extensions are applied\n1884221 - IO becomes unhealthy due to a file change\n1884258 - Node network alerts should work on ratio rather than absolute values\n1884270 - Git clone does not support SCP-style ssh locations\n1884334 - CVO marks an upgrade as failed when an operator takes more than 20 minutes to rollout\n1884435 - vsphere - loopback is randomly not being added to resolver\n1884565 - oauth-proxy crashes on invalid usage\n1884584 - Kuryr controller continuously restarting due to unable to clean up Network Policy\n1884613 - Create Instance of Prometheus from operator returns blank page for non cluster-admin users\n1884628 - ovs-configuration service fails when the external network is configured on a tagged vlan on top of a bond device on a baremetal IPI deployment\n1884629 - Visusally impaired user using screen reader not able to select Admin/Developer console options in drop down menu. \n1884632 - Adding BYOK disk encryption through DES\n1884654 - Utilization of a VMI is not populated\n1884655 - KeyError on self._existing_vifs[port_id]\n1884664 - Operator install page shows \"installing...\" instead of going to install status page\n1884672 - Failed to inspect hardware. Reason: unable to start inspection: \u0027idrac\u0027\n1884691 - Installer blocks cloud-credential-operator manual mode on GCP and Azure\n1884724 - Quick Start: Serverless quickstart doesn\u0027t match Operator install steps\n1884739 - Node process segfaulted\n1884824 - Update baremetal-operator libraries to k8s 1.19\n1885002 - network kube-rbac-proxy scripts crashloop rather than non-crash looping\n1885138 - Wrong detection of pending state in VM details\n1885151 - [Cloud Team - Cluster API Provider Azure] Logging is broken due to mix of k8s.io/klog v1 and v2\n1885165 - NoRunningOvnMaster alert falsely triggered\n1885170 - Nil pointer when verifying images\n1885173 - [e2e][automation] Add test for next run configuration feature\n1885179 - oc image append fails on push (uploading a new layer)\n1885213 - Vertical Pod Autoscaler (VPA) not working with DeploymentConfig\n1885218 - [e2e][automation] Add virtctl to gating script\n1885223 - Sync with upstream (fix panicking cluster-capacity binary)\n1885235 - Prometheus: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885241 - kube-rbac-proxy: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885243 - prometheus-adapter: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885244 - prometheus-operator: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885246 - cluster-monitoring-operator: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885249 - openshift-state-metrics: Logging is broken due to mix of k8s.io/klog v1 and v2\n1885308 - Supermicro nodes failed to boot via disk during installation when using IPMI and UEFI\n1885315 - unit tests fail on slow disks\n1885319 - Remove redundant use of group and kind of DataVolumeTemplate\n1885343 - Console doesn\u0027t load in iOS Safari when using self-signed certificates\n1885344 - 4.7 upgrade - dummy bug for 1880591\n1885358 - add p\u0026f configuration to protect openshift traffic\n1885365 - MCO does not respect the install section of systemd files when enabling\n1885376 - failed to initialize the cluster: Cluster operator marketplace is still updating\n1885398 - CSV with only Webhook conversion can\u0027t be installed\n1885403 - Some OLM events hide the underlying errors\n1885414 - Need to disable HTX when not using HTTP/2 in order to preserve HTTP header name case\n1885425 - opm index add cannot batch add multiple bundles that use skips\n1885543 - node tuning operator builds and installs an unsigned RPM\n1885644 - Panic output due to timeouts in openshift-apiserver\n1885676 - [OCP 4.7]UI should fallback to minimal deployment only after total CPU \u003c 30 || totalMemory \u003c 72 GiB for initial deployment\n1885702 - Cypress: Fix \u0027aria-hidden-focus\u0027 accesibility violations\n1885706 - Cypress: Fix \u0027link-name\u0027 accesibility violation\n1885761 - DNS fails to resolve in some pods\n1885856 - Missing registry v1 protocol usage metric on telemetry\n1885864 - Stalld service crashed under the worker node\n1885930 - [release 4.7] Collect ServiceAccount statistics\n1885940 - kuryr/demo image ping not working\n1886007 - upgrade test with service type load balancer will never work\n1886022 - Move range allocations to CRD\u0027s\n1886028 - [BM][IPI] Failed to delete node after scale down\n1886111 - UpdatingopenshiftStateMetricsFailed: DeploymentRollout of openshift-monitoring/openshift-state-metrics: got 1 unavailable replicas\n1886134 - Need to set GODEBUG=x509ignoreCN=0 in initrd\n1886154 - System roles are not present while trying to create new role binding through web console\n1886166 - 1885517 Clone - Not needed for 4.7 - upgrade from 4.5-\u003e4.6 causes broadcast storm\n1886168 - Remove Terminal Option for Windows Nodes\n1886200 - greenwave / CVP is failing on bundle validations, cannot stage push\n1886229 - Multipath support for RHCOS sysroot\n1886294 - Unable to schedule a pod due to Insufficient ephemeral-storage\n1886327 - Attempt to add a worker using bad roodDeviceHint: bmh and machine become Provisioned, no error in status\n1886353 - [e2e][automation] kubevirt-gating job fails for a missing virtctl URL\n1886397 - Move object-enum to console-shared\n1886423 - New Affinities don\u0027t contain ID until saving\n1886435 - Azure UPI uses deprecated command \u0027group deployment\u0027\n1886449 - p\u0026f: add configuration to protect oauth server traffic\n1886452 - layout options doesn\u0027t gets selected style on click i.e grey background\n1886462 - IO doesn\u0027t recognize namespaces - 2 resources with the same name in 2 namespaces -\u003e only 1 gets collected\n1886488 - move e2e test off of nfs image from docker.io/gmontero/nfs-server:latest\n1886524 - Change default terminal command for Windows Pods\n1886553 - i/o timeout experienced from build02 when targeting CI test cluster during test execution\n1886600 - panic: assignment to entry in nil map\n1886620 - Application behind service load balancer with PDB is not disrupted\n1886627 - Kube-apiserver pods restarting/reinitializing periodically\n1886635 - CVE-2020-8563 kubernetes: Secret leaks in kube-controller-manager when using vSphere Provider\n1886636 - Panic in machine-config-operator\n1886749 - Removing network policy from namespace causes inability to access pods through loadbalancer. \n1886751 - Gather MachineConfigPools\n1886766 - PVC dropdown has \u0027Persistent Volume\u0027 Label\n1886834 - ovn-cert is mandatory in both master and node daemonsets\n1886848 - [OSP] machine instance-state annotation discrepancy with providerStatus.instanceState\n1886861 - ordered-values.yaml not honored if values.schema.json provided\n1886871 - Neutron ports created for hostNetworking pods\n1886890 - Overwrite jenkins-agent-base imagestream\n1886900 - Cluster-version operator fills logs with \"Manifest: ...\" spew\n1886922 - [sig-network] pods should successfully create sandboxes by getting pod\n1886973 - Local storage operator doesn\u0027t include correctly populate LocalVolumeDiscoveryResult in console\n1886977 - [v2v]Incorrect VM Provider type displayed in UI while importing VMs through VMIO\n1887010 - Imagepruner met error \"Job has reached the specified backoff limit\" which causes image registry degraded\n1887026 - FC volume attach fails with \u201cno fc disk found\u201d error on OCP 4.6 PowerVM cluster\n1887040 - [upgrade] ovs pod crash for rhel worker when upgarde from 4.5 to 4.6\n1887046 - Event for LSO need update to avoid confusion\n1887088 - cluster-node-tuning-operator refers to missing cluster-node-tuned image\n1887375 - User should be able to specify volumeMode when creating pvc from web-console\n1887380 - Unsupported access mode should not be available to select when creating pvc by aws-ebs-csi-driver(gp2-csi) from web-console\n1887392 - openshift-apiserver: delegated authn/z should have ttl \u003e metrics/healthz/readyz/openapi interval\n1887428 - oauth-apiserver service should be monitored by prometheus\n1887441 - ingress misconfiguration may break authentication but ingress operator keeps reporting \"degraded: False\"\n1887454 - [sig-storage] In-tree Volumes [Driver: azure-disk] [Testpattern: Dynamic PV (ext4)] volumes should store data\n1887456 - It is impossible to attach the default NIC to a bridge with the latest version of OVN Kubernetes\n1887465 - Deleted project is still referenced\n1887472 - unable to edit application group for KSVC via gestures (shift+Drag)\n1887488 - OCP 4.6: Topology Manager OpenShift E2E test fails: gu workload attached to SRIOV networks should let resource-aligned PODs have working SRIOV network interface\n1887509 - Openshift-tests conformance TopologyManager tests run when Machine Config Operator is not installed on cluster\n1887525 - Failures to set master HardwareDetails cannot easily be debugged\n1887545 - 4.5 to 4.6 upgrade fails when external network is configured on a bond device: ovs-configuration service fails and node becomes unreachable\n1887585 - ovn-masters stuck in crashloop after scale test\n1887651 - [Internal Mode] Object gateway (RGW) in unknown state after OCP upgrade. \n1887737 - Test TestImageRegistryRemovedWithImages is failing on e2e-vsphere-operator\n1887740 - cannot install descheduler operator after uninstalling it\n1887745 - API server is throwing 5xx error code for 42.11% of requests for LIST events\n1887750 - `oc explain localvolumediscovery` returns empty description\n1887751 - `oc explain localvolumediscoveryresult` returns empty description\n1887778 - Add ContainerRuntimeConfig gatherer\n1887783 - PVC upload cannot continue after approve the certificate\n1887797 - [CNV][V2V] Default network type is bridge for interface bound to POD network in VMWare migration wizard\n1887799 - User workload monitoring prometheus-config-reloader OOM\n1887850 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install test is flaky\n1887863 - Installer panics on invalid flavor\n1887864 - Clean up dependencies to avoid invalid scan flagging\n1887934 - TestForwardedHeaderPolicyAppend, TestForwardedHeaderPolicyReplace, and TestForwardedHeaderPolicyIfNone consistently fail because of case-sensitive comparison\n1887936 - Kube-scheduler should be able to parse v1beta1 KubeSchedulerConfig\n1888015 - workaround kubelet graceful termination of static pods bug\n1888028 - prevent extra cycle in aggregated apiservers\n1888036 - Operator details shows old CRD versions\n1888041 - non-terminating pods are going from running to pending\n1888072 - Setting Supermicro node to PXE boot via Redfish doesn\u0027t take affect\n1888073 - Operator controller continuously busy looping\n1888118 - Memory requests not specified for image registry operator\n1888150 - Install Operand Form on OperatorHub is displaying unformatted text\n1888172 - PR 209 didn\u0027t update the sample archive, but machineset and pdbs are now namespaced\n1888227 - Failed to deploy some of container image on the recent OCP 4.6 nightly build\n1888292 - Fix CVE-2015-7501 affecting agent-maven-3.5\n1888311 - p\u0026f: make SAR traffic from oauth and openshift apiserver exempt\n1888363 - namespaces crash in dev\n1888378 - [IPI on Azure] errors destroying cluster when Azure resource group was never created\n1888381 - instance:node_network_receive_bytes_excluding_lo:rate1m value twice expected\n1888464 - installer missing permission definitions for TagResources and UntagResources when installing in existing VPC\n1888494 - imagepruner pod is error when image registry storage is not configured\n1888565 - [OSP] machine-config-daemon-firstboot.service failed with \"error reading osImageURL from rpm-ostree\"\n1888595 - cluster-policy-controller logs shows error which reads initial monitor sync has error\n1888601 - The poddisruptionbudgets is using the operator service account, instead of gather\n1888657 - oc doesn\u0027t know its name\n1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable\n1888671 - Document the Cloud Provider\u0027s ignore-volume-az setting\n1888738 - quay.io/openshift/origin-must-gather:latest is not a multi-arch, manifest-list image\n1888763 - at least one of these parameters (Vendor, DeviceID or PfNames) has to be defined in nicSelector in CR %s\", cr.GetName()\n1888827 - ovnkube-master may segfault when trying to add IPs to a nil address set\n1888861 - need to pass dual-stack service CIDRs to kube-apiserver in dual-stack cluster\n1888866 - AggregatedAPIDown permanently firing after removing APIService\n1888870 - JS error when using autocomplete in YAML editor\n1888874 - hover message are not shown for some properties\n1888900 - align plugins versions\n1888985 - Cypress: Fix \u0027Ensures buttons have discernible text\u0027 accesibility violation\n1889213 - The error message of uploading failure is not clear enough\n1889267 - Increase the time out for creating template and upload image in the terraform\n1889348 - Project link should be removed from Application Details page, since it is inaccurate (Application Stages)\n1889374 - Kiali feature won\u0027t work on fresh 4.6 cluster\n1889388 - ListBundles returns incorrect replaces/skips when bundles have been added via semver-skippatch mode\n1889420 - OCP failed to add vsphere disk when pod moved to new node during cluster upgrade\n1889515 - Accessibility - The symbols e.g checkmark in the Node \u003e overview page has no text description, label, or other accessible information\n1889529 - [Init-CR annotation] Inline alert shows operand instance was needed still appearing after creating an Operand instance\n1889540 - [4.5 upgrade][alert]CloudCredentialOperatorDown\n1889577 - Resources are not shown on project workloads page\n1889620 - [Azure] - Machineset not scaling when publicIP:true in disconnected Azure enviroment\n1889630 - Scheduling disabled popovers are missing for Node status in Node Overview and Details pages\n1889692 - Selected Capacity is showing wrong size\n1889694 - usbguard fails to install as RHCOS extension due to missing libprotobuf.so.15\n1889698 - When the user clicked cancel at the Create Storage Class confirmation dialog all the data from the Local volume set goes off\n1889710 - Prometheus metrics on disk take more space compared to OCP 4.5\n1889721 - opm index add semver-skippatch mode does not respect prerelease versions\n1889724 - When LocalVolumeDiscovery CR is created form the LSO page User doesn\u0027t see the Disk tab\n1889767 - [vsphere] Remove certificate from upi-installer image\n1889779 - error when destroying a vSphere installation that failed early\n1889787 - OCP is flooding the oVirt engine with auth errors\n1889838 - race in Operator update after fix from bz1888073\n1889852 - support new AWS regions ap-east-1, af-south-1, eu-south-1\n1889863 - Router prints incorrect log message for namespace label selector\n1889891 - Backport timecache LRU fix\n1889912 - Drains can cause high CPU usage\n1889921 - Reported Degraded=False Available=False pair does not make sense\n1889928 - [e2e][automation] Add more tests for golden os\n1889943 - EgressNetworkPolicy does not work when setting Allow rule to a dnsName\n1890038 - Infrastructure status.platform not migrated to status.platformStatus causes warnings\n1890074 - MCO extension kernel-headers is invalid\n1890104 - with Serverless 1.10 version of trigger/subscription/channel/IMC is V1 as latest\n1890130 - multitenant mode consistently fails CI\n1890141 - move off docker.io images for build/image-eco/templates/jenkins e2e\n1890145 - The mismatched of font size for Status Ready and Health Check secondary text\n1890180 - FieldDependency x-descriptor doesn\u0027t support non-sibling fields\n1890182 - DaemonSet with existing owner garbage collected\n1890228 - AWS: destroy stuck on route53 hosted zone not found\n1890235 - e2e: update Protractor\u0027s checkErrors logging\n1890250 - workers may fail to join the cluster during an update from 4.5\n1890256 - Replacing a master node on a baremetal IPI deployment gets stuck when deleting the machine of the unhealthy member\n1890270 - External IP doesn\u0027t work if the IP address is not assigned to a node\n1890361 - s390x: Generate new ostree rpm with fix for rootfs immutability\n1890456 - [vsphere] mapi_instance_create_failed doesn\u0027t work on vsphere\n1890467 - unable to edit an application without a service\n1890472 - [Kuryr] Bulk port creation exception not completely formatted\n1890494 - Error assigning Egress IP on GCP\n1890530 - cluster-policy-controller doesn\u0027t gracefully terminate\n1890630 - [Kuryr] Available port count not correctly calculated for alerts\n1890671 - [SA] verify-image-signature using service account does not work\n1890677 - \u0027oc image info\u0027 claims \u0027does not exist\u0027 for application/vnd.oci.image.manifest.v1+json manifest\n1890808 - New etcd alerts need to be added to the monitoring stack\n1890951 - Mirror of multiarch images together with cluster logging case problems. It doesn\u0027t sync the \"overall\" sha it syncs only the sub arch sha. \n1890984 - Rename operator-webhook-config to sriov-operator-webhook-config\n1890995 - wew-app should provide more insight into why image deployment failed\n1891023 - ovn-kubernetes rbac proxy never starts waiting for an incorrect API call\n1891047 - Helm chart fails to install using developer console because of TLS certificate error\n1891068 - [sig-instrumentation] Prometheus when installed on the cluster shouldn\u0027t report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured [Early] failing due to TargetDown alert from kube-scheduler\n1891080 - [LSO] When Localvolumeset and SC is already created before OCS install Creation of LVD and LVS is skipped when user click created storage cluster from UI\n1891108 - p\u0026f: Increase the concurrency share of workload-low priority level\n1891143 - CVO deadlocked while shutting down, shortly after fresh cluster install (metrics goroutine)\n1891189 - [LSO] max device limit is accepting negative values. PVC is not getting created and no error is shown\n1891314 - Display incompatible helm charts for installation (kubeVersion of cluster doesn\u0027t meet requirements of chart)\n1891362 - Wrong metrics count for openshift_build_result_total\n1891368 - fync should be fsync for etcdHighFsyncDurations alert\u0027s annotations.message\n1891374 - fync should be fsync for etcdHighFsyncDurations critical alert\u0027s annotations.message\n1891376 - Extra text in Cluster Utilization charts\n1891419 - Wrong detail head on network policy detail page. \n1891459 - Snapshot tests should report stderr of failed commands\n1891498 - Other machine config pools do not show during update\n1891543 - OpenShift 4.6/OSP install fails when node flavor has less than 25GB, even with dedicated storage\n1891551 - Clusterautoscaler doesn\u0027t scale up as expected\n1891552 - Handle missing labels as empty. \n1891555 - The windows oc.exe binary does not have version metadata\n1891559 - kuryr-cni cannot start new thread\n1891614 - [mlx] testpmd fails inside OpenShift pod using DevX version 19.11\n1891625 - [Release 4.7] Mutable LoadBalancer Scope\n1891702 - installer get pending when additionalTrustBundle is added into install-config.yaml\n1891716 - OVN cluster upgrade from 4.6.1 to 4.7 fails\n1891740 - OperatorStatusChanged is noisy\n1891758 - the authentication operator may spam DeploymentUpdated event endlessly\n1891759 - Dockerfile builds cannot change /etc/pki/ca-trust\n1891816 - [UPI] [OSP] control-plane.yml provisioning playbook fails on OSP 16.1\n1891825 - Error message not very informative in case of mode mismatch\n1891898 - The ClusterServiceVersion can define Webhooks that cannot be created. \n1891951 - UI should show warning while creating pools with compression on\n1891952 - [Release 4.7] Apps Domain Enhancement\n1891993 - 4.5 to 4.6 upgrade doesn\u0027t remove deployments created by marketplace\n1891995 - OperatorHub displaying old content\n1891999 - Storage efficiency card showing wrong compression ratio\n1892004 - OCP 4.6 opm on Ubuntu 18.04.4 - error /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28\u0027 not found (required by ./opm)\n1892167 - [SR-IOV] SriovNetworkNodePolicies apply ignoring the spec.nodeSelector. \n1892198 - TypeError in \u0027Performance Profile\u0027 tab displayed for \u0027Performance Addon Operator\u0027\n1892288 - assisted install workflow creates excessive control-plane disruption\n1892338 - HAProxyReloadFail alert only briefly fires in the event of a broken HAProxy config\n1892358 - [e2e][automation] update feature gate for kubevirt-gating job\n1892376 - Deleted netnamespace could not be re-created\n1892390 - TestOverwrite/OverwriteBundle/DefaultBehavior in operator-registry is flaky\n1892393 - TestListPackages is flaky\n1892448 - MCDPivotError alert/metric missing\n1892457 - NTO-shipped stalld needs to use FIFO for boosting. \n1892467 - linuxptp-daemon crash\n1892521 - [AWS] Startup bootstrap machine failed due to ignition file is missing in disconnected UPI env\n1892653 - User is unable to create KafkaSource with v1beta\n1892724 - VFS added to the list of devices of the nodeptpdevice CRD\n1892799 - Mounting additionalTrustBundle in the operator\n1893117 - Maintenance mode on vSphere blocks installation. \n1893351 - TLS secrets are not able to edit on console. \n1893362 - The ovs-xxxxx_openshift-sdn container does not terminate gracefully, slowing down reboots\n1893386 - false-positive ReadyIngressNodes_NoReadyIngressNodes: Auth operator makes risky \"worker\" assumption when guessing about ingress availability\n1893546 - Deploy using virtual media fails on node cleaning step\n1893601 - overview filesystem utilization of OCP is showing the wrong values\n1893645 - oc describe route SIGSEGV\n1893648 - Ironic image building process is not compatible with UEFI secure boot\n1893724 - OperatorHub generates incorrect RBAC\n1893739 - Force deletion doesn\u0027t work for snapshots if snapshotclass is already deleted\n1893776 - No useful metrics for image pull time available, making debugging issues there impossible\n1893798 - Lots of error messages starting with \"get namespace to enqueue Alertmanager instances failed\" in the logs of prometheus-operator\n1893832 - ErrorCount field is missing in baremetalhosts.metal3.io CRD\n1893889 - disabled dropdown items in the pf dropdown component are skipped over and unannounced by JAWS\n1893926 - Some \"Dynamic PV (block volmode)\" pattern storage e2e tests are wrongly skipped\n1893944 - Wrong product name for Multicloud Object Gateway\n1893953 - (release-4.7) Gather default StatefulSet configs\n1893956 - Installation always fails at \"failed to initialize the cluster: Cluster operator image-registry is still updating\"\n1893963 - [Testday] Workloads-\u003e Virtualization is not loading for Firefox browser\n1893972 - Should skip e2e test cases as early as possible\n1894013 - [v2v][Testday] VMware to CNV VM import]VMware URL: It is not clear that only the FQDN/IP address is required without \u0027https://\u0027\n1894020 - User with edit users cannot deploy images from their own namespace from the developer perspective\n1894025 - OCP 4.5 to 4.6 upgrade for \"aws-ebs-csi-driver-operator\" fails when \"defaultNodeSelector\" is set\n1894041 - [v2v][[Testday]VM import from VMware/RHV] VM import wizard: The target storage class name is not displayed if default storage class is used. \n1894065 - tag new packages to enable TLS support\n1894110 - Console shows wrong value for maxUnavailable and maxSurge when set to 0\n1894144 - CI runs of baremetal IPI are failing due to newer libvirt libraries\n1894146 - ironic-api used by metal3 is over provisioned and consumes a lot of RAM\n1894194 - KuryrPorts leftovers from 4.6 GA need to be deleted\n1894210 - Failed to encrypt OSDs on OCS4.6 installation (via UI)\n1894216 - Improve OpenShift Web Console availability\n1894275 - Fix CRO owners file to reflect node owner\n1894278 - \"database is locked\" error when adding bundle to index image\n1894330 - upgrade channels needs to be updated for 4.7\n1894342 - oauth-apiserver logs many \"[SHOULD NOT HAPPEN] failed to update managedFields for ... OAuthClient ... no corresponding type for oauth.openshift.io/v1, Kind=OAuthClient\"\n1894374 - Dont prevent the user from uploading a file with incorrect extension\n1894432 - [oVirt] sometimes installer timeout on tmp_import_vm\n1894477 - bash syntax error in nodeip-configuration.service\n1894503 - add automated test for Polarion CNV-5045\n1894519 - [OSP] External mode cluster creation disabled for Openstack and oVirt platform\n1894539 - [on-prem] Unable to deploy additional machinesets on separate subnets\n1894645 - Cinder volume provisioning crashes on nil cloud provider\n1894677 - image-pruner job is panicking: klog stack\n1894810 - Remove TechPreview Badge from Eventing in Serverless version 1.11.0\n1894860 - \u0027backend\u0027 CI job passing despite failing tests\n1894910 - Update the node to use the real-time kernel fails\n1894992 - All nightly jobs for e2e-metal-ipi failing due to ipa image missing tenacity package\n1895065 - Schema / Samples / Snippets Tabs are all selected at the same time\n1895099 - vsphere-upi and vsphere-upi-serial jobs time out waiting for bootstrap to complete in CI\n1895141 - panic in service-ca injector\n1895147 - Remove memory limits on openshift-dns\n1895169 - VM Template does not properly manage Mount Windows guest tools check box during VM creation\n1895268 - The bundleAPIs should NOT be empty\n1895309 - [OCP v47] The RHEL node scaleup fails due to \"No package matching \u0027cri-o-1.19.*\u0027 found available\" on OCP 4.7 cluster\n1895329 - The infra index filled with warnings \"WARNING: kubernetes.io/cinder built-in volume provider is now deprecated. The Cinder volume provider is deprecated and will be removed in a future release\"\n1895360 - Machine Config Daemon removes a file although its defined in the dropin\n1895367 - Missing image in metadata DB index.db in disconnected Operator Hub installation. OCP 4.6.1\n1895372 - Web console going blank after selecting any operator to install from OperatorHub\n1895385 - Revert KUBELET_LOG_LEVEL back to level 3\n1895423 - unable to edit an application with a custom builder image\n1895430 - unable to edit custom template application\n1895509 - Backup taken on one master cannot be restored on other masters\n1895537 - [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image\n1895838 - oc explain description contains \u0027/\u0027\n1895908 - \"virtio\" option is not available when modifying a CD-ROM to disk type\n1895909 - e2e-metal-ipi-ovn-dualstack is failing\n1895919 - NTO fails to load kernel modules\n1895959 - configuring webhook token authentication should prevent cluster upgrades\n1895979 - Unable to get coreos-installer with --copy-network to work\n1896101 - [cnv][automation] Added negative tests for migration from VMWare and RHV\n1896160 - CI: Some cluster operators are not ready: marketplace (missing: Degraded)\n1896188 - [sig-cli] oc debug deployment configs from a build: local-busybox-1-build not completed\n1896218 - Occasional GCP install failures: Error setting IAM policy for project ...: googleapi: Error 400: Service account ... does not exist., badRequest\n1896229 - Current Rate of Bytes Received and Current Rate of Bytes Transmitted data can not be loaded\n1896244 - Found a panic in storage e2e test\n1896296 - Git links should avoid .git as part of the URL and should not link git:// urls in general\n1896302 - [e2e][automation] Fix 4.6 test failures\n1896365 - [Migration]The SDN migration cannot revert under some conditions\n1896384 - [ovirt IPI]: local coredns resolution not working\n1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6\n1896529 - Incorrect instructions in the Serverless operator and application quick starts\n1896645 - documentationBaseURL needs to be updated for 4.7\n1896697 - [Descheduler] policy.yaml param in cluster configmap is empty\n1896704 - Machine API components should honour cluster wide proxy settings\n1896732 - \"Attach to Virtual Machine OS\" button should not be visible on old clusters\n1896866 - File /etc/NetworkManager/system-connections/default_connection.nmconnection is incompatible with SR-IOV operator\n1896898 - ovs-configuration.service fails when multiple IPv6 default routes are provided via RAs over the same interface and deployment bootstrap fails\n1896918 - start creating new-style Secrets for AWS\n1896923 - DNS pod /metrics exposed on anonymous http port\n1896977 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters\n1897003 - VNC console cannot be connected after visit it in new window\n1897008 - Cypress: reenable check for \u0027aria-hidden-focus\u0027 rule \u0026 checkA11y test for modals\n1897026 - [Migration] With updating optional network operator configuration, migration stucks on MCO\n1897039 - router pod keeps printing log: template \"msg\"=\"router reloaded\" \"output\"=\"[WARNING] 316/065823 (15) : parsing [/var/lib/haproxy/conf/haproxy.config:52]: option \u0027http-use-htx\u0027 is deprecated and ignored\n1897050 - [IBM Power] LocalVolumeSet provisions boot partition as PV. \n1897073 - [OCP 4.5] wrong netid assigned to Openshift projects/namespaces\n1897138 - oVirt provider uses depricated cluster-api project\n1897142 - When scaling replicas to zero, Octavia loadbalancer pool members are not updated accordingly\n1897252 - Firing alerts are not showing up in console UI after cluster is up for some time\n1897354 - Operator installation showing success, but Provided APIs are missing\n1897361 - The MCO GCP-OP tests fail consistently on containerruntime tests with \"connection refused\"\n1897412 - [sriov]disableDrain did not be updated in CRD of manifest\n1897423 - Max unavailable and Max surge value are not shown on Deployment Config Details page\n1897516 - Baremetal IPI deployment with IPv6 control plane fails when the nodes obtain both SLAAC and DHCPv6 addresses as they set their hostname to \u0027localhost\u0027\n1897520 - After restarting nodes the image-registry co is in degraded true state. \n1897584 - Add casc plugins\n1897603 - Cinder volume attachment detection failure in Kubelet\n1897604 - Machine API deployment fails: Kube-Controller-Manager can\u0027t reach API: \"Unauthorized\"\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1897641 - Baremetal IPI with IPv6 control plane: nodes respond with duplicate packets to ICMP6 echo requests\n1897676 - [CI] [Azure] [UPI] CI failing since 4.6 changes in ignition\n1897830 - [GSS] Unable to deploy OCS 4.5.2 on OCP 4.6.1, cannot `Create OCS Cluster Service`\n1897891 - [RFE][v2v][UI][CNV VM import] Providing error message or/and block migration when vddk-init-image is missing\n1897897 - ptp lose sync openshift 4.6\n1898036 - no network after reboot (IPI)\n1898045 - AWS EBS CSI Driver can not get updated cloud credential secret automatically\n1898097 - mDNS floods the baremetal network\n1898118 - Lack of logs on some image stream tests make hard to find root cause of a problem\n1898134 - Descheduler logs show absolute values instead of percentage when LowNodeUtilization strategy is applied\n1898159 - kcm operator shall pass --allocate-node-cidrs=false to kcm for ovn-kube and openshift-sdn cluster\n1898174 - [OVN] EgressIP does not guard against node IP assignment\n1898194 - GCP: can\u0027t install on custom machine types\n1898238 - Installer validations allow same floating IP for API and Ingress\n1898268 - [OVN]: `make check` broken on 4.6\n1898289 - E2E test: Use KUBEADM_PASSWORD_FILE by default\n1898320 - Incorrect Apostrophe Translation of \"it\u0027s\" in Scheduling Disabled Popover\n1898357 - Within the operatorhub details view, long unbroken text strings do not wrap cause breaking display. \n1898407 - [Deployment timing regression] Deployment takes longer with 4.7\n1898417 - GCP: the dns targets in Google Cloud DNS is not updated after recreating loadbalancer service\n1898487 - [oVirt] Node is not removed when VM has been removed from oVirt engine\n1898500 - Failure to upgrade operator when a Service is included in a Bundle\n1898517 - Ironic auto-discovery may result in rogue nodes registered in ironic\n1898532 - Display names defined in specDescriptors not respected\n1898580 - When adding more than one node selector to the sriovnetworknodepolicy, the cni and the device plugin pods are constantly rebooted\n1898613 - Whereabouts should exclude IPv6 ranges\n1898655 - [oVirt] Node deleted in oVirt should cause the Machine to go into a Failed phase\n1898679 - Operand creation form - Required \"type: object\" properties (Accordion component) are missing red asterisk\n1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability\n1898745 - installation failing with CVO reporting openshift-samples not rolled out, samples not setting versions in its ClusterOperator\n1898839 - Wrong YAML in operator metadata\n1898851 - Multiple Pods access the same volume on the same node e2e test cases are missed from aws ebs csi driver e2e test job\n1898873 - Remove TechPreview Badge from Monitoring\n1898954 - Backup script does not take /etc/kubernetes/static-pod-resources on a reliable way\n1899111 - [RFE] Update jenkins-maven-agen to maven36\n1899128 - VMI details screen -\u003e show the warning that it is preferable to have a VM only if the VM actually does not exist\n1899175 - bump the RHCOS boot images for 4.7\n1899198 - Use new packages for ipa ramdisks\n1899200 - In Installed Operators page I cannot search for an Operator by it\u0027s name\n1899220 - Support AWS IMDSv2\n1899350 - configure-ovs.sh doesn\u0027t configure bonding options\n1899433 - When Creating OCS from ocs wizard Step Discover Disks shows Error \"An error occurred Not Found\"\n1899459 - Failed to start monitoring pods once the operator removed from override list of CVO\n1899515 - Passthrough credentials are not immediately re-distributed on update\n1899575 - update discovery burst to reflect lots of CRDs on openshift clusters\n1899582 - update discovery burst to reflect lots of CRDs on openshift clusters\n1899588 - Operator objects are re-created after all other associated resources have been deleted\n1899600 - Increased etcd fsync latency as of OCP 4.6\n1899603 - workers-rhel7 CI jobs failing: Failed to remove rollback: error running rpm-ostree cleanup\n1899627 - Project dashboard Active status using small icon\n1899725 - Pods table does not wrap well with quick start sidebar open\n1899746 - [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD)\n1899760 - etcd_request_duration_seconds_bucket metric has excessive cardinality\n1899835 - catalog-operator repeatedly crashes with \"runtime error: index out of range [0] with length 0\"\n1899839 - thanosRuler.resources.requests does not take effect in user-workload-monitoring-config confimap\n1899853 - additionalSecurityGroupIDs not working for master nodes\n1899922 - NP changes sometimes influence new pods. \n1899949 - [Platform] Remove restriction on disk type selection for LocalVolumeSet\n1900008 - Fix internationalized sentence fragments in ImageSearch.tsx\n1900010 - Fix internationalized sentence fragments in BuildImageSelector.tsx\n1900020 - Remove \u0026apos; from internationalized keys\n1900022 - Search Page - Top labels field is not applied to selected Pipeline resources\n1900030 - disruption_tests: [sig-imageregistry] Image registry remain available failing consistently\n1900126 - Creating a VM results in suggestion to create a default storage class when one already exists\n1900138 - [OCP on RHV] Remove insecure mode from the installer\n1900196 - stalld is not restarted after crash\n1900239 - Skip \"subPath should be able to unmount\" NFS test\n1900322 - metal3 pod\u0027s toleration for key: node-role.kubernetes.io/master currently matches on exact value matches but should match on Exists\n1900377 - [e2e][automation] create new css selector for active users\n1900496 - (release-4.7) Collect spec config for clusteroperator resources\n1900672 - (s390x) Upgrade from old LUKS to new not working with DASD disks\n1900699 - Impossible to add new Node on OCP 4.6 using large ECKD disks - fdasd issue\n1900759 - include qemu-guest-agent by default\n1900790 - Track all resource counts via telemetry\n1900835 - Multus errors when cachefile is not found\n1900935 - `oc adm release mirror` panic panic: runtime error\n1900989 - accessing the route cannot wake up the idled resources\n1901040 - When scaling down the status of the node is stuck on deleting\n1901057 - authentication operator health check failed when installing a cluster behind proxy\n1901107 - pod donut shows incorrect information\n1901111 - Installer dependencies are broken\n1901200 - linuxptp-daemon crash when enable debug log level\n1901301 - CBO should handle platform=BM without provisioning CR\n1901355 - [Azure][4.7] Invalid vm size from customized compute nodes does not fail properly\n1901363 - High Podready Latency due to timed out waiting for annotations\n1901373 - redundant bracket on snapshot restore button\n1901376 - [on-prem] Upgrade from 4.6 to 4.7 failed with \"timed out waiting for the condition during waitForControllerConfigToBeCompleted: controllerconfig is not completed: ControllerConfig has not completed: completed(false) running(false) failing(true\"\n1901395 - \"Edit virtual machine template\" action link should be removed\n1901472 - [OSP] Bootstrap and master nodes use different keepalived unicast setting\n1901517 - RHCOS 4.6.1 uses a single NetworkManager connection for multiple NICs when using default DHCP\n1901531 - Console returns a blank page while trying to create an operator Custom CR with Invalid Schema\n1901594 - Kubernetes resource CRUD operations.Kubernetes resource CRUD operations Pod \"before all\" hook for \"creates the resource instance\"\n1901604 - CNO blocks editing Kuryr options\n1901675 - [sig-network] multicast when using one of the plugins \u0027redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy\u0027 should allow multicast traffic in namespaces where it is enabled\n1901909 - The device plugin pods / cni pod are restarted every 5 minutes\n1901982 - [sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service\n1902019 - when podTopologySpreadConstraint strategy is enabled for descheduler it throws error\n1902059 - Wire a real signer for service accout issuer\n1902091 - `cluster-image-registry-operator` pod leaves connections open when fails connecting S3 storage\n1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service\n1902157 - The DaemonSet machine-api-termination-handler couldn\u0027t allocate Pod\n1902253 - MHC status doesnt set RemediationsAllowed = 0\n1902299 - Failed to mirror operator catalog - error: destination registry required\n1902545 - Cinder csi driver node pod should add nodeSelector for Linux\n1902546 - Cinder csi driver node pod doesn\u0027t run on master node\n1902547 - Cinder csi driver controller pod doesn\u0027t run on master node\n1902552 - Cinder csi driver does not use the downstream images\n1902595 - Project workloads list view doesn\u0027t show alert icon and hover message\n1902600 - Container csi-snapshotter in Cinder csi driver needs to use ImagePullPolicy=IfNotPresent\n1902601 - Cinder csi driver pods run as BestEffort qosClass\n1902653 - [BM][IPI] Master deployment failed: No valid host was found. Reason: No conductor service registered which supports driver redfish for conductor group\n1902702 - [sig-auth][Feature:LDAP][Serial] ldap group sync can sync groups from ldap: oc cp over non-existing directory/file fails\n1902746 - [BM][IP] Master deployment failed - Base.1.0.GeneralError: database is locked\n1902824 - failed to generate semver informed package manifest: unable to determine default channel\n1902894 - hybrid-overlay-node crashing trying to get node object during initialization\n1902969 - Cannot load vmi detail page\n1902981 - It should default to current namespace when create vm from template\n1902996 - [AWS] UPI on USGov, bootstrap machine can not fetch ignition file via s3:// URI\n1903033 - duplicated lines of imageContentSources is seen when mirror release image to local registry\n1903034 - OLM continuously printing debug logs\n1903062 - [Cinder csi driver] Deployment mounted volume have no write access\n1903078 - Deleting VolumeSnapshotClass makes VolumeSnapshot not Ready\n1903107 - Enable vsphere-problem-detector e2e tests\n1903164 - OpenShift YAML editor jumps to top every few seconds\n1903165 - Improve Canary Status Condition handling for e2e tests\n1903172 - Column Management: Fix sticky footer on scroll\n1903186 - [Descheduler] cluster logs should report some info when PodTopologySpreadConstraints strategy is enabled\n1903188 - [Descheduler] cluster log reports failed to validate server configuration\" err=\"unsupported log format:\n1903192 - Role name missing on create role binding form\n1903196 - Popover positioning is misaligned for Overview Dashboard status items\n1903206 - Ingress controller incorrectly routes traffic to non-ready pods/backends. \n1903226 - MutatingWebhookConfiguration pod-identity-webhook does not exclude critical control-plane components\n1903248 - Backport Upstream Static Pod UID patch\n1903277 - Deprovisioning Not Deleting Security Groups [VpcLimitExceeded on e2e-aws tests]\n1903290 - Kubelet repeatedly log the same log line from exited containers\n1903346 - PV backed by FC lun is not being unmounted properly and this leads to IO errors / xfs corruption. \n1903382 - Panic when task-graph is canceled with a TaskNode with no tasks\n1903400 - Migrate a VM which is not running goes to pending state\n1903402 - Nic/Disk on VMI overview should link to VMI\u0027s nic/disk page\n1903414 - NodePort is not working when configuring an egress IP address\n1903424 - mapi_machine_phase_transition_seconds_sum doesn\u0027t work\n1903464 - \"Evaluating rule failed\" for \"record: cluster:kube_persistentvolumeclaim_resource_requests_storage_bytes:provisioner:sum\" and \"record: cluster:kubelet_volume_stats_used_bytes:provisioner:sum\"\n1903639 - Hostsubnet gatherer produces wrong output\n1903651 - Network Policies are not working as expected with OVN-Kubernetes when traffic hairpins back to the same source through a service\n1903660 - Cannot install with Assisted Installer on top of IPv6 since network provider is not started\n1903674 - [sig-apps] ReplicationController should serve a basic image on each replica with a private image\n1903717 - Handle different Pod selectors for metal3 Deployment\n1903733 - Scale up followed by scale down can delete all running workers\n1903917 - Failed to load \"Developer Catalog\" page\n1903999 - Httplog response code is always zero\n1904026 - The quota controllers should resync on new resources and make progress\n1904064 - Automated cleaning is disabled by default\n1904124 - DHCP to static lease script doesn\u0027t work correctly if starting with infinite leases\n1904125 - Boostrap VM .ign image gets added into \u0027default\u0027 pool instead of \u003ccluster-name\u003e-\u003cid\u003e-bootstrap\n1904131 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails\n1904133 - KubeletConfig flooded with failure conditions\n1904161 - AlertmanagerReceiversNotConfigured fires unconditionally on alertmanager restart\n1904243 - RHCOS 4.6.1 missing ISCSI initiatorname.iscsi !\n1904244 - MissingKey errors for two plugins using i18next.t\n1904262 - clusterresourceoverride-operator has version: 1.0.0 every build\n1904296 - VPA-operator has version: 1.0.0 every build\n1904297 - The index image generated by \"opm index prune\" leaves unrelated images\n1904305 - Should have scroll-down bar for the field which the values list has too many results under dashboards\n1904385 - [oVirt] registry cannot mount volume on 4.6.4 -\u003e 4.6.6 upgrade\n1904497 - vsphere-problem-detector: Run on vSphere cloud only\n1904501 - [Descheduler] descheduler does not evict any pod when PodTopologySpreadConstraint strategy is set\n1904502 - vsphere-problem-detector: allow longer timeouts for some operations\n1904503 - vsphere-problem-detector: emit alerts\n1904538 - [sig-arch][Early] Managed cluster should start all core operators: monitoring: container has runAsNonRoot and image has non-numeric user (nobody)\n1904578 - metric scraping for vsphere problem detector is not configured\n1904582 - All application traffic broken due to unexpected load balancer change on 4.6.4 -\u003e 4.6.6 upgrade\n1904663 - IPI pointer customization MachineConfig always generated\n1904679 - [Feature:ImageInfo] Image info should display information about images\n1904683 - `[sig-builds][Feature:Builds] s2i build with a root user image` tests use docker.io image\n1904684 - [sig-cli] oc debug ensure it works with image streams\n1904713 - Helm charts with kubeVersion restriction are filtered incorrectly\n1904776 - Snapshot modal alert is not pluralized\n1904824 - Set vSphere hostname from guestinfo before NM starts\n1904941 - Insights status is always showing a loading icon\n1904973 - KeyError: \u0027nodeName\u0027 on NP deletion\n1904985 - Prometheus and thanos sidecar targets are down\n1904993 - Many ampersand special characters are found in strings\n1905066 - QE - Monitoring test cases - smoke test suite automation\n1905074 - QE -Gherkin linter to maintain standards\n1905100 - Too many haproxy processes in default-router pod causing high load average\n1905104 - Snapshot modal disk items missing keys\n1905115 - CI: dev-scripts fail on 02_configure_host: Failed to start network ostestbm\n1905119 - Race in AWS EBS determining whether custom CA bundle is used\n1905128 - [e2e][automation] e2e tests succeed without actually execute\n1905133 - operator conditions special-resource-operator\n1905141 - vsphere-problem-detector: report metrics through telemetry\n1905146 - Backend Tests: TestHelmRepoGetter_SkipDisabled failures\n1905194 - Detecting broken connections to the Kube API takes up to 15 minutes\n1905221 - CVO transitions from \"Initializing\" to \"Updating\" despite not attempting many manifests\n1905232 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them failing due to inconsistent images between CI and OCP\n1905253 - Inaccurate text at bottom of Events page\n1905298 - openshift-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory\n1905299 - OLM fails to update operator\n1905307 - Provisioning CR is missing from must-gather\n1905319 - cluster-samples-operator containers are not requesting required memory resource\n1905320 - csi-snapshot-webhook is not requesting required memory resource\n1905323 - dns-operator is not requesting required memory resource\n1905324 - ingress-operator is not requesting required memory resource\n1905327 - openshift-kube-scheduler initContainer wait-for-host-port is not requesting required resources: cpu, memory\n1905328 - Changing the bound token service account issuer invalids previously issued bound tokens\n1905329 - openshift-oauth-apiserver initContainer fix-audit-permissions is not requesting required resources: cpu, memory\n1905330 - openshift-monitoring init-textfile is not requesting required resources: cpu, memory\n1905338 - QE -Cypress Automation for Add Flow - Database, Yaml, OperatorBacked, PageDetails\n1905347 - QE - Design Gherkin Scenarios\n1905348 - QE - Design Gherkin Scenarios\n1905362 - [sriov] Error message \u0027Fail to update DaemonSet\u0027 always shown in sriov operator pod\n1905368 - [sriov] net-attach-def generated from sriovnetwork cannot be restored once it was deleted\n1905370 - A-Z/Z-A sorting dropdown on Developer Catalog page is not aligned with filter text input\n1905380 - Default to Red Hat/KubeVirt provider if common template does not have provider annotation\n1905393 - CMO uses rbac.authorization.k8s.io/v1beta1 instead of rbac.authorization.k8s.io/v1\n1905404 - The example of \"Remove the entrypoint on the mysql:latest image\" for `oc image append` does not work\n1905416 - Hyperlink not working from Operator Description\n1905430 - usbguard extension fails to install because of missing correct protobuf dependency version\n1905492 - The stalld service has a higher scheduler priority than ksoftirq and rcu{b, c} threads\n1905502 - Test flake - unable to get https transport for ephemeral-registry\n1905542 - [GSS] The \"External\" mode option is not available when the OCP cluster is deployed using Redhat Cluster Assisted Installer 4.6. \n1905599 - Errant change to lastupdatetime in copied CSV status can trigger runaway csv syncs\n1905610 - Fix typo in export script\n1905621 - Protractor login test fails against a 4.7 (nightly) Power cluster\n1905640 - Subscription manual approval test is flaky\n1905647 - Report physical core valid-for-subscription min/max/cumulative use to telemetry\n1905696 - ClusterMoreUpdatesModal component did not get internationalized\n1905748 - with sharded ingresscontrollers, all shards reload when any endpoint changes\n1905761 - NetworkPolicy with Egress policyType is resulting in SDN errors and improper communication within Project\n1905778 - inconsistent ingresscontroller between fresh installed cluster and upgraded cluster\n1905792 - [OVN]Cannot create egressfirewalll with dnsName\n1905889 - Should create SA for each namespace that the operator scoped\n1905920 - Quickstart exit and restart\n1905941 - Page goes to error after create catalogsource\n1905977 - QE ghaekin design scenaio-pipeline metrics ODC-3711\n1906032 - Canary Controller: Canary daemonset rolls out slowly in large clusters\n1906100 - Disconnected cluster upgrades are failing from the cli, when signature retrieval is being blackholed instead of quickly rejected\n1906105 - CBO annotates an existing Metal3 deployment resource to indicate that it is managing it\n1906118 - OCS feature detection constantly polls storageclusters and storageclasses\n1906120 - \u0027Create Role Binding\u0027 form not setting user or group value when created from a user or group resource\n1906121 - [oc] After new-project creation, the kubeconfig file does not set the project\n1906134 - OLM should not create OperatorConditions for copied CSVs\n1906143 - CBO supports log levels\n1906186 - i18n: Translators are not able to translate `this` without context for alert manager config\n1906228 - tuned and openshift-tuned sometimes do not terminate gracefully, slowing reboots\n1906274 - StorageClass installed by Cinder csi driver operator should enable the allowVolumeExpansion to support volume resize. \n1906276 - `oc image append` can\u0027t work with multi-arch image with --filter-by-os=\u0027.*\u0027\n1906318 - use proper term for Authorized SSH Keys\n1906335 - The lastTransitionTime, message, reason field of operatorcondition should be optional\n1906356 - Unify Clone PVC boot source flow with URL/Container boot source\n1906397 - IPA has incorrect kernel command line arguments\n1906441 - HorizontalNav and NavBar have invalid keys\n1906448 - Deploy using virtualmedia with provisioning network disabled fails - \u0027Failed to connect to the agent\u0027 in ironic-conductor log\n1906459 - openstack: Quota Validation fails if unlimited quotas are given to a project\n1906496 - [BUG] Thanos having possible memory leak consuming huge amounts of node\u0027s memory and killing them\n1906508 - TestHeaderNameCaseAdjust outputs nil error message on some failures\n1906511 - Root reprovisioning tests flaking often in CI\n1906517 - Validation is not robust enough and may prevent to generate install-confing. \n1906518 - Update snapshot API CRDs to v1\n1906519 - Update LSO CRDs to use v1\n1906570 - Number of disruptions caused by reboots on a cluster cannot be measured\n1906588 - [ci][sig-builds] nodes is forbidden: User \"e2e-test-jenkins-pipeline-xfghs-user\" cannot list resource \"nodes\" in API group \"\" at the cluster scope\n1906650 - Cannot collect network policy, EgressFirewall, egressip logs with gather_network_logs\n1906655 - [SDN]Cannot colloect ovsdb-server.log and ovs-vswitchd.log with gather_network_logs\n1906679 - quick start panel styles are not loaded\n1906683 - Kn resources are not showing in Topology if triggers has KSVC and IMC as subscriber\n1906684 - Event Source creation fails if user selects no app group and switch to yaml and then to form\n1906685 - SinkBinding is shown in topology view if underlying resource along with actual source created\n1906689 - user can pin to nav configmaps and secrets multiple times\n1906691 - Add doc which describes disabling helm chart repository\n1906713 - Quick starts not accesible for a developer user\n1906718 - helm chart \"provided by Redhat\" is misspelled\n1906732 - Machine API proxy support should be tested\n1906745 - Update Helm endpoints to use Helm 3.4.x\n1906760 - performance issues with topology constantly re-rendering\n1906766 - localized `Autoscaled` \u0026 `Autoscaling` pod texts overlap with the pod ring\n1906768 - Virtualization nav item is incorrectly placed in the Admin Workloads section\n1906769 - topology fails to load with non-kubeadmin user\n1906770 - shortcuts on mobiles view occupies a lot of space\n1906798 - Dev catalog customization doesn\u0027t update console-config ConfigMap\n1906806 - Allow installing extra packages in ironic container images\n1906808 - [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer\n1906835 - Topology view shows add page before then showing full project workloads\n1906840 - ClusterOperator should not have status \"Updating\" if operator version is the same as the release version\n1906844 - EndpointSlice and EndpointSliceProxying feature gates should be disabled for openshift-sdn kube-proxy\n1906860 - Bump kube dependencies to v1.20 for Net Edge components\n1906864 - Quick Starts Tour: Need to adjust vertical spacing\n1906866 - Translations of Sample-Utils\n1906871 - White screen when sort by name in monitoring alerts page\n1906872 - Pipeline Tech Preview Badge Alignment\n1906875 - Provide an option to force backup even when API is not available. \n1906877 - Placeholder\u0027 value in search filter do not match column heading in Vulnerabilities\n1906879 - Add missing i18n keys\n1906880 - oidcdiscoveryendpoint controller invalidates all TokenRequest API tokens during install\n1906896 - No Alerts causes odd empty Table (Need no content message)\n1906898 - Missing User RoleBindings in the Project Access Web UI\n1906899 - Quick Start - Highlight Bounding Box Issue\n1906916 - Teach CVO about flowcontrol.apiserver.k8s.io/v1beta1\n1906933 - Cluster Autoscaler should have improved mechanisms for group identifiers\n1906935 - Delete resources when Provisioning CR is deleted\n1906968 - Must-gather should support collecting kubernetes-nmstate resources\n1906986 - Ensure failed pod adds are retried even if the pod object doesn\u0027t change\n1907199 - Need to upgrade machine-api-operator module version under cluster-api-provider-kubevirt\n1907202 - configs.imageregistry.operator.openshift.io cluster does not update its status fields after URL change\n1907211 - beta promotion of p\u0026f switched storage version to v1beta1, making downgrades impossible. \n1907269 - Tooltips data are different when checking stack or not checking stack for the same time\n1907280 - Install tour of OCS not available. \n1907282 - Topology page breaks with white screen\n1907286 - The default mhc machine-api-termination-handler couldn\u0027t watch spot instance\n1907287 - [csi-snapshot-webhook] should support both v1beta1 and v1 version when creating volumesnapshot/volumesnapshotcontent\n1907293 - Increase timeouts in e2e tests\n1907295 - Gherkin script for improve management for helm\n1907299 - Advanced Subscription Badge for KMS and Arbiter not present\n1907303 - Align VM template list items by baseline\n1907304 - Use PF styles for selected template card in VM Wizard\n1907305 - Drop \u0027ISO\u0027 from CDROM boot source message\n1907307 - Support and provider labels should be passed on between templates and sources\n1907310 - Pin action should be renamed to favorite\n1907312 - VM Template source popover is missing info about added date\n1907313 - ClusterOperator objects cannot be overriden with cvo-overrides\n1907328 - iproute-tc package is missing in ovn-kube image\n1907329 - CLUSTER_PROFILE env. variable is not used by the CVO\n1907333 - Node stuck in degraded state, mcp reports \"Failed to remove rollback: error running rpm-ostree cleanup -r: error: Timeout was reached\"\n1907373 - Rebase to kube 1.20.0\n1907375 - Bump to latest available 1.20.x k8s - workloads team\n1907378 - Gather netnamespaces networking info\n1907380 - kube-rbac-proxy exposes tokens, has excessive verbosity\n1907381 - OLM fails to deploy an operator if its deployment template contains a description annotation that doesn\u0027t match the CSV one\n1907390 - prometheus-adapter: panic after k8s 1.20 bump\n1907399 - build log icon link on topology nodes cause app to reload\n1907407 - Buildah version not accessible\n1907421 - [4.6.1]oc-image-mirror command failed on \"error: unable to copy layer\"\n1907453 - Dev Perspective -\u003e running vm details -\u003e resources -\u003e no data\n1907454 - Install PodConnectivityCheck CRD with CNO\n1907459 - \"The Boot source is also maintained by Red Hat.\" is always shown for all boot sources\n1907475 - Unable to estimate the error rate of ingress across the connected fleet\n1907480 - `Active alerts` section throwing forbidden error for users. \n1907518 - Kamelets/Eventsource should be shown to user if they have create access\n1907543 - Korean timestamps are shown when users\u0027 language preferences are set to German-en-en-US\n1907610 - Update kubernetes deps to 1.20\n1907612 - Update kubernetes deps to 1.20\n1907621 - openshift/installer: bump cluster-api-provider-kubevirt version\n1907628 - Installer does not set primary subnet consistently\n1907632 - Operator Registry should update its kubernetes dependencies to 1.20\n1907639 - pass dual-stack node IPs to kubelet in dual-stack clusters\n1907644 - fix up handling of non-critical annotations on daemonsets/deployments\n1907660 - Pod list does not render cell height correctly when pod names are too long (dynamic table rerendering issue?)\n1907670 - CVE-2020-27846 crewjam/saml: authentication bypass in saml authentication\n1907671 - Ingress VIP assigned to two infra nodes simultaneously - keepalived process running in pods seems to fail\n1907767 - [e2e][automation]update test suite for kubevirt plugin\n1907770 - Recent RHCOS 47.83 builds (from rhcos-47.83.202012072210-0 on) don\u0027t allow master and worker nodes to boot\n1907792 - The `overrides` of the OperatorCondition cannot block the operator upgrade\n1907793 - Surface support info in VM template details\n1907812 - 4.7 to 4.6 downgrade stuck in clusteroperator storage\n1907822 - [OCP on OSP] openshift-install panic when checking quota with install-config have no flavor set\n1907863 - Quickstarts status not updating when starting the tour\n1907872 - dual stack with an ipv6 network fails on bootstrap phase\n1907874 - QE - Design Gherkin Scenarios for epic ODC-5057\n1907875 - No response when try to expand pvc with an invalid size\n1907876 - Refactoring record package to make gatherer configurable\n1907877 - QE - Automation- pipelines builder scripts\n1907883 - Fix Pipleine creation without namespace issue\n1907888 - Fix pipeline list page loader\n1907890 - Misleading and incomplete alert message shown in pipeline-parameters and pipeline-resources form\n1907892 - Unable to edit application deployed using \"From Devfile\" option\n1907893 - navSortUtils.spec.ts unit test failure\n1907896 - When a workload is added, Topology does not place the new items well\n1907908 - VM Wizard always uses VirtIO for the VM rootdisk regardless what is defined in common-template\n1907924 - Enable madvdontneed in OpenShift Images\n1907929 - Enable madvdontneed in OpenShift System Components Part 2\n1907936 - NTO is not reporting nto_profile_set_total metrics correctly after reboot\n1907947 - The kubeconfig saved in tenantcluster shouldn\u0027t include anything that is not related to the current context\n1907948 - OCM-O bump to k8s 1.20\n1907952 - bump to k8s 1.20\n1907972 - Update OCM link to open Insights tab\n1907989 - DataVolumes was intorduced in common templates - VM creation fails in the UI\n1907998 - Gather kube_pod_resource_request/limit metrics as exposed in upstream KEP 1916\n1908001 - [CVE-2020-10749] Update github.com/containernetworking/plugins to v.0.8.6 in egress-router-cni\n1908014 - e2e-aws-ansible and e2e-aws-helm are broken in ocp-release-operator-sdk\n1908035 - dynamic-demo-plugin build does not generate dist directory\n1908135 - quick search modal is not centered over topology\n1908145 - kube-scheduler-recovery-controller container crash loop when router pod is co-scheduled\n1908159 - [AWS C2S] MCO fails to sync cloud config\n1908171 - GCP: Installation fails when installing cluster with n1-custom-4-16384custom type (n1-custom-4-16384)\n1908180 - Add source for template is stucking in preparing pvc\n1908217 - CI: Server-Side Apply should work for oauth.openshift.io/v1: has no tokens\n1908231 - [Migration] The pods ovnkube-node are in CrashLoopBackOff after SDN to OVN\n1908277 - QE - Automation- pipelines actions scripts\n1908280 - Documentation describing `ignore-volume-az` is incorrect\n1908296 - Fix pipeline builder form yaml switcher validation issue\n1908303 - [CVE-2020-28367 CVE-2020-28366] Remove CGO flag from rhel Dockerfile in Egress-Router-CNI\n1908323 - Create button missing for PLR in the search page\n1908342 - The new pv_collector_total_pv_count is not reported via telemetry\n1908344 - [vsphere-problem-detector] CheckNodeProviderID and CheckNodeDiskUUID have the same name\n1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots\n1908349 - Volume snapshot tests are failing after 1.20 rebase\n1908353 - QE - Automation- pipelines runs scripts\n1908361 - bump to k8s 1.20\n1908367 - QE - Automation- pipelines triggers scripts\n1908370 - QE - Automation- pipelines secrets scripts\n1908375 - QE - Automation- pipelines workspaces scripts\n1908381 - Go Dependency Fixes for Devfile Lib\n1908389 - Loadbalancer Sync failing on Azure\n1908400 - Tests-e2e, increase timeouts, re-add TestArchiveUploadedAndResultsReceived\n1908407 - Backport Upstream 95269 to fix potential crash in kubelet\n1908410 - Exclude Yarn from VSCode search\n1908425 - Create Role Binding form subject type and name are undefined when All Project is selected\n1908431 - When the marketplace-operator pod get\u0027s restarted, the custom catalogsources are gone, as well as the pods\n1908434 - Remove \u0026apos from metal3-plugin internationalized strings\n1908437 - Operator backed with no icon has no badge associated with the CSV tag\n1908459 - bump to k8s 1.20\n1908461 - Add bugzilla component to OWNERS file\n1908462 - RHCOS 4.6 ostree removed dhclient\n1908466 - CAPO AZ Screening/Validating\n1908467 - Zoom in and zoom out in topology package should be sentence case\n1908468 - [Azure][4.7] Installer can\u0027t properly parse instance type with non integer memory size\n1908469 - nbdb failed to come up while bringing up OVNKubernetes cluster\n1908471 - OLM should bump k8s dependencies to 1.20\n1908484 - oc adm release extract --cloud=aws --credentials-requests dumps all manifests\n1908493 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM\n1908545 - VM clone dialog does not open\n1908557 - [e2e][automation]Miss css id on bootsource and reviewcreate step on wizard\n1908562 - Pod readiness is not being observed in real world cases\n1908565 - [4.6] Cannot filter the platform/arch of the index image\n1908573 - Align the style of flavor\n1908583 - bootstrap does not run on additional networks if configured for master in install-config\n1908596 - Race condition on operator installation\n1908598 - Persistent Dashboard shows events for all provisioners\n1908641 - Go back to Catalog Page link on Virtual Machine page vanishes on empty state\n1908648 - Skip TestKernelType test on OKD, adjust TestExtensions\n1908650 - The title of customize wizard is inconsistent\n1908654 - cluster-api-provider: volumes and disks names shouldn\u0027t change by machine-api-operator\n1908675 - Reenable [sig-storage] CSI mock volume CSI FSGroupPolicy [LinuxOnly] should modify fsGroup if fsGroupPolicy=default [Suite:openshift/conformance/parallel] [Suite:k8s]\n1908687 - Option to save user settings separate when using local bridge (affects console developers only)\n1908697 - Show `kubectl diff ` command in the oc diff help page\n1908715 - Pressing the arrow up key when on topmost quick-search list item it should loop back to bottom\n1908716 - UI breaks on click of sidebar of ksvc (if revisions not up) in topology on 4.7 builds\n1908717 - \"missing unit character in duration\" error in some network dashboards\n1908746 - [Safari] Drop Shadow doesn\u0027t works as expected on hover on workload\n1908747 - stale S3 CredentialsRequest in CCO manifest\n1908758 - AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase\n1908830 - RHCOS 4.6 - Missing Initiatorname\n1908868 - Update empty state message for EventSources and Channels tab\n1908880 - 4.7 aws-serial CI: NoExecuteTaintManager Single Pod [Serial] eventually evict pod with finite tolerations from tainted nodes\n1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference\n1908888 - Dualstack does not work with multiple gateways\n1908889 - Bump CNO to k8s 1.20\n1908891 - TestDNSForwarding DNS operator e2e test is failing frequently\n1908914 - CNO: upgrade nodes before masters\n1908918 - Pipeline builder yaml view sidebar is not responsive\n1908960 - QE - Design Gherkin Scenarios\n1908971 - Gherkin Script for pipeline debt 4.7\n1908983 - i18n: Add Horizontal Pod Autoscaler action menu is not translated\n1908997 - Unsupported access mode should not be available when creating pvc by cinder-csi-driver/gcp-pd-csi-driver from web-console\n1908998 - [cinder-csi-driver] doesn\u0027t detect the credentials change\n1909004 - \"No datapoints found\" for RHEL node\u0027s filesystem graph\n1909005 - i18n: workloads list view heading is not translated\n1909012 - csi snapshot webhook does not block any invalid update for volumesnapshot and volumesnapshotcontent objects\n1909027 - Disks option of Sectected capacity chart shows HDD disk even on selection of SDD disk type\n1909043 - OCP + OCS 4.7 Internal - Storage cluster creation throws warning when zone=0 in VMware\n1909067 - Web terminal should keep latest output when connection closes\n1909070 - PLR and TR Logs component is not streaming as fast as tkn\n1909092 - Error Message should not confuse user on Channel form\n1909096 - OCP 4.7+OCS 4.7 - The Requested Cluster Capacity field needs to include the selected capacity in calculation in Review and Create Page\n1909108 - Machine API components should use 1.20 dependencies\n1909116 - Catalog Sort Items dropdown is not aligned on Firefox\n1909198 - Move Sink action option is not working\n1909207 - Accessibility Issue on monitoring page\n1909236 - Remove pinned icon overlap on resource name\n1909249 - Intermittent packet drop from pod to pod\n1909276 - Accessibility Issue on create project modal\n1909289 - oc debug of an init container no longer works\n1909290 - Logging may be broken due to mix of k8s.io/klog v1 and v2\n1909358 - registry.redhat.io/redhat/community-operator-index:latest only have hyperfoil-bundle\n1909453 - Boot disk RAID can corrupt ESP if UEFI firmware writes to it\n1909455 - Boot disk RAID will not boot if the primary disk enumerates but fails I/O\n1909464 - Build operator-registry with golang-1.15\n1909502 - NO_PROXY is not matched between bootstrap and global cluster setting which lead to desired master machineconfig is not found\n1909521 - Add kubevirt cluster type for e2e-test workflow\n1909527 - [IPI Baremetal] After upgrade from 4.6 to 4.7 metal3 pod does not get created\n1909587 - [OCP4] all of the OCP master nodes with soft-anti-affinity run on the same OSP node\n1909610 - Fix available capacity when no storage class selected\n1909678 - scale up / down buttons available on pod details side panel\n1909723 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder \u0026 base images to be consistent with ART\n1909730 - unbound variable error if EXTRA_PKGS_LIST is not defined\n1909739 - Arbiter request data changes\n1909744 - cluster-api-provider-openstack: Bump gophercloud\n1909790 - PipelineBuilder yaml view cannot be used for editing a pipeline\n1909791 - Update standalone kube-proxy config for EndpointSlice\n1909792 - Empty states for some details page subcomponents are not i18ned\n1909815 - Perspective switcher is only half-i18ned\n1909821 - OCS 4.7 LSO installation blocked because of Error \"Invalid value: \"integer\": spec.flexibleScaling in body\n1909836 - operator-install-global Cypress test was failing in OLM as it depends on an operator that isn\u0027t installed in CI\n1909864 - promote-release-openshift-machine-os-content-e2e-aws-4.5 is perm failing\n1909911 - [OVN]EgressFirewall caused a segfault\n1909943 - Upgrade from 4.6 to 4.7 stuck due to write /sys/devices/xxxx/block/sda/queue/scheduler: invalid argument\n1909958 - Support Quick Start Highlights Properly\n1909978 - ignore-volume-az = yes not working on standard storageClass\n1909981 - Improve statement in template select step\n1909992 - Fail to pull the bundle image when using the private index image\n1910024 - Reload issue in latest(4.7) UI code on 4.6 cluster locally in dev\n1910036 - QE - Design Gherkin Scenarios ODC-4504\n1910049 - UPI: ansible-galaxy is not supported\n1910127 - [UPI on oVirt]: Improve UPI Documentation\n1910140 - fix the api dashboard with changes in upstream kube 1.20\n1910160 - If two OperatorConditions include the same deployments they will keep updating the deployment\u0027s containers with the OPERATOR_CONDITION_NAME Environment Variable\n1910165 - DHCP to static lease script doesn\u0027t handle multiple addresses\n1910305 - [Descheduler] - The minKubeVersion should be 1.20.0\n1910409 - Notification drawer is not localized for i18n\n1910459 - Could not provision gcp volume if delete secret gcp-pd-cloud-credentials\n1910492 - KMS details are auto-populated on the screen in next attempt at Storage cluster creation\n1910501 - Installed Operators-\u003eOperand required: Clicking on cancel in Storage cluster page takes back to the Install Operator page\n1910533 - [OVN] It takes about 5 minutes for EgressIP failover to work\n1910581 - library-go: proxy ENV is not injected into csi-driver-controller which lead to storage operator never get ready\n1910666 - Creating a Source Secret from type SSH-Key should use monospace font for better usability\n1910738 - OCP 4.7 Installation fails on VMWare due to 1 worker that is degraded\n1910739 - Redfish-virtualmedia (idrac) deploy fails on \"The Virtual Media image server is already connected\"\n1910753 - Support Directory Path to Devfile\n1910805 - Missing translation for Pipeline status and breadcrumb text\n1910829 - Cannot delete a PVC if the dv\u0027s phase is WaitForFirstConsumer\n1910840 - Show Nonexistent command info in the `oc rollback -h` help page\n1910859 - breadcrumbs doesn\u0027t use last namespace\n1910866 - Unify templates string\n1910870 - Unify template dropdown action\n1911016 - Prometheus unable to mount NFS volumes after upgrading to 4.6\n1911129 - Monitoring charts renders nothing when switching from a Deployment to \"All workloads\"\n1911176 - [MSTR-998] Wrong text shown when hovering on lines of charts in API Performance dashboard\n1911212 - [MSTR-998] API Performance Dashboard \"Period\" drop-down has a choice \"$__auto_interval_period\" which can bring \"1:154: parse error: missing unit character in duration\"\n1911213 - Wrong and misleading warning for VMs that were created manually (not from template)\n1911257 - [aws-c2s] failed to create cluster, kube-cloud-config was not created\n1911269 - waiting for the build message present when build exists\n1911280 - Builder images are not detected for Dotnet, Httpd, NGINX\n1911307 - Pod Scale-up requires extra privileges in OpenShift web-console\n1911381 - \"Select Persistent Volume Claim project\" shows in customize wizard when select a source available template\n1911382 - \"source volumeMode (Block) and target volumeMode (Filesystem) do not match\" shows in VM Error\n1911387 - Hit error - \"Cannot read property \u0027value\u0027 of undefined\" while creating VM from template\n1911408 - [e2e][automation] Add auto-clone cli tests and new flow of VM creation\n1911418 - [v2v] The target storage class name is not displayed if default storage class is used\n1911434 - git ops empty state page displays icon with watermark\n1911443 - SSH Cretifiaction field should be validated\n1911465 - IOPS display wrong unit\n1911474 - Devfile Application Group Does Not Delete Cleanly (errors)\n1911487 - Pruning Deployments should use ReplicaSets instead of ReplicationController\n1911574 - Expose volume mode on Upload Data form\n1911617 - [CNV][UI] Failure to add source to VM template when no default storage class is defined\n1911632 - rpm-ostree command fail due to wrong options when updating ocp-4.6 to 4.7 on worker nodes with rt-kernel\n1911656 - using \u0027operator-sdk run bundle\u0027 to install operator successfully, but the command output said \u0027Failed to run bundle\u0027\u0027\n1911664 - [Negative Test] After deleting metal3 pod, scaling worker stuck on provisioning state\n1911782 - Descheduler should not evict pod used local storage by the PVC\n1911796 - uploading flow being displayed before submitting the form\n1912066 - The ansible type operator\u0027s manager container is not stable when managing the CR\n1912077 - helm operator\u0027s default rbac forbidden\n1912115 - [automation] Analyze job keep failing because of \u0027JavaScript heap out of memory\u0027\n1912237 - Rebase CSI sidecars for 4.7\n1912381 - [e2e][automation] Miss css ID on Create Network Attachment Definition page\n1912409 - Fix flow schema deployment\n1912434 - Update guided tour modal title\n1912522 - DNS Operator e2e test: TestCoreDNSImageUpgrade is fundamentally broken\n1912523 - Standalone pod status not updating in topology graph\n1912536 - Console Plugin CR for console-demo-plugin has wrong apiVersion\n1912558 - TaskRun list and detail screen doesn\u0027t show Pending status\n1912563 - p\u0026f: carry 97206: clean up executing request on panic\n1912565 - OLM macOS local build broken by moby/term dependency\n1912567 - [OCP on RHV] Node becomes to \u0027NotReady\u0027 status when shutdown vm from RHV UI only on the second deletion\n1912577 - 4.1/4.2-\u003e4.3-\u003e...-\u003e 4.7 upgrade is stuck during 4.6-\u003e4.7 with co/openshift-apiserver Degraded, co/network not Available and several other components pods CrashLoopBackOff\n1912590 - publicImageRepository not being populated\n1912640 - Go operator\u0027s controller pods is forbidden\n1912701 - Handle dual-stack configuration for NIC IP\n1912703 - multiple queries can\u0027t be plotted in the same graph under some conditons\n1912730 - Operator backed: In-context should support visual connector if SBO is not installed\n1912828 - Align High Performance VMs with High Performance in RHV-UI\n1912849 - VM from wizard - default flavor does not match the actual flavor set by common templates\n1912852 - VM from wizard - available VM templates - \"storage\" field is \"0 B\"\n1912888 - recycler template should be moved to KCM operator\n1912907 - Helm chart repository index can contain unresolvable relative URL\u0027s\n1912916 - Set external traffic policy to cluster for IBM platform\n1912922 - Explicitly specifying the operator generated default certificate for an ingress controller breaks the ingress controller\n1912938 - Update confirmation modal for quick starts\n1912942 - cluster-storage-operator: proxy ENV is not injected into vsphere-problem-detector deployment\n1912944 - cluster-storage-operator: proxy ENV is not injected into Manila CSI driver operator deployment\n1912945 - aws-ebs-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912946 - gcp-pd-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912947 - openstack-cinder-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912948 - csi-driver-manila-operator: proxy ENV is not injected into the CSI driver\n1912949 - ovirt-csi-driver-operator: proxy ENV is not injected into the CSI driver\n1912977 - rebase upstream static-provisioner\n1913006 - Remove etcd v2 specific alerts with etcd_http* metrics\n1913011 - [OVN] Pod\u0027s external traffic not use egressrouter macvlan ip as a source ip\n1913037 - update static-provisioner base image\n1913047 - baremetal clusteroperator progressing status toggles between true and false when cluster is in a steady state\n1913085 - Regression OLM uses scoped client for CRD installation\n1913096 - backport: cadvisor machine metrics are missing in k8s 1.19\n1913132 - The installation of Openshift Virtualization reports success early before it \u0027s succeeded eventually\n1913154 - Upgrading to 4.6.10 nightly failed with RHEL worker nodes: Failed to find /dev/disk/by-label/root\n1913196 - Guided Tour doesn\u0027t handle resizing of browser\n1913209 - Support modal should be shown for community supported templates\n1913226 - [Migration] The SDN migration rollback failed if customize vxlanPort\n1913249 - update info alert this template is not aditable\n1913285 - VM list empty state should link to virtualization quick starts\n1913289 - Rebase AWS EBS CSI driver for 4.7\n1913292 - OCS 4.7 Installation failed over vmware when arbiter was enabled, as flexibleScaling is also getting enabled\n1913297 - Remove restriction of taints for arbiter node\n1913306 - unnecessary scroll bar is present on quick starts panel\n1913325 - 1.20 rebase for openshift-apiserver\n1913331 - Import from git: Fails to detect Java builder\n1913332 - Pipeline visualization breaks the UI when multiple taskspecs are used\n1913343 - (release-4.7) Added changelog file for insights-operator\n1913356 - (release-4.7) Implemented gathering specific logs from openshift apiserver operator\n1913371 - Missing i18n key \"Administrator\" in namespace \"console-app\" and language \"en.\"\n1913386 - users can see metrics of namespaces for which they don\u0027t have rights when monitoring own services with prometheus user workloads\n1913420 - Time duration setting of resources is not being displayed\n1913536 - 4.6.9 -\u003e 4.7 upgrade hangs. RHEL 7.9 worker stuck on \"error enabling unit: Failed to execute operation: File exists\\\\n\\\"\n1913554 - Recording rule for ingress error fraction SLI is incorrect, uses irate instead of increase\n1913560 - Normal user cannot load template on the new wizard\n1913563 - \"Virtual Machine\" is not on the same line in create button when logged with normal user\n1913567 - Tooltip data should be same for line chart or stacked chart, display data value same as the table\n1913568 - Normal user cannot create template\n1913582 - [Migration]SDN to OVN migration stucks on MCO for rhel worker\n1913585 - Topology descriptive text fixes\n1913608 - Table data contains data value None after change time range in graph and change back\n1913651 - Improved Red Hat image and crashlooping OpenShift pod collection\n1913660 - Change location and text of Pipeline edit flow alert\n1913685 - OS field not disabled when creating a VM from a template\n1913716 - Include additional use of existing libraries\n1913725 - Refactor Insights Operator Plugin states\n1913736 - Regression: fails to deploy computes when using root volumes\n1913747 - Update operator to kubernetes 1.20.1 to pickup upstream fixes\n1913751 - add third-party network plugin test suite to openshift-tests\n1913783 - QE-To fix the merging pr issue, commenting the afterEach() block\n1913807 - Template support badge should not be shown for community supported templates\n1913821 - Need definitive steps about uninstalling descheduler operator\n1913851 - Cluster Tasks are not sorted in pipeline builder\n1913864 - BuildConfig YAML template references ruby ImageStreamTag that no longer exists\n1913951 - Update the Devfile Sample Repo to an Official Repo Host\n1913960 - Cluster Autoscaler should use 1.20 dependencies\n1913969 - Field dependency descriptor can sometimes cause an exception\n1914060 - Disk created from \u0027Import via Registry\u0027 cannot be used as boot disk\n1914066 - [sriov] sriov dp pod crash when delete ovs HW offload policy\n1914090 - Grafana - The resulting dataset is too large to graph (OCS RBD volumes being counted as disks)\n1914119 - vsphere problem detector operator has no permission to update storages.operator.openshift.io instances\n1914125 - Still using /dev/vde as default device path when create localvolume\n1914183 - Empty NAD page is missing link to quickstarts\n1914196 - target port in `from dockerfile` flow does nothing\n1914204 - Creating VM from dev perspective may fail with template not found error\n1914209 - Associate image secret name to pipeline serviceaccount imagePullSecrets\n1914212 - [e2e][automation] Add test to validate bootable disk souce\n1914250 - ovnkube-node fails on master nodes when both DHCPv6 and SLAAC addresses are configured on nodes\n1914284 - Upgrade to OCP 4.6.9 results in cluster-wide DNS and connectivity issues due to bad NetworkPolicy flows\n1914287 - Bring back selfLink\n1914301 - User VM Template source should show the same provider as template itself\n1914303 - linuxptp-daemon is not forwarding ptp4l stderr output to openshift logs\n1914309 - /terminal page when WTO not installed shows nonsensical error\n1914334 - order of getting started samples is arbitrary\n1914343 - [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel] timeout on s390x\n1914349 - Increase and decrease buttons in max and min pods in HPA page has distorted UI\n1914405 - Quick search modal should be opened when coming back from a selection\n1914407 - Its not clear that node-ca is running as non-root\n1914427 - Count of pods on the dashboard is incorrect\n1914439 - Typo in SRIOV port create command example\n1914451 - cluster-storage-operator pod running as root\n1914452 - oc image append, oc image extract outputs wrong suggestion to use --keep-manifest-list=true\n1914642 - Customize Wizard Storage tab does not pass validation\n1914723 - SamplesTBRInaccessibleOnBoot Alert has a misspelling\n1914793 - device names should not be translated\n1914894 - Warn about using non-groupified api version\n1914926 - webdriver-manager pulls incorrect version of ChomeDriver due to a bug\n1914932 - Put correct resource name in relatedObjects\n1914938 - PVC disk is not shown on customization wizard general tab\n1914941 - VM Template rootdisk is not deleted after fetching default disk bus\n1914975 - Collect logs from openshift-sdn namespace\n1915003 - No estimate of average node readiness during lifetime of a cluster\n1915027 - fix MCS blocking iptables rules\n1915041 - s3:ListMultipartUploadParts is relied on implicitly\n1915079 - Canary controller should not periodically rotate the canary route endpoint for performance reasons\n1915080 - Large number of tcp connections with shiftstack ocp cluster in about 24 hours\n1915085 - Pods created and rapidly terminated get stuck\n1915114 - [aws-c2s] worker machines are not create during install\n1915133 - Missing default pinned nav items in dev perspective\n1915176 - Update snapshot API CRDs to v1 in web-console when creating volumesnapshot related resource\n1915187 - Remove the \"Tech preview\" tag in web-console for volumesnapshot\n1915188 - Remove HostSubnet anonymization\n1915200 - [OCP 4.7+ OCS 4.6]Arbiter related Note should not show up during UI deployment\n1915217 - OKD payloads expect to be signed with production keys\n1915220 - Remove dropdown workaround for user settings\n1915235 - Failed to upgrade to 4.7 from 4.6 due to the machine-config failure\n1915262 - When deploying with assisted install the CBO operator is installed and enabled without metal3 pod\n1915277 - [e2e][automation]fix cdi upload form test\n1915295 - [BM][IP][Dualstack] Installation failed - operators report dial tcp 172.30.0.1:443: i/o timeout\n1915304 - Updating scheduling component builder \u0026 base images to be consistent with ART\n1915312 - Prevent schedule Linux openshift-network-diagnostics pod on Windows node\n1915318 - [Metal] bareMetal IPI - cannot interact with toolbox container after first execution only in parallel from different connection\n1915348 - [RFE] linuxptp operator needs to expose the uds_address_socket to be used by an application pod\n1915357 - Dev Catalog doesn\u0027t load anything if virtualization operator is installed\n1915379 - New template wizard should require provider and make support input a dropdown type\n1915408 - Failure in operator-registry kind e2e test\n1915416 - [Descheduler] descheduler evicts pod which does not have any ownerRef or descheduler evict annotation\n1915460 - Cluster name size might affect installations\n1915500 - [aws c2s] kube-controller-manager crash loops trying to fetch the AWS instance\n1915540 - Silent 4.7 RHCOS install failure on ppc64le\n1915579 - [Metal] redhat-support-tool became unavailable after tcpdump usage (BareMetal IPI)\n1915582 - p\u0026f: carry upstream pr 97860\n1915594 - [e2e][automation] Improve test for disk validation\n1915617 - Bump bootimage for various fixes\n1915624 - \"Please fill in the following field: Template provider\" blocks customize wizard\n1915627 - Translate Guided Tour text. \n1915643 - OCP4.6 to 4.7 upgrade failed due to manila csi driver operator sync error\n1915647 - Intermittent White screen when the connector dragged to revision\n1915649 - \"Template support\" pop up is not a warning; checkbox text should be rephrased\n1915654 - [e2e][automation] Add a verification for Afinity modal should hint \"Matching node found\"\n1915661 - Can\u0027t run the \u0027oc adm prune\u0027 command in a pod\n1915672 - Kuryr doesn\u0027t work with selfLink disabled. \n1915674 - Golden image PVC creation - storage size should be taken from the template\n1915685 - Message for not supported template is not clear enough\n1915760 - Need to increase timeout to wait rhel worker get ready\n1915793 - quick starts panel syncs incorrectly across browser windows\n1915798 - oauth connection errors for openshift console pods on an OVNKube OCP 4.7 cluster\n1915818 - vsphere-problem-detector: use \"_totals\" in metrics\n1915828 - Latest Dell firmware (04.40.00.00) fails to install IPI on BM using idrac-virtualmedia protocol\n1915859 - vsphere-problem-detector: does not report ESXi host version nor VM HW version\n1915871 - operator-sdk version in new downstream image should be v1.2.0-ocp not v4.7.0\n1915879 - Pipeline Dashboard tab Rename to Pipeline Metrics\n1915885 - Kuryr doesn\u0027t support workers running on multiple subnets\n1915898 - TaskRun log output shows \"undefined\" in streaming\n1915907 - test/cmd/builds.sh uses docker.io\n1915912 - sig-storage-csi-snapshotter image not available\n1915926 - cluster-api-provider-openstack: Update ose-openstack-machine-controllers builder \u0026 base images to be consistent with ART\n1915929 - A11y Violation: svg-img-alt for time axis of Utilization Card on Cluster Dashboard\n1915939 - Resizing the browser window removes Web Terminal Icon\n1915945 - [sig-scheduling] SchedulerPreemption [Serial] validates basic preemption works [Conformance]\n1915959 - Baremetal cluster operator is included in a ROKS installation of 4.7\n1915962 - ROKS: manifest with machine health check fails to apply in 4.7\n1915972 - Global configuration breadcrumbs do not work as expected\n1915981 - Install ethtool and conntrack in container for debugging\n1915995 - \"Edit RoleBinding Subject\" action under RoleBinding list page kebab actions causes unhandled exception\n1915998 - Installer bootstrap node setting of additional subnets inconsistent with additional security groups\n1916021 - OLM enters infinite loop if Pending CSV replaces itself\n1916056 - Need Visual Web Terminal metric enabled for OCP monitoring telemetry\n1916081 - non-existant should be non-existent in CloudCredentialOperatorTargetNamespaceMissing alert\u0027s annotations\n1916099 - VM creation - customization wizard - user should be allowed to delete and re-create root disk\n1916126 - [e2e][automation] Help fix tests for vm guest-agent and next-run-configuration\n1916145 - Explicitly set minimum versions of python libraries\n1916164 - Update csi-driver-nfs builder \u0026 base images to be consistent with ART\n1916221 - csi-snapshot-controller-operator: bump dependencies for 4.7\n1916271 - Known issues should mention failure to apply soft-anti-affinity to masters beyond the third\n1916363 - [OVN] ovs-configuration.service reports as failed within all nodes using version 4.7.0-fc.2\n1916379 - error metrics from vsphere-problem-detector should be gauge\n1916382 - Can\u0027t create ext4 filesystems with Ignition\n1916384 - 4.5.15 and later cluster-version operator does not sync ClusterVersion status before exiting, leaving \u0027verified: false\u0027 even for verified updates\n1916401 - Deleting an ingress controller with a bad DNS Record hangs\n1916417 - [Kuryr] Must-gather does not have all Custom Resources information\n1916419 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image\n1916454 - teach CCO about upgradeability from 4.6 to 4.7\n1916486 - [OCP RHV] [Docs] Update RHV CSI provisioning section in OCP documenation\n1916502 - Boot disk mirroring fails with mdadm error\n1916524 - Two rootdisk shows on storage step\n1916580 - Default yaml is broken for VM and VM template\n1916621 - oc adm node-logs examples are wrong\n1916642 - [zh_CN] Redundant period in Secrets - Create drop down menu - Key value secret. \n1916692 - Possibly fails to destroy LB and thus cluster\n1916711 - Update Kube dependencies in MCO to 1.20.0\n1916747 - remove links to quick starts if virtualization operator isn\u0027t updated to 2.6\n1916764 - editing a workload with no application applied, will auto fill the app\n1916834 - Pipeline Metrics - Text Updates\n1916843 - collect logs from openshift-sdn-controller pod\n1916853 - cluster will not gracefully recover if openshift-etcd namespace is removed\n1916882 - OCS 4.7 LSO : wizard (Discover disks and create storageclass) does not show zone when topology.kubernetes.io/zone are added manually\n1916888 - OCS wizard Donor chart does not get updated when `Device Type` is edited\n1916938 - Using 4.6 install-config.yaml file with lbFloatingIP results in validation error \"Forbidden: cannot specify lbFloatingIP and apiFloatingIP together\"\n1916949 - ROKS: manifests in openshift-oauth-apiserver ns fails to create with non-existent namespace\n1917101 - [UPI on oVirt] - \u0027RHCOS image\u0027 topic isn\u0027t located in the right place in UPI document\n1917114 - Upgrade from 4.5.9 to 4.7 fails as authentication operator is Degraded due to \u0027\"ProxyConfigController\" controller failed to sync \"key\"\u0027 error\n1917117 - Common templates - disks screen: invalid disk name\n1917124 - Custom template - clone existing PVC - the name of the target VM\u0027s data volume is hard-coded; only one VM can be created\n1917146 - [oVirt] Consume 23-10 ovirt sdk- csi operator\n1917147 - [oVirt] csi operator panics if ovirt-engine suddenly becomes unavailable. \n1917148 - [oVirt] Consume 23-10 ovirt sdk\n1917239 - Monitoring time options overlaps monitoring tab navigation when Quickstart panel is opened\n1917272 - Should update the default minSize to 1Gi when create localvolumeset on web console\n1917303 - [automation][e2e] make kubevirt-plugin gating job mandatory\n1917315 - localvolumeset-local-provisoner-xxx pods are not killed after upgrading from 4.6 to 4.7\n1917327 - annotations.message maybe wrong for NTOPodsNotReady alert\n1917367 - Refactor periodic.go\n1917371 - Add docs on how to use the built-in profiler\n1917372 - Application metrics are shown on Metrics dashboard but not in linked Prometheus UI in OCP management console\n1917395 - pv-pool backing store name restriction should be at 43 characters from the ocs ui\n1917484 - [BM][IPI] Failed to scale down machineset\n1917522 - Deprecate --filter-by-os in oc adm catalog mirror\n1917537 - controllers continuously busy reconciling operator\n1917551 - use min_over_time for vsphere prometheus alerts\n1917585 - OLM Operator install page missing i18n\n1917587 - Manila CSI operator becomes degraded if user doesn\u0027t have permissions to list share types\n1917605 - Deleting an exgw causes pods to no longer route to other exgws\n1917614 - [aws c2s] ingress operator uses unavailable resourcegrouptaggings API\n1917656 - Add to Project/application for eventSources from topology shows 404\n1917658 - Show TP badge for sources powered by camel connectors in create flow\n1917660 - Editing parallelism of job get error info\n1917678 - Could not provision pv when no symlink and target found on rhel worker\n1917679 - Hide double CTA in admin pipelineruns tab\n1917683 - `NodeTextFileCollectorScrapeError` alert in OCP 4.6 cluster. \n1917759 - Console operator panics after setting plugin that does not exists to the console-operator config\n1917765 - ansible-operator version in downstream image should be v1.3.0 not v4.7.0\n1917770 - helm-operator version in downstream image should be v1.3.0 not v4.7.0\n1917799 - Gather s list of names and versions of installed OLM operators\n1917803 - [sig-storage] Pod Disks should be able to delete a non-existent PD without error\n1917814 - Show Broker create option in eventing under admin perspective\n1917838 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types\n1917872 - [oVirt] rebase on latest SDK 2021-01-12\n1917911 - network-tools needs ovnkube-trace binary from ovn-kubernetes image\n1917938 - upgrade version of dnsmasq package\n1917942 - Canary controller causes panic in ingress-operator\n1918019 - Undesired scrollbars in markdown area of QuickStart\n1918068 - Flaky olm integration tests\n1918085 - reversed name of job and namespace in cvo log\n1918112 - Flavor is not editable if a customize VM is created from cli\n1918129 - Update IO sample archive with missing resources \u0026 remove IP anonymization from clusteroperator resources\n1918132 - i18n: Volume Snapshot Contents menu is not translated\n1918133 - [e2e][automation] Fix ocp 4.7 existing tests - part2\n1918140 - Deployment openstack-cinder-csi-driver-controller and openstack-manila-csi-controllerplugin doesn\u0027t be installed on OSP\n1918153 - When `\u0026` character is set as an environment variable in a build config it is getting converted as `\\u0026`\n1918185 - Capitalization on PLR details page\n1918287 - [ovirt] ovirt csi driver is flooding RHV with API calls and spam the event UI with new connections\n1918318 - Kamelet connector\u0027s are not shown in eventing section under Admin perspective\n1918351 - Gather SAP configuration (SCC \u0026 ClusterRoleBinding)\n1918375 - [calico] rbac-proxy container in kube-proxy fails to create tokenreviews\n1918395 - [ovirt] increase livenessProbe period\n1918415 - MCD nil pointer on dropins\n1918438 - [ja_JP, zh_CN] Serverless i18n misses\n1918440 - Kernel Arguments get reapplied even when no new kargs has been added in MachineConfig\n1918471 - CustomNoUpgrade Feature gates are not working correctly\n1918558 - Supermicro nodes boot to PXE upon reboot after successful deployment to disk\n1918622 - Updating ose-jenkins-agent-maven builder \u0026 base images to be consistent with ART\n1918623 - Updating ose-jenkins-agent-nodejs-12 builder \u0026 base images to be consistent with ART\n1918625 - Updating ose-jenkins-agent-nodejs-10 builder \u0026 base images to be consistent with ART\n1918635 - Updating openshift-jenkins-2 builder \u0026 base images to be consistent with ART #1197\n1918639 - Event listener with triggerRef crashes the console\n1918648 - Subscription page doesn\u0027t show InstallPlan correctly\n1918716 - Manilacsi becomes degraded even though it is not available with the underlying Openstack\n1918748 - helmchartrepo is not http(s)_proxy-aware\n1918757 - Consistant fallures of features/project-creation.feature Cypress test in CI\n1918803 - Need dedicated details page w/ global config breadcrumbs for \u0027KnativeServing\u0027 plugin\n1918826 - Insights popover icons are not horizontally aligned\n1918879 - need better debug for bad pull secrets\n1918958 - The default NMstate instance from the operator is incorrect\n1919097 - Close bracket \")\" missing at the end of the sentence in the UI\n1919231 - quick search modal cut off on smaller screens\n1919259 - Make \"Add x\" singular in Pipeline Builder\n1919260 - VM Template list actions should not wrap\n1919271 - NM prepender script doesn\u0027t support systemd-resolved\n1919341 - Updating ose-jenkins-agent-maven builder \u0026 base images to be consistent with ART\n1919360 - Need managed-cluster-info metric enabled for OCP monitoring telemetry\n1919379 - dotnet logo out of date\n1919387 - Console login fails with no error when it can\u0027t write to localStorage\n1919396 - A11y Violation: svg-img-alt on Pod Status ring\n1919407 - OpenStack IPI has three-node control plane limitation, but InstallConfigs aren\u0027t verified\n1919750 - Search InstallPlans got Minified React error\n1919778 - Upgrade is stuck in insights operator Degraded with \"Source clusterconfig could not be retrieved\" until insights operator pod is manually deleted\n1919823 - OCP 4.7 Internationalization Chinese tranlate issue\n1919851 - Visualization does not render when Pipeline \u0026 Task share same name\n1919862 - The tip information for `oc new-project --skip-config-write` is wrong\n1919876 - VM created via customize wizard cannot inherit template\u0027s PVC attributes\n1919877 - Click on KSVC breaks with white screen\n1919879 - The toolbox container name is changed from \u0027toolbox-root\u0027 to \u0027toolbox-\u0027 in a chroot environment\n1919945 - user entered name value overridden by default value when selecting a git repository\n1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference\n1919970 - NTO does not update when the tuned profile is updated. \n1919999 - Bump Cluster Resource Operator Golang Versions\n1920027 - machine-config-operator consistently failing during 4.6 to 4.7 upgrades and clusters do not install successfully with proxy configuration\n1920200 - user-settings network error results in infinite loop of requests\n1920205 - operator-registry e2e tests not working properly\n1920214 - Bump golang to 1.15 in cluster-resource-override-admission\n1920248 - re-running the pipelinerun with pipelinespec crashes the UI\n1920320 - VM template field is \"Not available\" if it\u0027s created from common template\n1920367 - When creating localvolumeset instance from the web console, the title for setting volumeMode is `Disk Mode`\n1920368 - Fix containers creation issue resulting in runc running on Guaranteed Pod CPUs\n1920390 - Monitoring \u003e Metrics graph shifts to the left when clicking the \"Stacked\" option and when toggling data series lines on / off\n1920426 - Egress Router CNI OWNERS file should have ovn-k team members\n1920427 - Need to update `oc login` help page since we don\u0027t support prompt interactively for the username\n1920430 - [V2V] [UI] Browser window becomes empty when running import wizard for the first time\n1920438 - openshift-tuned panics on turning debugging on/off. \n1920445 - e2e-gcp-ovn-upgrade job is actually using openshift-sdn\n1920481 - kuryr-cni pods using unreasonable amount of CPU\n1920509 - wait for port 6443 to be open in the kube-scheduler container; use ss instead of lsof\n1920524 - Topology graph crashes adding Open Data Hub operator\n1920526 - catalog operator causing CPU spikes and bad etcd performance\n1920551 - Boot Order is not editable for Templates in \"openshift\" namespace\n1920555 - bump cluster-resource-override-admission api dependencies\n1920571 - fcp multipath will not recover failed paths automatically\n1920619 - Remove default scheduler profile value\n1920655 - Console should not show the Create Autoscaler link in cluster settings when the CRD is not present\n1920674 - MissingKey errors in bindings namespace\n1920684 - Text in language preferences modal is misleading\n1920695 - CI is broken because of bad image registry reference in the Makefile\n1920756 - update generic-admission-server library to get the system:masters authorization optimization\n1920769 - [Upgrade] OCP upgrade from 4.6.13 to 4.7.0-fc.4 for \"network-check-target\" failed when \"defaultNodeSelector\" is set\n1920771 - i18n: Delete persistent volume claim drop down is not translated\n1920806 - [OVN]Nodes lost network connection after reboot on the vSphere UPI\n1920912 - Unable to power off BMH from console\n1920981 - When OCS was deployed with arbiter mode enable add capacity is increasing the count by \"2\"\n1920984 - [e2e][automation] some menu items names are out dated\n1921013 - Gather PersistentVolume definition (if any) used in image registry config\n1921023 - Do not enable Flexible Scaling to true for Internal mode clusters(revert to 4.6 behavior)\n1921087 - \u0027start next quick start\u0027 link doesn\u0027t work and is unintuitive\n1921088 - test-cmd is failing on volumes.sh pretty consistently\n1921248 - Clarify the kubelet configuration cr description\n1921253 - Text filter default placeholder text not internationalized\n1921258 - User Preferences: Active perspective and project change in the current window when selected in a different window\n1921275 - Panic in authentication-operator in (*deploymentController).updateOperatorDeploymentInfo\n1921277 - Fix Warning and Info log statements to handle arguments\n1921281 - oc get -o yaml --export returns \"error: unknown flag: --export\"\n1921458 - [SDK] Gracefully handle the `run bundle-upgrade` if the lower version operator doesn\u0027t exist\n1921556 - [OCS with Vault]: OCS pods didn\u0027t comeup after deploying with Vault details from UI\n1921572 - For external source (i.e GitHub Source) form view as well shows yaml\n1921580 - [e2e][automation]Test VM detail view actions dropdown does not pass\n1921610 - Pipeline metrics font size inconsistency\n1921644 - [e2e][automation] tests errors with wrong cloudInit new line syntax\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1921655 - [OSP] Incorrect error handling during cloudinfo generation\n1921713 - [e2e][automation] fix failing VM migration tests\n1921762 - Serving and Eventing breadcrumbs should direct users back to tabbed page view\n1921774 - delete application modal errors when a resource cannot be found\n1921806 - Explore page APIResourceLinks aren\u0027t i18ned\n1921823 - CheckBoxControls not internationalized\n1921836 - AccessTableRows don\u0027t internationalize \"User\" or \"Group\"\n1921857 - Test flake when hitting router in e2e tests due to one router not being up to date\n1921880 - Dynamic plugins are not initialized on console load in production mode\n1921911 - Installer PR #4589 is causing leak of IAM role policy bindings\n1921921 - \"Global Configuration\" breadcrumb does not use sentence case\n1921949 - Console bug - source code URL broken for gitlab self-hosted repositories\n1921954 - Subscription-related constraints in ResolutionFailed events are misleading\n1922015 - buttons in modal header are invisible on Safari\n1922021 - Nodes terminal page \u0027Expand\u0027 \u0027Collapse\u0027 button not translated\n1922050 - [e2e][automation] Improve vm clone tests\n1922066 - Cannot create VM from custom template which has extra disk\n1922098 - Namespace selection dialog is not closed after select a namespace\n1922099 - Updated Readme documentation for QE code review and setup\n1922146 - Egress Router CNI doesn\u0027t have logging support. \n1922267 - Collect specific ADFS error\n1922292 - Bump RHCOS boot images for 4.7\n1922454 - CRI-O doesn\u0027t enable pprof by default\n1922473 - reconcile LSO images for 4.8\n1922573 - oc returns an error while using -o jsonpath when there is no resource found in the namespace\n1922782 - Source registry missing docker:// in yaml\n1922907 - Interop UI Tests - step implementation for updating feature files\n1922911 - Page crash when click the \"Stacked\" checkbox after clicking the data series toggle buttons\n1922991 - \"verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build\" test fails on OKD\n1923003 - WebConsole Insights widget showing \"Issues pending\" when the cluster doesn\u0027t report anything\n1923098 - [vsphere-problem-detector-operator] Need permission to access replicasets.apps resources\n1923102 - [vsphere-problem-detector-operator] pod\u0027s version is not correct\n1923245 - [Assisted-4.7] [Staging][Minimal-ISO] nodes fails to boot\n1923674 - k8s 1.20 vendor dependencies\n1923721 - PipelineRun running status icon is not rotating\n1923753 - Increase initialDelaySeconds for ovs-daemons container in the ovs-node daemonset for upgrade scenarios\n1923774 - Docker builds failing for openshift/cluster-resource-override-admission-operator\n1923802 - ci/prow/e2e-aws-olm build failing for openshift/cluster-resource-override-admission-operator\n1923874 - Unable to specify values with % in kubeletconfig\n1923888 - Fixes error metadata gathering\n1923892 - Update arch.md after refactor. \n1923894 - \"installed\" operator status in operatorhub page does not reflect the real status of operator\n1923895 - Changelog generation. \n1923911 - [e2e][automation] Improve tests for vm details page and list filter\n1923945 - PVC Name and Namespace resets when user changes os/flavor/workload\n1923951 - EventSources shows `undefined` in project\n1923973 - Dynamic plugin demo README does not contain info how to enable the ConsolePlugins\n1924046 - Localhost: Refreshing on a Project removes it from nav item urls\n1924078 - Topology quick search View all results footer should be sticky. \n1924081 - NTO should ship the latest Tuned daemon release 2.15\n1924084 - backend tests incorrectly hard-code artifacts dir\n1924128 - [sig-builds][Feature:Builds] verify /run filesystem contents do not have unexpected content using a simple Docker Strategy Build\n1924135 - Under sufficient load, CRI-O may segfault\n1924143 - Code Editor Decorator url is broken for Bitbucket repos\n1924188 - Language selector dropdown doesn\u0027t always pre-select the language\n1924365 - Add extra disk for VM which use boot source PXE\n1924383 - Degraded network operator during upgrade to 4.7.z\n1924387 - [ja_JP][zh_CN] Incorrect warning message for deleting namespace on Delete Pod dialog box. \n1924480 - non cluster admin can not take VM snapshot: An error occurred, cannot set blockOwnerDeletion if an ownerReference refers to a resource you can\u0027t set finalizers on\n1924583 - Deprectaed templates are listed in the Templates screen\n1924870 - pick upstream pr#96901: plumb context with request deadline\n1924955 - Images from Private external registry not working in deploy Image\n1924961 - k8sutil.TrimDNS1123Label creates invalid values\n1924985 - Build egress-router-cni for both RHEL 7 and 8\n1925020 - Console demo plugin deployment image shoult not point to dockerhub\n1925024 - Remove extra validations on kafka source form view net section\n1925039 - [e2e] Fix Test - ID(CNV-5327) Change Custom Flavor while VM is running\n1925072 - NTO needs to ship the current latest stalld v1.7.0\n1925163 - Missing info about dev catalog in boot source template column\n1925200 - Monitoring Alert icon is missing on the workload in Topology view\n1925262 - apiserver getting 2 SIGTERM signals which was immediately making it exit code 1\n1925319 - bash syntax error in configure-ovs.sh script\n1925408 - Remove StatefulSet gatherer and replace it with gathering corresponding config map data\n1925516 - Pipeline Metrics Tooltips are overlapping data\n1925562 - Add new ArgoCD link from GitOps application environments page\n1925596 - Gitops details page image and commit id text overflows past card boundary\n1926556 - \u0027excessive etcd leader changes\u0027 test case failing in serial job because prometheus data is wiped by machine set test\n1926588 - The tarball of operator-sdk is not ready for ocp4.7\n1927456 - 4.7 still points to 4.6 catalog images\n1927500 - API server exits non-zero on 2 SIGTERM signals\n1929278 - Monitoring workloads using too high a priorityclass\n1929645 - Remove openshift:kubevirt-machine-controllers decleration from machine-api\n1929920 - Cluster monitoring documentation link is broken - 404 not found\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-10103\nhttps://access.redhat.com/security/cve/CVE-2018-10105\nhttps://access.redhat.com/security/cve/CVE-2018-14461\nhttps://access.redhat.com/security/cve/CVE-2018-14462\nhttps://access.redhat.com/security/cve/CVE-2018-14463\nhttps://access.redhat.com/security/cve/CVE-2018-14464\nhttps://access.redhat.com/security/cve/CVE-2018-14465\nhttps://access.redhat.com/security/cve/CVE-2018-14466\nhttps://access.redhat.com/security/cve/CVE-2018-14467\nhttps://access.redhat.com/security/cve/CVE-2018-14468\nhttps://access.redhat.com/security/cve/CVE-2018-14469\nhttps://access.redhat.com/security/cve/CVE-2018-14470\nhttps://access.redhat.com/security/cve/CVE-2018-14553\nhttps://access.redhat.com/security/cve/CVE-2018-14879\nhttps://access.redhat.com/security/cve/CVE-2018-14880\nhttps://access.redhat.com/security/cve/CVE-2018-14881\nhttps://access.redhat.com/security/cve/CVE-2018-14882\nhttps://access.redhat.com/security/cve/CVE-2018-16227\nhttps://access.redhat.com/security/cve/CVE-2018-16228\nhttps://access.redhat.com/security/cve/CVE-2018-16229\nhttps://access.redhat.com/security/cve/CVE-2018-16230\nhttps://access.redhat.com/security/cve/CVE-2018-16300\nhttps://access.redhat.com/security/cve/CVE-2018-16451\nhttps://access.redhat.com/security/cve/CVE-2018-16452\nhttps://access.redhat.com/security/cve/CVE-2018-20843\nhttps://access.redhat.com/security/cve/CVE-2019-3884\nhttps://access.redhat.com/security/cve/CVE-2019-5018\nhttps://access.redhat.com/security/cve/CVE-2019-6977\nhttps://access.redhat.com/security/cve/CVE-2019-6978\nhttps://access.redhat.com/security/cve/CVE-2019-8625\nhttps://access.redhat.com/security/cve/CVE-2019-8710\nhttps://access.redhat.com/security/cve/CVE-2019-8720\nhttps://access.redhat.com/security/cve/CVE-2019-8743\nhttps://access.redhat.com/security/cve/CVE-2019-8764\nhttps://access.redhat.com/security/cve/CVE-2019-8766\nhttps://access.redhat.com/security/cve/CVE-2019-8769\nhttps://access.redhat.com/security/cve/CVE-2019-8771\nhttps://access.redhat.com/security/cve/CVE-2019-8782\nhttps://access.redhat.com/security/cve/CVE-2019-8783\nhttps://access.redhat.com/security/cve/CVE-2019-8808\nhttps://access.redhat.com/security/cve/CVE-2019-8811\nhttps://access.redhat.com/security/cve/CVE-2019-8812\nhttps://access.redhat.com/security/cve/CVE-2019-8813\nhttps://access.redhat.com/security/cve/CVE-2019-8814\nhttps://access.redhat.com/security/cve/CVE-2019-8815\nhttps://access.redhat.com/security/cve/CVE-2019-8816\nhttps://access.redhat.com/security/cve/CVE-2019-8819\nhttps://access.redhat.com/security/cve/CVE-2019-8820\nhttps://access.redhat.com/security/cve/CVE-2019-8823\nhttps://access.redhat.com/security/cve/CVE-2019-8835\nhttps://access.redhat.com/security/cve/CVE-2019-8844\nhttps://access.redhat.com/security/cve/CVE-2019-8846\nhttps://access.redhat.com/security/cve/CVE-2019-9455\nhttps://access.redhat.com/security/cve/CVE-2019-9458\nhttps://access.redhat.com/security/cve/CVE-2019-11068\nhttps://access.redhat.com/security/cve/CVE-2019-12614\nhttps://access.redhat.com/security/cve/CVE-2019-13050\nhttps://access.redhat.com/security/cve/CVE-2019-13225\nhttps://access.redhat.com/security/cve/CVE-2019-13627\nhttps://access.redhat.com/security/cve/CVE-2019-14889\nhttps://access.redhat.com/security/cve/CVE-2019-15165\nhttps://access.redhat.com/security/cve/CVE-2019-15166\nhttps://access.redhat.com/security/cve/CVE-2019-15903\nhttps://access.redhat.com/security/cve/CVE-2019-15917\nhttps://access.redhat.com/security/cve/CVE-2019-15925\nhttps://access.redhat.com/security/cve/CVE-2019-16167\nhttps://access.redhat.com/security/cve/CVE-2019-16168\nhttps://access.redhat.com/security/cve/CVE-2019-16231\nhttps://access.redhat.com/security/cve/CVE-2019-16233\nhttps://access.redhat.com/security/cve/CVE-2019-16935\nhttps://access.redhat.com/security/cve/CVE-2019-17450\nhttps://access.redhat.com/security/cve/CVE-2019-17546\nhttps://access.redhat.com/security/cve/CVE-2019-18197\nhttps://access.redhat.com/security/cve/CVE-2019-18808\nhttps://access.redhat.com/security/cve/CVE-2019-18809\nhttps://access.redhat.com/security/cve/CVE-2019-19046\nhttps://access.redhat.com/security/cve/CVE-2019-19056\nhttps://access.redhat.com/security/cve/CVE-2019-19062\nhttps://access.redhat.com/security/cve/CVE-2019-19063\nhttps://access.redhat.com/security/cve/CVE-2019-19068\nhttps://access.redhat.com/security/cve/CVE-2019-19072\nhttps://access.redhat.com/security/cve/CVE-2019-19221\nhttps://access.redhat.com/security/cve/CVE-2019-19319\nhttps://access.redhat.com/security/cve/CVE-2019-19332\nhttps://access.redhat.com/security/cve/CVE-2019-19447\nhttps://access.redhat.com/security/cve/CVE-2019-19524\nhttps://access.redhat.com/security/cve/CVE-2019-19533\nhttps://access.redhat.com/security/cve/CVE-2019-19537\nhttps://access.redhat.com/security/cve/CVE-2019-19543\nhttps://access.redhat.com/security/cve/CVE-2019-19602\nhttps://access.redhat.com/security/cve/CVE-2019-19767\nhttps://access.redhat.com/security/cve/CVE-2019-19770\nhttps://access.redhat.com/security/cve/CVE-2019-19906\nhttps://access.redhat.com/security/cve/CVE-2019-19956\nhttps://access.redhat.com/security/cve/CVE-2019-20054\nhttps://access.redhat.com/security/cve/CVE-2019-20218\nhttps://access.redhat.com/security/cve/CVE-2019-20386\nhttps://access.redhat.com/security/cve/CVE-2019-20387\nhttps://access.redhat.com/security/cve/CVE-2019-20388\nhttps://access.redhat.com/security/cve/CVE-2019-20454\nhttps://access.redhat.com/security/cve/CVE-2019-20636\nhttps://access.redhat.com/security/cve/CVE-2019-20807\nhttps://access.redhat.com/security/cve/CVE-2019-20812\nhttps://access.redhat.com/security/cve/CVE-2019-20907\nhttps://access.redhat.com/security/cve/CVE-2019-20916\nhttps://access.redhat.com/security/cve/CVE-2020-0305\nhttps://access.redhat.com/security/cve/CVE-2020-0444\nhttps://access.redhat.com/security/cve/CVE-2020-1716\nhttps://access.redhat.com/security/cve/CVE-2020-1730\nhttps://access.redhat.com/security/cve/CVE-2020-1751\nhttps://access.redhat.com/security/cve/CVE-2020-1752\nhttps://access.redhat.com/security/cve/CVE-2020-1971\nhttps://access.redhat.com/security/cve/CVE-2020-2574\nhttps://access.redhat.com/security/cve/CVE-2020-2752\nhttps://access.redhat.com/security/cve/CVE-2020-2922\nhttps://access.redhat.com/security/cve/CVE-2020-3862\nhttps://access.redhat.com/security/cve/CVE-2020-3864\nhttps://access.redhat.com/security/cve/CVE-2020-3865\nhttps://access.redhat.com/security/cve/CVE-2020-3867\nhttps://access.redhat.com/security/cve/CVE-2020-3868\nhttps://access.redhat.com/security/cve/CVE-2020-3885\nhttps://access.redhat.com/security/cve/CVE-2020-3894\nhttps://access.redhat.com/security/cve/CVE-2020-3895\nhttps://access.redhat.com/security/cve/CVE-2020-3897\nhttps://access.redhat.com/security/cve/CVE-2020-3898\nhttps://access.redhat.com/security/cve/CVE-2020-3899\nhttps://access.redhat.com/security/cve/CVE-2020-3900\nhttps://access.redhat.com/security/cve/CVE-2020-3901\nhttps://access.redhat.com/security/cve/CVE-2020-3902\nhttps://access.redhat.com/security/cve/CVE-2020-6405\nhttps://access.redhat.com/security/cve/CVE-2020-7595\nhttps://access.redhat.com/security/cve/CVE-2020-7774\nhttps://access.redhat.com/security/cve/CVE-2020-8177\nhttps://access.redhat.com/security/cve/CVE-2020-8492\nhttps://access.redhat.com/security/cve/CVE-2020-8563\nhttps://access.redhat.com/security/cve/CVE-2020-8566\nhttps://access.redhat.com/security/cve/CVE-2020-8619\nhttps://access.redhat.com/security/cve/CVE-2020-8622\nhttps://access.redhat.com/security/cve/CVE-2020-8623\nhttps://access.redhat.com/security/cve/CVE-2020-8624\nhttps://access.redhat.com/security/cve/CVE-2020-8647\nhttps://access.redhat.com/security/cve/CVE-2020-8648\nhttps://access.redhat.com/security/cve/CVE-2020-8649\nhttps://access.redhat.com/security/cve/CVE-2020-9327\nhttps://access.redhat.com/security/cve/CVE-2020-9802\nhttps://access.redhat.com/security/cve/CVE-2020-9803\nhttps://access.redhat.com/security/cve/CVE-2020-9805\nhttps://access.redhat.com/security/cve/CVE-2020-9806\nhttps://access.redhat.com/security/cve/CVE-2020-9807\nhttps://access.redhat.com/security/cve/CVE-2020-9843\nhttps://access.redhat.com/security/cve/CVE-2020-9850\nhttps://access.redhat.com/security/cve/CVE-2020-9862\nhttps://access.redhat.com/security/cve/CVE-2020-9893\nhttps://access.redhat.com/security/cve/CVE-2020-9894\nhttps://access.redhat.com/security/cve/CVE-2020-9895\nhttps://access.redhat.com/security/cve/CVE-2020-9915\nhttps://access.redhat.com/security/cve/CVE-2020-9925\nhttps://access.redhat.com/security/cve/CVE-2020-10018\nhttps://access.redhat.com/security/cve/CVE-2020-10029\nhttps://access.redhat.com/security/cve/CVE-2020-10732\nhttps://access.redhat.com/security/cve/CVE-2020-10749\nhttps://access.redhat.com/security/cve/CVE-2020-10751\nhttps://access.redhat.com/security/cve/CVE-2020-10763\nhttps://access.redhat.com/security/cve/CVE-2020-10773\nhttps://access.redhat.com/security/cve/CVE-2020-10774\nhttps://access.redhat.com/security/cve/CVE-2020-10942\nhttps://access.redhat.com/security/cve/CVE-2020-11565\nhttps://access.redhat.com/security/cve/CVE-2020-11668\nhttps://access.redhat.com/security/cve/CVE-2020-11793\nhttps://access.redhat.com/security/cve/CVE-2020-12465\nhttps://access.redhat.com/security/cve/CVE-2020-12655\nhttps://access.redhat.com/security/cve/CVE-2020-12659\nhttps://access.redhat.com/security/cve/CVE-2020-12770\nhttps://access.redhat.com/security/cve/CVE-2020-12826\nhttps://access.redhat.com/security/cve/CVE-2020-13249\nhttps://access.redhat.com/security/cve/CVE-2020-13630\nhttps://access.redhat.com/security/cve/CVE-2020-13631\nhttps://access.redhat.com/security/cve/CVE-2020-13632\nhttps://access.redhat.com/security/cve/CVE-2020-14019\nhttps://access.redhat.com/security/cve/CVE-2020-14040\nhttps://access.redhat.com/security/cve/CVE-2020-14381\nhttps://access.redhat.com/security/cve/CVE-2020-14382\nhttps://access.redhat.com/security/cve/CVE-2020-14391\nhttps://access.redhat.com/security/cve/CVE-2020-14422\nhttps://access.redhat.com/security/cve/CVE-2020-15157\nhttps://access.redhat.com/security/cve/CVE-2020-15503\nhttps://access.redhat.com/security/cve/CVE-2020-15862\nhttps://access.redhat.com/security/cve/CVE-2020-15999\nhttps://access.redhat.com/security/cve/CVE-2020-16166\nhttps://access.redhat.com/security/cve/CVE-2020-24490\nhttps://access.redhat.com/security/cve/CVE-2020-24659\nhttps://access.redhat.com/security/cve/CVE-2020-25211\nhttps://access.redhat.com/security/cve/CVE-2020-25641\nhttps://access.redhat.com/security/cve/CVE-2020-25658\nhttps://access.redhat.com/security/cve/CVE-2020-25661\nhttps://access.redhat.com/security/cve/CVE-2020-25662\nhttps://access.redhat.com/security/cve/CVE-2020-25681\nhttps://access.redhat.com/security/cve/CVE-2020-25682\nhttps://access.redhat.com/security/cve/CVE-2020-25683\nhttps://access.redhat.com/security/cve/CVE-2020-25684\nhttps://access.redhat.com/security/cve/CVE-2020-25685\nhttps://access.redhat.com/security/cve/CVE-2020-25686\nhttps://access.redhat.com/security/cve/CVE-2020-25687\nhttps://access.redhat.com/security/cve/CVE-2020-25694\nhttps://access.redhat.com/security/cve/CVE-2020-25696\nhttps://access.redhat.com/security/cve/CVE-2020-26160\nhttps://access.redhat.com/security/cve/CVE-2020-27813\nhttps://access.redhat.com/security/cve/CVE-2020-27846\nhttps://access.redhat.com/security/cve/CVE-2020-28362\nhttps://access.redhat.com/security/cve/CVE-2020-29652\nhttps://access.redhat.com/security/cve/CVE-2021-2007\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYDZ+bNzjgjWX9erEAQghXg//awGwjQxJ5LEZWBTdgyuCa8mHEi2rop5T\nlmebolBMNRSbo9gI8LMSHlvIBBFiV4CuFvfxE0AVLNentfzOTH11TxNWe1KQYt4H\nEmcGHPeHWTxKDkvAHtVcWXy9WN3y5d4lHSaq6AR1nHRPcj/k1upyx22kotpnYxN8\n4d49PjFTO3YbmdYpNLVJ9nY8izqUpTfM7YSyj6ANZSlaYc5Z215o6TPo6e3wobf4\nmWu+VfDS0v+/AbGhQhO2sQ7r2ysJ85MB7c62cxck4a51KiA0NKd4xr0TAA4KHnNL\nISHFzi5QYXu+meE+9wYRo1ZjJ5fbPj41+1TJbR6O4CbP0xQiFpcUSipNju3rGSGy\nAe5G/QGT8J7HzOjlKVvY3SFu/odENR6c+xUIr7IB/FBlu7DdPF2XxMZDQD4DKHEk\n4aiDbuiEL3Yf78Ic1RqPPmrj9plIwprVFQz+k3JaQXKD+1dBxO6tk+nVu2/5xNbM\nuR03hrthYYIpdXLSWU4lzq8j3kQ9wZ4j/m2o6/K6eHNl9PyqAG5jfQv9bVf8E3oG\nkrzc/JLvOfHNEQ/oJs/v/DFDmnAxshCCtGWlpLJ5J0pcD3EePsrPNs1QtQurVrMv\nRjfBCWKOij53+BinrMKHdsHxfur7GCFCIQCVaLIv6GUjX2NWI0voIVA8JkrFNNp6\nMcvuEaxco7U=\n=sw8i\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 7) - aarch64, ppc64le, s390x\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1732329 - Virtual Machine is missing documentation of its properties in yaml editor\n1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv\n1791753 - [RFE] [SSP] Template validator should check validations in template\u0027s parent template\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration\n1848956 - KMP requires downtime for CA stabilization during certificate rotation\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1853911 - VM with dot in network name fails to start with unclear message\n1854098 - NodeNetworkState on workers doesn\u0027t have \"status\" key due to nmstate-handler pod failure to run \"nmstatectl show\"\n1856347 - SR-IOV : Missing network name for sriov during vm setup\n1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS\n1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination\n1860714 - No API information from `oc explain`\n1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints\n1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem\n1866593 - CDI is not handling vm disk clone\n1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs\n1868817 - Container-native Virtualization 2.6.0 Images\n1873771 - Improve the VMCreationFailed error message caused by VM low memory\n1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it\n1878499 - DV import doesn\u0027t recover from scratch space PVC deletion\n1879108 - Inconsistent naming of \"oc virt\" command in help text\n1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running\n1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT\n1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability\n1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message\n1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used\n1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied\n1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. \n\nSecurity Fix(es):\n\n* dnsmasq: loose address/port check in reply_query() makes forging replies\neasier for an off-path attacker (CVE-2020-25684)\n\n* dnsmasq: loose query name check in reply_query() makes forging replies\neasier for an off-path attacker (CVE-2020-25685)\n\n* dnsmasq: multiple queries forwarded for the same name makes forging\nreplies easier for an off-path attacker (CVE-2020-25686)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker\n1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker\n1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ndnsmasq-2.76-16.el7_9.1.src.rpm\n\nx86_64:\ndnsmasq-2.76-16.el7_9.1.x86_64.rpm\ndnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\ndnsmasq-2.76-16.el7_9.1.src.rpm\n\nx86_64:\ndnsmasq-2.76-16.el7_9.1.x86_64.rpm\ndnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\ndnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm\ndnsmasq-utils-2.76-16.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ndnsmasq-2.76-16.el7_9.1.src.rpm\n\nppc64:\ndnsmasq-2.76-16.el7_9.1.ppc64.rpm\ndnsmasq-debuginfo-2.76-16.el7_9.1.ppc64.rpm\n\nppc64le:\ndnsmasq-2.76-16.el7_9.1.ppc64le.rpm\ndnsmasq-debuginfo-2.76-16.el7_9.1.ppc64le.rpm\n\ns390x:\ndnsmasq-2.76-16.el7_9.1.s390x.rpm\ndnsmasq-debuginfo-2.76-16.el7_9.1.s390x.rpm\n\nx86_64:\ndnsmasq-2.76-16.el7_9.1.x86_64.rpm\ndnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\ndnsmasq-debuginfo-2.76-16.el7_9.1.ppc64.rpm\ndnsmasq-utils-2.76-16.el7_9.1.ppc64.rpm\n\nppc64le:\ndnsmasq-debuginfo-2.76-16.el7_9.1.ppc64le.rpm\ndnsmasq-utils-2.76-16.el7_9.1.ppc64le.rpm\n\ns390x:\ndnsmasq-debuginfo-2.76-16.el7_9.1.s390x.rpm\ndnsmasq-utils-2.76-16.el7_9.1.s390x.rpm\n\nx86_64:\ndnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm\ndnsmasq-utils-2.76-16.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ndnsmasq-2.76-16.el7_9.1.src.rpm\n\nx86_64:\ndnsmasq-2.76-16.el7_9.1.x86_64.rpm\ndnsmasq-debuginfo-2.76-16.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. 8.1) - aarch64, ppc64le, s390x, x86_64\n\n3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202101-17\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Dnsmasq: Multiple vulnerabilities\n Date: January 22, 2021\n Bugs: #766126\n ID: 202101-17\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Dnsmasq, the worst of which\nmay allow remote attackers to execute arbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-dns/dnsmasq \u003c 2.83 \u003e= 2.83\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Dnsmasq. \n\nImpact\n======\n\nAn attacker, by sending specially crafted DNS replies, could possibly\nexecute arbitrary code with the privileges of the process, perform a\ncache poisoning attack or cause a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Dnsmasq users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-dns/dnsmasq-2.83\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-25681\n https://nvd.nist.gov/vuln/detail/CVE-2020-25681\n[ 2 ] CVE-2020-25682\n https://nvd.nist.gov/vuln/detail/CVE-2020-25682\n[ 3 ] CVE-2020-25683\n https://nvd.nist.gov/vuln/detail/CVE-2020-25683\n[ 4 ] CVE-2020-25684\n https://nvd.nist.gov/vuln/detail/CVE-2020-25684\n[ 5 ] CVE-2020-25685\n https://nvd.nist.gov/vuln/detail/CVE-2020-25685\n[ 6 ] CVE-2020-25686\n https://nvd.nist.gov/vuln/detail/CVE-2020-25686\n[ 7 ] CVE-2020-25687\n https://nvd.nist.gov/vuln/detail/CVE-2020-25687\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202101-17\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25684"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015547"
},
{
"db": "CNVD",
"id": "CNVD-2021-16431"
},
{
"db": "VULMON",
"id": "CVE-2020-25684"
},
{
"db": "PACKETSTORM",
"id": "161281"
},
{
"db": "PACKETSTORM",
"id": "161546"
},
{
"db": "PACKETSTORM",
"id": "161020"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161017"
},
{
"db": "PACKETSTORM",
"id": "161013"
},
{
"db": "PACKETSTORM",
"id": "161085"
},
{
"db": "PACKETSTORM",
"id": "161014"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25684",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU90340376",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015547",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.0231",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2021-16431",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-25684",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161281",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161546",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161020",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161742",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161017",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161013",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161085",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161014",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16431"
},
{
"db": "VULMON",
"id": "CVE-2020-25684"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015547"
},
{
"db": "PACKETSTORM",
"id": "161281"
},
{
"db": "PACKETSTORM",
"id": "161546"
},
{
"db": "PACKETSTORM",
"id": "161020"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161017"
},
{
"db": "PACKETSTORM",
"id": "161013"
},
{
"db": "PACKETSTORM",
"id": "161085"
},
{
"db": "PACKETSTORM",
"id": "161014"
},
{
"db": "NVD",
"id": "CVE-2020-25684"
}
]
},
"id": "VAR-202101-0220",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16431"
}
],
"trust": 0.85396827
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16431"
}
]
},
"last_update_date": "2024-11-29T20:50:56.131000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
},
{
"title": "Patch for Dnsmasq security feature issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/251931"
},
{
"title": "Red Hat: Moderate: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210156 - Security Advisory"
},
{
"title": "Red Hat: Moderate: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210240 - Security Advisory"
},
{
"title": "Red Hat: Moderate: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210245 - Security Advisory"
},
{
"title": "Red Hat: Moderate: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210153 - Security Advisory"
},
{
"title": "Red Hat: Moderate: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210154 - Security Advisory"
},
{
"title": "Red Hat: Moderate: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210155 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Virtualization Host security bug fix and enhancement update [ovirt-4.4.4]",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210401 - Security Advisory"
},
{
"title": "Red Hat: Important: RHV-H security, bug fix, enhancement update (redhat-virtualization-host) 4.3.13",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210395 - Security Advisory"
},
{
"title": "Red Hat: Important: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210151 - Security Advisory"
},
{
"title": "Red Hat: Important: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210150 - Security Advisory"
},
{
"title": "Red Hat: Important: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210152 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-25684 log"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1587",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1587"
},
{
"title": "Debian Security Advisories: DSA-4844-1 dnsmasq -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6bdd82a7af8c0333eca753b3b7b02111"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.4.33 bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210281 - Security Advisory"
},
{
"title": "Cisco: Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-dnsmasq-dns-2021-c5mrdf3g"
},
{
"title": "dnspooq",
"trust": 0.1,
"url": "https://github.com/knqyf263/dnspooq "
},
{
"title": "multironic\nRequirements:\nInstall libvirt and prepare nodes\nhave to check why we need this\nTODO download ironic images later\nPull images\nTag images\nPush images\nrun httpd\nCheck that two vbmcs are running for the two nodes\nPlay with vbmc and ipmitools\nRun management cluster\nFirewall\nLaunch ironic\nrun capm3\nFirewall\nRef",
"trust": 0.1,
"url": "https://github.com/mboukhalfa/multironic "
},
{
"title": "Criminal IP NSE Script",
"trust": 0.1,
"url": "https://github.com/criminalip/CIP-NSE-Script "
},
{
"title": "Intro: What\u0027s pique or repique\n\n\nOverview",
"trust": 0.1,
"url": "https://github.com/AZ-X/pique "
},
{
"title": "https://github.com/klcheung99/CSCM28CW2",
"trust": 0.1,
"url": "https://github.com/klcheung99/CSCM28CW2 "
},
{
"title": "Kaosagnt\u0027s Ansible Everyday Utils",
"trust": 0.1,
"url": "https://github.com/kaosagnt/ansible-everyday "
},
{
"title": "F5\u306e\u8106\u5f31\u6027\u60c5\u5831",
"trust": 0.1,
"url": "https://github.com/DNTYO/F5_Vulnerability "
},
{
"title": "Vulnerability",
"trust": 0.1,
"url": "https://github.com/tzwlhack/Vulnerability "
},
{
"title": "TOP\nTable of Contents\nDonation",
"trust": 0.1,
"url": "https://github.com/JERRY123S/all-poc "
},
{
"title": "SecBooks\nSecBooks\u76ee\u5f55",
"trust": 0.1,
"url": "https://github.com/SexyBeast233/SecBooks "
},
{
"title": "Table of Contents",
"trust": 0.1,
"url": "https://github.com/CVEDB/top "
},
{
"title": "Table of Contents",
"trust": 0.1,
"url": "https://github.com/CVEDB/awesome-cve-repo "
},
{
"title": "TOP\nTable of Contents\nDonation",
"trust": 0.1,
"url": "https://github.com/hktalent/TOP "
},
{
"title": "TOP\nTable of Contents\nDonation",
"trust": 0.1,
"url": "https://github.com/cyberanand1337x/bug-bounty-2022 "
},
{
"title": "TOP\nTable of Contents\nDonation",
"trust": 0.1,
"url": "https://github.com/weeka10/-hktalent-TOP "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000S/PoC-in-GitHub "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2021/01/20/dns_cache_poisoning/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16431"
},
{
"db": "VULMON",
"id": "CVE-2020-25684"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015547"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-358",
"trust": 1.0
},
{
"problemtype": "Improperly implemented security checks (CWE-358) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015547"
},
{
"db": "NVD",
"id": "CVE-2020-25684"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889686"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25684"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202101-17"
},
{
"trust": 1.1,
"url": "https://www.jsof-tech.com/disclosures/dnspooq/"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-4844"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
},
{
"trust": 1.1,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wyw3ir6apuskoykl5ft3actihwhgqy32/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qgb7hl3owhtlepsmldgomxqkg3km2qme/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90340376/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-25685"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-25686"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-25684"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0231/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25686"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25685"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-001"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-25683"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-25682"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-25687"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-25681"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25682"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25687"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25683"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25681"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3156"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8624"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-16300"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14466"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-10105"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9925"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-15166"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9802"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20218"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26160"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-16230"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9895"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8625"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-15165"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14382"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8812"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3899"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8819"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10103"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14467"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14469"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3867"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-16229"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9893"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19221"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8808"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3902"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14465"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14882"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8623"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-16227"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-18197"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1751"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3900"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14461"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14881"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9805"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14464"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8820"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9807"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8769"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8710"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8813"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9850"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14463"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8811"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16228"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14879"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-29652"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16168"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9803"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9862"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24659"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14469"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9327"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10105"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14880"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3885"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17450"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-15503"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16935"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14461"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20916"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-5018"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10018"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14468"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14422"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8835"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8764"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14466"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8844"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3865"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14882"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16452"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3864"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16227"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14464"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16230"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20387"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14391"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-15999"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14468"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14467"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14462"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3862"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14880"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14881"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3901"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16300"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8823"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14462"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1752"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16229"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8622"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3895"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8492"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11793"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9894"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8816"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9843"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-6405"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8771"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-16451"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3897"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-10103"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-16228"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9806"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14463"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8814"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8743"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9915"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8815"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13632"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10029"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16451"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8783"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20807"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13630"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14879"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14470"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14470"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8619"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27813"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14465"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11068"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8766"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13631"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-16452"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8846"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3868"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3894"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8782"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0156"
},
{
"trust": 0.1,
"url": "https://github.com/knqyf263/dnspooq"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2020-25684"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0401"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3156"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19770"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11668"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25662"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24490"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2007"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19072"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8649"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12655"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9458"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13225"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13249"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27846"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20636"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18808"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18809"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14553"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20054"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12826"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15862"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25211"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19602"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10773"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25661"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25641"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6977"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8647"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15917"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16166"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10774"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7774"
},
{
"trust": 0.1,
"url": "https://\u0027"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12659"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20812"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5633"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15157"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6978"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0444"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16233"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25694"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14553"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20386"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2574"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17546"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3884"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10763"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19062"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19046"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14381"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19056"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12770"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19767"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19533"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19537"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2922"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16167"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9455"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11565"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12614"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14019"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19063"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19319"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8563"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10732"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5634"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6829"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12403"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20206"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14351"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14559"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29661"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12400"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0799"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0152"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0151"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16431"
},
{
"db": "VULMON",
"id": "CVE-2020-25684"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015547"
},
{
"db": "PACKETSTORM",
"id": "161281"
},
{
"db": "PACKETSTORM",
"id": "161546"
},
{
"db": "PACKETSTORM",
"id": "161020"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161017"
},
{
"db": "PACKETSTORM",
"id": "161013"
},
{
"db": "PACKETSTORM",
"id": "161085"
},
{
"db": "PACKETSTORM",
"id": "161014"
},
{
"db": "NVD",
"id": "CVE-2020-25684"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-16431"
},
{
"db": "VULMON",
"id": "CVE-2020-25684"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015547"
},
{
"db": "PACKETSTORM",
"id": "161281"
},
{
"db": "PACKETSTORM",
"id": "161546"
},
{
"db": "PACKETSTORM",
"id": "161020"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161017"
},
{
"db": "PACKETSTORM",
"id": "161013"
},
{
"db": "PACKETSTORM",
"id": "161085"
},
{
"db": "PACKETSTORM",
"id": "161014"
},
{
"db": "NVD",
"id": "CVE-2020-25684"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-16431"
},
{
"date": "2021-01-20T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25684"
},
{
"date": "2021-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015547"
},
{
"date": "2021-02-03T16:36:53",
"db": "PACKETSTORM",
"id": "161281"
},
{
"date": "2021-02-25T15:29:25",
"db": "PACKETSTORM",
"id": "161546"
},
{
"date": "2021-01-19T14:46:21",
"db": "PACKETSTORM",
"id": "161020"
},
{
"date": "2021-03-10T16:02:43",
"db": "PACKETSTORM",
"id": "161742"
},
{
"date": "2021-01-19T14:45:56",
"db": "PACKETSTORM",
"id": "161017"
},
{
"date": "2021-01-19T14:45:21",
"db": "PACKETSTORM",
"id": "161013"
},
{
"date": "2021-01-25T14:38:26",
"db": "PACKETSTORM",
"id": "161085"
},
{
"date": "2021-01-19T14:45:29",
"db": "PACKETSTORM",
"id": "161014"
},
{
"date": "2021-01-20T16:15:14.163000",
"db": "NVD",
"id": "CVE-2020-25684"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-16431"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25684"
},
{
"date": "2021-10-04T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2020-015547"
},
{
"date": "2024-11-21T05:18:27.603000",
"db": "NVD",
"id": "CVE-2020-25684"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "161085"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "dnsmasq\u00a0 Security check vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015547"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "161281"
},
{
"db": "PACKETSTORM",
"id": "161013"
},
{
"db": "PACKETSTORM",
"id": "161014"
}
],
"trust": 0.3
}
}
var-202205-1405
Vulnerability from variot
Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Galaxy Kylin desktop operating system is a domestic operating system. There is a binary vulnerability in the Galaxy Kylin desktop operating system, which can be exploited by attackers to cause the program to crash. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-1405",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4974"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010814"
},
{
"db": "NVD",
"id": "CVE-2022-1769"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-1769",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2022-1769",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-422626",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1769",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1769",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-1769",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1769",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1769",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-1769",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-3583",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-422626",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1769",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422626"
},
{
"db": "VULMON",
"id": "CVE-2022-1769"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010814"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3583"
},
{
"db": "NVD",
"id": "CVE-2022-1769"
},
{
"db": "NVD",
"id": "CVE-2022-1769"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Galaxy Kylin desktop operating system is a domestic operating system. There is a binary vulnerability in the Galaxy Kylin desktop operating system, which can be exploited by attackers to cause the program to crash. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1769"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010814"
},
{
"db": "VULHUB",
"id": "VHN-422626"
},
{
"db": "VULMON",
"id": "CVE-2022-1769"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1769",
"trust": 3.6
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010814",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022052522",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3583",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-45460",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-422626",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1769",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422626"
},
{
"db": "VULMON",
"id": "CVE-2022-1769"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010814"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3583"
},
{
"db": "NVD",
"id": "CVE-2022-1769"
}
]
},
"id": "VAR-202205-1405",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-422626"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:28:39.257000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=194285"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1769"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1769"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010814"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3583"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-126",
"trust": 1.1
},
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422626"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010814"
},
{
"db": "NVD",
"id": "CVE-2022-1769"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/522076b2-96cb-4df6-a504-e6e2f64c171c"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/4748c4bd64610cf943a431d215bb1aad51f8d0b4"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfaztat5czc2r6kydya2hbavedsix6mw/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/iupolex5gxc733hl4efymhfu7nisjjzg/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qkix5hykwxwg6qbcpptpq53gnofhsais/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/iupolex5gxc733hl4efymhfu7nisjjzg/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bfaztat5czc2r6kydya2hbavedsix6mw/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qkix5hykwxwg6qbcpptpq53gnofhsais/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/522076b2-96cb-4df6-a504-e6e2f64c171c/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1769/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-out-of-bounds-memory-reading-38414"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052522"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/126.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1628.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422626"
},
{
"db": "VULMON",
"id": "CVE-2022-1769"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010814"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3583"
},
{
"db": "NVD",
"id": "CVE-2022-1769"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-422626"
},
{
"db": "VULMON",
"id": "CVE-2022-1769"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010814"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3583"
},
{
"db": "NVD",
"id": "CVE-2022-1769"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-17T00:00:00",
"db": "VULHUB",
"id": "VHN-422626"
},
{
"date": "2022-05-17T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1769"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010814"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3583"
},
{
"date": "2022-05-17T17:15:08.153000",
"db": "NVD",
"id": "CVE-2022-1769"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-422626"
},
{
"date": "2022-08-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1769"
},
{
"date": "2023-08-17T07:45:00",
"db": "JVNDB",
"id": "JVNDB-2022-010814"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3583"
},
{
"date": "2024-11-21T06:41:25.697000",
"db": "NVD",
"id": "CVE-2022-1769"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3583"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010814"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3583"
}
],
"trust": 0.6
}
}
var-202205-2077
Vulnerability from variot
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-5995-1 April 04, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2345, CVE-2022-2581)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927, CVE-2022-2344)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2946)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2980)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10: vim 2:9.0.0242-1ubuntu1.3 vim-athena 2:9.0.0242-1ubuntu1.3 vim-gtk3 2:9.0.0242-1ubuntu1.3 vim-motif 2:9.0.0242-1ubuntu1.3 vim-nox 2:9.0.0242-1ubuntu1.3 vim-tiny 2:9.0.0242-1ubuntu1.3
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.5 vim-athena 2:8.2.3995-1ubuntu2.5 vim-gtk 2:8.2.3995-1ubuntu2.5 vim-gtk3 2:8.2.3995-1ubuntu2.5 vim-nox 2:8.2.3995-1ubuntu2.5 vim-tiny 2:8.2.3995-1ubuntu2.5
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.13 vim-athena 2:8.1.2269-1ubuntu5.13 vim-gtk 2:8.1.2269-1ubuntu5.13 vim-gtk3 2:8.1.2269-1ubuntu5.13 vim-nox 2:8.1.2269-1ubuntu5.13 vim-tiny 2:8.1.2269-1ubuntu5.13
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.12 vim-athena 2:8.0.1453-1ubuntu1.12 vim-gnome 2:8.0.1453-1ubuntu1.12 vim-gtk 2:8.0.1453-1ubuntu1.12 vim-gtk3 2:8.0.1453-1ubuntu1.12 vim-nox 2:8.0.1453-1ubuntu1.12 vim-tiny 2:8.0.1453-1ubuntu1.12
Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm8 vim-athena 2:7.4.052-1ubuntu3.1+esm8 vim-gnome 2:7.4.052-1ubuntu3.1+esm8 vim-gtk 2:7.4.052-1ubuntu3.1+esm8 vim-nox 2:7.4.052-1ubuntu3.1+esm8 vim-tiny 2:7.4.052-1ubuntu3.1+esm8
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5995-1 CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571, CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980
Package Information: https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3 https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5 https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13 https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-2077",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.5043"
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011769"
},
{
"db": "NVD",
"id": "CVE-2022-1942"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-1942",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1942",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-423661",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1942",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1942",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1942",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1942",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-1942",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-4308",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-423661",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1942",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423661"
},
{
"db": "VULMON",
"id": "CVE-2022-1942"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011769"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4308"
},
{
"db": "NVD",
"id": "CVE-2022-1942"
},
{
"db": "NVD",
"id": "CVE-2022-1942"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. =========================================================================\nUbuntu Security Notice USN-5995-1\nApril 04, 2023\n\nvim vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,\nand Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674,\nCVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851,\nCVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125,\nCVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\nCVE-2022-2304, CVE-2022-2345, CVE-2022-2581)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04\nLTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849,\nCVE-2022-2923)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927,\nCVE-2022-2344)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,\nand Ubuntu 22.10. (CVE-2022-2946)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. \n(CVE-2022-2980)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.10:\n vim 2:9.0.0242-1ubuntu1.3\n vim-athena 2:9.0.0242-1ubuntu1.3\n vim-gtk3 2:9.0.0242-1ubuntu1.3\n vim-motif 2:9.0.0242-1ubuntu1.3\n vim-nox 2:9.0.0242-1ubuntu1.3\n vim-tiny 2:9.0.0242-1ubuntu1.3\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.5\n vim-athena 2:8.2.3995-1ubuntu2.5\n vim-gtk 2:8.2.3995-1ubuntu2.5\n vim-gtk3 2:8.2.3995-1ubuntu2.5\n vim-nox 2:8.2.3995-1ubuntu2.5\n vim-tiny 2:8.2.3995-1ubuntu2.5\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.13\n vim-athena 2:8.1.2269-1ubuntu5.13\n vim-gtk 2:8.1.2269-1ubuntu5.13\n vim-gtk3 2:8.1.2269-1ubuntu5.13\n vim-nox 2:8.1.2269-1ubuntu5.13\n vim-tiny 2:8.1.2269-1ubuntu5.13\n\nUbuntu 18.04 LTS:\n vim 2:8.0.1453-1ubuntu1.12\n vim-athena 2:8.0.1453-1ubuntu1.12\n vim-gnome 2:8.0.1453-1ubuntu1.12\n vim-gtk 2:8.0.1453-1ubuntu1.12\n vim-gtk3 2:8.0.1453-1ubuntu1.12\n vim-nox 2:8.0.1453-1ubuntu1.12\n vim-tiny 2:8.0.1453-1ubuntu1.12\n\nUbuntu 14.04 ESM:\n vim 2:7.4.052-1ubuntu3.1+esm8\n vim-athena 2:7.4.052-1ubuntu3.1+esm8\n vim-gnome 2:7.4.052-1ubuntu3.1+esm8\n vim-gtk 2:7.4.052-1ubuntu3.1+esm8\n vim-nox 2:7.4.052-1ubuntu3.1+esm8\n vim-tiny 2:7.4.052-1ubuntu3.1+esm8\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5995-1\n CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720,\n CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796,\n CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942,\n CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126,\n CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\n CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571,\n CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923,\n CVE-2022-2946, CVE-2022-2980\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3\n https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5\n https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13\n https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1942"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011769"
},
{
"db": "VULHUB",
"id": "VHN-423661"
},
{
"db": "VULMON",
"id": "CVE-2022-1942"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1942",
"trust": 3.7
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011769",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4308",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022070807",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6148",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3347",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-50689",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-423661",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1942",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171681",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423661"
},
{
"db": "VULMON",
"id": "CVE-2022-1942"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011769"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4308"
},
{
"db": "NVD",
"id": "CVE-2022-1942"
}
]
},
"id": "VAR-202205-2077",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-423661"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:17:29.675000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=195410"
},
{
"title": "Ubuntu Security Notice: USN-5507-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5507-1"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1942"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11dbcf77118f7ec64d0ef6c1e3c087e3"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-116",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-116"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1942"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011769"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4308"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423661"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011769"
},
{
"db": "NVD",
"id": "CVE-2022-1942"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/71223e2db87c2bf3b09aecb46266b56cda26191d"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-buflist-getfile-38517"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070807"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6148"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1942/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3347"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5507-1"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1628.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2581"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5995-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423661"
},
{
"db": "VULMON",
"id": "CVE-2022-1942"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011769"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4308"
},
{
"db": "NVD",
"id": "CVE-2022-1942"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-423661"
},
{
"db": "VULMON",
"id": "CVE-2022-1942"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011769"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4308"
},
{
"db": "NVD",
"id": "CVE-2022-1942"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-31T00:00:00",
"db": "VULHUB",
"id": "VHN-423661"
},
{
"date": "2022-05-31T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1942"
},
{
"date": "2023-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011769"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-04-04T12:59:12",
"db": "PACKETSTORM",
"id": "171681"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-05-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-4308"
},
{
"date": "2022-05-31T14:15:07.833000",
"db": "NVD",
"id": "CVE-2022-1942"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-423661"
},
{
"date": "2022-08-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1942"
},
{
"date": "2023-08-24T00:55:00",
"db": "JVNDB",
"id": "JVNDB-2022-011769"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-4308"
},
{
"date": "2024-11-21T06:41:48.150000",
"db": "NVD",
"id": "CVE-2022-1942"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-4308"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011769"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-4308"
}
],
"trust": 0.6
}
}
var-202204-0433
Vulnerability from variot
Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. Apache Subversion SVN There is a vulnerability related to information leakage.Information may be obtained. Apache Subversion is an open source version control system of the Apache Foundation. The system is compatible with the Concurrent Versions System (CVS). ========================================================================== Ubuntu Security Notice USN-5372-1 April 12, 2022
subversion vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Subversion. An attacker could potentially use this issue to retrieve information about private paths. (CVE-2021-28544)
Thomas Wei\xdfschuh discovered that Subversion servers did not properly handle memory in certain configurations. A remote attacker could potentially use this issue to cause a denial of service or other unspecified impact. (CVE-2022-24070)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: libapache2-mod-svn 1.14.1-3ubuntu0.1 libsvn-java 1.14.1-3ubuntu0.1 libsvn-perl 1.14.1-3ubuntu0.1 libsvn1 1.14.1-3ubuntu0.1 python3-subversion 1.14.1-3ubuntu0.1 ruby-svn 1.14.1-3ubuntu0.1 subversion 1.14.1-3ubuntu0.1 subversion-tools 1.14.1-3ubuntu0.1
Ubuntu 20.04 LTS: libapache2-mod-svn 1.13.0-3ubuntu0.1 libsvn-java 1.13.0-3ubuntu0.1 libsvn-perl 1.13.0-3ubuntu0.1 libsvn1 1.13.0-3ubuntu0.1 python-subversion 1.13.0-3ubuntu0.1 ruby-svn 1.13.0-3ubuntu0.1 subversion 1.13.0-3ubuntu0.1 subversion-tools 1.13.0-3ubuntu0.1
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5119-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2022 https://www.debian.org/security/faq
Package : subversion CVE ID : CVE-2021-28544 CVE-2022-24070
Several vulnerabilities were discovered in Subversion, a version control system.
CVE-2022-24070
Thomas Weissschuh reported that Subversion's mod_dav_svn is prone to
a use-after-free vulnerability when looking up path-based
authorization rules, which can result in denial of service (crash of
HTTPD worker handling the request).
For the oldstable distribution (buster), these problems have been fixed in version 1.10.4-1+deb10u3.
For the stable distribution (bullseye), these problems have been fixed in version 1.14.1-3+deb11u1.
We recommend that you upgrade your subversion packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-07-20-2 macOS Monterey 12.5
macOS Monterey 12.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213345.
APFS Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03)
AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32810: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32840: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2022-32845: Mohamed Ghannam (@_simo36)
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: This issue was addressed with improved checks. CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security
Audio Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher
Audio Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32825: John Aakerblom (@jaakerblom)
Automation Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved checks. CVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Calendar Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: The issue was addressed with improved handling of caches. CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security
CoreMedia Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)
CoreText Available for: macOS Monterey Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg)
File System Events Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant
GPU Drivers Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: Multiple out-of-bounds write issues were addressed with improved bounds checking. CVE-2022-32793: an anonymous researcher
GPU Drivers Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-32821: John Aakerblom (@jaakerblom)
iCloud Photo Library Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones
ICU Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-32841: hjy79425575 ImageIO Available for: macOS Monterey Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)
Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2022-32811: ABC Research s.r.o
Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.
Kernel Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32813: Xinru Chi of Pangu Lab CVE-2022-32815: Xinru Chi of Pangu Lab
Kernel Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32817: Xinru Chi of Pangu Lab
Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32829: an anonymous researcher
Liblouis Available for: macOS Monterey Impact: An app may cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)
libxml2 Available for: macOS Monterey Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823
Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: An issue in the handling of environment variables was addressed with improved validation. CVE-2022-32786: Mickey Jin (@patch1t)
PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2022-32800: Mickey Jin (@patch1t)
PluginKit Available for: macOS Monterey Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro
PS Normalizer Available for: macOS Monterey Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz
SMB Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: A user in a privileged network position may be able to leak sensitive information Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)
Software Update Available for: macOS Monterey Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin)
Spindump Available for: macOS Monterey Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed with improved file handling. CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Spotlight Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: This issue was addressed with improved checks. CVE-2022-32801: Joshua Mason (@josh@jhu.edu)
subversion Available for: macOS Monterey Impact: Multiple issues in subversion Description: Multiple issues were addressed by updating subversion. CVE-2021-28544: Evgeny Kotkov, visualsvn.com CVE-2022-24070: Evgeny Kotkov, visualsvn.com CVE-2022-29046: Evgeny Kotkov, visualsvn.com CVE-2022-29048: Evgeny Kotkov, visualsvn.com
TCC Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An access issue was addressed with improvements to the sandbox. CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
WebKit Available for: macOS Monterey Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 239316 CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. WebKit Bugzilla: 240720 CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative
WebRTC Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 242339 CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team
Wi-Fi Available for: macOS Monterey Impact: An app may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks. CVE-2022-32837: Wang Yu of Cyberserval
Wi-Fi Available for: macOS Monterey Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval
Windows Server Available for: macOS Monterey Impact: An app may be able to capture a user’s screen Description: A logic issue was addressed with improved checks. CVE-2022-32848: Jeremy Legendre of MacEnhance
Additional recognition
802.1X We would like to acknowledge Shin Sun of National Taiwan University for their assistance.
AppleMobileFileIntegrity We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
Calendar We would like to acknowledge Joshua Jones for their assistance.
configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
DiskArbitration We would like to acknowledge Mike Cush for their assistance.
macOS Monterey 12.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p rhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b /Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh 6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn Er5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa mcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9 V1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr pfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD TY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q WqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV fz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n DJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg= =ibIr -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0433",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "subversion",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "1.10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "subversion",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.14.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.5"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "subversion",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009518"
},
{
"db": "NVD",
"id": "CVE-2021-28544"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "166704"
},
{
"db": "PACKETSTORM",
"id": "167280"
}
],
"trust": 0.2
},
"cve": "CVE-2021-28544",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CVE-2021-28544",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-388003",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2021-28544",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-28544",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-28544",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-28544",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-2951",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-388003",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2021-28544",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388003"
},
{
"db": "VULMON",
"id": "CVE-2021-28544"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009518"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2951"
},
{
"db": "NVD",
"id": "CVE-2021-28544"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal \u0027copyfrom\u0027 paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the \u0027copyfrom\u0027 path of the original. This also reveals the fact that the node was copied. Only the \u0027copyfrom\u0027 path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. Apache Subversion SVN There is a vulnerability related to information leakage.Information may be obtained. Apache Subversion is an open source version control system of the Apache Foundation. The system is compatible with the Concurrent Versions System (CVS). ==========================================================================\nUbuntu Security Notice USN-5372-1\nApril 12, 2022\n\nsubversion vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Subversion. An attacker could\npotentially use this issue to retrieve information about private paths. \n(CVE-2021-28544)\n\nThomas Wei\\xdfschuh discovered that Subversion servers did not properly handle\nmemory in certain configurations. A remote attacker could potentially use\nthis issue to cause a denial of service or other unspecified impact. \n(CVE-2022-24070)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n libapache2-mod-svn 1.14.1-3ubuntu0.1\n libsvn-java 1.14.1-3ubuntu0.1\n libsvn-perl 1.14.1-3ubuntu0.1\n libsvn1 1.14.1-3ubuntu0.1\n python3-subversion 1.14.1-3ubuntu0.1\n ruby-svn 1.14.1-3ubuntu0.1\n subversion 1.14.1-3ubuntu0.1\n subversion-tools 1.14.1-3ubuntu0.1\n\nUbuntu 20.04 LTS:\n libapache2-mod-svn 1.13.0-3ubuntu0.1\n libsvn-java 1.13.0-3ubuntu0.1\n libsvn-perl 1.13.0-3ubuntu0.1\n libsvn1 1.13.0-3ubuntu0.1\n python-subversion 1.13.0-3ubuntu0.1\n ruby-svn 1.13.0-3ubuntu0.1\n subversion 1.13.0-3ubuntu0.1\n subversion-tools 1.13.0-3ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5119-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nApril 13, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : subversion\nCVE ID : CVE-2021-28544 CVE-2022-24070\n\nSeveral vulnerabilities were discovered in Subversion, a version control\nsystem. \n\nCVE-2022-24070\n\n Thomas Weissschuh reported that Subversion\u0027s mod_dav_svn is prone to\n a use-after-free vulnerability when looking up path-based\n authorization rules, which can result in denial of service (crash of\n HTTPD worker handling the request). \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 1.10.4-1+deb10u3. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.14.1-3+deb11u1. \n\nWe recommend that you upgrade your subversion packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-07-20-2 macOS Monterey 12.5\n\nmacOS Monterey 12.5 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213345. \n\nAPFS\nAvailable for: macOS Monterey\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32832: Tommy Muir (@Muirey03)\n\nAppleMobileFileIntegrity\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32810: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32840: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to break out of its sandbox\nDescription: This issue was addressed with improved checks. \nCVE-2022-32845: Mohamed Ghannam (@_simo36)\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu\nSecurity, Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security\nCVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security\nCVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security\n\nAudio\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-32820: an anonymous researcher\n\nAudio\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32825: John Aakerblom (@jaakerblom)\n\nAutomation\nAvailable for: macOS Monterey\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nCalendar\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security\n\nCoreMedia\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom\n(@jaakerblom)\n\nCoreText\nAvailable for: macOS Monterey\nImpact: A remote user may cause an unexpected app termination or\narbitrary code execution\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\nFile System Events\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32819: Joshua Mason of Mandiant\n\nGPU Drivers\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: Multiple out-of-bounds write issues were addressed with\nimproved bounds checking. \nCVE-2022-32793: an anonymous researcher\n\nGPU Drivers\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\niCloud Photo Library\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2022-32849: Joshua Jones\n\nICU\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may result in\ndisclosure of process memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32841: hjy79425575\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing an image may lead to a denial-of-service\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-32785: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2022-32811: ABC Research s.r.o\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. \n\nKernel\nAvailable for: macOS Monterey\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32813: Xinru Chi of Pangu Lab\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32817: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32829: an anonymous researcher\n\nLiblouis\nAvailable for: macOS Monterey\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: This issue was addressed with improved checks. \nCVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China\n(nipc.org.cn)\n\nlibxml2\nAvailable for: macOS Monterey\nImpact: An app may be able to leak sensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-32823\n\nMulti-Touch\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\nMulti-Touch\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: An issue in the handling of environment variables was\naddressed with improved validation. \nCVE-2022-32786: Mickey Jin (@patch1t)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed with improved checks. \nCVE-2022-32800: Mickey Jin (@patch1t)\n\nPluginKit\nAvailable for: macOS Monterey\nImpact: An app may be able to read arbitrary files\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro\n\nPS Normalizer\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted Postscript file may result\nin unexpected app termination or disclosure of process memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32843: Kai Lu of Zscaler\u0027s ThreatLabz\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A user in a privileged network position may be able to leak\nsensitive information\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)\n\nSoftware Update\nAvailable for: macOS Monterey\nImpact: A user in a privileged network position can track a user\u2019s\nactivity\nDescription: This issue was addressed by using HTTPS when sending\ninformation over the network. \nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\nSpindump\nAvailable for: macOS Monterey\nImpact: An app may be able to overwrite arbitrary files\nDescription: This issue was addressed with improved file handling. \nCVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nSpotlight\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32801: Joshua Mason (@josh@jhu.edu)\n\nsubversion\nAvailable for: macOS Monterey\nImpact: Multiple issues in subversion\nDescription: Multiple issues were addressed by updating subversion. \nCVE-2021-28544: Evgeny Kotkov, visualsvn.com\nCVE-2022-24070: Evgeny Kotkov, visualsvn.com\nCVE-2022-29046: Evgeny Kotkov, visualsvn.com\nCVE-2022-29048: Evgeny Kotkov, visualsvn.com\n\nTCC\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: An access issue was addressed with improvements to the\nsandbox. \nCVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Visiting a website that frames malicious content may lead to\nUI spoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 239316\nCVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nWebKit Bugzilla: 240720\nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero\nDay Initiative\n\nWebRTC\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. \nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 242339\nCVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: An app may be able to cause unexpected system termination or\nwrite kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32837: Wang Yu of Cyberserval\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A remote user may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32847: Wang Yu of Cyberserval\n\nWindows Server\nAvailable for: macOS Monterey\nImpact: An app may be able to capture a user\u2019s screen\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32848: Jeremy Legendre of MacEnhance\n\nAdditional recognition\n\n802.1X\nWe would like to acknowledge Shin Sun of National Taiwan University\nfor their assistance. \n\nAppleMobileFileIntegrity\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a\n(@_r3ggi) of SecuRing for their assistance. \n\nCalendar\nWe would like to acknowledge Joshua Jones for their assistance. \n\nconfigd\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a\n(@_r3ggi) of SecuRing for their assistance. \n\nDiskArbitration\nWe would like to acknowledge Mike Cush for their assistance. \n\nmacOS Monterey 12.5 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p\nrhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b\n/Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh\n6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn\nEr5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa\nmcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9\nV1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr\npfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD\nTY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q\nWqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV\nfz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n\nDJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg=\n=ibIr\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-28544"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009518"
},
{
"db": "VULHUB",
"id": "VHN-388003"
},
{
"db": "VULMON",
"id": "CVE-2021-28544"
},
{
"db": "PACKETSTORM",
"id": "166704"
},
{
"db": "PACKETSTORM",
"id": "169362"
},
{
"db": "PACKETSTORM",
"id": "167280"
},
{
"db": "PACKETSTORM",
"id": "167787"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-28544",
"trust": 3.8
},
{
"db": "PACKETSTORM",
"id": "167787",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167280",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009518",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166704",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.1641",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2639",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3559",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1596",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070708",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052711",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072101",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041263",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041402",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2951",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-38525",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-388003",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-28544",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169362",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388003"
},
{
"db": "VULMON",
"id": "CVE-2021-28544"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009518"
},
{
"db": "PACKETSTORM",
"id": "166704"
},
{
"db": "PACKETSTORM",
"id": "169362"
},
{
"db": "PACKETSTORM",
"id": "167280"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2951"
},
{
"db": "NVD",
"id": "CVE-2021-28544"
}
]
},
"id": "VAR-202204-0433",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-388003"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:06:24.137000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213345",
"trust": 0.8,
"url": "https://subversion.apache.org/security/CVE-2021-28544-advisory.txt"
},
{
"title": "Apache Subversion Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=190229"
},
{
"title": "Ubuntu Security Notice: USN-5372-1: Subversion vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5372-1"
},
{
"title": "Ubuntu Security Notice: USN-5450-1: Subversion vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5450-1"
},
{
"title": "Debian Security Advisories: DSA-5119-1 subversion -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=92807168ef39b4ee91e68837b0467938"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-28544"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-149",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-149"
},
{
"title": "Apple: macOS Monterey 12.5",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=c765c13fa342a7957a4e91e6dc3d34f4"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-28544"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009518"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2951"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
},
{
"problemtype": "information leak (CWE-200) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388003"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009518"
},
{
"db": "NVD",
"id": "CVE-2021-28544"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.debian.org/security/2022/dsa-5119"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/jul/18"
},
{
"trust": 1.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/yjpmcwcgwbn3qwcdvilwqwpc75rr67lt/"
},
{
"trust": 1.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pz4arnglmgybkydx2b7drbnmf6eh3a6r/"
},
{
"trust": 1.8,
"url": "https://subversion.apache.org/security/cve-2021-28544-advisory.txt"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213345"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28544"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/yjpmcwcgwbn3qwcdvilwqwpc75rr67lt/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/pz4arnglmgybkydx2b7drbnmf6eh3a6r/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3559"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1641"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167787/apple-security-advisory-2022-07-20-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1596"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041263"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2639"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072101"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/subversion-information-disclosure-via-copyfrom-paths-38022"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-28544/"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213345"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041402"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166704/ubuntu-security-notice-usn-5372-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167280/ubuntu-security-notice-usn-5450-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070708"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-28544"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052711"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24070"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5372-1"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.14.1-3ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.13.0-3ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/subversion"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.14.1-3ubuntu0.22.04.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5450-1"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2294"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213345."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32792"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29046"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29048"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32793"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26981"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32789"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388003"
},
{
"db": "VULMON",
"id": "CVE-2021-28544"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009518"
},
{
"db": "PACKETSTORM",
"id": "166704"
},
{
"db": "PACKETSTORM",
"id": "169362"
},
{
"db": "PACKETSTORM",
"id": "167280"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2951"
},
{
"db": "NVD",
"id": "CVE-2021-28544"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-388003"
},
{
"db": "VULMON",
"id": "CVE-2021-28544"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009518"
},
{
"db": "PACKETSTORM",
"id": "166704"
},
{
"db": "PACKETSTORM",
"id": "169362"
},
{
"db": "PACKETSTORM",
"id": "167280"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2951"
},
{
"db": "NVD",
"id": "CVE-2021-28544"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-12T00:00:00",
"db": "VULHUB",
"id": "VHN-388003"
},
{
"date": "2022-04-12T00:00:00",
"db": "VULMON",
"id": "CVE-2021-28544"
},
{
"date": "2023-08-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-009518"
},
{
"date": "2022-04-13T15:00:52",
"db": "PACKETSTORM",
"id": "166704"
},
{
"date": "2022-04-28T19:12:00",
"db": "PACKETSTORM",
"id": "169362"
},
{
"date": "2022-05-27T15:37:43",
"db": "PACKETSTORM",
"id": "167280"
},
{
"date": "2022-07-22T16:22:49",
"db": "PACKETSTORM",
"id": "167787"
},
{
"date": "2022-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2951"
},
{
"date": "2022-04-12T18:15:08.250000",
"db": "NVD",
"id": "CVE-2021-28544"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-388003"
},
{
"date": "2023-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-28544"
},
{
"date": "2023-08-07T01:52:00",
"db": "JVNDB",
"id": "JVNDB-2022-009518"
},
{
"date": "2022-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2951"
},
{
"date": "2023-02-11T17:44:50.733000",
"db": "NVD",
"id": "CVE-2021-28544"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "166704"
},
{
"db": "PACKETSTORM",
"id": "167280"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2951"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache\u00a0Subversion\u00a0SVN\u00a0 Vulnerability regarding information leakage in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009518"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2951"
}
],
"trust": 0.6
}
}
var-202104-0328
Vulnerability from variot
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check. curl Contains a spoofing authentication evasion vulnerability.Information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202105-36
https://security.gentoo.org/
Severity: High Title: cURL: Multiple vulnerabilities Date: May 26, 2021 Bugs: #779535, #792192 ID: 202105-36
Synopsis
Multiple vulnerabilities have been found in cURL, the worst of which could result in the arbitrary execution of code.
Background
A command line tool and library for transferring data with URLs.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.77.0 >= 7.77.0
Description
Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All cURL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.77.0"
References
[ 1 ] CVE-2021-22876 https://nvd.nist.gov/vuln/detail/CVE-2021-22876 [ 2 ] CVE-2021-22890 https://nvd.nist.gov/vuln/detail/CVE-2021-22890 [ 3 ] CVE-2021-22898 https://nvd.nist.gov/vuln/detail/CVE-2021-22898 [ 4 ] CVE-2021-22901 https://nvd.nist.gov/vuln/detail/CVE-2021-22901
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202105-36
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 security update Advisory ID: RHSA-2021:2471-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:2471 Issue date: 2021-06-17 CVE Names: CVE-2020-8169 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 CVE-2021-22901 CVE-2021-31618 =====================================================================
- Summary:
Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 8 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
curl: Use-after-free in TLS session handling when using OpenSSL TLS backend (CVE-2021-22901)
-
httpd: NULL pointer dereference on specially crafted HTTP/2 request (CVE-2021-31618)
-
libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)
-
curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284)
-
curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)
-
curl: Inferior OCSP verification (CVE-2020-8286)
-
curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)
-
curl: TLS 1.3 session ticket mix-up with HTTPS proxy host (CVE-2021-22890)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
- Bugs fixed (https://bugzilla.redhat.com/):
1847916 - CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect 1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host 1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used 1906096 - CVE-2020-8286 curl: Inferior OCSP verification 1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1941965 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host 1963146 - CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend 1968013 - CVE-2021-31618 httpd: NULL pointer dereference on specially crafted HTTP/2 request
- References:
https://access.redhat.com/security/cve/CVE-2020-8169 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22890 https://access.redhat.com/security/cve/CVE-2021-22901 https://access.redhat.com/security/cve/CVE-2021-31618 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp&downloadType=securityPatches&version=2.4.37 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.openssl&downloadType=securityPatches&version=1.1.1g https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYMszstzjgjWX9erEAQgW2Q//cZOMa4KOvz7KejR03sHk7m8aMHDRdPDe Ki6PTe99phprmuXNPOCPGFuWDXbdpAlyEx3Elt3Ah+vmpV+K7ThwXGXJkGwb6mol 2xAFvcwxxO6GNsCl8gYW+JTG+5HYLZ/U4q3lgHId9qfzmuRRg0zwOuwZC7y7R6kP 3H1o1WRiIKEA1oHCh3f3OizTrkOcBZsWINsJ2ggW+ZqVeve4PJH55F3JwCJbIuhd kUhe1QQjiANWq4m/+QkTRtIYzahqK+lIubpoU5P+sFosc7ASUGe29ZPC9LsfY4hx 61bSxXbxTv2wcBaUrg/TAxRplQdHRbZe8s8eWhMtDoNHRqujYOiKHUnBgdoY6oLd 3gfAGI3w2NnWRDodGDGXfuDu6hncAukvxqOO/tOnRd2n7/R52ewGCsNKvsf/OHRG 1X7UeD4DJvXiqBNOtPaqOjR3q7xdO5MhYtkvh/8mzvhx5X/CojUWRWmtSdJDhpvQ POl+hJjFqEFTUJk/VGDJ7HsIs5OqeoV0pURP3VvYyBF75xp3aYI8Gfb1wLoqXmp2 iFhSTskqEc42iMvG/Ks5Rb1wQLrJ4RNgxunGofmNQusjgN406aAqvE79a6JUmt/z 7Z6i8Tvy9PGgNtbnalyxbikpA8Qcoxoij2pbIcSNIJXW+mA74QtI3AC4+4m0V90H butyhmDY1nQ= =gsJD -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically. Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- ========================================================================== Ubuntu Security Notice USN-4898-1 March 31, 2021
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
curl could be made to expose sensitive information over the network. A remote attacker could possibly use this issue to obtain sensitive information. A remote attacker in control of an HTTPS proxy could use this issue to bypass certificate checks and intercept communications. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-22890)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: curl 7.68.0-1ubuntu4.3 libcurl3-gnutls 7.68.0-1ubuntu4.3 libcurl3-nss 7.68.0-1ubuntu4.3 libcurl4 7.68.0-1ubuntu4.3
Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.5 libcurl3-gnutls 7.68.0-1ubuntu2.5 libcurl3-nss 7.68.0-1ubuntu2.5 libcurl4 7.68.0-1ubuntu2.5
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.13 libcurl3-gnutls 7.58.0-2ubuntu3.13 libcurl3-nss 7.58.0-2ubuntu3.13 libcurl4 7.58.0-2ubuntu3.13
Ubuntu 16.04 LTS: curl 7.47.0-1ubuntu2.19 libcurl3 7.47.0-1ubuntu2.19 libcurl3-gnutls 7.47.0-1ubuntu2.19 libcurl3-nss 7.47.0-1ubuntu2.19
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4881-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini March 30, 2021 https://www.debian.org/security/faq
Package : curl CVE ID : CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 Debian Bug : 965280 965281 968831 977161 977162 977163
Multiple vulnerabilities were discovered in cURL, an URL transfer library:
CVE-2020-8169
Marek Szlagor reported that libcurl could be tricked into prepending
a part of the password to the host name before it resolves it,
potentially leaking the partial password over the network and to the
DNS server(s).
CVE-2020-8177
sn reported that curl could be tricked by a malicious server into
overwriting a local file when using th -J (--remote-header-name) and
-i (--include) options in the same command line.
CVE-2020-8231
Marc Aldorasi reported that libcurl might use the wrong connection
when an application using libcurl's multi API sets the option
CURLOPT_CONNECT_ONLY, which could lead to information leaks.
CVE-2020-8284
Varnavas Papaioannou reported that a malicious server could use the
PASV response to trick curl into connecting back to an arbitrary IP
address and port, potentially making curl extract information about
services that are otherwise private and not disclosed.
CVE-2020-8285
xnynx reported that libcurl could run out of stack space when using
tha FTP wildcard matching functionality (CURLOPT_CHUNK_BGN_FUNCTION).
CVE-2020-8286
It was reported that libcurl didn't verify that an OCSP response
actually matches the certificate it is intended to.
CVE-2021-22876
Viktor Szakats reported that libcurl does not strip off user
credentials from the URL when automatically populating the Referer
HTTP request header field in outgoing HTTP requests.
For the stable distribution (buster), these problems have been fixed in version 7.64.0-4+deb10u2.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAmBkQCoACgkQbwzL4CFi Ryg6Gg/+LqhhJ8+D7skevVkYzxHzdH2yT/XMeoYp0D37yHmEfH9PyjXwfplG+XEw /xwFRBK8qxD1ja+rQddYyeTvi1OMnMgMS3UsRHlfeMnLxh2+oHnvHDYG848npUEZ Rq4YFoc/n9YTAJZP/G4oiuBeXqH2Sqa5hSNT6VrYfRciCxkYnzA78b85KpI8aYyR lhfiJMNpwrqDbt/QzblpELBkGMIV402VeiqDwHfcVzm2E810xXQNLvPMbWtvDYkA TSrNsdqfuFr1tuQSZY6CGSWEyXtB/tOo8+pvUixlJMBWJMl5TXEcJkD5ckehx0yb C3n9yapfklxHiG9lD4zwwIJDqd3Y4SxdDiSlUC4OhdvpwniMygX0S3ICaPA4iac/ cWanml0Fop3OmRy+vQURTd3sADoT5HoRSUXZVU+HdTrRaEt2xs5okZkWSd3yr4Ux i+HgjUAFkkk8DLRB68Bbpx1LGxFGQT7L8yd4wsWINXlzASIP1A5dnNfE5w0VWOHG 3KDq47wNfjuiZC8GXW+HQCxz5MijnS8Y/Egl0OozNFDwEitNBZEsIjpZaZBdZIwi UFfcK7+u/y/TRY54rA4erkdcHFwpYW5EZVGdb7Z+WPWVlzw0ImXrM68LSAhHQaqW 1Hx4VwwwTsMIPnrx2kriRiiDPOW1r5Kip3yHa+QZLedSRGibQWk= =001T -----END PGP SIGNATURE-----
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"_id": null,
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"_id": null,
"model": "essbase",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.2"
},
{
"_id": null,
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"_id": null,
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"_id": null,
"model": "libcurl",
"scope": "lte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.75.0"
},
{
"_id": null,
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "libcurl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.63.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"_id": null,
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"_id": null,
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"_id": null,
"model": "fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"_id": null,
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"_id": null,
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "jp1/automatic job management system 3",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": "- agent"
},
{
"_id": null,
"model": "fabric operating system",
"scope": null,
"trust": 0.8,
"vendor": "broadcom",
"version": null
},
{
"_id": null,
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"_id": null,
"model": "jp1/automatic job management system 3",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": "- agent minimal edition"
},
{
"_id": null,
"model": "jp1/automatic job management system 3",
"scope": "eq",
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": "- manager"
},
{
"_id": null,
"model": "hci management node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "libcurl",
"scope": null,
"trust": 0.8,
"vendor": "haxx",
"version": null
},
{
"_id": null,
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"_id": null,
"model": "solidfire",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "hci storage node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002808"
},
{
"db": "NVD",
"id": "CVE-2021-22890"
}
]
},
"credits": {
"_id": null,
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "162037"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1709"
}
],
"trust": 0.7
},
"cve": "CVE-2021-22890",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-22890",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2021-22890",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.7,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-22890",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22890",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2021-22890",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1709",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2021-22890",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22890"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002808"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1709"
},
{
"db": "NVD",
"id": "CVE-2021-22890"
}
]
},
"description": {
"_id": null,
"data": "curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly \"short-cut\" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check. curl Contains a spoofing authentication evasion vulnerability.Information may be tampered with. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202105-36\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: cURL: Multiple vulnerabilities\n Date: May 26, 2021\n Bugs: #779535, #792192\n ID: 202105-36\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in cURL, the worst of which\ncould result in the arbitrary execution of code. \n\nBackground\n==========\n\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl \u003c 7.77.0 \u003e= 7.77.0\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in cURL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll cURL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.77.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2021-22876\n https://nvd.nist.gov/vuln/detail/CVE-2021-22876\n[ 2 ] CVE-2021-22890\n https://nvd.nist.gov/vuln/detail/CVE-2021-22890\n[ 3 ] CVE-2021-22898\n https://nvd.nist.gov/vuln/detail/CVE-2021-22898\n[ 4 ] CVE-2021-22901\n https://nvd.nist.gov/vuln/detail/CVE-2021-22901\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202105-36\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 security update\nAdvisory ID: RHSA-2021:2471-01\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2471\nIssue date: 2021-06-17\nCVE Names: CVE-2020-8169 CVE-2020-8284 CVE-2020-8285 \n CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 \n CVE-2021-22901 CVE-2021-31618 \n=====================================================================\n\n1. Summary:\n\nRed Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 8 zip\nrelease for RHEL 7, RHEL 8 and Microsoft Windows is available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages\nthat are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.37 Service Pack 7 and includes bug fixes and\nenhancements. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* curl: Use-after-free in TLS session handling when using OpenSSL TLS\nbackend (CVE-2021-22901)\n\n* httpd: NULL pointer dereference on specially crafted HTTP/2 request\n(CVE-2021-31618)\n\n* libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)\n\n* curl: FTP PASV command response can cause curl to connect to arbitrary\nhost (CVE-2020-8284)\n\n* curl: Malicious FTP server can trigger stack overflow when\nCURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)\n\n* curl: Inferior OCSP verification (CVE-2020-8286)\n\n* curl: Leak of authentication credentials in URL via automatic Referer\n(CVE-2021-22876)\n\n* curl: TLS 1.3 session ticket mix-up with HTTPS proxy host\n(CVE-2021-22890)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1847916 - CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect\n1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host\n1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used\n1906096 - CVE-2020-8286 curl: Inferior OCSP verification\n1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer\n1941965 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host\n1963146 - CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend\n1968013 - CVE-2021-31618 httpd: NULL pointer dereference on specially crafted HTTP/2 request\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-8169\nhttps://access.redhat.com/security/cve/CVE-2020-8284\nhttps://access.redhat.com/security/cve/CVE-2020-8285\nhttps://access.redhat.com/security/cve/CVE-2020-8286\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22890\nhttps://access.redhat.com/security/cve/CVE-2021-22901\nhttps://access.redhat.com/security/cve/CVE-2021-31618\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.37\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.openssl\u0026downloadType=securityPatches\u0026version=1.1.1g\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYMszstzjgjWX9erEAQgW2Q//cZOMa4KOvz7KejR03sHk7m8aMHDRdPDe\nKi6PTe99phprmuXNPOCPGFuWDXbdpAlyEx3Elt3Ah+vmpV+K7ThwXGXJkGwb6mol\n2xAFvcwxxO6GNsCl8gYW+JTG+5HYLZ/U4q3lgHId9qfzmuRRg0zwOuwZC7y7R6kP\n3H1o1WRiIKEA1oHCh3f3OizTrkOcBZsWINsJ2ggW+ZqVeve4PJH55F3JwCJbIuhd\nkUhe1QQjiANWq4m/+QkTRtIYzahqK+lIubpoU5P+sFosc7ASUGe29ZPC9LsfY4hx\n61bSxXbxTv2wcBaUrg/TAxRplQdHRbZe8s8eWhMtDoNHRqujYOiKHUnBgdoY6oLd\n3gfAGI3w2NnWRDodGDGXfuDu6hncAukvxqOO/tOnRd2n7/R52ewGCsNKvsf/OHRG\n1X7UeD4DJvXiqBNOtPaqOjR3q7xdO5MhYtkvh/8mzvhx5X/CojUWRWmtSdJDhpvQ\nPOl+hJjFqEFTUJk/VGDJ7HsIs5OqeoV0pURP3VvYyBF75xp3aYI8Gfb1wLoqXmp2\niFhSTskqEc42iMvG/Ks5Rb1wQLrJ4RNgxunGofmNQusjgN406aAqvE79a6JUmt/z\n7Z6i8Tvy9PGgNtbnalyxbikpA8Qcoxoij2pbIcSNIJXW+mA74QtI3AC4+4m0V90H\nbutyhmDY1nQ=\n=gsJD\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Applications using the APR libraries, such as httpd, must be\nrestarted for this update to take effect. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. ==========================================================================\nUbuntu Security Notice USN-4898-1\nMarch 31, 2021\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\ncurl could be made to expose sensitive information over the network. A remote attacker could possibly use this\nissue to obtain sensitive information. A remote attacker in control of an HTTPS proxy could\nuse this issue to bypass certificate checks and intercept communications. \nThis issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. \n(CVE-2021-22890)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n curl 7.68.0-1ubuntu4.3\n libcurl3-gnutls 7.68.0-1ubuntu4.3\n libcurl3-nss 7.68.0-1ubuntu4.3\n libcurl4 7.68.0-1ubuntu4.3\n\nUbuntu 20.04 LTS:\n curl 7.68.0-1ubuntu2.5\n libcurl3-gnutls 7.68.0-1ubuntu2.5\n libcurl3-nss 7.68.0-1ubuntu2.5\n libcurl4 7.68.0-1ubuntu2.5\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.13\n libcurl3-gnutls 7.58.0-2ubuntu3.13\n libcurl3-nss 7.58.0-2ubuntu3.13\n libcurl4 7.58.0-2ubuntu3.13\n\nUbuntu 16.04 LTS:\n curl 7.47.0-1ubuntu2.19\n libcurl3 7.47.0-1ubuntu2.19\n libcurl3-gnutls 7.47.0-1ubuntu2.19\n libcurl3-nss 7.47.0-1ubuntu2.19\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4881-1 security@debian.org\nhttps://www.debian.org/security/ Alessandro Ghedini\nMarch 30, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : curl\nCVE ID : CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 \n CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890\nDebian Bug : 965280 965281 968831 977161 977162 977163\n\nMultiple vulnerabilities were discovered in cURL, an URL transfer library:\n\nCVE-2020-8169\n\n Marek Szlagor reported that libcurl could be tricked into prepending\n a part of the password to the host name before it resolves it,\n potentially leaking the partial password over the network and to the\n DNS server(s). \n\nCVE-2020-8177\n\n sn reported that curl could be tricked by a malicious server into\n overwriting a local file when using th -J (--remote-header-name) and\n -i (--include) options in the same command line. \n\nCVE-2020-8231\n\n Marc Aldorasi reported that libcurl might use the wrong connection\n when an application using libcurl\u0027s multi API sets the option\n CURLOPT_CONNECT_ONLY, which could lead to information leaks. \n\nCVE-2020-8284\n\n Varnavas Papaioannou reported that a malicious server could use the\n PASV response to trick curl into connecting back to an arbitrary IP\n address and port, potentially making curl extract information about\n services that are otherwise private and not disclosed. \n\nCVE-2020-8285\n\n xnynx reported that libcurl could run out of stack space when using\n tha FTP wildcard matching functionality (CURLOPT_CHUNK_BGN_FUNCTION). \n\nCVE-2020-8286\n\n It was reported that libcurl didn\u0027t verify that an OCSP response\n actually matches the certificate it is intended to. \n\nCVE-2021-22876\n\n Viktor Szakats reported that libcurl does not strip off user\n credentials from the URL when automatically populating the Referer\n HTTP request header field in outgoing HTTP requests. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.64.0-4+deb10u2. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAmBkQCoACgkQbwzL4CFi\nRyg6Gg/+LqhhJ8+D7skevVkYzxHzdH2yT/XMeoYp0D37yHmEfH9PyjXwfplG+XEw\n/xwFRBK8qxD1ja+rQddYyeTvi1OMnMgMS3UsRHlfeMnLxh2+oHnvHDYG848npUEZ\nRq4YFoc/n9YTAJZP/G4oiuBeXqH2Sqa5hSNT6VrYfRciCxkYnzA78b85KpI8aYyR\nlhfiJMNpwrqDbt/QzblpELBkGMIV402VeiqDwHfcVzm2E810xXQNLvPMbWtvDYkA\nTSrNsdqfuFr1tuQSZY6CGSWEyXtB/tOo8+pvUixlJMBWJMl5TXEcJkD5ckehx0yb\nC3n9yapfklxHiG9lD4zwwIJDqd3Y4SxdDiSlUC4OhdvpwniMygX0S3ICaPA4iac/\ncWanml0Fop3OmRy+vQURTd3sADoT5HoRSUXZVU+HdTrRaEt2xs5okZkWSd3yr4Ux\ni+HgjUAFkkk8DLRB68Bbpx1LGxFGQT7L8yd4wsWINXlzASIP1A5dnNfE5w0VWOHG\n3KDq47wNfjuiZC8GXW+HQCxz5MijnS8Y/Egl0OozNFDwEitNBZEsIjpZaZBdZIwi\nUFfcK7+u/y/TRY54rA4erkdcHFwpYW5EZVGdb7Z+WPWVlzw0ImXrM68LSAhHQaqW\n1Hx4VwwwTsMIPnrx2kriRiiDPOW1r5Kip3yHa+QZLedSRGibQWk=\n=001T\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22890"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002808"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-22890"
},
{
"db": "PACKETSTORM",
"id": "162817"
},
{
"db": "PACKETSTORM",
"id": "163193"
},
{
"db": "PACKETSTORM",
"id": "163197"
},
{
"db": "PACKETSTORM",
"id": "162037"
},
{
"db": "PACKETSTORM",
"id": "169015"
}
],
"trust": 2.7
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-22890",
"trust": 3.0
},
{
"db": "HACKERONE",
"id": "1129529",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002808",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162817",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163193",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162037",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1129",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2168",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1114",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3146",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1118",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052711",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062142",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031104",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1709",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-069-09",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-22890",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163197",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169015",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22890"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002808"
},
{
"db": "PACKETSTORM",
"id": "162817"
},
{
"db": "PACKETSTORM",
"id": "163193"
},
{
"db": "PACKETSTORM",
"id": "163197"
},
{
"db": "PACKETSTORM",
"id": "162037"
},
{
"db": "PACKETSTORM",
"id": "169015"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1709"
},
{
"db": "NVD",
"id": "CVE-2021-22890"
}
]
},
"id": "VAR-202104-0328",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.625
},
"last_update_date": "2024-11-23T20:28:36.378000Z",
"patch": {
"_id": null,
"data": [
{
"title": "hitachi-sec-2021-132",
"trust": 0.8,
"url": "https://www.broadcom.com/"
},
{
"title": "HAXX libcurl Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=145993"
},
{
"title": "Debian CVElist Bug Report Logs: curl: CVE-2021-22890",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=070f9241d84352ce262145cf1828f6f7"
},
{
"title": "Red Hat: CVE-2021-22890",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-22890"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-22890 log"
},
{
"title": "Hitachi Security Advisories: Vulnerability in JP1/Automatic Job Management System 3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-132"
},
{
"title": "Debian Security Advisories: DSA-4881-1 curl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a9706a30f62799ecc4d45bdb53c244eb"
},
{
"title": "Brocade Security Advisories: Access Denied",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=b1e904198be8e0726ebde78ffc5fac9a"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "clair-client",
"trust": 0.1,
"url": "https://github.com/indece-official/clair-client "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22890"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002808"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1709"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-300",
"trust": 1.0
},
{
"problemtype": "CWE-290",
"trust": 1.0
},
{
"problemtype": "Avoid authentication by spoofing (CWE-290) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002808"
},
{
"db": "NVD",
"id": "CVE-2021-22890"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22890"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202105-36"
},
{
"trust": 1.7,
"url": "https://hackerone.com/reports/1129529"
},
{
"trust": 1.7,
"url": "https://curl.se/docs/cve-2021-22890.html"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210521-0007/"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/itvwpvglfisu5bjc2bxbrysdxtxe2ygc/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kquioyx2kuu6fiuzvb5wwz6jhssysqwj/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2zc5bmioklbqjsfchedn2g2c2sh274bp/"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-22890"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2zc5bmioklbqjsfchedn2g2c2sh274bp/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/itvwpvglfisu5bjc2bxbrysdxtxe2ygc/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/kquioyx2kuu6fiuzvb5wwz6jhssysqwj/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162037/ubuntu-security-notice-usn-4898-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-identified-and-remediated-in-the-ibm-maas360-cloud-extender-v2-103-000-051-and-modules/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163193/red-hat-security-advisory-2021-2471-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162817/gentoo-linux-security-advisory-202105-36.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052711"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1118"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1129"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3146"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/libcurl-man-in-the-middle-via-tls-1-3-session-ticket-proxy-host-mixup-34978"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1114"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-affect-powersc-cve-2021-22876-and-cve-2021-22890/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2168"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062142"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031104"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22901"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8169"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22901"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-31618"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31618"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8169"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/290.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986270"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.37"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.openssl\u0026downloadtype=securitypatches\u0026version=1.1.1g"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2471"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2472"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4898-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.19"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.13"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8177"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22890"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002808"
},
{
"db": "PACKETSTORM",
"id": "162817"
},
{
"db": "PACKETSTORM",
"id": "163193"
},
{
"db": "PACKETSTORM",
"id": "163197"
},
{
"db": "PACKETSTORM",
"id": "162037"
},
{
"db": "PACKETSTORM",
"id": "169015"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1709"
},
{
"db": "NVD",
"id": "CVE-2021-22890"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2021-22890",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002808",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "162817",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163193",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163197",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "162037",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169015",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1709",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-22890",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-04-01T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22890",
"ident": null
},
{
"date": "2021-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002808",
"ident": null
},
{
"date": "2021-05-26T17:36:11",
"db": "PACKETSTORM",
"id": "162817",
"ident": null
},
{
"date": "2021-06-17T18:01:23",
"db": "PACKETSTORM",
"id": "163193",
"ident": null
},
{
"date": "2021-06-17T18:09:26",
"db": "PACKETSTORM",
"id": "163197",
"ident": null
},
{
"date": "2021-03-31T14:30:52",
"db": "PACKETSTORM",
"id": "162037",
"ident": null
},
{
"date": "2021-03-28T19:12:00",
"db": "PACKETSTORM",
"id": "169015",
"ident": null
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975",
"ident": null
},
{
"date": "2021-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1709",
"ident": null
},
{
"date": "2021-04-01T18:15:12.917000",
"db": "NVD",
"id": "CVE-2021-22890",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22890",
"ident": null
},
{
"date": "2021-10-05T05:56:00",
"db": "JVNDB",
"id": "JVNDB-2021-002808",
"ident": null
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975",
"ident": null
},
{
"date": "2023-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1709",
"ident": null
},
{
"date": "2024-11-21T05:50:51.007000",
"db": "NVD",
"id": "CVE-2021-22890",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "162037"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1709"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "curl\u00a0 Spoofing Authentication Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002808"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1709"
}
],
"trust": 1.2
}
}
var-201407-0138
Vulnerability from variot
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. CUPS is prone to a local privilege-escalation vulnerability. An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Other attacks may also be possible. An attacker with local access could potentially exploit this issue to gain elevated privileges. Versions prior to CUPS 1.7.4 are vulnerable. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: cups security and bug fix update Advisory ID: RHSA-2014:1388-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1388.html Issue date: 2014-10-14 CVE Names: CVE-2014-2856 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 =====================================================================
- Summary:
Updated cups packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. (CVE-2014-2856)
It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. (CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031)
The CVE-2014-3537 issue was discovered by Francisco Alonso of Red Hat Product Security.
These updated cups packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes.
All cups users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
978387 - Bad IPP responses with version 2.0 (collection handling bug) 1012482 - /etc/cron.daily/cups breaks rule GEN003080 in Red Hat security guide 1087122 - CVE-2014-2856 cups: cross-site scripting flaw fixed in the 1.7.2 release 1115576 - CVE-2014-3537 cups: insufficient checking leads to privilege escalation 1122600 - CVE-2014-5029 cups: Incomplete fix for CVE-2014-3537 1128764 - CVE-2014-5030 cups: allows local users to read arbitrary files via a symlink attack 1128767 - CVE-2014-5031 cups: world-readable permissions
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: cups-1.4.2-67.el6.src.rpm
i386: cups-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-lpd-1.4.2-67.el6.i686.rpm
x86_64: cups-1.4.2-67.el6.x86_64.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.x86_64.rpm cups-lpd-1.4.2-67.el6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-php-1.4.2-67.el6.i686.rpm
x86_64: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.x86_64.rpm cups-php-1.4.2-67.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: cups-1.4.2-67.el6.src.rpm
x86_64: cups-1.4.2-67.el6.x86_64.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.x86_64.rpm cups-lpd-1.4.2-67.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.x86_64.rpm cups-php-1.4.2-67.el6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: cups-1.4.2-67.el6.src.rpm
i386: cups-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-lpd-1.4.2-67.el6.i686.rpm
ppc64: cups-1.4.2-67.el6.ppc64.rpm cups-debuginfo-1.4.2-67.el6.ppc.rpm cups-debuginfo-1.4.2-67.el6.ppc64.rpm cups-devel-1.4.2-67.el6.ppc.rpm cups-devel-1.4.2-67.el6.ppc64.rpm cups-libs-1.4.2-67.el6.ppc.rpm cups-libs-1.4.2-67.el6.ppc64.rpm cups-lpd-1.4.2-67.el6.ppc64.rpm
s390x: cups-1.4.2-67.el6.s390x.rpm cups-debuginfo-1.4.2-67.el6.s390.rpm cups-debuginfo-1.4.2-67.el6.s390x.rpm cups-devel-1.4.2-67.el6.s390.rpm cups-devel-1.4.2-67.el6.s390x.rpm cups-libs-1.4.2-67.el6.s390.rpm cups-libs-1.4.2-67.el6.s390x.rpm cups-lpd-1.4.2-67.el6.s390x.rpm
x86_64: cups-1.4.2-67.el6.x86_64.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.x86_64.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.x86_64.rpm cups-lpd-1.4.2-67.el6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-php-1.4.2-67.el6.i686.rpm
ppc64: cups-debuginfo-1.4.2-67.el6.ppc64.rpm cups-php-1.4.2-67.el6.ppc64.rpm
s390x: cups-debuginfo-1.4.2-67.el6.s390x.rpm cups-php-1.4.2-67.el6.s390x.rpm
x86_64: cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-php-1.4.2-67.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: cups-1.4.2-67.el6.src.rpm
i386: cups-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-lpd-1.4.2-67.el6.i686.rpm
x86_64: cups-1.4.2-67.el6.x86_64.rpm cups-debuginfo-1.4.2-67.el6.i686.rpm cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-devel-1.4.2-67.el6.i686.rpm cups-devel-1.4.2-67.el6.x86_64.rpm cups-libs-1.4.2-67.el6.i686.rpm cups-libs-1.4.2-67.el6.x86_64.rpm cups-lpd-1.4.2-67.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: cups-debuginfo-1.4.2-67.el6.i686.rpm cups-php-1.4.2-67.el6.i686.rpm
x86_64: cups-debuginfo-1.4.2-67.el6.x86_64.rpm cups-php-1.4.2-67.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2014-2856.html https://www.redhat.com/security/data/cve/CVE-2014-3537.html https://www.redhat.com/security/data/cve/CVE-2014-5029.html https://www.redhat.com/security/data/cve/CVE-2014-5030.html https://www.redhat.com/security/data/cve/CVE-2014-5031.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.6_Technical_Notes/cups.html#RHSA-2014-1388
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-10-16-1 OS X Yosemite v10.10
OS X Yosemite v10.10 is now available and addresses the following:
802.1X Impact: An attacker can obtain WiFi credentials Description: An attacker could have impersonated a WiFi access point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash, and used the derived credentials to authenticate to the intended access point even if that access point supported stronger authentication methods. This issue was addressed by disabling LEAP by default. CVE-ID CVE-2014-4364 : Pieter Robyns, Bram Bonne, Peter Quax, and Wim Lamotte of Universiteit Hasselt
AFP File Server Impact: A remote attacker could determine all the network addresses of the system Description: The AFP file server supported a command which returned all the network addresses of the system. This issue was addressed by removing the addresses from the result. CVE-ID CVE-2014-4426 : Craig Young of Tripwire VERT
apache Impact: Multiple vulnerabilities in Apache Description: Multiple vulnerabilities existed in Apache, the most serious of which may lead to a denial of service. These issues were addressed by updating Apache to version 2.4.9. CVE-ID CVE-2013-6438 CVE-2014-0098
App Sandbox Impact: An application confined by sandbox restrictions may misuse the accessibility API Description: A sandboxed application could misuse the accessibility API without the user's knowledge. This has been addressed by requiring administrator approval to use the accessibility API on an per-application basis. CVE-ID CVE-2014-4427 : Paul S. Ziegler of Reflare UG
Bash Impact: In certain configurations, a remote attacker may be able to execute arbitrary shell commands Description: An issue existed in Bash's parsing of environment variables. This issue was addressed through improved environment variable parsing by better detecting the end of the function statement. This update also incorporated the suggested CVE-2014-7169 change, which resets the parser state. In addition, this update added a new namespace for exported functions by creating a function decorator to prevent unintended header passthrough to Bash. The names of all environment variables that introduce function definitions are required to have a prefix "__BASH_FUNC<" and suffix ">()" to prevent unintended function passing via HTTP headers. CVE-ID CVE-2014-6271 : Stephane Chazelas CVE-2014-7169 : Tavis Ormandy
Bluetooth Impact: A malicious Bluetooth input device may bypass pairing Description: Unencrypted connections were permitted from Human Interface Device-class Bluetooth Low Energy devices. If a Mac had paired with such a device, an attacker could spoof the legitimate device to establish a connection. The issue was addressed by denying unencrypted HID connections. CVE-ID CVE-2014-4428 : Mike Ryan of iSEC Partners
CFPreferences Impact: The 'require password after sleep or screen saver begins' preference may not be respected until after a reboot Description: A session management issue existed in the handling of system preference settings. This issue was addressed through improved session tracking. CVE-ID CVE-2014-4425
Certificate Trust Policy Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at http://support.apple.com/kb/HT6005.
CoreStorage Impact: An encrypted volume may stay unlocked when ejected Description: When an encrypted volume was logically ejected while mounted, the volume was unmounted but the keys were retained, so it could have been mounted again without the password. This issue was addressed by erasing the keys on eject. CVE-ID CVE-2014-4430 : Benjamin King at See Ben Click Computer Services LLC, Karsten Iwen, Dustin Li (http://dustin.li/), Ken J. CVE-ID CVE-2014-3537
Dock Impact: In some circumstances, windows may be visible even when the screen is locked Description: A state management issue existed in the handling of the screen lock. This issue was addressed through improved state tracking. CVE-ID CVE-2014-4431 : Emil Sjolander of Umea University
fdesetup Impact: The fdesetup command may provide misleading status for the state of encryption on disk Description: After updating settings, but before rebooting, the fdesetup command provided misleading status. This issue was addressed through improved status reporting. CVE-ID CVE-2014-4432
iCloud Find My Mac Impact: iCloud Lost mode PIN may be bruteforced Description: A state persistence issue in rate limiting allowed brute force attacks on iCloud Lost mode PIN. This issue was addressed through improved state persistence across reboots. CVE-ID CVE-2014-4435 : knoy
IOAcceleratorFamily Impact: An application may cause a denial of service Description: A NULL pointer dereference was present in the IntelAccelerator driver. The issue was addressed through improved error handling. CVE-ID CVE-2014-4373 : cunzhang from Adlab of Venustech
IOHIDFamily Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved validation of IOHIDFamily key-mapping properties. CVE-ID CVE-2014-4405 : Ian Beer of Google Project Zero
IOHIDFamily Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4404 : Ian Beer of Google Project Zero
IOHIDFamily Impact: An application may cause a denial of service Description: A out-of-bounds memory read was present in the IOHIDFamily driver. The issue was addressed through improved input validation. CVE-ID CVE-2014-4436 : cunzhang from Adlab of Venustech
IOHIDFamily Impact: A user may be able to execute arbitrary code with system privileges Description: An out-of-bounds write issue exited in the IOHIDFamily driver. The issue was addressed through improved input validation. CVE-ID CVE-2014-4380 : cunzhang from Adlab of Venustech
IOKit Impact: A malicious application may be able to read uninitialized data from kernel memory Description: An uninitialized memory access issue existed in the handling of IOKit functions. This issue was addressed through improved memory initialization. CVE-ID CVE-2014-4407 : @PanguTeam
IOKit Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata. CVE-ID CVE-2014-4388 : @PanguTeam
IOKit Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata. CVE-ID CVE-2014-4418 : Ian Beer of Google Project Zero
Kernel Impact: A local user may be able to determine kernel memory layout Description: Multiple uninitialized memory issues existed in the network statistics interface, which led to the disclosure of kernel memory content. This issue was addressed through additional memory initialization. CVE-ID CVE-2014-4371 : Fermin J. Serna of the Google Security Team CVE-2014-4419 : Fermin J. Serna of the Google Security Team CVE-2014-4420 : Fermin J. Serna of the Google Security Team CVE-2014-4421 : Fermin J. Serna of the Google Security Team
Kernel Impact: A maliciously crafted file system may cause unexpected system shutdown or arbitrary code execution Description: A heap-based buffer overflow issue existed in the handling of HFS resource forks. A maliciously crafted filesystem may cause an unexpected system shutdown or arbitrary code execution with kernel privileges. The issue was addressed through improved bounds checking. CVE-ID CVE-2014-4433 : Maksymilian Arciemowicz
Kernel Impact: A malicious file system may cause unexpected system shutdown Description: A NULL dereference issue existed in the handling of HFS filenames. A maliciously crafted filesystem may cause an unexpected system shutdown. This issue was addressed by avoiding the NULL dereference. CVE-ID CVE-2014-4434 : Maksymilian Arciemowicz
Kernel Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: A double free issue existed in the handling of Mach ports. This issue was addressed through improved validation of Mach ports. CVE-ID CVE-2014-4375 : an anonymous researcher
Kernel Impact: A person with a privileged network position may cause a denial of service Description: A race condition issue existed in the handling of IPv6 packets. This issue was addressed through improved lock state checking. CVE-ID CVE-2011-2391 : Marc Heuse
Kernel Impact: A local user may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: An out-of-bounds read issue existed in rt_setgate. This may lead to memory disclosure or memory corruption. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4408
Kernel Impact: A local user can cause an unexpected system termination Description: A reachable panic existed in the handling of messages sent to system control sockets. This issue was addressed through additional validation of messages. CVE-ID CVE-2014-4442 : Darius Davis of VMware
Kernel Impact: Some kernel hardening measures may be bypassed Description: The random number generator used for kernel hardening measures early in the boot process was not cryptographically secure. Some of its output was inferable from user space, allowing bypass of the hardening measures. This issue was addressed by using a cryptographically secure algorithm. CVE-ID CVE-2014-4422 : Tarjei Mandt of Azimuth Security
LaunchServices Impact: A local application may bypass sandbox restrictions Description: The LaunchServices interface for setting content type handlers allowed sandboxed applications to specify handlers for existing content types. A compromised application could use this to bypass sandbox restrictions. The issue was addressed by restricting sandboxed applications from specifying content type handlers. CVE-ID CVE-2014-4437 : Meder Kydyraliev of the Google Security Team
LoginWindow Impact: Sometimes the screen might not lock Description: A race condition existed in LoginWindow, which would sometimes prevent the screen from locking. The issue was addressed by changing the order of operations. CVE-ID CVE-2014-4438 : Harry Sintonen of nSense, Alessandro Lobina of Helvetia Insurances, Patryk Szlagowski of Funky Monkey Labs
Mail Impact: Mail may send email to unintended recipients Description: A user interface inconsistency in Mail application resulted in email being sent to addresses that were removed from the list of recipients. The issue was addressed through improved user interface consistency checks. CVE-ID CVE-2014-4439 : Patrick J Power of Melbourne, Australia
MCX Desktop Config Profiles Impact: When mobile configuration profiles were uninstalled, their settings were not removed Description: Web proxy settings installed by a mobile configuration profile were not removed when the profile was uninstalled. This issue was addressed through improved handling of profile uninstallation. CVE-ID CVE-2014-4440 : Kevin Koster of Cloudpath Networks
NetFS Client Framework Impact: File Sharing may enter a state in which it cannot be disabled Description: A state management issue existed in the File Sharing framework. This issue was addressed through improved state management. CVE-ID CVE-2014-4441 : Eduardo Bonsi of BEARTCOMMUNICATIONS
QuickTime Impact: Playing a maliciously crafted m4a file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of audio samples. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4351 : Karl Smith of NCC Group
Safari Impact: History of pages recently visited in an open tab may remain after clearing of history Description: Clearing Safari's history did not clear the back/forward history for open tabs. This issue was addressed by clearing the back/forward history. CVE-ID CVE-2013-5150
Safari Impact: Opting in to push notifications from a maliciously crafted website may cause future Safari Push Notifications to be missed Description: An uncaught exception issue existed in SafariNotificationAgent's handling of Safari Push Notifications. This issue was addressed through improved handling of Safari Push Notifications. CVE-ID CVE-2014-4417 : Marek Isalski of Faelix Limited
Secure Transport Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection attempts fail. CVE-ID CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of Google Security Team
Security Impact: A remote attacker may be able to cause a denial of service Description: A null dereference existed in the handling of ASN.1 data. This issue was addressed through additional validation of ASN.1 data. CVE-ID CVE-2014-4443 : Coverity
Security Impact: A local user might have access to another user's Kerberos tickets Description: A state management issue existed in SecurityAgent. While Fast User Switching, sometimes a Kerberos ticket for the switched-to user would be placed in the cache for the previous user. This issue was addressed through improved state management. CVE-ID CVE-2014-4444 : Gary Simon of Sandia National Laboratories, Ragnar Sundblad of KTH Royal Institute of Technology, Eugene Homyakov of Kaspersky Lab
Security - Code Signing Impact: Tampered applications may not be prevented from launching Description: Apps signed on OS X prior to OS X Mavericks 10.9 or apps using custom resource rules, may have been susceptible to tampering that would not have invalidated the signature. On systems set to allow only apps from the Mac App Store and identified developers, a downloaded modified app could have been allowed to run as though it were legitimate. This issue was addressed by ignoring signatures of bundles with resource envelopes that omit resources that may influence execution. OS X Mavericks v10.9.5 and Security Update 2014-004 for OS X Mountain Lion v10.8.5 already contain these changes. CVE-ID CVE-2014-4391 : Christopher Hickstein working with HP's Zero Day Initiative
Note: OS X Yosemite includes Safari 8.0, which incorporates the security content of Safari 7.1. For further details see "About the security content of Safari 7.1" at https://support.apple.com/kb/HT6440.
OS X Yosemite may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUQCItAAoJEBcWfLTuOo7tVTMQAIpXH2MO4xElrJDdFvz+9hEq 0I/Md7JZMvm66AZZG6AlHPnGn/UfNSD6BxGmuuz2MnVyr3kBTHfGQbsRtoZ/54dZ OJrFVD+HE+WmjhB2xLoLTMDP5QgdpBY0gpmNF5Ze4tRogpbfrhDQJjjWls4xbB3B 0MYF5Cq+9nMwHquh/gQpp4pRCms+S/3TdHrjunlfnWFJMNT+XTs0Y5+QPZQ8OMAb lqDGjjjulN3+WLCekIWXX1WeAFjqW5ICSWqt0b8/yWVnLWuYmWvHPC8LrP52+s87 XHgx+9tW/5L+ZMGxfDYKnhkXNsQaFPai1iPgztjz7/c3NON7ogdIbJd290j2GZ2S CUoozCx2rVn9l7hFYSDP5fHt8x1itvWeH1UX6WP6Ydkf4iXe63ksMaVSFqccEb7r HlBlx/dE1FuWD+gkOQwDPkKZR1yiMArqrHz1YwC4GZ6/A3aG9B++y1TBCetQO8xs bFmlhX4Rvmme+NED0Hli7yN/++axkYUfAHTLwnucq1MW+eP9jecsBpFsOMKJ0ika XrZoquwIM4zQPgY1qBz15Nxeb8lX2IcpL5PKGEeqiKX3SRPerdQKUnUBk1DtHg2h fl+BG2AfN6uaYGJvGL9G2OX95SylOWW9uoYvfTVafwU7f9tE8RUEStnXhQD00j/r P2OKoqPuE6SsFq6L2VwF =Ucxd -----END PGP SIGNATURE-----
.
A malformed file with an invalid page header and compressed raster data can trigger a buffer overflow in cupsRasterReadPixels (CVE-2014-9679).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2856 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5030 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9679 http://advisories.mageia.org/MGASA-2014-0193.html http://advisories.mageia.org/MGASA-2014-0313.html http://advisories.mageia.org/MGASA-2015-0067.html
Updated Packages:
Mandriva Business Server 2/X86_64: 0d1f31885b6c118b63449f2fdd821666 mbs2/x86_64/cups-1.7.0-8.1.mbs2.x86_64.rpm b5337600a386f902763653796a2cefdf mbs2/x86_64/cups-common-1.7.0-8.1.mbs2.x86_64.rpm 7b1513d85b5f22cd90bed23a35e44f51 mbs2/x86_64/cups-filesystem-1.7.0-8.1.mbs2.noarch.rpm c25fa9b9bba101274984fa2b7a62f7a3 mbs2/x86_64/lib64cups2-1.7.0-8.1.mbs2.x86_64.rpm df24a6b84fdafffaadf961ab4aa3640b mbs2/x86_64/lib64cups2-devel-1.7.0-8.1.mbs2.x86_64.rpm 5c172624c992de8ebb2bf8a2b232ee3a mbs2/SRPMS/cups-1.7.0-8.1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
For the stable distribution (wheezy), these problems have been fixed in version 1.5.3-5+deb7u4.
For the unstable distribution (sid), these problems have been fixed in version 1.7.4-2. ============================================================================ Ubuntu Security Notice USN-2293-1 July 21, 2014
cups vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
CUPS could be made to expose sensitive information, leading to privilege escalation.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: cups 1.7.2-0ubuntu1.1
Ubuntu 12.04 LTS: cups 1.5.3-0ubuntu8.4
Ubuntu 10.04 LTS: cups 1.4.3-1ubuntu1.12
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0138",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.6,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.3,
"vendor": "apple",
"version": "1.7.0"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.3,
"vendor": "apple",
"version": "1.7.2"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.3,
"vendor": "apple",
"version": "1.7.1"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "cups",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "1.7.3"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "20"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"model": "cups",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.7"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "1.7.4"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "10.04 lts"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "12.04 lts"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "14.04 lts"
},
{
"model": "fedora",
"scope": "eq",
"trust": 0.8,
"vendor": "fedora",
"version": "20"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.10"
},
{
"model": "cups",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "1.7.4"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.4.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.10"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "cups rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.13"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.4"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.6.3"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.5-2"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "cups b1",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.7.1"
},
{
"model": "cups b1",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "cups rc6",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.20"
},
{
"model": "cups rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.6"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.6-2"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.1"
},
{
"model": "cups b1",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.4"
},
{
"model": "cups rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.22"
},
{
"model": "cups rc5",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.20"
},
{
"model": "cups",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "1.7.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.22"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "mac os update",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.612"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.18"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.1"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.8"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.6.2"
},
{
"model": "cups b2",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.5"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.5"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.12"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.11"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.5-1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"model": "cups rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8"
},
{
"model": "cups rc4",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.20"
},
{
"model": "cups rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.4"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.4"
},
{
"model": "cups rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.22"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.7-18"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.6"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.4"
},
{
"model": "mac os update",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.614"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.1"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.6-1"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.8"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.6.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os supplemental",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.6"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.4.3"
},
{
"model": "cups b1",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.4"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.9"
},
{
"model": "cups rc4",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.19"
},
{
"model": "cups rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "ubuntu linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "cups b2",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "ubuntu linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "canonical",
"version": "12.04-"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.5.4"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.5.2"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.4.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.3"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.4.1"
},
{
"model": "cups b1",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.6"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.12"
},
{
"model": "mac os update",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.617"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.17"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.4.8"
},
{
"model": "cups rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.4"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.4.2"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.1"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.8"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.23"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.2"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.6.1"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.20"
},
{
"model": "cups rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.20"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.5.3"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.5.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.6"
},
{
"model": "cups rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.20"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.2"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.7.3"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"model": "cups rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.23"
},
{
"model": "cups rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "cups rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.5"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.9"
},
{
"model": "cups rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.19"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "cups rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.21"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.19"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "cups rc5",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.19"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.16"
},
{
"model": "cups rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.20"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.15"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.3"
},
{
"model": "cups b3",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.4"
},
{
"model": "cups rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.19"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.10-1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "cups b2",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.4.7"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.10"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.2"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.4"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.4.6"
},
{
"model": "cups rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.21"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.21"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "cups b1",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.5"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.6-3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.9-1"
},
{
"model": "ubuntu linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "canonical",
"version": "10.04-"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.11"
},
{
"model": "cups rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.19"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.3"
},
{
"model": "cups rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.3.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.2"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.2.1"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.1.14"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
}
],
"sources": [
{
"db": "BID",
"id": "68788"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003632"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003525"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-567"
},
{
"db": "NVD",
"id": "CVE-2014-3537"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:cups",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003632"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Francisco Alonso of Red Hat Security Response Team.",
"sources": [
{
"db": "BID",
"id": "68788"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3537",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 1.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.9,
"id": "CVE-2014-3537",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 1.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-3537",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 1.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.9,
"id": "VHN-71477",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:H/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3537",
"trust": 1.6,
"value": "Low"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3537",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-567",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71477",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71477"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003632"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003525"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-567"
},
{
"db": "NVD",
"id": "CVE-2014-3537"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. CUPS is prone to a local privilege-escalation vulnerability. \nAn attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Other attacks may also be possible. \nAn attacker with local access could potentially exploit this issue to gain elevated privileges. \nVersions prior to CUPS 1.7.4 are vulnerable. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: cups security and bug fix update\nAdvisory ID: RHSA-2014:1388-02\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-1388.html\nIssue date: 2014-10-14\nCVE Names: CVE-2014-2856 CVE-2014-3537 CVE-2014-5029 \n CVE-2014-5030 CVE-2014-5031 \n=====================================================================\n\n1. Summary:\n\nUpdated cups packages that fix multiple security issues and several bugs\nare now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nCUPS provides a portable printing layer for Linux, UNIX, and similar\noperating systems. (CVE-2014-2856)\n\nIt was discovered that CUPS allowed certain users to create symbolic links\nin certain directories under /var/cache/cups/. (CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031)\n\nThe CVE-2014-3537 issue was discovered by Francisco Alonso of Red Hat\nProduct Security. \n\nThese updated cups packages also include several bug fixes. Space precludes\ndocumenting all of these changes in this advisory. Users are directed to\nthe Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the\nReferences section, for information on the most significant of these\nchanges. \n\nAll cups users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the cupsd daemon will be restarted automatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n978387 - Bad IPP responses with version 2.0 (collection handling bug)\n1012482 - /etc/cron.daily/cups breaks rule GEN003080 in Red Hat security guide\n1087122 - CVE-2014-2856 cups: cross-site scripting flaw fixed in the 1.7.2 release\n1115576 - CVE-2014-3537 cups: insufficient checking leads to privilege escalation\n1122600 - CVE-2014-5029 cups: Incomplete fix for CVE-2014-3537\n1128764 - CVE-2014-5030 cups: allows local users to read arbitrary files via a symlink attack\n1128767 - CVE-2014-5031 cups: world-readable permissions\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\ncups-1.4.2-67.el6.src.rpm\n\ni386:\ncups-1.4.2-67.el6.i686.rpm\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-libs-1.4.2-67.el6.i686.rpm\ncups-lpd-1.4.2-67.el6.i686.rpm\n\nx86_64:\ncups-1.4.2-67.el6.x86_64.rpm\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-debuginfo-1.4.2-67.el6.x86_64.rpm\ncups-libs-1.4.2-67.el6.i686.rpm\ncups-libs-1.4.2-67.el6.x86_64.rpm\ncups-lpd-1.4.2-67.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-devel-1.4.2-67.el6.i686.rpm\ncups-php-1.4.2-67.el6.i686.rpm\n\nx86_64:\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-debuginfo-1.4.2-67.el6.x86_64.rpm\ncups-devel-1.4.2-67.el6.i686.rpm\ncups-devel-1.4.2-67.el6.x86_64.rpm\ncups-php-1.4.2-67.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\ncups-1.4.2-67.el6.src.rpm\n\nx86_64:\ncups-1.4.2-67.el6.x86_64.rpm\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-debuginfo-1.4.2-67.el6.x86_64.rpm\ncups-libs-1.4.2-67.el6.i686.rpm\ncups-libs-1.4.2-67.el6.x86_64.rpm\ncups-lpd-1.4.2-67.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-debuginfo-1.4.2-67.el6.x86_64.rpm\ncups-devel-1.4.2-67.el6.i686.rpm\ncups-devel-1.4.2-67.el6.x86_64.rpm\ncups-php-1.4.2-67.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\ncups-1.4.2-67.el6.src.rpm\n\ni386:\ncups-1.4.2-67.el6.i686.rpm\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-devel-1.4.2-67.el6.i686.rpm\ncups-libs-1.4.2-67.el6.i686.rpm\ncups-lpd-1.4.2-67.el6.i686.rpm\n\nppc64:\ncups-1.4.2-67.el6.ppc64.rpm\ncups-debuginfo-1.4.2-67.el6.ppc.rpm\ncups-debuginfo-1.4.2-67.el6.ppc64.rpm\ncups-devel-1.4.2-67.el6.ppc.rpm\ncups-devel-1.4.2-67.el6.ppc64.rpm\ncups-libs-1.4.2-67.el6.ppc.rpm\ncups-libs-1.4.2-67.el6.ppc64.rpm\ncups-lpd-1.4.2-67.el6.ppc64.rpm\n\ns390x:\ncups-1.4.2-67.el6.s390x.rpm\ncups-debuginfo-1.4.2-67.el6.s390.rpm\ncups-debuginfo-1.4.2-67.el6.s390x.rpm\ncups-devel-1.4.2-67.el6.s390.rpm\ncups-devel-1.4.2-67.el6.s390x.rpm\ncups-libs-1.4.2-67.el6.s390.rpm\ncups-libs-1.4.2-67.el6.s390x.rpm\ncups-lpd-1.4.2-67.el6.s390x.rpm\n\nx86_64:\ncups-1.4.2-67.el6.x86_64.rpm\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-debuginfo-1.4.2-67.el6.x86_64.rpm\ncups-devel-1.4.2-67.el6.i686.rpm\ncups-devel-1.4.2-67.el6.x86_64.rpm\ncups-libs-1.4.2-67.el6.i686.rpm\ncups-libs-1.4.2-67.el6.x86_64.rpm\ncups-lpd-1.4.2-67.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-php-1.4.2-67.el6.i686.rpm\n\nppc64:\ncups-debuginfo-1.4.2-67.el6.ppc64.rpm\ncups-php-1.4.2-67.el6.ppc64.rpm\n\ns390x:\ncups-debuginfo-1.4.2-67.el6.s390x.rpm\ncups-php-1.4.2-67.el6.s390x.rpm\n\nx86_64:\ncups-debuginfo-1.4.2-67.el6.x86_64.rpm\ncups-php-1.4.2-67.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\ncups-1.4.2-67.el6.src.rpm\n\ni386:\ncups-1.4.2-67.el6.i686.rpm\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-devel-1.4.2-67.el6.i686.rpm\ncups-libs-1.4.2-67.el6.i686.rpm\ncups-lpd-1.4.2-67.el6.i686.rpm\n\nx86_64:\ncups-1.4.2-67.el6.x86_64.rpm\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-debuginfo-1.4.2-67.el6.x86_64.rpm\ncups-devel-1.4.2-67.el6.i686.rpm\ncups-devel-1.4.2-67.el6.x86_64.rpm\ncups-libs-1.4.2-67.el6.i686.rpm\ncups-libs-1.4.2-67.el6.x86_64.rpm\ncups-lpd-1.4.2-67.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\ncups-debuginfo-1.4.2-67.el6.i686.rpm\ncups-php-1.4.2-67.el6.i686.rpm\n\nx86_64:\ncups-debuginfo-1.4.2-67.el6.x86_64.rpm\ncups-php-1.4.2-67.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-2856.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3537.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-5029.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-5030.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-5031.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.6_Technical_Notes/cups.html#RHSA-2014-1388\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-10-16-1 OS X Yosemite v10.10\n\nOS X Yosemite v10.10 is now available and addresses the following:\n\n802.1X\nImpact: An attacker can obtain WiFi credentials\nDescription: An attacker could have impersonated a WiFi access\npoint, offered to authenticate with LEAP, broken the MS-CHAPv1 hash,\nand used the derived credentials to authenticate to the intended\naccess point even if that access point supported stronger\nauthentication methods. This issue was addressed by disabling LEAP by\ndefault. \nCVE-ID\nCVE-2014-4364 : Pieter Robyns, Bram Bonne, Peter Quax, and Wim\nLamotte of Universiteit Hasselt\n\nAFP File Server\nImpact: A remote attacker could determine all the network addresses\nof the system\nDescription: The AFP file server supported a command which returned\nall the network addresses of the system. This issue was addressed by\nremoving the addresses from the result. \nCVE-ID\nCVE-2014-4426 : Craig Young of Tripwire VERT\n\napache\nImpact: Multiple vulnerabilities in Apache\nDescription: Multiple vulnerabilities existed in Apache, the most\nserious of which may lead to a denial of service. These issues were\naddressed by updating Apache to version 2.4.9. \nCVE-ID\nCVE-2013-6438\nCVE-2014-0098\n\nApp Sandbox\nImpact: An application confined by sandbox restrictions may misuse\nthe accessibility API\nDescription: A sandboxed application could misuse the accessibility\nAPI without the user\u0027s knowledge. This has been addressed by\nrequiring administrator approval to use the accessibility API on an\nper-application basis. \nCVE-ID\nCVE-2014-4427 : Paul S. Ziegler of Reflare UG\n\nBash\nImpact: In certain configurations, a remote attacker may be able to\nexecute arbitrary shell commands\nDescription: An issue existed in Bash\u0027s parsing of environment\nvariables. This issue was addressed through improved environment\nvariable parsing by better detecting the end of the function\nstatement. This update also incorporated the suggested CVE-2014-7169\nchange, which resets the parser state. In addition, this update\nadded a new namespace for exported functions by creating a function\ndecorator to prevent unintended header passthrough to Bash. The names\nof all environment variables that introduce function definitions are\nrequired to have a prefix \"__BASH_FUNC\u003c\" and suffix \"\u003e()\" to prevent\nunintended function passing via HTTP headers. \nCVE-ID\nCVE-2014-6271 : Stephane Chazelas\nCVE-2014-7169 : Tavis Ormandy\n\nBluetooth\nImpact: A malicious Bluetooth input device may bypass pairing\nDescription: Unencrypted connections were permitted from Human\nInterface Device-class Bluetooth Low Energy devices. If a Mac had\npaired with such a device, an attacker could spoof the legitimate\ndevice to establish a connection. The issue was addressed by denying\nunencrypted HID connections. \nCVE-ID\nCVE-2014-4428 : Mike Ryan of iSEC Partners\n\nCFPreferences\nImpact: The \u0027require password after sleep or screen saver begins\u0027\npreference may not be respected until after a reboot\nDescription: A session management issue existed in the handling of\nsystem preference settings. This issue was addressed through improved\nsession tracking. \nCVE-ID\nCVE-2014-4425\n\nCertificate Trust Policy\nImpact: Update to the certificate trust policy\nDescription: The certificate trust policy was updated. The complete\nlist of certificates may be viewed at\nhttp://support.apple.com/kb/HT6005. \n\nCoreStorage\nImpact: An encrypted volume may stay unlocked when ejected\nDescription: When an encrypted volume was logically ejected while\nmounted, the volume was unmounted but the keys were retained, so it\ncould have been mounted again without the password. This issue was\naddressed by erasing the keys on eject. \nCVE-ID\nCVE-2014-4430 : Benjamin King at See Ben Click Computer Services LLC,\nKarsten Iwen, Dustin Li (http://dustin.li/), Ken J. \nCVE-ID\nCVE-2014-3537\n\nDock\nImpact: In some circumstances, windows may be visible even when the\nscreen is locked\nDescription: A state management issue existed in the handling of the\nscreen lock. This issue was addressed through improved state\ntracking. \nCVE-ID\nCVE-2014-4431 : Emil Sjolander of Umea University\n\nfdesetup\nImpact: The fdesetup command may provide misleading status for the\nstate of encryption on disk\nDescription: After updating settings, but before rebooting, the\nfdesetup command provided misleading status. This issue was addressed\nthrough improved status reporting. \nCVE-ID\nCVE-2014-4432\n\niCloud Find My Mac\nImpact: iCloud Lost mode PIN may be bruteforced\nDescription: A state persistence issue in rate limiting allowed\nbrute force attacks on iCloud Lost mode PIN. This issue was addressed\nthrough improved state persistence across reboots. \nCVE-ID\nCVE-2014-4435 : knoy\n\nIOAcceleratorFamily\nImpact: An application may cause a denial of service\nDescription: A NULL pointer dereference was present in the\nIntelAccelerator driver. The issue was addressed through improved\nerror handling. \nCVE-ID\nCVE-2014-4373 : cunzhang from Adlab of Venustech\n\nIOHIDFamily\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A null pointer dereference existed in IOHIDFamily\u0027s\nhandling of key-mapping properties. This issue was addressed through\nimproved validation of IOHIDFamily key-mapping properties. \nCVE-ID\nCVE-2014-4405 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A heap buffer overflow existed in IOHIDFamily\u0027s\nhandling of key-mapping properties. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4404 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nImpact: An application may cause a denial of service\nDescription: A out-of-bounds memory read was present in the\nIOHIDFamily driver. The issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2014-4436 : cunzhang from Adlab of Venustech\n\nIOHIDFamily\nImpact: A user may be able to execute arbitrary code with system\nprivileges\nDescription: An out-of-bounds write issue exited in the IOHIDFamily\ndriver. The issue was addressed through improved input validation. \nCVE-ID\nCVE-2014-4380 : cunzhang from Adlab of Venustech\n\nIOKit\nImpact: A malicious application may be able to read uninitialized\ndata from kernel memory\nDescription: An uninitialized memory access issue existed in the\nhandling of IOKit functions. This issue was addressed through\nimproved memory initialization. \nCVE-ID\nCVE-2014-4407 : @PanguTeam\n\nIOKit\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A validation issue existed in the handling of certain\nmetadata fields of IODataQueue objects. This issue was addressed\nthrough improved validation of metadata. \nCVE-ID\nCVE-2014-4388 : @PanguTeam\n\nIOKit\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A validation issue existed in the handling of certain\nmetadata fields of IODataQueue objects. This issue was addressed\nthrough improved validation of metadata. \nCVE-ID\nCVE-2014-4418 : Ian Beer of Google Project Zero\n\nKernel\nImpact: A local user may be able to determine kernel memory layout\nDescription: Multiple uninitialized memory issues existed in the\nnetwork statistics interface, which led to the disclosure of kernel\nmemory content. This issue was addressed through additional memory\ninitialization. \nCVE-ID\nCVE-2014-4371 : Fermin J. Serna of the Google Security Team\nCVE-2014-4419 : Fermin J. Serna of the Google Security Team\nCVE-2014-4420 : Fermin J. Serna of the Google Security Team\nCVE-2014-4421 : Fermin J. Serna of the Google Security Team\n\nKernel\nImpact: A maliciously crafted file system may cause unexpected\nsystem shutdown or arbitrary code execution\nDescription: A heap-based buffer overflow issue existed in the\nhandling of HFS resource forks. A maliciously crafted filesystem may\ncause an unexpected system shutdown or arbitrary code execution with\nkernel privileges. The issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-4433 : Maksymilian Arciemowicz\n\nKernel\nImpact: A malicious file system may cause unexpected system shutdown\nDescription: A NULL dereference issue existed in the handling of HFS\nfilenames. A maliciously crafted filesystem may cause an unexpected\nsystem shutdown. This issue was addressed by avoiding the NULL\ndereference. \nCVE-ID\nCVE-2014-4434 : Maksymilian Arciemowicz\n\nKernel\nImpact: A local user may be able to cause an unexpected system\ntermination or arbitrary code execution in the kernel\nDescription: A double free issue existed in the handling of Mach\nports. This issue was addressed through improved validation of Mach\nports. \nCVE-ID\nCVE-2014-4375 : an anonymous researcher\n\nKernel\nImpact: A person with a privileged network position may cause a\ndenial of service\nDescription: A race condition issue existed in the handling of IPv6\npackets. This issue was addressed through improved lock state\nchecking. \nCVE-ID\nCVE-2011-2391 : Marc Heuse\n\nKernel\nImpact: A local user may be able to cause an unexpected system\ntermination or arbitrary code execution in the kernel\nDescription: An out-of-bounds read issue existed in rt_setgate. This\nmay lead to memory disclosure or memory corruption. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2014-4408\n\nKernel\nImpact: A local user can cause an unexpected system termination\nDescription: A reachable panic existed in the handling of messages\nsent to system control sockets. This issue was addressed through\nadditional validation of messages. \nCVE-ID\nCVE-2014-4442 : Darius Davis of VMware\n\nKernel\nImpact: Some kernel hardening measures may be bypassed\nDescription: The random number generator used for kernel hardening\nmeasures early in the boot process was not cryptographically secure. \nSome of its output was inferable from user space, allowing bypass of\nthe hardening measures. This issue was addressed by using a\ncryptographically secure algorithm. \nCVE-ID\nCVE-2014-4422 : Tarjei Mandt of Azimuth Security\n\nLaunchServices\nImpact: A local application may bypass sandbox restrictions\nDescription: The LaunchServices interface for setting content type\nhandlers allowed sandboxed applications to specify handlers for\nexisting content types. A compromised application could use this to\nbypass sandbox restrictions. The issue was addressed by restricting\nsandboxed applications from specifying content type handlers. \nCVE-ID\nCVE-2014-4437 : Meder Kydyraliev of the Google Security Team\n\nLoginWindow\nImpact: Sometimes the screen might not lock\nDescription: A race condition existed in LoginWindow, which would\nsometimes prevent the screen from locking. The issue was addressed by\nchanging the order of operations. \nCVE-ID\nCVE-2014-4438 : Harry Sintonen of nSense, Alessandro Lobina of\nHelvetia Insurances, Patryk Szlagowski of Funky Monkey Labs\n\nMail\nImpact: Mail may send email to unintended recipients\nDescription: A user interface inconsistency in Mail application\nresulted in email being sent to addresses that were removed from the\nlist of recipients. The issue was addressed through improved user\ninterface consistency checks. \nCVE-ID\nCVE-2014-4439 : Patrick J Power of Melbourne, Australia\n\nMCX Desktop Config Profiles\nImpact: When mobile configuration profiles were uninstalled, their\nsettings were not removed\nDescription: Web proxy settings installed by a mobile configuration\nprofile were not removed when the profile was uninstalled. This issue\nwas addressed through improved handling of profile uninstallation. \nCVE-ID\nCVE-2014-4440 : Kevin Koster of Cloudpath Networks\n\nNetFS Client Framework\nImpact: File Sharing may enter a state in which it cannot be\ndisabled\nDescription: A state management issue existed in the File Sharing\nframework. This issue was addressed through improved state\nmanagement. \nCVE-ID\nCVE-2014-4441 : Eduardo Bonsi of BEARTCOMMUNICATIONS\n\nQuickTime\nImpact: Playing a maliciously crafted m4a file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of audio\nsamples. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4351 : Karl Smith of NCC Group\n\nSafari\nImpact: History of pages recently visited in an open tab may remain\nafter clearing of history\nDescription: Clearing Safari\u0027s history did not clear the\nback/forward history for open tabs. This issue was addressed by\nclearing the back/forward history. \nCVE-ID\nCVE-2013-5150\n\nSafari\nImpact: Opting in to push notifications from a maliciously crafted\nwebsite may cause future Safari Push Notifications to be missed\nDescription: An uncaught exception issue existed in\nSafariNotificationAgent\u0027s handling of Safari Push Notifications. This\nissue was addressed through improved handling of Safari Push\nNotifications. \nCVE-ID\nCVE-2014-4417 : Marek Isalski of Faelix Limited\n\nSecure Transport\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There are known attacks on the confidentiality of SSL\n3.0 when a cipher suite uses a block cipher in CBC mode. An attacker\ncould force the use of SSL 3.0, even when the server would support a\nbetter TLS version, by blocking TLS 1.0 and higher connection\nattempts. This issue was addressed by disabling CBC cipher suites\nwhen TLS connection attempts fail. \nCVE-ID\nCVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of\nGoogle Security Team\n\nSecurity\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A null dereference existed in the handling of ASN.1\ndata. This issue was addressed through additional validation of ASN.1\ndata. \nCVE-ID\nCVE-2014-4443 : Coverity\n\nSecurity\nImpact: A local user might have access to another user\u0027s Kerberos\ntickets\nDescription: A state management issue existed in SecurityAgent. \nWhile Fast User Switching, sometimes a Kerberos ticket for the\nswitched-to user would be placed in the cache for the previous user. \nThis issue was addressed through improved state management. \nCVE-ID\nCVE-2014-4444 : Gary Simon of Sandia National Laboratories, Ragnar\nSundblad of KTH Royal Institute of Technology, Eugene Homyakov of\nKaspersky Lab\n\nSecurity - Code Signing\nImpact: Tampered applications may not be prevented from launching\nDescription: Apps signed on OS X prior to OS X Mavericks 10.9 or\napps using custom resource rules, may have been susceptible to\ntampering that would not have invalidated the signature. On systems\nset to allow only apps from the Mac App Store and identified\ndevelopers, a downloaded modified app could have been allowed to run\nas though it were legitimate. This issue was addressed by ignoring\nsignatures of bundles with resource envelopes that omit resources\nthat may influence execution. OS X Mavericks v10.9.5 and Security\nUpdate 2014-004 for OS X Mountain Lion v10.8.5 already contain these\nchanges. \nCVE-ID\nCVE-2014-4391 : Christopher Hickstein working with HP\u0027s Zero Day\nInitiative\n\n\nNote: OS X Yosemite includes Safari 8.0, which incorporates\nthe security content of Safari 7.1. For further details see\n\"About the security content of Safari 7.1\" at\nhttps://support.apple.com/kb/HT6440. \n\n\nOS X Yosemite may be obtained from the Mac App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJUQCItAAoJEBcWfLTuOo7tVTMQAIpXH2MO4xElrJDdFvz+9hEq\n0I/Md7JZMvm66AZZG6AlHPnGn/UfNSD6BxGmuuz2MnVyr3kBTHfGQbsRtoZ/54dZ\nOJrFVD+HE+WmjhB2xLoLTMDP5QgdpBY0gpmNF5Ze4tRogpbfrhDQJjjWls4xbB3B\n0MYF5Cq+9nMwHquh/gQpp4pRCms+S/3TdHrjunlfnWFJMNT+XTs0Y5+QPZQ8OMAb\nlqDGjjjulN3+WLCekIWXX1WeAFjqW5ICSWqt0b8/yWVnLWuYmWvHPC8LrP52+s87\nXHgx+9tW/5L+ZMGxfDYKnhkXNsQaFPai1iPgztjz7/c3NON7ogdIbJd290j2GZ2S\nCUoozCx2rVn9l7hFYSDP5fHt8x1itvWeH1UX6WP6Ydkf4iXe63ksMaVSFqccEb7r\nHlBlx/dE1FuWD+gkOQwDPkKZR1yiMArqrHz1YwC4GZ6/A3aG9B++y1TBCetQO8xs\nbFmlhX4Rvmme+NED0Hli7yN/++axkYUfAHTLwnucq1MW+eP9jecsBpFsOMKJ0ika\nXrZoquwIM4zQPgY1qBz15Nxeb8lX2IcpL5PKGEeqiKX3SRPerdQKUnUBk1DtHg2h\nfl+BG2AfN6uaYGJvGL9G2OX95SylOWW9uoYvfTVafwU7f9tE8RUEStnXhQD00j/r\nP2OKoqPuE6SsFq6L2VwF\n=Ucxd\n-----END PGP SIGNATURE-----\n\n. \n \n A malformed file with an invalid page header and compressed raster data\n can trigger a buffer overflow in cupsRasterReadPixels (CVE-2014-9679). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2856\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5030\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5031\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9679\n http://advisories.mageia.org/MGASA-2014-0193.html\n http://advisories.mageia.org/MGASA-2014-0313.html\n http://advisories.mageia.org/MGASA-2015-0067.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 0d1f31885b6c118b63449f2fdd821666 mbs2/x86_64/cups-1.7.0-8.1.mbs2.x86_64.rpm\n b5337600a386f902763653796a2cefdf mbs2/x86_64/cups-common-1.7.0-8.1.mbs2.x86_64.rpm\n 7b1513d85b5f22cd90bed23a35e44f51 mbs2/x86_64/cups-filesystem-1.7.0-8.1.mbs2.noarch.rpm\n c25fa9b9bba101274984fa2b7a62f7a3 mbs2/x86_64/lib64cups2-1.7.0-8.1.mbs2.x86_64.rpm\n df24a6b84fdafffaadf961ab4aa3640b mbs2/x86_64/lib64cups2-devel-1.7.0-8.1.mbs2.x86_64.rpm \n 5c172624c992de8ebb2bf8a2b232ee3a mbs2/SRPMS/cups-1.7.0-8.1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.5.3-5+deb7u4. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.7.4-2. ============================================================================\nUbuntu Security Notice USN-2293-1\nJuly 21, 2014\n\ncups vulnerability\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nCUPS could be made to expose sensitive information, leading to privilege\nescalation. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n cups 1.7.2-0ubuntu1.1\n\nUbuntu 12.04 LTS:\n cups 1.5.3-0ubuntu8.4\n\nUbuntu 10.04 LTS:\n cups 1.4.3-1ubuntu1.12\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3537"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003632"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003525"
},
{
"db": "BID",
"id": "68788"
},
{
"db": "VULHUB",
"id": "VHN-71477"
},
{
"db": "PACKETSTORM",
"id": "127797"
},
{
"db": "PACKETSTORM",
"id": "128661"
},
{
"db": "PACKETSTORM",
"id": "128729"
},
{
"db": "PACKETSTORM",
"id": "131116"
},
{
"db": "PACKETSTORM",
"id": "127631"
},
{
"db": "PACKETSTORM",
"id": "127542"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3537",
"trust": 4.2
},
{
"db": "BID",
"id": "68788",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "60787",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "60273",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59945",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1030611",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/07/22/2",
"trust": 0.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/07/22/13",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003632",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97537282",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003525",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201407-567",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "127631",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "127797",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "127542",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-71477",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128661",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128729",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131116",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71477"
},
{
"db": "BID",
"id": "68788"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003632"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003525"
},
{
"db": "PACKETSTORM",
"id": "127797"
},
{
"db": "PACKETSTORM",
"id": "128661"
},
{
"db": "PACKETSTORM",
"id": "128729"
},
{
"db": "PACKETSTORM",
"id": "131116"
},
{
"db": "PACKETSTORM",
"id": "127631"
},
{
"db": "PACKETSTORM",
"id": "127542"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-567"
},
{
"db": "NVD",
"id": "CVE-2014-3537"
}
]
},
"id": "VAR-201407-0138",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71477"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T21:21:16.322000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes",
"trust": 1.6,
"url": "http://www.cups.org/documentation.php/relnotes.html"
},
{
"title": "RHSA-2014:1388",
"trust": 1.6,
"url": "https://rhn.redhat.com/errata/RHSA-2014-1388.html"
},
{
"title": "STR #4455",
"trust": 0.8,
"url": "https://cups.org/str.php?L4455"
},
{
"title": "HT6535",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6535"
},
{
"title": "HT6535",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6535?viewlocale=ja_JP"
},
{
"title": "Article #724",
"trust": 0.8,
"url": "http://www.cups.org/blog.php?L724"
},
{
"title": "STR #4450 CVE-2014-3537: Insufficient checking leads to privilege escalation",
"trust": 0.8,
"url": "http://www.cups.org/str.php?L4450"
},
{
"title": "FEDORA-2014-8351",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135528.html"
},
{
"title": "Bug 1115576",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1115576"
},
{
"title": "USN-2293-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/USN-2293-1/"
},
{
"title": "cups-1.7.4-source",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=50937"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003632"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003525"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-567"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-59",
"trust": 2.7
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71477"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003632"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003525"
},
{
"db": "NVD",
"id": "CVE-2014-3537"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "http://advisories.mageia.org/mgasa-2014-0313.html"
},
{
"trust": 2.5,
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"
},
{
"trust": 2.0,
"url": "http://www.cups.org/str.php?l4450"
},
{
"trust": 2.0,
"url": "https://support.apple.com/kb/ht6535"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2014-1388.html"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-2293-1"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1030611"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59945"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/60273"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/60787"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/68788"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-july/135528.html"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:108"
},
{
"trust": 1.7,
"url": "http://www.cups.org/blog.php?l724"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1115576"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5029"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3537"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5029"
},
{
"trust": 0.8,
"url": "http://www.openwall.com/lists/oss-security/2014/07/22/2"
},
{
"trust": 0.8,
"url": "http://www.openwall.com/lists/oss-security/2014/07/22/13"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97537282/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3537"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3537"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2014-3537"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhba-2015:0386"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2014:1388"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-5029"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-5030"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-5031"
},
{
"trust": 0.3,
"url": "http://www.cups.org/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5031"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5030"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2856"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.6_technical_notes/cups.html#rhsa-2014-1388"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-2856.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-5029.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-5031.html"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-5030.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-3537.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4380"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht6440."
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht6005."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5150"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4428"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4405"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2391"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0098"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4404"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4373"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4417"
},
{
"trust": 0.1,
"url": "http://dustin.li/),"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4425"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4391"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4375"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4418"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4371"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9679"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0193.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2856"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2015-0067.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9679"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/cups/1.4.3-1ubuntu1.12"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/cups/1.5.3-0ubuntu8.4"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71477"
},
{
"db": "BID",
"id": "68788"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003632"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003525"
},
{
"db": "PACKETSTORM",
"id": "127797"
},
{
"db": "PACKETSTORM",
"id": "128661"
},
{
"db": "PACKETSTORM",
"id": "128729"
},
{
"db": "PACKETSTORM",
"id": "131116"
},
{
"db": "PACKETSTORM",
"id": "127631"
},
{
"db": "PACKETSTORM",
"id": "127542"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-567"
},
{
"db": "NVD",
"id": "CVE-2014-3537"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71477"
},
{
"db": "BID",
"id": "68788"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003632"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003525"
},
{
"db": "PACKETSTORM",
"id": "127797"
},
{
"db": "PACKETSTORM",
"id": "128661"
},
{
"db": "PACKETSTORM",
"id": "128729"
},
{
"db": "PACKETSTORM",
"id": "131116"
},
{
"db": "PACKETSTORM",
"id": "127631"
},
{
"db": "PACKETSTORM",
"id": "127542"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-567"
},
{
"db": "NVD",
"id": "CVE-2014-3537"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-23T00:00:00",
"db": "VULHUB",
"id": "VHN-71477"
},
{
"date": "2014-07-19T00:00:00",
"db": "BID",
"id": "68788"
},
{
"date": "2014-07-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003632"
},
{
"date": "2014-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003525"
},
{
"date": "2014-08-08T21:45:22",
"db": "PACKETSTORM",
"id": "127797"
},
{
"date": "2014-10-14T23:04:56",
"db": "PACKETSTORM",
"id": "128661"
},
{
"date": "2014-10-17T15:02:27",
"db": "PACKETSTORM",
"id": "128729"
},
{
"date": "2015-03-30T21:33:02",
"db": "PACKETSTORM",
"id": "131116"
},
{
"date": "2014-07-28T20:36:32",
"db": "PACKETSTORM",
"id": "127631"
},
{
"date": "2014-07-21T19:44:20",
"db": "PACKETSTORM",
"id": "127542"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-567"
},
{
"date": "2014-07-23T14:55:05.883000",
"db": "NVD",
"id": "CVE-2014-3537"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-71477"
},
{
"date": "2015-04-13T22:13:00",
"db": "BID",
"id": "68788"
},
{
"date": "2015-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003632"
},
{
"date": "2015-06-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003525"
},
{
"date": "2023-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-567"
},
{
"date": "2024-11-21T02:08:19.653000",
"db": "NVD",
"id": "CVE-2014-3537"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "68788"
},
{
"db": "PACKETSTORM",
"id": "127797"
},
{
"db": "PACKETSTORM",
"id": "128661"
},
{
"db": "PACKETSTORM",
"id": "127631"
},
{
"db": "PACKETSTORM",
"id": "127542"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-567"
}
],
"trust": 1.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CUPS of Web Vulnerability to read arbitrary files in the interface",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003632"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003525"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "post link",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-567"
}
],
"trust": 0.6
}
}
var-202212-1824
Vulnerability from variot
After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free). OpenEuler Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202212-1824",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "openeuler",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "20.03"
},
{
"model": "openeuler",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "22.03"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "openeuler",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003496"
},
{
"db": "NVD",
"id": "CVE-2021-33640"
}
]
},
"cve": "CVE-2021-33640",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-33640",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "securities@openeuler.org",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.5,
"id": "CVE-2021-33640",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-33640",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33640",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "securities@openeuler.org",
"id": "CVE-2021-33640",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-33640",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202212-3560",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003496"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3560"
},
{
"db": "NVD",
"id": "CVE-2021-33640"
},
{
"db": "NVD",
"id": "CVE-2021-33640"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t-\u003eth_buf) . As a result, the released memory is used (use-after-free). OpenEuler Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33640"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003496"
},
{
"db": "VULHUB",
"id": "VHN-393718"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33640",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003496",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3560",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-393718",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393718"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003496"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3560"
},
{
"db": "NVD",
"id": "CVE-2021-33640"
}
]
},
"id": "VAR-202212-1824",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-393718"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:55:06.462000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2021-33640",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
},
{
"title": "openEuler Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=219382"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003496"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3560"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393718"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003496"
},
{
"db": "NVD",
"id": "CVE-2021-33640"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.openeuler.org/en/security/cve/detail/?cveid=cve-2021-33640\u0026packagename=libtar"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4s4pjrcjleawn2ekxglsobtl7o57v7nc/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7wx5ye66ct7y5c2hthxsfdkqwywywj2t/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33640"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4s4pjrcjleawn2ekxglsobtl7o57v7nc/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7wx5ye66ct7y5c2hthxsfdkqwywywj2t/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-33640/"
},
{
"trust": 0.1,
"url": "https://www.openeuler.org/en/security/cve/detail/?cveid=cve-2021-33640\u0026amp;packagename=libtar"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393718"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003496"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3560"
},
{
"db": "NVD",
"id": "CVE-2021-33640"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-393718"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003496"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3560"
},
{
"db": "NVD",
"id": "CVE-2021-33640"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-393718"
},
{
"date": "2023-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-003496"
},
{
"date": "2022-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3560"
},
{
"date": "2022-12-19T16:15:10.840000",
"db": "NVD",
"id": "CVE-2021-33640"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-29T00:00:00",
"db": "VULHUB",
"id": "VHN-393718"
},
{
"date": "2023-02-21T07:32:00",
"db": "JVNDB",
"id": "JVNDB-2022-003496"
},
{
"date": "2022-12-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3560"
},
{
"date": "2023-11-07T03:35:53.527000",
"db": "NVD",
"id": "CVE-2021-33640"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3560"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenEuler\u00a0 Vulnerability in using free memory in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003496"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3560"
}
],
"trust": 0.6
}
}
var-202206-1961
Vulnerability from variot
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. curl Exists in an out-of-bounds write vulnerability.Information may be obtained. (CVE-2022-32207). Description:
Red Hat Advanced Cluster Management for Kubernetes 2.3.12 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/
Security fix:
- CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
Bug fixes:
-
Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856)
-
RHACM 2.3.12 images (BZ# 2101411)
-
Bugs fixed (https://bugzilla.redhat.com/):
2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation 2101411 - RHACM 2.3.12 images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
- ========================================================================== Ubuntu Security Notice USN-5495-1 June 27, 2022
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)
Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-32206)
Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-diddle attack. (CVE-2022-32208)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.3 libcurl3-gnutls 7.81.0-1ubuntu1.3 libcurl3-nss 7.81.0-1ubuntu1.3 libcurl4 7.81.0-1ubuntu1.3
Ubuntu 21.10: curl 7.74.0-1.3ubuntu2.3 libcurl3-gnutls 7.74.0-1.3ubuntu2.3 libcurl3-nss 7.74.0-1.3ubuntu2.3 libcurl4 7.74.0-1.3ubuntu2.3
Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.12 libcurl3-gnutls 7.68.0-1ubuntu2.12 libcurl3-nss 7.68.0-1ubuntu2.12 libcurl4 7.68.0-1ubuntu2.12
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.19 libcurl3-gnutls 7.58.0-2ubuntu3.19 libcurl3-nss 7.58.0-2ubuntu3.19 libcurl4 7.58.0-2ubuntu3.19
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: OpenShift Virtualization 4.12.0 Images security update Advisory ID: RHSA-2023:0408-01 Product: cnv Advisory URL: https://access.redhat.com/errata/RHSA-2023:0408 Issue date: 2023-01-24 CVE Names: CVE-2015-20107 CVE-2016-3709 CVE-2020-0256 CVE-2020-35525 CVE-2020-35527 CVE-2021-0308 CVE-2021-38561 CVE-2021-44716 CVE-2021-44717 CVE-2022-0391 CVE-2022-0934 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-1705 CVE-2022-1785 CVE-2022-1798 CVE-2022-1897 CVE-2022-1927 CVE-2022-1962 CVE-2022-2068 CVE-2022-2097 CVE-2022-2509 CVE-2022-3515 CVE-2022-3787 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVE-2022-24795 CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-28131 CVE-2022-29526 CVE-2022-30293 CVE-2022-30629 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-30698 CVE-2022-30699 CVE-2022-32148 CVE-2022-32206 CVE-2022-32208 CVE-2022-34903 CVE-2022-37434 CVE-2022-40674 CVE-2022-42898 ==================================================================== 1. Summary:
Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:
Security Fix(es):
-
golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
-
kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
-
golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
-
golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
-
golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
-
golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
-
golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
-
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
-
golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
-
golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
-
golang: syscall: faccessat checks wrong group (CVE-2022-29526)
-
golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
-
golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
-
golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
-
golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
-
golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
-
golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
-
golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
RHEL-8-CNV-4.12
============= bridge-marker-container-v4.12.0-24 cluster-network-addons-operator-container-v4.12.0-24 cnv-containernetworking-plugins-container-v4.12.0-24 cnv-must-gather-container-v4.12.0-58 hco-bundle-registry-container-v4.12.0-769 hostpath-csi-driver-container-v4.12.0-30 hostpath-provisioner-container-v4.12.0-30 hostpath-provisioner-operator-container-v4.12.0-31 hyperconverged-cluster-operator-container-v4.12.0-96 hyperconverged-cluster-webhook-container-v4.12.0-96 kubemacpool-container-v4.12.0-24 kubevirt-console-plugin-container-v4.12.0-182 kubevirt-ssp-operator-container-v4.12.0-64 kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55 kubevirt-tekton-tasks-copy-template-container-v4.12.0-55 kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55 kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55 kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55 kubevirt-tekton-tasks-operator-container-v4.12.0-40 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55 kubevirt-template-validator-container-v4.12.0-32 libguestfs-tools-container-v4.12.0-255 ovs-cni-marker-container-v4.12.0-24 ovs-cni-plugin-container-v4.12.0-24 virt-api-container-v4.12.0-255 virt-artifacts-server-container-v4.12.0-255 virt-cdi-apiserver-container-v4.12.0-72 virt-cdi-cloner-container-v4.12.0-72 virt-cdi-controller-container-v4.12.0-72 virt-cdi-importer-container-v4.12.0-72 virt-cdi-operator-container-v4.12.0-72 virt-cdi-uploadproxy-container-v4.12.0-71 virt-cdi-uploadserver-container-v4.12.0-72 virt-controller-container-v4.12.0-255 virt-exportproxy-container-v4.12.0-255 virt-exportserver-container-v4.12.0-255 virt-handler-container-v4.12.0-255 virt-launcher-container-v4.12.0-255 virt-operator-container-v4.12.0-255 virtio-win-container-v4.12.0-10 vm-network-latency-checkup-container-v4.12.0-89
- Solution:
Before applying this update, you must apply all previously released errata relevant to your system.
To apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1719190 - Unable to cancel live-migration if virt-launcher pod in pending state
2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume
2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
2040377 - Unable to delete failed VMIM after VM deleted
2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed
2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value
2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements
2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
2060499 - [RFE] Cannot add additional service (or other objects) to VM template
2069098 - Large scale |VMs migration is slow due to low migration parallelism
2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass
2071491 - Storage Throughput metrics are incorrect in Overview
2072797 - Metrics in Virtualization -> Overview period is not clear or configurable
2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers
2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering
2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group
2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode
2086551 - Min CPU feature found in labels
2087724 - Default template show no boot source even there are auto-upload boot sources
2088129 - [SSP] webhook does not comply with restricted security context
2088464 - [CDI] cdi-deployment does not comply with restricted security context
2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR
2089744 - HCO should label its control plane namespace to admit pods at privileged security level
2089751 - 4.12.0 containers
2089804 - 4.12.0 rpms
2091856 - ?Edit BootSource? action should have more explicit information when disabled
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer
2093771 - The disk source should be PVC if the template has no auto-update boot source
2093996 - kubectl get vmi API should always return primary interface if exist
2094202 - Cloud-init username field should have hint
2096285 - KubeVirt CR API documentation is missing docs for many fields
2096780 - [RFE] Add ssh-key and sysprep to template scripts tab
2097436 - Online disk expansion ignores filesystem overhead change
2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP
2099556 - [RFE] Add option to enable RDP service for windows vm
2099573 - [RFE] Improve template's message about not editable
2099923 - [RFE] Merge "SSH access" and "SSH command" into one
2100290 - Error is not dismissed on catalog review page
2100436 - VM list filtering ignores VMs in error-states
2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
2100629 - Update nested support KBASE article
2100679 - The number of hardware devices is not correct in vm overview tab
2100682 - All hardware devices get deleted while just delete one
2100684 - Workload profile are not editable during creation and after creation
2101144 - VM filter has two "Other" checkboxes which are triggered together
2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode
2101167 - Edit buttons clickable area is too large.
2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id
2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state
2101390 - Easy to miss the "tick" when adding GPU device to vm via UI
2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id
2101423 - wrong user name on using ignition
2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page
2101445 - "Pending changes - Boot Order"
2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user
2101499 - Cannot add NIC to VM template as non-priv user
2101501 - NAME parameter in VM template has no effect.
2101628 - non-priv user cannot load dataSource while edit template's rootdisk
2101667 - VMI view is not aligned with vm and tempates
2101681 - All templates are labeling "source available" in template list page
2102074 - VM Creation time on VM Overview Details card lacks string
2102125 - vm clone modal is displaying DV size instead of PVC size
2102132 - align the utilization card of single VM overview with the design
2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"?
2102256 - Add button moved to right
2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal
2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other'
2102561 - sysprep-info should link to downstream doc
2102737 - Clone a VM should lead to vm overview tab
2102740 - "Save" button on vm clone modal should be "Clone"
2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab
2103807 - PVC is not named by VM name while creating vm quickly
2103817 - Workload profile values in vm details should align with template's value
2103844 - VM nic model is empty
2104331 - VM list page scroll up automatically
2104402 - VM create button is not enabled while adding multiple environment disks
2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed
2104424 - Enable descheduler or hide it on template's scheduling tab
2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted
2104480 - Alerts in VM overview tab disappeared after a few seconds
2104785 - "Add disk" and "Disks" are on the same line
2104859 - [RFE] Add "Copy SSH command" to VM action list
2105257 - Can't set log verbosity level for virt-operator pod
2106175 - All pages are crashed after visit Virtualization -> Overview
2106963 - Cannot add configmap for windows VM
2107279 - VM Template's bootable disk can be marked as bootable
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse functions
2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
2108339 - datasource does not provide timestamp when updated
2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed
2109818 - Upstream metrics documentation is not detailed enough
2109975 - DataVolume fails to import "cirros-container-disk-demo" image
2110256 - Storage -> PVC -> upload data, does not support source reference
2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls
2111240 - GiB changes to B in Template's Edit boot source reference modal
2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics
2111328 - kubevirt plugin console crashed after visit vmi page
2111378 - VM SSH command generated by UI points at api VIP
2111744 - Cloned template should not label app.kubernetes.io/name: common-templates
2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi)
2112900 - button style are different
2114516 - Nothing happens after clicking on Fedora cloud image list link
2114636 - The style of displayed items are not unified on VM tabs
2114683 - VM overview tab is crashed just after the vm is created
2115257 - Need to Change system-product-name to "OpenShift Virtualization" in CNV-4.12
2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass
2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items
2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates
2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF'
2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found"
2117549 - Cannot edit cloud-init data after add ssh key
2117803 - Cannot edit ssh even vm is stopped
2117813 - Improve descriptive text of VM details while VM is off
2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs
2118257 - outdated doc link tolerations modal
2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format
2119069 - Unable to start windows VMs on PSI setups
2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24
2119309 - readinessProbe in VM stays on failed
2119615 - Change the disk size causes the unit changed
2120907 - Cannot filter disks by label
2121320 - Negative values in migration metrics
2122236 - Failing to delete HCO with SSP sticking around
2122990 - VMExport should check APIGroup
2124147 - "ReadOnlyMany" should not be added to supported values in memory dump
2124307 - Ui crash/stuck on loading when trying to detach disk on a VM
2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it
2124555 - View documentation link on MigrationPolicies page des not work
2124557 - MigrationPolicy description is not displayed on Details page
2124558 - Non-privileged user can start MigrationPolicy creation
2124565 - Deleted DataSource reappears in list
2124572 - First annotation can not be added to DataSource
2124582 - Filtering VMs by OS does not work
2124594 - Docker URL validation is inconsistent over application
2124597 - Wrong case in Create DataSource menu
2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile
2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state
2127787 - Expose the PVC source of the dataSource on UI
2127843 - UI crashed by selecting "Live migration network"
2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes
2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer
2128002 - Error after VM template deletion
2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards
2128872 - [4.11]Can't restore cloned VM
2128948 - Cannot create DataSource from default YAML
2128949 - Cannot create MigrationPolicy from example YAML
2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24
2129013 - Mark Windows 11 as TechPreview
2129234 - Service is not deleted along with the VM when the VM is created from a template with service
2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data'
2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook
2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV
2130588 - crypto-policy : Common Ciphers support by apiserver and hco
2130695 - crypto-policy : Logging Improvement and publish the source of ciphers
2130909 - Non-privileged user can start DataSource creation
2131157 - KV data transfer rate chart in VM Metrics tab is not displayed
2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough
2131674 - Bump virtlogd memory requirement to 20Mi
2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11
2132682 - Default YAML entity name convention.
2132721 - Delete dialogs
2132744 - Description text is missing in Live Migrations section
2132746 - Background is broken in Virtualization Monitoring page
2132783 - VM can not be created from Template with edited boot source
2132793 - Edited Template BSR is not saved
2132932 - Typo in PVC size units menu
2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed
2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed
2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed
2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed
2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed
2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed
2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed
2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed
2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod
2134672 - [e2e] add data-test-id for catalog -> storage section
2134825 - Authorization for expand-spec endpoint missing
2135805 - Windows 2022 template is missing vTPM and UEFI params in spec
2136051 - Name jumping when trying to create a VM with source from catalog
2136425 - Windows 11 is detected as Windows 10
2136534 - Not possible to specify a TTL on VMExports
2137123 - VMExport: export pod is not PSA complaint
2137241 - Checkbox about delete vm disks is not loaded while deleting VM
2137243 - registery input add docker prefix twice
2137349 - "Manage source" action infinitely loading on DataImportCron details page
2137591 - Inconsistent dialog headings/titles
2137731 - Link of VM status in overview is not working
2137733 - No link for VMs in error status in "VirtualMachine statuses" card
2137736 - The column name "MigrationPolicy name" can just be "Name"
2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly
2138112 - Unsupported S3 endpoint option in Add disk modal
2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals
2138199 - Win11 and Win22 templates are not filtered properly by Template provider
2138653 - Saving Template prameters reloads the page
2138657 - Setting DATA_SOURCE_ Template parameters makes VM creation fail
2138664 - VM that was created with SSH key fails to start
2139257 - Cannot add disk via "Using an existing PVC"
2139260 - Clone button is disabled while VM is running
2139293 - Non-admin user cannot load VM list page
2139296 - Non-admin cannot load MigrationPolicies page
2139299 - No auto-generated VM name while creating VM by non-admin user
2139306 - Non-admin cannot create VM via customize mode
2139479 - virtualization overview crashes for non-priv user
2139574 - VM name gets "emptyname" if click the create button quickly
2139651 - non-priv user can click create when have no permissions
2139687 - catalog shows template list for non-priv users
2139738 - [4.12]Can't restore cloned VM
2139820 - non-priv user cant reach vm details
2140117 - Provide upgrade path from 4.11.1->4.12.0
2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project
2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user
2140627 - Not able to select storageClass if there is no default storageclass defined
2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user
2140808 - Hyperv feature set to "enabled: false" prevents scheduling
2140977 - Alerts number is not correct on Virtualization overview
2140982 - The base template of cloned template is "Not available"
2140998 - Incorrect information shows in overview page per namespace
2141089 - Unable to upload boot images.
2141302 - Unhealthy states alerts and state metrics are missing
2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations
2141494 - "Start in pause mode" option is not available while creating the VM
2141654 - warning log appearing on VMs: found no SR-IOV networks
2141711 - Node column selector is redundant for non-priv user
2142468 - VM action "Stop" should not be disabled when VM in pause state
2142470 - Delete a VM or template from all projects leads to 404 error
2142511 - Enhance alerts card in overview
2142647 - Error after MigrationPolicy deletion
2142891 - VM latency checkup: Failed to create the checkup's Job
2142929 - Permission denied when try get instancestypes
2143268 - Topolvm storageProfile missing accessModes and volumeMode
2143498 - Could not load template while creating VM from catalog
2143964 - Could not load template while creating VM from catalog
2144580 - "?" icon is too big in VM Template Disk tab
2144828 - "?" icon is too big in VM Template Disk tab
2144839 - Alerts number is not correct on Virtualization overview
2153849 - After upgrade to 4.11.1->4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten
2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container
- References:
https://access.redhat.com/security/cve/CVE-2015-20107 https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2020-0256 https://access.redhat.com/security/cve/CVE-2020-35525 https://access.redhat.com/security/cve/CVE-2020-35527 https://access.redhat.com/security/cve/CVE-2021-0308 https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2022-0391 https://access.redhat.com/security/cve/CVE-2022-0934 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1705 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1798 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-1962 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-3787 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-23772 https://access.redhat.com/security/cve/CVE-2022-23773 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24795 https://access.redhat.com/security/cve/CVE-2022-25308 https://access.redhat.com/security/cve/CVE-2022-25309 https://access.redhat.com/security/cve/CVE-2022-25310 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-27404 https://access.redhat.com/security/cve/CVE-2022-27405 https://access.redhat.com/security/cve/CVE-2022-27406 https://access.redhat.com/security/cve/CVE-2022-28131 https://access.redhat.com/security/cve/CVE-2022-29526 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-30629 https://access.redhat.com/security/cve/CVE-2022-30630 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-30632 https://access.redhat.com/security/cve/CVE-2022-30633 https://access.redhat.com/security/cve/CVE-2022-30635 https://access.redhat.com/security/cve/CVE-2022-30698 https://access.redhat.com/security/cve/CVE-2022-30699 https://access.redhat.com/security/cve/CVE-2022-32148 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBY9FaIdzjgjWX9erEAQg3yQ/+IUc6v2m0ZjFWE+HcpaZSLK5EL2ddBtGH ipDVyXLh7uSxGXJEaaZ1bBnvS5pjP5u7xxkmHh/kOuD4U+DDNVdDrmfFvk7XwhlK xIgzHsJp82VTyvbALTJIBsBCaUnY1mepfIqk+yFgU3dW4QX2CcRN+y6RdtR/24Iv cV4DNZ2QgDoQZOpwNfoHFwOOwRbwQNOSJpoGY0ToMHOztpRax84mTmqkLpaiiQPH 3+DlfCuGo6jzFSbluZnELZGuwJHdl6rUfQUasT4H1YD2pT4cKI4Gg12rL2lvzz4s xfP2cLvykDqtINIZXy+NMteuI4cw5nrxZCfDpOBFnWfZ5cP5B/QeJG8J6wIr1ssb OWGAJNYGd+6yUdNgVjRO1u5iLPVN5zN0r9wlg/Kgm6IBWRzDP7b1Gqh2mmDWTbln moRHYxFdLuXX/ciJYRBlyLhkQJcz+r4HfkkzXuc/B0TG8/HSTShYDxWeFIIg9ALy xIuXAkdyZ8FyPavYzLvyENLqYiSD1z/76uRKuUWK+oWKclAsEFDXQm+VSv5zCh7x eOIFkWqJ449V4Z0VrSUvQw8AHcEzetUYd73pLYnBI/naHI4l1s8/21rPHu0LhAPs RvwsGL6jyJ/mDQvvjz4iOQq3pnYCI096Tzm8kaD4qQhBVtQVoUN41kZRQjPVQn94 5HLmWeHmkTg=Nw07 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Solution:
For multicluster engine for Kubernetes, see the following documentation for details on how to install the images:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/multicluster_engine/index#installing-while-connected-online
- Description:
Openshift Logging Bug Fix Release (5.3.12)
Security Fix(es):
- golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1961",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "bootstrap os",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "element software",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "curl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.84.0"
},
{
"model": "curl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.16.4"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "bootstrap os",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "hci management node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "h300s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "curl",
"scope": null,
"trust": 0.8,
"vendor": "haxx",
"version": null
},
{
"model": "element software",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015069"
},
{
"db": "NVD",
"id": "CVE-2022-32208"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "169435"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "170741"
},
{
"db": "PACKETSTORM",
"id": "168347"
},
{
"db": "PACKETSTORM",
"id": "168503"
}
],
"trust": 0.5
},
"cve": "CVE-2022-32208",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-32208",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-424135",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-32208",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-32208",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-32208",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-32208",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULHUB",
"id": "VHN-424135",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424135"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015069"
},
{
"db": "NVD",
"id": "CVE-2022-32208"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. curl Exists in an out-of-bounds write vulnerability.Information may be obtained. (CVE-2022-32207). Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.12 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity fix:\n\n* CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\nBug fixes:\n\n* Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856)\n\n* RHACM 2.3.12 images (BZ# 2101411)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation\n2101411 - RHACM 2.3.12 images\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n5. ==========================================================================\nUbuntu Security Notice USN-5495-1\nJune 27, 2022\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nHarry Sintonen discovered that curl incorrectly handled certain cookies. \nAn attacker could possibly use this issue to cause a denial of service. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)\n\nHarry Sintonen discovered that curl incorrectly handled certain HTTP compressions. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-32206)\n\nHarry Sintonen incorrectly handled certain file permissions. \nAn attacker could possibly use this issue to expose sensitive information. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)\n\nHarry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. \nAn attacker could possibly use this to perform a machine-in-the-diddle attack. \n(CVE-2022-32208)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n curl 7.81.0-1ubuntu1.3\n libcurl3-gnutls 7.81.0-1ubuntu1.3\n libcurl3-nss 7.81.0-1ubuntu1.3\n libcurl4 7.81.0-1ubuntu1.3\n\nUbuntu 21.10:\n curl 7.74.0-1.3ubuntu2.3\n libcurl3-gnutls 7.74.0-1.3ubuntu2.3\n libcurl3-nss 7.74.0-1.3ubuntu2.3\n libcurl4 7.74.0-1.3ubuntu2.3\n\nUbuntu 20.04 LTS:\n curl 7.68.0-1ubuntu2.12\n libcurl3-gnutls 7.68.0-1ubuntu2.12\n libcurl3-nss 7.68.0-1ubuntu2.12\n libcurl4 7.68.0-1ubuntu2.12\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.19\n libcurl3-gnutls 7.58.0-2ubuntu3.19\n libcurl3-nss 7.58.0-2ubuntu3.19\n libcurl4 7.58.0-2ubuntu3.19\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: OpenShift Virtualization 4.12.0 Images security update\nAdvisory ID: RHSA-2023:0408-01\nProduct: cnv\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:0408\nIssue date: 2023-01-24\nCVE Names: CVE-2015-20107 CVE-2016-3709 CVE-2020-0256\n CVE-2020-35525 CVE-2020-35527 CVE-2021-0308\n CVE-2021-38561 CVE-2021-44716 CVE-2021-44717\n CVE-2022-0391 CVE-2022-0934 CVE-2022-1292\n CVE-2022-1304 CVE-2022-1586 CVE-2022-1705\n CVE-2022-1785 CVE-2022-1798 CVE-2022-1897\n CVE-2022-1927 CVE-2022-1962 CVE-2022-2068\n CVE-2022-2097 CVE-2022-2509 CVE-2022-3515\n CVE-2022-3787 CVE-2022-22624 CVE-2022-22628\n CVE-2022-22629 CVE-2022-22662 CVE-2022-23772\n CVE-2022-23773 CVE-2022-23806 CVE-2022-24795\n CVE-2022-25308 CVE-2022-25309 CVE-2022-25310\n CVE-2022-26700 CVE-2022-26709 CVE-2022-26710\n CVE-2022-26716 CVE-2022-26717 CVE-2022-26719\n CVE-2022-27404 CVE-2022-27405 CVE-2022-27406\n CVE-2022-28131 CVE-2022-29526 CVE-2022-30293\n CVE-2022-30629 CVE-2022-30630 CVE-2022-30631\n CVE-2022-30632 CVE-2022-30633 CVE-2022-30635\n CVE-2022-30698 CVE-2022-30699 CVE-2022-32148\n CVE-2022-32206 CVE-2022-32208 CVE-2022-34903\n CVE-2022-37434 CVE-2022-40674 CVE-2022-42898\n====================================================================\n1. Summary:\n\nRed Hat OpenShift Virtualization release 4.12 is now available with updates\nto packages and images that fix several bugs and add enhancements. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. This advisory contains the following\nOpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n(CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header\n(CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions\n(CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled\noverflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect\naccess control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field\nelements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit\nX-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add\n(CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nRHEL-8-CNV-4.12\n\n=============\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89\n\n3. Solution:\n\nBefore applying this update, you must apply all previously released errata\nrelevant to your system. \n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1719190 - Unable to cancel live-migration if virt-launcher pod in pending state\n2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040377 - Unable to delete failed VMIM after VM deleted\n2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed\n2052556 - Metric \"kubevirt_num_virt_handlers_by_node_running_virt_launcher\" reporting incorrect value\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2060499 - [RFE] Cannot add additional service (or other objects) to VM template\n2069098 - Large scale |VMs migration is slow due to low migration parallelism\n2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2071491 - Storage Throughput metrics are incorrect in Overview\n2072797 - Metrics in Virtualization -\u003e Overview period is not clear or configurable\n2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers\n2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode\n2086551 - Min CPU feature found in labels\n2087724 - Default template show no boot source even there are auto-upload boot sources\n2088129 - [SSP] webhook does not comply with restricted security context\n2088464 - [CDI] cdi-deployment does not comply with restricted security context\n2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR\n2089744 - HCO should label its control plane namespace to admit pods at privileged security level\n2089751 - 4.12.0 containers\n2089804 - 4.12.0 rpms\n2091856 - ?Edit BootSource? action should have more explicit information when disabled\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer\n2093771 - The disk source should be PVC if the template has no auto-update boot source\n2093996 - kubectl get vmi API should always return primary interface if exist\n2094202 - Cloud-init username field should have hint\n2096285 - KubeVirt CR API documentation is missing docs for many fields\n2096780 - [RFE] Add ssh-key and sysprep to template scripts tab\n2097436 - Online disk expansion ignores filesystem overhead change\n2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2099556 - [RFE] Add option to enable RDP service for windows vm\n2099573 - [RFE] Improve template\u0027s message about not editable\n2099923 - [RFE] Merge \"SSH access\" and \"SSH command\" into one\n2100290 - Error is not dismissed on catalog review page\n2100436 - VM list filtering ignores VMs in error-states\n2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2100629 - Update nested support KBASE article\n2100679 - The number of hardware devices is not correct in vm overview tab\n2100682 - All hardware devices get deleted while just delete one\n2100684 - Workload profile are not editable during creation and after creation\n2101144 - VM filter has two \"Other\" checkboxes which are triggered together\n2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2101167 - Edit buttons clickable area is too large. \n2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id\n2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state\n2101390 - Easy to miss the \"tick\" when adding GPU device to vm via UI\n2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id\n2101423 - wrong user name on using ignition\n2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2101445 - \"Pending changes - Boot Order\"\n2101454 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2101499 - Cannot add NIC to VM template as non-priv user\n2101501 - NAME parameter in VM template has no effect. \n2101628 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2101667 - VMI view is not aligned with vm and tempates\n2101681 - All templates are labeling \"source available\" in template list page\n2102074 - VM Creation time on VM Overview Details card lacks string\n2102125 - vm clone modal is displaying DV size instead of PVC size\n2102132 - align the utilization card of single VM overview with the design\n2102138 - Should the word \"new\" be removed from \"Create new VirtualMachine from catalog\"?\n2102256 - Add button moved to right\n2102448 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102475 - Template \u0027vm-template-example\u0027 should be filtered by \u0027Fedora\u0027 rather than \u0027Other\u0027\n2102561 - sysprep-info should link to downstream doc\n2102737 - Clone a VM should lead to vm overview tab\n2102740 - \"Save\" button on vm clone modal should be \"Clone\"\n2103806 - \"404: Not Found\" appears shortly by clicking the PVC link on vm disk tab\n2103807 - PVC is not named by VM name while creating vm quickly\n2103817 - Workload profile values in vm details should align with template\u0027s value\n2103844 - VM nic model is empty\n2104331 - VM list page scroll up automatically\n2104402 - VM create button is not enabled while adding multiple environment disks\n2104422 - Storage status report \"OpenShift Data Foundation is not available\" even the operator is installed\n2104424 - Enable descheduler or hide it on template\u0027s scheduling tab\n2104479 - [4.12] Cloned VM\u0027s snapshot restore fails if the source VM disk is deleted\n2104480 - Alerts in VM overview tab disappeared after a few seconds\n2104785 - \"Add disk\" and \"Disks\" are on the same line\n2104859 - [RFE] Add \"Copy SSH command\" to VM action list\n2105257 - Can\u0027t set log verbosity level for virt-operator pod\n2106175 - All pages are crashed after visit Virtualization -\u003e Overview\n2106963 - Cannot add configmap for windows VM\n2107279 - VM Template\u0027s bootable disk can be marked as bootable\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2108339 - datasource does not provide timestamp when updated\n2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed\n2109818 - Upstream metrics documentation is not detailed enough\n2109975 - DataVolume fails to import \"cirros-container-disk-demo\" image\n2110256 - Storage -\u003e PVC -\u003e upload data, does not support source reference\n2110562 - CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls\n2111240 - GiB changes to B in Template\u0027s Edit boot source reference modal\n2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics\n2111328 - kubevirt plugin console crashed after visit vmi page\n2111378 - VM SSH command generated by UI points at api VIP\n2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates`\n2111794 - the virtlogd process is taking too much RAM! (17468Ki \u003e 17Mi)\n2112900 - button style are different\n2114516 - Nothing happens after clicking on Fedora cloud image list link\n2114636 - The style of displayed items are not unified on VM tabs\n2114683 - VM overview tab is crashed just after the vm is created\n2115257 - Need to Change system-product-name to \"OpenShift Virtualization\" in CNV-4.12\n2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass\n2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items\n2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates\n2116225 - The filter keyword of the related operator \u0027Openshift Data Foundation\u0027 is \u0027OCS\u0027 rather than \u0027ODF\u0027\n2116644 - Importer pod is failing to start with error \"MountVolume.SetUp failed for volume \"cdi-proxy-cert-vol\" : configmap \"custom-ca\" not found\"\n2117549 - Cannot edit cloud-init data after add ssh key\n2117803 - Cannot edit ssh even vm is stopped\n2117813 - Improve descriptive text of VM details while VM is off\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n2118257 - outdated doc link tolerations modal\n2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format\n2119069 - Unable to start windows VMs on PSI setups\n2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2119309 - readinessProbe in VM stays on failed\n2119615 - Change the disk size causes the unit changed\n2120907 - Cannot filter disks by label\n2121320 - Negative values in migration metrics\n2122236 - Failing to delete HCO with SSP sticking around\n2122990 - VMExport should check APIGroup\n2124147 - \"ReadOnlyMany\" should not be added to supported values in memory dump\n2124307 - Ui crash/stuck on loading when trying to detach disk on a VM\n2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it\n2124555 - View documentation link on MigrationPolicies page des not work\n2124557 - MigrationPolicy description is not displayed on Details page\n2124558 - Non-privileged user can start MigrationPolicy creation\n2124565 - Deleted DataSource reappears in list\n2124572 - First annotation can not be added to DataSource\n2124582 - Filtering VMs by OS does not work\n2124594 - Docker URL validation is inconsistent over application\n2124597 - Wrong case in Create DataSource menu\n2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile\n2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state\n2127787 - Expose the PVC source of the dataSource on UI\n2127843 - UI crashed by selecting \"Live migration network\"\n2127931 - Change default time range on Virtualization -\u003e Overview -\u003e Monitoring dashboard to 30 minutes\n2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer\n2128002 - Error after VM template deletion\n2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards\n2128872 - [4.11]Can\u0027t restore cloned VM\n2128948 - Cannot create DataSource from default YAML\n2128949 - Cannot create MigrationPolicy from example YAML\n2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2129013 - Mark Windows 11 as TechPreview\n2129234 - Service is not deleted along with the VM when the VM is created from a template with service\n2129301 - Cloud-init network data don\u0027t wipe out on uncheck checkbox \u0027Add network data\u0027\n2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook\n2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV\n2130588 - crypto-policy : Common Ciphers support by apiserver and hco\n2130695 - crypto-policy : Logging Improvement and publish the source of ciphers\n2130909 - Non-privileged user can start DataSource creation\n2131157 - KV data transfer rate chart in VM Metrics tab is not displayed\n2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough\n2131674 - Bump virtlogd memory requirement to 20Mi\n2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11\n2132682 - Default YAML entity name convention. \n2132721 - Delete dialogs\n2132744 - Description text is missing in Live Migrations section\n2132746 - Background is broken in Virtualization Monitoring page\n2132783 - VM can not be created from Template with edited boot source\n2132793 - Edited Template BSR is not saved\n2132932 - Typo in PVC size units menu\n2133540 - [pod security violation audit] Audit violation in \"cni-plugins\" container should be fixed\n2133541 - [pod security violation audit] Audit violation in \"bridge-marker\" container should be fixed\n2133542 - [pod security violation audit] Audit violation in \"manager\" container should be fixed\n2133543 - [pod security violation audit] Audit violation in \"kube-rbac-proxy\" container should be fixed\n2133655 - [pod security violation audit] Audit violation in \"cdi-operator\" container should be fixed\n2133656 - [4.12][pod security violation audit] Audit violation in \"hostpath-provisioner-operator\" container should be fixed\n2133659 - [pod security violation audit] Audit violation in \"cdi-controller\" container should be fixed\n2133660 - [pod security violation audit] Audit violation in \"cdi-source-update-poller\" container should be fixed\n2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod\n2134672 - [e2e] add data-test-id for catalog -\u003e storage section\n2134825 - Authorization for expand-spec endpoint missing\n2135805 - Windows 2022 template is missing vTPM and UEFI params in spec\n2136051 - Name jumping when trying to create a VM with source from catalog\n2136425 - Windows 11 is detected as Windows 10\n2136534 - Not possible to specify a TTL on VMExports\n2137123 - VMExport: export pod is not PSA complaint\n2137241 - Checkbox about delete vm disks is not loaded while deleting VM\n2137243 - registery input add docker prefix twice\n2137349 - \"Manage source\" action infinitely loading on DataImportCron details page\n2137591 - Inconsistent dialog headings/titles\n2137731 - Link of VM status in overview is not working\n2137733 - No link for VMs in error status in \"VirtualMachine statuses\" card\n2137736 - The column name \"MigrationPolicy name\" can just be \"Name\"\n2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly\n2138112 - Unsupported S3 endpoint option in Add disk modal\n2138119 - \"Customize VirtualMachine\" flow is not user-friendly because settings are split into 2 modals\n2138199 - Win11 and Win22 templates are not filtered properly by Template provider\n2138653 - Saving Template prameters reloads the page\n2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail\n2138664 - VM that was created with SSH key fails to start\n2139257 - Cannot add disk via \"Using an existing PVC\"\n2139260 - Clone button is disabled while VM is running\n2139293 - Non-admin user cannot load VM list page\n2139296 - Non-admin cannot load MigrationPolicies page\n2139299 - No auto-generated VM name while creating VM by non-admin user\n2139306 - Non-admin cannot create VM via customize mode\n2139479 - virtualization overview crashes for non-priv user\n2139574 - VM name gets \"emptyname\" if click the create button quickly\n2139651 - non-priv user can click create when have no permissions\n2139687 - catalog shows template list for non-priv users\n2139738 - [4.12]Can\u0027t restore cloned VM\n2139820 - non-priv user cant reach vm details\n2140117 - Provide upgrade path from 4.11.1-\u003e4.12.0\n2140521 - Click the breadcrumb list about \"VirtualMachines\" goes to undefined project\n2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user\n2140627 - Not able to select storageClass if there is no default storageclass defined\n2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user\n2140808 - Hyperv feature set to \"enabled: false\" prevents scheduling\n2140977 - Alerts number is not correct on Virtualization overview\n2140982 - The base template of cloned template is \"Not available\"\n2140998 - Incorrect information shows in overview page per namespace\n2141089 - Unable to upload boot images. \n2141302 - Unhealthy states alerts and state metrics are missing\n2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations\n2141494 - \"Start in pause mode\" option is not available while creating the VM\n2141654 - warning log appearing on VMs: found no SR-IOV networks\n2141711 - Node column selector is redundant for non-priv user\n2142468 - VM action \"Stop\" should not be disabled when VM in pause state\n2142470 - Delete a VM or template from all projects leads to 404 error\n2142511 - Enhance alerts card in overview\n2142647 - Error after MigrationPolicy deletion\n2142891 - VM latency checkup: Failed to create the checkup\u0027s Job\n2142929 - Permission denied when try get instancestypes\n2143268 - Topolvm storageProfile missing accessModes and volumeMode\n2143498 - Could not load template while creating VM from catalog\n2143964 - Could not load template while creating VM from catalog\n2144580 - \"?\" icon is too big in VM Template Disk tab\n2144828 - \"?\" icon is too big in VM Template Disk tab\n2144839 - Alerts number is not correct on Virtualization overview\n2153849 - After upgrade to 4.11.1-\u003e4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten\n2155757 - Incorrect upstream-version label \"v1.6.0-unstable-410-g09ea881c\" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-20107\nhttps://access.redhat.com/security/cve/CVE-2016-3709\nhttps://access.redhat.com/security/cve/CVE-2020-0256\nhttps://access.redhat.com/security/cve/CVE-2020-35525\nhttps://access.redhat.com/security/cve/CVE-2020-35527\nhttps://access.redhat.com/security/cve/CVE-2021-0308\nhttps://access.redhat.com/security/cve/CVE-2021-38561\nhttps://access.redhat.com/security/cve/CVE-2021-44716\nhttps://access.redhat.com/security/cve/CVE-2021-44717\nhttps://access.redhat.com/security/cve/CVE-2022-0391\nhttps://access.redhat.com/security/cve/CVE-2022-0934\nhttps://access.redhat.com/security/cve/CVE-2022-1292\nhttps://access.redhat.com/security/cve/CVE-2022-1304\nhttps://access.redhat.com/security/cve/CVE-2022-1586\nhttps://access.redhat.com/security/cve/CVE-2022-1705\nhttps://access.redhat.com/security/cve/CVE-2022-1785\nhttps://access.redhat.com/security/cve/CVE-2022-1798\nhttps://access.redhat.com/security/cve/CVE-2022-1897\nhttps://access.redhat.com/security/cve/CVE-2022-1927\nhttps://access.redhat.com/security/cve/CVE-2022-1962\nhttps://access.redhat.com/security/cve/CVE-2022-2068\nhttps://access.redhat.com/security/cve/CVE-2022-2097\nhttps://access.redhat.com/security/cve/CVE-2022-2509\nhttps://access.redhat.com/security/cve/CVE-2022-3515\nhttps://access.redhat.com/security/cve/CVE-2022-3787\nhttps://access.redhat.com/security/cve/CVE-2022-22624\nhttps://access.redhat.com/security/cve/CVE-2022-22628\nhttps://access.redhat.com/security/cve/CVE-2022-22629\nhttps://access.redhat.com/security/cve/CVE-2022-22662\nhttps://access.redhat.com/security/cve/CVE-2022-23772\nhttps://access.redhat.com/security/cve/CVE-2022-23773\nhttps://access.redhat.com/security/cve/CVE-2022-23806\nhttps://access.redhat.com/security/cve/CVE-2022-24795\nhttps://access.redhat.com/security/cve/CVE-2022-25308\nhttps://access.redhat.com/security/cve/CVE-2022-25309\nhttps://access.redhat.com/security/cve/CVE-2022-25310\nhttps://access.redhat.com/security/cve/CVE-2022-26700\nhttps://access.redhat.com/security/cve/CVE-2022-26709\nhttps://access.redhat.com/security/cve/CVE-2022-26710\nhttps://access.redhat.com/security/cve/CVE-2022-26716\nhttps://access.redhat.com/security/cve/CVE-2022-26717\nhttps://access.redhat.com/security/cve/CVE-2022-26719\nhttps://access.redhat.com/security/cve/CVE-2022-27404\nhttps://access.redhat.com/security/cve/CVE-2022-27405\nhttps://access.redhat.com/security/cve/CVE-2022-27406\nhttps://access.redhat.com/security/cve/CVE-2022-28131\nhttps://access.redhat.com/security/cve/CVE-2022-29526\nhttps://access.redhat.com/security/cve/CVE-2022-30293\nhttps://access.redhat.com/security/cve/CVE-2022-30629\nhttps://access.redhat.com/security/cve/CVE-2022-30630\nhttps://access.redhat.com/security/cve/CVE-2022-30631\nhttps://access.redhat.com/security/cve/CVE-2022-30632\nhttps://access.redhat.com/security/cve/CVE-2022-30633\nhttps://access.redhat.com/security/cve/CVE-2022-30635\nhttps://access.redhat.com/security/cve/CVE-2022-30698\nhttps://access.redhat.com/security/cve/CVE-2022-30699\nhttps://access.redhat.com/security/cve/CVE-2022-32148\nhttps://access.redhat.com/security/cve/CVE-2022-32206\nhttps://access.redhat.com/security/cve/CVE-2022-32208\nhttps://access.redhat.com/security/cve/CVE-2022-34903\nhttps://access.redhat.com/security/cve/CVE-2022-37434\nhttps://access.redhat.com/security/cve/CVE-2022-40674\nhttps://access.redhat.com/security/cve/CVE-2022-42898\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY9FaIdzjgjWX9erEAQg3yQ/+IUc6v2m0ZjFWE+HcpaZSLK5EL2ddBtGH\nipDVyXLh7uSxGXJEaaZ1bBnvS5pjP5u7xxkmHh/kOuD4U+DDNVdDrmfFvk7XwhlK\nxIgzHsJp82VTyvbALTJIBsBCaUnY1mepfIqk+yFgU3dW4QX2CcRN+y6RdtR/24Iv\ncV4DNZ2QgDoQZOpwNfoHFwOOwRbwQNOSJpoGY0ToMHOztpRax84mTmqkLpaiiQPH\n3+DlfCuGo6jzFSbluZnELZGuwJHdl6rUfQUasT4H1YD2pT4cKI4Gg12rL2lvzz4s\nxfP2cLvykDqtINIZXy+NMteuI4cw5nrxZCfDpOBFnWfZ5cP5B/QeJG8J6wIr1ssb\nOWGAJNYGd+6yUdNgVjRO1u5iLPVN5zN0r9wlg/Kgm6IBWRzDP7b1Gqh2mmDWTbln\nmoRHYxFdLuXX/ciJYRBlyLhkQJcz+r4HfkkzXuc/B0TG8/HSTShYDxWeFIIg9ALy\nxIuXAkdyZ8FyPavYzLvyENLqYiSD1z/76uRKuUWK+oWKclAsEFDXQm+VSv5zCh7x\neOIFkWqJ449V4Z0VrSUvQw8AHcEzetUYd73pLYnBI/naHI4l1s8/21rPHu0LhAPs\nRvwsGL6jyJ/mDQvvjz4iOQq3pnYCI096Tzm8kaD4qQhBVtQVoUN41kZRQjPVQn94\n5HLmWeHmkTg=Nw07\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. After the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy. Solution:\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/multicluster_engine/index#installing-while-connected-online\n\n4. Description:\n\nOpenshift Logging Bug Fix Release (5.3.12)\n\nSecurity Fix(es):\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32208"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015069"
},
{
"db": "VULHUB",
"id": "VHN-424135"
},
{
"db": "VULMON",
"id": "CVE-2022-32208"
},
{
"db": "PACKETSTORM",
"id": "169435"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "170741"
},
{
"db": "PACKETSTORM",
"id": "168347"
},
{
"db": "PACKETSTORM",
"id": "168503"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-32208",
"trust": 3.4
},
{
"db": "HACKERONE",
"id": "1590071",
"trust": 1.9
},
{
"db": "JVN",
"id": "JVNVU99752892",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99464755",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94715153",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-103-09",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-166-12",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-075-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015069",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168503",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167607",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168347",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168284",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168275",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167661",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168289",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168174",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168378",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168158",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168301",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-424135",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-32208",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169435",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168213",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170741",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424135"
},
{
"db": "VULMON",
"id": "CVE-2022-32208"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015069"
},
{
"db": "PACKETSTORM",
"id": "169435"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "170741"
},
{
"db": "PACKETSTORM",
"id": "168347"
},
{
"db": "PACKETSTORM",
"id": "168503"
},
{
"db": "NVD",
"id": "CVE-2022-32208"
}
]
},
"id": "VAR-202206-1961",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-424135"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T22:36:04.578000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"title": "Ubuntu Security Notice: USN-5499-1: curl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5499-1"
},
{
"title": "Ubuntu Security Notice: USN-5495-1: curl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5495-1"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-32208"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32208"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015069"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-840",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424135"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015069"
},
{
"db": "NVD",
"id": "CVE-2022-32208"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://hackerone.com/reports/1590071"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99752892"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94715153"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99464755"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-01"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-09"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-12"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-32208"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-32206"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-1586"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-2097"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-1897"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-34903"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-1927"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-1785"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0391"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-20107"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-29154"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5495-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21123"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21166"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21125"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2526"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-30631"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5499-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7055"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1650"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1650"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1729"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32250"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22576"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1966"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1966"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27774"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-40528"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0408"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27406"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30293"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23772"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28131"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38561"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22662"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29526"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0256"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30633"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23773"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1962"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30635"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2509"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3787"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26709"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26700"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27405"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25309"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30699"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25310"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32148"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1798"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22628"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-37434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6422"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-36067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/multicluster_engine/index#installing-while-connected-online"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-36067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21166"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21123"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6560"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424135"
},
{
"db": "VULMON",
"id": "CVE-2022-32208"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015069"
},
{
"db": "PACKETSTORM",
"id": "169435"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "170741"
},
{
"db": "PACKETSTORM",
"id": "168347"
},
{
"db": "PACKETSTORM",
"id": "168503"
},
{
"db": "NVD",
"id": "CVE-2022-32208"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-424135"
},
{
"db": "VULMON",
"id": "CVE-2022-32208"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015069"
},
{
"db": "PACKETSTORM",
"id": "169435"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "170741"
},
{
"db": "PACKETSTORM",
"id": "168347"
},
{
"db": "PACKETSTORM",
"id": "168503"
},
{
"db": "NVD",
"id": "CVE-2022-32208"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-424135"
},
{
"date": "2023-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-015069"
},
{
"date": "2022-10-20T14:19:18",
"db": "PACKETSTORM",
"id": "169435"
},
{
"date": "2022-09-01T16:30:25",
"db": "PACKETSTORM",
"id": "168213"
},
{
"date": "2022-06-28T15:26:16",
"db": "PACKETSTORM",
"id": "167607"
},
{
"date": "2023-01-26T15:29:09",
"db": "PACKETSTORM",
"id": "170741"
},
{
"date": "2022-09-13T15:29:12",
"db": "PACKETSTORM",
"id": "168347"
},
{
"date": "2022-09-26T15:37:32",
"db": "PACKETSTORM",
"id": "168503"
},
{
"date": "2022-07-07T13:15:08.467000",
"db": "NVD",
"id": "CVE-2022-32208"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-424135"
},
{
"date": "2023-09-25T03:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-015069"
},
{
"date": "2024-03-27T15:00:41.657000",
"db": "NVD",
"id": "CVE-2022-32208"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015069"
}
],
"trust": 0.8
}
}
var-202004-0243
Vulnerability from variot
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. The read-write unlock paths don't contain a memory barrier. On Arm, this means a processor is allowed to re-order the memory access with the preceding ones. In other words, the unlock may be seen by another processor before all the memory accesses within the "critical" section. As a consequence, it may be possible to have a writer executing a critical section at the same time as readers or another writer. In other words, many of the assumptions (e.g., a variable cannot be modified after a check) in the critical sections are not safe anymore. The read-write locks are used in hypercalls (such as grant-table ones), so a malicious guest could exploit the race. For instance, there is a small window where Xen can leak memory if XENMAPSPACE_grant_table is used concurrently. A malicious guest may be able to leak memory, or cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded. Xen Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Xen is an open source virtual machine monitor product from the University of Cambridge. The product enables different and incompatible operating systems to run on the same computer and supports migration during runtime to ensure normal operation and avoid downtime.
There is a security vulnerability in Xen 4.13.x and previous versions. An attacker could use this vulnerability to cause a denial of service, possibly obtaining sensitive information or elevating permissions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202005-08
https://security.gentoo.org/
Severity: Normal Title: Xen: Multiple vulnerabilities Date: May 14, 2020 Bugs: #717446 ID: 202005-08
Synopsis
Multiple vulnerabilities have been found in Xen, the worst of which could allow privilege escalation.
Background
Xen is a bare-metal hypervisor.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-emulation/xen < 4.12.2-r2 >= 4.12.2-r2 2 app-emulation/xen-tools < 4.12.2-r2 >= 4.12.2-r2 ------------------------------------------------------------------- 2 affected packages
Description
Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Xen users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.12.2-r2"
References
[ 1 ] CVE-2020-11739 https://nvd.nist.gov/vuln/detail/CVE-2020-11739 [ 2 ] CVE-2020-11740 https://nvd.nist.gov/vuln/detail/CVE-2020-11740 [ 3 ] CVE-2020-11741 https://nvd.nist.gov/vuln/detail/CVE-2020-11741 [ 4 ] CVE-2020-11742 https://nvd.nist.gov/vuln/detail/CVE-2020-11742 [ 5 ] CVE-2020-11743 https://nvd.nist.gov/vuln/detail/CVE-2020-11743
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202005-08
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 .
For the stable distribution (buster), these problems have been fixed in version 4.11.4+24-gddaaccbbab-1~deb10u1.
We recommend that you upgrade your xen packages.
For the detailed security status of xen please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xen
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8Lc/AACgkQEMKTtsN8 TjaMdxAAqGcAm1NI7JRg7LQprevLCPkxPItZapx3n/q/W6HwiGQxC6KP9Ntp3ArR QiIeIPzTWVMHcaahlgkLePaFPU3MCe5TkL0GKG1JIAD8JieKBSrAWJ6tqTiZx+G+ anbksp/I9Mq9nciMlnPXeOVQgksoCB0tFYC2Ld+H7btZdD5G4KpJsz25c0S5poxW sIXLgNXIzmZcI8mVzUlt+w0FG3tnolr/kJppHBkgC46riVcy8LHRaRQiVTjwqjSn Eop4oXxLDZ/qH8k+0JAZLtBPpc9PfQcLxCJnhH8z76QdPPkcJuNFx5zRXqr1dZfG AkRuG6LZa2tRGYzKZmo7BMj5dUei4xhDHLAoWGhSHkTmYtdc1Kyy4+duGPEChSCm fCSC1FhFJFK30iq918cunWtjhRrEqrJr10HuC+YlSXfqrv1Z12fPw3UPRJmdG2Dv UPS5vT8/NwF0osNrvNE+rkhYXTEKECE756pP3jTV4+BBBgf9DLtbV0EvYq1YWlJw iT+KnzX9iW/jJg3bC32+UJlVv7IAkb8F9hcK3wKpvgSUVJIDWN352rfW7p8/xZoj 7eIlmZwDPKWsyMlbt2OsyYQFQlBvNsk0+7ycu9hG6fBaF5ATSxTO+A43Q7OxorP9 g8OhDVMgrx5GM4rXSZ60J6uxkd2eUns4Ud8pDGG8XTpnRBxD8Kk= =tfm7 -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-5617-1 September 19, 2022
xen vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Xen.
Software Description: - xen: Public headers and libs for Xen
Details:
It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. (CVE-2020-0543)
Julien Grall discovered that Xen incorrectly handled memory barriers on ARM-based systems. (CVE-2020-11739)
Ilja Van Sprundel discovered that Xen incorrectly handled profiling of guests. (CVE-2020-11740, CVE-2020-11741)
It was discovered that Xen incorrectly handled grant tables. (CVE-2020-11742, CVE-2020-11743)
Jan Beulich discovered that Xen incorrectly handled certain code paths. (CVE-2020-15563)
Julien Grall discovered that Xen incorrectly verified memory addresses provided by the guest on ARM-based systems. (CVE-2020-15564)
Roger Pau Monn\xe9 discovered that Xen incorrectly handled caching on x86 Intel systems. (CVE-2020-15565)
It was discovered that Xen incorrectly handled error in event-channel port allocation. (CVE-2020-15566)
Jan Beulich discovered that Xen incorrectly handled certain EPT (Extended Page Tables). (CVE-2020-15567)
Andrew Cooper discovered that Xen incorrectly handled PCI passthrough. (CVE-2020-25595)
Andrew Cooper discovered that Xen incorrectly sanitized path injections. (CVE-2020-25596)
Jan Beulich discovered that Xen incorrectly handled validation of event channels. (CVE-2020-25597)
Julien Grall and Jan Beulich discovered that Xen incorrectly handled resetting event channels. (CVE-2020-25599)
Julien Grall discovered that Xen incorrectly handled event channels memory allocation on 32-bits domains. (CVE-2020-25600)
Jan Beulich discovered that Xen incorrectly handled resetting or cleaning up event channels. (CVE-2020-25601)
Andrew Cooper discovered that Xen incorrectly handled certain Intel specific MSR (Model Specific Registers). (CVE-2020-25602)
Julien Grall discovered that Xen incorrectly handled accessing/allocating event channels. (CVE-2020-25603)
Igor Druzhinin discovered that Xen incorrectly handled locks. (CVE-2020-25604)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: libxendevicemodel1 4.11.3+24-g14b62ab3e5-1ubuntu2.3 libxenevtchn1 4.11.3+24-g14b62ab3e5-1ubuntu2.3 libxengnttab1 4.11.3+24-g14b62ab3e5-1ubuntu2.3 libxenmisc4.11 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xen-hypervisor-4.11-amd64 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xen-hypervisor-4.11-arm64 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xen-hypervisor-4.11-armhf 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xen-utils-4.11 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xen-utils-common 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xenstore-utils 4.11.3+24-g14b62ab3e5-1ubuntu2.3
After a standard system update you need to reboot your computer to make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5617-1 CVE-2020-0543, CVE-2020-11739, CVE-2020-11740, CVE-2020-11741, CVE-2020-11742, CVE-2020-11743, CVE-2020-15563, CVE-2020-15564, CVE-2020-15565, CVE-2020-15566, CVE-2020-15567, CVE-2020-25595, CVE-2020-25596, CVE-2020-25597, CVE-2020-25599, CVE-2020-25600, CVE-2020-25601, CVE-2020-25602, CVE-2020-25603, CVE-2020-25604
Package Information: https://launchpad.net/ubuntu/+source/xen/4.11.3+24-g14b62ab3e5-1ubuntu2.3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0243",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xen",
"scope": "lte",
"trust": 1.0,
"vendor": "xen",
"version": "4.13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "xen",
"scope": "eq",
"trust": 1.0,
"vendor": "xen",
"version": "4.13.0"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "xen",
"scope": null,
"trust": 0.8,
"vendor": "xen",
"version": null
},
{
"model": "xen",
"scope": "lte",
"trust": 0.6,
"vendor": "xen",
"version": "\u003c=4.13.x"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25869"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004778"
},
{
"db": "NVD",
"id": "CVE-2020-11739"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:xen:xen",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004778"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "157721"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-656"
}
],
"trust": 0.7
},
"cve": "CVE-2020-11739",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2020-11739",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-004778",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-25869",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.1,
"id": "CVE-2020-11739",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004778",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-11739",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-004778",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-25869",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-656",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-11739",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25869"
},
{
"db": "VULMON",
"id": "CVE-2020-11739"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004778"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-656"
},
{
"db": "NVD",
"id": "CVE-2020-11739"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. The read-write unlock paths don\u0027t contain a memory barrier. On Arm, this means a processor is allowed to re-order the memory access with the preceding ones. In other words, the unlock may be seen by another processor before all the memory accesses within the \"critical\" section. As a consequence, it may be possible to have a writer executing a critical section at the same time as readers or another writer. In other words, many of the assumptions (e.g., a variable cannot be modified after a check) in the critical sections are not safe anymore. The read-write locks are used in hypercalls (such as grant-table ones), so a malicious guest could exploit the race. For instance, there is a small window where Xen can leak memory if XENMAPSPACE_grant_table is used concurrently. A malicious guest may be able to leak memory, or cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded. Xen Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Xen is an open source virtual machine monitor product from the University of Cambridge. The product enables different and incompatible operating systems to run on the same computer and supports migration during runtime to ensure normal operation and avoid downtime. \n\r\n\r\nThere is a security vulnerability in Xen 4.13.x and previous versions. An attacker could use this vulnerability to cause a denial of service, possibly obtaining sensitive information or elevating permissions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202005-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Xen: Multiple vulnerabilities\n Date: May 14, 2020\n Bugs: #717446\n ID: 202005-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Xen, the worst of which\ncould allow privilege escalation. \n\nBackground\n==========\n\nXen is a bare-metal hypervisor. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-emulation/xen \u003c 4.12.2-r2 \u003e= 4.12.2-r2\n 2 app-emulation/xen-tools \u003c 4.12.2-r2 \u003e= 4.12.2-r2\n -------------------------------------------------------------------\n 2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Xen. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Xen users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-emulation/xen-4.12.2-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-11739\n https://nvd.nist.gov/vuln/detail/CVE-2020-11739\n[ 2 ] CVE-2020-11740\n https://nvd.nist.gov/vuln/detail/CVE-2020-11740\n[ 3 ] CVE-2020-11741\n https://nvd.nist.gov/vuln/detail/CVE-2020-11741\n[ 4 ] CVE-2020-11742\n https://nvd.nist.gov/vuln/detail/CVE-2020-11742\n[ 5 ] CVE-2020-11743\n https://nvd.nist.gov/vuln/detail/CVE-2020-11743\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202005-08\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n \nFor the stable distribution (buster), these problems have been fixed in\nversion 4.11.4+24-gddaaccbbab-1~deb10u1. \n\nWe recommend that you upgrade your xen packages. \n\nFor the detailed security status of xen please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/xen\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8Lc/AACgkQEMKTtsN8\nTjaMdxAAqGcAm1NI7JRg7LQprevLCPkxPItZapx3n/q/W6HwiGQxC6KP9Ntp3ArR\nQiIeIPzTWVMHcaahlgkLePaFPU3MCe5TkL0GKG1JIAD8JieKBSrAWJ6tqTiZx+G+\nanbksp/I9Mq9nciMlnPXeOVQgksoCB0tFYC2Ld+H7btZdD5G4KpJsz25c0S5poxW\nsIXLgNXIzmZcI8mVzUlt+w0FG3tnolr/kJppHBkgC46riVcy8LHRaRQiVTjwqjSn\nEop4oXxLDZ/qH8k+0JAZLtBPpc9PfQcLxCJnhH8z76QdPPkcJuNFx5zRXqr1dZfG\nAkRuG6LZa2tRGYzKZmo7BMj5dUei4xhDHLAoWGhSHkTmYtdc1Kyy4+duGPEChSCm\nfCSC1FhFJFK30iq918cunWtjhRrEqrJr10HuC+YlSXfqrv1Z12fPw3UPRJmdG2Dv\nUPS5vT8/NwF0osNrvNE+rkhYXTEKECE756pP3jTV4+BBBgf9DLtbV0EvYq1YWlJw\niT+KnzX9iW/jJg3bC32+UJlVv7IAkb8F9hcK3wKpvgSUVJIDWN352rfW7p8/xZoj\n7eIlmZwDPKWsyMlbt2OsyYQFQlBvNsk0+7ycu9hG6fBaF5ATSxTO+A43Q7OxorP9\ng8OhDVMgrx5GM4rXSZ60J6uxkd2eUns4Ud8pDGG8XTpnRBxD8Kk=\n=tfm7\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-5617-1\nSeptember 19, 2022\n\nxen vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Xen. \n\nSoftware Description:\n- xen: Public headers and libs for Xen\n\nDetails:\n\nIt was discovered that memory contents previously stored in\nmicroarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY\nread operations on Intel client and Xeon E3 processors may be briefly\nexposed to processes on the same or different processor cores. (CVE-2020-0543)\n\nJulien Grall discovered that Xen incorrectly handled memory barriers on\nARM-based systems. \n(CVE-2020-11739)\n\nIlja Van Sprundel discovered that Xen incorrectly handled profiling of\nguests. (CVE-2020-11740, CVE-2020-11741)\n\nIt was discovered that Xen incorrectly handled grant tables. \n(CVE-2020-11742, CVE-2020-11743)\n\nJan Beulich discovered that Xen incorrectly handled certain code paths. \n(CVE-2020-15563)\n\nJulien Grall discovered that Xen incorrectly verified memory addresses\nprovided by the guest on ARM-based systems. (CVE-2020-15564)\n\nRoger Pau Monn\\xe9 discovered that Xen incorrectly handled caching on x86 Intel\nsystems. (CVE-2020-15565)\n\nIt was discovered that Xen incorrectly handled error in event-channel port\nallocation. (CVE-2020-15566)\n\nJan Beulich discovered that Xen incorrectly handled certain EPT (Extended\nPage Tables). (CVE-2020-15567)\n\nAndrew Cooper discovered that Xen incorrectly handled PCI passthrough. \n(CVE-2020-25595)\n\nAndrew Cooper discovered that Xen incorrectly sanitized path injections. \n(CVE-2020-25596)\n\nJan Beulich discovered that Xen incorrectly handled validation of event\nchannels. (CVE-2020-25597)\n\nJulien Grall and Jan Beulich discovered that Xen incorrectly handled\nresetting event channels. (CVE-2020-25599)\n\nJulien Grall discovered that Xen incorrectly handled event channels\nmemory allocation on 32-bits domains. (CVE-2020-25600)\n\nJan Beulich discovered that Xen incorrectly handled resetting or cleaning\nup event channels. (CVE-2020-25601)\n\nAndrew Cooper discovered that Xen incorrectly handled certain Intel\nspecific MSR (Model Specific Registers). (CVE-2020-25602)\n\nJulien Grall discovered that Xen incorrectly handled accessing/allocating\nevent channels. \n(CVE-2020-25603)\n\nIgor Druzhinin discovered that Xen incorrectly handled locks. (CVE-2020-25604)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\n libxendevicemodel1 4.11.3+24-g14b62ab3e5-1ubuntu2.3\n libxenevtchn1 4.11.3+24-g14b62ab3e5-1ubuntu2.3\n libxengnttab1 4.11.3+24-g14b62ab3e5-1ubuntu2.3\n libxenmisc4.11 4.11.3+24-g14b62ab3e5-1ubuntu2.3\n xen-hypervisor-4.11-amd64 4.11.3+24-g14b62ab3e5-1ubuntu2.3\n xen-hypervisor-4.11-arm64 4.11.3+24-g14b62ab3e5-1ubuntu2.3\n xen-hypervisor-4.11-armhf 4.11.3+24-g14b62ab3e5-1ubuntu2.3\n xen-utils-4.11 4.11.3+24-g14b62ab3e5-1ubuntu2.3\n xen-utils-common 4.11.3+24-g14b62ab3e5-1ubuntu2.3\n xenstore-utils 4.11.3+24-g14b62ab3e5-1ubuntu2.3\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5617-1\n CVE-2020-0543, CVE-2020-11739, CVE-2020-11740, CVE-2020-11741,\n CVE-2020-11742, CVE-2020-11743, CVE-2020-15563, CVE-2020-15564,\n CVE-2020-15565, CVE-2020-15566, CVE-2020-15567, CVE-2020-25595,\n CVE-2020-25596, CVE-2020-25597, CVE-2020-25599, CVE-2020-25600,\n CVE-2020-25601, CVE-2020-25602, CVE-2020-25603, CVE-2020-25604\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/xen/4.11.3+24-g14b62ab3e5-1ubuntu2.3\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11739"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004778"
},
{
"db": "CNVD",
"id": "CNVD-2020-25869"
},
{
"db": "VULMON",
"id": "CVE-2020-11739"
},
{
"db": "PACKETSTORM",
"id": "157721"
},
{
"db": "PACKETSTORM",
"id": "168871"
},
{
"db": "PACKETSTORM",
"id": "168421"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11739",
"trust": 3.4
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/04/14/2",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004778",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "157721",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168421",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-25869",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1463",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1575",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4642",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2813",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2364",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1317",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-656",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-11739",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168871",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25869"
},
{
"db": "VULMON",
"id": "CVE-2020-11739"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004778"
},
{
"db": "PACKETSTORM",
"id": "157721"
},
{
"db": "PACKETSTORM",
"id": "168871"
},
{
"db": "PACKETSTORM",
"id": "168421"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-656"
},
{
"db": "NVD",
"id": "CVE-2020-11739"
}
]
},
"id": "VAR-202004-0243",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25869"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25869"
}
]
},
"last_update_date": "2024-11-23T20:21:38.235000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2020-295ed0b1e0",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/"
},
{
"title": "FEDORA-2020-cbc3149753",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"
},
{
"title": "FEDORA-2020-440457afe4",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/"
},
{
"title": "XSA-314",
"trust": 0.8,
"url": "https://xenbits.xen.org/xsa/advisory-314.html"
},
{
"title": "Patch for Xen Denial of Service Vulnerability (CNVD-2020-25869)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/216031"
},
{
"title": "Xen Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113686"
},
{
"title": "Debian Security Advisories: DSA-4723-1 xen -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0d177f74e6265e2fdbb8df6fa6c636bf"
},
{
"title": "Ubuntu Security Notice: USN-5617-1: Xen vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5617-1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25869"
},
{
"db": "VULMON",
"id": "CVE-2020-11739"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004778"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-656"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004778"
},
{
"db": "NVD",
"id": "CVE-2020-11739"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://xenbits.xen.org/xsa/advisory-314.html"
},
{
"trust": 2.5,
"url": "http://www.openwall.com/lists/oss-security/2020/04/14/2"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202005-08"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2020/dsa-4723"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"
},
{
"trust": 1.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11739"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5m2xrnchoggtjqbzqj7dcv6znakn3le2/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ymaw7d2mp6re4bfi5bzwobbwgy3vsofn/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nvtp4oyhctru3onfjofjqvndfb25kllg/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11739"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ymaw7d2mp6re4bfi5bzwobbwgy3vsofn/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5m2xrnchoggtjqbzqj7dcv6znakn3le2/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nvtp4oyhctru3onfjofjqvndfb25kllg/"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202234-1"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1317/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168421/ubuntu-security-notice-usn-5617-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2813/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11739"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4642"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/xen-information-disclosure-via-read-write-unlock-paths-32009"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1463/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2364/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1575/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157721/gentoo-linux-security-advisory-202005-08.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11742"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5617-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11743"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11741"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11740"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15564"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15566"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15567"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15563"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15565"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://seclists.org/oss-sec/2020/q2/23"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/xen"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25596"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25601"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25597"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/xen/4.11.3+24-g14b62ab3e5-1ubuntu2.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0543"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-11739"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004778"
},
{
"db": "PACKETSTORM",
"id": "157721"
},
{
"db": "PACKETSTORM",
"id": "168871"
},
{
"db": "PACKETSTORM",
"id": "168421"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-656"
},
{
"db": "NVD",
"id": "CVE-2020-11739"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-25869"
},
{
"db": "VULMON",
"id": "CVE-2020-11739"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004778"
},
{
"db": "PACKETSTORM",
"id": "157721"
},
{
"db": "PACKETSTORM",
"id": "168871"
},
{
"db": "PACKETSTORM",
"id": "168421"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-656"
},
{
"db": "NVD",
"id": "CVE-2020-11739"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-25869"
},
{
"date": "2020-04-14T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11739"
},
{
"date": "2020-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004778"
},
{
"date": "2020-05-15T14:52:42",
"db": "PACKETSTORM",
"id": "157721"
},
{
"date": "2020-07-28T19:12:00",
"db": "PACKETSTORM",
"id": "168871"
},
{
"date": "2022-09-19T18:26:25",
"db": "PACKETSTORM",
"id": "168421"
},
{
"date": "2020-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-656"
},
{
"date": "2020-04-14T13:15:12.703000",
"db": "NVD",
"id": "CVE-2020-11739"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-25869"
},
{
"date": "2022-05-03T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11739"
},
{
"date": "2020-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004778"
},
{
"date": "2022-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-656"
},
{
"date": "2024-11-21T04:58:31.313000",
"db": "NVD",
"id": "CVE-2020-11739"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "168421"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-656"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xen Buffer error vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004778"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "competition condition problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-656"
}
],
"trust": 0.6
}
}
var-202104-0751
Vulnerability from variot
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. plural Apple There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. There is a security vulnerability in Apple iOS. Please keep an eye on CNNVD or manufacturer announcements. A security issue exists in WebKitGTK prior to 2.32.0 and WPE WebKit prior to 2.32.0. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: GNOME security, bug fix, and enhancement update Advisory ID: RHSA-2021:4381-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4381 Issue date: 2021-11-09 CVE Names: CVE-2020-13558 CVE-2020-24870 CVE-2020-27918 CVE-2020-29623 CVE-2020-36241 CVE-2021-1765 CVE-2021-1788 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1844 CVE-2021-1870 CVE-2021-1871 CVE-2021-21775 CVE-2021-21779 CVE-2021-21806 CVE-2021-28650 CVE-2021-30663 CVE-2021-30665 CVE-2021-30682 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799 ==================================================================== 1. Summary:
An update for GNOME is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
GNOME is the default desktop environment of Red Hat Enterprise Linux.
The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
GDM must be restarted for this update to take effect. The GNOME session must be restarted (log out, then log back in) for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time 1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8) 1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop 1813727 - Files copied from NFS4 to Desktop can't be opened 1854679 - [RFE] Disable left edge gesture 1873297 - Gnome-software coredumps when run as root in terminal 1873488 - GTK3 prints errors with overlay scrollbar disabled 1888404 - Updates page hides ongoing updates on refresh 1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3. 1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ... 1904139 - Automatic Logout Feature not working 1905000 - Desktop refresh broken after unlock 1909300 - gdm isn't killing the login screen on login after all, should rebase to latest release 1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot 1924725 - [Wayland] Double-touch desktop icons fails sometimes 1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory 1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp 1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution 1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login 1937416 - Rebase WebKitGTK to 2.32 1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0] 1938937 - Mutter: mouse click doesn't work when using 10-bit graphic monitor [rhel-8.5.0] 1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) 1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution 1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history 1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation 1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution 1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection 1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation 1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution 1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution 1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution 1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution 1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH 1951086 - Disable the Facebook provider 1952136 - Disable the Foursquare provider 1955754 - gnome-session kiosk-session support still isn't up to muster 1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide 1960705 - Vino nonfunctional in FIPS mode 1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V 1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens 1971534 - gnome-shell[2343]: gsignal.c:2642: instance '0x5583c61f9280' has no handler with id '23831' 1972545 - flatpak: Prefer runtime from the same origin as the application 1978287 - gnome-shell to include / Documented - PolicyKit-authentication-agent 1978505 - Gnome Software development package is missing important header files. 1978612 - pt_BR translations for "Register System" panel 1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution 1980661 - "Screen Lock disabled" notification appears on first login after disabling gdm and notification pop-up. 1981420 - Improve style of overview close buttons 1986863 - CVE-2021-21775 webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution 1986866 - CVE-2021-21779 webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution 1986872 - CVE-2021-30663 webkitgtk: Integer overflow leading to arbitrary code execution 1986874 - CVE-2021-30665 webkitgtk: Memory corruption leading to arbitrary code execution 1986879 - CVE-2021-30682 webkitgtk: Logic issue leading to leak of sensitive user information 1986881 - CVE-2021-30689 webkitgtk: Logic issue leading to universal cross site scripting attack 1986883 - CVE-2021-30720 webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers 1986886 - CVE-2021-30734 webkitgtk: Memory corruptions leading to arbitrary code execution 1986888 - CVE-2021-30744 webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack 1986890 - CVE-2021-30749 webkitgtk: Memory corruptions leading to arbitrary code execution 1986892 - CVE-2021-30758 webkitgtk: Type confusion leading to arbitrary code execution 1986900 - CVE-2021-30795 webkitgtk: Use-after-free leading to arbitrary code execution 1986902 - CVE-2021-30797 webkitgtk: Insufficient checks leading to arbitrary code execution 1986906 - CVE-2021-30799 webkitgtk: Memory corruptions leading to arbitrary code execution 1987233 - [RHEL8.5]Login screen shows dots when entering username 1989035 - terminal don't redraw if partially off screen 1998989 - [RHEL8.5] [Hyper-V]Cannot display GUI after installed RHEL8.5 recent build 1999120 - Gnome file manager crashes Xwayland/Desktop on drag/drop of files 2004170 - Unable to login to session via xdmcp
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: LibRaw-0.19.5-3.el8.src.rpm accountsservice-0.6.55-2.el8.src.rpm gdm-40.0-15.el8.src.rpm gnome-autoar-0.2.3-2.el8.src.rpm gnome-calculator-3.28.2-2.el8.src.rpm gnome-control-center-3.28.2-28.el8.src.rpm gnome-online-accounts-3.28.2-3.el8.src.rpm gnome-session-3.28.1-13.el8.src.rpm gnome-settings-daemon-3.32.0-16.el8.src.rpm gnome-shell-3.32.2-40.el8.src.rpm gnome-shell-extensions-3.32.1-20.el8.src.rpm gnome-software-3.36.1-10.el8.src.rpm gtk3-3.22.30-8.el8.src.rpm mutter-3.32.2-60.el8.src.rpm vino-3.22.0-11.el8.src.rpm webkit2gtk3-2.32.3-2.el8.src.rpm
aarch64: accountsservice-0.6.55-2.el8.aarch64.rpm accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm accountsservice-libs-0.6.55-2.el8.aarch64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm gdm-40.0-15.el8.aarch64.rpm gdm-debuginfo-40.0-15.el8.aarch64.rpm gdm-debugsource-40.0-15.el8.aarch64.rpm gnome-autoar-0.2.3-2.el8.aarch64.rpm gnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm gnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm gnome-calculator-3.28.2-2.el8.aarch64.rpm gnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm gnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm gnome-control-center-3.28.2-28.el8.aarch64.rpm gnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm gnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm gnome-online-accounts-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm gnome-session-3.28.1-13.el8.aarch64.rpm gnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm gnome-session-debugsource-3.28.1-13.el8.aarch64.rpm gnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm gnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm gnome-session-xsession-3.28.1-13.el8.aarch64.rpm gnome-settings-daemon-3.32.0-16.el8.aarch64.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm gnome-shell-3.32.2-40.el8.aarch64.rpm gnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm gnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm gnome-software-3.36.1-10.el8.aarch64.rpm gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm gtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-3.22.30-8.el8.aarch64.rpm gtk3-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-debugsource-3.22.30-8.el8.aarch64.rpm gtk3-devel-3.22.30-8.el8.aarch64.rpm gtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm mutter-3.32.2-60.el8.aarch64.rpm mutter-debuginfo-3.32.2-60.el8.aarch64.rpm mutter-debugsource-3.32.2-60.el8.aarch64.rpm mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm vino-3.22.0-11.el8.aarch64.rpm vino-debuginfo-3.22.0-11.el8.aarch64.rpm vino-debugsource-3.22.0-11.el8.aarch64.rpm webkit2gtk3-2.32.3-2.el8.aarch64.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm webkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
noarch: gnome-classic-session-3.32.1-20.el8.noarch.rpm gnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm gnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm gnome-shell-extension-common-3.32.1-20.el8.noarch.rpm gnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm gnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm gnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm gnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm gnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm gnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm gnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm gnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm gnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm gnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm gnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm gnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm gnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm gnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm gnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm gnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm gnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm
ppc64le: LibRaw-0.19.5-3.el8.ppc64le.rpm LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm accountsservice-0.6.55-2.el8.ppc64le.rpm accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm gdm-40.0-15.el8.ppc64le.rpm gdm-debuginfo-40.0-15.el8.ppc64le.rpm gdm-debugsource-40.0-15.el8.ppc64le.rpm gnome-autoar-0.2.3-2.el8.ppc64le.rpm gnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm gnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm gnome-calculator-3.28.2-2.el8.ppc64le.rpm gnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm gnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm gnome-control-center-3.28.2-28.el8.ppc64le.rpm gnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm gnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm gnome-online-accounts-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm gnome-session-3.28.1-13.el8.ppc64le.rpm gnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm gnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm gnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm gnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm gnome-session-xsession-3.28.1-13.el8.ppc64le.rpm gnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm gnome-shell-3.32.2-40.el8.ppc64le.rpm gnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm gnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm gnome-software-3.36.1-10.el8.ppc64le.rpm gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm gtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-3.22.30-8.el8.ppc64le.rpm gtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-debugsource-3.22.30-8.el8.ppc64le.rpm gtk3-devel-3.22.30-8.el8.ppc64le.rpm gtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm mutter-3.32.2-60.el8.ppc64le.rpm mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm mutter-debugsource-3.32.2-60.el8.ppc64le.rpm mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm vino-3.22.0-11.el8.ppc64le.rpm vino-debuginfo-3.22.0-11.el8.ppc64le.rpm vino-debugsource-3.22.0-11.el8.ppc64le.rpm webkit2gtk3-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
s390x: accountsservice-0.6.55-2.el8.s390x.rpm accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm accountsservice-debugsource-0.6.55-2.el8.s390x.rpm accountsservice-libs-0.6.55-2.el8.s390x.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm gdm-40.0-15.el8.s390x.rpm gdm-debuginfo-40.0-15.el8.s390x.rpm gdm-debugsource-40.0-15.el8.s390x.rpm gnome-autoar-0.2.3-2.el8.s390x.rpm gnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm gnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm gnome-calculator-3.28.2-2.el8.s390x.rpm gnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm gnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm gnome-control-center-3.28.2-28.el8.s390x.rpm gnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm gnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm gnome-online-accounts-3.28.2-3.el8.s390x.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm gnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm gnome-session-3.28.1-13.el8.s390x.rpm gnome-session-debuginfo-3.28.1-13.el8.s390x.rpm gnome-session-debugsource-3.28.1-13.el8.s390x.rpm gnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm gnome-session-wayland-session-3.28.1-13.el8.s390x.rpm gnome-session-xsession-3.28.1-13.el8.s390x.rpm gnome-settings-daemon-3.32.0-16.el8.s390x.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm gnome-shell-3.32.2-40.el8.s390x.rpm gnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm gnome-shell-debugsource-3.32.2-40.el8.s390x.rpm gnome-software-3.36.1-10.el8.s390x.rpm gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm gnome-software-debugsource-3.36.1-10.el8.s390x.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm gtk-update-icon-cache-3.22.30-8.el8.s390x.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-3.22.30-8.el8.s390x.rpm gtk3-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-debugsource-3.22.30-8.el8.s390x.rpm gtk3-devel-3.22.30-8.el8.s390x.rpm gtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-immodule-xim-3.22.30-8.el8.s390x.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm mutter-3.32.2-60.el8.s390x.rpm mutter-debuginfo-3.32.2-60.el8.s390x.rpm mutter-debugsource-3.32.2-60.el8.s390x.rpm mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm vino-3.22.0-11.el8.s390x.rpm vino-debuginfo-3.22.0-11.el8.s390x.rpm vino-debugsource-3.22.0-11.el8.s390x.rpm webkit2gtk3-2.32.3-2.el8.s390x.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm webkit2gtk3-devel-2.32.3-2.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm
x86_64: LibRaw-0.19.5-3.el8.i686.rpm LibRaw-0.19.5-3.el8.x86_64.rpm LibRaw-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm LibRaw-debugsource-0.19.5-3.el8.i686.rpm LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm accountsservice-0.6.55-2.el8.x86_64.rpm accountsservice-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm accountsservice-debugsource-0.6.55-2.el8.i686.rpm accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm accountsservice-libs-0.6.55-2.el8.i686.rpm accountsservice-libs-0.6.55-2.el8.x86_64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm gdm-40.0-15.el8.i686.rpm gdm-40.0-15.el8.x86_64.rpm gdm-debuginfo-40.0-15.el8.i686.rpm gdm-debuginfo-40.0-15.el8.x86_64.rpm gdm-debugsource-40.0-15.el8.i686.rpm gdm-debugsource-40.0-15.el8.x86_64.rpm gnome-autoar-0.2.3-2.el8.i686.rpm gnome-autoar-0.2.3-2.el8.x86_64.rpm gnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm gnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm gnome-autoar-debugsource-0.2.3-2.el8.i686.rpm gnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm gnome-calculator-3.28.2-2.el8.x86_64.rpm gnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm gnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm gnome-control-center-3.28.2-28.el8.x86_64.rpm gnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm gnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm gnome-online-accounts-3.28.2-3.el8.i686.rpm gnome-online-accounts-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-devel-3.28.2-3.el8.i686.rpm gnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm gnome-session-3.28.1-13.el8.x86_64.rpm gnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm gnome-session-debugsource-3.28.1-13.el8.x86_64.rpm gnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm gnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm gnome-session-xsession-3.28.1-13.el8.x86_64.rpm gnome-settings-daemon-3.32.0-16.el8.x86_64.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm gnome-shell-3.32.2-40.el8.x86_64.rpm gnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm gnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm gnome-software-3.36.1-10.el8.x86_64.rpm gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm gsettings-desktop-schemas-3.32.0-6.el8.i686.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm gtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-3.22.30-8.el8.i686.rpm gtk3-3.22.30-8.el8.x86_64.rpm gtk3-debuginfo-3.22.30-8.el8.i686.rpm gtk3-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-debugsource-3.22.30-8.el8.i686.rpm gtk3-debugsource-3.22.30-8.el8.x86_64.rpm gtk3-devel-3.22.30-8.el8.i686.rpm gtk3-devel-3.22.30-8.el8.x86_64.rpm gtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm gtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm gtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm mutter-3.32.2-60.el8.i686.rpm mutter-3.32.2-60.el8.x86_64.rpm mutter-debuginfo-3.32.2-60.el8.i686.rpm mutter-debuginfo-3.32.2-60.el8.x86_64.rpm mutter-debugsource-3.32.2-60.el8.i686.rpm mutter-debugsource-3.32.2-60.el8.x86_64.rpm mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm vino-3.22.0-11.el8.x86_64.rpm vino-debuginfo-3.22.0-11.el8.x86_64.rpm vino-debugsource-3.22.0-11.el8.x86_64.rpm webkit2gtk3-2.32.3-2.el8.i686.rpm webkit2gtk3-2.32.3-2.el8.x86_64.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm webkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm webkit2gtk3-devel-2.32.3-2.el8.i686.rpm webkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source: gsettings-desktop-schemas-3.32.0-6.el8.src.rpm
aarch64: gsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm
ppc64le: gsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm
s390x: gsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm
x86_64: gsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 8):
aarch64: accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm accountsservice-devel-0.6.55-2.el8.aarch64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm gnome-software-devel-3.36.1-10.el8.aarch64.rpm mutter-debuginfo-3.32.2-60.el8.aarch64.rpm mutter-debugsource-3.32.2-60.el8.aarch64.rpm mutter-devel-3.32.2-60.el8.aarch64.rpm mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
ppc64le: LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm LibRaw-devel-0.19.5-3.el8.ppc64le.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm accountsservice-devel-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm gnome-software-devel-3.36.1-10.el8.ppc64le.rpm mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm mutter-debugsource-3.32.2-60.el8.ppc64le.rpm mutter-devel-3.32.2-60.el8.ppc64le.rpm mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
s390x: accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm accountsservice-debugsource-0.6.55-2.el8.s390x.rpm accountsservice-devel-0.6.55-2.el8.s390x.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm gnome-software-debugsource-3.36.1-10.el8.s390x.rpm gnome-software-devel-3.36.1-10.el8.s390x.rpm mutter-debuginfo-3.32.2-60.el8.s390x.rpm mutter-debugsource-3.32.2-60.el8.s390x.rpm mutter-devel-3.32.2-60.el8.s390x.rpm mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
x86_64: LibRaw-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm LibRaw-debugsource-0.19.5-3.el8.i686.rpm LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm LibRaw-devel-0.19.5-3.el8.i686.rpm LibRaw-devel-0.19.5-3.el8.x86_64.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm accountsservice-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm accountsservice-debugsource-0.6.55-2.el8.i686.rpm accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm accountsservice-devel-0.6.55-2.el8.i686.rpm accountsservice-devel-0.6.55-2.el8.x86_64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm gnome-software-3.36.1-10.el8.i686.rpm gnome-software-debuginfo-3.36.1-10.el8.i686.rpm gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm gnome-software-debugsource-3.36.1-10.el8.i686.rpm gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm gnome-software-devel-3.36.1-10.el8.i686.rpm gnome-software-devel-3.36.1-10.el8.x86_64.rpm mutter-debuginfo-3.32.2-60.el8.i686.rpm mutter-debuginfo-3.32.2-60.el8.x86_64.rpm mutter-debugsource-3.32.2-60.el8.i686.rpm mutter-debugsource-3.32.2-60.el8.x86_64.rpm mutter-devel-3.32.2-60.el8.i686.rpm mutter-devel-3.32.2-60.el8.x86_64.rpm mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-13558 https://access.redhat.com/security/cve/CVE-2020-24870 https://access.redhat.com/security/cve/CVE-2020-27918 https://access.redhat.com/security/cve/CVE-2020-29623 https://access.redhat.com/security/cve/CVE-2020-36241 https://access.redhat.com/security/cve/CVE-2021-1765 https://access.redhat.com/security/cve/CVE-2021-1788 https://access.redhat.com/security/cve/CVE-2021-1789 https://access.redhat.com/security/cve/CVE-2021-1799 https://access.redhat.com/security/cve/CVE-2021-1801 https://access.redhat.com/security/cve/CVE-2021-1844 https://access.redhat.com/security/cve/CVE-2021-1870 https://access.redhat.com/security/cve/CVE-2021-1871 https://access.redhat.com/security/cve/CVE-2021-21775 https://access.redhat.com/security/cve/CVE-2021-21779 https://access.redhat.com/security/cve/CVE-2021-21806 https://access.redhat.com/security/cve/CVE-2021-28650 https://access.redhat.com/security/cve/CVE-2021-30663 https://access.redhat.com/security/cve/CVE-2021-30665 https://access.redhat.com/security/cve/CVE-2021-30682 https://access.redhat.com/security/cve/CVE-2021-30689 https://access.redhat.com/security/cve/CVE-2021-30720 https://access.redhat.com/security/cve/CVE-2021-30734 https://access.redhat.com/security/cve/CVE-2021-30744 https://access.redhat.com/security/cve/CVE-2021-30749 https://access.redhat.com/security/cve/CVE-2021-30758 https://access.redhat.com/security/cve/CVE-2021-30795 https://access.redhat.com/security/cve/CVE-2021-30797 https://access.redhat.com/security/cve/CVE-2021-30799 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYYrdm9zjgjWX9erEAQhgIA/+KzLn8QVHI3X8x9ufH1+nO8QXQqwTGQ0E awNXP8h4qsL7EGugHrz/KVjwaKJs/erPxh5jGl/xE1ZhngGlyStUpQkI2Y3cP2/3 05jDPPS0QEfG5Y0rlnESyPxtwQTCpqped5P7L8VtKuzRae1HV63onsBB8zpcIFF7 sTKcP6wAAjJDltUjlhnEkkE3G6Dxfv14/UowRAWoT9pa9cP0+KqdhuYKHdt3fCD7 tEItM/SFQGoCF8zvXbvAiUXfZsQ/t/Yik9O6WISTWenaxCcP43Xn7aicsvZMVOvQ w+jnH/hnMLBoPhH2k4PClsDapa/D6IrQIUrwxtgfbC4KRs0fbdrEGCPqs4nl/AdD Migcf4gCMBq0bk3/yKp+/bi+OWwRMmw3ZdkJsOTNrOAkK1UCyrpF1ULyfs+8/OC5 QnXW88fPCwhFj+KSAq5Cqfwm3hrKTCWIT/T1DQBG+J7Y9NgEx+zEXVmWaaA0z+7T qji5aUsIH+TG3t1EwtXABWGGEBRxC+svUoWNJBW1u6qwxfMx5E+hHUHhRewVYLYu SToRXa3cIX23M/XyHNXBgMCpPPw8DeY5aAA1fvKQsuMCLywDg0N3mYhvk1HUNidb Z6HmsLjLrGbkb1AAhP0V0wUuh5P6YJlL6iM49fQgztlHoBO0OAo56GBjAyT3pAAX 2rgR2Ny0wo4=gfrM -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:
The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es):
- mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-01-26-1 iOS 14.4 and iPadOS 14.4
iOS 14.4 and iPadOS 14.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212146.
Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to elevate privileges. CVE-2021-1782: an anonymous researcher
WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution. CVE-2021-1871: an anonymous researcher CVE-2021-1870: an anonymous researcher
Additional details available soon.
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "iOS 14.4 and iPadOS 14.4". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202202-01
https://security.gentoo.org/
Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
[ 1 ] CVE-2021-30848 https://nvd.nist.gov/vuln/detail/CVE-2021-30848 [ 2 ] CVE-2021-30888 https://nvd.nist.gov/vuln/detail/CVE-2021-30888 [ 3 ] CVE-2021-30682 https://nvd.nist.gov/vuln/detail/CVE-2021-30682 [ 4 ] CVE-2021-30889 https://nvd.nist.gov/vuln/detail/CVE-2021-30889 [ 5 ] CVE-2021-30666 https://nvd.nist.gov/vuln/detail/CVE-2021-30666 [ 6 ] CVE-2021-30665 https://nvd.nist.gov/vuln/detail/CVE-2021-30665 [ 7 ] CVE-2021-30890 https://nvd.nist.gov/vuln/detail/CVE-2021-30890 [ 8 ] CVE-2021-30661 https://nvd.nist.gov/vuln/detail/CVE-2021-30661 [ 9 ] WSA-2021-0005 https://webkitgtk.org/security/WSA-2021-0005.html [ 10 ] CVE-2021-30761 https://nvd.nist.gov/vuln/detail/CVE-2021-30761 [ 11 ] CVE-2021-30897 https://nvd.nist.gov/vuln/detail/CVE-2021-30897 [ 12 ] CVE-2021-30823 https://nvd.nist.gov/vuln/detail/CVE-2021-30823 [ 13 ] CVE-2021-30734 https://nvd.nist.gov/vuln/detail/CVE-2021-30734 [ 14 ] CVE-2021-30934 https://nvd.nist.gov/vuln/detail/CVE-2021-30934 [ 15 ] CVE-2021-1871 https://nvd.nist.gov/vuln/detail/CVE-2021-1871 [ 16 ] CVE-2021-30762 https://nvd.nist.gov/vuln/detail/CVE-2021-30762 [ 17 ] WSA-2021-0006 https://webkitgtk.org/security/WSA-2021-0006.html [ 18 ] CVE-2021-30797 https://nvd.nist.gov/vuln/detail/CVE-2021-30797 [ 19 ] CVE-2021-30936 https://nvd.nist.gov/vuln/detail/CVE-2021-30936 [ 20 ] CVE-2021-30663 https://nvd.nist.gov/vuln/detail/CVE-2021-30663 [ 21 ] CVE-2021-1825 https://nvd.nist.gov/vuln/detail/CVE-2021-1825 [ 22 ] CVE-2021-30951 https://nvd.nist.gov/vuln/detail/CVE-2021-30951 [ 23 ] CVE-2021-30952 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 [ 24 ] CVE-2021-1788 https://nvd.nist.gov/vuln/detail/CVE-2021-1788 [ 25 ] CVE-2021-1820 https://nvd.nist.gov/vuln/detail/CVE-2021-1820 [ 26 ] CVE-2021-30953 https://nvd.nist.gov/vuln/detail/CVE-2021-30953 [ 27 ] CVE-2021-30749 https://nvd.nist.gov/vuln/detail/CVE-2021-30749 [ 28 ] CVE-2021-30849 https://nvd.nist.gov/vuln/detail/CVE-2021-30849 [ 29 ] CVE-2021-1826 https://nvd.nist.gov/vuln/detail/CVE-2021-1826 [ 30 ] CVE-2021-30836 https://nvd.nist.gov/vuln/detail/CVE-2021-30836 [ 31 ] CVE-2021-30954 https://nvd.nist.gov/vuln/detail/CVE-2021-30954 [ 32 ] CVE-2021-30984 https://nvd.nist.gov/vuln/detail/CVE-2021-30984 [ 33 ] CVE-2021-30851 https://nvd.nist.gov/vuln/detail/CVE-2021-30851 [ 34 ] CVE-2021-30758 https://nvd.nist.gov/vuln/detail/CVE-2021-30758 [ 35 ] CVE-2021-42762 https://nvd.nist.gov/vuln/detail/CVE-2021-42762 [ 36 ] CVE-2021-1844 https://nvd.nist.gov/vuln/detail/CVE-2021-1844 [ 37 ] CVE-2021-30689 https://nvd.nist.gov/vuln/detail/CVE-2021-30689 [ 38 ] CVE-2021-45482 https://nvd.nist.gov/vuln/detail/CVE-2021-45482 [ 39 ] CVE-2021-30858 https://nvd.nist.gov/vuln/detail/CVE-2021-30858 [ 40 ] CVE-2021-21779 https://nvd.nist.gov/vuln/detail/CVE-2021-21779 [ 41 ] WSA-2021-0004 https://webkitgtk.org/security/WSA-2021-0004.html [ 42 ] CVE-2021-30846 https://nvd.nist.gov/vuln/detail/CVE-2021-30846 [ 43 ] CVE-2021-30744 https://nvd.nist.gov/vuln/detail/CVE-2021-30744 [ 44 ] CVE-2021-30809 https://nvd.nist.gov/vuln/detail/CVE-2021-30809 [ 45 ] CVE-2021-30884 https://nvd.nist.gov/vuln/detail/CVE-2021-30884 [ 46 ] CVE-2021-30720 https://nvd.nist.gov/vuln/detail/CVE-2021-30720 [ 47 ] CVE-2021-30799 https://nvd.nist.gov/vuln/detail/CVE-2021-30799 [ 48 ] CVE-2021-30795 https://nvd.nist.gov/vuln/detail/CVE-2021-30795 [ 49 ] CVE-2021-1817 https://nvd.nist.gov/vuln/detail/CVE-2021-1817 [ 50 ] CVE-2021-21775 https://nvd.nist.gov/vuln/detail/CVE-2021-21775 [ 51 ] CVE-2021-30887 https://nvd.nist.gov/vuln/detail/CVE-2021-30887 [ 52 ] CVE-2021-21806 https://nvd.nist.gov/vuln/detail/CVE-2021-21806 [ 53 ] CVE-2021-30818 https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4923-1 security@debian.org https://www.debian.org/security/ Alberto Garcia May 30, 2021 https://www.debian.org/security/faq
Package : webkit2gtk CVE ID : CVE-2021-1788 CVE-2021-1844 CVE-2021-1871
The following vulnerabilities have been discovered in the webkit2gtk web engine:
CVE-2021-1788
Francisco Alonso discovered that processing maliciously crafted
web content may lead to arbitrary code execution.
CVE-2021-1844
Clement Lecigne and Alison Huffman discovered that processing
maliciously crafted web content may lead to arbitrary code
execution.
For the stable distribution (buster), these problems have been fixed in version 2.32.1-1~deb10u1.
We recommend that you upgrade your webkit2gtk packages
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0751",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.2"
},
{
"model": "ipad os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.4"
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013403"
},
{
"db": "NVD",
"id": "CVE-2021-1871"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "161146"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2426"
}
],
"trust": 0.7
},
"cve": "CVE-2021-1871",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-1871",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-376531",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-1871",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-1871",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-1871",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-1871",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-2426",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-376531",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-1871",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376531"
},
{
"db": "VULMON",
"id": "CVE-2021-1871"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013403"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2426"
},
{
"db": "NVD",
"id": "CVE-2021-1871"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. plural Apple There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. There is a security vulnerability in Apple iOS. Please keep an eye on CNNVD or manufacturer announcements. A security issue exists in WebKitGTK prior to 2.32.0 and WPE WebKit prior to 2.32.0. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: GNOME security, bug fix, and enhancement update\nAdvisory ID: RHSA-2021:4381-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:4381\nIssue date: 2021-11-09\nCVE Names: CVE-2020-13558 CVE-2020-24870 CVE-2020-27918\n CVE-2020-29623 CVE-2020-36241 CVE-2021-1765\n CVE-2021-1788 CVE-2021-1789 CVE-2021-1799\n CVE-2021-1801 CVE-2021-1844 CVE-2021-1870\n CVE-2021-1871 CVE-2021-21775 CVE-2021-21779\n CVE-2021-21806 CVE-2021-28650 CVE-2021-30663\n CVE-2021-30665 CVE-2021-30682 CVE-2021-30689\n CVE-2021-30720 CVE-2021-30734 CVE-2021-30744\n CVE-2021-30749 CVE-2021-30758 CVE-2021-30795\n CVE-2021-30797 CVE-2021-30799\n====================================================================\n1. Summary:\n\nAn update for GNOME is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nGNOME is the default desktop environment of Red Hat Enterprise Linux. \n\nThe following packages have been upgraded to a later upstream version: gdm\n(40.0), webkit2gtk3 (2.32.3). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nGDM must be restarted for this update to take effect. The GNOME session\nmust be restarted (log out, then log back in) for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time\n1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8)\n1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop\n1813727 - Files copied from NFS4 to Desktop can\u0027t be opened\n1854679 - [RFE] Disable left edge gesture\n1873297 - Gnome-software coredumps when run as root in terminal\n1873488 - GTK3 prints errors with overlay scrollbar disabled\n1888404 - Updates page hides ongoing updates on refresh\n1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3. \n1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ... \n1904139 - Automatic Logout Feature not working\n1905000 - Desktop refresh broken after unlock\n1909300 - gdm isn\u0027t killing the login screen on login after all, should rebase to latest release\n1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot\n1924725 - [Wayland] Double-touch desktop icons fails sometimes\n1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory\n1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp\n1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution\n1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login\n1937416 - Rebase WebKitGTK to 2.32\n1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0]\n1938937 - Mutter: mouse click doesn\u0027t work when using 10-bit graphic monitor [rhel-8.5.0]\n1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix)\n1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution\n1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history\n1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation\n1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution\n1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection\n1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation\n1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution\n1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution\n1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution\n1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution\n1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH\n1951086 - Disable the Facebook provider\n1952136 - Disable the Foursquare provider\n1955754 - gnome-session kiosk-session support still isn\u0027t up to muster\n1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide\n1960705 - Vino nonfunctional in FIPS mode\n1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V\n1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens\n1971534 - gnome-shell[2343]: gsignal.c:2642: instance \u00270x5583c61f9280\u0027 has no handler with id \u002723831\u0027\n1972545 - flatpak: Prefer runtime from the same origin as the application\n1978287 - gnome-shell to include / Documented - PolicyKit-authentication-agent\n1978505 - Gnome Software development package is missing important header files. \n1978612 - pt_BR translations for \"Register System\" panel\n1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution\n1980661 - \"Screen Lock disabled\" notification appears on first login after disabling gdm and notification pop-up. \n1981420 - Improve style of overview close buttons\n1986863 - CVE-2021-21775 webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution\n1986866 - CVE-2021-21779 webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution\n1986872 - CVE-2021-30663 webkitgtk: Integer overflow leading to arbitrary code execution\n1986874 - CVE-2021-30665 webkitgtk: Memory corruption leading to arbitrary code execution\n1986879 - CVE-2021-30682 webkitgtk: Logic issue leading to leak of sensitive user information\n1986881 - CVE-2021-30689 webkitgtk: Logic issue leading to universal cross site scripting attack\n1986883 - CVE-2021-30720 webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers\n1986886 - CVE-2021-30734 webkitgtk: Memory corruptions leading to arbitrary code execution\n1986888 - CVE-2021-30744 webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack\n1986890 - CVE-2021-30749 webkitgtk: Memory corruptions leading to arbitrary code execution\n1986892 - CVE-2021-30758 webkitgtk: Type confusion leading to arbitrary code execution\n1986900 - CVE-2021-30795 webkitgtk: Use-after-free leading to arbitrary code execution\n1986902 - CVE-2021-30797 webkitgtk: Insufficient checks leading to arbitrary code execution\n1986906 - CVE-2021-30799 webkitgtk: Memory corruptions leading to arbitrary code execution\n1987233 - [RHEL8.5]Login screen shows dots when entering username\n1989035 - terminal don\u0027t redraw if partially off screen\n1998989 - [RHEL8.5] [Hyper-V]Cannot display GUI after installed RHEL8.5 recent build\n1999120 - Gnome file manager crashes Xwayland/Desktop on drag/drop of files\n2004170 - Unable to login to session via xdmcp\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nLibRaw-0.19.5-3.el8.src.rpm\naccountsservice-0.6.55-2.el8.src.rpm\ngdm-40.0-15.el8.src.rpm\ngnome-autoar-0.2.3-2.el8.src.rpm\ngnome-calculator-3.28.2-2.el8.src.rpm\ngnome-control-center-3.28.2-28.el8.src.rpm\ngnome-online-accounts-3.28.2-3.el8.src.rpm\ngnome-session-3.28.1-13.el8.src.rpm\ngnome-settings-daemon-3.32.0-16.el8.src.rpm\ngnome-shell-3.32.2-40.el8.src.rpm\ngnome-shell-extensions-3.32.1-20.el8.src.rpm\ngnome-software-3.36.1-10.el8.src.rpm\ngtk3-3.22.30-8.el8.src.rpm\nmutter-3.32.2-60.el8.src.rpm\nvino-3.22.0-11.el8.src.rpm\nwebkit2gtk3-2.32.3-2.el8.src.rpm\n\naarch64:\naccountsservice-0.6.55-2.el8.aarch64.rpm\naccountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm\naccountsservice-debugsource-0.6.55-2.el8.aarch64.rpm\naccountsservice-libs-0.6.55-2.el8.aarch64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm\ngdm-40.0-15.el8.aarch64.rpm\ngdm-debuginfo-40.0-15.el8.aarch64.rpm\ngdm-debugsource-40.0-15.el8.aarch64.rpm\ngnome-autoar-0.2.3-2.el8.aarch64.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm\ngnome-calculator-3.28.2-2.el8.aarch64.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm\ngnome-control-center-3.28.2-28.el8.aarch64.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm\ngnome-online-accounts-3.28.2-3.el8.aarch64.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm\ngnome-session-3.28.1-13.el8.aarch64.rpm\ngnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm\ngnome-session-debugsource-3.28.1-13.el8.aarch64.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm\ngnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm\ngnome-session-xsession-3.28.1-13.el8.aarch64.rpm\ngnome-settings-daemon-3.32.0-16.el8.aarch64.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm\ngnome-shell-3.32.2-40.el8.aarch64.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm\ngnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm\ngnome-software-3.36.1-10.el8.aarch64.rpm\ngnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm\ngnome-software-debugsource-3.36.1-10.el8.aarch64.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm\ngtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-3.22.30-8.el8.aarch64.rpm\ngtk3-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-debugsource-3.22.30-8.el8.aarch64.rpm\ngtk3-devel-3.22.30-8.el8.aarch64.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm\nmutter-3.32.2-60.el8.aarch64.rpm\nmutter-debuginfo-3.32.2-60.el8.aarch64.rpm\nmutter-debugsource-3.32.2-60.el8.aarch64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm\nvino-3.22.0-11.el8.aarch64.rpm\nvino-debuginfo-3.22.0-11.el8.aarch64.rpm\nvino-debugsource-3.22.0-11.el8.aarch64.rpm\nwebkit2gtk3-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm\n\nnoarch:\ngnome-classic-session-3.32.1-20.el8.noarch.rpm\ngnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm\ngnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-common-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm\n\nppc64le:\nLibRaw-0.19.5-3.el8.ppc64le.rpm\nLibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm\nLibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm\naccountsservice-0.6.55-2.el8.ppc64le.rpm\naccountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm\naccountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm\naccountsservice-libs-0.6.55-2.el8.ppc64le.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm\ngdm-40.0-15.el8.ppc64le.rpm\ngdm-debuginfo-40.0-15.el8.ppc64le.rpm\ngdm-debugsource-40.0-15.el8.ppc64le.rpm\ngnome-autoar-0.2.3-2.el8.ppc64le.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm\ngnome-calculator-3.28.2-2.el8.ppc64le.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm\ngnome-control-center-3.28.2-28.el8.ppc64le.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm\ngnome-online-accounts-3.28.2-3.el8.ppc64le.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm\ngnome-session-3.28.1-13.el8.ppc64le.rpm\ngnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm\ngnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm\ngnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm\ngnome-session-xsession-3.28.1-13.el8.ppc64le.rpm\ngnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm\ngnome-shell-3.32.2-40.el8.ppc64le.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm\ngnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm\ngnome-software-3.36.1-10.el8.ppc64le.rpm\ngnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm\ngnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm\ngtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-3.22.30-8.el8.ppc64le.rpm\ngtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-debugsource-3.22.30-8.el8.ppc64le.rpm\ngtk3-devel-3.22.30-8.el8.ppc64le.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm\nmutter-3.32.2-60.el8.ppc64le.rpm\nmutter-debuginfo-3.32.2-60.el8.ppc64le.rpm\nmutter-debugsource-3.32.2-60.el8.ppc64le.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm\nvino-3.22.0-11.el8.ppc64le.rpm\nvino-debuginfo-3.22.0-11.el8.ppc64le.rpm\nvino-debugsource-3.22.0-11.el8.ppc64le.rpm\nwebkit2gtk3-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm\n\ns390x:\naccountsservice-0.6.55-2.el8.s390x.rpm\naccountsservice-debuginfo-0.6.55-2.el8.s390x.rpm\naccountsservice-debugsource-0.6.55-2.el8.s390x.rpm\naccountsservice-libs-0.6.55-2.el8.s390x.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm\ngdm-40.0-15.el8.s390x.rpm\ngdm-debuginfo-40.0-15.el8.s390x.rpm\ngdm-debugsource-40.0-15.el8.s390x.rpm\ngnome-autoar-0.2.3-2.el8.s390x.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm\ngnome-calculator-3.28.2-2.el8.s390x.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm\ngnome-control-center-3.28.2-28.el8.s390x.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm\ngnome-online-accounts-3.28.2-3.el8.s390x.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm\ngnome-session-3.28.1-13.el8.s390x.rpm\ngnome-session-debuginfo-3.28.1-13.el8.s390x.rpm\ngnome-session-debugsource-3.28.1-13.el8.s390x.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm\ngnome-session-wayland-session-3.28.1-13.el8.s390x.rpm\ngnome-session-xsession-3.28.1-13.el8.s390x.rpm\ngnome-settings-daemon-3.32.0-16.el8.s390x.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm\ngnome-shell-3.32.2-40.el8.s390x.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm\ngnome-shell-debugsource-3.32.2-40.el8.s390x.rpm\ngnome-software-3.36.1-10.el8.s390x.rpm\ngnome-software-debuginfo-3.36.1-10.el8.s390x.rpm\ngnome-software-debugsource-3.36.1-10.el8.s390x.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm\ngtk-update-icon-cache-3.22.30-8.el8.s390x.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-3.22.30-8.el8.s390x.rpm\ngtk3-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-debugsource-3.22.30-8.el8.s390x.rpm\ngtk3-devel-3.22.30-8.el8.s390x.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-immodule-xim-3.22.30-8.el8.s390x.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm\nmutter-3.32.2-60.el8.s390x.rpm\nmutter-debuginfo-3.32.2-60.el8.s390x.rpm\nmutter-debugsource-3.32.2-60.el8.s390x.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm\nvino-3.22.0-11.el8.s390x.rpm\nvino-debuginfo-3.22.0-11.el8.s390x.rpm\nvino-debugsource-3.22.0-11.el8.s390x.rpm\nwebkit2gtk3-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm\n\nx86_64:\nLibRaw-0.19.5-3.el8.i686.rpm\nLibRaw-0.19.5-3.el8.x86_64.rpm\nLibRaw-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm\nLibRaw-debugsource-0.19.5-3.el8.i686.rpm\nLibRaw-debugsource-0.19.5-3.el8.x86_64.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm\naccountsservice-0.6.55-2.el8.x86_64.rpm\naccountsservice-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm\naccountsservice-debugsource-0.6.55-2.el8.i686.rpm\naccountsservice-debugsource-0.6.55-2.el8.x86_64.rpm\naccountsservice-libs-0.6.55-2.el8.i686.rpm\naccountsservice-libs-0.6.55-2.el8.x86_64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm\ngdm-40.0-15.el8.i686.rpm\ngdm-40.0-15.el8.x86_64.rpm\ngdm-debuginfo-40.0-15.el8.i686.rpm\ngdm-debuginfo-40.0-15.el8.x86_64.rpm\ngdm-debugsource-40.0-15.el8.i686.rpm\ngdm-debugsource-40.0-15.el8.x86_64.rpm\ngnome-autoar-0.2.3-2.el8.i686.rpm\ngnome-autoar-0.2.3-2.el8.x86_64.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.i686.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm\ngnome-calculator-3.28.2-2.el8.x86_64.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm\ngnome-control-center-3.28.2-28.el8.x86_64.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm\ngnome-online-accounts-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-3.28.2-3.el8.x86_64.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm\ngnome-session-3.28.1-13.el8.x86_64.rpm\ngnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm\ngnome-session-debugsource-3.28.1-13.el8.x86_64.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm\ngnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm\ngnome-session-xsession-3.28.1-13.el8.x86_64.rpm\ngnome-settings-daemon-3.32.0-16.el8.x86_64.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm\ngnome-shell-3.32.2-40.el8.x86_64.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm\ngnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm\ngnome-software-3.36.1-10.el8.x86_64.rpm\ngnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm\ngnome-software-debugsource-3.36.1-10.el8.x86_64.rpm\ngsettings-desktop-schemas-3.32.0-6.el8.i686.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm\ngtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-3.22.30-8.el8.i686.rpm\ngtk3-3.22.30-8.el8.x86_64.rpm\ngtk3-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-debugsource-3.22.30-8.el8.i686.rpm\ngtk3-debugsource-3.22.30-8.el8.x86_64.rpm\ngtk3-devel-3.22.30-8.el8.i686.rpm\ngtk3-devel-3.22.30-8.el8.x86_64.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm\nmutter-3.32.2-60.el8.i686.rpm\nmutter-3.32.2-60.el8.x86_64.rpm\nmutter-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-debuginfo-3.32.2-60.el8.x86_64.rpm\nmutter-debugsource-3.32.2-60.el8.i686.rpm\nmutter-debugsource-3.32.2-60.el8.x86_64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm\nvino-3.22.0-11.el8.x86_64.rpm\nvino-debuginfo-3.22.0-11.el8.x86_64.rpm\nvino-debugsource-3.22.0-11.el8.x86_64.rpm\nwebkit2gtk3-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\ngsettings-desktop-schemas-3.32.0-6.el8.src.rpm\n\naarch64:\ngsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm\n\nppc64le:\ngsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm\n\ns390x:\ngsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm\n\nx86_64:\ngsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm\n\nRed Hat Enterprise Linux CRB (v. 8):\n\naarch64:\naccountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm\naccountsservice-debugsource-0.6.55-2.el8.aarch64.rpm\naccountsservice-devel-0.6.55-2.el8.aarch64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm\ngnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm\ngnome-software-debugsource-3.36.1-10.el8.aarch64.rpm\ngnome-software-devel-3.36.1-10.el8.aarch64.rpm\nmutter-debuginfo-3.32.2-60.el8.aarch64.rpm\nmutter-debugsource-3.32.2-60.el8.aarch64.rpm\nmutter-devel-3.32.2-60.el8.aarch64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm\n\nppc64le:\nLibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm\nLibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm\nLibRaw-devel-0.19.5-3.el8.ppc64le.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm\naccountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm\naccountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm\naccountsservice-devel-0.6.55-2.el8.ppc64le.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm\ngnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm\ngnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm\ngnome-software-devel-3.36.1-10.el8.ppc64le.rpm\nmutter-debuginfo-3.32.2-60.el8.ppc64le.rpm\nmutter-debugsource-3.32.2-60.el8.ppc64le.rpm\nmutter-devel-3.32.2-60.el8.ppc64le.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm\n\ns390x:\naccountsservice-debuginfo-0.6.55-2.el8.s390x.rpm\naccountsservice-debugsource-0.6.55-2.el8.s390x.rpm\naccountsservice-devel-0.6.55-2.el8.s390x.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm\ngnome-software-debuginfo-3.36.1-10.el8.s390x.rpm\ngnome-software-debugsource-3.36.1-10.el8.s390x.rpm\ngnome-software-devel-3.36.1-10.el8.s390x.rpm\nmutter-debuginfo-3.32.2-60.el8.s390x.rpm\nmutter-debugsource-3.32.2-60.el8.s390x.rpm\nmutter-devel-3.32.2-60.el8.s390x.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm\n\nx86_64:\nLibRaw-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm\nLibRaw-debugsource-0.19.5-3.el8.i686.rpm\nLibRaw-debugsource-0.19.5-3.el8.x86_64.rpm\nLibRaw-devel-0.19.5-3.el8.i686.rpm\nLibRaw-devel-0.19.5-3.el8.x86_64.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm\naccountsservice-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm\naccountsservice-debugsource-0.6.55-2.el8.i686.rpm\naccountsservice-debugsource-0.6.55-2.el8.x86_64.rpm\naccountsservice-devel-0.6.55-2.el8.i686.rpm\naccountsservice-devel-0.6.55-2.el8.x86_64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm\ngnome-software-3.36.1-10.el8.i686.rpm\ngnome-software-debuginfo-3.36.1-10.el8.i686.rpm\ngnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm\ngnome-software-debugsource-3.36.1-10.el8.i686.rpm\ngnome-software-debugsource-3.36.1-10.el8.x86_64.rpm\ngnome-software-devel-3.36.1-10.el8.i686.rpm\ngnome-software-devel-3.36.1-10.el8.x86_64.rpm\nmutter-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-debuginfo-3.32.2-60.el8.x86_64.rpm\nmutter-debugsource-3.32.2-60.el8.i686.rpm\nmutter-debugsource-3.32.2-60.el8.x86_64.rpm\nmutter-devel-3.32.2-60.el8.i686.rpm\nmutter-devel-3.32.2-60.el8.x86_64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-13558\nhttps://access.redhat.com/security/cve/CVE-2020-24870\nhttps://access.redhat.com/security/cve/CVE-2020-27918\nhttps://access.redhat.com/security/cve/CVE-2020-29623\nhttps://access.redhat.com/security/cve/CVE-2020-36241\nhttps://access.redhat.com/security/cve/CVE-2021-1765\nhttps://access.redhat.com/security/cve/CVE-2021-1788\nhttps://access.redhat.com/security/cve/CVE-2021-1789\nhttps://access.redhat.com/security/cve/CVE-2021-1799\nhttps://access.redhat.com/security/cve/CVE-2021-1801\nhttps://access.redhat.com/security/cve/CVE-2021-1844\nhttps://access.redhat.com/security/cve/CVE-2021-1870\nhttps://access.redhat.com/security/cve/CVE-2021-1871\nhttps://access.redhat.com/security/cve/CVE-2021-21775\nhttps://access.redhat.com/security/cve/CVE-2021-21779\nhttps://access.redhat.com/security/cve/CVE-2021-21806\nhttps://access.redhat.com/security/cve/CVE-2021-28650\nhttps://access.redhat.com/security/cve/CVE-2021-30663\nhttps://access.redhat.com/security/cve/CVE-2021-30665\nhttps://access.redhat.com/security/cve/CVE-2021-30682\nhttps://access.redhat.com/security/cve/CVE-2021-30689\nhttps://access.redhat.com/security/cve/CVE-2021-30720\nhttps://access.redhat.com/security/cve/CVE-2021-30734\nhttps://access.redhat.com/security/cve/CVE-2021-30744\nhttps://access.redhat.com/security/cve/CVE-2021-30749\nhttps://access.redhat.com/security/cve/CVE-2021-30758\nhttps://access.redhat.com/security/cve/CVE-2021-30795\nhttps://access.redhat.com/security/cve/CVE-2021-30797\nhttps://access.redhat.com/security/cve/CVE-2021-30799\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYYrdm9zjgjWX9erEAQhgIA/+KzLn8QVHI3X8x9ufH1+nO8QXQqwTGQ0E\nawNXP8h4qsL7EGugHrz/KVjwaKJs/erPxh5jGl/xE1ZhngGlyStUpQkI2Y3cP2/3\n05jDPPS0QEfG5Y0rlnESyPxtwQTCpqped5P7L8VtKuzRae1HV63onsBB8zpcIFF7\nsTKcP6wAAjJDltUjlhnEkkE3G6Dxfv14/UowRAWoT9pa9cP0+KqdhuYKHdt3fCD7\ntEItM/SFQGoCF8zvXbvAiUXfZsQ/t/Yik9O6WISTWenaxCcP43Xn7aicsvZMVOvQ\nw+jnH/hnMLBoPhH2k4PClsDapa/D6IrQIUrwxtgfbC4KRs0fbdrEGCPqs4nl/AdD\nMigcf4gCMBq0bk3/yKp+/bi+OWwRMmw3ZdkJsOTNrOAkK1UCyrpF1ULyfs+8/OC5\nQnXW88fPCwhFj+KSAq5Cqfwm3hrKTCWIT/T1DQBG+J7Y9NgEx+zEXVmWaaA0z+7T\nqji5aUsIH+TG3t1EwtXABWGGEBRxC+svUoWNJBW1u6qwxfMx5E+hHUHhRewVYLYu\nSToRXa3cIX23M/XyHNXBgMCpPPw8DeY5aAA1fvKQsuMCLywDg0N3mYhvk1HUNidb\nZ6HmsLjLrGbkb1AAhP0V0wUuh5P6YJlL6iM49fQgztlHoBO0OAo56GBjAyT3pAAX\n2rgR2Ny0wo4=gfrM\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nSecurity Fix(es):\n\n* mig-controller: incorrect namespaces handling may lead to not authorized\nusage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2019088 - \"MigrationController\" CR displays syntax error when unquiescing applications\n2021666 - Route name longer than 63 characters causes direct volume migration to fail\n2021668 - \"MigrationController\" CR ignores the \"cluster_subdomain\" value for direct volume migration routes\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image\n2027196 - \"migration-controller\" pod goes into \"CrashLoopBackoff\" state if an invalid registry route is entered on the \"Clusters\" page of the web console\n2027382 - \"Copy oc describe/oc logs\" window does not close automatically after timeout\n2028841 - \"rsync-client\" container fails during direct volume migration with \"Address family not supported by protocol\" error\n2031793 - \"migration-controller\" pod goes into \"CrashLoopBackOff\" state if \"MigPlan\" CR contains an invalid \"includedResources\" resource\n2039852 - \"migration-controller\" pod goes into \"CrashLoopBackOff\" state if \"MigPlan\" CR contains an invalid \"destMigClusterRef\" or \"srcMigClusterRef\"\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-01-26-1 iOS 14.4 and iPadOS 14.4\n\niOS 14.4 and iPadOS 14.4 addresses the following issues. Information\nabout the security content is also available at\nhttps://support.apple.com/HT212146. \n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A malicious application may be able to elevate privileges. \nCVE-2021-1782: an anonymous researcher\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A remote attacker may be able to cause arbitrary code\nexecution. \nCVE-2021-1871: an anonymous researcher\nCVE-2021-1870: an anonymous researcher\n\nAdditional details available soon. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 14.4 and iPadOS 14.4\". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202202-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: February 01, 2022\n Bugs: #779175, #801400, #813489, #819522, #820434, #829723,\n #831739\n ID: 202202-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nBackground\n=========\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from hybrid\nHTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.34.4 \u003e= 2.34.4\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in WebkitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.34.4\"\n\nReferences\n=========\n[ 1 ] CVE-2021-30848\n https://nvd.nist.gov/vuln/detail/CVE-2021-30848\n[ 2 ] CVE-2021-30888\n https://nvd.nist.gov/vuln/detail/CVE-2021-30888\n[ 3 ] CVE-2021-30682\n https://nvd.nist.gov/vuln/detail/CVE-2021-30682\n[ 4 ] CVE-2021-30889\n https://nvd.nist.gov/vuln/detail/CVE-2021-30889\n[ 5 ] CVE-2021-30666\n https://nvd.nist.gov/vuln/detail/CVE-2021-30666\n[ 6 ] CVE-2021-30665\n https://nvd.nist.gov/vuln/detail/CVE-2021-30665\n[ 7 ] CVE-2021-30890\n https://nvd.nist.gov/vuln/detail/CVE-2021-30890\n[ 8 ] CVE-2021-30661\n https://nvd.nist.gov/vuln/detail/CVE-2021-30661\n[ 9 ] WSA-2021-0005\n https://webkitgtk.org/security/WSA-2021-0005.html\n[ 10 ] CVE-2021-30761\n https://nvd.nist.gov/vuln/detail/CVE-2021-30761\n[ 11 ] CVE-2021-30897\n https://nvd.nist.gov/vuln/detail/CVE-2021-30897\n[ 12 ] CVE-2021-30823\n https://nvd.nist.gov/vuln/detail/CVE-2021-30823\n[ 13 ] CVE-2021-30734\n https://nvd.nist.gov/vuln/detail/CVE-2021-30734\n[ 14 ] CVE-2021-30934\n https://nvd.nist.gov/vuln/detail/CVE-2021-30934\n[ 15 ] CVE-2021-1871\n https://nvd.nist.gov/vuln/detail/CVE-2021-1871\n[ 16 ] CVE-2021-30762\n https://nvd.nist.gov/vuln/detail/CVE-2021-30762\n[ 17 ] WSA-2021-0006\n https://webkitgtk.org/security/WSA-2021-0006.html\n[ 18 ] CVE-2021-30797\n https://nvd.nist.gov/vuln/detail/CVE-2021-30797\n[ 19 ] CVE-2021-30936\n https://nvd.nist.gov/vuln/detail/CVE-2021-30936\n[ 20 ] CVE-2021-30663\n https://nvd.nist.gov/vuln/detail/CVE-2021-30663\n[ 21 ] CVE-2021-1825\n https://nvd.nist.gov/vuln/detail/CVE-2021-1825\n[ 22 ] CVE-2021-30951\n https://nvd.nist.gov/vuln/detail/CVE-2021-30951\n[ 23 ] CVE-2021-30952\n https://nvd.nist.gov/vuln/detail/CVE-2021-30952\n[ 24 ] CVE-2021-1788\n https://nvd.nist.gov/vuln/detail/CVE-2021-1788\n[ 25 ] CVE-2021-1820\n https://nvd.nist.gov/vuln/detail/CVE-2021-1820\n[ 26 ] CVE-2021-30953\n https://nvd.nist.gov/vuln/detail/CVE-2021-30953\n[ 27 ] CVE-2021-30749\n https://nvd.nist.gov/vuln/detail/CVE-2021-30749\n[ 28 ] CVE-2021-30849\n https://nvd.nist.gov/vuln/detail/CVE-2021-30849\n[ 29 ] CVE-2021-1826\n https://nvd.nist.gov/vuln/detail/CVE-2021-1826\n[ 30 ] CVE-2021-30836\n https://nvd.nist.gov/vuln/detail/CVE-2021-30836\n[ 31 ] CVE-2021-30954\n https://nvd.nist.gov/vuln/detail/CVE-2021-30954\n[ 32 ] CVE-2021-30984\n https://nvd.nist.gov/vuln/detail/CVE-2021-30984\n[ 33 ] CVE-2021-30851\n https://nvd.nist.gov/vuln/detail/CVE-2021-30851\n[ 34 ] CVE-2021-30758\n https://nvd.nist.gov/vuln/detail/CVE-2021-30758\n[ 35 ] CVE-2021-42762\n https://nvd.nist.gov/vuln/detail/CVE-2021-42762\n[ 36 ] CVE-2021-1844\n https://nvd.nist.gov/vuln/detail/CVE-2021-1844\n[ 37 ] CVE-2021-30689\n https://nvd.nist.gov/vuln/detail/CVE-2021-30689\n[ 38 ] CVE-2021-45482\n https://nvd.nist.gov/vuln/detail/CVE-2021-45482\n[ 39 ] CVE-2021-30858\n https://nvd.nist.gov/vuln/detail/CVE-2021-30858\n[ 40 ] CVE-2021-21779\n https://nvd.nist.gov/vuln/detail/CVE-2021-21779\n[ 41 ] WSA-2021-0004\n https://webkitgtk.org/security/WSA-2021-0004.html\n[ 42 ] CVE-2021-30846\n https://nvd.nist.gov/vuln/detail/CVE-2021-30846\n[ 43 ] CVE-2021-30744\n https://nvd.nist.gov/vuln/detail/CVE-2021-30744\n[ 44 ] CVE-2021-30809\n https://nvd.nist.gov/vuln/detail/CVE-2021-30809\n[ 45 ] CVE-2021-30884\n https://nvd.nist.gov/vuln/detail/CVE-2021-30884\n[ 46 ] CVE-2021-30720\n https://nvd.nist.gov/vuln/detail/CVE-2021-30720\n[ 47 ] CVE-2021-30799\n https://nvd.nist.gov/vuln/detail/CVE-2021-30799\n[ 48 ] CVE-2021-30795\n https://nvd.nist.gov/vuln/detail/CVE-2021-30795\n[ 49 ] CVE-2021-1817\n https://nvd.nist.gov/vuln/detail/CVE-2021-1817\n[ 50 ] CVE-2021-21775\n https://nvd.nist.gov/vuln/detail/CVE-2021-21775\n[ 51 ] CVE-2021-30887\n https://nvd.nist.gov/vuln/detail/CVE-2021-30887\n[ 52 ] CVE-2021-21806\n https://nvd.nist.gov/vuln/detail/CVE-2021-21806\n[ 53 ] CVE-2021-30818\n https://nvd.nist.gov/vuln/detail/CVE-2021-30818\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202202-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4923-1 security@debian.org\nhttps://www.debian.org/security/ Alberto Garcia\nMay 30, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : webkit2gtk\nCVE ID : CVE-2021-1788 CVE-2021-1844 CVE-2021-1871\n\nThe following vulnerabilities have been discovered in the webkit2gtk\nweb engine:\n\nCVE-2021-1788\n\n Francisco Alonso discovered that processing maliciously crafted\n web content may lead to arbitrary code execution. \n\nCVE-2021-1844\n\n Clement Lecigne and Alison Huffman discovered that processing\n maliciously crafted web content may lead to arbitrary code\n execution. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.32.1-1~deb10u1. \n\nWe recommend that you upgrade your webkit2gtk packages",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1871"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013403"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-376531"
},
{
"db": "VULMON",
"id": "CVE-2021-1871"
},
{
"db": "PACKETSTORM",
"id": "164872"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "161146"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "169056"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-376531",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376531"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-1871",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "165794",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161146",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "164872",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013403",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021053113",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1566",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1486",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3779",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0245",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0382",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1582",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2194",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0349",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0298",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2426",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-376531",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-1871",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165631",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169056",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376531"
},
{
"db": "VULMON",
"id": "CVE-2021-1871"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013403"
},
{
"db": "PACKETSTORM",
"id": "164872"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "161146"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "169056"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2426"
},
{
"db": "NVD",
"id": "CVE-2021-1871"
}
]
},
"id": "VAR-202104-0751",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-376531"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:12:53.252000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT211288 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://www.debian.org/security/2021/dsa-4923"
},
{
"title": "Apple iOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140038"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2021/01/26/apple_ios_zero_days/"
},
{
"title": "Debian Security Advisories: DSA-4923-1 webkit2gtk -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=4cbb4ba16865adcfcdd56276b66c2c2f"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-1871 log"
},
{
"title": "Known Exploited Vulnerabilities Detector",
"trust": 0.1,
"url": "https://github.com/Ostorlab/KEV "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/apple-zero%e2%80%91days-active-attack/165842/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/apple-webkit-remote-code-execution/164595/"
},
{
"title": null,
"trust": 0.1,
"url": "https://www.welivesecurity.com/2021/01/27/apple-patches-three-ios-zero-days-under-attack/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-1871"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013403"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2426"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013403"
},
{
"db": "NVD",
"id": "CVE-2021-1871"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.debian.org/security/2021/dsa-4923"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212146"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212147"
},
{
"trust": 1.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1871"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/l3l6zzou5js7e3rfyglp7uflxcg7tnlu/"
},
{
"trust": 0.8,
"url": "https://cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l3l6zzou5js7e3rfyglp7uflxcg7tnlu/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0245"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021053113"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkit-code-execution-35217"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0382"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161146/apple-security-advisory-2021-01-26-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3779"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1566"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0349/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1582"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164872/red-hat-security-advisory-2021-4381-05.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-ios-three-vulnerabilities-34417"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0298/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1486"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2194"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165794/gentoo-linux-security-advisory-202202-01.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1844"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21775"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30744"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30663"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1844"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21779"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30689"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30744"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21775"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30749"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30795"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1871"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21806"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30734"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1870"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30758"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1870"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1801"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36241"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30797"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1765"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13558"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13558"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30665"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-28650"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24870"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1799"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30758"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21779"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-29623"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1789"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27918"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30749"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30795"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30663"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1788"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30799"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30665"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30689"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21806"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30682"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30682"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30734"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/apple-zero%e2%80%91days-active-attack/165842/"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2021-1871"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1765"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1801"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1799"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24870"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1789"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36241"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28650"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3575"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15389"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-18032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3948"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27828"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26926"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0202"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15389"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27824"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212146."
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1782"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30851"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30952"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0005.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30936"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30954"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30890"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30818"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202202-01"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45482"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30809"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30661"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30666"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30951"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0004.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30888"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0006.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30836"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/webkit2gtk"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376531"
},
{
"db": "VULMON",
"id": "CVE-2021-1871"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013403"
},
{
"db": "PACKETSTORM",
"id": "164872"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "161146"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "169056"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2426"
},
{
"db": "NVD",
"id": "CVE-2021-1871"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-376531"
},
{
"db": "VULMON",
"id": "CVE-2021-1871"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013403"
},
{
"db": "PACKETSTORM",
"id": "164872"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "161146"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "169056"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2426"
},
{
"db": "NVD",
"id": "CVE-2021-1871"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-376531"
},
{
"date": "2021-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1871"
},
{
"date": "2022-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-013403"
},
{
"date": "2021-11-10T17:09:58",
"db": "PACKETSTORM",
"id": "164872"
},
{
"date": "2022-01-20T17:48:29",
"db": "PACKETSTORM",
"id": "165631"
},
{
"date": "2021-01-27T14:07:26",
"db": "PACKETSTORM",
"id": "161146"
},
{
"date": "2022-02-01T17:03:05",
"db": "PACKETSTORM",
"id": "165794"
},
{
"date": "2021-05-28T19:12:00",
"db": "PACKETSTORM",
"id": "169056"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-01-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2426"
},
{
"date": "2021-04-02T19:15:20.663000",
"db": "NVD",
"id": "CVE-2021-1871"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-26T00:00:00",
"db": "VULHUB",
"id": "VHN-376531"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1871"
},
{
"date": "2024-05-31T06:09:00",
"db": "JVNDB",
"id": "JVNDB-2021-013403"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2426"
},
{
"date": "2024-11-21T05:45:15.920000",
"db": "NVD",
"id": "CVE-2021-1871"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2426"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Apple\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013403"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2426"
}
],
"trust": 1.2
}
}
var-202110-1615
Vulnerability from variot
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from untrusted sources. jQuery-UI Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. jQuery is an open source, cross-browser JavaScript library developed by American John Resig individual developer. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update Advisory ID: RHSA-2022:4711-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2022:4711 Issue date: 2022-05-26 CVE Names: CVE-2021-3807 CVE-2021-23425 CVE-2021-33502 CVE-2021-41182 CVE-2021-41183 CVE-2021-41184 ==================================================================== 1. Summary:
Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch
- Description:
The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
Security Fix(es):
-
nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)
-
nodejs-trim-off-newlines: ReDoS via string processing (CVE-2021-23425)
-
normalize-url: ReDoS for data URLs (CVE-2021-33502)
-
jquery-ui: XSS in the altField option of the datepicker widget (CVE-2021-41182)
-
jquery-ui: XSS in *Text options of the datepicker widget (CVE-2021-41183)
-
jquery-ui: XSS in the 'of' option of the .position() util (CVE-2021-41184)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
A list of bugs fixed in this update is available in the Technical Notes book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/2974891
- Bugs fixed (https://bugzilla.redhat.com/):
655153 - [RFE] confirmation prompt when suspending a virtual machine - webadmin 977778 - [RFE] - Mechanism for converting disks for non-running VMS 1624015 - [RFE] Expose Console Options and Console invocation via API 1648985 - VM from VM-pool which is already in use by a SuperUser is presented to another User with UserRole permission who can shutdown the VM. 1667517 - [RFE] add VM Portal setting for set screen mode 1687845 - Multiple notification for one time host activation 1781241 - missing ?connect automatically? option in vm portal 1782056 - [RFE] Integration of built-in ipsec feature in RHV/RHHI-V with OVN 1849169 - [RFE] add virtualCPUs/physicalCPUs ratio property to evenly_distributed policy 1878930 - [RFE] Provide warning event if MAC Address Pool free and available addresses are below threshold 1922977 - [RFE] VM shared disks are not part of the OVF_STORE 1926625 - [RFE] How to enable HTTP Strict Transport Security (HSTS) on Apache HTTPD for Red Hat Virtualization Manager 1927985 - [RFE] Speed up export-to-OVA on NFS by aligning loopback device offset 1944290 - URL to change the password is not shown properly 1944834 - [RFE] Timer for Console Disconnect Action - Shutdown VM after N minutes of being disconnected (Webadmin-only) 1956295 - Template import from storage domain fails when quota is enabled. 1959186 - Enable assignment of user quota when provisioning from a non-blank template via rest-api 1964208 - [RFE] add new feature for VM's screenshot on RestAPI 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs 1971622 - Incorrect warning displayed: "The VM CPU does not match the Cluster CPU Type" 1974741 - Disk images remain in locked state if the HE VM is rebooted during a image transfer 1979441 - High Performance VMs always have "VM CPU does not match the cluster CPU Type" warning 1979797 - Ask user for confirmation when the deleted storage domain has leases of VMs that has disk in other SDs 1980192 - Network statistics copy a U64 into DECIMAL(18,4) 1986726 - VM imported from OVA gets thin provisioned disk despite of allocation policy set as 'preallocated' 1986834 - [DOCS] add nodejs and maven to list of subscription streams to be enabled in RHVM installation 1987121 - [RFE] Support enabling nVidia Unified Memory on mdev vGPU 1988496 - vmconsole-proxy-helper.cer is not renewed when running engine-setup 1990462 - [RFE] Add user name and password to ELK integration 1991240 - Assign user quota when provisioning from a non-blank template via web-ui 1995793 - CVE-2021-23425 nodejs-trim-off-newlines: ReDoS via string processing 1996123 - ovf stores capacity/truesize on the storage does not match values in engine database 1998255 - [RFE] [UI] Add search box for vNIC Profiles in RHVM WebUI on the main vNIC profiles tab 1999698 - ssl.conf modifications of engine-setup do not conform to best practices (according to red hat insights) 2000031 - SPM host is rebooted multiple times when engine recovers the host 2002283 - Make NumOfPciExpressPorts configurable via engine-config 2003883 - Failed to update the VFs configuration of network interface card type 82599ES and X520 2003996 - ovirt_snapshot module fails to delete snapshot when there is a "Next Run configuration snapshot" 2006602 - vm_statistics table has wrong type for guest_mem_ columns. 2006745 - [MBS] Template disk Copy from data storage domain to Managed Block Storage domain is failing 2007384 - Failed to parse 'writeRate' value xxxx to integer: For input string: xxxx 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2008798 - Older name rhv-openvswitch is not checked in ansible playbook 2010203 - Log analyzer creates faulty VM unmanaged devices report 2010903 - I/O operations/sec reporting wrong values 2013928 - Log analyzer creates faulty non default vdc_option report 2014888 - oVirt executive dashboard/Virtual Machine dashboard does not actually show disk I/O operations per second, but it shows sum of I/o operations since the boot time of VM 2015796 - [RFE] RHV Manager should support running on a host with DISA STIG security profile applied 2019144 - CVE-2021-41182 jquery-ui: XSS in the altField option of the datepicker widget 2019148 - CVE-2021-41183 jquery-ui: XSS in Text options of the datepicker widget 2019153 - CVE-2021-41184 jquery-ui: XSS in the 'of' option of the .position() util 2021217 - [RFE] Windows 2022 support 2023250 - [RFE] Use virt:rhel module instead of virt:av in RHEL 8.6+ to get advanced virtualization packages 2023786 - RHV VM with SAP monitoring configuration does not fail to start if the Host is missing vdsm-hook-vhostmd 2024202 - RHV Dashboard does not show memory and storage details properly when using Spanish language. 2025936 - metrics configuration playbooks failing due to rhel-system-role last refactor 2030596 - [RFE] RHV Manager should support running on a host with the PCI-DSS security profile applied 2030663 - Update Network statistics types in DWH 2031027 - The /usr/share/ovirt-engine/ansible-runner-service-project/inventory/hosts fails rpm verification 2035051 - removing nfs-utils cause ovirt-engine removal due to cinderlib dep tree 2037115 - rhv-image-discrepancies (rhv-log-collector-analyzer-1.0.11-1.el8ev) tool continues flags OVF_STORE volumes. 2037121 - RFE: Add Data Center and Storage Domain name in the rhv-image-discrepancies tool output. 2040361 - Hotplug VirtIO-SCSI disk fails with error "Domain already contains a disk with that address" when IO threads > 1 2040402 - unable to use --log-size=0 option 2040474 - [RFE] Add progress tracking for Cluster Upgrade 2041544 - Admin GUI: Making selection of host while uploading disk it will immediately replace it with the first active host in the list. 2043146 - Expired /etc/pki/vdsm/libvirt-vnc/server-cert.pem certificate is skipped during Enroll Certificate 2044273 - Remove the RHV Guest Tools ISO image upload option from engine-setup 2048546 - sosreport command should be replaced by sos report 2050566 - Upgrade ovirt-log-collector to 4.4.5 2050614 - Upgrade rhvm-setup-plugins to 4.5.0 2051857 - Upgrade rhv-log-collector-analizer to 1.0.13 2052557 - RHV fails to release mdev vGPU device after VM shutdown 2052690 - [RFE] Upgrade to ansible-core-2.12 in ovirt-engine 2054756 - [welcome page] Add link to MTV guide 2055136 - virt module is not changed to the correct stream during host upgrade 2056021 - [BUG]: "Enroll Certificate" operation not updating libvirt-vnc cert and key 2056052 - RHV-H w/ PCI-DSS profile causes OVA export to fail 2056126 - [RFE] Extend time to warn of upcoming certificate expiration 2058264 - Export as OVA playbook gets stuck with 'found an incomplete artifacts directory...Possible ansible_runner error?' 2059521 - [RFE] Upgrade to ansible-core-2.12 in ovirt-engine-metrics 2059877 - [DOCS][Upgrade] Update RHVM update procedure in Upgrade guide 2061904 - Unable to attach a RHV Host back into cluster after removing due to networking 2065052 - [TRACKER] Upgrade to ansible-core-2.12 in RHV 4.4 SP1 2066084 - vmconsole-proxy-user certificate expired - cannot access serial console 2066283 - Upgrade from RHV 4.4.10 to RHV 4.5.0 is broken 2069972 - [Doc][RN]Add cluster-level 4.7 to compatibility table 2070156 - [TESTONLY] Test upgrade from ovirt-engine-4.4.1 2071468 - Engine fenced host that was already reconnected and set to Up status. 2072637 - Build and distribute python38-daemon in RHV channels 2072639 - Build and distribute ansible-runner in RHV channels 2072641 - Build and distribute python38-docutils in RHV channels 2072642 - Build and distribute python38-lockfile in RHV channels 2072645 - Build and distribute python38-pexpect in RHV channels 2072646 - Build and distribute python38-ptyprocess in RHV channels 2075352 - upgrading RHV-H does not renew certificate
- Package List:
RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:
Source: ansible-runner-2.1.3-1.el8ev.src.rpm apache-sshd-2.8.0-0.1.el8ev.src.rpm engine-db-query-1.6.4-1.el8ev.src.rpm ovirt-dependencies-4.5.1-1.el8ev.src.rpm ovirt-engine-4.5.0.7-0.9.el8ev.src.rpm ovirt-engine-dwh-4.5.2-1.el8ev.src.rpm ovirt-engine-metrics-1.6.0-1.el8ev.src.rpm ovirt-engine-ui-extensions-1.3.3-1.el8ev.src.rpm ovirt-log-collector-4.4.5-1.el8ev.src.rpm ovirt-web-ui-1.8.1-2.el8ev.src.rpm rhv-log-collector-analyzer-1.0.13-1.el8ev.src.rpm rhvm-branding-rhv-4.4.11-1.el8ev.src.rpm rhvm-setup-plugins-4.5.0-2.el8ev.src.rpm vdsm-jsonrpc-java-1.7.1-2.el8ev.src.rpm
noarch: ansible-runner-2.1.3-1.el8ev.noarch.rpm apache-sshd-2.8.0-0.1.el8ev.noarch.rpm apache-sshd-javadoc-2.8.0-0.1.el8ev.noarch.rpm engine-db-query-1.6.4-1.el8ev.noarch.rpm ovirt-dependencies-4.5.1-1.el8ev.noarch.rpm ovirt-engine-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-backend-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-dbscripts-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-dwh-4.5.2-1.el8ev.noarch.rpm ovirt-engine-dwh-grafana-integration-setup-4.5.2-1.el8ev.noarch.rpm ovirt-engine-dwh-setup-4.5.2-1.el8ev.noarch.rpm ovirt-engine-health-check-bundler-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-metrics-1.6.0-1.el8ev.noarch.rpm ovirt-engine-restapi-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-setup-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-setup-base-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-setup-plugin-cinderlib-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-setup-plugin-imageio-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-common-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-setup-plugin-websocket-proxy-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-tools-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-tools-backup-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-ui-extensions-1.3.3-1.el8ev.noarch.rpm ovirt-engine-vmconsole-proxy-helper-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-webadmin-portal-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-engine-websocket-proxy-4.5.0.7-0.9.el8ev.noarch.rpm ovirt-log-collector-4.4.5-1.el8ev.noarch.rpm ovirt-web-ui-1.8.1-2.el8ev.noarch.rpm python3-ovirt-engine-lib-4.5.0.7-0.9.el8ev.noarch.rpm python38-ansible-runner-2.1.3-1.el8ev.noarch.rpm python38-docutils-0.14-12.4.el8ev.noarch.rpm rhv-log-collector-analyzer-1.0.13-1.el8ev.noarch.rpm rhvm-4.5.0.7-0.9.el8ev.noarch.rpm rhvm-branding-rhv-4.4.11-1.el8ev.noarch.rpm rhvm-setup-plugins-4.5.0-2.el8ev.noarch.rpm vdsm-jsonrpc-java-1.7.1-2.el8ev.noarch.rpm vdsm-jsonrpc-java-javadoc-1.7.1-2.el8ev.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-3807 https://access.redhat.com/security/cve/CVE-2021-23425 https://access.redhat.com/security/cve/CVE-2021-33502 https://access.redhat.com/security/cve/CVE-2021-41182 https://access.redhat.com/security/cve/CVE-2021-41183 https://access.redhat.com/security/cve/CVE-2021-41184 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYo/qI9zjgjWX9erEAQhpng//aJBlyx9sUzPTC08WE6OwY4Ihk8b0wSh5 C9RWX/PmlDE2CAivQHpSs8D7/IizHl4Arn6f0HJx+NavN8YfbApqs2mcq+KUKYuC /VxCb3YlukeDsXeYIM+ScifS9M+N+WNGy9BRrlcYxZ4Ya5zLYv/ibrrHCX44yKz8 Jg5abyQyCzI6DEPjSDRIZkULLIdkbQ8xGd7j5P4ThAR2MRf8deeHez4/NmfrQm6n Q3f4qeQlljiNgoGdxa2z65Shxpb3pkWGt81MZuMwKpRa6EDBDs8vGMA0LZamsikv XZUU2P7d+JrXvLd2bmfGty6EaQ2FY0XoB0vvK1AyUhSZkX2thUvFsEgIdWjLSu4a eT28D2etZLTIyl1DB42L+5gcomaQTn0sT0i99ExWkFyf9xWne+ygOFYydjV0/fy+ 530Pwzlk9c2QtHgJ/XzGU12QLzKa/tvLbqXTfmAmlqDkU/+3aIr2l5SgnudzY4NN BAUae8noIVWEs6L+6DY5HYt+x+WYYLipQh9gPjpBOaH+sEFvZ2+GzlVR0zF4IM5E qLH5bopwO6GfHeNjv+4U+l+3kjhJIpwrsy/uzc+/mExrraYFpZc8skbcGRyhQ7ML CtHSV7Y4x/OguhgYeqx1ocCfpIpkbu4MGa4esGDW4ocvL03AHnbxOG7gGvBH35oF cada2etYwu0=nreb -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-1615",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "9.2.0"
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "9.2.11"
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "7.0"
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "9.3.3"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "9.3.0"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "jquery ui",
"scope": "lt",
"trust": 1.0,
"vendor": "jqueryui",
"version": "1.13.0"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "hospitality inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1.0"
},
{
"model": "big data spatial and graph",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "23.1"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "policy automation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "policy automation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"model": "hospitality suite8",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.14.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "big data spatial and graph",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "23.1"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.29"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "hospitality suite8",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.10.2"
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "7.86"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.12.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "hospitality suite8",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.11.0"
},
{
"model": "rest data services",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.6.3"
},
{
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "rest data services",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.1"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12.0"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "application express",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"model": "tenable.sc",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "5.21.0"
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h300s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "h500e",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "h500s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "ui",
"scope": null,
"trust": 0.8,
"vendor": "jquery",
"version": null
},
{
"model": "h410c",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "h300e",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "h700e",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "drupal",
"scope": null,
"trust": 0.8,
"vendor": "drupal",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "h410s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "h700s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014042"
},
{
"db": "NVD",
"id": "CVE-2021-41183"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "167278"
}
],
"trust": 0.1
},
"cve": "CVE-2021-41183",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-41183",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-397877",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2021-41183",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2021-41183",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-41183",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-41183",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2021-41183",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-41183",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-1839",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-397877",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-41183",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-397877"
},
{
"db": "VULMON",
"id": "CVE-2021-41183"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014042"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1839"
},
{
"db": "NVD",
"id": "CVE-2021-41183"
},
{
"db": "NVD",
"id": "CVE-2021-41183"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. jQuery-UI Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. jQuery is an open source, cross-browser JavaScript library developed by American John Resig individual developer. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update\nAdvisory ID: RHSA-2022:4711-01\nProduct: Red Hat Virtualization\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:4711\nIssue date: 2022-05-26\nCVE Names: CVE-2021-3807 CVE-2021-23425 CVE-2021-33502\n CVE-2021-41182 CVE-2021-41183 CVE-2021-41184\n====================================================================\n1. Summary:\n\nUpdated ovirt-engine packages that fix several bugs and add various\nenhancements are now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch\n\n3. Description:\n\nThe ovirt-engine package provides the Red Hat Virtualization Manager, a\ncentralized management platform that allows system administrators to view\nand manage virtual machines. The Manager provides a comprehensive range of\nfeatures including search capabilities, resource management, live\nmigrations, and virtual infrastructure provisioning. \n\nSecurity Fix(es):\n\n* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching\nANSI escape codes (CVE-2021-3807)\n\n* nodejs-trim-off-newlines: ReDoS via string processing (CVE-2021-23425)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* jquery-ui: XSS in the altField option of the datepicker widget\n(CVE-2021-41182)\n\n* jquery-ui: XSS in *Text options of the datepicker widget (CVE-2021-41183)\n\n* jquery-ui: XSS in the \u0027of\u0027 option of the .position() util\n(CVE-2021-41184)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nA list of bugs fixed in this update is available in the Technical Notes\nbook:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n655153 - [RFE] confirmation prompt when suspending a virtual machine - webadmin\n977778 - [RFE] - Mechanism for converting disks for non-running VMS\n1624015 - [RFE] Expose Console Options and Console invocation via API\n1648985 - VM from VM-pool which is already in use by a SuperUser is presented to another User with UserRole permission who can shutdown the VM. \n1667517 - [RFE] add VM Portal setting for set screen mode\n1687845 - Multiple notification for one time host activation\n1781241 - missing ?connect automatically? option in vm portal\n1782056 - [RFE] Integration of built-in ipsec feature in RHV/RHHI-V with OVN\n1849169 - [RFE] add virtualCPUs/physicalCPUs ratio property to evenly_distributed policy\n1878930 - [RFE] Provide warning event if MAC Address Pool free and available addresses are below threshold\n1922977 - [RFE] VM shared disks are not part of the OVF_STORE\n1926625 - [RFE] How to enable HTTP Strict Transport Security (HSTS) on Apache HTTPD for Red Hat Virtualization Manager\n1927985 - [RFE] Speed up export-to-OVA on NFS by aligning loopback device offset\n1944290 - URL to change the password is not shown properly\n1944834 - [RFE] Timer for Console Disconnect Action - Shutdown VM after N minutes of being disconnected (Webadmin-only)\n1956295 - Template import from storage domain fails when quota is enabled. \n1959186 - Enable assignment of user quota when provisioning from a non-blank template via rest-api\n1964208 - [RFE] add new feature for VM\u0027s screenshot on RestAPI\n1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs\n1971622 - Incorrect warning displayed: \"The VM CPU does not match the Cluster CPU Type\"\n1974741 - Disk images remain in locked state if the HE VM is rebooted during a image transfer\n1979441 - High Performance VMs always have \"VM CPU does not match the cluster CPU Type\" warning\n1979797 - Ask user for confirmation when the deleted storage domain has leases of VMs that has disk in other SDs\n1980192 - Network statistics copy a U64 into DECIMAL(18,4)\n1986726 - VM imported from OVA gets thin provisioned disk despite of allocation policy set as \u0027preallocated\u0027\n1986834 - [DOCS] add nodejs and maven to list of subscription streams to be enabled in RHVM installation\n1987121 - [RFE] Support enabling nVidia Unified Memory on mdev vGPU\n1988496 - vmconsole-proxy-helper.cer is not renewed when running engine-setup\n1990462 - [RFE] Add user name and password to ELK integration\n1991240 - Assign user quota when provisioning from a non-blank template via web-ui\n1995793 - CVE-2021-23425 nodejs-trim-off-newlines: ReDoS via string processing\n1996123 - ovf stores capacity/truesize on the storage does not match values in engine database\n1998255 - [RFE] [UI] Add search box for vNIC Profiles in RHVM WebUI on the main vNIC profiles tab\n1999698 - ssl.conf modifications of engine-setup do not conform to best practices (according to red hat insights)\n2000031 - SPM host is rebooted multiple times when engine recovers the host\n2002283 - Make NumOfPciExpressPorts configurable via engine-config\n2003883 - Failed to update the VFs configuration of network interface card type 82599ES and X520\n2003996 - ovirt_snapshot module fails to delete snapshot when there is a \"Next Run configuration snapshot\"\n2006602 - vm_statistics table has wrong type for guest_mem_* columns. \n2006745 - [MBS] Template disk Copy from data storage domain to Managed Block Storage domain is failing\n2007384 - Failed to parse \u0027writeRate\u0027 value xxxx to integer: For input string: xxxx\n2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes\n2008798 - Older name rhv-openvswitch is not checked in ansible playbook\n2010203 - Log analyzer creates faulty VM unmanaged devices report\n2010903 - I/O operations/sec reporting wrong values\n2013928 - Log analyzer creates faulty non default vdc_option report\n2014888 - oVirt executive dashboard/Virtual Machine dashboard does not actually show disk I/O operations per second, but it shows sum of I/o operations since the boot time of VM\n2015796 - [RFE] RHV Manager should support running on a host with DISA STIG security profile applied\n2019144 - CVE-2021-41182 jquery-ui: XSS in the altField option of the datepicker widget\n2019148 - CVE-2021-41183 jquery-ui: XSS in *Text options of the datepicker widget\n2019153 - CVE-2021-41184 jquery-ui: XSS in the \u0027of\u0027 option of the .position() util\n2021217 - [RFE] Windows 2022 support\n2023250 - [RFE] Use virt:rhel module instead of virt:av in RHEL 8.6+ to get advanced virtualization packages\n2023786 - RHV VM with SAP monitoring configuration does not fail to start if the Host is missing vdsm-hook-vhostmd\n2024202 - RHV Dashboard does not show memory and storage details properly when using Spanish language. \n2025936 - metrics configuration playbooks failing due to rhel-system-role last refactor\n2030596 - [RFE] RHV Manager should support running on a host with the PCI-DSS security profile applied\n2030663 - Update Network statistics types in DWH\n2031027 - The /usr/share/ovirt-engine/ansible-runner-service-project/inventory/hosts fails rpm verification\n2035051 - removing nfs-utils cause ovirt-engine removal due to cinderlib dep tree\n2037115 - rhv-image-discrepancies (rhv-log-collector-analyzer-1.0.11-1.el8ev) tool continues flags OVF_STORE volumes. \n2037121 - RFE: Add Data Center and Storage Domain name in the rhv-image-discrepancies tool output. \n2040361 - Hotplug VirtIO-SCSI disk fails with error \"Domain already contains a disk with that address\" when IO threads \u003e 1\n2040402 - unable to use --log-size=0 option\n2040474 - [RFE] Add progress tracking for Cluster Upgrade\n2041544 - Admin GUI: Making selection of host while uploading disk it will immediately replace it with the first active host in the list. \n2043146 - Expired /etc/pki/vdsm/libvirt-vnc/server-cert.pem certificate is skipped during Enroll Certificate\n2044273 - Remove the RHV Guest Tools ISO image upload option from engine-setup\n2048546 - sosreport command should be replaced by sos report\n2050566 - Upgrade ovirt-log-collector to 4.4.5\n2050614 - Upgrade rhvm-setup-plugins to 4.5.0\n2051857 - Upgrade rhv-log-collector-analizer to 1.0.13\n2052557 - RHV fails to release mdev vGPU device after VM shutdown\n2052690 - [RFE] Upgrade to ansible-core-2.12 in ovirt-engine\n2054756 - [welcome page] Add link to MTV guide\n2055136 - virt module is not changed to the correct stream during host upgrade\n2056021 - [BUG]: \"Enroll Certificate\" operation not updating libvirt-vnc cert and key\n2056052 - RHV-H w/ PCI-DSS profile causes OVA export to fail\n2056126 - [RFE] Extend time to warn of upcoming certificate expiration\n2058264 - Export as OVA playbook gets stuck with \u0027found an incomplete artifacts directory...Possible ansible_runner error?\u0027\n2059521 - [RFE] Upgrade to ansible-core-2.12 in ovirt-engine-metrics\n2059877 - [DOCS][Upgrade] Update RHVM update procedure in Upgrade guide\n2061904 - Unable to attach a RHV Host back into cluster after removing due to networking\n2065052 - [TRACKER] Upgrade to ansible-core-2.12 in RHV 4.4 SP1\n2066084 - vmconsole-proxy-user certificate expired - cannot access serial console\n2066283 - Upgrade from RHV 4.4.10 to RHV 4.5.0 is broken\n2069972 - [Doc][RN]Add cluster-level 4.7 to compatibility table\n2070156 - [TESTONLY] Test upgrade from ovirt-engine-4.4.1\n2071468 - Engine fenced host that was already reconnected and set to Up status. \n2072637 - Build and distribute python38-daemon in RHV channels\n2072639 - Build and distribute ansible-runner in RHV channels\n2072641 - Build and distribute python38-docutils in RHV channels\n2072642 - Build and distribute python38-lockfile in RHV channels\n2072645 - Build and distribute python38-pexpect in RHV channels\n2072646 - Build and distribute python38-ptyprocess in RHV channels\n2075352 - upgrading RHV-H does not renew certificate\n\n6. Package List:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:\n\nSource:\nansible-runner-2.1.3-1.el8ev.src.rpm\napache-sshd-2.8.0-0.1.el8ev.src.rpm\nengine-db-query-1.6.4-1.el8ev.src.rpm\novirt-dependencies-4.5.1-1.el8ev.src.rpm\novirt-engine-4.5.0.7-0.9.el8ev.src.rpm\novirt-engine-dwh-4.5.2-1.el8ev.src.rpm\novirt-engine-metrics-1.6.0-1.el8ev.src.rpm\novirt-engine-ui-extensions-1.3.3-1.el8ev.src.rpm\novirt-log-collector-4.4.5-1.el8ev.src.rpm\novirt-web-ui-1.8.1-2.el8ev.src.rpm\nrhv-log-collector-analyzer-1.0.13-1.el8ev.src.rpm\nrhvm-branding-rhv-4.4.11-1.el8ev.src.rpm\nrhvm-setup-plugins-4.5.0-2.el8ev.src.rpm\nvdsm-jsonrpc-java-1.7.1-2.el8ev.src.rpm\n\nnoarch:\nansible-runner-2.1.3-1.el8ev.noarch.rpm\napache-sshd-2.8.0-0.1.el8ev.noarch.rpm\napache-sshd-javadoc-2.8.0-0.1.el8ev.noarch.rpm\nengine-db-query-1.6.4-1.el8ev.noarch.rpm\novirt-dependencies-4.5.1-1.el8ev.noarch.rpm\novirt-engine-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-backend-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-dbscripts-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-dwh-4.5.2-1.el8ev.noarch.rpm\novirt-engine-dwh-grafana-integration-setup-4.5.2-1.el8ev.noarch.rpm\novirt-engine-dwh-setup-4.5.2-1.el8ev.noarch.rpm\novirt-engine-health-check-bundler-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-metrics-1.6.0-1.el8ev.noarch.rpm\novirt-engine-restapi-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-setup-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-setup-base-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-setup-plugin-cinderlib-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-setup-plugin-imageio-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-common-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-setup-plugin-websocket-proxy-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-tools-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-tools-backup-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-ui-extensions-1.3.3-1.el8ev.noarch.rpm\novirt-engine-vmconsole-proxy-helper-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-webadmin-portal-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-engine-websocket-proxy-4.5.0.7-0.9.el8ev.noarch.rpm\novirt-log-collector-4.4.5-1.el8ev.noarch.rpm\novirt-web-ui-1.8.1-2.el8ev.noarch.rpm\npython3-ovirt-engine-lib-4.5.0.7-0.9.el8ev.noarch.rpm\npython38-ansible-runner-2.1.3-1.el8ev.noarch.rpm\npython38-docutils-0.14-12.4.el8ev.noarch.rpm\nrhv-log-collector-analyzer-1.0.13-1.el8ev.noarch.rpm\nrhvm-4.5.0.7-0.9.el8ev.noarch.rpm\nrhvm-branding-rhv-4.4.11-1.el8ev.noarch.rpm\nrhvm-setup-plugins-4.5.0-2.el8ev.noarch.rpm\nvdsm-jsonrpc-java-1.7.1-2.el8ev.noarch.rpm\nvdsm-jsonrpc-java-javadoc-1.7.1-2.el8ev.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3807\nhttps://access.redhat.com/security/cve/CVE-2021-23425\nhttps://access.redhat.com/security/cve/CVE-2021-33502\nhttps://access.redhat.com/security/cve/CVE-2021-41182\nhttps://access.redhat.com/security/cve/CVE-2021-41183\nhttps://access.redhat.com/security/cve/CVE-2021-41184\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYo/qI9zjgjWX9erEAQhpng//aJBlyx9sUzPTC08WE6OwY4Ihk8b0wSh5\nC9RWX/PmlDE2CAivQHpSs8D7/IizHl4Arn6f0HJx+NavN8YfbApqs2mcq+KUKYuC\n/VxCb3YlukeDsXeYIM+ScifS9M+N+WNGy9BRrlcYxZ4Ya5zLYv/ibrrHCX44yKz8\nJg5abyQyCzI6DEPjSDRIZkULLIdkbQ8xGd7j5P4ThAR2MRf8deeHez4/NmfrQm6n\nQ3f4qeQlljiNgoGdxa2z65Shxpb3pkWGt81MZuMwKpRa6EDBDs8vGMA0LZamsikv\nXZUU2P7d+JrXvLd2bmfGty6EaQ2FY0XoB0vvK1AyUhSZkX2thUvFsEgIdWjLSu4a\neT28D2etZLTIyl1DB42L+5gcomaQTn0sT0i99ExWkFyf9xWne+ygOFYydjV0/fy+\n530Pwzlk9c2QtHgJ/XzGU12QLzKa/tvLbqXTfmAmlqDkU/+3aIr2l5SgnudzY4NN\nBAUae8noIVWEs6L+6DY5HYt+x+WYYLipQh9gPjpBOaH+sEFvZ2+GzlVR0zF4IM5E\nqLH5bopwO6GfHeNjv+4U+l+3kjhJIpwrsy/uzc+/mExrraYFpZc8skbcGRyhQ7ML\nCtHSV7Y4x/OguhgYeqx1ocCfpIpkbu4MGa4esGDW4ocvL03AHnbxOG7gGvBH35oF\ncada2etYwu0=nreb\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-41183"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014042"
},
{
"db": "VULHUB",
"id": "VHN-397877"
},
{
"db": "VULMON",
"id": "CVE-2021-41183"
},
{
"db": "PACKETSTORM",
"id": "167278"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-41183",
"trust": 3.5
},
{
"db": "TENABLE",
"id": "TNS-2022-09",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "167278",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014042",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1839",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.2458",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0236",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2191",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5431",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2599",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1792",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3896",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1837",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6384",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022030804",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062021",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042017",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011946",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-397877",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-41183",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-397877"
},
{
"db": "VULMON",
"id": "CVE-2021-41183"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014042"
},
{
"db": "PACKETSTORM",
"id": "167278"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1839"
},
{
"db": "NVD",
"id": "CVE-2021-41183"
}
]
},
"id": "VAR-202110-1615",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-397877"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:20:12.662000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NTAP-20211118-0004",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
},
{
"title": "jQuery Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=167278"
},
{
"title": "Red Hat: Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224711 - Security Advisory"
},
{
"title": "Red Hat: CVE-2021-41183",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-41183"
},
{
"title": "IBM: Security Bulletin: API Connect is vulnerable to JQuery-UI Cross-Site Scripting (XSS) (CVE-2021-41184, CVE-2021-41183, CVE-2021-41182)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=cad03619ba21e75b9c9476e5adf69069"
},
{
"title": "Tenable Security Advisories: [R1] Tenable.sc 5.21.0 Fixes Multiple Third-Party Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2022-09"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2021-41183 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/marksowell/retire-html-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-41183"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014042"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1839"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-397877"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014042"
},
{
"db": "NVD",
"id": "CVE-2021-41183"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nxiuubrvla4e7g7mmikcen75yn7uferw/"
},
{
"trust": 1.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/o74sxyy7rgxreqdqudqd4bpj4qqtd2xq/"
},
{
"trust": 1.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/snxa7xrkginwsuipiz6zbctv6n3kshes/"
},
{
"trust": 1.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hvkiowsxl2rf2ulnap7phesycfszije3/"
},
{
"trust": 1.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sgsy236pysfyiebrgderla7osy6d7xl4/"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
},
{
"trust": 1.8,
"url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
},
{
"trust": 1.8,
"url": "https://bugs.jqueryui.com/ticket/15284"
},
{
"trust": 1.8,
"url": "https://github.com/jquery/jquery-ui/pull/1953"
},
{
"trust": 1.8,
"url": "https://github.com/jquery/jquery-ui/security/advisories/ghsa-j7qv-pgf6-hvh4"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
},
{
"trust": 1.8,
"url": "https://www.drupal.org/sa-contrib-2022-004"
},
{
"trust": 1.8,
"url": "https://www.drupal.org/sa-core-2022-001"
},
{
"trust": 1.8,
"url": "https://www.drupal.org/sa-core-2022-002"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.8,
"url": "https://www.tenable.com/security/tns-2022-09"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41183"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-41183"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/o74sxyy7rgxreqdqudqd4bpj4qqtd2xq/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/snxa7xrkginwsuipiz6zbctv6n3kshes/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sgsy236pysfyiebrgderla7osy6d7xl4/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nxiuubrvla4e7g7mmikcen75yn7uferw/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hvkiowsxl2rf2ulnap7phesycfszije3/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/jquery-ui-three-vulnerabilities-36936"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022030804"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2458"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1792"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525274"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042017"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167278/red-hat-security-advisory-2022-4711-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2191"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6384"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011946"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062021"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1837"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5431"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3896"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2599"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0236"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2022:4711"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-41183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-api-connect-is-vulnerable-to-jquery-ui-cross-site-scripting-xss-cve-2021-41184-cve-2021-41183-cve-2021-41182/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23425"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41182"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41184"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23425"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3807"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41182"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33502"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-397877"
},
{
"db": "VULMON",
"id": "CVE-2021-41183"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014042"
},
{
"db": "PACKETSTORM",
"id": "167278"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1839"
},
{
"db": "NVD",
"id": "CVE-2021-41183"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-397877"
},
{
"db": "VULMON",
"id": "CVE-2021-41183"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014042"
},
{
"db": "PACKETSTORM",
"id": "167278"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1839"
},
{
"db": "NVD",
"id": "CVE-2021-41183"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-26T00:00:00",
"db": "VULHUB",
"id": "VHN-397877"
},
{
"date": "2021-10-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41183"
},
{
"date": "2022-10-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-014042"
},
{
"date": "2022-05-27T15:37:28",
"db": "PACKETSTORM",
"id": "167278"
},
{
"date": "2021-10-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1839"
},
{
"date": "2021-10-26T15:15:10.387000",
"db": "NVD",
"id": "CVE-2021-41183"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-397877"
},
{
"date": "2023-06-21T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41183"
},
{
"date": "2022-10-03T06:51:00",
"db": "JVNDB",
"id": "JVNDB-2021-014042"
},
{
"date": "2022-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1839"
},
{
"date": "2024-11-21T06:25:42.137000",
"db": "NVD",
"id": "CVE-2021-41183"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1839"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "jQuery-UI\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014042"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "167278"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1839"
}
],
"trust": 0.7
}
}
var-202201-1309
Vulnerability from variot
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments. Open vSwitch of Open vSwitch Products from multiple other vendors are vulnerable to lack of freeing memory after expiration.Service operation interruption (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-5242-1 January 20, 2022
openvswitch vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
Summary:
Open vSwitch could be made to hang or crash if it received specially crafted network traffic.
Software Description: - openvswitch: Ethernet virtual switch
Details:
It was discovered that Open vSwitch incorrectly handled certain fragmented packets. A remote attacker could possibly use this issue to cause Open vSwitch to consume resources, leading to a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: openvswitch-common 2.16.0-0ubuntu2.1
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5242-1 CVE-2021-3905
Package Information: https://launchpad.net/ubuntu/+source/openvswitch/2.16.0-0ubuntu2.1 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202311-16
https://security.gentoo.org/
Severity: Low Title: Open vSwitch: Multiple Vulnerabilities Date: November 26, 2023 Bugs: #765346, #769995, #803107, #887561 ID: 202311-16
Synopsis
Multiple denial of service vulnerabilites have been found in Open vSwitch.
Background
Open vSwitch is a production quality multilayer virtual switch.
Affected packages
Package Vulnerable Unaffected
net-misc/openvswitch < 2.17.6 >= 2.17.6
Description
Multiple vulnerabilities have been discovered in Open vSwitch. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Open vSwitch users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openvswitch-2.17.6"
References
[ 1 ] CVE-2020-27827 https://nvd.nist.gov/vuln/detail/CVE-2020-27827 [ 2 ] CVE-2020-35498 https://nvd.nist.gov/vuln/detail/CVE-2020-35498 [ 3 ] CVE-2021-3905 https://nvd.nist.gov/vuln/detail/CVE-2021-3905 [ 4 ] CVE-2021-36980 https://nvd.nist.gov/vuln/detail/CVE-2021-36980 [ 5 ] CVE-2022-4337 https://nvd.nist.gov/vuln/detail/CVE-2022-4337 [ 6 ] CVE-2022-4338 https://nvd.nist.gov/vuln/detail/CVE-2022-4338 [ 7 ] CVE-2023-1668 https://nvd.nist.gov/vuln/detail/CVE-2023-1668
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202311-16
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-1309",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "21.10"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "enterprise linux fast datapath",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux fast datapath",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.17.0"
},
{
"model": "open vswitch",
"scope": null,
"trust": 0.8,
"vendor": "open vswitch",
"version": null
},
{
"model": "red hat enterprise linux fast datapath",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020198"
},
{
"db": "NVD",
"id": "CVE-2021-3905"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "165634"
}
],
"trust": 0.1
},
"cve": "CVE-2021-3905",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-3905",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-3905",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-3905",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-3905",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-1788",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020198"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1788"
},
{
"db": "NVD",
"id": "CVE-2021-3905"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments. Open vSwitch of Open vSwitch Products from multiple other vendors are vulnerable to lack of freeing memory after expiration.Service operation interruption (DoS) It may be in a state. ==========================================================================\nUbuntu Security Notice USN-5242-1\nJanuary 20, 2022\n\nopenvswitch vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n\nSummary:\n\nOpen vSwitch could be made to hang or crash if it received specially\ncrafted network traffic. \n\nSoftware Description:\n- openvswitch: Ethernet virtual switch\n\nDetails:\n\nIt was discovered that Open vSwitch incorrectly handled certain fragmented\npackets. A remote attacker could possibly use this issue to cause Open\nvSwitch to consume resources, leading to a denial of service. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n openvswitch-common 2.16.0-0ubuntu2.1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5242-1\n CVE-2021-3905\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/openvswitch/2.16.0-0ubuntu2.1\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202311-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Open vSwitch: Multiple Vulnerabilities\n Date: November 26, 2023\n Bugs: #765346, #769995, #803107, #887561\n ID: 202311-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple denial of service vulnerabilites have been found in Open\nvSwitch. \n\nBackground\n=========\nOpen vSwitch is a production quality multilayer virtual switch. \n\nAffected packages\n================\nPackage Vulnerable Unaffected\n-------------------- ------------ ------------\nnet-misc/openvswitch \u003c 2.17.6 \u003e= 2.17.6\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Open vSwitch. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Open vSwitch users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/openvswitch-2.17.6\"\n\nReferences\n=========\n[ 1 ] CVE-2020-27827\n https://nvd.nist.gov/vuln/detail/CVE-2020-27827\n[ 2 ] CVE-2020-35498\n https://nvd.nist.gov/vuln/detail/CVE-2020-35498\n[ 3 ] CVE-2021-3905\n https://nvd.nist.gov/vuln/detail/CVE-2021-3905\n[ 4 ] CVE-2021-36980\n https://nvd.nist.gov/vuln/detail/CVE-2021-36980\n[ 5 ] CVE-2022-4337\n https://nvd.nist.gov/vuln/detail/CVE-2022-4337\n[ 6 ] CVE-2022-4338\n https://nvd.nist.gov/vuln/detail/CVE-2022-4338\n[ 7 ] CVE-2023-1668\n https://nvd.nist.gov/vuln/detail/CVE-2023-1668\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202311-16\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3905"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020198"
},
{
"db": "VULHUB",
"id": "VHN-400636"
},
{
"db": "PACKETSTORM",
"id": "165634"
},
{
"db": "PACKETSTORM",
"id": "175917"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-3905",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "165634",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020198",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.0312",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1788",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-400636",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175917",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-400636"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020198"
},
{
"db": "PACKETSTORM",
"id": "165634"
},
{
"db": "PACKETSTORM",
"id": "175917"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1788"
},
{
"db": "NVD",
"id": "CVE-2021-3905"
}
]
},
"id": "VAR-202201-1309",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-400636"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:55:09.990000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Open vSwitch Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=179330"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1788"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-401",
"trust": 1.1
},
{
"problemtype": "Lack of memory release after expiration (CWE-401) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-400636"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020198"
},
{
"db": "NVD",
"id": "CVE-2021-3905"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3905"
},
{
"trust": 2.5,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019692"
},
{
"trust": 2.5,
"url": "https://github.com/openvswitch/ovs-issues/issues/226"
},
{
"trust": 2.5,
"url": "https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349"
},
{
"trust": 2.5,
"url": "https://ubuntu.com/security/cve-2021-3905"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202311-16"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3905"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0312"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165634/ubuntu-security-notice-usn-5242-1.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/open-vswitch-overload-via-fragmented-packets-37337"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-3905/"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5242-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openvswitch/2.16.0-0ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4337"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4338"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1668"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27827"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-400636"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020198"
},
{
"db": "PACKETSTORM",
"id": "165634"
},
{
"db": "PACKETSTORM",
"id": "175917"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1788"
},
{
"db": "NVD",
"id": "CVE-2021-3905"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-400636"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020198"
},
{
"db": "PACKETSTORM",
"id": "165634"
},
{
"db": "PACKETSTORM",
"id": "175917"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1788"
},
{
"db": "NVD",
"id": "CVE-2021-3905"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-23T00:00:00",
"db": "VULHUB",
"id": "VHN-400636"
},
{
"date": "2023-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-020198"
},
{
"date": "2022-01-20T17:49:31",
"db": "PACKETSTORM",
"id": "165634"
},
{
"date": "2023-11-27T15:42:18",
"db": "PACKETSTORM",
"id": "175917"
},
{
"date": "2022-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-1788"
},
{
"date": "2022-08-23T16:15:10.177000",
"db": "NVD",
"id": "CVE-2021-3905"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-27T00:00:00",
"db": "VULHUB",
"id": "VHN-400636"
},
{
"date": "2023-09-27T08:48:00",
"db": "JVNDB",
"id": "JVNDB-2021-020198"
},
{
"date": "2022-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-1788"
},
{
"date": "2023-11-26T11:15:08.147000",
"db": "NVD",
"id": "CVE-2021-3905"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "165634"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1788"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Open\u00a0vSwitch\u00a0 of \u00a0Open\u00a0vSwitch\u00a0 Vulnerability related to lack of free memory after expiration in products from other vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020198"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-1788"
}
],
"trust": 0.6
}
}
var-202205-1511
Vulnerability from variot
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-5995-1 April 04, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2345, CVE-2022-2581)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927, CVE-2022-2344)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2946)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2980)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10: vim 2:9.0.0242-1ubuntu1.3 vim-athena 2:9.0.0242-1ubuntu1.3 vim-gtk3 2:9.0.0242-1ubuntu1.3 vim-motif 2:9.0.0242-1ubuntu1.3 vim-nox 2:9.0.0242-1ubuntu1.3 vim-tiny 2:9.0.0242-1ubuntu1.3
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.5 vim-athena 2:8.2.3995-1ubuntu2.5 vim-gtk 2:8.2.3995-1ubuntu2.5 vim-gtk3 2:8.2.3995-1ubuntu2.5 vim-nox 2:8.2.3995-1ubuntu2.5 vim-tiny 2:8.2.3995-1ubuntu2.5
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.13 vim-athena 2:8.1.2269-1ubuntu5.13 vim-gtk 2:8.1.2269-1ubuntu5.13 vim-gtk3 2:8.1.2269-1ubuntu5.13 vim-nox 2:8.1.2269-1ubuntu5.13 vim-tiny 2:8.1.2269-1ubuntu5.13
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.12 vim-athena 2:8.0.1453-1ubuntu1.12 vim-gnome 2:8.0.1453-1ubuntu1.12 vim-gtk 2:8.0.1453-1ubuntu1.12 vim-gtk3 2:8.0.1453-1ubuntu1.12 vim-nox 2:8.0.1453-1ubuntu1.12 vim-tiny 2:8.0.1453-1ubuntu1.12
Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm8 vim-athena 2:7.4.052-1ubuntu3.1+esm8 vim-gnome 2:7.4.052-1ubuntu3.1+esm8 vim-gtk 2:7.4.052-1ubuntu3.1+esm8 vim-nox 2:7.4.052-1ubuntu3.1+esm8 vim-tiny 2:7.4.052-1ubuntu3.1+esm8
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5995-1 CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571, CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980
Package Information: https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3 https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5 https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13 https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-1511",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4968"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010813"
},
{
"db": "NVD",
"id": "CVE-2022-1733"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-1733",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2022-1733",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-422497",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1733",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1733",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-1733",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1733",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1733",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-1733",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-3585",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-422497",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1733",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422497"
},
{
"db": "VULMON",
"id": "CVE-2022-1733"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010813"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3585"
},
{
"db": "NVD",
"id": "CVE-2022-1733"
},
{
"db": "NVD",
"id": "CVE-2022-1733"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. =========================================================================\nUbuntu Security Notice USN-5995-1\nApril 04, 2023\n\nvim vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,\nand Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674,\nCVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851,\nCVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125,\nCVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\nCVE-2022-2304, CVE-2022-2345, CVE-2022-2581)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04\nLTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849,\nCVE-2022-2923)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927,\nCVE-2022-2344)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,\nand Ubuntu 22.10. (CVE-2022-2946)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. \n(CVE-2022-2980)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.10:\n vim 2:9.0.0242-1ubuntu1.3\n vim-athena 2:9.0.0242-1ubuntu1.3\n vim-gtk3 2:9.0.0242-1ubuntu1.3\n vim-motif 2:9.0.0242-1ubuntu1.3\n vim-nox 2:9.0.0242-1ubuntu1.3\n vim-tiny 2:9.0.0242-1ubuntu1.3\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.5\n vim-athena 2:8.2.3995-1ubuntu2.5\n vim-gtk 2:8.2.3995-1ubuntu2.5\n vim-gtk3 2:8.2.3995-1ubuntu2.5\n vim-nox 2:8.2.3995-1ubuntu2.5\n vim-tiny 2:8.2.3995-1ubuntu2.5\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.13\n vim-athena 2:8.1.2269-1ubuntu5.13\n vim-gtk 2:8.1.2269-1ubuntu5.13\n vim-gtk3 2:8.1.2269-1ubuntu5.13\n vim-nox 2:8.1.2269-1ubuntu5.13\n vim-tiny 2:8.1.2269-1ubuntu5.13\n\nUbuntu 18.04 LTS:\n vim 2:8.0.1453-1ubuntu1.12\n vim-athena 2:8.0.1453-1ubuntu1.12\n vim-gnome 2:8.0.1453-1ubuntu1.12\n vim-gtk 2:8.0.1453-1ubuntu1.12\n vim-gtk3 2:8.0.1453-1ubuntu1.12\n vim-nox 2:8.0.1453-1ubuntu1.12\n vim-tiny 2:8.0.1453-1ubuntu1.12\n\nUbuntu 14.04 ESM:\n vim 2:7.4.052-1ubuntu3.1+esm8\n vim-athena 2:7.4.052-1ubuntu3.1+esm8\n vim-gnome 2:7.4.052-1ubuntu3.1+esm8\n vim-gtk 2:7.4.052-1ubuntu3.1+esm8\n vim-nox 2:7.4.052-1ubuntu3.1+esm8\n vim-tiny 2:7.4.052-1ubuntu3.1+esm8\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5995-1\n CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720,\n CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796,\n CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942,\n CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126,\n CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\n CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571,\n CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923,\n CVE-2022-2946, CVE-2022-2980\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3\n https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5\n https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13\n https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1733"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010813"
},
{
"db": "VULHUB",
"id": "VHN-422497"
},
{
"db": "VULMON",
"id": "CVE-2022-1733"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1733",
"trust": 3.7
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010813",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022052017",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022063027",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3585",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-422497",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1733",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171681",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422497"
},
{
"db": "VULMON",
"id": "CVE-2022-1733"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010813"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3585"
},
{
"db": "NVD",
"id": "CVE-2022-1733"
}
]
},
"id": "VAR-202205-1511",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-422497"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:19:14.524000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "reading\u00a0past\u00a0end\u00a0of\u00a0the\u00a0line\u00a0when\u00a0C-indenting Apple Apple\u00a0Security\u00a0Updates",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=194286"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1733"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1733"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010813"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3585"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422497"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010813"
},
{
"db": "NVD",
"id": "CVE-2022-1733"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/6ff03b27-472b-4bef-a2bf-410fae65ff0a"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/60ae0e71490c97f2871a6344aca61cacf220f813"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfaztat5czc2r6kydya2hbavedsix6mw/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/iupolex5gxc733hl4efymhfu7nisjjzg/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qkix5hykwxwg6qbcpptpq53gnofhsais/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/iupolex5gxc733hl4efymhfu7nisjjzg/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bfaztat5czc2r6kydya2hbavedsix6mw/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qkix5hykwxwg6qbcpptpq53gnofhsais/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/6ff03b27-472b-4bef-a2bf-410fae65ff0a/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-1733"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-38413"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022063027"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1733/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052017"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1628.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2581"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5995-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-422497"
},
{
"db": "VULMON",
"id": "CVE-2022-1733"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010813"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3585"
},
{
"db": "NVD",
"id": "CVE-2022-1733"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-422497"
},
{
"db": "VULMON",
"id": "CVE-2022-1733"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010813"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3585"
},
{
"db": "NVD",
"id": "CVE-2022-1733"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-17T00:00:00",
"db": "VULHUB",
"id": "VHN-422497"
},
{
"date": "2022-05-17T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1733"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010813"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-04-04T12:59:12",
"db": "PACKETSTORM",
"id": "171681"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3585"
},
{
"date": "2022-05-17T17:15:08.097000",
"db": "NVD",
"id": "CVE-2022-1733"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-422497"
},
{
"date": "2022-08-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1733"
},
{
"date": "2023-08-17T07:44:00",
"db": "JVNDB",
"id": "JVNDB-2022-010813"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3585"
},
{
"date": "2024-11-21T06:41:21.003000",
"db": "NVD",
"id": "CVE-2022-1733"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3585"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010813"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3585"
}
],
"trust": 0.6
}
}
var-202112-2424
Vulnerability from variot
vim is vulnerable to Use After Free. vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. There is a resource management error vulnerability in vim. There is no more information about this vulnerability so far. Please keep an eye on CNNVD or manufacturer announcements. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3927) A flaw was found in vim. A possible stack-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3928) A flaw was found in vim. A possible heap use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3968) A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3973) A flaw was found in vim. A possible use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3974) A flaw was found in vim. A possible heap-based buffer overflow allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is confidentiality, integrity, and system availability. (CVE-2021-3984) A flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is system availability. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4136) A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4166) A flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4173) A flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. A specially crafted file could be used to, when opened in vim, disclose some of the process's internal memory. (CVE-2021-4193) References to CVE-2021-4192 and CVE-2021-4193 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory's initial release on 2022-01-18. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-03-14-4 macOS Monterey 12.3
macOS Monterey 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213183.
Accelerate Framework Available for: macOS Monterey Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22669: an anonymous researcher
AppKit Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team
AppleGraphicsControl Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.79.1. CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 CVE-2022-22623
FaceTime Available for: macOS Monterey Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks. CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google
Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab
IOGPUFamily Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher
Kernel Available for: macOS Monterey Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders
Kernel Available for: macOS Monterey Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn
libarchive Available for: macOS Monterey Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation. CVE-2021-36976
Login Window Available for: macOS Monterey Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher
LoginWindow Available for: macOS Monterey Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-22657: Brandon Perry of Atredis Partners
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22664: Brandon Perry of Atredis Partners
NSSpellChecker Available for: macOS Monterey Impact: A malicious application may be able to access information about a user's contacts Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2022-22644: an anonymous researcher
PackageKit Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t)
Preferences Available for: macOS Monterey Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
QuickTime Player Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing
Safari Downloads Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
Sandbox Available for: macOS Monterey Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran
Siri Available for: macOS Monterey Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)
SMB Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22651: Felix Poulin-Belanger
SoftwareUpdate Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22639: Mickey Jin (@patch1t)
System Preferences Available for: macOS Monterey Impact: An app may be able to spoof system notifications and UI Description: This issue was addressed with a new entitlement. CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)
UIKit Available for: macOS Monterey Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt
Vim Available for: macOS Monterey Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158
VoiceOver Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2021-30918: an anonymous researcher
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: macOS Monterey Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google
Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2022-22668: MrPhil17
xar Available for: macOS Monterey Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2022-22582: Richard Warren of NCC Group
Additional recognition
AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance.
Bluetooth We would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance.
Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance.
Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.
Local Authentication We would like to acknowledge an anonymous researcher for their assistance.
Notes We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance.
Password Manager We would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance.
Siri We would like to acknowledge an anonymous researcher for their assistance.
syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.
TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.
WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.
macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM 0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/ KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI= =RiA+ -----END PGP SIGNATURE-----
. Apple is aware of a report that this issue may have been actively exploited. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2424",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.6"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.3902"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017405"
},
{
"db": "NVD",
"id": "CVE-2021-4173"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167789"
}
],
"trust": 0.3
},
"cve": "CVE-2021-4173",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-4173",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-408729",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-4173",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.3,
"id": "CVE-2021-4173",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-4173",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-4173",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2021-4173",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-4173",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2617",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-408729",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-4173",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408729"
},
{
"db": "VULMON",
"id": "CVE-2021-4173"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017405"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2617"
},
{
"db": "NVD",
"id": "CVE-2021-4173"
},
{
"db": "NVD",
"id": "CVE-2021-4173"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim is vulnerable to Use After Free. vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. There is a resource management error vulnerability in vim. There is no more information about this vulnerability so far. Please keep an eye on CNNVD or manufacturer announcements. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3927)\nA flaw was found in vim. A possible stack-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3928)\nA flaw was found in vim. A possible heap use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3968)\nA flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3973)\nA flaw was found in vim. A possible use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3974)\nA flaw was found in vim. A possible heap-based buffer overflow allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is confidentiality, integrity, and system availability. (CVE-2021-3984)\nA flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is system availability. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4136)\nA flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4166)\nA flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4173)\nA flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. A specially crafted file could be used to, when opened in vim, disclose some of the process\u0027s internal memory. (CVE-2021-4193)\nReferences to CVE-2021-4192 and CVE-2021-4193 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory\u0027s initial release on 2022-01-18. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-4 macOS Monterey 12.3\n\nmacOS Monterey 12.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213183. \n\nAccelerate Framework\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-22633: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22669: an anonymous researcher\n\nAppKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22631: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: An application may be able to read restricted memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-22648: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\nBOM\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.79.1. \nCVE-2021-22946\nCVE-2021-22947\nCVE-2021-22945\nCVE-2022-22623\n\nFaceTime\nAvailable for: macOS Monterey\nImpact: A user may send audio and video in a FaceTime call without\nknowing that they have done so\nDescription: This issue was addressed with improved checks. \nCVE-2022-22643: Sonali Luthar of the University of Virginia, Michael\nLiao of the University of Illinois at Urbana-Champaign, Rohan Pahwa\nof Rutgers University, and Bao Nguyen of the University of Florida\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22611: Xingyu Jin of Google\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-22612: Xingyu Jin of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba\nSecurity Pandora Lab\n\nIOGPUFamily\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22641: Mohamed Ghannam (@_simo36)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22613: Alex, an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22614: an anonymous researcher\nCVE-2022-22615: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22632: Keegan Saunders\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-22638: derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22640: sqrtpwn\n\nlibarchive\nAvailable for: macOS Monterey\nImpact: Multiple issues in libarchive\nDescription: Multiple memory corruption issues existed in libarchive. \nThese issues were addressed with improved input validation. \nCVE-2021-36976\n\nLogin Window\nAvailable for: macOS Monterey\nImpact: A person with access to a Mac may be able to bypass Login\nWindow\nDescription: This issue was addressed with improved checks. \nCVE-2022-22647: an anonymous researcher\n\nLoginWindow\nAvailable for: macOS Monterey\nImpact: A local attacker may be able to view the previous logged in\nuser\u2019s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2022-22656\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-22657: Brandon Perry of Atredis Partners\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22664: Brandon Perry of Atredis Partners\n\nNSSpellChecker\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access information\nabout a user\u0027s contacts\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed with improved state management. \nCVE-2022-22644: an anonymous researcher\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22617: Mickey Jin (@patch1t)\n\nPreferences\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to read other\napplications\u0027 settings\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nQuickTime Player\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-22650: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nSafari Downloads\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: The issue was addressed with improved permissions logic. \nCVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,\nKhiem Tran\n\nSiri\nAvailable for: macOS Monterey\nImpact: A person with physical access to a device may be able to use\nSiri to obtain some location information from the lock screen\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,\nMcCombs School of Business (linkedin.com/andrew-goldberg/)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22651: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22639: Mickey Jin (@patch1t)\n\nSystem Preferences\nAvailable for: macOS Monterey\nImpact: An app may be able to spoof system notifications and UI\nDescription: This issue was addressed with a new entitlement. \nCVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nUIKit\nAvailable for: macOS Monterey\nImpact: A person with physical access to an iOS device may be able to\nsee sensitive information via keyboard suggestions\nDescription: This issue was addressed with improved checks. \nCVE-2022-22621: Joey Hewitt\n\nVim\nAvailable for: macOS Monterey\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\nCVE-2022-0156\nCVE-2022-0158\n\nVoiceOver\nAvailable for: macOS Monterey\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2021-30918: an anonymous researcher\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cookie management issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232748\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232812\nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 233172\nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\nWebKit Bugzilla: 234147\nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 234966\nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro\nZero Day Initiative\n\nWebKit\nAvailable for: macOS Monterey\nImpact: A malicious website may cause unexpected cross-origin\nbehavior\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 235294\nCVE-2022-22637: Tom McKee of Google\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-22668: MrPhil17\n\nxar\nAvailable for: macOS Monterey\nImpact: A local user may be able to write arbitrary files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2022-22582: Richard Warren of NCC Group\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Omar Espino (omespino.com), Ron Masas of\nBreakPoint.sh for their assistance. \n\nBluetooth\nWe would like to acknowledge an anonymous researcher, chenyuwang\n(@mzzzz__) of Tencent Security Xuanwu Lab for their assistance. \n\nFace Gallery\nWe would like to acknowledge Tian Zhang (@KhaosT) for their\nassistance. \n\nIntel Graphics Driver\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi\nWu (@3ndy1) for their assistance. \n\nLocal Authentication\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNotes\nWe would like to acknowledge Nathaniel Ekoniak of Ennate Technologies\nfor their assistance. \n\nPassword Manager\nWe would like to acknowledge Maximilian Golla (@m33x) of Max Planck\nInstitute for Security and Privacy (MPI-SP) for their assistance. \n\nSiri\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nsyslog\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for\ntheir assistance. \n\nTCC\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their\nassistance. \n\nWebKit\nWe would like to acknowledge Abdullah Md Shaleh for their assistance. \n\nWebKit Storage\nWe would like to acknowledge Martin Bajanik of FingerprintJS for\ntheir assistance. \n\nmacOS Monterey 12.3 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p\nrhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd\nLrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC\njfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM\n0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL\nosOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa\nrizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/\nKZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB\nL1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi\nkwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ\nJSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo\nGXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI=\n=RiA+\n-----END PGP SIGNATURE-----\n\n\n. Apple is aware of a report that this issue may\nhave been actively exploited. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-4173"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017405"
},
{
"db": "VULHUB",
"id": "VHN-408729"
},
{
"db": "VULMON",
"id": "CVE-2021-4173"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-408729",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408729"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-4173",
"trust": 3.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/15/1",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "167188",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166319",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167789",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017405",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2617",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022051702",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031433",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072103",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2412",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3561",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-05064",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-408729",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-4173",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408729"
},
{
"db": "VULMON",
"id": "CVE-2021-4173"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017405"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2617"
},
{
"db": "NVD",
"id": "CVE-2021-4173"
}
]
},
"id": "VAR-202112-2424",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-408729"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:28:51.040000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213256 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/"
},
{
"title": "Vim Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176548"
},
{
"title": "Red Hat: CVE-2021-4173",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-4173"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1557",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1557"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1743",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1743"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-014",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-014"
},
{
"title": "Apple: macOS Monterey 12.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f1105c4a20da11497b610b14a1668180"
},
{
"title": "Apple: Security Update 2022-005 Catalina",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=b71ee1a3b689c178ee5a5bc823295063"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-4173"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017405"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2617"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408729"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017405"
},
{
"db": "NVD",
"id": "CVE-2021-4173"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213183"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213256"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213343"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/mar/29"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/35"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/jul/14"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ey2vfbu3yggwi5bw4xkt3f37mygequd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ey2vfbu3yggwi5bw4xkt3f37mygequd/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-4173"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072103"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051702"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167789/apple-security-advisory-2022-07-20-4.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213183"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213343"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213256"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166319/apple-security-advisory-2022-03-14-4.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167188/apple-security-advisory-2022-05-16-3.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3561"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-reuse-after-free-via-nested-def-function-37184"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031433"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2412"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.3,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1557.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22582"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213183."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22674"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213256."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0530"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26697"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213343."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26704"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408729"
},
{
"db": "VULMON",
"id": "CVE-2021-4173"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017405"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2617"
},
{
"db": "NVD",
"id": "CVE-2021-4173"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-408729"
},
{
"db": "VULMON",
"id": "CVE-2021-4173"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017405"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2617"
},
{
"db": "NVD",
"id": "CVE-2021-4173"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-27T00:00:00",
"db": "VULHUB",
"id": "VHN-408729"
},
{
"date": "2021-12-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-4173"
},
{
"date": "2023-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-017405"
},
{
"date": "2022-03-15T15:49:02",
"db": "PACKETSTORM",
"id": "166319"
},
{
"date": "2022-05-17T16:59:42",
"db": "PACKETSTORM",
"id": "167188"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-07-22T16:23:52",
"db": "PACKETSTORM",
"id": "167789"
},
{
"date": "2021-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2617"
},
{
"date": "2021-12-27T13:15:07.653000",
"db": "NVD",
"id": "CVE-2021-4173"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-02T00:00:00",
"db": "VULHUB",
"id": "VHN-408729"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULMON",
"id": "CVE-2021-4173"
},
{
"date": "2023-01-17T08:42:00",
"db": "JVNDB",
"id": "JVNDB-2021-017405"
},
{
"date": "2022-08-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2617"
},
{
"date": "2024-11-21T06:37:04.030000",
"db": "NVD",
"id": "CVE-2021-4173"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2617"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim\u00a0 Vulnerability in using free memory in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017405"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2617"
}
],
"trust": 0.6
}
}
var-202202-0081
Vulnerability from variot
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. Expat ( alias libexpat) Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This release includes security and bug fixes and enhancements.
For more information, see the documentation linked in the Solution section. Bugs fixed (https://bugzilla.redhat.com/):
2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string
- References:
https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-41771 https://access.redhat.com/security/cve/CVE-2021-41772 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21449 https://access.redhat.com/security/cve/CVE-2022-21476 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 For details about the security issues see these CVE pages: * https://access.redhat.com/security/updates/classification/#low * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index
This advisory covers the containers for the release. Bugs fixed (https://bugzilla.redhat.com/):
2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor
2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak
2066009 - CVE-2021-44906 minimist: prototype pollution
2067387 - CVE-2022-24771 node-forge: Signature verification leniency in checking digestAlgorithm structure can lead to signature forgery
2067458 - CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery
2067461 - CVE-2022-24773 node-forge: Signature verification leniency in checking DigestInfo structure
- JIRA issues fixed (https://issues.jboss.org/):
OSSM-1435 - Container release for Maistra 2.1.2.1
- ========================================================================== Ubuntu Security Notice USN-5320-1 March 10, 2022
expat vulnerabilities and regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues and a regression were fixed in Expat. For CVE-2022-25236 it caused a regression and an additional patch was required. This update address this regression and several other vulnerabilities.
It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-25313)
It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-25314)
It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25315)
Original advisory details:
It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25236)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: libexpat1 2.4.1-2ubuntu0.3
Ubuntu 20.04 LTS: libexpat1 2.2.9-1ubuntu0.4
Ubuntu 18.04 LTS: libexpat1 2.2.5-3ubuntu0.7
Ubuntu 16.04 ESM: lib64expat1 2.1.0-7ubuntu0.16.04.5+esm5 libexpat1 2.1.0-7ubuntu0.16.04.5+esm5
Ubuntu 14.04 ESM: lib64expat1 2.1.0-4ubuntu1.4+esm6 libexpat1 2.1.0-4ubuntu1.4+esm6
In general, a standard system update will make all the necessary changes. Description:
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):
2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation
-
6 ELS) - i386, s390x, x86_64
-
This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. After installing the updated packages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: expat security update Advisory ID: RHSA-2022:1069-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1069 Issue date: 2022-03-28 CVE Names: CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 ==================================================================== 1. Summary:
An update for expat is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
Expat is a C library for parsing XML documents.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, applications using the Expat library must be restarted for the update to take effect.
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: expat-2.1.0-14.el7_9.src.rpm
x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: expat-2.1.0-14.el7_9.src.rpm
x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: expat-2.1.0-14.el7_9.src.rpm
ppc64: expat-2.1.0-14.el7_9.ppc.rpm expat-2.1.0-14.el7_9.ppc64.rpm expat-debuginfo-2.1.0-14.el7_9.ppc.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64.rpm expat-devel-2.1.0-14.el7_9.ppc.rpm expat-devel-2.1.0-14.el7_9.ppc64.rpm
ppc64le: expat-2.1.0-14.el7_9.ppc64le.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm expat-devel-2.1.0-14.el7_9.ppc64le.rpm
s390x: expat-2.1.0-14.el7_9.s390.rpm expat-2.1.0-14.el7_9.s390x.rpm expat-debuginfo-2.1.0-14.el7_9.s390.rpm expat-debuginfo-2.1.0-14.el7_9.s390x.rpm expat-devel-2.1.0-14.el7_9.s390.rpm expat-devel-2.1.0-14.el7_9.s390x.rpm
x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: expat-debuginfo-2.1.0-14.el7_9.ppc.rpm expat-debuginfo-2.1.0-14.el7_9.ppc64.rpm expat-static-2.1.0-14.el7_9.ppc.rpm expat-static-2.1.0-14.el7_9.ppc64.rpm
ppc64le: expat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm expat-static-2.1.0-14.el7_9.ppc64le.rpm
s390x: expat-debuginfo-2.1.0-14.el7_9.s390.rpm expat-debuginfo-2.1.0-14.el7_9.s390x.rpm expat-static-2.1.0-14.el7_9.s390.rpm expat-static-2.1.0-14.el7_9.s390x.rpm
x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: expat-2.1.0-14.el7_9.src.rpm
x86_64: expat-2.1.0-14.el7_9.i686.rpm expat-2.1.0-14.el7_9.x86_64.rpm expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-devel-2.1.0-14.el7_9.i686.rpm expat-devel-2.1.0-14.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: expat-debuginfo-2.1.0-14.el7_9.i686.rpm expat-debuginfo-2.1.0-14.el7_9.x86_64.rpm expat-static-2.1.0-14.el7_9.i686.rpm expat-static-2.1.0-14.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYkHUz9zjgjWX9erEAQjleA//dK8XzyiK0FY595G0f3CKvLMTMTPEEqf7 3nIHiGzC/lD2o6Y/4ed1iRpndjGVndXyu03AnOFob9P3zqQKBOKiWYcnFNuANAyh WAVTDyjglJ5PvLQe31QHDT1N5KlzN/hskhhyIBgZ+mWq90amXHIX1Xgsy6x72lLD jJF5usHqz4EbIoOn8m0jjDibJFjOOFh2a3qxFnVuMA5+PrcsfnpdVa32I8EMH/sW TODqkz3XLSaaJNWzePOPwZshkriapmU9DqkWdiEVOgJDx0MAn3S5q5MUkHJWRM29 3ZFqQncDQYYYXp8J3AcdX2VXCok0vfIQLWWIvsoGvcpl94lhYsztBGZJttjiVNkV kPX6Wv/W2mMklW7tf0OQOo2Xyh0ZOwB5kfJq7+7SMXzh67M2ifT1Gq7RTAMUProX 3QDm9vVxI7oEBh7HcNychxTaeTwpA2HnGMkUxh0ZX4NkwaOMn0UEBCbxQNXBlPUe 0Qe6srsMV5GSBPk9LoCxpLy+cMc5mya7x1kNS/NZ1CKtqczj4/Oef21I2wqmG/xU 7s9H4o/29X9KhQrOL/sAkqRg2s0yz80Wz1opvXcTgkLj8kzOSN9bQF3ravXXCrUd oqM0cN5PPP/iTqkXs/Dc6HX/iRer15vJ3e4aNu7ZN8+l88mM2BBEmUaDt2ZOHPJb Fq9o8PxEr0c=KN+u -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 91.7.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0081",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sinema remote connect server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "libexpat",
"scope": "lt",
"trust": 1.0,
"vendor": "libexpat",
"version": "2.4.5"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "zfs storage appliance kit",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "libexpat",
"scope": null,
"trust": 0.8,
"vendor": "libexpat",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "sinema remote connect server",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "oracle http server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003479"
},
{
"db": "NVD",
"id": "CVE-2022-25315"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "167008"
},
{
"db": "PACKETSTORM",
"id": "166983"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166703"
},
{
"db": "PACKETSTORM",
"id": "169540"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "PACKETSTORM",
"id": "166496"
},
{
"db": "PACKETSTORM",
"id": "166291"
}
],
"trust": 0.8
},
"cve": "CVE-2022-25315",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-25315",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-415282",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-25315",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-25315",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-25315",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-25315",
"trust": 0.8,
"value": "Critical"
},
{
"author": "VULHUB",
"id": "VHN-415282",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415282"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003479"
},
{
"db": "NVD",
"id": "CVE-2022-25315"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. Expat ( alias libexpat) Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This\nrelease includes security and bug fixes and enhancements. \n\nFor more information, see the documentation linked in the Solution section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic\n2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-25032\nhttps://access.redhat.com/security/cve/CVE-2021-3999\nhttps://access.redhat.com/security/cve/CVE-2021-23177\nhttps://access.redhat.com/security/cve/CVE-2021-31566\nhttps://access.redhat.com/security/cve/CVE-2021-41771\nhttps://access.redhat.com/security/cve/CVE-2021-41772\nhttps://access.redhat.com/security/cve/CVE-2021-45960\nhttps://access.redhat.com/security/cve/CVE-2021-46143\nhttps://access.redhat.com/security/cve/CVE-2022-0778\nhttps://access.redhat.com/security/cve/CVE-2022-21426\nhttps://access.redhat.com/security/cve/CVE-2022-21434\nhttps://access.redhat.com/security/cve/CVE-2022-21443\nhttps://access.redhat.com/security/cve/CVE-2022-21449\nhttps://access.redhat.com/security/cve/CVE-2022-21476\nhttps://access.redhat.com/security/cve/CVE-2022-21496\nhttps://access.redhat.com/security/cve/CVE-2022-22822\nhttps://access.redhat.com/security/cve/CVE-2022-22823\nhttps://access.redhat.com/security/cve/CVE-2022-22824\nhttps://access.redhat.com/security/cve/CVE-2022-22825\nhttps://access.redhat.com/security/cve/CVE-2022-22826\nhttps://access.redhat.com/security/cve/CVE-2022-22827\nhttps://access.redhat.com/security/cve/CVE-2022-23218\nhttps://access.redhat.com/security/cve/CVE-2022-23219\nhttps://access.redhat.com/security/cve/CVE-2022-23308\nhttps://access.redhat.com/security/cve/CVE-2022-23852\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nFor\ndetails\nabout\nthe\nsecurity\nissues\nsee\nthese\nCVE\npages:\n*\nhttps://access.redhat.com/security/updates/classification/#low\n*\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index\n*\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index\n*\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index\n*\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index\n*\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index\n\n6. \n\nThis advisory covers the containers for the release. Bugs fixed (https://bugzilla.redhat.com/):\n\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2066009 - CVE-2021-44906 minimist: prototype pollution\n2067387 - CVE-2022-24771 node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery\n2067458 - CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery\n2067461 - CVE-2022-24773 node-forge: Signature verification leniency in checking `DigestInfo` structure\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nOSSM-1435 - Container release for Maistra 2.1.2.1\n\n6. ==========================================================================\nUbuntu Security Notice USN-5320-1\nMarch 10, 2022\n\nexpat vulnerabilities and regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues and a regression were fixed in Expat. For CVE-2022-25236 it\ncaused a regression and an additional patch was required. This update address\nthis regression and several other vulnerabilities. \n\nIt was discovered that Expat incorrectly handled certain files. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-25313)\n\nIt was discovered that Expat incorrectly handled certain files. \nAn attacker could possibly use this issue to cause a crash\nor execute arbitrary code. This issue only affected Ubuntu 18.04 LTS,\nUbuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-25314)\n\nIt was discovered that Expat incorrectly handled certain files. \nAn attacker could possibly use this issue to cause a crash or execute\narbitrary code. (CVE-2022-25315)\n\nOriginal advisory details:\n\n It was discovered that Expat incorrectly handled certain files. \n An attacker could possibly use this issue to cause a crash or\n execute arbitrary code. (CVE-2022-25236)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n libexpat1 2.4.1-2ubuntu0.3\n\nUbuntu 20.04 LTS:\n libexpat1 2.2.9-1ubuntu0.4\n\nUbuntu 18.04 LTS:\n libexpat1 2.2.5-3ubuntu0.7\n\nUbuntu 16.04 ESM:\n lib64expat1 2.1.0-7ubuntu0.16.04.5+esm5\n libexpat1 2.1.0-7ubuntu0.16.04.5+esm5\n\nUbuntu 14.04 ESM:\n lib64expat1 2.1.0-4ubuntu1.4+esm6\n libexpat1 2.1.0-4ubuntu1.4+esm6\n\nIn general, a standard system update will make all the necessary changes. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files\n2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files\n2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation\n\n5. 6 ELS) - i386, s390x, x86_64\n\n3. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nserves as a replacement for Red Hat JBoss Core Services Apache HTTP Server\n2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are\ndocumented in the Release Notes document linked to in the References. After installing the updated packages, the\nhttpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: expat security update\nAdvisory ID: RHSA-2022:1069-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1069\nIssue date: 2022-03-28\nCVE Names: CVE-2021-45960 CVE-2021-46143 CVE-2022-22822\n CVE-2022-22823 CVE-2022-22824 CVE-2022-22825\n CVE-2022-22826 CVE-2022-22827 CVE-2022-23852\n CVE-2022-25235 CVE-2022-25236 CVE-2022-25315\n====================================================================\n1. Summary:\n\nAn update for expat is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nExpat is a C library for parsing XML documents. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library\nmust be restarted for the update to take effect. \n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nppc64:\nexpat-2.1.0-14.el7_9.ppc.rpm\nexpat-2.1.0-14.el7_9.ppc64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc64.rpm\nexpat-devel-2.1.0-14.el7_9.ppc.rpm\nexpat-devel-2.1.0-14.el7_9.ppc64.rpm\n\nppc64le:\nexpat-2.1.0-14.el7_9.ppc64le.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm\nexpat-devel-2.1.0-14.el7_9.ppc64le.rpm\n\ns390x:\nexpat-2.1.0-14.el7_9.s390.rpm\nexpat-2.1.0-14.el7_9.s390x.rpm\nexpat-debuginfo-2.1.0-14.el7_9.s390.rpm\nexpat-debuginfo-2.1.0-14.el7_9.s390x.rpm\nexpat-devel-2.1.0-14.el7_9.s390.rpm\nexpat-devel-2.1.0-14.el7_9.s390x.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nexpat-debuginfo-2.1.0-14.el7_9.ppc.rpm\nexpat-debuginfo-2.1.0-14.el7_9.ppc64.rpm\nexpat-static-2.1.0-14.el7_9.ppc.rpm\nexpat-static-2.1.0-14.el7_9.ppc64.rpm\n\nppc64le:\nexpat-debuginfo-2.1.0-14.el7_9.ppc64le.rpm\nexpat-static-2.1.0-14.el7_9.ppc64le.rpm\n\ns390x:\nexpat-debuginfo-2.1.0-14.el7_9.s390.rpm\nexpat-debuginfo-2.1.0-14.el7_9.s390x.rpm\nexpat-static-2.1.0-14.el7_9.s390.rpm\nexpat-static-2.1.0-14.el7_9.s390x.rpm\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nexpat-2.1.0-14.el7_9.src.rpm\n\nx86_64:\nexpat-2.1.0-14.el7_9.i686.rpm\nexpat-2.1.0-14.el7_9.x86_64.rpm\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-devel-2.1.0-14.el7_9.i686.rpm\nexpat-devel-2.1.0-14.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nexpat-debuginfo-2.1.0-14.el7_9.i686.rpm\nexpat-debuginfo-2.1.0-14.el7_9.x86_64.rpm\nexpat-static-2.1.0-14.el7_9.i686.rpm\nexpat-static-2.1.0-14.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-45960\nhttps://access.redhat.com/security/cve/CVE-2021-46143\nhttps://access.redhat.com/security/cve/CVE-2022-22822\nhttps://access.redhat.com/security/cve/CVE-2022-22823\nhttps://access.redhat.com/security/cve/CVE-2022-22824\nhttps://access.redhat.com/security/cve/CVE-2022-22825\nhttps://access.redhat.com/security/cve/CVE-2022-22826\nhttps://access.redhat.com/security/cve/CVE-2022-22827\nhttps://access.redhat.com/security/cve/CVE-2022-23852\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYkHUz9zjgjWX9erEAQjleA//dK8XzyiK0FY595G0f3CKvLMTMTPEEqf7\n3nIHiGzC/lD2o6Y/4ed1iRpndjGVndXyu03AnOFob9P3zqQKBOKiWYcnFNuANAyh\nWAVTDyjglJ5PvLQe31QHDT1N5KlzN/hskhhyIBgZ+mWq90amXHIX1Xgsy6x72lLD\njJF5usHqz4EbIoOn8m0jjDibJFjOOFh2a3qxFnVuMA5+PrcsfnpdVa32I8EMH/sW\nTODqkz3XLSaaJNWzePOPwZshkriapmU9DqkWdiEVOgJDx0MAn3S5q5MUkHJWRM29\n3ZFqQncDQYYYXp8J3AcdX2VXCok0vfIQLWWIvsoGvcpl94lhYsztBGZJttjiVNkV\nkPX6Wv/W2mMklW7tf0OQOo2Xyh0ZOwB5kfJq7+7SMXzh67M2ifT1Gq7RTAMUProX\n3QDm9vVxI7oEBh7HcNychxTaeTwpA2HnGMkUxh0ZX4NkwaOMn0UEBCbxQNXBlPUe\n0Qe6srsMV5GSBPk9LoCxpLy+cMc5mya7x1kNS/NZ1CKtqczj4/Oef21I2wqmG/xU\n7s9H4o/29X9KhQrOL/sAkqRg2s0yz80Wz1opvXcTgkLj8kzOSN9bQF3ravXXCrUd\noqM0cN5PPP/iTqkXs/Dc6HX/iRer15vJ3e4aNu7ZN8+l88mM2BBEmUaDt2ZOHPJb\nFq9o8PxEr0c=KN+u\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nMozilla Thunderbird is a standalone mail and newsgroup client. \n\nThis update upgrades Thunderbird to version 91.7.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25315"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003479"
},
{
"db": "VULHUB",
"id": "VHN-415282"
},
{
"db": "PACKETSTORM",
"id": "167008"
},
{
"db": "PACKETSTORM",
"id": "166983"
},
{
"db": "PACKETSTORM",
"id": "166254"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166703"
},
{
"db": "PACKETSTORM",
"id": "169540"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "PACKETSTORM",
"id": "166496"
},
{
"db": "PACKETSTORM",
"id": "166291"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-25315",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-484086",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/02/19/1",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-167-17",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-278-01",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99030761",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97425465",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003479",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166496",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166983",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166254",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166291",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2022-18355",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166277",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166293",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167226",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166276",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166296",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166505",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166500",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166453",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166954",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166298",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166348",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166261",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166275",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169777",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166437",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166414",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166300",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166274",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-415282",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167008",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166433",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166703",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169540",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169541",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415282"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003479"
},
{
"db": "PACKETSTORM",
"id": "167008"
},
{
"db": "PACKETSTORM",
"id": "166983"
},
{
"db": "PACKETSTORM",
"id": "166254"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166703"
},
{
"db": "PACKETSTORM",
"id": "169540"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "PACKETSTORM",
"id": "166496"
},
{
"db": "PACKETSTORM",
"id": "166291"
},
{
"db": "NVD",
"id": "CVE-2022-25315"
}
]
},
"id": "VAR-202202-0081",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415282"
}
],
"trust": 0.7003805
},
"last_update_date": "2024-11-29T22:13:42.217000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2023-204",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003479"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.1
},
{
"problemtype": "Integer overflow or wraparound (CWE-190) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415282"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003479"
},
{
"db": "NVD",
"id": "CVE-2022-25315"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20220303-0008/"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2022/dsa-5085"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202209-24"
},
{
"trust": 1.1,
"url": "https://github.com/libexpat/libexpat/pull/559"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2022/02/19/1"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99030761/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97425465/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-01"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-25236"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-25235"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-25315"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-22825"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-22827"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-22823"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-46143"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-22824"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-22826"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-22822"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-45960"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23219"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23308"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3999"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23218"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23219"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33193"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-41524"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23990"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-44224"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-39275"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21443"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21476"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1747"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21496"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21496"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41772"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21443"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41772"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21476"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24773"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24772"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24772"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44906"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1739"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24773"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44906"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/expat/2.2.5-3ubuntu0.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/expat/2.4.1-2ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5320-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/expat/2.2.9-1ubuntu0.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1963903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1025"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1041"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24731"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24730"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24731"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24730"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1025"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1309"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7144"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1069"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26485"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26386"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26387"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26386"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26383"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26486"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26387"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26381"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26384"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0853"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26383"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26485"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26486"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26384"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26381"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415282"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003479"
},
{
"db": "PACKETSTORM",
"id": "167008"
},
{
"db": "PACKETSTORM",
"id": "166983"
},
{
"db": "PACKETSTORM",
"id": "166254"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166703"
},
{
"db": "PACKETSTORM",
"id": "169540"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "PACKETSTORM",
"id": "166496"
},
{
"db": "PACKETSTORM",
"id": "166291"
},
{
"db": "NVD",
"id": "CVE-2022-25315"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415282"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003479"
},
{
"db": "PACKETSTORM",
"id": "167008"
},
{
"db": "PACKETSTORM",
"id": "166983"
},
{
"db": "PACKETSTORM",
"id": "166254"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166703"
},
{
"db": "PACKETSTORM",
"id": "169540"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "PACKETSTORM",
"id": "166496"
},
{
"db": "PACKETSTORM",
"id": "166291"
},
{
"db": "NVD",
"id": "CVE-2022-25315"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-18T00:00:00",
"db": "VULHUB",
"id": "VHN-415282"
},
{
"date": "2023-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-003479"
},
{
"date": "2022-05-10T14:49:09",
"db": "PACKETSTORM",
"id": "167008"
},
{
"date": "2022-05-06T14:51:24",
"db": "PACKETSTORM",
"id": "166983"
},
{
"date": "2022-03-10T17:14:11",
"db": "PACKETSTORM",
"id": "166254"
},
{
"date": "2022-03-24T14:36:50",
"db": "PACKETSTORM",
"id": "166433"
},
{
"date": "2022-04-12T18:00:30",
"db": "PACKETSTORM",
"id": "166703"
},
{
"date": "2022-10-27T13:05:19",
"db": "PACKETSTORM",
"id": "169540"
},
{
"date": "2022-10-27T13:05:26",
"db": "PACKETSTORM",
"id": "169541"
},
{
"date": "2022-03-28T15:54:26",
"db": "PACKETSTORM",
"id": "166496"
},
{
"date": "2022-03-14T18:48:14",
"db": "PACKETSTORM",
"id": "166291"
},
{
"date": "2022-02-18T05:15:08.237000",
"db": "NVD",
"id": "CVE-2022-25315"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-415282"
},
{
"date": "2023-10-10T06:11:00",
"db": "JVNDB",
"id": "JVNDB-2022-003479"
},
{
"date": "2024-11-21T06:51:59.067000",
"db": "NVD",
"id": "CVE-2022-25315"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Expat\u00a0 Integer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003479"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow, code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "166703"
},
{
"db": "PACKETSTORM",
"id": "169540"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "PACKETSTORM",
"id": "166496"
},
{
"db": "PACKETSTORM",
"id": "166291"
}
],
"trust": 0.5
}
}
var-202108-2087
Vulnerability from variot
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy. apple's iPadOS Unspecified vulnerabilities exist in products from multiple vendors.Information may be tampered with. (CVE-2020-27918) "Clear History and Website Data" did not clear the history. A user may be unable to fully delete browsing history. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1789) A port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870) A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775) A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779) An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30799) A use-after-free flaw was found in WebKitGTK. (CVE-2021-30809) A confusion type flaw was found in WebKitGTK. (CVE-2021-30818) An out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30887) An information leak flaw was found in WebKitGTK. (CVE-2021-30888) A buffer overflow flaw was found in WebKitGTK. (CVE-2021-30984) ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912) BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762) A segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-26719) In WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. An app may be able to disclose kernel memory. Visiting a website that frames malicious content may lead to UI spoofing. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-46700) A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529) A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358) A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360) A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361) A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362) A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363) The vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932) The vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373) N/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update Advisory ID: RHSA-2022:1777-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1777 Issue date: 2022-05-10 CVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 =====================================================================
- Summary:
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: webkit2gtk3-2.34.6-1.el8.src.rpm
aarch64: webkit2gtk3-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm
ppc64le: webkit2gtk3-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm
s390x: webkit2gtk3-2.34.6-1.el8.s390x.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm
x86_64: webkit2gtk3-2.34.6-1.el8.i686.rpm webkit2gtk3-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm webkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-30809 https://access.redhat.com/security/cve/CVE-2021-30818 https://access.redhat.com/security/cve/CVE-2021-30823 https://access.redhat.com/security/cve/CVE-2021-30836 https://access.redhat.com/security/cve/CVE-2021-30846 https://access.redhat.com/security/cve/CVE-2021-30848 https://access.redhat.com/security/cve/CVE-2021-30849 https://access.redhat.com/security/cve/CVE-2021-30851 https://access.redhat.com/security/cve/CVE-2021-30884 https://access.redhat.com/security/cve/CVE-2021-30887 https://access.redhat.com/security/cve/CVE-2021-30888 https://access.redhat.com/security/cve/CVE-2021-30889 https://access.redhat.com/security/cve/CVE-2021-30890 https://access.redhat.com/security/cve/CVE-2021-30897 https://access.redhat.com/security/cve/CVE-2021-30934 https://access.redhat.com/security/cve/CVE-2021-30936 https://access.redhat.com/security/cve/CVE-2021-30951 https://access.redhat.com/security/cve/CVE-2021-30952 https://access.redhat.com/security/cve/CVE-2021-30953 https://access.redhat.com/security/cve/CVE-2021-30954 https://access.redhat.com/security/cve/CVE-2021-30984 https://access.redhat.com/security/cve/CVE-2021-45481 https://access.redhat.com/security/cve/CVE-2021-45482 https://access.redhat.com/security/cve/CVE-2021-45483 https://access.redhat.com/security/cve/CVE-2022-22589 https://access.redhat.com/security/cve/CVE-2022-22590 https://access.redhat.com/security/cve/CVE-2022-22592 https://access.redhat.com/security/cve/CVE-2022-22594 https://access.redhat.com/security/cve/CVE-2022-22620 https://access.redhat.com/security/cve/CVE-2022-22637 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
For the oldstable distribution (buster), these problems have been fixed in version 2.34.3-1~deb10u1.
For the stable distribution (bullseye), these problems have been fixed in version 2.34.3-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages.
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
AppKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2021-30873: Thijs Alkemade of Computest
AppleScript Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30876: Jeremy Brown, hjy79425575 CVE-2021-30879: Jeremy Brown, hjy79425575 CVE-2021-30877: Jeremy Brown CVE-2021-30880: Jeremy Brown
Audio Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to elevate privileges Description: An integer overflow was addressed through improved input validation. CVE-2021-30907: Zweig of Kunlun Lab
Bluetooth Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2021-30899: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America
ColorSync Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of ICC profiles. CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google Project Zero
Continuity Camera Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30903: an anonymous researcher
CoreAudio Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing a maliciously crafted file may disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro
CoreGraphics Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-30919
FileProvider Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: An input validation issue was addressed with improved memory handling. CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab of Qihoo 360
Game Center Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to access information about a user's contacts Description: A logic issue was addressed with improved restrictions. CVE-2021-30895: Denis Tokarev
Game Center Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to read user's gameplay data Description: A logic issue was addressed with improved restrictions. CVE-2021-30896: Denis Tokarev
iCloud Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30906: Cees Elzinga
Intel Graphics Driver Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30824: Antonio Zekic (@antoniozekic) of Diverto
Intel Graphics Driver Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple out-of-bounds write issues were addressed with improved bounds checking. CVE-2021-30901: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong Lab, Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab, Jack Dates of RET2 Systems, Inc.
IOGraphics Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30821: Tim Michaud (@TimGMichaud) of Zoom Video Communications
IOMobileFrameBuffer Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30883: an anonymous researcher
Kernel Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30886: @0xalsr
Kernel Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30909: Zweig of Kunlun Lab
Kernel Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30916: Zweig of Kunlun Lab
LaunchServices Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved state management. CVE-2021-30864: Ron Hass (@ronhass7) of Perception Point
Login Window Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A person with access to a host Mac may be able to bypass the Login Window in Remote Desktop for a locked instance of macOS Description: This issue was addressed with improved checks. CVE-2021-30813: Benjamin Berger of BBetterTech LLC, Peter Goedtkindt of Informatique-MTF S.A., an anonymous researcher
Model I/O Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing a maliciously crafted file may disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro
Model I/O Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab
Sandbox Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A local attacker may be able to read sensitive information Description: A permissions issue was addressed with improved validation. CVE-2021-30920: Csaba Fitzl (@theevilbit) of Offensive Security
SMB Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2021-30868: Peter Nguyen Vu Hoang of STAR Labs
SoftwareUpdate Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may gain access to a user's Keychain items Description: The issue was addressed with improved permissions logic. CVE-2021-30912: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
SoftwareUpdate Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: An unprivileged application may be able to edit NVRAM variables Description: The issue was addressed with improved permissions logic. CVE-2021-30913: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
UIKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A person with physical access to an iOS device may be determine characteristics of a user's password in a secure text entry field Description: A logic issue was addressed with improved state management. CVE-2021-30915: Kostas Angelopoulos
WebKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: An attacker in a privileged network position may be able to bypass HSTS Description: A logic issue was addressed with improved restrictions. CVE-2021-30823: David Gullasch of Recurity Labs
WebKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy Description: A logic issue was addressed with improved restrictions. CVE-2021-30887: Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd.
WebKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious website using Content Security Policy reports may be able to leak information via redirect behavior Description: An information leakage issue was addressed. CVE-2021-30888: Prakash (@1lastBr3ath)
WebKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30889: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab
WebKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30861: Wojciech Reguła (@_r3ggi), Ryan Pickren (ryanpickren.com)
WebKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2021-30890: an anonymous researcher
Windows Server Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2021-30908: ASentientBot
xar Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files Description: This issue was addressed with improved checks. CVE-2021-30833: Richard Warren of NCC Group
zsh Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to modify protected parts of the file system Description: An inherited permissions issue was addressed with additional restrictions. CVE-2021-30892: Jonathan Bar Or of Microsoft
Additional recognition
APFS We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc. for their assistance.
App Support We would like to acknowledge an anonymous researcher, 漂亮鼠 of 赛博回忆录 for their assistance.
Bluetooth We would like to acknowledge say2 of ENKI for their assistance.
CUPS We would like to acknowledge an anonymous researcher for their assistance.
iCloud We would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.
Kernel We would like to acknowledge Anthony Steinhauser of Google's Safeside project for their assistance.
Mail We would like to acknowledge Fabian Ising and Damian Poddebniak of Münster University of Applied Sciences for their assistance.
Managed Configuration We would like to acknowledge Michal Moravec of Logicworks, s.r.o. for their assistance.
smbx We would like to acknowledge Zhongcheng Li (CK01) for their assistance.
WebKit We would like to acknowledge Ivan Fratric of Google Project Zero, Pavel Gromadchuk, an anonymous researcher for their assistance.
Installation note: This update may be obtained from the Mac App Store
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hpwACgkQeC9qKD1p rhhm0Q//fIQiOk2S9w2qirXapPqEpyI9LNJnGX/RCrsZGN/iFkgvt27/RYLhHHQk efqxE6nnXdUaj9HoIIHiG4rKxIhfkscw1dF9igvmYm6j+V2KMiRxp1Pev1zMzsBI N6F7mJ4SiATHDTJATU8uCqIqHRQsvcIrHCjovblqGfuZxzvsjkvtRc0eXC0XAARf xW0WRNbTBoCOEsMp92hNI45B/oK05b1aHm2pY529gE6GRBBl0ymVo30fQ7vmIoJY Uajc6pDNeJ1MhSpo0k+Z+eVodSdBN2EutKZfU5+4t2GzqeW5nLZFa/oqXObXBhXk i8bptOhceBu6qD9poSgkS5EdH4OdRQMcMjsQLIRJj3N/MwZBhGvsLQDlyGmtd+VG a0s+pna/WoFwzw800CYRarmL0rRsZ4zZza0iuKArhrLlQCw+ee6XNL+1U50zvMaW oT3gNkf3faCqQDxecIcQTj7xwt2tHV87p7uqELiuUZaCk5UoQBsWxGeGebFGxUq5 pJVQvnr4RVrDkpOQjbKj8w9mWoSZcvKlhRNL9J5kW75zd32vwnaVMlVkIG8vfvoK sgq/VfKrOW+EV1IMAh4iuaMiLAPjwBzMiRfjvRZFeJmTaMaTOxDKHwkG5YwPNp5W 0FlhV1S2pAmGlQZgvTxkBthtU9A9giuH+oHSGJDjr70Q7de8lJ4= =3Pcg -----END PGP SIGNATURE-----
.
Alternatively, on your watch, select "My Watch > General > About". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202202-01
https://security.gentoo.org/
Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
[ 1 ] CVE-2021-30848 https://nvd.nist.gov/vuln/detail/CVE-2021-30848 [ 2 ] CVE-2021-30888 https://nvd.nist.gov/vuln/detail/CVE-2021-30888 [ 3 ] CVE-2021-30682 https://nvd.nist.gov/vuln/detail/CVE-2021-30682 [ 4 ] CVE-2021-30889 https://nvd.nist.gov/vuln/detail/CVE-2021-30889 [ 5 ] CVE-2021-30666 https://nvd.nist.gov/vuln/detail/CVE-2021-30666 [ 6 ] CVE-2021-30665 https://nvd.nist.gov/vuln/detail/CVE-2021-30665 [ 7 ] CVE-2021-30890 https://nvd.nist.gov/vuln/detail/CVE-2021-30890 [ 8 ] CVE-2021-30661 https://nvd.nist.gov/vuln/detail/CVE-2021-30661 [ 9 ] WSA-2021-0005 https://webkitgtk.org/security/WSA-2021-0005.html [ 10 ] CVE-2021-30761 https://nvd.nist.gov/vuln/detail/CVE-2021-30761 [ 11 ] CVE-2021-30897 https://nvd.nist.gov/vuln/detail/CVE-2021-30897 [ 12 ] CVE-2021-30823 https://nvd.nist.gov/vuln/detail/CVE-2021-30823 [ 13 ] CVE-2021-30734 https://nvd.nist.gov/vuln/detail/CVE-2021-30734 [ 14 ] CVE-2021-30934 https://nvd.nist.gov/vuln/detail/CVE-2021-30934 [ 15 ] CVE-2021-1871 https://nvd.nist.gov/vuln/detail/CVE-2021-1871 [ 16 ] CVE-2021-30762 https://nvd.nist.gov/vuln/detail/CVE-2021-30762 [ 17 ] WSA-2021-0006 https://webkitgtk.org/security/WSA-2021-0006.html [ 18 ] CVE-2021-30797 https://nvd.nist.gov/vuln/detail/CVE-2021-30797 [ 19 ] CVE-2021-30936 https://nvd.nist.gov/vuln/detail/CVE-2021-30936 [ 20 ] CVE-2021-30663 https://nvd.nist.gov/vuln/detail/CVE-2021-30663 [ 21 ] CVE-2021-1825 https://nvd.nist.gov/vuln/detail/CVE-2021-1825 [ 22 ] CVE-2021-30951 https://nvd.nist.gov/vuln/detail/CVE-2021-30951 [ 23 ] CVE-2021-30952 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 [ 24 ] CVE-2021-1788 https://nvd.nist.gov/vuln/detail/CVE-2021-1788 [ 25 ] CVE-2021-1820 https://nvd.nist.gov/vuln/detail/CVE-2021-1820 [ 26 ] CVE-2021-30953 https://nvd.nist.gov/vuln/detail/CVE-2021-30953 [ 27 ] CVE-2021-30749 https://nvd.nist.gov/vuln/detail/CVE-2021-30749 [ 28 ] CVE-2021-30849 https://nvd.nist.gov/vuln/detail/CVE-2021-30849 [ 29 ] CVE-2021-1826 https://nvd.nist.gov/vuln/detail/CVE-2021-1826 [ 30 ] CVE-2021-30836 https://nvd.nist.gov/vuln/detail/CVE-2021-30836 [ 31 ] CVE-2021-30954 https://nvd.nist.gov/vuln/detail/CVE-2021-30954 [ 32 ] CVE-2021-30984 https://nvd.nist.gov/vuln/detail/CVE-2021-30984 [ 33 ] CVE-2021-30851 https://nvd.nist.gov/vuln/detail/CVE-2021-30851 [ 34 ] CVE-2021-30758 https://nvd.nist.gov/vuln/detail/CVE-2021-30758 [ 35 ] CVE-2021-42762 https://nvd.nist.gov/vuln/detail/CVE-2021-42762 [ 36 ] CVE-2021-1844 https://nvd.nist.gov/vuln/detail/CVE-2021-1844 [ 37 ] CVE-2021-30689 https://nvd.nist.gov/vuln/detail/CVE-2021-30689 [ 38 ] CVE-2021-45482 https://nvd.nist.gov/vuln/detail/CVE-2021-45482 [ 39 ] CVE-2021-30858 https://nvd.nist.gov/vuln/detail/CVE-2021-30858 [ 40 ] CVE-2021-21779 https://nvd.nist.gov/vuln/detail/CVE-2021-21779 [ 41 ] WSA-2021-0004 https://webkitgtk.org/security/WSA-2021-0004.html [ 42 ] CVE-2021-30846 https://nvd.nist.gov/vuln/detail/CVE-2021-30846 [ 43 ] CVE-2021-30744 https://nvd.nist.gov/vuln/detail/CVE-2021-30744 [ 44 ] CVE-2021-30809 https://nvd.nist.gov/vuln/detail/CVE-2021-30809 [ 45 ] CVE-2021-30884 https://nvd.nist.gov/vuln/detail/CVE-2021-30884 [ 46 ] CVE-2021-30720 https://nvd.nist.gov/vuln/detail/CVE-2021-30720 [ 47 ] CVE-2021-30799 https://nvd.nist.gov/vuln/detail/CVE-2021-30799 [ 48 ] CVE-2021-30795 https://nvd.nist.gov/vuln/detail/CVE-2021-30795 [ 49 ] CVE-2021-1817 https://nvd.nist.gov/vuln/detail/CVE-2021-1817 [ 50 ] CVE-2021-21775 https://nvd.nist.gov/vuln/detail/CVE-2021-21775 [ 51 ] CVE-2021-30887 https://nvd.nist.gov/vuln/detail/CVE-2021-30887 [ 52 ] CVE-2021-21806 https://nvd.nist.gov/vuln/detail/CVE-2021-21806 [ 53 ] CVE-2021-30818 https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-2087",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "8.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.0.1"
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "8.1"
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "tvos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021214"
},
{
"db": "NVD",
"id": "CVE-2021-30887"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "164670"
},
{
"db": "PACKETSTORM",
"id": "164672"
},
{
"db": "PACKETSTORM",
"id": "164683"
},
{
"db": "PACKETSTORM",
"id": "164682"
}
],
"trust": 0.4
},
"cve": "CVE-2021-30887",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-30887",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-390620",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2021-30887",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-30887",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-30887",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-30887",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-1978",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-390620",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-30887",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390620"
},
{
"db": "VULMON",
"id": "CVE-2021-30887"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021214"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1978"
},
{
"db": "NVD",
"id": "CVE-2021-30887"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy. apple\u0027s iPadOS Unspecified vulnerabilities exist in products from multiple vendors.Information may be tampered with. (CVE-2020-27918)\n\"Clear History and Website Data\" did not clear the history. A user may be unable to fully delete browsing history. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1789)\nA port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870)\nA use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\nA use-after-free vulnerability exists in the way Webkit\u0027s GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779)\nAn exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30799)\nA use-after-free flaw was found in WebKitGTK. (CVE-2021-30809)\nA confusion type flaw was found in WebKitGTK. (CVE-2021-30818)\nAn out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30887)\nAn information leak flaw was found in WebKitGTK. (CVE-2021-30888)\nA buffer overflow flaw was found in WebKitGTK. (CVE-2021-30984)\n** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912)\nBubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762)\nA segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-26719)\nIn WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. An app may be able to disclose kernel memory. Visiting a website that frames malicious content may lead to UI spoofing. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-46700)\nA flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529)\nA use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358)\nA use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360)\nA use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361)\nA use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362)\nA use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363)\nThe vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932)\nThe vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373)\nN/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2022:1777-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1777\nIssue date: 2022-05-10\nCVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 \n CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 \n CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 \n CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 \n CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 \n CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 \n CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 \n CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 \n CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 \n CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 \n=====================================================================\n\n1. Summary:\n\nAn update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nWebKitGTK is the port of the portable web rendering engine WebKit to the\nGTK platform. \n\nThe following packages have been upgraded to a later upstream version:\nwebkit2gtk3 (2.34.6). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.6 Release Notes linked from the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nwebkit2gtk3-2.34.6-1.el8.src.rpm\n\naarch64:\nwebkit2gtk3-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\n\nppc64le:\nwebkit2gtk3-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\n\ns390x:\nwebkit2gtk3-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm\n\nx86_64:\nwebkit2gtk3-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-30809\nhttps://access.redhat.com/security/cve/CVE-2021-30818\nhttps://access.redhat.com/security/cve/CVE-2021-30823\nhttps://access.redhat.com/security/cve/CVE-2021-30836\nhttps://access.redhat.com/security/cve/CVE-2021-30846\nhttps://access.redhat.com/security/cve/CVE-2021-30848\nhttps://access.redhat.com/security/cve/CVE-2021-30849\nhttps://access.redhat.com/security/cve/CVE-2021-30851\nhttps://access.redhat.com/security/cve/CVE-2021-30884\nhttps://access.redhat.com/security/cve/CVE-2021-30887\nhttps://access.redhat.com/security/cve/CVE-2021-30888\nhttps://access.redhat.com/security/cve/CVE-2021-30889\nhttps://access.redhat.com/security/cve/CVE-2021-30890\nhttps://access.redhat.com/security/cve/CVE-2021-30897\nhttps://access.redhat.com/security/cve/CVE-2021-30934\nhttps://access.redhat.com/security/cve/CVE-2021-30936\nhttps://access.redhat.com/security/cve/CVE-2021-30951\nhttps://access.redhat.com/security/cve/CVE-2021-30952\nhttps://access.redhat.com/security/cve/CVE-2021-30953\nhttps://access.redhat.com/security/cve/CVE-2021-30954\nhttps://access.redhat.com/security/cve/CVE-2021-30984\nhttps://access.redhat.com/security/cve/CVE-2021-45481\nhttps://access.redhat.com/security/cve/CVE-2021-45482\nhttps://access.redhat.com/security/cve/CVE-2021-45483\nhttps://access.redhat.com/security/cve/CVE-2022-22589\nhttps://access.redhat.com/security/cve/CVE-2022-22590\nhttps://access.redhat.com/security/cve/CVE-2022-22592\nhttps://access.redhat.com/security/cve/CVE-2022-22594\nhttps://access.redhat.com/security/cve/CVE-2022-22620\nhttps://access.redhat.com/security/cve/CVE-2022-22637\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.34.3-1~deb10u1. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.34.3-1~deb11u1. \n\nWe recommend that you upgrade your webkit2gtk packages. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nAppKit\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30873: Thijs Alkemade of Computest\n\nAppleScript\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30876: Jeremy Brown, hjy79425575\nCVE-2021-30879: Jeremy Brown, hjy79425575\nCVE-2021-30877: Jeremy Brown\nCVE-2021-30880: Jeremy Brown\n\nAudio\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may be able to elevate privileges\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2021-30907: Zweig of Kunlun Lab\n\nBluetooth\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30899: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC\nRiverside, and Yu Wang of Didi Research America\n\nColorSync\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the processing of\nICC profiles. \nCVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google\nProject Zero\n\nContinuity Camera\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30903: an anonymous researcher\n\nCoreAudio\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: Processing a maliciously crafted file may disclose user\ninformation\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro\n\nCoreGraphics\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: Processing a maliciously crafted PDF may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-30919\n\nFileProvider\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary\ncode execution\nDescription: An input validation issue was addressed with improved\nmemory handling. \nCVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab\nof Qihoo 360\n\nGame Center\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may be able to access information\nabout a user\u0027s contacts\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30895: Denis Tokarev\n\nGame Center\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may be able to read user\u0027s gameplay\ndata\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30896: Denis Tokarev\n\niCloud\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A local attacker may be able to elevate their privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30906: Cees Elzinga\n\nIntel Graphics Driver\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30824: Antonio Zekic (@antoniozekic) of Diverto\n\nIntel Graphics Driver\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: Multiple out-of-bounds write issues were addressed with\nimproved bounds checking. \nCVE-2021-30901: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong\nLab, Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab, Jack Dates of\nRET2 Systems, Inc. \n\nIOGraphics\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30821: Tim Michaud (@TimGMichaud) of Zoom Video\nCommunications\n\nIOMobileFrameBuffer\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30883: an anonymous researcher\n\nKernel\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30886: @0xalsr\n\nKernel\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30909: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30916: Zweig of Kunlun Lab\n\nLaunchServices\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30864: Ron Hass (@ronhass7) of Perception Point\n\nLogin Window\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A person with access to a host Mac may be able to bypass the\nLogin Window in Remote Desktop for a locked instance of macOS\nDescription: This issue was addressed with improved checks. \nCVE-2021-30813: Benjamin Berger of BBetterTech LLC, Peter Goedtkindt\nof Informatique-MTF S.A., an anonymous researcher\n\nModel I/O\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: Processing a maliciously crafted file may disclose user\ninformation\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro\n\nModel I/O\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year\nLab\n\nSandbox\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A local attacker may be able to read sensitive information\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2021-30920: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSMB\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2021-30868: Peter Nguyen Vu Hoang of STAR Labs\n\nSoftwareUpdate\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may gain access to a user\u0027s Keychain\nitems\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-30912: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent\nSecurity Xuanwu Lab\n\nSoftwareUpdate\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: An unprivileged application may be able to edit NVRAM\nvariables\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-30913: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent\nSecurity Xuanwu Lab\n\nUIKit\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A person with physical access to an iOS device may be\ndetermine characteristics of a user\u0027s password in a secure text entry\nfield\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30915: Kostas Angelopoulos\n\nWebKit\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: An attacker in a privileged network position may be able to\nbypass HSTS\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30823: David Gullasch of Recurity Labs\n\nWebKit\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: Processing maliciously crafted web content may lead to\nunexpectedly unenforced Content Security Policy\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30887: Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. \nLtd. \n\nWebKit\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious website using Content Security Policy reports may\nbe able to leak information via redirect behavior \nDescription: An information leakage issue was addressed. \nCVE-2021-30888: Prakash (@1lastBr3ath)\n\nWebKit\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30889: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua\nwingtecher lab\n\nWebKit\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30861: Wojciech Regu\u0142a (@_r3ggi), Ryan Pickren\n(ryanpickren.com)\n\nWebKit\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30890: an anonymous researcher\n\nWindows Server\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A local attacker may be able to view the previous logged in\nuser\u2019s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2021-30908: ASentientBot\n\nxar\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: Unpacking a maliciously crafted archive may allow an attacker\nto write arbitrary files\nDescription: This issue was addressed with improved checks. \nCVE-2021-30833: Richard Warren of NCC Group\n\nzsh\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: An inherited permissions issue was addressed with\nadditional restrictions. \nCVE-2021-30892: Jonathan Bar Or of Microsoft\n\nAdditional recognition\n\nAPFS\nWe would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc. \nfor their assistance. \n\nApp Support\nWe would like to acknowledge an anonymous researcher, \u6f02\u4eae\u9f20 of \u8d5b\u535a\u56de\u5fc6\u5f55\nfor their assistance. \n\nBluetooth\nWe would like to acknowledge say2 of ENKI for their assistance. \n\nCUPS\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\niCloud\nWe would like to acknowledge Ryan Pickren (ryanpickren.com) for their\nassistance. \n\nKernel\nWe would like to acknowledge Anthony Steinhauser of Google\u0027s Safeside\nproject for their assistance. \n\nMail\nWe would like to acknowledge Fabian Ising and Damian Poddebniak of\nM\u00fcnster University of Applied Sciences for their assistance. \n\nManaged Configuration\nWe would like to acknowledge Michal Moravec of Logicworks, s.r.o. for\ntheir assistance. \n\nsmbx\nWe would like to acknowledge Zhongcheng Li (CK01) for their\nassistance. \n\nWebKit\nWe would like to acknowledge Ivan Fratric of Google Project Zero,\nPavel Gromadchuk, an anonymous researcher for their assistance. \n\nInstallation note:\nThis update may be obtained from the Mac App Store\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hpwACgkQeC9qKD1p\nrhhm0Q//fIQiOk2S9w2qirXapPqEpyI9LNJnGX/RCrsZGN/iFkgvt27/RYLhHHQk\nefqxE6nnXdUaj9HoIIHiG4rKxIhfkscw1dF9igvmYm6j+V2KMiRxp1Pev1zMzsBI\nN6F7mJ4SiATHDTJATU8uCqIqHRQsvcIrHCjovblqGfuZxzvsjkvtRc0eXC0XAARf\nxW0WRNbTBoCOEsMp92hNI45B/oK05b1aHm2pY529gE6GRBBl0ymVo30fQ7vmIoJY\nUajc6pDNeJ1MhSpo0k+Z+eVodSdBN2EutKZfU5+4t2GzqeW5nLZFa/oqXObXBhXk\ni8bptOhceBu6qD9poSgkS5EdH4OdRQMcMjsQLIRJj3N/MwZBhGvsLQDlyGmtd+VG\na0s+pna/WoFwzw800CYRarmL0rRsZ4zZza0iuKArhrLlQCw+ee6XNL+1U50zvMaW\noT3gNkf3faCqQDxecIcQTj7xwt2tHV87p7uqELiuUZaCk5UoQBsWxGeGebFGxUq5\npJVQvnr4RVrDkpOQjbKj8w9mWoSZcvKlhRNL9J5kW75zd32vwnaVMlVkIG8vfvoK\nsgq/VfKrOW+EV1IMAh4iuaMiLAPjwBzMiRfjvRZFeJmTaMaTOxDKHwkG5YwPNp5W\n0FlhV1S2pAmGlQZgvTxkBthtU9A9giuH+oHSGJDjr70Q7de8lJ4=\n=3Pcg\n-----END PGP SIGNATURE-----\n\n\n. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202202-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: February 01, 2022\n Bugs: #779175, #801400, #813489, #819522, #820434, #829723,\n #831739\n ID: 202202-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.34.4 \u003e= 2.34.4\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in WebkitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.34.4\"\n\nReferences\n=========\n[ 1 ] CVE-2021-30848\n https://nvd.nist.gov/vuln/detail/CVE-2021-30848\n[ 2 ] CVE-2021-30888\n https://nvd.nist.gov/vuln/detail/CVE-2021-30888\n[ 3 ] CVE-2021-30682\n https://nvd.nist.gov/vuln/detail/CVE-2021-30682\n[ 4 ] CVE-2021-30889\n https://nvd.nist.gov/vuln/detail/CVE-2021-30889\n[ 5 ] CVE-2021-30666\n https://nvd.nist.gov/vuln/detail/CVE-2021-30666\n[ 6 ] CVE-2021-30665\n https://nvd.nist.gov/vuln/detail/CVE-2021-30665\n[ 7 ] CVE-2021-30890\n https://nvd.nist.gov/vuln/detail/CVE-2021-30890\n[ 8 ] CVE-2021-30661\n https://nvd.nist.gov/vuln/detail/CVE-2021-30661\n[ 9 ] WSA-2021-0005\n https://webkitgtk.org/security/WSA-2021-0005.html\n[ 10 ] CVE-2021-30761\n https://nvd.nist.gov/vuln/detail/CVE-2021-30761\n[ 11 ] CVE-2021-30897\n https://nvd.nist.gov/vuln/detail/CVE-2021-30897\n[ 12 ] CVE-2021-30823\n https://nvd.nist.gov/vuln/detail/CVE-2021-30823\n[ 13 ] CVE-2021-30734\n https://nvd.nist.gov/vuln/detail/CVE-2021-30734\n[ 14 ] CVE-2021-30934\n https://nvd.nist.gov/vuln/detail/CVE-2021-30934\n[ 15 ] CVE-2021-1871\n https://nvd.nist.gov/vuln/detail/CVE-2021-1871\n[ 16 ] CVE-2021-30762\n https://nvd.nist.gov/vuln/detail/CVE-2021-30762\n[ 17 ] WSA-2021-0006\n https://webkitgtk.org/security/WSA-2021-0006.html\n[ 18 ] CVE-2021-30797\n https://nvd.nist.gov/vuln/detail/CVE-2021-30797\n[ 19 ] CVE-2021-30936\n https://nvd.nist.gov/vuln/detail/CVE-2021-30936\n[ 20 ] CVE-2021-30663\n https://nvd.nist.gov/vuln/detail/CVE-2021-30663\n[ 21 ] CVE-2021-1825\n https://nvd.nist.gov/vuln/detail/CVE-2021-1825\n[ 22 ] CVE-2021-30951\n https://nvd.nist.gov/vuln/detail/CVE-2021-30951\n[ 23 ] CVE-2021-30952\n https://nvd.nist.gov/vuln/detail/CVE-2021-30952\n[ 24 ] CVE-2021-1788\n https://nvd.nist.gov/vuln/detail/CVE-2021-1788\n[ 25 ] CVE-2021-1820\n https://nvd.nist.gov/vuln/detail/CVE-2021-1820\n[ 26 ] CVE-2021-30953\n https://nvd.nist.gov/vuln/detail/CVE-2021-30953\n[ 27 ] CVE-2021-30749\n https://nvd.nist.gov/vuln/detail/CVE-2021-30749\n[ 28 ] CVE-2021-30849\n https://nvd.nist.gov/vuln/detail/CVE-2021-30849\n[ 29 ] CVE-2021-1826\n https://nvd.nist.gov/vuln/detail/CVE-2021-1826\n[ 30 ] CVE-2021-30836\n https://nvd.nist.gov/vuln/detail/CVE-2021-30836\n[ 31 ] CVE-2021-30954\n https://nvd.nist.gov/vuln/detail/CVE-2021-30954\n[ 32 ] CVE-2021-30984\n https://nvd.nist.gov/vuln/detail/CVE-2021-30984\n[ 33 ] CVE-2021-30851\n https://nvd.nist.gov/vuln/detail/CVE-2021-30851\n[ 34 ] CVE-2021-30758\n https://nvd.nist.gov/vuln/detail/CVE-2021-30758\n[ 35 ] CVE-2021-42762\n https://nvd.nist.gov/vuln/detail/CVE-2021-42762\n[ 36 ] CVE-2021-1844\n https://nvd.nist.gov/vuln/detail/CVE-2021-1844\n[ 37 ] CVE-2021-30689\n https://nvd.nist.gov/vuln/detail/CVE-2021-30689\n[ 38 ] CVE-2021-45482\n https://nvd.nist.gov/vuln/detail/CVE-2021-45482\n[ 39 ] CVE-2021-30858\n https://nvd.nist.gov/vuln/detail/CVE-2021-30858\n[ 40 ] CVE-2021-21779\n https://nvd.nist.gov/vuln/detail/CVE-2021-21779\n[ 41 ] WSA-2021-0004\n https://webkitgtk.org/security/WSA-2021-0004.html\n[ 42 ] CVE-2021-30846\n https://nvd.nist.gov/vuln/detail/CVE-2021-30846\n[ 43 ] CVE-2021-30744\n https://nvd.nist.gov/vuln/detail/CVE-2021-30744\n[ 44 ] CVE-2021-30809\n https://nvd.nist.gov/vuln/detail/CVE-2021-30809\n[ 45 ] CVE-2021-30884\n https://nvd.nist.gov/vuln/detail/CVE-2021-30884\n[ 46 ] CVE-2021-30720\n https://nvd.nist.gov/vuln/detail/CVE-2021-30720\n[ 47 ] CVE-2021-30799\n https://nvd.nist.gov/vuln/detail/CVE-2021-30799\n[ 48 ] CVE-2021-30795\n https://nvd.nist.gov/vuln/detail/CVE-2021-30795\n[ 49 ] CVE-2021-1817\n https://nvd.nist.gov/vuln/detail/CVE-2021-1817\n[ 50 ] CVE-2021-21775\n https://nvd.nist.gov/vuln/detail/CVE-2021-21775\n[ 51 ] CVE-2021-30887\n https://nvd.nist.gov/vuln/detail/CVE-2021-30887\n[ 52 ] CVE-2021-21806\n https://nvd.nist.gov/vuln/detail/CVE-2021-21806\n[ 53 ] CVE-2021-30818\n https://nvd.nist.gov/vuln/detail/CVE-2021-30818\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202202-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-30887"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021214"
},
{
"db": "VULHUB",
"id": "VHN-390620"
},
{
"db": "VULMON",
"id": "CVE-2021-30887"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169182"
},
{
"db": "PACKETSTORM",
"id": "164670"
},
{
"db": "PACKETSTORM",
"id": "164672"
},
{
"db": "PACKETSTORM",
"id": "164683"
},
{
"db": "PACKETSTORM",
"id": "164682"
},
{
"db": "PACKETSTORM",
"id": "165794"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-390620",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390620"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-30887",
"trust": 4.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/20/6",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "164683",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167037",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "164672",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021214",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165483",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.0065",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0382",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3578",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0003",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021122705",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021102802",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051140",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021122009",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021102715",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1978",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164670",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "164682",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-390620",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-30887",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169182",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165794",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390620"
},
{
"db": "VULMON",
"id": "CVE-2021-30887"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021214"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169182"
},
{
"db": "PACKETSTORM",
"id": "164670"
},
{
"db": "PACKETSTORM",
"id": "164672"
},
{
"db": "PACKETSTORM",
"id": "164683"
},
{
"db": "PACKETSTORM",
"id": "164682"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1978"
},
{
"db": "NVD",
"id": "CVE-2021-30887"
}
]
},
"id": "VAR-202108-2087",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-390620"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T20:52:17.056000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212874 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://www.debian.org/security/2021/dsa-5030"
},
{
"title": "Apple tvOS Fixes for permissions and access control issues vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168366"
},
{
"title": "Debian Security Advisories: DSA-5031-1 wpewebkit -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b580ac3a836730245847eb64ed334309"
},
{
"title": "Debian Security Advisories: DSA-5030-1 webkit2gtk -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=698860a38bf11636c31ed82fe261874b"
},
{
"title": "Red Hat: CVE-2021-30887",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-30887"
},
{
"title": "Amazon Linux 2: ALAS2-2023-2088",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-2088"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-30887"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021214"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1978"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021214"
},
{
"db": "NVD",
"id": "CVE-2021-30887"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.openwall.com/lists/oss-security/2021/12/20/6"
},
{
"trust": 2.4,
"url": "https://support.apple.com/en-us/ht212867"
},
{
"trust": 1.9,
"url": "https://www.debian.org/security/2021/dsa-5031"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2021/dsa-5030"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212869"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212874"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212876"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30887"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-30887"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30890"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30888"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30889"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0003"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0065"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164672/apple-security-advisory-2021-10-26-3.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0382"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht212875"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkit2gtk-two-vulnerabilities-37129"
},
{
"trust": 0.6,
"url": "https://support.apple.com/ht212869"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167037/red-hat-security-advisory-2022-1777-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-36717"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021102715"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021102802"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3578"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051140"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164683/apple-security-advisory-2021-10-26-7.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122705"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122009"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165483/ubuntu-security-notice-usn-5213-1.html"
},
{
"trust": 0.4,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30881"
},
{
"trust": 0.4,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30886"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30823"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30917"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30915"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30919"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30907"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30905"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30909"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30906"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30883"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30895"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30896"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30952"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30884"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30984"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45482"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30809"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30953"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30936"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30954"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30836"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30934"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30951"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30818"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30910"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30903"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30894"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2023-2088.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22592"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22637"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30809"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30846"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30890"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22620"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30952"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22590"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30936"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30848"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45483"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30849"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30836"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45481"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30818"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30951"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30984"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30954"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22590"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30884"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/webkit2gtk"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30900"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30911"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30914"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212867."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30902"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212869."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30901"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30892"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30899"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30868"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30821"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30861"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30876"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30879"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30833"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30880"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212876."
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212874."
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1820"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30762"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0005.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30758"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21779"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202202-01"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1871"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30795"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30661"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30666"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30689"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0004.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0006.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21806"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390620"
},
{
"db": "VULMON",
"id": "CVE-2021-30887"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021214"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169182"
},
{
"db": "PACKETSTORM",
"id": "164670"
},
{
"db": "PACKETSTORM",
"id": "164672"
},
{
"db": "PACKETSTORM",
"id": "164683"
},
{
"db": "PACKETSTORM",
"id": "164682"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1978"
},
{
"db": "NVD",
"id": "CVE-2021-30887"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-390620"
},
{
"db": "VULMON",
"id": "CVE-2021-30887"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021214"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169182"
},
{
"db": "PACKETSTORM",
"id": "164670"
},
{
"db": "PACKETSTORM",
"id": "164672"
},
{
"db": "PACKETSTORM",
"id": "164683"
},
{
"db": "PACKETSTORM",
"id": "164682"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1978"
},
{
"db": "NVD",
"id": "CVE-2021-30887"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-390620"
},
{
"date": "2021-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30887"
},
{
"date": "2024-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-021214"
},
{
"date": "2022-05-11T15:50:41",
"db": "PACKETSTORM",
"id": "167037"
},
{
"date": "2021-12-28T20:12:00",
"db": "PACKETSTORM",
"id": "169182"
},
{
"date": "2021-10-27T16:36:10",
"db": "PACKETSTORM",
"id": "164670"
},
{
"date": "2021-10-27T16:36:46",
"db": "PACKETSTORM",
"id": "164672"
},
{
"date": "2021-10-28T14:48:45",
"db": "PACKETSTORM",
"id": "164683"
},
{
"date": "2021-10-28T14:48:29",
"db": "PACKETSTORM",
"id": "164682"
},
{
"date": "2022-02-01T17:03:05",
"db": "PACKETSTORM",
"id": "165794"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1978"
},
{
"date": "2021-08-24T19:15:16.817000",
"db": "NVD",
"id": "CVE-2021-30887"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-390620"
},
{
"date": "2023-01-09T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30887"
},
{
"date": "2024-07-18T08:32:00",
"db": "JVNDB",
"id": "JVNDB-2021-021214"
},
{
"date": "2022-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1978"
},
{
"date": "2023-11-07T03:33:42.300000",
"db": "NVD",
"id": "CVE-2021-30887"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1978"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0iPadOS\u00a0 Vulnerabilities in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021214"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1978"
}
],
"trust": 0.6
}
}
var-202101-0218
Vulnerability from variot
A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Dnsmasq is vulnerable to a set of memory corruption issues handling DNSSEC data and a second set of issues validating DNS responses. These vulnerabilities could allow an attacker to corrupt memory on a vulnerable system and perform cache poisoning attacks against a vulnerable environment.CVE-2020-25681 Not Affected CVE-2020-25682 Not Affected CVE-2020-25683 Not Affected CVE-2020-25684 Affected CVE-2020-25685 Affected CVE-2020-25686 Affected CVE-2020-25687 Not AffectedCVE-2020-25681 Not Affected CVE-2020-25682 Not Affected CVE-2020-25683 Not Affected CVE-2020-25684 Affected CVE-2020-25685 Affected CVE-2020-25686 Affected CVE-2020-25687 Not Affected. dnsmasq Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Dnsmasq is a lightweight DNS forwarding and DHCP and TFTP server written in C language. No detailed vulnerability details are currently provided.
For the stable distribution (buster), these problems have been fixed in version 2.80-1+deb10u1.
We recommend that you upgrade your dnsmasq packages.
For the detailed security status of dnsmasq please refer to its security tracker page at: https://security-tracker.debian.org/tracker/dnsmasq
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmAZVA4ACgkQEL6Jg/PV nWQYKAgAgVwonRAgXSliaFh0n44OPOz9wf4KibG7otcnAx4V4XqFAeXsHd/hIX/K IC313F3I+8WzvjKBhvt2KnGG9SnoTnq4roBIa1nz//vNX0hyfDm5xPlxQOExzC+c YS8kGt++SvC2wgOsrZEjyk0ecKqDJmZSwW31zXG9/2kTzCbKjuDp+i4TTADqabPC AgbmEGVKBR2Fk7K9Prct27oWoj7LHMaH+Ttb8uQGnG7OgJs9KyRI+2qIu+VaRCGf yfRj+XayPYHV1Amf5dLIKcLMMp/FnkNFoO2YIAZkWVPjXD2uPKUykJJ1GRl8R+0q qtNhPTNNuD6WnYzC8yP0KIQ2tsbg9Q== =j5Ka -----END PGP SIGNATURE----- . Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
Security Fix(es):
-
dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled (CVE-2020-25681)
-
dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled (CVE-2020-25682)
-
dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled (CVE-2020-25683)
-
dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)
-
dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)
-
dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)
-
dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled (CVE-2020-25687)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1881875 - CVE-2020-25681 dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled 1882014 - CVE-2020-25682 dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled 1882018 - CVE-2020-25683 dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled 1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker 1891568 - CVE-2020-25687 dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled
- Package List:
Red Hat Enterprise Linux AppStream (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
This advisory contains the following OpenShift Virtualization 2.6.0 images:
RHEL-8-CNV-2.6 =============kubevirt-cpu-node-labeller-container-v2.6.0-5 kubevirt-cpu-model-nfd-plugin-container-v2.6.0-5 node-maintenance-operator-container-v2.6.0-13 kubevirt-vmware-container-v2.6.0-5 virtio-win-container-v2.6.0-5 kubevirt-kvm-info-nfd-plugin-container-v2.6.0-5 bridge-marker-container-v2.6.0-9 kubevirt-template-validator-container-v2.6.0-9 kubevirt-v2v-conversion-container-v2.6.0-6 kubemacpool-container-v2.6.0-13 kubevirt-ssp-operator-container-v2.6.0-40 hyperconverged-cluster-webhook-container-v2.6.0-73 hyperconverged-cluster-operator-container-v2.6.0-73 ovs-cni-plugin-container-v2.6.0-10 cnv-containernetworking-plugins-container-v2.6.0-10 ovs-cni-marker-container-v2.6.0-10 cluster-network-addons-operator-container-v2.6.0-16 hostpath-provisioner-container-v2.6.0-11 hostpath-provisioner-operator-container-v2.6.0-14 vm-import-virtv2v-container-v2.6.0-21 kubernetes-nmstate-handler-container-v2.6.0-19 vm-import-controller-container-v2.6.0-21 vm-import-operator-container-v2.6.0-21 virt-api-container-v2.6.0-111 virt-controller-container-v2.6.0-111 virt-handler-container-v2.6.0-111 virt-operator-container-v2.6.0-111 virt-launcher-container-v2.6.0-111 cnv-must-gather-container-v2.6.0-54 virt-cdi-importer-container-v2.6.0-24 virt-cdi-cloner-container-v2.6.0-24 virt-cdi-controller-container-v2.6.0-24 virt-cdi-uploadserver-container-v2.6.0-24 virt-cdi-apiserver-container-v2.6.0-24 virt-cdi-uploadproxy-container-v2.6.0-24 virt-cdi-operator-container-v2.6.0-24 hco-bundle-registry-container-v2.6.0-582
Security Fix(es):
-
golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)
-
golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)
-
gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
-
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
-
golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)
-
golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)
-
jwt-go: access restriction bypass vulnerability (CVE-2020-26160)
-
golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)
-
golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)
-
containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1732329 - Virtual Machine is missing documentation of its properties in yaml editor
1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv
1791753 - [RFE] [SSP] Template validator should check validations in template's parent template
1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic
1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration
1848956 - KMP requires downtime for CA stabilization during certificate rotation
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1853911 - VM with dot in network name fails to start with unclear message
1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show"
1856347 - SR-IOV : Missing network name for sriov during vm setup
1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS
1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination
1860714 - No API information from oc explain
1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints
1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem
1866593 - CDI is not handling vm disk clone
1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs
1868817 - Container-native Virtualization 2.6.0 Images
1873771 - Improve the VMCreationFailed error message caused by VM low memory
1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it
1878499 - DV import doesn't recover from scratch space PVC deletion
1879108 - Inconsistent naming of "oc virt" command in help text
1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running
1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT
1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability
1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message
1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used
1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, before the NodeNetworkConfigurationPolicy is applied
1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request.
1891285 - Common templates and kubevirt-config cm - update machine-type
1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error
1892227 - [SSP] cluster scoped resources are not being reconciled
1893278 - openshift-virtualization-os-images namespace not seen by user
1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza
1894428 - Message for VMI not migratable is not clear enough
1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium
1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import
1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
1898072 - Add Fedora33 to Fedora common templates
1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail
1899558 - CNV 2.6 - nmstate fails to set state
1901480 - VM disk io can't worked if namespace have label kubemacpool
1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig)
1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service
1903014 - hco-webhook pod in CreateContainerError
1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode
1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT "default"
1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers
1907151 - kubevirt version is not reported correctly via virtctl
1907352 - VM/VMI link changes to kubevirt.io~v1~VirtualMachineInstance on CNV 2.6
1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused "Internal error occurred" for creating datavolume
1907988 - VM loses dynamic IP address of its default interface after migration
1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity
1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error
1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference
1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import to Ceph RBD/BLOCK fails on "qemu-img: /data/disk.img" error
1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO
1911118 - Windows VMI LiveMigration / shutdown fails on 'XML error: non unique alias detected: ua-')
1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface
1911662 - el6 guests don't work properly if virtio bus is specified on various devices
1912908 - Allow using "scsi" bus for disks in template validation
1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails
1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user
1913717 - Users should have read permitions for golden images data volumes
1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes
1914177 - CNV does not preallocate blank file data volumes
1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes
1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer
1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block
1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored
1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration
1920576 - HCO can report ready=true when it failed to create a CR for a component operator
1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool
1927373 - NoExecute taint violates pdb; VMIs are not live migrated
1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4->CNV-2.6.0 upgrade
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.4.33 bug fix and security update Advisory ID: RHSA-2021:0281-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:0281 Issue date: 2021-02-03 CVE Names: CVE-2020-2304 CVE-2020-2305 CVE-2020-8559 CVE-2020-8564 CVE-2020-14382 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 CVE-2020-25694 CVE-2020-25696 CVE-2021-20182 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.4.33 is now available with updates to packages and images that fix several bugs and add enhancements.
This release also includes a security update for Red Hat OpenShift Container Platform 4.4.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
-
openshift: builder allows read and write of block devices (CVE-2021-20182)
-
kubernetes: Compromised node could escalate to cluster level privileges (CVE-2020-8559)
-
kubernetes: Docker config secrets leaked when file is malformed and loglevel >= 4 (CVE-2020-8564)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.4.33. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2021:0282
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel ease-notes.html
This update fixes the following bugs among others:
-
Previously, there were broken connections to the API server that caused nodes to remain in the NotReady state. Detecting a broken network connection could take up to 15 minutes, during which the platform would remain unavailable. This is now fixed by setting the TCP_USER_TIMEOUT socket option, which controls how long transmitted data can be unacknowledged before the connection is forcefully closed. (BZ#1907939)
-
Previously, the quota controllers only worked on resources retrieved from the discovery endpoint, which might contain only a fraction of all resources due to a network error. This is now fixed by having the quota controllers periodically resync when new resources are observed from the discovery endpoint. (BZ#1910096)
-
Previously, the kuryr-controller was comparing security groups related to network policies incorrectly. This caused security rules related to a network policy to be recreated on every minor update of that network policy. This bug has been fixed, allowing network policy updates that already have existing rules to be preserved; network policy additions or deletions are performed, if needed. (BZ#1910221)
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.4.33-x86_64
The image digest is sha256:a035dddd8a5e5c99484138951ef4aba021799b77eb9046f683a5466c23717738
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.4.33-s390x
The image digest is sha256:ecc1e5aaf8496dd60a7703562fd6c65541172a56ae9008fce6db5d55e43371dc
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.4.33-ppc64le
The image digest is sha256:567bf8031c80b08e3e56a57e1c8e5b0b01a2f922e01b36ee333f6ab5bff95495
All OpenShift Container Platform 4.4 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.4/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor.
- Solution:
For OpenShift Container Platform 4.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.4/updating/updating-cluster - -cli.html.
- Bugs fixed (https://bugzilla.redhat.com/):
1848516 - [4.4] Unresponsive OpenShift 4.4 cluster on Azure (UPI) 1851422 - CVE-2020-8559 kubernetes: compromised node could escalate to cluster level privileges 1886637 - CVE-2020-8564 kubernetes: Docker config secrets leaked when file is malformed and loglevel >= 4 1895332 - NP CRD unable to be patched because of missing sg rule ID 1897546 - Backup taken on one master cannot be restored on other masters 1900727 - Using shareProcessNamespace with default pod image leaves unreaped processes 1904413 - (release 4.4) Hostsubnet gatherer produces wrong output 1905891 - genericapiserver library must wait for server.Shutdown 1906484 - Etcd container leaves grep and lsof zombie processes 1907939 - Nodes goes into NotReady state (VMware) 1910096 - [release-4.4] The quota controllers should resync on new resources and make progress 1910221 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails 1915110 - CVE-2021-20182 openshift: builder allows read and write of block devices 1916952 - OperatorExited, Pending marketplace-operator-... pod for several weeks 1917416 - e2e: should be able to pull image from docker hub is failing permanently 1918609 - ARO/Azure: excessive pod memory allocation causes node lockup 1918974 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image
- References:
https://access.redhat.com/security/cve/CVE-2020-2304 https://access.redhat.com/security/cve/CVE-2020-2305 https://access.redhat.com/security/cve/CVE-2020-8559 https://access.redhat.com/security/cve/CVE-2020-8564 https://access.redhat.com/security/cve/CVE-2020-14382 https://access.redhat.com/security/cve/CVE-2020-25681 https://access.redhat.com/security/cve/CVE-2020-25682 https://access.redhat.com/security/cve/CVE-2020-25683 https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/cve/CVE-2020-25687 https://access.redhat.com/security/cve/CVE-2020-25694 https://access.redhat.com/security/cve/CVE-2020-25696 https://access.redhat.com/security/cve/CVE-2021-20182 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYBp6w9zjgjWX9erEAQg0JhAAhv2R8jAKUz7A/RTezDOJQiDcQ1do+jV2 PD59ab0pCrWCA70gAh7mdZnaniKQGeBL1qh/lOYV0GPOpsGZjTG9ylVOg2TOEnjD /WMOnHMehWoyZR6Ys0SNQFkdf0bkvLE33r5qEcd+l/cElaqxSH4b1gG2jU9FUOK8 fAG9tmWvfbSXgGcpND5guS/jVuL8dQOyC1ktQnXdfkMvZLDOlwBotGbxTi/adzUS 6YzikRCBzoZMZC13+ZtiznfIQeq8lKlZ3+0O2lXi5KTiSqby7HmIrawUwtiHUnzJ 9VUs8zIcA/ynr3h5POhvpg0XgioUsjJ+2U0r8EP+rYtJ4lcrT68vhAzkCysMg/y4 znQ+y5M4uoxXycB92kFrMA1og8jfJCuh5y50duo9OhOe2D75Em0XnhwGoEJrDe3z jefvSwBb9WNG+jagrX69aaBrq36qhfutaI0SU7FNhoHL4Ev50zByBXSFJzQR3b59 fh0YdzC1VTCE/LKBhELpuW7VOk4MDEs5AQAiIXv3QxKKmnyLJwnQUMwSdZiQef2X z5p8crPmGEwdZ10cDgmFH7mOb2F2utFy1FzuDh+h5lXhAmCfgggiHp5fADd43h47 EAtIwmu3VurOIkvMaqQTwL5SjVAajd26KVAa09Pb6TdWAhN/jFFRvjKJMm7523Mo mafFnOJZH7k= =9sMW -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202101-17
https://security.gentoo.org/
Severity: Normal Title: Dnsmasq: Multiple vulnerabilities Date: January 22, 2021 Bugs: #766126 ID: 202101-17
Synopsis
Multiple vulnerabilities have been found in Dnsmasq, the worst of which may allow remote attackers to execute arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/dnsmasq < 2.83 >= 2.83
Description
Multiple vulnerabilities have been discovered in Dnsmasq.
Workaround
There is no known workaround at this time.
Resolution
All Dnsmasq users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.83"
References
[ 1 ] CVE-2020-25681 https://nvd.nist.gov/vuln/detail/CVE-2020-25681 [ 2 ] CVE-2020-25682 https://nvd.nist.gov/vuln/detail/CVE-2020-25682 [ 3 ] CVE-2020-25683 https://nvd.nist.gov/vuln/detail/CVE-2020-25683 [ 4 ] CVE-2020-25684 https://nvd.nist.gov/vuln/detail/CVE-2020-25684 [ 5 ] CVE-2020-25685 https://nvd.nist.gov/vuln/detail/CVE-2020-25685 [ 6 ] CVE-2020-25686 https://nvd.nist.gov/vuln/detail/CVE-2020-25686 [ 7 ] CVE-2020-25687 https://nvd.nist.gov/vuln/detail/CVE-2020-25687
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202101-17
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0218",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "dnsmasq",
"scope": "lt",
"trust": 1.0,
"vendor": "thekelleys",
"version": "2.83"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "dnsmasq",
"scope": null,
"trust": 0.8,
"vendor": "thekelleys",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "dnsmasq",
"scope": null,
"trust": 0.6,
"vendor": "dnsmasq",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-07538"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015550"
},
{
"db": "NVD",
"id": "CVE-2020-25682"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This document was written by Vijay Sarvepalli.Statement Date:\u00a0\u00a0 January 04, 2021",
"sources": [
{
"db": "CERT/CC",
"id": "VU#434904"
}
],
"trust": 0.8
},
"cve": "CVE-2020-25682",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-25682",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-07538",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2020-25682",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-25682",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-25682",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-25682",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-07538",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-25682",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-07538"
},
{
"db": "VULMON",
"id": "CVE-2020-25682"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015550"
},
{
"db": "NVD",
"id": "CVE-2020-25682"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Dnsmasq is vulnerable to a set of memory corruption issues handling DNSSEC data and a second set of issues validating DNS responses. These vulnerabilities could allow an attacker to corrupt memory on a vulnerable system and perform cache poisoning attacks against a vulnerable environment.CVE-2020-25681 Not Affected\nCVE-2020-25682 Not Affected\nCVE-2020-25683 Not Affected\nCVE-2020-25684 Affected\nCVE-2020-25685 Affected\nCVE-2020-25686 Affected\nCVE-2020-25687 Not AffectedCVE-2020-25681 Not Affected\nCVE-2020-25682 Not Affected\nCVE-2020-25683 Not Affected\nCVE-2020-25684 Affected\nCVE-2020-25685 Affected\nCVE-2020-25686 Affected\nCVE-2020-25687 Not Affected. dnsmasq Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Dnsmasq is a lightweight DNS forwarding and DHCP and TFTP server written in C language. No detailed vulnerability details are currently provided. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.80-1+deb10u1. \n\nWe recommend that you upgrade your dnsmasq packages. \n\nFor the detailed security status of dnsmasq please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/dnsmasq\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmAZVA4ACgkQEL6Jg/PV\nnWQYKAgAgVwonRAgXSliaFh0n44OPOz9wf4KibG7otcnAx4V4XqFAeXsHd/hIX/K\nIC313F3I+8WzvjKBhvt2KnGG9SnoTnq4roBIa1nz//vNX0hyfDm5xPlxQOExzC+c\nYS8kGt++SvC2wgOsrZEjyk0ecKqDJmZSwW31zXG9/2kTzCbKjuDp+i4TTADqabPC\nAgbmEGVKBR2Fk7K9Prct27oWoj7LHMaH+Ttb8uQGnG7OgJs9KyRI+2qIu+VaRCGf\nyfRj+XayPYHV1Amf5dLIKcLMMp/FnkNFoO2YIAZkWVPjXD2uPKUykJJ1GRl8R+0q\nqtNhPTNNuD6WnYzC8yP0KIQ2tsbg9Q==\n=j5Ka\n-----END PGP SIGNATURE-----\n. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. \n\nSecurity Fix(es):\n\n* dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is\nenabled (CVE-2020-25681)\n\n* dnsmasq: buffer overflow in extract_name() due to missing length check\nwhen DNSSEC is enabled (CVE-2020-25682)\n\n* dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when\nDNSSEC is enabled (CVE-2020-25683)\n\n* dnsmasq: loose address/port check in reply_query() makes forging replies\neasier for an off-path attacker (CVE-2020-25684)\n\n* dnsmasq: loose query name check in reply_query() makes forging replies\neasier for an off-path attacker (CVE-2020-25685)\n\n* dnsmasq: multiple queries forwarded for the same name makes forging\nreplies easier for an off-path attacker (CVE-2020-25686)\n\n* dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset()\nwhen DNSSEC is enabled (CVE-2020-25687)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1881875 - CVE-2020-25681 dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled\n1882014 - CVE-2020-25682 dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled\n1882018 - CVE-2020-25683 dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled\n1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker\n1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker\n1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker\n1891568 - CVE-2020-25687 dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. \n\nThis advisory contains the following OpenShift Virtualization 2.6.0 images:\n\nRHEL-8-CNV-2.6\n=============kubevirt-cpu-node-labeller-container-v2.6.0-5\nkubevirt-cpu-model-nfd-plugin-container-v2.6.0-5\nnode-maintenance-operator-container-v2.6.0-13\nkubevirt-vmware-container-v2.6.0-5\nvirtio-win-container-v2.6.0-5\nkubevirt-kvm-info-nfd-plugin-container-v2.6.0-5\nbridge-marker-container-v2.6.0-9\nkubevirt-template-validator-container-v2.6.0-9\nkubevirt-v2v-conversion-container-v2.6.0-6\nkubemacpool-container-v2.6.0-13\nkubevirt-ssp-operator-container-v2.6.0-40\nhyperconverged-cluster-webhook-container-v2.6.0-73\nhyperconverged-cluster-operator-container-v2.6.0-73\novs-cni-plugin-container-v2.6.0-10\ncnv-containernetworking-plugins-container-v2.6.0-10\novs-cni-marker-container-v2.6.0-10\ncluster-network-addons-operator-container-v2.6.0-16\nhostpath-provisioner-container-v2.6.0-11\nhostpath-provisioner-operator-container-v2.6.0-14\nvm-import-virtv2v-container-v2.6.0-21\nkubernetes-nmstate-handler-container-v2.6.0-19\nvm-import-controller-container-v2.6.0-21\nvm-import-operator-container-v2.6.0-21\nvirt-api-container-v2.6.0-111\nvirt-controller-container-v2.6.0-111\nvirt-handler-container-v2.6.0-111\nvirt-operator-container-v2.6.0-111\nvirt-launcher-container-v2.6.0-111\ncnv-must-gather-container-v2.6.0-54\nvirt-cdi-importer-container-v2.6.0-24\nvirt-cdi-cloner-container-v2.6.0-24\nvirt-cdi-controller-container-v2.6.0-24\nvirt-cdi-uploadserver-container-v2.6.0-24\nvirt-cdi-apiserver-container-v2.6.0-24\nvirt-cdi-uploadproxy-container-v2.6.0-24\nvirt-cdi-operator-container-v2.6.0-24\nhco-bundle-registry-container-v2.6.0-582\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows\nfor panic (CVE-2020-9283)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil\npointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* golang: data race in certain net/http servers including ReverseProxy can\nlead to DoS (CVE-2020-15586)\n\n* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes\nfrom invalid inputs (CVE-2020-16845)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of\nservice (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers\n(CVE-2020-28362)\n\n* containernetworking-cni: Arbitrary path injection via type field in CNI\nconfiguration (CVE-2021-20206)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1732329 - Virtual Machine is missing documentation of its properties in yaml editor\n1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv\n1791753 - [RFE] [SSP] Template validator should check validations in template\u0027s parent template\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration\n1848956 - KMP requires downtime for CA stabilization during certificate rotation\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1853911 - VM with dot in network name fails to start with unclear message\n1854098 - NodeNetworkState on workers doesn\u0027t have \"status\" key due to nmstate-handler pod failure to run \"nmstatectl show\"\n1856347 - SR-IOV : Missing network name for sriov during vm setup\n1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS\n1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination\n1860714 - No API information from `oc explain`\n1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints\n1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem\n1866593 - CDI is not handling vm disk clone\n1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs\n1868817 - Container-native Virtualization 2.6.0 Images\n1873771 - Improve the VMCreationFailed error message caused by VM low memory\n1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it\n1878499 - DV import doesn\u0027t recover from scratch space PVC deletion\n1879108 - Inconsistent naming of \"oc virt\" command in help text\n1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running\n1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT\n1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability\n1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message\n1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used\n1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied\n1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. \n1891285 - Common templates and kubevirt-config cm - update machine-type\n1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error\n1892227 - [SSP] cluster scoped resources are not being reconciled\n1893278 - openshift-virtualization-os-images namespace not seen by user\n1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza\n1894428 - Message for VMI not migratable is not clear enough\n1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium\n1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import\n1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1898072 - Add Fedora33 to Fedora common templates\n1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail\n1899558 - CNV 2.6 - nmstate fails to set state\n1901480 - VM disk io can\u0027t worked if namespace have label kubemacpool\n1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig)\n1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service\n1903014 - hco-webhook pod in CreateContainerError\n1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode\n1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT \"default\"\n1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers\n1907151 - kubevirt version is not reported correctly via virtctl\n1907352 - VM/VMI link changes to `kubevirt.io~v1~VirtualMachineInstance` on CNV 2.6\n1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused \"Internal error occurred\" for creating datavolume\n1907988 - VM loses dynamic IP address of its default interface after migration\n1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity\n1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error\n1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference\n1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import to Ceph RBD/BLOCK fails on \"qemu-img: /data/disk.img\" error\n1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO\n1911118 - Windows VMI LiveMigration / shutdown fails on \u0027XML error: non unique alias detected: ua-\u0027)\n1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface\n1911662 - el6 guests don\u0027t work properly if virtio bus is specified on various devices\n1912908 - Allow using \"scsi\" bus for disks in template validation\n1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails\n1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user\n1913717 - Users should have read permitions for golden images data volumes\n1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes\n1914177 - CNV does not preallocate blank file data volumes\n1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes\n1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer\n1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block\n1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored\n1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration\n1920576 - HCO can report ready=true when it failed to create a CR for a component operator\n1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool\n1927373 - NoExecute taint violates pdb; VMIs are not live migrated\n1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4-\u003eCNV-2.6.0 upgrade\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.4.33 bug fix and security update\nAdvisory ID: RHSA-2021:0281-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0281\nIssue date: 2021-02-03\nCVE Names: CVE-2020-2304 CVE-2020-2305 CVE-2020-8559 \n CVE-2020-8564 CVE-2020-14382 CVE-2020-25681 \n CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 \n CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 \n CVE-2020-25694 CVE-2020-25696 CVE-2021-20182 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.4.33 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nThis release also includes a security update for Red Hat OpenShift\nContainer Platform 4.4. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* openshift: builder allows read and write of block devices\n(CVE-2021-20182)\n\n* kubernetes: Compromised node could escalate to cluster level privileges\n(CVE-2020-8559)\n\n* kubernetes: Docker config secrets leaked when file is malformed and\nloglevel \u003e= 4 (CVE-2020-8564)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.4.33. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2021:0282\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel\nease-notes.html\n\nThis update fixes the following bugs among others:\n\n* Previously, there were broken connections to the API server that caused\nnodes to remain in the NotReady state. Detecting a broken network\nconnection could take up to 15 minutes, during which the platform would\nremain unavailable. This is now fixed by setting the TCP_USER_TIMEOUT\nsocket option, which controls how long transmitted data can be\nunacknowledged before the connection is forcefully closed. (BZ#1907939)\n\n* Previously, the quota controllers only worked on resources retrieved from\nthe discovery endpoint, which might contain only a fraction of all\nresources due to a network error. This is now fixed by having the quota\ncontrollers periodically resync when new resources are observed from the\ndiscovery endpoint. (BZ#1910096)\n\n* Previously, the kuryr-controller was comparing security groups related to\nnetwork policies incorrectly. This caused security rules related to a\nnetwork policy to be recreated on every minor update of that network\npolicy. This bug has been fixed, allowing network policy updates that\nalready have existing rules to be preserved; network policy additions or\ndeletions are performed, if needed. (BZ#1910221)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.4.33-x86_64\n\nThe image digest is\nsha256:a035dddd8a5e5c99484138951ef4aba021799b77eb9046f683a5466c23717738\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.4.33-s390x\n\nThe image digest is\nsha256:ecc1e5aaf8496dd60a7703562fd6c65541172a56ae9008fce6db5d55e43371dc\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.4.33-ppc64le\n\nThe image digest is\nsha256:567bf8031c80b08e3e56a57e1c8e5b0b01a2f922e01b36ee333f6ab5bff95495\n\nAll OpenShift Container Platform 4.4 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.4/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. \n\n3. Solution:\n\nFor OpenShift Container Platform 4.4 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.4/updating/updating-cluster\n- -cli.html. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1848516 - [4.4] Unresponsive OpenShift 4.4 cluster on Azure (UPI)\n1851422 - CVE-2020-8559 kubernetes: compromised node could escalate to cluster level privileges\n1886637 - CVE-2020-8564 kubernetes: Docker config secrets leaked when file is malformed and loglevel \u003e= 4\n1895332 - NP CRD unable to be patched because of missing sg rule ID\n1897546 - Backup taken on one master cannot be restored on other masters\n1900727 - Using shareProcessNamespace with default pod image leaves unreaped processes\n1904413 - (release 4.4) Hostsubnet gatherer produces wrong output\n1905891 - genericapiserver library must wait for server.Shutdown\n1906484 - Etcd container leaves grep and lsof zombie processes\n1907939 - Nodes goes into NotReady state (VMware)\n1910096 - [release-4.4] The quota controllers should resync on new resources and make progress\n1910221 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails\n1915110 - CVE-2021-20182 openshift: builder allows read and write of block devices\n1916952 - OperatorExited, Pending marketplace-operator-... pod for several weeks\n1917416 - e2e: should be able to pull image from docker hub is failing permanently\n1918609 - ARO/Azure: excessive pod memory allocation causes node lockup\n1918974 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-2304\nhttps://access.redhat.com/security/cve/CVE-2020-2305\nhttps://access.redhat.com/security/cve/CVE-2020-8559\nhttps://access.redhat.com/security/cve/CVE-2020-8564\nhttps://access.redhat.com/security/cve/CVE-2020-14382\nhttps://access.redhat.com/security/cve/CVE-2020-25681\nhttps://access.redhat.com/security/cve/CVE-2020-25682\nhttps://access.redhat.com/security/cve/CVE-2020-25683\nhttps://access.redhat.com/security/cve/CVE-2020-25684\nhttps://access.redhat.com/security/cve/CVE-2020-25685\nhttps://access.redhat.com/security/cve/CVE-2020-25686\nhttps://access.redhat.com/security/cve/CVE-2020-25687\nhttps://access.redhat.com/security/cve/CVE-2020-25694\nhttps://access.redhat.com/security/cve/CVE-2020-25696\nhttps://access.redhat.com/security/cve/CVE-2021-20182\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYBp6w9zjgjWX9erEAQg0JhAAhv2R8jAKUz7A/RTezDOJQiDcQ1do+jV2\nPD59ab0pCrWCA70gAh7mdZnaniKQGeBL1qh/lOYV0GPOpsGZjTG9ylVOg2TOEnjD\n/WMOnHMehWoyZR6Ys0SNQFkdf0bkvLE33r5qEcd+l/cElaqxSH4b1gG2jU9FUOK8\nfAG9tmWvfbSXgGcpND5guS/jVuL8dQOyC1ktQnXdfkMvZLDOlwBotGbxTi/adzUS\n6YzikRCBzoZMZC13+ZtiznfIQeq8lKlZ3+0O2lXi5KTiSqby7HmIrawUwtiHUnzJ\n9VUs8zIcA/ynr3h5POhvpg0XgioUsjJ+2U0r8EP+rYtJ4lcrT68vhAzkCysMg/y4\nznQ+y5M4uoxXycB92kFrMA1og8jfJCuh5y50duo9OhOe2D75Em0XnhwGoEJrDe3z\njefvSwBb9WNG+jagrX69aaBrq36qhfutaI0SU7FNhoHL4Ev50zByBXSFJzQR3b59\nfh0YdzC1VTCE/LKBhELpuW7VOk4MDEs5AQAiIXv3QxKKmnyLJwnQUMwSdZiQef2X\nz5p8crPmGEwdZ10cDgmFH7mOb2F2utFy1FzuDh+h5lXhAmCfgggiHp5fADd43h47\nEAtIwmu3VurOIkvMaqQTwL5SjVAajd26KVAa09Pb6TdWAhN/jFFRvjKJMm7523Mo\nmafFnOJZH7k=\n=9sMW\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202101-17\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Dnsmasq: Multiple vulnerabilities\n Date: January 22, 2021\n Bugs: #766126\n ID: 202101-17\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Dnsmasq, the worst of which\nmay allow remote attackers to execute arbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-dns/dnsmasq \u003c 2.83 \u003e= 2.83\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Dnsmasq. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Dnsmasq users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-dns/dnsmasq-2.83\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-25681\n https://nvd.nist.gov/vuln/detail/CVE-2020-25681\n[ 2 ] CVE-2020-25682\n https://nvd.nist.gov/vuln/detail/CVE-2020-25682\n[ 3 ] CVE-2020-25683\n https://nvd.nist.gov/vuln/detail/CVE-2020-25683\n[ 4 ] CVE-2020-25684\n https://nvd.nist.gov/vuln/detail/CVE-2020-25684\n[ 5 ] CVE-2020-25685\n https://nvd.nist.gov/vuln/detail/CVE-2020-25685\n[ 6 ] CVE-2020-25686\n https://nvd.nist.gov/vuln/detail/CVE-2020-25686\n[ 7 ] CVE-2020-25687\n https://nvd.nist.gov/vuln/detail/CVE-2020-25687\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202101-17\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25682"
},
{
"db": "CERT/CC",
"id": "VU#434904"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015550"
},
{
"db": "CNVD",
"id": "CNVD-2021-07538"
},
{
"db": "VULMON",
"id": "CVE-2020-25682"
},
{
"db": "PACKETSTORM",
"id": "169002"
},
{
"db": "PACKETSTORM",
"id": "161012"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161269"
},
{
"db": "PACKETSTORM",
"id": "161013"
},
{
"db": "PACKETSTORM",
"id": "161085"
},
{
"db": "PACKETSTORM",
"id": "161014"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25682",
"trust": 4.0
},
{
"db": "CERT/CC",
"id": "VU#434904",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90340376",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015550",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-07538",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-25682",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169002",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161012",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161742",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161269",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161013",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161085",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161014",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#434904"
},
{
"db": "CNVD",
"id": "CNVD-2021-07538"
},
{
"db": "VULMON",
"id": "CVE-2020-25682"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015550"
},
{
"db": "PACKETSTORM",
"id": "169002"
},
{
"db": "PACKETSTORM",
"id": "161012"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161269"
},
{
"db": "PACKETSTORM",
"id": "161013"
},
{
"db": "PACKETSTORM",
"id": "161085"
},
{
"db": "PACKETSTORM",
"id": "161014"
},
{
"db": "NVD",
"id": "CVE-2020-25682"
}
]
},
"id": "VAR-202101-0218",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-07538"
}
],
"trust": 0.85396827
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-07538"
}
]
},
"last_update_date": "2024-11-29T20:29:31.463000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
},
{
"title": "Patch for Dnsmasq buffer overflow vulnerability (CNVD-2021-07538)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/246061"
},
{
"title": "Red Hat: Important: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210151 - Security Advisory"
},
{
"title": "Red Hat: Important: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210150 - Security Advisory"
},
{
"title": "Red Hat: Important: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210152 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-25682 log"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.4.33 bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210281 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4844-1 dnsmasq -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6bdd82a7af8c0333eca753b3b7b02111"
},
{
"title": "Arch Linux Advisories: [ASA-202101-38] dnsmasq: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202101-38"
},
{
"title": "Cisco: Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-dnsmasq-dns-2021-c5mrdf3g"
},
{
"title": "pique",
"trust": 0.1,
"url": "https://github.com/AZ-X/pique "
},
{
"title": "CSCM28CW2",
"trust": 0.1,
"url": "https://github.com/klcheung99/CSCM28CW2 "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/dnspooq-flaws-allow-dns-hijacking-of-millions-of-devices/163163/"
},
{
"title": null,
"trust": 0.1,
"url": "https://www.theregister.co.uk/2021/01/20/dns_cache_poisoning/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/dnspooq-bugs-let-attackers-hijack-dns-on-millions-of-devices/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/list-of-dnspooq-vulnerability-advisories-patches-and-updates/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-07538"
},
{
"db": "VULMON",
"id": "CVE-2020-25682"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015550"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015550"
},
{
"db": "NVD",
"id": "CVE-2020-25682"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25682"
},
{
"trust": 1.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202101-17"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-4844"
},
{
"trust": 1.1,
"url": "https://www.jsof-tech.com/disclosures/dnspooq/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wyw3ir6apuskoykl5ft3actihwhgqy32/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qgb7hl3owhtlepsmldgomxqkg3km2qme/"
},
{
"trust": 0.8,
"url": "cve-2020-25681 "
},
{
"trust": 0.8,
"url": "cve-2020-25682 "
},
{
"trust": 0.8,
"url": "cve-2020-25683 "
},
{
"trust": 0.8,
"url": "cve-2020-25684 "
},
{
"trust": 0.8,
"url": "cve-2020-25685 "
},
{
"trust": 0.8,
"url": "cve-2020-25686 "
},
{
"trust": 0.8,
"url": "cve-2020-25687 "
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90340376/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25684"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25687"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25683"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25686"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25681"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25685"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-25685"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-25684"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-25682"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-25686"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-25687"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-25681"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-25683"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-001"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2021:0151"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14382"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qgb7hl3owhtlepsmldgomxqkg3km2qme/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wyw3ir6apuskoykl5ft3actihwhgqy32/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/az-x/pique"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195079"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/dnsmasq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16300"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14466"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10105"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15166"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9802"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26160"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16230"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6829"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12403"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3156"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8812"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3899"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14467"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10103"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14469"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3867"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16229"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9893"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8808"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3902"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14882"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16227"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3900"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14461"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14881"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9805"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14464"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8820"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9850"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14463"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16228"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14879"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29652"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14351"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9862"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24659"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9327"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10105"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14880"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3885"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15503"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14461"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14468"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8764"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14466"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3865"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14882"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16227"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14464"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16452"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16230"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20387"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14391"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14468"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14467"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14559"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14462"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29661"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14880"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14881"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3901"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16300"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14462"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1752"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16229"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8622"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11793"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6405"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16451"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10103"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0799"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14463"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8815"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10029"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16451"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14879"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14470"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14470"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13631"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16452"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8846"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3868"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25696"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25694"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0281"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25694"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8559"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8559"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14382"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8564"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.4/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8564"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0282"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0152"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#434904"
},
{
"db": "CNVD",
"id": "CNVD-2021-07538"
},
{
"db": "VULMON",
"id": "CVE-2020-25682"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015550"
},
{
"db": "PACKETSTORM",
"id": "169002"
},
{
"db": "PACKETSTORM",
"id": "161012"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161269"
},
{
"db": "PACKETSTORM",
"id": "161013"
},
{
"db": "PACKETSTORM",
"id": "161085"
},
{
"db": "PACKETSTORM",
"id": "161014"
},
{
"db": "NVD",
"id": "CVE-2020-25682"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#434904"
},
{
"db": "CNVD",
"id": "CNVD-2021-07538"
},
{
"db": "VULMON",
"id": "CVE-2020-25682"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015550"
},
{
"db": "PACKETSTORM",
"id": "169002"
},
{
"db": "PACKETSTORM",
"id": "161012"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161269"
},
{
"db": "PACKETSTORM",
"id": "161013"
},
{
"db": "PACKETSTORM",
"id": "161085"
},
{
"db": "PACKETSTORM",
"id": "161014"
},
{
"db": "NVD",
"id": "CVE-2020-25682"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-19T00:00:00",
"db": "CERT/CC",
"id": "VU#434904"
},
{
"date": "2021-01-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-07538"
},
{
"date": "2021-01-20T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25682"
},
{
"date": "2021-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015550"
},
{
"date": "2021-02-28T20:12:00",
"db": "PACKETSTORM",
"id": "169002"
},
{
"date": "2021-01-19T14:45:12",
"db": "PACKETSTORM",
"id": "161012"
},
{
"date": "2021-03-10T16:02:43",
"db": "PACKETSTORM",
"id": "161742"
},
{
"date": "2021-02-03T16:14:39",
"db": "PACKETSTORM",
"id": "161269"
},
{
"date": "2021-01-19T14:45:21",
"db": "PACKETSTORM",
"id": "161013"
},
{
"date": "2021-01-25T14:38:26",
"db": "PACKETSTORM",
"id": "161085"
},
{
"date": "2021-01-19T14:45:29",
"db": "PACKETSTORM",
"id": "161014"
},
{
"date": "2021-01-20T17:15:12.920000",
"db": "NVD",
"id": "CVE-2020-25682"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-06T00:00:00",
"db": "CERT/CC",
"id": "VU#434904"
},
{
"date": "2021-01-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-07538"
},
{
"date": "2021-03-26T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25682"
},
{
"date": "2021-10-04T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2020-015550"
},
{
"date": "2024-11-21T05:18:27.207000",
"db": "NVD",
"id": "CVE-2020-25682"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "161085"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dnsmasq is vulnerable to memory corruption and cache poisoning",
"sources": [
{
"db": "CERT/CC",
"id": "VU#434904"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "161012"
},
{
"db": "PACKETSTORM",
"id": "161013"
},
{
"db": "PACKETSTORM",
"id": "161014"
}
],
"trust": 0.3
}
}
var-202205-0743
Vulnerability from variot
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. LibTIFF Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-10
https://security.gentoo.org/
Severity: Low Title: LibTIFF: Multiple Vulnerabilities Date: October 31, 2022 Bugs: #830981, #837560 ID: 202210-10
Synopsis
Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in denial of service.
Background
LibTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/tiff < 4.4.0 >= 4.4.0
Description
Multiple vulnerabilities have been discovered in LibTIFF. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All LibTIFF users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.4.0"
References
[ 1 ] CVE-2022-0561 https://nvd.nist.gov/vuln/detail/CVE-2022-0561 [ 2 ] CVE-2022-0562 https://nvd.nist.gov/vuln/detail/CVE-2022-0562 [ 3 ] CVE-2022-0865 https://nvd.nist.gov/vuln/detail/CVE-2022-0865 [ 4 ] CVE-2022-0891 https://nvd.nist.gov/vuln/detail/CVE-2022-0891 [ 5 ] CVE-2022-0907 https://nvd.nist.gov/vuln/detail/CVE-2022-0907 [ 6 ] CVE-2022-0908 https://nvd.nist.gov/vuln/detail/CVE-2022-0908 [ 7 ] CVE-2022-0909 https://nvd.nist.gov/vuln/detail/CVE-2022-0909 [ 8 ] CVE-2022-0924 https://nvd.nist.gov/vuln/detail/CVE-2022-0924 [ 9 ] CVE-2022-1056 https://nvd.nist.gov/vuln/detail/CVE-2022-1056 [ 10 ] CVE-2022-1210 https://nvd.nist.gov/vuln/detail/CVE-2022-1210 [ 11 ] CVE-2022-1354 https://nvd.nist.gov/vuln/detail/CVE-2022-1354 [ 12 ] CVE-2022-1355 https://nvd.nist.gov/vuln/detail/CVE-2022-1355 [ 13 ] CVE-2022-1622 https://nvd.nist.gov/vuln/detail/CVE-2022-1622 [ 14 ] CVE-2022-1623 https://nvd.nist.gov/vuln/detail/CVE-2022-1623 [ 15 ] CVE-2022-22844 https://nvd.nist.gov/vuln/detail/CVE-2022-22844
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202210-10
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16
iOS 16 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213446.
Accelerate Framework Available for: iPhone 8 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki Entry added October 27, 2022
AppleAVD Available for: iPhone 8 and later Impact: An app may be able to cause a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, and an anonymous researcher Entry added October 27, 2022
AppleAVD Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research s.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee__) Entry added October 27, 2022
Apple Neural Engine Available for: iPhone 8 and later Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36) Entry added October 27, 2022
Apple Neural Engine Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36) CVE-2022-32889: Mohamed Ghannam (@_simo36) Entry added October 27, 2022
Apple TV Available for: iPhone 8 and later Impact: An app may be able to access user-sensitive data Description: The issue was addressed with improved handling of caches. CVE-2022-32909: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022
Contacts Available for: iPhone 8 and later Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved checks. CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security
Crash Reporter Available for: iPhone 8 and later Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection. CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike Entry added October 27, 2022
DriverKit Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de) Entry added October 27, 2022
Exchange Available for: iPhone 8 and later Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher Entry added October 27, 2022
GPU Drivers Available for: iPhone 8 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26744: an anonymous researcher Entry added October 27, 2022
GPU Drivers Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32903: an anonymous researcher Entry added October 27, 2022
ImageIO Available for: iPhone 8 and later Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622 Entry added October 27, 2022
Image Processing Available for: iPhone 8 and later Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added October 27, 2022
IOGPUFamily Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32887: an anonymous researcher Entry added October 27, 2022
Kernel Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab Entry added October 27, 2022
Kernel Available for: iPhone 8 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab Entry updated October 27, 2022
Kernel Available for: iPhone 8 and later Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: iPhone 8 and later Impact: An application may be able to execute arbitrary code with kernel privileges. Description: The issue was addressed with improved bounds checks. CVE-2022-32917: an anonymous researcher
Maps Available for: iPhone 8 and later Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas, breakpointhq.com
MediaLibrary Available for: iPhone 8 and later Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
Notifications Available for: iPhone 8 and later Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer Entry added October 27, 2022
Photos Available for: iPhone 8 and later Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection. CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd Entry added October 27, 2022
Safari Available for: iPhone 8 and later Impact: Visiting a malicious website may lead to address bar spoofing Description: This issue was addressed with improved checks. CVE-2022-32795: Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati
Safari Extensions Available for: iPhone 8 and later Impact: A website may be able to track users through Safari web extensions Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 242278 CVE-2022-32868: Michael
Sandbox Available for: iPhone 8 and later Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022
Security Available for: iPhone 8 and later Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de) Entry added October 27, 2022
Shortcuts Available for: iPhone 8 and later Impact: A person with physical access to an iOS device may be able to access photos from the lock screen Description: A logic issue was addressed with improved restrictions. CVE-2022-32872: Elite Tech Guru
Sidecar Available for: iPhone 8 and later Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital Entry added October 27, 2022
Siri Available for: iPhone 8 and later Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/andrew-goldberg-/) Entry added October 27, 2022
SQLite Available for: iPhone 8 and later Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690 Entry added October 27, 2022
Time Zone Available for: iPhone 8 and later Impact: Deleted contacts may still appear in spotlight search results Description: A logic issue was addressed with improved state management. CVE-2022-32859 Entry added October 27, 2022
Watch app Available for: iPhone 8 and later Impact: An app may be able to read a persistent device identifier Description: This issue was addressed with improved entitlements. CVE-2022-32835: Guilherme Rambo of Best Buddy Apps (rambo.codes) Entry added October 27, 2022
Weather Available for: iPhone 8 and later Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher Entry added October 27, 2022
WebKit Available for: iPhone 8 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer) Entry added October 27, 2022
WebKit Available for: iPhone 8 and later Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243236 CVE-2022-32891: @real_as3617, and an anonymous researcher Entry added October 27, 2022
WebKit Available for: iPhone 8 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer, afang5472, xmzyshypnc
WebKit Available for: iPhone 8 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative
WebKit Sandboxing Available for: iPhone 8 and later Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab Entry added October 27, 2022
Wi-Fi Available for: iPhone 8 and later Impact: An app may be able to cause unexpected system termination or write kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32925: Wang Yu of Cyberserval Entry added October 27, 2022
Additional recognition
AirDrop We would like to acknowledge Alexander Heinrich, Milan Stute, and Christian Weinert of Technical University of Darmstadt for their assistance. Entry added October 27, 2022
AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance. Entry added October 27, 2022
Calendar UI We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal for their assistance. Entry added October 27, 2022
FaceTime We would like to acknowledge an anonymous researcher for their assistance. Entry added October 27, 2022
Find My We would like to acknowledge an anonymous researcher for their assistance. Entry added October 27, 2022
Game Center We would like to acknowledge Joshua Jones for their assistance.
iCloud We would like to acknowledge Bülent Aytulun, and an anonymous researcher for their assistance. Entry added October 27, 2022
Identity Services We would like to acknowledge Joshua Jones for their assistance.
Kernel We would like to acknowledge Pan ZhenPeng(@Peterpan0927), Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, and an anonymous researcher for their assistance. Entry added October 27, 2022
Mail We would like to acknowledge an anonymous researcher for their assistance. Entry added October 27, 2022
Notes We would like to acknowledge Edward Riley of Iron Cloud Limited (ironclouduk.com) for their assistance. Entry added October 27, 2022
Photo Booth We would like to acknowledge Prashanth Kannan of Dremio for their assistance. Entry added October 27, 2022
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Entry added October 27, 2022
Shortcuts We would like to acknowledge Shay Dror for their assistance. Entry added October 27, 2022
SOS We would like to acknowledge Xianfeng Lu and Lei Ai of OPPO Amber Security Lab for their assistance. Entry added October 27, 2022
UIKit We would like to acknowledge Aleczander Ewing, Simon de Vegt, and an anonymous researcher for their assistance. Entry added October 27, 2022
WebKit We would like to acknowledge an anonymous researcher for their assistance. Entry added October 27, 2022
WebRTC We would like to acknowledge an anonymous researcher for their assistance. Entry added October 27, 2022
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 16". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpoACgkQ4RjMIDke NxkQ8w/9FMTP02t/AKe0nXZ44UhfMLy7Sx88gpWRHaWKZtdjPADC2kxx1RbVSvrC C5nB6bw2zGppE1V284QitcNG9WrGGTINK6Knshv0PCkWLZnh1sYqX2bYbKmY6Ol7 K+lRk6zicF3k7KcCZRly6UuJ8RvfPpa2wKuVVv5FBPM8bPRuovVRiRxGUWuO7emM ZXyp4n5u+GldW8n8hRK/jxwGGwrKqFmXL9Ecd79I2/4uYmEx6tmoAYuEZs26BfjK Etd1F54PlewmyUKvVlWiwLhpVgygRqkmvW+jKwX46gBzwHFK88B9IV6wf8ZD5JaU Ur+nqEjiqmbYdcfV8pu64eRNnlTiCmD/ehJg8sNG38m9SeqOw3ZNVaQ8+sgoXwsp rpsPDPsXmPqqadxERe7LwLXSm4KtTARdGbEffHAA5eqc+U0ja2u3piqk8ZKTrC6K tORrDjSkKx9AILbds99Wzbnb1rfF/09N1+LPQT7Ac8PCA/kE+XQ+nmSDoInh8PTU rFt3ZW9Ud0q6Y2Ix11WYrb6wOqs/vafaW5zXTnNfgKNvw2zO/9yKYhaqIjlGtLSJ Og/O1sdcPMPisBGQynF7Dj42riQD5RQGbB/GmfgRqUHFXwcWJxFRblkwUxbjuEaR nYRj90cDbUE2wmsE4y4uFfCVpKTQCQCKXuSuBkOQje0KjTDHWac= =I+iq -----END PGP SIGNATURE-----
. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. Apple is aware of a report that this issue may have been actively exploited. Apple is aware of a report that this issue may have been actively exploited.
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Debian Security Advisory DSA-5333-1 security@debian.org https://www.debian.org/security/ Aron Xu January 29, 2023 https://www.debian.org/security/faq
Package : tiff CVE ID : CVE-2022-1354 CVE-2022-1355 CVE-2022-1622 CVE-2022-1623 CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-2953 CVE-2022-3570 CVE-2022-3597 CVE-2022-3599 CVE-2022-3627 CVE-2022-3636 CVE-2022-34526 CVE-2022-48281 Debian Bug : 1011160 1014494 1022555 1024737 1029653
Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.
For the stable distribution (bullseye), these problems have been fixed in version 4.2.0-1+deb11u3.
We recommend that you upgrade your tiff packages
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0743",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "16.0"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "16.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "9.0"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "libtiff",
"scope": "eq",
"trust": 1.0,
"vendor": "libtiff",
"version": "4.3.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.7"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "watchos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ontap select deploy administration utility",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "tvos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "libtiff",
"scope": null,
"trust": 0.8,
"vendor": "libtiff",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011453"
},
{
"db": "NVD",
"id": "CVE-2022-1622"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "169559"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "169598"
},
{
"db": "PACKETSTORM",
"id": "169589"
}
],
"trust": 0.5
},
"cve": "CVE-2022-1622",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1622",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-419735",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1622",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2022-011453",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1622",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@gitlab.com",
"id": "CVE-2022-1622",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-1622",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2732",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-419735",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1622",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419735"
},
{
"db": "VULMON",
"id": "CVE-2022-1622"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011453"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2732"
},
{
"db": "NVD",
"id": "CVE-2022-1622"
},
{
"db": "NVD",
"id": "CVE-2022-1622"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. LibTIFF Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202210-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: LibTIFF: Multiple Vulnerabilities\n Date: October 31, 2022\n Bugs: #830981, #837560\n ID: 202210-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in LibTIFF, the worst of which\ncould result in denial of service. \n\nBackground\n==========\n\nLibTIFF provides support for reading and manipulating TIFF (Tagged Image\nFile Format) images. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 media-libs/tiff \u003c 4.4.0 \u003e= 4.4.0\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in LibTIFF. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll LibTIFF users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=media-libs/tiff-4.4.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-0561\n https://nvd.nist.gov/vuln/detail/CVE-2022-0561\n[ 2 ] CVE-2022-0562\n https://nvd.nist.gov/vuln/detail/CVE-2022-0562\n[ 3 ] CVE-2022-0865\n https://nvd.nist.gov/vuln/detail/CVE-2022-0865\n[ 4 ] CVE-2022-0891\n https://nvd.nist.gov/vuln/detail/CVE-2022-0891\n[ 5 ] CVE-2022-0907\n https://nvd.nist.gov/vuln/detail/CVE-2022-0907\n[ 6 ] CVE-2022-0908\n https://nvd.nist.gov/vuln/detail/CVE-2022-0908\n[ 7 ] CVE-2022-0909\n https://nvd.nist.gov/vuln/detail/CVE-2022-0909\n[ 8 ] CVE-2022-0924\n https://nvd.nist.gov/vuln/detail/CVE-2022-0924\n[ 9 ] CVE-2022-1056\n https://nvd.nist.gov/vuln/detail/CVE-2022-1056\n[ 10 ] CVE-2022-1210\n https://nvd.nist.gov/vuln/detail/CVE-2022-1210\n[ 11 ] CVE-2022-1354\n https://nvd.nist.gov/vuln/detail/CVE-2022-1354\n[ 12 ] CVE-2022-1355\n https://nvd.nist.gov/vuln/detail/CVE-2022-1355\n[ 13 ] CVE-2022-1622\n https://nvd.nist.gov/vuln/detail/CVE-2022-1622\n[ 14 ] CVE-2022-1623\n https://nvd.nist.gov/vuln/detail/CVE-2022-1623\n[ 15 ] CVE-2022-22844\n https://nvd.nist.gov/vuln/detail/CVE-2022-22844\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202210-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16\n\niOS 16 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213446. \n\nAccelerate Framework\nAvailable for: iPhone 8 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\nEntry added October 27, 2022\n\nAppleAVD\nAvailable for: iPhone 8 and later\nImpact: An app may be able to cause a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, and an anonymous researcher\nEntry added October 27, 2022\n\nAppleAVD\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio\nZekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research\ns.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee__)\nEntry added October 27, 2022\n\nApple Neural Engine\nAvailable for: iPhone 8 and later\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\nEntry added October 27, 2022\n\nApple Neural Engine\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\nCVE-2022-32889: Mohamed Ghannam (@_simo36)\nEntry added October 27, 2022\n\nApple TV\nAvailable for: iPhone 8 and later\nImpact: An app may be able to access user-sensitive data\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2022-32909: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nContacts\nAvailable for: iPhone 8 and later\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved checks. \nCVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security\n\nCrash Reporter\nAvailable for: iPhone 8 and later\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\nEntry added October 27, 2022\n\nDriverKit\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\nEntry added October 27, 2022\n\nExchange\nAvailable for: iPhone 8 and later\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\nEntry added October 27, 2022\n\nGPU Drivers\nAvailable for: iPhone 8 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26744: an anonymous researcher\nEntry added October 27, 2022\n\nGPU Drivers\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32903: an anonymous researcher\nEntry added October 27, 2022\n\nImageIO\nAvailable for: iPhone 8 and later\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\nEntry added October 27, 2022\n\nImage Processing\nAvailable for: iPhone 8 and later\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\nEntry added October 27, 2022\n\nIOGPUFamily\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32887: an anonymous researcher\nEntry added October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\nEntry added October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nEntry updated October 27, 2022\n\nKernel\nAvailable for: iPhone 8 and later\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: iPhone 8 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32917: an anonymous researcher \n\nMaps\nAvailable for: iPhone 8 and later\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas, breakpointhq.com\n\nMediaLibrary\nAvailable for: iPhone 8 and later\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nNotifications\nAvailable for: iPhone 8 and later\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\nEntry added October 27, 2022\n\nPhotos\nAvailable for: iPhone 8 and later\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\nEntry added October 27, 2022\n\nSafari\nAvailable for: iPhone 8 and later\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: This issue was addressed with improved checks. \nCVE-2022-32795: Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India)\n@imnarendrabhati\n\nSafari Extensions\nAvailable for: iPhone 8 and later\nImpact: A website may be able to track users through Safari web\nextensions\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 242278\nCVE-2022-32868: Michael\n\nSandbox\nAvailable for: iPhone 8 and later\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nSecurity\nAvailable for: iPhone 8 and later\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\nEntry added October 27, 2022\n\nShortcuts\nAvailable for: iPhone 8 and later\nImpact: A person with physical access to an iOS device may be able to\naccess photos from the lock screen\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32872: Elite Tech Guru\n\nSidecar\nAvailable for: iPhone 8 and later\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\nEntry added October 27, 2022\n\nSiri\nAvailable for: iPhone 8 and later\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/andrew-goldberg-/)\nEntry added October 27, 2022\n\nSQLite\nAvailable for: iPhone 8 and later\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\nEntry added October 27, 2022\n\nTime Zone\nAvailable for: iPhone 8 and later\nImpact: Deleted contacts may still appear in spotlight search results\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32859\nEntry added October 27, 2022\n\nWatch app\nAvailable for: iPhone 8 and later\nImpact: An app may be able to read a persistent device identifier\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-32835: Guilherme Rambo of Best Buddy Apps (rambo.codes)\nEntry added October 27, 2022\n\nWeather\nAvailable for: iPhone 8 and later\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\nEntry added October 27, 2022\n\nWebKit\nAvailable for: iPhone 8 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\nEntry added October 27, 2022\n\nWebKit\nAvailable for: iPhone 8 and later\nImpact: Visiting a website that frames malicious content may lead to\nUI spoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243236\nCVE-2022-32891: @real_as3617, and an anonymous researcher\nEntry added October 27, 2022\n\nWebKit\nAvailable for: iPhone 8 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer, afang5472, xmzyshypnc\n\nWebKit\nAvailable for: iPhone 8 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: iPhone 8 and later\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\nEntry added October 27, 2022\n\nWi-Fi\nAvailable for: iPhone 8 and later\nImpact: An app may be able to cause unexpected system termination or\nwrite kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32925: Wang Yu of Cyberserval\nEntry added October 27, 2022\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Alexander Heinrich, Milan Stute, and\nChristian Weinert of Technical University of Darmstadt for their\nassistance. \nEntry added October 27, 2022\n\nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \nEntry added October 27, 2022\n\nCalendar UI\nWe would like to acknowledge Abhay Kailasia (@abhay_kailasia) of\nLakshmi Narain College Of Technology Bhopal for their assistance. \nEntry added October 27, 2022\n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nGame Center\nWe would like to acknowledge Joshua Jones for their assistance. \n\niCloud\nWe would like to acknowledge B\u00fclent Aytulun, and an anonymous\nresearcher for their assistance. \nEntry added October 27, 2022\n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nKernel\nWe would like to acknowledge Pan ZhenPeng(@Peterpan0927), Tingting\nYin of Tsinghua University, and Min Zheng of Ant Group, and an\nanonymous researcher for their assistance. \nEntry added October 27, 2022\n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nNotes\nWe would like to acknowledge Edward Riley of Iron Cloud Limited\n(ironclouduk.com) for their assistance. \nEntry added October 27, 2022\n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \nEntry added October 27, 2022\n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \nEntry added October 27, 2022\n\nShortcuts\nWe would like to acknowledge Shay Dror for their assistance. \nEntry added October 27, 2022\n\nSOS\nWe would like to acknowledge Xianfeng Lu and Lei Ai of OPPO Amber\nSecurity Lab for their assistance. \nEntry added October 27, 2022\n\nUIKit\nWe would like to acknowledge Aleczander Ewing, Simon de Vegt, and an\nanonymous researcher for their assistance. \nEntry added October 27, 2022\n\nWebKit\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added October 27, 2022\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/ iTunes and Software Update on the\ndevice will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it is downloaded and the option\nto be installed is presented to the user when the iOS device is\ndocked. We recommend applying the update immediately if possible. \nSelecting Don\u0027t Install will present the option the next time you\nconnect your iOS device. The automatic update process may take up to\na week depending on the day that iTunes or the device checks for\nupdates. You may manually obtain the update via the Check for Updates\nbutton within iTunes, or the Software Update on your device. To\ncheck that the iPhone, iPod touch, or iPad has been updated: *\nNavigate to Settings * Select General * Select About. The version\nafter applying this update will be \"iOS 16\". \nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpoACgkQ4RjMIDke\nNxkQ8w/9FMTP02t/AKe0nXZ44UhfMLy7Sx88gpWRHaWKZtdjPADC2kxx1RbVSvrC\nC5nB6bw2zGppE1V284QitcNG9WrGGTINK6Knshv0PCkWLZnh1sYqX2bYbKmY6Ol7\nK+lRk6zicF3k7KcCZRly6UuJ8RvfPpa2wKuVVv5FBPM8bPRuovVRiRxGUWuO7emM\nZXyp4n5u+GldW8n8hRK/jxwGGwrKqFmXL9Ecd79I2/4uYmEx6tmoAYuEZs26BfjK\nEtd1F54PlewmyUKvVlWiwLhpVgygRqkmvW+jKwX46gBzwHFK88B9IV6wf8ZD5JaU\nUr+nqEjiqmbYdcfV8pu64eRNnlTiCmD/ehJg8sNG38m9SeqOw3ZNVaQ8+sgoXwsp\nrpsPDPsXmPqqadxERe7LwLXSm4KtTARdGbEffHAA5eqc+U0ja2u3piqk8ZKTrC6K\ntORrDjSkKx9AILbds99Wzbnb1rfF/09N1+LPQT7Ac8PCA/kE+XQ+nmSDoInh8PTU\nrFt3ZW9Ud0q6Y2Ix11WYrb6wOqs/vafaW5zXTnNfgKNvw2zO/9yKYhaqIjlGtLSJ\nOg/O1sdcPMPisBGQynF7Dj42riQD5RQGbB/GmfgRqUHFXwcWJxFRblkwUxbjuEaR\nnYRj90cDbUE2wmsE4y4uFfCVpKTQCQCKXuSuBkOQje0KjTDHWac=\n=I+iq\n-----END PGP SIGNATURE-----\n\n\n. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. Apple is aware of a report that this issue may\nhave been actively exploited. Apple is aware of a report that this issue\nmay have been actively exploited. \n\nInstructions on how to update your Apple Watch software are available\nat https://support.apple.com/kb/HT204641 To check the version on\nyour Apple Watch, open the Apple Watch app on your iPhone and select\n\"My Watch \u003e General \u003e About\". Alternatively, on your watch, select\n\"My Watch \u003e General \u003e About\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5333-1 security@debian.org\nhttps://www.debian.org/security/ Aron Xu\nJanuary 29, 2023 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tiff\nCVE ID : CVE-2022-1354 CVE-2022-1355 CVE-2022-1622 CVE-2022-1623 \n CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 CVE-2022-2519 \n CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868 \n CVE-2022-2869 CVE-2022-2953 CVE-2022-3570 CVE-2022-3597 \n CVE-2022-3599 CVE-2022-3627 CVE-2022-3636 CVE-2022-34526\n CVE-2022-48281\nDebian Bug : 1011160 1014494 1022555 1024737 1029653\n\nSeveral buffer overflow, divide by zero or out of bounds read/write\nvulnerabilities were discovered in tiff, the Tag Image File Format (TIFF)\nlibrary and tools, which may cause denial of service when processing a\ncrafted TIFF image. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 4.2.0-1+deb11u3. \n\nWe recommend that you upgrade your tiff packages",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1622"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011453"
},
{
"db": "VULHUB",
"id": "VHN-419735"
},
{
"db": "VULMON",
"id": "CVE-2022-1622"
},
{
"db": "PACKETSTORM",
"id": "169563"
},
{
"db": "PACKETSTORM",
"id": "169559"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "169598"
},
{
"db": "PACKETSTORM",
"id": "169589"
},
{
"db": "PACKETSTORM",
"id": "170783"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-419735",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419735"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1622",
"trust": 4.1
},
{
"db": "PACKETSTORM",
"id": "169598",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011453",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "170783",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022060633",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5473",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5462",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2732",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169589",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169563",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169576",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169559",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169585",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-419735",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1622",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419735"
},
{
"db": "VULMON",
"id": "CVE-2022-1622"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011453"
},
{
"db": "PACKETSTORM",
"id": "169563"
},
{
"db": "PACKETSTORM",
"id": "169559"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "169598"
},
{
"db": "PACKETSTORM",
"id": "169589"
},
{
"db": "PACKETSTORM",
"id": "170783"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2732"
},
{
"db": "NVD",
"id": "CVE-2022-1622"
}
]
},
"id": "VAR-202205-0743",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-419735"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:15:40.069000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7IWZTB4J2N4F5OR5QY4VHDSKWKZSWN3/"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-094",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-094"
},
{
"title": "Debian Security Advisories: DSA-5333-1 tiff -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=c77904c23e5b132ffe7c410eba93e432"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-183",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-183"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1622"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011453"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419735"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011453"
},
{
"db": "NVD",
"id": "CVE-2022-1622"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/cve-2022-1622.json"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a"
},
{
"trust": 1.8,
"url": "https://gitlab.com/libtiff/libtiff/-/issues/410"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20220616-0005/"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213443"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213444"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213446"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213486"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213487"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/oct/39"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/c7iwztb4j2n4f5or5qy4vhdskwkzswn3/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/uxafop6qqrnzd3hpz6bmcezzom4yizmk/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/uxafop6qqrnzd3hpz6bmcezzom4yizmk/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/c7iwztb4j2n4f5or5qy4vhdskwkzswn3/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170783/debian-security-advisory-5333-1.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/libtiff-out-of-bounds-memory-reading-via-lzwdecode-38292"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169598/apple-security-advisory-2022-10-27-13.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5462"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5473"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1622/"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060633"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-1622"
},
{
"trust": 0.5,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.5,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32866"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32864"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32854"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32881"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1355"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1623"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1354"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32858"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32835"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32875"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32888"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32879"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32886"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2022/alas-2022-094.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1056"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0908"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0907"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0562"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0909"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0561"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202210-10"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0924"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0865"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0891"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32867"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32859"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26744"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213446."
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32865"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32868"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32795"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213443."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213444."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213486."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32883"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32870"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32907"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32891"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213487."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32912"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32908"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32911"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2953"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2058"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2867"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2868"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2057"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/tiff"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2056"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2519"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2521"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419735"
},
{
"db": "VULMON",
"id": "CVE-2022-1622"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011453"
},
{
"db": "PACKETSTORM",
"id": "169563"
},
{
"db": "PACKETSTORM",
"id": "169559"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "169598"
},
{
"db": "PACKETSTORM",
"id": "169589"
},
{
"db": "PACKETSTORM",
"id": "170783"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2732"
},
{
"db": "NVD",
"id": "CVE-2022-1622"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-419735"
},
{
"db": "VULMON",
"id": "CVE-2022-1622"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011453"
},
{
"db": "PACKETSTORM",
"id": "169563"
},
{
"db": "PACKETSTORM",
"id": "169559"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "169598"
},
{
"db": "PACKETSTORM",
"id": "169589"
},
{
"db": "PACKETSTORM",
"id": "170783"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2732"
},
{
"db": "NVD",
"id": "CVE-2022-1622"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-419735"
},
{
"date": "2022-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1622"
},
{
"date": "2023-08-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011453"
},
{
"date": "2022-10-31T14:24:25",
"db": "PACKETSTORM",
"id": "169563"
},
{
"date": "2022-10-31T14:22:02",
"db": "PACKETSTORM",
"id": "169559"
},
{
"date": "2022-10-31T14:50:18",
"db": "PACKETSTORM",
"id": "169585"
},
{
"date": "2022-10-31T14:42:57",
"db": "PACKETSTORM",
"id": "169576"
},
{
"date": "2022-10-31T14:56:26",
"db": "PACKETSTORM",
"id": "169598"
},
{
"date": "2022-10-31T14:51:24",
"db": "PACKETSTORM",
"id": "169589"
},
{
"date": "2023-01-30T16:31:59",
"db": "PACKETSTORM",
"id": "170783"
},
{
"date": "2022-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2732"
},
{
"date": "2022-05-11T15:15:09.237000",
"db": "NVD",
"id": "CVE-2022-1622"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-419735"
},
{
"date": "2022-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1622"
},
{
"date": "2023-08-22T07:50:00",
"db": "JVNDB",
"id": "JVNDB-2022-011453"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2732"
},
{
"date": "2024-11-21T06:41:06.947000",
"db": "NVD",
"id": "CVE-2022-1622"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2732"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LibTIFF\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011453"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2732"
}
],
"trust": 0.6
}
}
var-202106-1875
Vulnerability from variot
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service. Apache HTTP Server is an open source web server of the Apache Foundation in the United States. The server is fast, reliable and extensible through a simple API. A remote attacker could exploit the vulnerability to pass specially crafted data to the application and perform a denial of service (DoS) attack. ========================================================================== Ubuntu Security Notice USN-4994-1 June 21, 2021
apache2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Apache HTTP Server.
Software Description: - apache2: Apache HTTP server
Details:
Marc Stern discovered that the Apache mod_proxy_http module incorrectly handled certain requests. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2020-13950)
Antonio Morales discovered that the Apache mod_auth_digest module incorrectly handled certain Digest nonces. (CVE-2020-35452)
Antonio Morales discovered that the Apache mod_session module incorrectly handled certain Cookie headers. (CVE-2021-26690)
Christophe Jaillet discovered that the Apache mod_session module incorrectly handled certain SessionHeader values. (CVE-2021-26691)
Christoph Anton Mitterer discovered that the new MergeSlashes configuration option resulted in unexpected behaviour in certain situations. (CVE-2021-30641)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: apache2 2.4.46-4ubuntu1.1 apache2-bin 2.4.46-4ubuntu1.1
Ubuntu 20.10: apache2 2.4.46-1ubuntu1.2 apache2-bin 2.4.46-1ubuntu1.2
Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.3 apache2-bin 2.4.41-4ubuntu3.3
Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.16 apache2-bin 2.4.29-1ubuntu4.16
In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-38
https://security.gentoo.org/
Severity: Low Title: Apache: Multiple vulnerabilities Date: July 17, 2021 Bugs: #795231 ID: 202107-38
Synopsis
Multiple vulnerabilities have been found in Apache, the worst of which could result in a Denial of Service condition.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/apache < 2.4.48 >= 2.4.48
Description
Multiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Apache users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.48"
References
[ 1 ] CVE-2019-17567 https://nvd.nist.gov/vuln/detail/CVE-2019-17567 [ 2 ] CVE-2020-13950 https://nvd.nist.gov/vuln/detail/CVE-2020-13950 [ 3 ] CVE-2020-35452 https://nvd.nist.gov/vuln/detail/CVE-2020-35452 [ 4 ] CVE-2021-26690 https://nvd.nist.gov/vuln/detail/CVE-2021-26690 [ 5 ] CVE-2021-26691 https://nvd.nist.gov/vuln/detail/CVE-2021-26691 [ 6 ] CVE-2021-30641 https://nvd.nist.gov/vuln/detail/CVE-2021-30641 [ 7 ] CVE-2021-31618 https://nvd.nist.gov/vuln/detail/CVE-2021-31618
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202107-38
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: httpd:2.4 security, bug fix, and enhancement update Advisory ID: RHSA-2021:4257-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4257 Issue date: 2021-11-09 CVE Names: CVE-2021-26690 CVE-2021-30641 ==================================================================== 1. Summary:
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Security Fix(es):
-
httpd: mod_session: NULL pointer dereference when parsing Cookie header (CVE-2021-26690)
-
httpd: Unexpected URL matching with 'MergeSlashes OFF' (CVE-2021-30641)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1905613 - mod_ssl does not like valid certificate chain 1934741 - Apache trademark update - new logo 1935742 - [RFE] backport samesite/httponly/secure flags for usertrack 1937334 - SSLProtocol with based virtual hosts 1952557 - mod_proxy_wstunnel.html is a malformed XML 1966729 - CVE-2021-26690 httpd: mod_session: NULL pointer dereference when parsing Cookie header 1966743 - CVE-2021-30641 httpd: Unexpected URL matching with 'MergeSlashes OFF'
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: httpd-2.4.37-41.module+el8.5.0+11772+c8e0c271.src.rpm mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.src.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm
aarch64: httpd-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm httpd-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm httpd-debugsource-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm httpd-devel-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm httpd-tools-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm httpd-tools-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.aarch64.rpm mod_http2-debuginfo-1.15.7-3.module+el8.4.0+8625+d397f3da.aarch64.rpm mod_http2-debugsource-1.15.7-3.module+el8.4.0+8625+d397f3da.aarch64.rpm mod_ldap-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm mod_ldap-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_proxy_html-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm mod_proxy_html-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm mod_session-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm mod_session-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm mod_ssl-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm mod_ssl-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm
noarch: httpd-filesystem-2.4.37-41.module+el8.5.0+11772+c8e0c271.noarch.rpm httpd-manual-2.4.37-41.module+el8.5.0+11772+c8e0c271.noarch.rpm
ppc64le: httpd-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm httpd-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm httpd-debugsource-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm httpd-devel-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm httpd-tools-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm httpd-tools-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.ppc64le.rpm mod_http2-debuginfo-1.15.7-3.module+el8.4.0+8625+d397f3da.ppc64le.rpm mod_http2-debugsource-1.15.7-3.module+el8.4.0+8625+d397f3da.ppc64le.rpm mod_ldap-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm mod_ldap-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_proxy_html-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm mod_proxy_html-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm mod_session-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm mod_session-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm mod_ssl-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm mod_ssl-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm
s390x: httpd-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm httpd-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm httpd-debugsource-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm httpd-devel-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm httpd-tools-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm httpd-tools-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.s390x.rpm mod_http2-debuginfo-1.15.7-3.module+el8.4.0+8625+d397f3da.s390x.rpm mod_http2-debugsource-1.15.7-3.module+el8.4.0+8625+d397f3da.s390x.rpm mod_ldap-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm mod_ldap-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_proxy_html-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm mod_proxy_html-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm mod_session-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm mod_session-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm mod_ssl-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm mod_ssl-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm
x86_64: httpd-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm httpd-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm httpd-debugsource-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm httpd-devel-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm httpd-tools-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm httpd-tools-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm mod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.x86_64.rpm mod_http2-debuginfo-1.15.7-3.module+el8.4.0+8625+d397f3da.x86_64.rpm mod_http2-debugsource-1.15.7-3.module+el8.4.0+8625+d397f3da.x86_64.rpm mod_ldap-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm mod_ldap-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_proxy_html-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm mod_proxy_html-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm mod_session-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm mod_session-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm mod_ssl-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm mod_ssl-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-26690 https://access.redhat.com/security/cve/CVE-2021-30641 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYYrer9zjgjWX9erEAQidnxAAljIz0c1qtUxP9lnANeO/5Dkx3XhX1VaN sOO/DRmelj7YeHeelF1HfX3lTfRXZ22/rSzV/EbCMhnRYheTpKq5kCmCanqRmHvo F3CVF2c9wbPpi6b/ww+VzdF4RuhWSY7ZN+oOT8P8rxtX9GcmQ9lYB+HF/BAKVPB7 BHWcJ9eK+wenF931qT6Tg00dfWLJdwEeefZOw1G0VeeUdw4S420LYNM0DHA10HiC 58mzqQMCh2lJ4nlMlK5BHWcTOm0J6AJkoHNrDWHvyAdbtKmK6wgRiSx5WMRmhTin RgXchqrR52GwZwrCCkXhXzMhZ2Ps7G1hgPLXguApDP2AGDFQ/YlTMAImMBGwZw8i jwMq8BL785q4FRKrgCjM0iNBoGYW5rkBtJbiSPeiBuE0VF8ryDp8uwTsREaw/Ybk xKw5kry6Cj2Kl1kuvEI7Px9oFh5Wz1ZImfUaUP+GYDFwUmHdmMZj+bzwGQF21B1M IRpnQH1A8LGF73FWrPX7UBUmzstRadxfbtLXdeOnxxooXbCTwRS4afz4JkZubEZ6 XhrOCJsTM6idFd6NTMYT8f+UhoSojMvqrP27oi4DhiJw4T9Qh5qV0sp3v4+UwD0b VXWRUvWSRk3pVgDPVnhlnK1Ga9GFG5hg0TMo3ssqjq0PknJWcaSIEoFsOkuGxa4t F+wizQuyFY4=Bqs/ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 9 and includes bug fixes and enhancements. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
For the stable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u5.
We recommend that you upgrade your apache2 packages.
For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDnMiAACgkQEMKTtsN8 TjbNqg/9Hrd2EqNC4ijkjHNI/B6K74GgElHVSNcF/vbOp0zmOHaRLaOr06rfXmz+ AYM9nJR4xNJQWaXKFXpCVNvmlaKKbgyiK1LFrslh4aOCVdaVxQIYlYEeOoHthc1K fZawY6qhGf4VrgSkTNhaKakNikpf4lqh7L14LUFSA0b9nRkAy7CtqGuOzgEaUR26 qRUjPewKCeE2QhMgA63ne+XxPUF4I2WYEV8SPdKRfPmMwFlUpwB8bvherjDV+53H ZRs81ZMHk05N1ESI2wYGSR/dh/xYqt/01cXJ636JR39AQR51beIVtxekzwTW/aPE mC2ZY7aH4rsLqcFe3bJcVPQjD0r/fHUVSex1Mnr7mETD5aHAohUfHLEEV1+qR8Cx gz8Z63k0KvmVNe7WetGzwsWnvOXnDdRr63qM0UqEkd3Tre0tLWXjmTUfdUcicAof NsXPtJT8eNwi+E9YmpY5IQRE88uQ2sk2NTGaQ4EetMpLqX5h7brF15OTVxqVbUPP sqAZpgz6lD2Y0P4tXGCYP3u+B48pcNqOS66JJNHO9gJgVu3O+MDQFss+Z5P5JKzI H/KJMv58eFlyP+SsGZbHcDuH/IN8ZMvJA4gsrtHDzRoowFBOS1zDXJjEYdAlzEyq B1SgwN1PXkxPDUAF2+z9dvAeEOrMUUhQhTOC4OnxFxPssSwHEps= =O0O+ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1875",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.46"
},
{
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "instantis enterprisetrack",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle enterprise manager ops center",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "http server",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "http server",
"scope": "gte",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.0,\u003c=2.4.46"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-13199"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008067"
},
{
"db": "NVD",
"id": "CVE-2021-26690"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "164877"
},
{
"db": "PACKETSTORM",
"id": "164927"
},
{
"db": "PACKETSTORM",
"id": "164928"
}
],
"trust": 0.3
},
"cve": "CVE-2021-26690",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-26690",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-13199",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-26690",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-26690",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-26690",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-26690",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-13199",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-212",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-26690",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-13199"
},
{
"db": "VULMON",
"id": "CVE-2021-26690"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008067"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-212"
},
{
"db": "NVD",
"id": "CVE-2021-26690"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service. Apache HTTP Server is an open source web server of the Apache Foundation in the United States. The server is fast, reliable and extensible through a simple API. A remote attacker could exploit the vulnerability to pass specially crafted data to the application and perform a denial of service (DoS) attack. ==========================================================================\nUbuntu Security Notice USN-4994-1\nJune 21, 2021\n\napache2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Apache HTTP Server. \n\nSoftware Description:\n- apache2: Apache HTTP server\n\nDetails:\n\nMarc Stern discovered that the Apache mod_proxy_http module incorrectly\nhandled certain requests. This issue only\naffected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2020-13950)\n\nAntonio Morales discovered that the Apache mod_auth_digest module\nincorrectly handled certain Digest nonces. \n(CVE-2020-35452)\n\nAntonio Morales discovered that the Apache mod_session module incorrectly\nhandled certain Cookie headers. \n(CVE-2021-26690)\n\nChristophe Jaillet discovered that the Apache mod_session module\nincorrectly handled certain SessionHeader values. (CVE-2021-26691)\n\nChristoph Anton Mitterer discovered that the new MergeSlashes configuration\noption resulted in unexpected behaviour in certain situations. \n(CVE-2021-30641)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n apache2 2.4.46-4ubuntu1.1\n apache2-bin 2.4.46-4ubuntu1.1\n\nUbuntu 20.10:\n apache2 2.4.46-1ubuntu1.2\n apache2-bin 2.4.46-1ubuntu1.2\n\nUbuntu 20.04 LTS:\n apache2 2.4.41-4ubuntu3.3\n apache2-bin 2.4.41-4ubuntu3.3\n\nUbuntu 18.04 LTS:\n apache2 2.4.29-1ubuntu4.16\n apache2-bin 2.4.29-1ubuntu4.16\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202107-38\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Apache: Multiple vulnerabilities\n Date: July 17, 2021\n Bugs: #795231\n ID: 202107-38\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Apache, the worst of which\ncould result in a Denial of Service condition. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/apache \u003c 2.4.48 \u003e= 2.4.48 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Apache. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.48\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-17567\n https://nvd.nist.gov/vuln/detail/CVE-2019-17567\n[ 2 ] CVE-2020-13950\n https://nvd.nist.gov/vuln/detail/CVE-2020-13950\n[ 3 ] CVE-2020-35452\n https://nvd.nist.gov/vuln/detail/CVE-2020-35452\n[ 4 ] CVE-2021-26690\n https://nvd.nist.gov/vuln/detail/CVE-2021-26690\n[ 5 ] CVE-2021-26691\n https://nvd.nist.gov/vuln/detail/CVE-2021-26691\n[ 6 ] CVE-2021-30641\n https://nvd.nist.gov/vuln/detail/CVE-2021-30641\n[ 7 ] CVE-2021-31618\n https://nvd.nist.gov/vuln/detail/CVE-2021-31618\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202107-38\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: httpd:2.4 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2021:4257-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:4257\nIssue date: 2021-11-09\nCVE Names: CVE-2021-26690 CVE-2021-30641\n====================================================================\n1. Summary:\n\nAn update for the httpd:2.4 module is now available for Red Hat Enterprise\nLinux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nSecurity Fix(es):\n\n* httpd: mod_session: NULL pointer dereference when parsing Cookie header\n(CVE-2021-26690)\n\n* httpd: Unexpected URL matching with \u0027MergeSlashes OFF\u0027 (CVE-2021-30641)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1905613 - mod_ssl does not like valid certificate chain\n1934741 - Apache trademark update - new logo\n1935742 - [RFE] backport samesite/httponly/secure flags for usertrack\n1937334 - SSLProtocol with based virtual hosts\n1952557 - mod_proxy_wstunnel.html is a malformed XML\n1966729 - CVE-2021-26690 httpd: mod_session: NULL pointer dereference when parsing Cookie header\n1966743 - CVE-2021-30641 httpd: Unexpected URL matching with \u0027MergeSlashes OFF\u0027\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nhttpd-2.4.37-41.module+el8.5.0+11772+c8e0c271.src.rpm\nmod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.src.rpm\nmod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm\n\naarch64:\nhttpd-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm\nhttpd-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm\nhttpd-debugsource-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm\nhttpd-devel-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm\nhttpd-tools-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm\nhttpd-tools-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm\nmod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.aarch64.rpm\nmod_http2-debuginfo-1.15.7-3.module+el8.4.0+8625+d397f3da.aarch64.rpm\nmod_http2-debugsource-1.15.7-3.module+el8.4.0+8625+d397f3da.aarch64.rpm\nmod_ldap-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm\nmod_ldap-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm\nmod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm\nmod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm\nmod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm\nmod_proxy_html-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm\nmod_proxy_html-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm\nmod_session-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm\nmod_session-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm\nmod_ssl-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm\nmod_ssl-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.aarch64.rpm\n\nnoarch:\nhttpd-filesystem-2.4.37-41.module+el8.5.0+11772+c8e0c271.noarch.rpm\nhttpd-manual-2.4.37-41.module+el8.5.0+11772+c8e0c271.noarch.rpm\n\nppc64le:\nhttpd-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm\nhttpd-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm\nhttpd-debugsource-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm\nhttpd-devel-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm\nhttpd-tools-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm\nhttpd-tools-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm\nmod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.ppc64le.rpm\nmod_http2-debuginfo-1.15.7-3.module+el8.4.0+8625+d397f3da.ppc64le.rpm\nmod_http2-debugsource-1.15.7-3.module+el8.4.0+8625+d397f3da.ppc64le.rpm\nmod_ldap-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm\nmod_ldap-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm\nmod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm\nmod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm\nmod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm\nmod_proxy_html-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm\nmod_proxy_html-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm\nmod_session-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm\nmod_session-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm\nmod_ssl-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm\nmod_ssl-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.ppc64le.rpm\n\ns390x:\nhttpd-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm\nhttpd-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm\nhttpd-debugsource-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm\nhttpd-devel-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm\nhttpd-tools-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm\nhttpd-tools-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm\nmod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.s390x.rpm\nmod_http2-debuginfo-1.15.7-3.module+el8.4.0+8625+d397f3da.s390x.rpm\nmod_http2-debugsource-1.15.7-3.module+el8.4.0+8625+d397f3da.s390x.rpm\nmod_ldap-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm\nmod_ldap-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm\nmod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm\nmod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm\nmod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm\nmod_proxy_html-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm\nmod_proxy_html-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm\nmod_session-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm\nmod_session-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm\nmod_ssl-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm\nmod_ssl-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.s390x.rpm\n\nx86_64:\nhttpd-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm\nhttpd-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm\nhttpd-debugsource-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm\nhttpd-devel-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm\nhttpd-tools-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm\nhttpd-tools-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm\nmod_http2-1.15.7-3.module+el8.4.0+8625+d397f3da.x86_64.rpm\nmod_http2-debuginfo-1.15.7-3.module+el8.4.0+8625+d397f3da.x86_64.rpm\nmod_http2-debugsource-1.15.7-3.module+el8.4.0+8625+d397f3da.x86_64.rpm\nmod_ldap-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm\nmod_ldap-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm\nmod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm\nmod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm\nmod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm\nmod_proxy_html-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm\nmod_proxy_html-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm\nmod_session-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm\nmod_session-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm\nmod_ssl-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm\nmod_ssl-debuginfo-2.4.37-41.module+el8.5.0+11772+c8e0c271.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-26690\nhttps://access.redhat.com/security/cve/CVE-2021-30641\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYYrer9zjgjWX9erEAQidnxAAljIz0c1qtUxP9lnANeO/5Dkx3XhX1VaN\nsOO/DRmelj7YeHeelF1HfX3lTfRXZ22/rSzV/EbCMhnRYheTpKq5kCmCanqRmHvo\nF3CVF2c9wbPpi6b/ww+VzdF4RuhWSY7ZN+oOT8P8rxtX9GcmQ9lYB+HF/BAKVPB7\nBHWcJ9eK+wenF931qT6Tg00dfWLJdwEeefZOw1G0VeeUdw4S420LYNM0DHA10HiC\n58mzqQMCh2lJ4nlMlK5BHWcTOm0J6AJkoHNrDWHvyAdbtKmK6wgRiSx5WMRmhTin\nRgXchqrR52GwZwrCCkXhXzMhZ2Ps7G1hgPLXguApDP2AGDFQ/YlTMAImMBGwZw8i\njwMq8BL785q4FRKrgCjM0iNBoGYW5rkBtJbiSPeiBuE0VF8ryDp8uwTsREaw/Ybk\nxKw5kry6Cj2Kl1kuvEI7Px9oFh5Wz1ZImfUaUP+GYDFwUmHdmMZj+bzwGQF21B1M\nIRpnQH1A8LGF73FWrPX7UBUmzstRadxfbtLXdeOnxxooXbCTwRS4afz4JkZubEZ6\nXhrOCJsTM6idFd6NTMYT8f+UhoSojMvqrP27oi4DhiJw4T9Qh5qV0sp3v4+UwD0b\nVXWRUvWSRk3pVgDPVnhlnK1Ga9GFG5hg0TMo3ssqjq0PknJWcaSIEoFsOkuGxa4t\nF+wizQuyFY4=Bqs/\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Apache\nHTTP Server 2.4.37 Service Pack 9 and includes bug fixes and enhancements. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.4.38-3+deb10u5. \n\nWe recommend that you upgrade your apache2 packages. \n\nFor the detailed security status of apache2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDnMiAACgkQEMKTtsN8\nTjbNqg/9Hrd2EqNC4ijkjHNI/B6K74GgElHVSNcF/vbOp0zmOHaRLaOr06rfXmz+\nAYM9nJR4xNJQWaXKFXpCVNvmlaKKbgyiK1LFrslh4aOCVdaVxQIYlYEeOoHthc1K\nfZawY6qhGf4VrgSkTNhaKakNikpf4lqh7L14LUFSA0b9nRkAy7CtqGuOzgEaUR26\nqRUjPewKCeE2QhMgA63ne+XxPUF4I2WYEV8SPdKRfPmMwFlUpwB8bvherjDV+53H\nZRs81ZMHk05N1ESI2wYGSR/dh/xYqt/01cXJ636JR39AQR51beIVtxekzwTW/aPE\nmC2ZY7aH4rsLqcFe3bJcVPQjD0r/fHUVSex1Mnr7mETD5aHAohUfHLEEV1+qR8Cx\ngz8Z63k0KvmVNe7WetGzwsWnvOXnDdRr63qM0UqEkd3Tre0tLWXjmTUfdUcicAof\nNsXPtJT8eNwi+E9YmpY5IQRE88uQ2sk2NTGaQ4EetMpLqX5h7brF15OTVxqVbUPP\nsqAZpgz6lD2Y0P4tXGCYP3u+B48pcNqOS66JJNHO9gJgVu3O+MDQFss+Z5P5JKzI\nH/KJMv58eFlyP+SsGZbHcDuH/IN8ZMvJA4gsrtHDzRoowFBOS1zDXJjEYdAlzEyq\nB1SgwN1PXkxPDUAF2+z9dvAeEOrMUUhQhTOC4OnxFxPssSwHEps=\n=O0O+\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-26690"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008067"
},
{
"db": "CNVD",
"id": "CNVD-2022-13199"
},
{
"db": "VULMON",
"id": "CVE-2021-26690"
},
{
"db": "PACKETSTORM",
"id": "163227"
},
{
"db": "PACKETSTORM",
"id": "163231"
},
{
"db": "PACKETSTORM",
"id": "163530"
},
{
"db": "PACKETSTORM",
"id": "164877"
},
{
"db": "PACKETSTORM",
"id": "164927"
},
{
"db": "PACKETSTORM",
"id": "164928"
},
{
"db": "PACKETSTORM",
"id": "169090"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-26690",
"trust": 4.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/06/10/6",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU96037838",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008067",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163227",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163530",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164877",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164927",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-13199",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071201",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071308",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060713",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071702",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021111102",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060321",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2348",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2097",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2153",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3784",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3846",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2229",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2341",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2253",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202106-212",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-26690",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163231",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164928",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169090",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-13199"
},
{
"db": "VULMON",
"id": "CVE-2021-26690"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008067"
},
{
"db": "PACKETSTORM",
"id": "163227"
},
{
"db": "PACKETSTORM",
"id": "163231"
},
{
"db": "PACKETSTORM",
"id": "163530"
},
{
"db": "PACKETSTORM",
"id": "164877"
},
{
"db": "PACKETSTORM",
"id": "164927"
},
{
"db": "PACKETSTORM",
"id": "164928"
},
{
"db": "PACKETSTORM",
"id": "169090"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-212"
},
{
"db": "NVD",
"id": "CVE-2021-26690"
}
]
},
"id": "VAR-202106-1875",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-13199"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-13199"
}
]
},
"last_update_date": "2024-08-14T13:16:12.393000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2021-e3f6dd670d Oracle Oracle\u00a0Critical\u00a0Patch\u00a0Update",
"trust": 0.8,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#2.4.48"
},
{
"title": "Patch for Apache HTTP Server Code Issue Vulnerability (CNVD-2022-13199)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/321246"
},
{
"title": "Apache HTTP Server Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155428"
},
{
"title": "Red Hat: CVE-2021-26690",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-26690"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-26690 log"
},
{
"title": "Debian Security Advisories: DSA-4937-1 apache2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=09601b67947dc3a4a0ebcea7ceece30e"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1514",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1514"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1674",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1674"
},
{
"title": "PROJET TUTEURE",
"trust": 0.1,
"url": "https://github.com/PierreChrd/py-projet-tut "
},
{
"title": "External Penetration Testing - Holo Corporate Network - TryHackMe - Holo Network",
"trust": 0.1,
"url": "https://github.com/austin-lai/External-Penetration-Testing-Holo-Corporate-Network-TryHackMe-Holo-Network "
},
{
"title": "Tier 0\nTier 1\nTier 2",
"trust": 0.1,
"url": "https://github.com/Totes5706/TotesHTB "
},
{
"title": "Skynet",
"trust": 0.1,
"url": "https://github.com/bioly230/THM_Skynet "
},
{
"title": "Shodan Search Script",
"trust": 0.1,
"url": "https://github.com/firatesatoglu/shodanSearch "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-13199"
},
{
"db": "VULMON",
"id": "CVE-2021-26690"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008067"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-212"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008067"
},
{
"db": "NVD",
"id": "CVE-2021-26690"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26690"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202107-38"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/06/10/6"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210702-0001/"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2021/dsa-4937"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rae406c1d19c0dfd3103c96923dadac2af1cd0bad6905ab1ede153865%40%3cannounce.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3cdev.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2021-26690"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96037838/"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30641"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35452"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26691"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rae406c1d19c0dfd3103c96923dadac2af1cd0bad6905ab1ede153865@%3cannounce."
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "http://"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3cdev."
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164927/red-hat-security-advisory-2021-4614-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021111102"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163530/gentoo-linux-security-advisory-202107-38.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060713"
},
{
"trust": 0.6,
"url": "http-server-used-by-websphere-application-server-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2229"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3846"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2348"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071201"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163227/ubuntu-security-notice-usn-4994-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2253"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2341"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2153"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071308"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2097"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071702"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3784"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164877/red-hat-security-advisory-2021-4257-03.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060321"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13950"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17567"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-30641"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-4994-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31618"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17567"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-26691"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13950"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35452"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/austin-lai/external-penetration-testing-holo-corporate-network-tryhackme-holo-network"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-1ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.16"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4994-2"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4257"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4614"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4613"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/apache2"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-13199"
},
{
"db": "VULMON",
"id": "CVE-2021-26690"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008067"
},
{
"db": "PACKETSTORM",
"id": "163227"
},
{
"db": "PACKETSTORM",
"id": "163231"
},
{
"db": "PACKETSTORM",
"id": "163530"
},
{
"db": "PACKETSTORM",
"id": "164877"
},
{
"db": "PACKETSTORM",
"id": "164927"
},
{
"db": "PACKETSTORM",
"id": "164928"
},
{
"db": "PACKETSTORM",
"id": "169090"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-212"
},
{
"db": "NVD",
"id": "CVE-2021-26690"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-13199"
},
{
"db": "VULMON",
"id": "CVE-2021-26690"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008067"
},
{
"db": "PACKETSTORM",
"id": "163227"
},
{
"db": "PACKETSTORM",
"id": "163231"
},
{
"db": "PACKETSTORM",
"id": "163530"
},
{
"db": "PACKETSTORM",
"id": "164877"
},
{
"db": "PACKETSTORM",
"id": "164927"
},
{
"db": "PACKETSTORM",
"id": "164928"
},
{
"db": "PACKETSTORM",
"id": "169090"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-212"
},
{
"db": "NVD",
"id": "CVE-2021-26690"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-13199"
},
{
"date": "2021-06-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-26690"
},
{
"date": "2022-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-008067"
},
{
"date": "2021-06-21T19:22:22",
"db": "PACKETSTORM",
"id": "163227"
},
{
"date": "2021-06-22T19:17:24",
"db": "PACKETSTORM",
"id": "163231"
},
{
"date": "2021-07-17T10:11:11",
"db": "PACKETSTORM",
"id": "163530"
},
{
"date": "2021-11-10T17:11:10",
"db": "PACKETSTORM",
"id": "164877"
},
{
"date": "2021-11-11T14:53:11",
"db": "PACKETSTORM",
"id": "164927"
},
{
"date": "2021-11-11T14:53:24",
"db": "PACKETSTORM",
"id": "164928"
},
{
"date": "2021-07-28T19:12:00",
"db": "PACKETSTORM",
"id": "169090"
},
{
"date": "2021-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-212"
},
{
"date": "2021-06-10T07:15:07.543000",
"db": "NVD",
"id": "CVE-2021-26690"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-13199"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-26690"
},
{
"date": "2022-03-03T03:25:00",
"db": "JVNDB",
"id": "JVNDB-2021-008067"
},
{
"date": "2021-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-212"
},
{
"date": "2023-11-07T03:31:47.720000",
"db": "NVD",
"id": "CVE-2021-26690"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "163227"
},
{
"db": "PACKETSTORM",
"id": "163231"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-212"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache\u00a0HTTP\u00a0Server\u00a0 of \u00a0mod_session\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008067"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-212"
}
],
"trust": 0.6
}
}
var-202101-0119
Vulnerability from variot
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. Bugs fixed (https://bugzilla.redhat.com/):
1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1945703 - "Guest OS Info" availability in VMI describe is flaky 1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster 1963275 - migration controller null pointer dereference 1965099 - Live Migration double handoff to virt-handler causes connection failures 1965181 - CDI importer doesn't report AwaitingVDDK like it used to 1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod 1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs 1969756 - Windows VMs fail to start on air-gapped environments 1970372 - Virt-handler fails to verify container-disk 1973227 - segfault in virt-controller during pdb deletion 1974084 - 2.6.6 containers 1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted] 1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration 1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner 1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i... 1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8
-
8) - aarch64, ppc64le, s390x, x86_64
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):
1428290 - CVE-2016-10228 glibc: iconv program can hang when invoked with the -c option 1684057 - CVE-2019-9169 glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read 1704868 - CVE-2016-10228 glibc: iconv: Fix converter hangs and front end option parsing for //TRANSLIT and //IGNORE [rhel-8] 1855790 - glibc: Update Intel CET support from upstream 1856398 - glibc: Build with -moutline-atomics on aarch64 1868106 - glibc: Transaction ID collisions cause slow DNS lookups in getaddrinfo 1871385 - glibc: Improve auditing implementation (including DT_AUDIT, and DT_DEPAUDIT) 1871387 - glibc: Improve IBM POWER9 architecture performance 1871394 - glibc: Fix AVX2 off-by-one error in strncmp (swbz#25933) 1871395 - glibc: Improve IBM Z (s390x) Performance 1871396 - glibc: Improve use of static TLS surplus for optimizations. Bugs fixed (https://bugzilla.redhat.com/):
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1328 - Port fix to 5.0.z for BZ-1945168
- Bugs fixed (https://bugzilla.redhat.com/):
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1928172 - CVE-2020-13949 libthrift: potential DoS when processing untrusted payloads 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/
Security fixes:
-
redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)
-
console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092)
-
console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918)
Bug fixes:
-
RHACM 2.2.4 images (BZ# 1957254)
-
Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832)
-
ACM Operator should support using the default route TLS (BZ# 1955270)
-
The scrolling bar for search filter does not work properly (BZ# 1956852)
-
Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)
-
The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181)
-
Unable to make SSH connection to a Bitbucket server (BZ# 1966513)
-
Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message
- Gentoo Linux Security Advisory GLSA 202107-07
https://security.gentoo.org/
Severity: Normal Title: glibc: Multiple vulnerabilities Date: July 06, 2021 Bugs: #764176, #767718, #772425, #792261 ID: 202107-07
Synopsis
Multiple vulnerabilities in glibc could result in Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 sys-libs/glibc < 2.33-r1 >= 2.33-r1
Description
Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details.
Impact
An attacker could cause a possible Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All glibc users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.33-r1"
References
[ 1 ] CVE-2019-25013 https://nvd.nist.gov/vuln/detail/CVE-2019-25013 [ 2 ] CVE-2020-27618 https://nvd.nist.gov/vuln/detail/CVE-2020-27618 [ 3 ] CVE-2021-27645 https://nvd.nist.gov/vuln/detail/CVE-2021-27645 [ 4 ] CVE-2021-3326 https://nvd.nist.gov/vuln/detail/CVE-2021-3326 [ 5 ] CVE-2021-33574 https://nvd.nist.gov/vuln/detail/CVE-2021-33574
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202107-07
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.13. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2021:2122
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
This update fixes the following bug among others:
- Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238)
Security Fix(es):
- gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64
The image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x
The image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le
The image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36
All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
- Solution:
For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled" 1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list 1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits 1959238 - CVO creating cloud-controller-manager too early causing upgrade failures 1960103 - SR-IOV obliviously reboot the node 1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1962302 - packageserver clusteroperator does not set reason or message for Available condition 1962312 - Deployment considered unhealthy despite being available and at latest generation 1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1963115 - Test verify /run filesystem contents failing
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: glibc security and bug fix update Advisory ID: RHSA-2021:0348-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0348 Issue date: 2021-02-02 CVE Names: CVE-2019-25013 CVE-2020-10029 CVE-2020-29573 ==================================================================== 1. Summary:
An update for glibc is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.
Bug Fix(es):
-
glibc: 64bit_strstr_via_64bit_strstr_sse2_unaligned detection fails with large device and inode numbers (BZ#1883162)
-
glibc: Performance regression in ebizzy benchmark (BZ#1889977)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the glibc library must be restarted, or the system rebooted.
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: glibc-2.17-322.el7_9.src.rpm
x86_64: glibc-2.17-322.el7_9.i686.rpm glibc-2.17-322.el7_9.x86_64.rpm glibc-common-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-2.17-322.el7_9.i686.rpm glibc-debuginfo-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-common-2.17-322.el7_9.i686.rpm glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm glibc-devel-2.17-322.el7_9.i686.rpm glibc-devel-2.17-322.el7_9.x86_64.rpm glibc-headers-2.17-322.el7_9.x86_64.rpm glibc-utils-2.17-322.el7_9.x86_64.rpm nscd-2.17-322.el7_9.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: glibc-debuginfo-2.17-322.el7_9.i686.rpm glibc-debuginfo-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-common-2.17-322.el7_9.i686.rpm glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm glibc-static-2.17-322.el7_9.i686.rpm glibc-static-2.17-322.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: glibc-2.17-322.el7_9.src.rpm
x86_64: glibc-2.17-322.el7_9.i686.rpm glibc-2.17-322.el7_9.x86_64.rpm glibc-common-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-2.17-322.el7_9.i686.rpm glibc-debuginfo-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-common-2.17-322.el7_9.i686.rpm glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm glibc-devel-2.17-322.el7_9.i686.rpm glibc-devel-2.17-322.el7_9.x86_64.rpm glibc-headers-2.17-322.el7_9.x86_64.rpm glibc-utils-2.17-322.el7_9.x86_64.rpm nscd-2.17-322.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: glibc-debuginfo-2.17-322.el7_9.i686.rpm glibc-debuginfo-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-common-2.17-322.el7_9.i686.rpm glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm glibc-static-2.17-322.el7_9.i686.rpm glibc-static-2.17-322.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: glibc-2.17-322.el7_9.src.rpm
ppc64: glibc-2.17-322.el7_9.ppc.rpm glibc-2.17-322.el7_9.ppc64.rpm glibc-common-2.17-322.el7_9.ppc64.rpm glibc-debuginfo-2.17-322.el7_9.ppc.rpm glibc-debuginfo-2.17-322.el7_9.ppc64.rpm glibc-debuginfo-common-2.17-322.el7_9.ppc.rpm glibc-debuginfo-common-2.17-322.el7_9.ppc64.rpm glibc-devel-2.17-322.el7_9.ppc.rpm glibc-devel-2.17-322.el7_9.ppc64.rpm glibc-headers-2.17-322.el7_9.ppc64.rpm glibc-utils-2.17-322.el7_9.ppc64.rpm nscd-2.17-322.el7_9.ppc64.rpm
ppc64le: glibc-2.17-322.el7_9.ppc64le.rpm glibc-common-2.17-322.el7_9.ppc64le.rpm glibc-debuginfo-2.17-322.el7_9.ppc64le.rpm glibc-debuginfo-common-2.17-322.el7_9.ppc64le.rpm glibc-devel-2.17-322.el7_9.ppc64le.rpm glibc-headers-2.17-322.el7_9.ppc64le.rpm glibc-utils-2.17-322.el7_9.ppc64le.rpm nscd-2.17-322.el7_9.ppc64le.rpm
s390x: glibc-2.17-322.el7_9.s390.rpm glibc-2.17-322.el7_9.s390x.rpm glibc-common-2.17-322.el7_9.s390x.rpm glibc-debuginfo-2.17-322.el7_9.s390.rpm glibc-debuginfo-2.17-322.el7_9.s390x.rpm glibc-debuginfo-common-2.17-322.el7_9.s390.rpm glibc-debuginfo-common-2.17-322.el7_9.s390x.rpm glibc-devel-2.17-322.el7_9.s390.rpm glibc-devel-2.17-322.el7_9.s390x.rpm glibc-headers-2.17-322.el7_9.s390x.rpm glibc-utils-2.17-322.el7_9.s390x.rpm nscd-2.17-322.el7_9.s390x.rpm
x86_64: glibc-2.17-322.el7_9.i686.rpm glibc-2.17-322.el7_9.x86_64.rpm glibc-common-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-2.17-322.el7_9.i686.rpm glibc-debuginfo-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-common-2.17-322.el7_9.i686.rpm glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm glibc-devel-2.17-322.el7_9.i686.rpm glibc-devel-2.17-322.el7_9.x86_64.rpm glibc-headers-2.17-322.el7_9.x86_64.rpm glibc-utils-2.17-322.el7_9.x86_64.rpm nscd-2.17-322.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: glibc-debuginfo-2.17-322.el7_9.ppc.rpm glibc-debuginfo-2.17-322.el7_9.ppc64.rpm glibc-debuginfo-common-2.17-322.el7_9.ppc.rpm glibc-debuginfo-common-2.17-322.el7_9.ppc64.rpm glibc-static-2.17-322.el7_9.ppc.rpm glibc-static-2.17-322.el7_9.ppc64.rpm
ppc64le: glibc-debuginfo-2.17-322.el7_9.ppc64le.rpm glibc-debuginfo-common-2.17-322.el7_9.ppc64le.rpm glibc-static-2.17-322.el7_9.ppc64le.rpm
s390x: glibc-debuginfo-2.17-322.el7_9.s390.rpm glibc-debuginfo-2.17-322.el7_9.s390x.rpm glibc-debuginfo-common-2.17-322.el7_9.s390.rpm glibc-debuginfo-common-2.17-322.el7_9.s390x.rpm glibc-static-2.17-322.el7_9.s390.rpm glibc-static-2.17-322.el7_9.s390x.rpm
x86_64: glibc-debuginfo-2.17-322.el7_9.i686.rpm glibc-debuginfo-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-common-2.17-322.el7_9.i686.rpm glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm glibc-static-2.17-322.el7_9.i686.rpm glibc-static-2.17-322.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: glibc-2.17-322.el7_9.src.rpm
x86_64: glibc-2.17-322.el7_9.i686.rpm glibc-2.17-322.el7_9.x86_64.rpm glibc-common-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-2.17-322.el7_9.i686.rpm glibc-debuginfo-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-common-2.17-322.el7_9.i686.rpm glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm glibc-devel-2.17-322.el7_9.i686.rpm glibc-devel-2.17-322.el7_9.x86_64.rpm glibc-headers-2.17-322.el7_9.x86_64.rpm glibc-utils-2.17-322.el7_9.x86_64.rpm nscd-2.17-322.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: glibc-debuginfo-2.17-322.el7_9.i686.rpm glibc-debuginfo-2.17-322.el7_9.x86_64.rpm glibc-debuginfo-common-2.17-322.el7_9.i686.rpm glibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm glibc-static-2.17-322.el7_9.i686.rpm glibc-static-2.17-322.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-29573 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYBlBl9zjgjWX9erEAQgCFRAAqJ3gXSXItZZaJIsC+Vmn5UKbxwZemBAY BHN3zi4PdGi/z+NlHHKXXr36UgyGpzjVWM6OpQpNAXQKWLRYA6/zFxFxTrCtn/qS r+O9G85fUuVtfiwx5wKU8uMiSYsrFdWyvc/HwbRWMSjNHUMYl6O3Sb8SeE2XJUUx ZUs4/XZdc763H8tJbdeZ+qdWmZf1lLIJ7hpckOttk8qQkP/e1nGtMpojSRoLs3fc cpV+JI1IvTwp+ytvGNTcbPL0C5qxcKmxTzUVk2iPFj41L4K7hLvScg06vudB+ZnN q7DCvsY2ZO8M6L8ibOUXqnCOt0Yn9BZW2PwicH+Mn+G9s2hfa2Qx19CqaemCSjBF wrqXnQ1gtxpRnBxJwlKO2bvV70edx5muShTxEm933zfu+eZbR/Me/0bg8O0/a22F 3ZawSeiJATxHbAK3E/+b8EbRcxrFGimr0oX05NIk/6BICzu5QRT/wPTt5PlSTaXm cdBxsfbfX+R7+lXiVh9QSbJ9Jdx9UruliFDrdGaA8vTFOih1hXW//n2Dg3CZWdwg 2JSWp6yqMnG7/KQKDZMpYFdQCopLjaxtjIwkWiNiARtf3BLBwntbVUcKo6C/O4Rj gbNSCrZ4J2dH3J5pr5mEGzGAyuqE35NRWsqNq82LRWjx5UM5u0QyBO/Db8oWeqR3 9VNjuVm8k0g=7N1F -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0119",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "glibc",
"scope": "lte",
"trust": 1.0,
"vendor": "gnu",
"version": "2.32"
},
{
"model": "a250",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "500f",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "service processor",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fas/aff baseboard management controller 500f",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "c library",
"scope": null,
"trust": 0.8,
"vendor": "gnu",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "service processor",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "fabric operating system",
"scope": null,
"trust": 0.8,
"vendor": "broadcom",
"version": null
},
{
"model": "ontap select deploy administration utility",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "fas/aff baseboard management controller a250",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016179"
},
{
"db": "NVD",
"id": "CVE-2019-25013"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "162634"
},
{
"db": "PACKETSTORM",
"id": "162837"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "161254"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-048"
}
],
"trust": 1.3
},
"cve": "CVE-2019-25013",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-25013",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2019-25013",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-25013",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-25013",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-25013",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-048",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-25013",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-25013"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016179"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-048"
},
{
"db": "NVD",
"id": "CVE-2019-25013"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. Bugs fixed (https://bugzilla.redhat.com/):\n\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n1945703 - \"Guest OS Info\" availability in VMI describe is flaky\n1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster\n1963275 - migration controller null pointer dereference\n1965099 - Live Migration double handoff to virt-handler causes connection failures\n1965181 - CDI importer doesn\u0027t report AwaitingVDDK like it used to\n1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod\n1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs\n1969756 - Windows VMs fail to start on air-gapped environments\n1970372 - Virt-handler fails to verify container-disk\n1973227 - segfault in virt-controller during pdb deletion\n1974084 - 2.6.6 containers\n1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted]\n1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration\n1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner\n1982760 - [v2v] no kind VirtualMachine is registered for version \\\"kubevirt.io/v1\\\" i... \n1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with \u003c= 4.8\n\n5. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1428290 - CVE-2016-10228 glibc: iconv program can hang when invoked with the -c option\n1684057 - CVE-2019-9169 glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read\n1704868 - CVE-2016-10228 glibc: iconv: Fix converter hangs and front end option parsing for //TRANSLIT and //IGNORE [rhel-8]\n1855790 - glibc: Update Intel CET support from upstream\n1856398 - glibc: Build with -moutline-atomics on aarch64\n1868106 - glibc: Transaction ID collisions cause slow DNS lookups in getaddrinfo\n1871385 - glibc: Improve auditing implementation (including DT_AUDIT, and DT_DEPAUDIT)\n1871387 - glibc: Improve IBM POWER9 architecture performance\n1871394 - glibc: Fix AVX2 off-by-one error in strncmp (swbz#25933)\n1871395 - glibc: Improve IBM Z (s390x) Performance\n1871396 - glibc: Improve use of static TLS surplus for optimizations. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1328 - Port fix to 5.0.z for BZ-1945168\n\n6. Bugs fixed (https://bugzilla.redhat.com/):\n\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n1928172 - CVE-2020-13949 libthrift: potential DoS when processing untrusted payloads\n1928937 - CVE-2021-23337 nodejs-lodash: command injection via template\n1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.4 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability\nengineers face as they work across a range of public and private cloud\nenvironments. \nClusters and applications are all visible and managed from a single\nconsole\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor\nthis release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* redisgraph-tls: redis: integer overflow when configurable limit for\nmaximum supported bulk input size is too big on 32-bit platforms\n(CVE-2021-21309)\n\n* console-header-container: nodejs-netmask: improper input validation of\noctal input data (CVE-2021-28092)\n\n* console-container: nodejs-is-svg: ReDoS via malicious string\n(CVE-2021-28918)\n\nBug fixes: \n\n* RHACM 2.2.4 images (BZ# 1957254)\n\n* Enabling observability for OpenShift Container Storage with RHACM 2.2 on\nOCP 4.7 (BZ#1950832)\n\n* ACM Operator should support using the default route TLS (BZ# 1955270)\n\n* The scrolling bar for search filter does not work properly (BZ# 1956852)\n\n* Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)\n\n* The proxy setup in install-config.yaml is not worked when IPI installing\nwith RHACM (BZ# 1960181)\n\n* Unable to make SSH connection to a Bitbucket server (BZ# 1966513)\n\n* Observability Thanos store shard crashing - cannot unmarshall DNS message\n(BZ# 1967890)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7\n1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory\n1954506 - [DDF] Table does not contain data about 20 clusters. Now it\u0027s difficult to estimate CPU usage with larger clusters\n1954535 - Reinstall Submariner - No endpoints found on one cluster\n1955270 - ACM Operator should support using the default route TLS\n1956852 - The scrolling bar for search filter does not work properly\n1957254 - RHACM 2.2.4 images\n1959426 - Limits on Length of MultiClusterObservability Resource Name\n1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. \n1963128 - [DDF] Please rename this to \"Amazon Elastic Kubernetes Service\"\n1966513 - Unable to make SSH connection to a Bitbucket server\n1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. \n1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message\n\n5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202107-07\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: glibc: Multiple vulnerabilities\n Date: July 06, 2021\n Bugs: #764176, #767718, #772425, #792261\n ID: 202107-07\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in glibc could result in Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 sys-libs/glibc \u003c 2.33-r1 \u003e= 2.33-r1 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in glibc. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nAn attacker could cause a possible Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll glibc users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=sys-libs/glibc-2.33-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-25013\n https://nvd.nist.gov/vuln/detail/CVE-2019-25013\n[ 2 ] CVE-2020-27618\n https://nvd.nist.gov/vuln/detail/CVE-2020-27618\n[ 3 ] CVE-2021-27645\n https://nvd.nist.gov/vuln/detail/CVE-2021-27645\n[ 4 ] CVE-2021-3326\n https://nvd.nist.gov/vuln/detail/CVE-2021-3326\n[ 5 ] CVE-2021-33574\n https://nvd.nist.gov/vuln/detail/CVE-2021-33574\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202107-07\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.13. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2021:2122\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nThis update fixes the following bug among others:\n\n* Previously, resources for the ClusterOperator were being created early in\nthe update process, which led to update failures when the ClusterOperator\nhad no status condition while Operators were updating. This bug fix changes\nthe timing of when these resources are created. As a result, updates can\ntake place without errors. (BZ#1959238)\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-x86_64\n\nThe image digest is\nsha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-s390x\n\nThe image digest is\nsha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le\n\nThe image digest is\nsha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n3. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923268 - [Assisted-4.7] [Staging] Using two both spelling \"canceled\" \"cancelled\"\n1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go\n1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list\n1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits\n1959238 - CVO creating cloud-controller-manager too early causing upgrade failures\n1960103 - SR-IOV obliviously reboot the node\n1961941 - Local Storage Operator using LocalVolume CR fails to create PV\u0027s when backend storage failure is simulated\n1962302 - packageserver clusteroperator does not set reason or message for Available condition\n1962312 - Deployment considered unhealthy despite being available and at latest generation\n1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone\n1963115 - Test verify /run filesystem contents failing\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: glibc security and bug fix update\nAdvisory ID: RHSA-2021:0348-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0348\nIssue date: 2021-02-02\nCVE Names: CVE-2019-25013 CVE-2020-10029 CVE-2020-29573\n====================================================================\n1. Summary:\n\nAn update for glibc is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the name\nservice cache daemon (nscd) used by multiple programs on the system. \nWithout these libraries, the Linux system cannot function correctly. \n\nBug Fix(es):\n\n* glibc: 64bit_strstr_via_64bit_strstr_sse2_unaligned detection fails with\nlarge device and inode numbers (BZ#1883162)\n\n* glibc: Performance regression in ebizzy benchmark (BZ#1889977)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the glibc library\nmust be restarted, or the system rebooted. \n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nglibc-2.17-322.el7_9.src.rpm\n\nx86_64:\nglibc-2.17-322.el7_9.i686.rpm\nglibc-2.17-322.el7_9.x86_64.rpm\nglibc-common-2.17-322.el7_9.x86_64.rpm\nglibc-debuginfo-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-2.17-322.el7_9.x86_64.rpm\nglibc-debuginfo-common-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm\nglibc-devel-2.17-322.el7_9.i686.rpm\nglibc-devel-2.17-322.el7_9.x86_64.rpm\nglibc-headers-2.17-322.el7_9.x86_64.rpm\nglibc-utils-2.17-322.el7_9.x86_64.rpm\nnscd-2.17-322.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nglibc-debuginfo-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-2.17-322.el7_9.x86_64.rpm\nglibc-debuginfo-common-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm\nglibc-static-2.17-322.el7_9.i686.rpm\nglibc-static-2.17-322.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nglibc-2.17-322.el7_9.src.rpm\n\nx86_64:\nglibc-2.17-322.el7_9.i686.rpm\nglibc-2.17-322.el7_9.x86_64.rpm\nglibc-common-2.17-322.el7_9.x86_64.rpm\nglibc-debuginfo-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-2.17-322.el7_9.x86_64.rpm\nglibc-debuginfo-common-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm\nglibc-devel-2.17-322.el7_9.i686.rpm\nglibc-devel-2.17-322.el7_9.x86_64.rpm\nglibc-headers-2.17-322.el7_9.x86_64.rpm\nglibc-utils-2.17-322.el7_9.x86_64.rpm\nnscd-2.17-322.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nglibc-debuginfo-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-2.17-322.el7_9.x86_64.rpm\nglibc-debuginfo-common-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm\nglibc-static-2.17-322.el7_9.i686.rpm\nglibc-static-2.17-322.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nglibc-2.17-322.el7_9.src.rpm\n\nppc64:\nglibc-2.17-322.el7_9.ppc.rpm\nglibc-2.17-322.el7_9.ppc64.rpm\nglibc-common-2.17-322.el7_9.ppc64.rpm\nglibc-debuginfo-2.17-322.el7_9.ppc.rpm\nglibc-debuginfo-2.17-322.el7_9.ppc64.rpm\nglibc-debuginfo-common-2.17-322.el7_9.ppc.rpm\nglibc-debuginfo-common-2.17-322.el7_9.ppc64.rpm\nglibc-devel-2.17-322.el7_9.ppc.rpm\nglibc-devel-2.17-322.el7_9.ppc64.rpm\nglibc-headers-2.17-322.el7_9.ppc64.rpm\nglibc-utils-2.17-322.el7_9.ppc64.rpm\nnscd-2.17-322.el7_9.ppc64.rpm\n\nppc64le:\nglibc-2.17-322.el7_9.ppc64le.rpm\nglibc-common-2.17-322.el7_9.ppc64le.rpm\nglibc-debuginfo-2.17-322.el7_9.ppc64le.rpm\nglibc-debuginfo-common-2.17-322.el7_9.ppc64le.rpm\nglibc-devel-2.17-322.el7_9.ppc64le.rpm\nglibc-headers-2.17-322.el7_9.ppc64le.rpm\nglibc-utils-2.17-322.el7_9.ppc64le.rpm\nnscd-2.17-322.el7_9.ppc64le.rpm\n\ns390x:\nglibc-2.17-322.el7_9.s390.rpm\nglibc-2.17-322.el7_9.s390x.rpm\nglibc-common-2.17-322.el7_9.s390x.rpm\nglibc-debuginfo-2.17-322.el7_9.s390.rpm\nglibc-debuginfo-2.17-322.el7_9.s390x.rpm\nglibc-debuginfo-common-2.17-322.el7_9.s390.rpm\nglibc-debuginfo-common-2.17-322.el7_9.s390x.rpm\nglibc-devel-2.17-322.el7_9.s390.rpm\nglibc-devel-2.17-322.el7_9.s390x.rpm\nglibc-headers-2.17-322.el7_9.s390x.rpm\nglibc-utils-2.17-322.el7_9.s390x.rpm\nnscd-2.17-322.el7_9.s390x.rpm\n\nx86_64:\nglibc-2.17-322.el7_9.i686.rpm\nglibc-2.17-322.el7_9.x86_64.rpm\nglibc-common-2.17-322.el7_9.x86_64.rpm\nglibc-debuginfo-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-2.17-322.el7_9.x86_64.rpm\nglibc-debuginfo-common-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm\nglibc-devel-2.17-322.el7_9.i686.rpm\nglibc-devel-2.17-322.el7_9.x86_64.rpm\nglibc-headers-2.17-322.el7_9.x86_64.rpm\nglibc-utils-2.17-322.el7_9.x86_64.rpm\nnscd-2.17-322.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nglibc-debuginfo-2.17-322.el7_9.ppc.rpm\nglibc-debuginfo-2.17-322.el7_9.ppc64.rpm\nglibc-debuginfo-common-2.17-322.el7_9.ppc.rpm\nglibc-debuginfo-common-2.17-322.el7_9.ppc64.rpm\nglibc-static-2.17-322.el7_9.ppc.rpm\nglibc-static-2.17-322.el7_9.ppc64.rpm\n\nppc64le:\nglibc-debuginfo-2.17-322.el7_9.ppc64le.rpm\nglibc-debuginfo-common-2.17-322.el7_9.ppc64le.rpm\nglibc-static-2.17-322.el7_9.ppc64le.rpm\n\ns390x:\nglibc-debuginfo-2.17-322.el7_9.s390.rpm\nglibc-debuginfo-2.17-322.el7_9.s390x.rpm\nglibc-debuginfo-common-2.17-322.el7_9.s390.rpm\nglibc-debuginfo-common-2.17-322.el7_9.s390x.rpm\nglibc-static-2.17-322.el7_9.s390.rpm\nglibc-static-2.17-322.el7_9.s390x.rpm\n\nx86_64:\nglibc-debuginfo-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-2.17-322.el7_9.x86_64.rpm\nglibc-debuginfo-common-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm\nglibc-static-2.17-322.el7_9.i686.rpm\nglibc-static-2.17-322.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nglibc-2.17-322.el7_9.src.rpm\n\nx86_64:\nglibc-2.17-322.el7_9.i686.rpm\nglibc-2.17-322.el7_9.x86_64.rpm\nglibc-common-2.17-322.el7_9.x86_64.rpm\nglibc-debuginfo-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-2.17-322.el7_9.x86_64.rpm\nglibc-debuginfo-common-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm\nglibc-devel-2.17-322.el7_9.i686.rpm\nglibc-devel-2.17-322.el7_9.x86_64.rpm\nglibc-headers-2.17-322.el7_9.x86_64.rpm\nglibc-utils-2.17-322.el7_9.x86_64.rpm\nnscd-2.17-322.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nglibc-debuginfo-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-2.17-322.el7_9.x86_64.rpm\nglibc-debuginfo-common-2.17-322.el7_9.i686.rpm\nglibc-debuginfo-common-2.17-322.el7_9.x86_64.rpm\nglibc-static-2.17-322.el7_9.i686.rpm\nglibc-static-2.17-322.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-25013\nhttps://access.redhat.com/security/cve/CVE-2020-10029\nhttps://access.redhat.com/security/cve/CVE-2020-29573\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYBlBl9zjgjWX9erEAQgCFRAAqJ3gXSXItZZaJIsC+Vmn5UKbxwZemBAY\nBHN3zi4PdGi/z+NlHHKXXr36UgyGpzjVWM6OpQpNAXQKWLRYA6/zFxFxTrCtn/qS\nr+O9G85fUuVtfiwx5wKU8uMiSYsrFdWyvc/HwbRWMSjNHUMYl6O3Sb8SeE2XJUUx\nZUs4/XZdc763H8tJbdeZ+qdWmZf1lLIJ7hpckOttk8qQkP/e1nGtMpojSRoLs3fc\ncpV+JI1IvTwp+ytvGNTcbPL0C5qxcKmxTzUVk2iPFj41L4K7hLvScg06vudB+ZnN\nq7DCvsY2ZO8M6L8ibOUXqnCOt0Yn9BZW2PwicH+Mn+G9s2hfa2Qx19CqaemCSjBF\nwrqXnQ1gtxpRnBxJwlKO2bvV70edx5muShTxEm933zfu+eZbR/Me/0bg8O0/a22F\n3ZawSeiJATxHbAK3E/+b8EbRcxrFGimr0oX05NIk/6BICzu5QRT/wPTt5PlSTaXm\ncdBxsfbfX+R7+lXiVh9QSbJ9Jdx9UruliFDrdGaA8vTFOih1hXW//n2Dg3CZWdwg\n2JSWp6yqMnG7/KQKDZMpYFdQCopLjaxtjIwkWiNiARtf3BLBwntbVUcKo6C/O4Rj\ngbNSCrZ4J2dH3J5pr5mEGzGAyuqE35NRWsqNq82LRWjx5UM5u0QyBO/Db8oWeqR3\n9VNjuVm8k0g=7N1F\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-25013"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016179"
},
{
"db": "VULMON",
"id": "CVE-2019-25013"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "162634"
},
{
"db": "PACKETSTORM",
"id": "162837"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163406"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "161254"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-25013",
"trust": 4.1
},
{
"db": "ICS CERT",
"id": "ICSA-23-166-10",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99464755",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016179",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163789",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162634",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162837",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163276",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163406",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162877",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161254",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163747",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163496",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166279",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168011",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163267",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164192",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0868",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6426",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2228",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2180",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0875",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0373",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0728",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0743",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2711",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1866",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3141",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4058",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2657",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1820",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5140",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1743",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4222",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2604",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1025",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2365",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2781",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011038",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031430",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071310",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021070604",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062703",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062315",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071516",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021122914",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092220",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-048",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-25013",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163188",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-25013"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016179"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "162634"
},
{
"db": "PACKETSTORM",
"id": "162837"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163406"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "161254"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-048"
},
{
"db": "NVD",
"id": "CVE-2019-25013"
}
]
},
"id": "VAR-202101-0119",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.465277775
},
"last_update_date": "2024-11-29T22:13:34.099000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug\u00a024973 NetAppNetApp\u00a0Advisory",
"trust": 0.8,
"url": "https://www.broadcom.com/"
},
{
"title": "GNU C Library Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=138312"
},
{
"title": "Debian CVElist Bug Report Logs: glibc: CVE-2019-25013",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=7073abdc63eae799f90555726b8fbe41"
},
{
"title": "Red Hat: Moderate: glibc security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210348 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1599",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1599"
},
{
"title": "Ubuntu Security Notice: USN-5768-1: GNU C Library vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5768-1"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-25013 log"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1511",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1511"
},
{
"title": "Arch Linux Advisories: [ASA-202102-18] glibc: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202102-18"
},
{
"title": "Arch Linux Advisories: [ASA-202102-17] lib32-glibc: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202102-17"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.1.3 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210607 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1605",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1605"
},
{
"title": "Ubuntu Security Notice: USN-5310-1: GNU C Library vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5310-1"
},
{
"title": "Red Hat: Important: Service Telemetry Framework 1.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225924 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: Cloud Pak for Security contains security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=08f19f0be4d5dcf7486e5abcdb671477"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220056 - Security Advisory"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2019-25013 "
},
{
"title": "ecr-api",
"trust": 0.1,
"url": "https://github.com/YaleSpinup/ecr-api "
},
{
"title": "sanction",
"trust": 0.1,
"url": "https://github.com/ctc-oss/sanction "
},
{
"title": "release-the-code-litecoin",
"trust": 0.1,
"url": "https://github.com/brandoncamenisch/release-the-code-litecoin "
},
{
"title": "interview_project",
"trust": 0.1,
"url": "https://github.com/domyrtille/interview_project "
},
{
"title": "trivy-multiscanner",
"trust": 0.1,
"url": "https://github.com/onzack/trivy-multiscanner "
},
{
"title": "spring-boot-app-with-log4j-vuln",
"trust": 0.1,
"url": "https://github.com/nedenwalker/spring-boot-app-with-log4j-vuln "
},
{
"title": "giant-squid",
"trust": 0.1,
"url": "https://github.com/dispera/giant-squid "
},
{
"title": "devops-demo",
"trust": 0.1,
"url": "https://github.com/epequeno/devops-demo "
},
{
"title": "spring-boot-app-using-gradle",
"trust": 0.1,
"url": "https://github.com/nedenwalker/spring-boot-app-using-gradle "
},
{
"title": "xyz-solutions",
"trust": 0.1,
"url": "https://github.com/sauliuspr/xyz-solutions "
},
{
"title": "myapp-container-jaxrs",
"trust": 0.1,
"url": "https://github.com/akiraabe/myapp-container-jaxrs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-25013"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016179"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-048"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016179"
},
{
"db": "NVD",
"id": "CVE-2019-25013"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202107-07"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20210205-0004/"
},
{
"trust": 1.6,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"
},
{
"trust": 1.6,
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24973"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3cdev.mina.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tvcunlq3hxgs4vpuqkwtjgraw2ktfgxs/"
},
{
"trust": 1.0,
"url": "https://sourceware.org/git/?p=glibc.git%3ba=commit%3bh=ee7a3144c9922808181009b7b3e50e852fb4999b"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4y6tx47p47kabsfol26fldnvcwxdkdez/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99464755/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-10"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3cdev.mina.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tvcunlq3hxgs4vpuqkwtjgraw2ktfgxs/"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4y6tx47p47kabsfol26fldnvcwxdkdez/"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164192/red-hat-security-advisory-2021-3556-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168011/red-hat-security-advisory-2022-5924-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163789/red-hat-security-advisory-2021-3119-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-contains-security-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1866"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2657"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1743"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1820"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2711"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071310"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163747/red-hat-security-advisory-2021-3016-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2781"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5140"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0373/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031430"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166279/red-hat-security-advisory-2022-0056-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2365"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2180"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122914"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162634/red-hat-security-advisory-2021-1585-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163276/red-hat-security-advisory-2021-2543-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0875"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/glibc-out-of-bounds-memory-reading-via-iconv-euc-kr-encoding-34360"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1025"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0728"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163496/red-hat-security-advisory-2021-2705-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0743"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2228"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062703"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092220"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0868"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520474"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2604"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162837/red-hat-security-advisory-2021-2136-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163267/red-hat-security-advisory-2021-2532-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011038"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161254/red-hat-security-advisory-2021-0348-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021070604"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071516"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162877/red-hat-security-advisory-2021-2121-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062315"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4058"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4222"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163406/gentoo-linux-security-advisory-202107-07.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3141"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6426"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-27619"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-23336"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-12362"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-3842"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-13776"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-24977"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14347"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-25712"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13543"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9951"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25037"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9948"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-13012"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-28935"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25034"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25035"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14363"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25038"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13584"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14360"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25042"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25032"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25041"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25036"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-25215"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-9983"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14345"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14344"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14362"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14361"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25039"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14346"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25040"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10878"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10543"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14346"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12364"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36242"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12363"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13543"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13584"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25659"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14344"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12363"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12364"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36322"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12114"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12114"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27835"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25704"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19528"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0431"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-18811"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19528"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12464"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14314"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14356"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27786"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25643"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24394"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-0431"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-0342"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18811"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19523"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25285"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35508"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25212"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19523"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28974"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-15437"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11608"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11608"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12464"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24331"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23240"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3520"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23239"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3537"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33909"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32399"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3119"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28211"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33910"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1585"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14347"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14360"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14314"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14356"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13949"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13949"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28092"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21309"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3501"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27170"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25692"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2433"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2461"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33574"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21644"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2122"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21642"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10029"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10029"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0348"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29573"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29573"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016179"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "162634"
},
{
"db": "PACKETSTORM",
"id": "162837"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163406"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "161254"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-048"
},
{
"db": "NVD",
"id": "CVE-2019-25013"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-25013"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016179"
},
{
"db": "PACKETSTORM",
"id": "163789"
},
{
"db": "PACKETSTORM",
"id": "162634"
},
{
"db": "PACKETSTORM",
"id": "162837"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163406"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "161254"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-048"
},
{
"db": "NVD",
"id": "CVE-2019-25013"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-04T00:00:00",
"db": "VULMON",
"id": "CVE-2019-25013"
},
{
"date": "2021-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-016179"
},
{
"date": "2021-08-11T16:15:17",
"db": "PACKETSTORM",
"id": "163789"
},
{
"date": "2021-05-19T13:59:56",
"db": "PACKETSTORM",
"id": "162634"
},
{
"date": "2021-05-27T13:28:54",
"db": "PACKETSTORM",
"id": "162837"
},
{
"date": "2021-06-24T17:54:53",
"db": "PACKETSTORM",
"id": "163276"
},
{
"date": "2021-06-17T17:53:22",
"db": "PACKETSTORM",
"id": "163188"
},
{
"date": "2021-07-06T15:43:31",
"db": "PACKETSTORM",
"id": "163406"
},
{
"date": "2021-06-01T14:45:29",
"db": "PACKETSTORM",
"id": "162877"
},
{
"date": "2021-02-02T16:12:10",
"db": "PACKETSTORM",
"id": "161254"
},
{
"date": "2021-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-048"
},
{
"date": "2021-01-04T18:15:13.027000",
"db": "NVD",
"id": "CVE-2019-25013"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-25013"
},
{
"date": "2023-06-16T05:32:00",
"db": "JVNDB",
"id": "JVNDB-2019-016179"
},
{
"date": "2022-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-048"
},
{
"date": "2024-11-21T04:39:44.273000",
"db": "NVD",
"id": "CVE-2019-25013"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-048"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GNU\u00a0C\u00a0Library\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016179"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-048"
}
],
"trust": 0.6
}
}
var-202108-2039
Vulnerability from variot
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting. apple's iPadOS Cross-site scripting vulnerabilities exist in products from multiple vendors.Information may be obtained and information may be tampered with. (CVE-2020-27918) "Clear History and Website Data" did not clear the history. A user may be unable to fully delete browsing history. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1789) A port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870) A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775) A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779) An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30799) A use-after-free flaw was found in WebKitGTK. (CVE-2021-30809) A confusion type flaw was found in WebKitGTK. (CVE-2021-30818) An out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30887) An information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888) A buffer overflow flaw was found in WebKitGTK. (CVE-2021-30984) ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912) BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762) A segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-26719) In WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. (CVE-2022-32792) Multiple out-of-bounds write issues were addressed with improved bounds checking. An app may be able to disclose kernel memory. Visiting a website that frames malicious content may lead to UI spoofing. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-46700) A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529) A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358) A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360) A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361) A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362) A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363) The vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932) The vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954) An out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373) N/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update Advisory ID: RHSA-2022:1777-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1777 Issue date: 2022-05-10 CVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 =====================================================================
- Summary:
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: webkit2gtk3-2.34.6-1.el8.src.rpm
aarch64: webkit2gtk3-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm
ppc64le: webkit2gtk3-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm
s390x: webkit2gtk3-2.34.6-1.el8.s390x.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm
x86_64: webkit2gtk3-2.34.6-1.el8.i686.rpm webkit2gtk3-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm webkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-30809 https://access.redhat.com/security/cve/CVE-2021-30818 https://access.redhat.com/security/cve/CVE-2021-30823 https://access.redhat.com/security/cve/CVE-2021-30836 https://access.redhat.com/security/cve/CVE-2021-30846 https://access.redhat.com/security/cve/CVE-2021-30848 https://access.redhat.com/security/cve/CVE-2021-30849 https://access.redhat.com/security/cve/CVE-2021-30851 https://access.redhat.com/security/cve/CVE-2021-30884 https://access.redhat.com/security/cve/CVE-2021-30887 https://access.redhat.com/security/cve/CVE-2021-30888 https://access.redhat.com/security/cve/CVE-2021-30889 https://access.redhat.com/security/cve/CVE-2021-30890 https://access.redhat.com/security/cve/CVE-2021-30897 https://access.redhat.com/security/cve/CVE-2021-30934 https://access.redhat.com/security/cve/CVE-2021-30936 https://access.redhat.com/security/cve/CVE-2021-30951 https://access.redhat.com/security/cve/CVE-2021-30952 https://access.redhat.com/security/cve/CVE-2021-30953 https://access.redhat.com/security/cve/CVE-2021-30954 https://access.redhat.com/security/cve/CVE-2021-30984 https://access.redhat.com/security/cve/CVE-2021-45481 https://access.redhat.com/security/cve/CVE-2021-45482 https://access.redhat.com/security/cve/CVE-2021-45483 https://access.redhat.com/security/cve/CVE-2022-22589 https://access.redhat.com/security/cve/CVE-2022-22590 https://access.redhat.com/security/cve/CVE-2022-22592 https://access.redhat.com/security/cve/CVE-2022-22594 https://access.redhat.com/security/cve/CVE-2022-22620 https://access.redhat.com/security/cve/CVE-2022-22637 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
For the oldstable distribution (buster), these problems have been fixed in version 2.34.3-1~deb10u1.
For the stable distribution (bullseye), these problems have been fixed in version 2.34.3-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages.
AppKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2021-30873: Thijs Alkemade of Computest
AppleScript Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30876: Jeremy Brown, hjy79425575 CVE-2021-30879: Jeremy Brown, hjy79425575 CVE-2021-30877: Jeremy Brown CVE-2021-30880: Jeremy Brown
Audio Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to elevate privileges Description: An integer overflow was addressed through improved input validation. CVE-2021-30907: Zweig of Kunlun Lab
Bluetooth Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2021-30899: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America
ColorSync Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of ICC profiles. CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google Project Zero
Continuity Camera Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30903: an anonymous researcher
CoreAudio Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing a maliciously crafted file may disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro
CoreGraphics Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-30919
FileProvider Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: An input validation issue was addressed with improved memory handling. CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab of Qihoo 360
Game Center Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to access information about a user's contacts Description: A logic issue was addressed with improved restrictions. CVE-2021-30895: Denis Tokarev
Game Center Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to read user's gameplay data Description: A logic issue was addressed with improved restrictions. CVE-2021-30896: Denis Tokarev
iCloud Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30906: Cees Elzinga
Intel Graphics Driver Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30824: Antonio Zekic (@antoniozekic) of Diverto
Intel Graphics Driver Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple out-of-bounds write issues were addressed with improved bounds checking. CVE-2021-30901: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong Lab, Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab, Jack Dates of RET2 Systems, Inc.
IOGraphics Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30821: Tim Michaud (@TimGMichaud) of Zoom Video Communications
IOMobileFrameBuffer Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30883: an anonymous researcher
Kernel Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30886: @0xalsr
Kernel Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30909: Zweig of Kunlun Lab
Kernel Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30916: Zweig of Kunlun Lab
LaunchServices Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved state management. CVE-2021-30864: Ron Hass (@ronhass7) of Perception Point
Login Window Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A person with access to a host Mac may be able to bypass the Login Window in Remote Desktop for a locked instance of macOS Description: This issue was addressed with improved checks. CVE-2021-30813: Benjamin Berger of BBetterTech LLC, Peter Goedtkindt of Informatique-MTF S.A., an anonymous researcher
Model I/O Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing a maliciously crafted file may disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro
Model I/O Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab
Sandbox Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A local attacker may be able to read sensitive information Description: A permissions issue was addressed with improved validation. CVE-2021-30920: Csaba Fitzl (@theevilbit) of Offensive Security
SMB Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2021-30868: Peter Nguyen Vu Hoang of STAR Labs
SoftwareUpdate Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may gain access to a user's Keychain items Description: The issue was addressed with improved permissions logic. CVE-2021-30912: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
SoftwareUpdate Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: An unprivileged application may be able to edit NVRAM variables Description: The issue was addressed with improved permissions logic. CVE-2021-30913: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
UIKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A person with physical access to an iOS device may be determine characteristics of a user's password in a secure text entry field Description: A logic issue was addressed with improved state management. CVE-2021-30915: Kostas Angelopoulos
WebKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: An attacker in a privileged network position may be able to bypass HSTS Description: A logic issue was addressed with improved restrictions. CVE-2021-30823: David Gullasch of Recurity Labs
WebKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy Description: A logic issue was addressed with improved restrictions. CVE-2021-30887: Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd.
WebKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious website using Content Security Policy reports may be able to leak information via redirect behavior Description: An information leakage issue was addressed. CVE-2021-30888: Prakash (@1lastBr3ath)
WebKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30889: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab
WebKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30861: Wojciech Reguła (@_r3ggi), Ryan Pickren (ryanpickren.com)
WebKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2021-30890: an anonymous researcher
Windows Server Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2021-30908: ASentientBot
xar Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files Description: This issue was addressed with improved checks. CVE-2021-30833: Richard Warren of NCC Group
zsh Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later) Impact: A malicious application may be able to modify protected parts of the file system Description: An inherited permissions issue was addressed with additional restrictions. CVE-2021-30892: Jonathan Bar Or of Microsoft
Additional recognition
APFS We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc. for their assistance.
App Support We would like to acknowledge an anonymous researcher, 漂亮鼠 of 赛博回忆录 for their assistance.
Bluetooth We would like to acknowledge say2 of ENKI for their assistance.
CUPS We would like to acknowledge an anonymous researcher for their assistance.
iCloud We would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.
Kernel We would like to acknowledge Anthony Steinhauser of Google's Safeside project for their assistance.
Mail We would like to acknowledge Fabian Ising and Damian Poddebniak of Münster University of Applied Sciences for their assistance.
Managed Configuration We would like to acknowledge Michal Moravec of Logicworks, s.r.o. for their assistance.
smbx We would like to acknowledge Zhongcheng Li (CK01) for their assistance.
WebKit We would like to acknowledge Ivan Fratric of Google Project Zero, Pavel Gromadchuk, an anonymous researcher for their assistance.
Installation note: This update may be obtained from the Mac App Store
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hpwACgkQeC9qKD1p rhhm0Q//fIQiOk2S9w2qirXapPqEpyI9LNJnGX/RCrsZGN/iFkgvt27/RYLhHHQk efqxE6nnXdUaj9HoIIHiG4rKxIhfkscw1dF9igvmYm6j+V2KMiRxp1Pev1zMzsBI N6F7mJ4SiATHDTJATU8uCqIqHRQsvcIrHCjovblqGfuZxzvsjkvtRc0eXC0XAARf xW0WRNbTBoCOEsMp92hNI45B/oK05b1aHm2pY529gE6GRBBl0ymVo30fQ7vmIoJY Uajc6pDNeJ1MhSpo0k+Z+eVodSdBN2EutKZfU5+4t2GzqeW5nLZFa/oqXObXBhXk i8bptOhceBu6qD9poSgkS5EdH4OdRQMcMjsQLIRJj3N/MwZBhGvsLQDlyGmtd+VG a0s+pna/WoFwzw800CYRarmL0rRsZ4zZza0iuKArhrLlQCw+ee6XNL+1U50zvMaW oT3gNkf3faCqQDxecIcQTj7xwt2tHV87p7uqELiuUZaCk5UoQBsWxGeGebFGxUq5 pJVQvnr4RVrDkpOQjbKj8w9mWoSZcvKlhRNL9J5kW75zd32vwnaVMlVkIG8vfvoK sgq/VfKrOW+EV1IMAh4iuaMiLAPjwBzMiRfjvRZFeJmTaMaTOxDKHwkG5YwPNp5W 0FlhV1S2pAmGlQZgvTxkBthtU9A9giuH+oHSGJDjr70Q7de8lJ4= =3Pcg -----END PGP SIGNATURE-----
. CVE-2021-30894: Pan ZhenPeng (@Peterpan0927) of Alibaba Security Pandora Lab
IOMobileFrameBuffer Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges.
Installation note:
Apple TV will periodically check for software updates.
Alternatively, on your watch, select "My Watch > General > About". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202202-01
https://security.gentoo.org/
Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
[ 1 ] CVE-2021-30848 https://nvd.nist.gov/vuln/detail/CVE-2021-30848 [ 2 ] CVE-2021-30888 https://nvd.nist.gov/vuln/detail/CVE-2021-30888 [ 3 ] CVE-2021-30682 https://nvd.nist.gov/vuln/detail/CVE-2021-30682 [ 4 ] CVE-2021-30889 https://nvd.nist.gov/vuln/detail/CVE-2021-30889 [ 5 ] CVE-2021-30666 https://nvd.nist.gov/vuln/detail/CVE-2021-30666 [ 6 ] CVE-2021-30665 https://nvd.nist.gov/vuln/detail/CVE-2021-30665 [ 7 ] CVE-2021-30890 https://nvd.nist.gov/vuln/detail/CVE-2021-30890 [ 8 ] CVE-2021-30661 https://nvd.nist.gov/vuln/detail/CVE-2021-30661 [ 9 ] WSA-2021-0005 https://webkitgtk.org/security/WSA-2021-0005.html [ 10 ] CVE-2021-30761 https://nvd.nist.gov/vuln/detail/CVE-2021-30761 [ 11 ] CVE-2021-30897 https://nvd.nist.gov/vuln/detail/CVE-2021-30897 [ 12 ] CVE-2021-30823 https://nvd.nist.gov/vuln/detail/CVE-2021-30823 [ 13 ] CVE-2021-30734 https://nvd.nist.gov/vuln/detail/CVE-2021-30734 [ 14 ] CVE-2021-30934 https://nvd.nist.gov/vuln/detail/CVE-2021-30934 [ 15 ] CVE-2021-1871 https://nvd.nist.gov/vuln/detail/CVE-2021-1871 [ 16 ] CVE-2021-30762 https://nvd.nist.gov/vuln/detail/CVE-2021-30762 [ 17 ] WSA-2021-0006 https://webkitgtk.org/security/WSA-2021-0006.html [ 18 ] CVE-2021-30797 https://nvd.nist.gov/vuln/detail/CVE-2021-30797 [ 19 ] CVE-2021-30936 https://nvd.nist.gov/vuln/detail/CVE-2021-30936 [ 20 ] CVE-2021-30663 https://nvd.nist.gov/vuln/detail/CVE-2021-30663 [ 21 ] CVE-2021-1825 https://nvd.nist.gov/vuln/detail/CVE-2021-1825 [ 22 ] CVE-2021-30951 https://nvd.nist.gov/vuln/detail/CVE-2021-30951 [ 23 ] CVE-2021-30952 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 [ 24 ] CVE-2021-1788 https://nvd.nist.gov/vuln/detail/CVE-2021-1788 [ 25 ] CVE-2021-1820 https://nvd.nist.gov/vuln/detail/CVE-2021-1820 [ 26 ] CVE-2021-30953 https://nvd.nist.gov/vuln/detail/CVE-2021-30953 [ 27 ] CVE-2021-30749 https://nvd.nist.gov/vuln/detail/CVE-2021-30749 [ 28 ] CVE-2021-30849 https://nvd.nist.gov/vuln/detail/CVE-2021-30849 [ 29 ] CVE-2021-1826 https://nvd.nist.gov/vuln/detail/CVE-2021-1826 [ 30 ] CVE-2021-30836 https://nvd.nist.gov/vuln/detail/CVE-2021-30836 [ 31 ] CVE-2021-30954 https://nvd.nist.gov/vuln/detail/CVE-2021-30954 [ 32 ] CVE-2021-30984 https://nvd.nist.gov/vuln/detail/CVE-2021-30984 [ 33 ] CVE-2021-30851 https://nvd.nist.gov/vuln/detail/CVE-2021-30851 [ 34 ] CVE-2021-30758 https://nvd.nist.gov/vuln/detail/CVE-2021-30758 [ 35 ] CVE-2021-42762 https://nvd.nist.gov/vuln/detail/CVE-2021-42762 [ 36 ] CVE-2021-1844 https://nvd.nist.gov/vuln/detail/CVE-2021-1844 [ 37 ] CVE-2021-30689 https://nvd.nist.gov/vuln/detail/CVE-2021-30689 [ 38 ] CVE-2021-45482 https://nvd.nist.gov/vuln/detail/CVE-2021-45482 [ 39 ] CVE-2021-30858 https://nvd.nist.gov/vuln/detail/CVE-2021-30858 [ 40 ] CVE-2021-21779 https://nvd.nist.gov/vuln/detail/CVE-2021-21779 [ 41 ] WSA-2021-0004 https://webkitgtk.org/security/WSA-2021-0004.html [ 42 ] CVE-2021-30846 https://nvd.nist.gov/vuln/detail/CVE-2021-30846 [ 43 ] CVE-2021-30744 https://nvd.nist.gov/vuln/detail/CVE-2021-30744 [ 44 ] CVE-2021-30809 https://nvd.nist.gov/vuln/detail/CVE-2021-30809 [ 45 ] CVE-2021-30884 https://nvd.nist.gov/vuln/detail/CVE-2021-30884 [ 46 ] CVE-2021-30720 https://nvd.nist.gov/vuln/detail/CVE-2021-30720 [ 47 ] CVE-2021-30799 https://nvd.nist.gov/vuln/detail/CVE-2021-30799 [ 48 ] CVE-2021-30795 https://nvd.nist.gov/vuln/detail/CVE-2021-30795 [ 49 ] CVE-2021-1817 https://nvd.nist.gov/vuln/detail/CVE-2021-1817 [ 50 ] CVE-2021-21775 https://nvd.nist.gov/vuln/detail/CVE-2021-21775 [ 51 ] CVE-2021-30887 https://nvd.nist.gov/vuln/detail/CVE-2021-30887 [ 52 ] CVE-2021-21806 https://nvd.nist.gov/vuln/detail/CVE-2021-21806 [ 53 ] CVE-2021-30818 https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-2039",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "8.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.0.1"
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "8.1"
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "tvos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021215"
},
{
"db": "NVD",
"id": "CVE-2021-30890"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "164672"
},
{
"db": "PACKETSTORM",
"id": "164683"
},
{
"db": "PACKETSTORM",
"id": "164682"
}
],
"trust": 0.3
},
"cve": "CVE-2021-30890",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-30890",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-390623",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2021-30890",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-30890",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-30890",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-30890",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-1981",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-390623",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-30890",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390623"
},
{
"db": "VULMON",
"id": "CVE-2021-30890"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021215"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1981"
},
{
"db": "NVD",
"id": "CVE-2021-30890"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting. apple\u0027s iPadOS Cross-site scripting vulnerabilities exist in products from multiple vendors.Information may be obtained and information may be tampered with. (CVE-2020-27918)\n\"Clear History and Website Data\" did not clear the history. A user may be unable to fully delete browsing history. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1789)\nA port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870)\nA use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\nA use-after-free vulnerability exists in the way Webkit\u0027s GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779)\nAn exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30799)\nA use-after-free flaw was found in WebKitGTK. (CVE-2021-30809)\nA confusion type flaw was found in WebKitGTK. (CVE-2021-30818)\nAn out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30887)\nAn information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888)\nA buffer overflow flaw was found in WebKitGTK. (CVE-2021-30984)\n** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912)\nBubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762)\nA segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-26719)\nIn WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. (CVE-2022-32792)\nMultiple out-of-bounds write issues were addressed with improved bounds checking. An app may be able to disclose kernel memory. Visiting a website that frames malicious content may lead to UI spoofing. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-46700)\nA flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529)\nA use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358)\nA use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360)\nA use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361)\nA use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362)\nA use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363)\nThe vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932)\nThe vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954)\nAn out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373)\nN/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2022:1777-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1777\nIssue date: 2022-05-10\nCVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 \n CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 \n CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 \n CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 \n CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 \n CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 \n CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 \n CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 \n CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 \n CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 \n=====================================================================\n\n1. Summary:\n\nAn update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nWebKitGTK is the port of the portable web rendering engine WebKit to the\nGTK platform. \n\nThe following packages have been upgraded to a later upstream version:\nwebkit2gtk3 (2.34.6). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.6 Release Notes linked from the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nwebkit2gtk3-2.34.6-1.el8.src.rpm\n\naarch64:\nwebkit2gtk3-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\n\nppc64le:\nwebkit2gtk3-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\n\ns390x:\nwebkit2gtk3-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm\n\nx86_64:\nwebkit2gtk3-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-30809\nhttps://access.redhat.com/security/cve/CVE-2021-30818\nhttps://access.redhat.com/security/cve/CVE-2021-30823\nhttps://access.redhat.com/security/cve/CVE-2021-30836\nhttps://access.redhat.com/security/cve/CVE-2021-30846\nhttps://access.redhat.com/security/cve/CVE-2021-30848\nhttps://access.redhat.com/security/cve/CVE-2021-30849\nhttps://access.redhat.com/security/cve/CVE-2021-30851\nhttps://access.redhat.com/security/cve/CVE-2021-30884\nhttps://access.redhat.com/security/cve/CVE-2021-30887\nhttps://access.redhat.com/security/cve/CVE-2021-30888\nhttps://access.redhat.com/security/cve/CVE-2021-30889\nhttps://access.redhat.com/security/cve/CVE-2021-30890\nhttps://access.redhat.com/security/cve/CVE-2021-30897\nhttps://access.redhat.com/security/cve/CVE-2021-30934\nhttps://access.redhat.com/security/cve/CVE-2021-30936\nhttps://access.redhat.com/security/cve/CVE-2021-30951\nhttps://access.redhat.com/security/cve/CVE-2021-30952\nhttps://access.redhat.com/security/cve/CVE-2021-30953\nhttps://access.redhat.com/security/cve/CVE-2021-30954\nhttps://access.redhat.com/security/cve/CVE-2021-30984\nhttps://access.redhat.com/security/cve/CVE-2021-45481\nhttps://access.redhat.com/security/cve/CVE-2021-45482\nhttps://access.redhat.com/security/cve/CVE-2021-45483\nhttps://access.redhat.com/security/cve/CVE-2022-22589\nhttps://access.redhat.com/security/cve/CVE-2022-22590\nhttps://access.redhat.com/security/cve/CVE-2022-22592\nhttps://access.redhat.com/security/cve/CVE-2022-22594\nhttps://access.redhat.com/security/cve/CVE-2022-22620\nhttps://access.redhat.com/security/cve/CVE-2022-22637\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.34.3-1~deb10u1. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.34.3-1~deb11u1. \n\nWe recommend that you upgrade your webkit2gtk packages. \n\nAppKit\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30873: Thijs Alkemade of Computest\n\nAppleScript\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30876: Jeremy Brown, hjy79425575\nCVE-2021-30879: Jeremy Brown, hjy79425575\nCVE-2021-30877: Jeremy Brown\nCVE-2021-30880: Jeremy Brown\n\nAudio\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may be able to elevate privileges\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2021-30907: Zweig of Kunlun Lab\n\nBluetooth\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30899: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC\nRiverside, and Yu Wang of Didi Research America\n\nColorSync\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the processing of\nICC profiles. \nCVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google\nProject Zero\n\nContinuity Camera\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30903: an anonymous researcher\n\nCoreAudio\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: Processing a maliciously crafted file may disclose user\ninformation\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro\n\nCoreGraphics\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: Processing a maliciously crafted PDF may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-30919\n\nFileProvider\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary\ncode execution\nDescription: An input validation issue was addressed with improved\nmemory handling. \nCVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab\nof Qihoo 360\n\nGame Center\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may be able to access information\nabout a user\u0027s contacts\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30895: Denis Tokarev\n\nGame Center\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may be able to read user\u0027s gameplay\ndata\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30896: Denis Tokarev\n\niCloud\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A local attacker may be able to elevate their privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30906: Cees Elzinga\n\nIntel Graphics Driver\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30824: Antonio Zekic (@antoniozekic) of Diverto\n\nIntel Graphics Driver\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: Multiple out-of-bounds write issues were addressed with\nimproved bounds checking. \nCVE-2021-30901: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong\nLab, Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab, Jack Dates of\nRET2 Systems, Inc. \n\nIOGraphics\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30821: Tim Michaud (@TimGMichaud) of Zoom Video\nCommunications\n\nIOMobileFrameBuffer\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30883: an anonymous researcher\n\nKernel\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30886: @0xalsr\n\nKernel\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30909: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30916: Zweig of Kunlun Lab\n\nLaunchServices\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30864: Ron Hass (@ronhass7) of Perception Point\n\nLogin Window\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A person with access to a host Mac may be able to bypass the\nLogin Window in Remote Desktop for a locked instance of macOS\nDescription: This issue was addressed with improved checks. \nCVE-2021-30813: Benjamin Berger of BBetterTech LLC, Peter Goedtkindt\nof Informatique-MTF S.A., an anonymous researcher\n\nModel I/O\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: Processing a maliciously crafted file may disclose user\ninformation\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro\n\nModel I/O\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year\nLab\n\nSandbox\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A local attacker may be able to read sensitive information\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2021-30920: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSMB\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2021-30868: Peter Nguyen Vu Hoang of STAR Labs\n\nSoftwareUpdate\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may gain access to a user\u0027s Keychain\nitems\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-30912: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent\nSecurity Xuanwu Lab\n\nSoftwareUpdate\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: An unprivileged application may be able to edit NVRAM\nvariables\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-30913: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent\nSecurity Xuanwu Lab\n\nUIKit\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A person with physical access to an iOS device may be\ndetermine characteristics of a user\u0027s password in a secure text entry\nfield\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30915: Kostas Angelopoulos\n\nWebKit\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: An attacker in a privileged network position may be able to\nbypass HSTS\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30823: David Gullasch of Recurity Labs\n\nWebKit\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: Processing maliciously crafted web content may lead to\nunexpectedly unenforced Content Security Policy\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30887: Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. \nLtd. \n\nWebKit\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious website using Content Security Policy reports may\nbe able to leak information via redirect behavior \nDescription: An information leakage issue was addressed. \nCVE-2021-30888: Prakash (@1lastBr3ath)\n\nWebKit\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30889: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua\nwingtecher lab\n\nWebKit\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30861: Wojciech Regu\u0142a (@_r3ggi), Ryan Pickren\n(ryanpickren.com)\n\nWebKit\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30890: an anonymous researcher\n\nWindows Server\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A local attacker may be able to view the previous logged in\nuser\u2019s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2021-30908: ASentientBot\n\nxar\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: Unpacking a maliciously crafted archive may allow an attacker\nto write arbitrary files\nDescription: This issue was addressed with improved checks. \nCVE-2021-30833: Richard Warren of NCC Group\n\nzsh\nAvailable for: Mac Pro (2013 and later), MacBook Air (Early 2015 and\nlater), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and\nlater), iMac (Late 2015 and later), MacBook (Early 2016 and later),\niMac Pro (2017 and later)\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: An inherited permissions issue was addressed with\nadditional restrictions. \nCVE-2021-30892: Jonathan Bar Or of Microsoft\n\nAdditional recognition\n\nAPFS\nWe would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc. \nfor their assistance. \n\nApp Support\nWe would like to acknowledge an anonymous researcher, \u6f02\u4eae\u9f20 of \u8d5b\u535a\u56de\u5fc6\u5f55\nfor their assistance. \n\nBluetooth\nWe would like to acknowledge say2 of ENKI for their assistance. \n\nCUPS\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\niCloud\nWe would like to acknowledge Ryan Pickren (ryanpickren.com) for their\nassistance. \n\nKernel\nWe would like to acknowledge Anthony Steinhauser of Google\u0027s Safeside\nproject for their assistance. \n\nMail\nWe would like to acknowledge Fabian Ising and Damian Poddebniak of\nM\u00fcnster University of Applied Sciences for their assistance. \n\nManaged Configuration\nWe would like to acknowledge Michal Moravec of Logicworks, s.r.o. for\ntheir assistance. \n\nsmbx\nWe would like to acknowledge Zhongcheng Li (CK01) for their\nassistance. \n\nWebKit\nWe would like to acknowledge Ivan Fratric of Google Project Zero,\nPavel Gromadchuk, an anonymous researcher for their assistance. \n\nInstallation note:\nThis update may be obtained from the Mac App Store\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hpwACgkQeC9qKD1p\nrhhm0Q//fIQiOk2S9w2qirXapPqEpyI9LNJnGX/RCrsZGN/iFkgvt27/RYLhHHQk\nefqxE6nnXdUaj9HoIIHiG4rKxIhfkscw1dF9igvmYm6j+V2KMiRxp1Pev1zMzsBI\nN6F7mJ4SiATHDTJATU8uCqIqHRQsvcIrHCjovblqGfuZxzvsjkvtRc0eXC0XAARf\nxW0WRNbTBoCOEsMp92hNI45B/oK05b1aHm2pY529gE6GRBBl0ymVo30fQ7vmIoJY\nUajc6pDNeJ1MhSpo0k+Z+eVodSdBN2EutKZfU5+4t2GzqeW5nLZFa/oqXObXBhXk\ni8bptOhceBu6qD9poSgkS5EdH4OdRQMcMjsQLIRJj3N/MwZBhGvsLQDlyGmtd+VG\na0s+pna/WoFwzw800CYRarmL0rRsZ4zZza0iuKArhrLlQCw+ee6XNL+1U50zvMaW\noT3gNkf3faCqQDxecIcQTj7xwt2tHV87p7uqELiuUZaCk5UoQBsWxGeGebFGxUq5\npJVQvnr4RVrDkpOQjbKj8w9mWoSZcvKlhRNL9J5kW75zd32vwnaVMlVkIG8vfvoK\nsgq/VfKrOW+EV1IMAh4iuaMiLAPjwBzMiRfjvRZFeJmTaMaTOxDKHwkG5YwPNp5W\n0FlhV1S2pAmGlQZgvTxkBthtU9A9giuH+oHSGJDjr70Q7de8lJ4=\n=3Pcg\n-----END PGP SIGNATURE-----\n\n\n. \nCVE-2021-30894: Pan ZhenPeng (@Peterpan0927) of Alibaba Security\nPandora Lab\n\nIOMobileFrameBuffer\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. \n\nInstallation note:\n\nApple TV will periodically check for software updates. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202202-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: February 01, 2022\n Bugs: #779175, #801400, #813489, #819522, #820434, #829723,\n #831739\n ID: 202202-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.34.4 \u003e= 2.34.4\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in WebkitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.34.4\"\n\nReferences\n=========\n[ 1 ] CVE-2021-30848\n https://nvd.nist.gov/vuln/detail/CVE-2021-30848\n[ 2 ] CVE-2021-30888\n https://nvd.nist.gov/vuln/detail/CVE-2021-30888\n[ 3 ] CVE-2021-30682\n https://nvd.nist.gov/vuln/detail/CVE-2021-30682\n[ 4 ] CVE-2021-30889\n https://nvd.nist.gov/vuln/detail/CVE-2021-30889\n[ 5 ] CVE-2021-30666\n https://nvd.nist.gov/vuln/detail/CVE-2021-30666\n[ 6 ] CVE-2021-30665\n https://nvd.nist.gov/vuln/detail/CVE-2021-30665\n[ 7 ] CVE-2021-30890\n https://nvd.nist.gov/vuln/detail/CVE-2021-30890\n[ 8 ] CVE-2021-30661\n https://nvd.nist.gov/vuln/detail/CVE-2021-30661\n[ 9 ] WSA-2021-0005\n https://webkitgtk.org/security/WSA-2021-0005.html\n[ 10 ] CVE-2021-30761\n https://nvd.nist.gov/vuln/detail/CVE-2021-30761\n[ 11 ] CVE-2021-30897\n https://nvd.nist.gov/vuln/detail/CVE-2021-30897\n[ 12 ] CVE-2021-30823\n https://nvd.nist.gov/vuln/detail/CVE-2021-30823\n[ 13 ] CVE-2021-30734\n https://nvd.nist.gov/vuln/detail/CVE-2021-30734\n[ 14 ] CVE-2021-30934\n https://nvd.nist.gov/vuln/detail/CVE-2021-30934\n[ 15 ] CVE-2021-1871\n https://nvd.nist.gov/vuln/detail/CVE-2021-1871\n[ 16 ] CVE-2021-30762\n https://nvd.nist.gov/vuln/detail/CVE-2021-30762\n[ 17 ] WSA-2021-0006\n https://webkitgtk.org/security/WSA-2021-0006.html\n[ 18 ] CVE-2021-30797\n https://nvd.nist.gov/vuln/detail/CVE-2021-30797\n[ 19 ] CVE-2021-30936\n https://nvd.nist.gov/vuln/detail/CVE-2021-30936\n[ 20 ] CVE-2021-30663\n https://nvd.nist.gov/vuln/detail/CVE-2021-30663\n[ 21 ] CVE-2021-1825\n https://nvd.nist.gov/vuln/detail/CVE-2021-1825\n[ 22 ] CVE-2021-30951\n https://nvd.nist.gov/vuln/detail/CVE-2021-30951\n[ 23 ] CVE-2021-30952\n https://nvd.nist.gov/vuln/detail/CVE-2021-30952\n[ 24 ] CVE-2021-1788\n https://nvd.nist.gov/vuln/detail/CVE-2021-1788\n[ 25 ] CVE-2021-1820\n https://nvd.nist.gov/vuln/detail/CVE-2021-1820\n[ 26 ] CVE-2021-30953\n https://nvd.nist.gov/vuln/detail/CVE-2021-30953\n[ 27 ] CVE-2021-30749\n https://nvd.nist.gov/vuln/detail/CVE-2021-30749\n[ 28 ] CVE-2021-30849\n https://nvd.nist.gov/vuln/detail/CVE-2021-30849\n[ 29 ] CVE-2021-1826\n https://nvd.nist.gov/vuln/detail/CVE-2021-1826\n[ 30 ] CVE-2021-30836\n https://nvd.nist.gov/vuln/detail/CVE-2021-30836\n[ 31 ] CVE-2021-30954\n https://nvd.nist.gov/vuln/detail/CVE-2021-30954\n[ 32 ] CVE-2021-30984\n https://nvd.nist.gov/vuln/detail/CVE-2021-30984\n[ 33 ] CVE-2021-30851\n https://nvd.nist.gov/vuln/detail/CVE-2021-30851\n[ 34 ] CVE-2021-30758\n https://nvd.nist.gov/vuln/detail/CVE-2021-30758\n[ 35 ] CVE-2021-42762\n https://nvd.nist.gov/vuln/detail/CVE-2021-42762\n[ 36 ] CVE-2021-1844\n https://nvd.nist.gov/vuln/detail/CVE-2021-1844\n[ 37 ] CVE-2021-30689\n https://nvd.nist.gov/vuln/detail/CVE-2021-30689\n[ 38 ] CVE-2021-45482\n https://nvd.nist.gov/vuln/detail/CVE-2021-45482\n[ 39 ] CVE-2021-30858\n https://nvd.nist.gov/vuln/detail/CVE-2021-30858\n[ 40 ] CVE-2021-21779\n https://nvd.nist.gov/vuln/detail/CVE-2021-21779\n[ 41 ] WSA-2021-0004\n https://webkitgtk.org/security/WSA-2021-0004.html\n[ 42 ] CVE-2021-30846\n https://nvd.nist.gov/vuln/detail/CVE-2021-30846\n[ 43 ] CVE-2021-30744\n https://nvd.nist.gov/vuln/detail/CVE-2021-30744\n[ 44 ] CVE-2021-30809\n https://nvd.nist.gov/vuln/detail/CVE-2021-30809\n[ 45 ] CVE-2021-30884\n https://nvd.nist.gov/vuln/detail/CVE-2021-30884\n[ 46 ] CVE-2021-30720\n https://nvd.nist.gov/vuln/detail/CVE-2021-30720\n[ 47 ] CVE-2021-30799\n https://nvd.nist.gov/vuln/detail/CVE-2021-30799\n[ 48 ] CVE-2021-30795\n https://nvd.nist.gov/vuln/detail/CVE-2021-30795\n[ 49 ] CVE-2021-1817\n https://nvd.nist.gov/vuln/detail/CVE-2021-1817\n[ 50 ] CVE-2021-21775\n https://nvd.nist.gov/vuln/detail/CVE-2021-21775\n[ 51 ] CVE-2021-30887\n https://nvd.nist.gov/vuln/detail/CVE-2021-30887\n[ 52 ] CVE-2021-21806\n https://nvd.nist.gov/vuln/detail/CVE-2021-21806\n[ 53 ] CVE-2021-30818\n https://nvd.nist.gov/vuln/detail/CVE-2021-30818\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202202-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-30890"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021215"
},
{
"db": "VULHUB",
"id": "VHN-390623"
},
{
"db": "VULMON",
"id": "CVE-2021-30890"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169182"
},
{
"db": "PACKETSTORM",
"id": "169183"
},
{
"db": "PACKETSTORM",
"id": "164672"
},
{
"db": "PACKETSTORM",
"id": "164683"
},
{
"db": "PACKETSTORM",
"id": "164682"
},
{
"db": "PACKETSTORM",
"id": "165794"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-390623",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390623"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-30890",
"trust": 4.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/20/6",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "164683",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167037",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "164672",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021215",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.0065",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0382",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3578",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0003",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021122705",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021102802",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051140",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021122009",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021102715",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1981",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164682",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "164670",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-390623",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-30890",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169182",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169183",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165794",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390623"
},
{
"db": "VULMON",
"id": "CVE-2021-30890"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021215"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169182"
},
{
"db": "PACKETSTORM",
"id": "169183"
},
{
"db": "PACKETSTORM",
"id": "164672"
},
{
"db": "PACKETSTORM",
"id": "164683"
},
{
"db": "PACKETSTORM",
"id": "164682"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1981"
},
{
"db": "NVD",
"id": "CVE-2021-30890"
}
]
},
"id": "VAR-202108-2039",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-390623"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T21:26:25.199000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212874 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://www.debian.org/security/2021/dsa-5030"
},
{
"title": "Apple tvOS Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=167665"
},
{
"title": "Debian Security Advisories: DSA-5031-1 wpewebkit -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b580ac3a836730245847eb64ed334309"
},
{
"title": "Debian Security Advisories: DSA-5030-1 webkit2gtk -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=698860a38bf11636c31ed82fe261874b"
},
{
"title": "Red Hat: CVE-2021-30890",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-30890"
},
{
"title": "Amazon Linux 2: ALAS2-2023-2088",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-2088"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-30890"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021215"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1981"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390623"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021215"
},
{
"db": "NVD",
"id": "CVE-2021-30890"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.openwall.com/lists/oss-security/2021/12/20/6"
},
{
"trust": 2.4,
"url": "https://support.apple.com/en-us/ht212867"
},
{
"trust": 1.9,
"url": "https://www.debian.org/security/2021/dsa-5031"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2021/dsa-5030"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212869"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212874"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212876"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30890"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-30890"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30887"
},
{
"trust": 0.6,
"url": "https://support.apple.com/ht212876"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0003"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0065"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164672/apple-security-advisory-2021-10-26-3.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0382"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht212875"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkit2gtk-two-vulnerabilities-37129"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167037/red-hat-security-advisory-2022-1777-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-36717"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021102715"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021102802"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3578"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051140"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164683/apple-security-advisory-2021-10-26-7.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122705"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122009"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30888"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30889"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30823"
},
{
"trust": 0.3,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30883"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30881"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30895"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30886"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30896"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30952"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30884"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30984"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45482"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30809"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30953"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30936"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30954"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30836"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30934"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30951"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30818"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30851"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30917"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30915"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30919"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30907"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30905"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30909"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30906"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2023-2088.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22592"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22637"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30809"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30846"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22620"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30887"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30952"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22590"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30936"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30848"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45483"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30849"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30836"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45481"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30818"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30951"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30984"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30954"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22590"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30884"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/webkit2gtk"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/wpewebkit"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212869."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30901"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30892"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30899"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30868"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30821"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30861"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30876"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30879"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30833"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30880"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212876."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30910"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30894"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212874."
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1820"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30762"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0005.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30758"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21779"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202202-01"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1871"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30795"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30661"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30666"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30689"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0004.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0006.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21806"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390623"
},
{
"db": "VULMON",
"id": "CVE-2021-30890"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021215"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169182"
},
{
"db": "PACKETSTORM",
"id": "169183"
},
{
"db": "PACKETSTORM",
"id": "164672"
},
{
"db": "PACKETSTORM",
"id": "164683"
},
{
"db": "PACKETSTORM",
"id": "164682"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1981"
},
{
"db": "NVD",
"id": "CVE-2021-30890"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-390623"
},
{
"db": "VULMON",
"id": "CVE-2021-30890"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021215"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169182"
},
{
"db": "PACKETSTORM",
"id": "169183"
},
{
"db": "PACKETSTORM",
"id": "164672"
},
{
"db": "PACKETSTORM",
"id": "164683"
},
{
"db": "PACKETSTORM",
"id": "164682"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1981"
},
{
"db": "NVD",
"id": "CVE-2021-30890"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-390623"
},
{
"date": "2021-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30890"
},
{
"date": "2024-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-021215"
},
{
"date": "2022-05-11T15:50:41",
"db": "PACKETSTORM",
"id": "167037"
},
{
"date": "2021-12-28T20:12:00",
"db": "PACKETSTORM",
"id": "169182"
},
{
"date": "2021-12-28T20:12:00",
"db": "PACKETSTORM",
"id": "169183"
},
{
"date": "2021-10-27T16:36:46",
"db": "PACKETSTORM",
"id": "164672"
},
{
"date": "2021-10-28T14:48:45",
"db": "PACKETSTORM",
"id": "164683"
},
{
"date": "2021-10-28T14:48:29",
"db": "PACKETSTORM",
"id": "164682"
},
{
"date": "2022-02-01T17:03:05",
"db": "PACKETSTORM",
"id": "165794"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1981"
},
{
"date": "2021-08-24T19:15:17.017000",
"db": "NVD",
"id": "CVE-2021-30890"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-390623"
},
{
"date": "2023-01-09T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30890"
},
{
"date": "2024-07-18T08:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-021215"
},
{
"date": "2022-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1981"
},
{
"date": "2023-11-07T03:33:43.170000",
"db": "NVD",
"id": "CVE-2021-30890"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1981"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0iPadOS\u00a0 Cross-site scripting vulnerabilities in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021215"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1981"
}
],
"trust": 0.6
}
}
var-202004-0464
Vulnerability from variot
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular, the status fields of individual operations are left uninitialised, and may result in errant behaviour in the caller of GNTTABOP_copy. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to copy a grant, it hits the incorrect exit path. This returns success to the caller without doing anything, which may cause crashes or other incorrect behaviour. Xen There is an unspecified vulnerability in.Service operation interruption (DoS) It may be put into a state. Xen is an open source virtual machine monitor product from the University of Cambridge. The product enables different and incompatible operating systems to run on the same computer and supports migration during runtime to ensure normal operation and avoid downtime.
There are security vulnerabilities in Xen 4.13.x and previous versions. An attacker can use this vulnerability to cause a denial of service. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202005-08
https://security.gentoo.org/
Severity: Normal Title: Xen: Multiple vulnerabilities Date: May 14, 2020 Bugs: #717446 ID: 202005-08
Synopsis
Multiple vulnerabilities have been found in Xen, the worst of which could allow privilege escalation.
Background
Xen is a bare-metal hypervisor.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-emulation/xen < 4.12.2-r2 >= 4.12.2-r2 2 app-emulation/xen-tools < 4.12.2-r2 >= 4.12.2-r2 ------------------------------------------------------------------- 2 affected packages
Description
Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Xen users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.12.2-r2"
References
[ 1 ] CVE-2020-11739 https://nvd.nist.gov/vuln/detail/CVE-2020-11739 [ 2 ] CVE-2020-11740 https://nvd.nist.gov/vuln/detail/CVE-2020-11740 [ 3 ] CVE-2020-11741 https://nvd.nist.gov/vuln/detail/CVE-2020-11741 [ 4 ] CVE-2020-11742 https://nvd.nist.gov/vuln/detail/CVE-2020-11742 [ 5 ] CVE-2020-11743 https://nvd.nist.gov/vuln/detail/CVE-2020-11743
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202005-08
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 .
For the stable distribution (buster), these problems have been fixed in version 4.11.4+24-gddaaccbbab-1~deb10u1.
We recommend that you upgrade your xen packages.
For the detailed security status of xen please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xen
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8Lc/AACgkQEMKTtsN8 TjaMdxAAqGcAm1NI7JRg7LQprevLCPkxPItZapx3n/q/W6HwiGQxC6KP9Ntp3ArR QiIeIPzTWVMHcaahlgkLePaFPU3MCe5TkL0GKG1JIAD8JieKBSrAWJ6tqTiZx+G+ anbksp/I9Mq9nciMlnPXeOVQgksoCB0tFYC2Ld+H7btZdD5G4KpJsz25c0S5poxW sIXLgNXIzmZcI8mVzUlt+w0FG3tnolr/kJppHBkgC46riVcy8LHRaRQiVTjwqjSn Eop4oXxLDZ/qH8k+0JAZLtBPpc9PfQcLxCJnhH8z76QdPPkcJuNFx5zRXqr1dZfG AkRuG6LZa2tRGYzKZmo7BMj5dUei4xhDHLAoWGhSHkTmYtdc1Kyy4+duGPEChSCm fCSC1FhFJFK30iq918cunWtjhRrEqrJr10HuC+YlSXfqrv1Z12fPw3UPRJmdG2Dv UPS5vT8/NwF0osNrvNE+rkhYXTEKECE756pP3jTV4+BBBgf9DLtbV0EvYq1YWlJw iT+KnzX9iW/jJg3bC32+UJlVv7IAkb8F9hcK3wKpvgSUVJIDWN352rfW7p8/xZoj 7eIlmZwDPKWsyMlbt2OsyYQFQlBvNsk0+7ycu9hG6fBaF5ATSxTO+A43Q7OxorP9 g8OhDVMgrx5GM4rXSZ60J6uxkd2eUns4Ud8pDGG8XTpnRBxD8Kk= =tfm7 -----END PGP SIGNATURE----- .
Software Description: - xen: Public headers and libs for Xen
Details:
It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. (CVE-2020-0543)
Julien Grall discovered that Xen incorrectly handled memory barriers on ARM-based systems. (CVE-2020-11739)
Ilja Van Sprundel discovered that Xen incorrectly handled profiling of guests. (CVE-2020-11740, CVE-2020-11741)
It was discovered that Xen incorrectly handled grant tables. (CVE-2020-11742, CVE-2020-11743)
Jan Beulich discovered that Xen incorrectly handled certain code paths. (CVE-2020-15563)
Julien Grall discovered that Xen incorrectly verified memory addresses provided by the guest on ARM-based systems. (CVE-2020-15564)
Roger Pau Monn\xe9 discovered that Xen incorrectly handled caching on x86 Intel systems. (CVE-2020-15565)
It was discovered that Xen incorrectly handled error in event-channel port allocation. (CVE-2020-15566)
Jan Beulich discovered that Xen incorrectly handled certain EPT (Extended Page Tables). (CVE-2020-15567)
Andrew Cooper discovered that Xen incorrectly handled PCI passthrough. (CVE-2020-25595)
Andrew Cooper discovered that Xen incorrectly sanitized path injections. (CVE-2020-25596)
Jan Beulich discovered that Xen incorrectly handled validation of event channels. (CVE-2020-25597)
Julien Grall and Jan Beulich discovered that Xen incorrectly handled resetting event channels. (CVE-2020-25599)
Julien Grall discovered that Xen incorrectly handled event channels memory allocation on 32-bits domains. (CVE-2020-25600)
Jan Beulich discovered that Xen incorrectly handled resetting or cleaning up event channels. (CVE-2020-25601)
Andrew Cooper discovered that Xen incorrectly handled certain Intel specific MSR (Model Specific Registers). (CVE-2020-25602)
Julien Grall discovered that Xen incorrectly handled accessing/allocating event channels. (CVE-2020-25603)
Igor Druzhinin discovered that Xen incorrectly handled locks. (CVE-2020-25604)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: libxendevicemodel1 4.11.3+24-g14b62ab3e5-1ubuntu2.3 libxenevtchn1 4.11.3+24-g14b62ab3e5-1ubuntu2.3 libxengnttab1 4.11.3+24-g14b62ab3e5-1ubuntu2.3 libxenmisc4.11 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xen-hypervisor-4.11-amd64 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xen-hypervisor-4.11-arm64 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xen-hypervisor-4.11-armhf 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xen-utils-4.11 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xen-utils-common 4.11.3+24-g14b62ab3e5-1ubuntu2.3 xenstore-utils 4.11.3+24-g14b62ab3e5-1ubuntu2.3
After a standard system update you need to reboot your computer to make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5617-1 CVE-2020-0543, CVE-2020-11739, CVE-2020-11740, CVE-2020-11741, CVE-2020-11742, CVE-2020-11743, CVE-2020-15563, CVE-2020-15564, CVE-2020-15565, CVE-2020-15566, CVE-2020-15567, CVE-2020-25595, CVE-2020-25596, CVE-2020-25597, CVE-2020-25599, CVE-2020-25600, CVE-2020-25601, CVE-2020-25602, CVE-2020-25603, CVE-2020-25604
Package Information: https://launchpad.net/ubuntu/+source/xen/4.11.3+24-g14b62ab3e5-1ubuntu2.3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0464",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xen",
"scope": "lte",
"trust": 1.0,
"vendor": "xen",
"version": "4.13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "xen",
"scope": "eq",
"trust": 1.0,
"vendor": "xen",
"version": "4.13.0"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "xen",
"scope": null,
"trust": 0.8,
"vendor": "xen",
"version": null
},
{
"model": "xen",
"scope": "lte",
"trust": 0.6,
"vendor": "xen",
"version": "\u003c=4.13.x"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25871"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004780"
},
{
"db": "NVD",
"id": "CVE-2020-11742"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:xen:xen",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004780"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "157721"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-661"
}
],
"trust": 0.7
},
"cve": "CVE-2020-11742",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-11742",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 2.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-004780",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-25871",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2020-11742",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-004780",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-11742",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-004780",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-25871",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-661",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-11742",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25871"
},
{
"db": "VULMON",
"id": "CVE-2020-11742"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004780"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-661"
},
{
"db": "NVD",
"id": "CVE-2020-11742"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular, the status fields of individual operations are left uninitialised, and may result in errant behaviour in the caller of GNTTABOP_copy. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to copy a grant, it hits the incorrect exit path. This returns success to the caller without doing anything, which may cause crashes or other incorrect behaviour. Xen There is an unspecified vulnerability in.Service operation interruption (DoS) It may be put into a state. Xen is an open source virtual machine monitor product from the University of Cambridge. The product enables different and incompatible operating systems to run on the same computer and supports migration during runtime to ensure normal operation and avoid downtime. \n\r\n\r\nThere are security vulnerabilities in Xen 4.13.x and previous versions. An attacker can use this vulnerability to cause a denial of service. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202005-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Xen: Multiple vulnerabilities\n Date: May 14, 2020\n Bugs: #717446\n ID: 202005-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Xen, the worst of which\ncould allow privilege escalation. \n\nBackground\n==========\n\nXen is a bare-metal hypervisor. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-emulation/xen \u003c 4.12.2-r2 \u003e= 4.12.2-r2\n 2 app-emulation/xen-tools \u003c 4.12.2-r2 \u003e= 4.12.2-r2\n -------------------------------------------------------------------\n 2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Xen. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Xen users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-emulation/xen-4.12.2-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-11739\n https://nvd.nist.gov/vuln/detail/CVE-2020-11739\n[ 2 ] CVE-2020-11740\n https://nvd.nist.gov/vuln/detail/CVE-2020-11740\n[ 3 ] CVE-2020-11741\n https://nvd.nist.gov/vuln/detail/CVE-2020-11741\n[ 4 ] CVE-2020-11742\n https://nvd.nist.gov/vuln/detail/CVE-2020-11742\n[ 5 ] CVE-2020-11743\n https://nvd.nist.gov/vuln/detail/CVE-2020-11743\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202005-08\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n \nFor the stable distribution (buster), these problems have been fixed in\nversion 4.11.4+24-gddaaccbbab-1~deb10u1. \n\nWe recommend that you upgrade your xen packages. \n\nFor the detailed security status of xen please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/xen\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8Lc/AACgkQEMKTtsN8\nTjaMdxAAqGcAm1NI7JRg7LQprevLCPkxPItZapx3n/q/W6HwiGQxC6KP9Ntp3ArR\nQiIeIPzTWVMHcaahlgkLePaFPU3MCe5TkL0GKG1JIAD8JieKBSrAWJ6tqTiZx+G+\nanbksp/I9Mq9nciMlnPXeOVQgksoCB0tFYC2Ld+H7btZdD5G4KpJsz25c0S5poxW\nsIXLgNXIzmZcI8mVzUlt+w0FG3tnolr/kJppHBkgC46riVcy8LHRaRQiVTjwqjSn\nEop4oXxLDZ/qH8k+0JAZLtBPpc9PfQcLxCJnhH8z76QdPPkcJuNFx5zRXqr1dZfG\nAkRuG6LZa2tRGYzKZmo7BMj5dUei4xhDHLAoWGhSHkTmYtdc1Kyy4+duGPEChSCm\nfCSC1FhFJFK30iq918cunWtjhRrEqrJr10HuC+YlSXfqrv1Z12fPw3UPRJmdG2Dv\nUPS5vT8/NwF0osNrvNE+rkhYXTEKECE756pP3jTV4+BBBgf9DLtbV0EvYq1YWlJw\niT+KnzX9iW/jJg3bC32+UJlVv7IAkb8F9hcK3wKpvgSUVJIDWN352rfW7p8/xZoj\n7eIlmZwDPKWsyMlbt2OsyYQFQlBvNsk0+7ycu9hG6fBaF5ATSxTO+A43Q7OxorP9\ng8OhDVMgrx5GM4rXSZ60J6uxkd2eUns4Ud8pDGG8XTpnRBxD8Kk=\n=tfm7\n-----END PGP SIGNATURE-----\n. \n\nSoftware Description:\n- xen: Public headers and libs for Xen\n\nDetails:\n\nIt was discovered that memory contents previously stored in\nmicroarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY\nread operations on Intel client and Xeon E3 processors may be briefly\nexposed to processes on the same or different processor cores. (CVE-2020-0543)\n\nJulien Grall discovered that Xen incorrectly handled memory barriers on\nARM-based systems. \n(CVE-2020-11739)\n\nIlja Van Sprundel discovered that Xen incorrectly handled profiling of\nguests. (CVE-2020-11740, CVE-2020-11741)\n\nIt was discovered that Xen incorrectly handled grant tables. \n(CVE-2020-11742, CVE-2020-11743)\n\nJan Beulich discovered that Xen incorrectly handled certain code paths. \n(CVE-2020-15563)\n\nJulien Grall discovered that Xen incorrectly verified memory addresses\nprovided by the guest on ARM-based systems. (CVE-2020-15564)\n\nRoger Pau Monn\\xe9 discovered that Xen incorrectly handled caching on x86 Intel\nsystems. (CVE-2020-15565)\n\nIt was discovered that Xen incorrectly handled error in event-channel port\nallocation. (CVE-2020-15566)\n\nJan Beulich discovered that Xen incorrectly handled certain EPT (Extended\nPage Tables). (CVE-2020-15567)\n\nAndrew Cooper discovered that Xen incorrectly handled PCI passthrough. \n(CVE-2020-25595)\n\nAndrew Cooper discovered that Xen incorrectly sanitized path injections. \n(CVE-2020-25596)\n\nJan Beulich discovered that Xen incorrectly handled validation of event\nchannels. (CVE-2020-25597)\n\nJulien Grall and Jan Beulich discovered that Xen incorrectly handled\nresetting event channels. (CVE-2020-25599)\n\nJulien Grall discovered that Xen incorrectly handled event channels\nmemory allocation on 32-bits domains. (CVE-2020-25600)\n\nJan Beulich discovered that Xen incorrectly handled resetting or cleaning\nup event channels. (CVE-2020-25601)\n\nAndrew Cooper discovered that Xen incorrectly handled certain Intel\nspecific MSR (Model Specific Registers). (CVE-2020-25602)\n\nJulien Grall discovered that Xen incorrectly handled accessing/allocating\nevent channels. \n(CVE-2020-25603)\n\nIgor Druzhinin discovered that Xen incorrectly handled locks. (CVE-2020-25604)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\n libxendevicemodel1 4.11.3+24-g14b62ab3e5-1ubuntu2.3\n libxenevtchn1 4.11.3+24-g14b62ab3e5-1ubuntu2.3\n libxengnttab1 4.11.3+24-g14b62ab3e5-1ubuntu2.3\n libxenmisc4.11 4.11.3+24-g14b62ab3e5-1ubuntu2.3\n xen-hypervisor-4.11-amd64 4.11.3+24-g14b62ab3e5-1ubuntu2.3\n xen-hypervisor-4.11-arm64 4.11.3+24-g14b62ab3e5-1ubuntu2.3\n xen-hypervisor-4.11-armhf 4.11.3+24-g14b62ab3e5-1ubuntu2.3\n xen-utils-4.11 4.11.3+24-g14b62ab3e5-1ubuntu2.3\n xen-utils-common 4.11.3+24-g14b62ab3e5-1ubuntu2.3\n xenstore-utils 4.11.3+24-g14b62ab3e5-1ubuntu2.3\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5617-1\n CVE-2020-0543, CVE-2020-11739, CVE-2020-11740, CVE-2020-11741,\n CVE-2020-11742, CVE-2020-11743, CVE-2020-15563, CVE-2020-15564,\n CVE-2020-15565, CVE-2020-15566, CVE-2020-15567, CVE-2020-25595,\n CVE-2020-25596, CVE-2020-25597, CVE-2020-25599, CVE-2020-25600,\n CVE-2020-25601, CVE-2020-25602, CVE-2020-25603, CVE-2020-25604\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/xen/4.11.3+24-g14b62ab3e5-1ubuntu2.3\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11742"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004780"
},
{
"db": "CNVD",
"id": "CNVD-2020-25871"
},
{
"db": "VULMON",
"id": "CVE-2020-11742"
},
{
"db": "PACKETSTORM",
"id": "157721"
},
{
"db": "PACKETSTORM",
"id": "168871"
},
{
"db": "PACKETSTORM",
"id": "168421"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11742",
"trust": 3.4
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/04/14/4",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004780",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "157721",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168421",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-25871",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1373",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2696",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1463",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1575",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4642",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2813",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2364",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1317",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2786",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-661",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-11742",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168871",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25871"
},
{
"db": "VULMON",
"id": "CVE-2020-11742"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004780"
},
{
"db": "PACKETSTORM",
"id": "157721"
},
{
"db": "PACKETSTORM",
"id": "168871"
},
{
"db": "PACKETSTORM",
"id": "168421"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-661"
},
{
"db": "NVD",
"id": "CVE-2020-11742"
}
]
},
"id": "VAR-202004-0464",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25871"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25871"
}
]
},
"last_update_date": "2024-11-23T19:38:42.393000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2020-295ed0b1e0",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/"
},
{
"title": "FEDORA-2020-cbc3149753",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"
},
{
"title": "FEDORA-2020-440457afe4",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/"
},
{
"title": "XSA-318",
"trust": 0.8,
"url": "https://xenbits.xen.org/xsa/advisory-318.html"
},
{
"title": "Patch for Xen Denial of Service Vulnerability (CNVD-2020-25871)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/216035"
},
{
"title": "Xen Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116358"
},
{
"title": "Citrix Security Bulletins: Citrix Hypervisor Multiple Security Updates",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=f370ea0c562996cebdbcb6d5adc19514"
},
{
"title": "Debian Security Advisories: DSA-4723-1 xen -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0d177f74e6265e2fdbb8df6fa6c636bf"
},
{
"title": "Ubuntu Security Notice: USN-5617-1: Xen vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5617-1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25871"
},
{
"db": "VULMON",
"id": "CVE-2020-11742"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004780"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-661"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004780"
},
{
"db": "NVD",
"id": "CVE-2020-11742"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://xenbits.xen.org/xsa/advisory-318.html"
},
{
"trust": 2.5,
"url": "http://www.openwall.com/lists/oss-security/2020/04/14/4"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202005-08"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2020/dsa-4723"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"
},
{
"trust": 1.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11742"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5m2xrnchoggtjqbzqj7dcv6znakn3le2/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ymaw7d2mp6re4bfi5bzwobbwgy3vsofn/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nvtp4oyhctru3onfjofjqvndfb25kllg/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11742"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ymaw7d2mp6re4bfi5bzwobbwgy3vsofn/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5m2xrnchoggtjqbzqj7dcv6znakn3le2/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nvtp4oyhctru3onfjofjqvndfb25kllg/"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202234-1"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1317/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2364/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2696/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2786/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/xen-denial-of-service-via-gnttabop-copy-32011"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168421/ubuntu-security-notice-usn-5617-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2813/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4642"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1373/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1463/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1575/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157721/gentoo-linux-security-advisory-202005-08.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11739"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5617-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11743"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11741"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11740"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15564"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15566"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15567"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15563"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15565"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://seclists.org/oss-sec/2020/q2/25"
},
{
"trust": 0.1,
"url": "https://support.citrix.com/article/ctx270837"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/xen"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25596"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25601"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25597"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/xen/4.11.3+24-g14b62ab3e5-1ubuntu2.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0543"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-11742"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004780"
},
{
"db": "PACKETSTORM",
"id": "157721"
},
{
"db": "PACKETSTORM",
"id": "168871"
},
{
"db": "PACKETSTORM",
"id": "168421"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-661"
},
{
"db": "NVD",
"id": "CVE-2020-11742"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-25871"
},
{
"db": "VULMON",
"id": "CVE-2020-11742"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004780"
},
{
"db": "PACKETSTORM",
"id": "157721"
},
{
"db": "PACKETSTORM",
"id": "168871"
},
{
"db": "PACKETSTORM",
"id": "168421"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-661"
},
{
"db": "NVD",
"id": "CVE-2020-11742"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-25871"
},
{
"date": "2020-04-14T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11742"
},
{
"date": "2020-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004780"
},
{
"date": "2020-05-15T14:52:42",
"db": "PACKETSTORM",
"id": "157721"
},
{
"date": "2020-07-28T19:12:00",
"db": "PACKETSTORM",
"id": "168871"
},
{
"date": "2022-09-19T18:26:25",
"db": "PACKETSTORM",
"id": "168421"
},
{
"date": "2020-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-661"
},
{
"date": "2020-04-14T13:15:12.923000",
"db": "NVD",
"id": "CVE-2020-11742"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-25871"
},
{
"date": "2020-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11742"
},
{
"date": "2020-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004780"
},
{
"date": "2022-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-661"
},
{
"date": "2024-11-21T04:58:31.803000",
"db": "NVD",
"id": "CVE-2020-11742"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "168421"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-661"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xen Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004780"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-661"
}
],
"trust": 0.6
}
}
var-202006-1845
Vulnerability from variot
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow. LibVNCServer Is vulnerable to lack of entropy.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. 8) - aarch64, ppc64le, x86_64
- ========================================================================== Ubuntu Security Notice USN-4407-1 July 01, 2020
libvncserver vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 19.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in LibVNCServer. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2019-15680)
It was discovered that an information disclosure vulnerability existed in LibVNCServer when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2019-15681)
It was discovered that LibVNCServer incorrectly handled cursor shape updates. If a user were tricked in to connecting to a malicious server, an attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2017-18922)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: libvncclient1 0.9.12+dfsg-9ubuntu0.1 libvncserver1 0.9.12+dfsg-9ubuntu0.1
Ubuntu 19.10: libvncclient1 0.9.11+dfsg-1.3ubuntu0.1 libvncserver1 0.9.11+dfsg-1.3ubuntu0.1
Ubuntu 18.04 LTS: libvncclient1 0.9.11+dfsg-1ubuntu1.2 libvncserver1 0.9.11+dfsg-1ubuntu1.2
Ubuntu 16.04 LTS: libvncclient1 0.9.10+dfsg-3ubuntu0.16.04.4 libvncserver1 0.9.10+dfsg-3ubuntu0.16.04.4
After a standard system update you need to restart LibVNCServer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: libvncserver security update Advisory ID: RHSA-2020:3281-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3281 Issue date: 2020-08-03 CVE Names: CVE-2017-18922 ==================================================================== 1. Summary:
An update for libvncserver is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
LibVNCServer is a C library that enables you to implement VNC server functionality into own programs.
Security Fix(es):
- libvncserver: websocket decoding buffer overflow (CVE-2017-18922)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1852356 - CVE-2017-18922 libvncserver: websocket decoding buffer overflow
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: libvncserver-0.9.9-14.el7_8.1.src.rpm
x86_64: libvncserver-0.9.9-14.el7_8.1.i686.rpm libvncserver-0.9.9-14.el7_8.1.x86_64.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.i686.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: libvncserver-debuginfo-0.9.9-14.el7_8.1.i686.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.x86_64.rpm libvncserver-devel-0.9.9-14.el7_8.1.i686.rpm libvncserver-devel-0.9.9-14.el7_8.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: libvncserver-0.9.9-14.el7_8.1.src.rpm
ppc64le: libvncserver-0.9.9-14.el7_8.1.ppc64le.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.ppc64le.rpm
x86_64: libvncserver-0.9.9-14.el7_8.1.i686.rpm libvncserver-0.9.9-14.el7_8.1.x86_64.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.i686.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64le: libvncserver-debuginfo-0.9.9-14.el7_8.1.ppc64le.rpm libvncserver-devel-0.9.9-14.el7_8.1.ppc64le.rpm
x86_64: libvncserver-debuginfo-0.9.9-14.el7_8.1.i686.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.x86_64.rpm libvncserver-devel-0.9.9-14.el7_8.1.i686.rpm libvncserver-devel-0.9.9-14.el7_8.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: libvncserver-0.9.9-14.el7_8.1.src.rpm
x86_64: libvncserver-0.9.9-14.el7_8.1.i686.rpm libvncserver-0.9.9-14.el7_8.1.x86_64.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.i686.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: libvncserver-debuginfo-0.9.9-14.el7_8.1.i686.rpm libvncserver-debuginfo-0.9.9-14.el7_8.1.x86_64.rpm libvncserver-devel-0.9.9-14.el7_8.1.i686.rpm libvncserver-devel-0.9.9-14.el7_8.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-18922 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXygVLdzjgjWX9erEAQjn5BAAmrE0XEfwDvLUYWQkFeamAij8uUnf12Z4 fJQmIn0PlNFlNJXtSChiqf0EKTk6cAuaGF+g2FBX1AeTDxqRmTZpvR8YFyw1GK0h OjScrrLyU4F0q+kgGS3S39bpBydUGaUefw+rB/Slg6NNT2+EEKHo6pogYrsJE7hP LlrrfTIGnfS3NOZj/co4Kx1MWG2EswZ0gJXlho4o7ZPuPZOWLLv3tqzoVl86UEhG XJtN1lWzW0jy/QRsN88/MWC+RXAEyTja37CHX+l+Se+RdN3G0BqoNEflnNxXtSZR 1b+0VWFhqV/R3djpB7c/geCV5OW1n9InMvmdkcnXIbfA8WIUNbNGxcEAHX7SsZ1C yPsu9CrEef5ZuXycTyeLNam6wYwZiaTOkNuui3yAzmyvZOkyPZHhCYgzI31Xy7Jy OkCgxVebn0sxxle6aq3lm3g1c09Fw7eLgKFE2WJnUElWSql1peD2WaAcXFFkhgNI M3drMJzvG0B0aR+qvtIQARnsKlkMxrgaVXRa3S3ZGlFigTwao2CSI/2xHEvx0QfT tw2oTKLjboVuwBwnEj2MltXKSvSnHKSExF5Y0EnIJnZRg1XzPGavnAwjVk1k3uSg yT9Db8jds1GXsWoVyqfflp5qUhIpfrtA50pagzIIGyqE9zjiyW+S8+YZdMwXtYa8 qgB/RwEdM5k=1gVa -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8.1) - ppc64le, x86_64
3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1845",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic itc2200",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0.0.0"
},
{
"model": "simatic itc1500 pro",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0.0.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "simatic itc2200 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.1.0"
},
{
"model": "simatic itc1900 pro",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0.0.0"
},
{
"model": "libvncserver",
"scope": "lt",
"trust": 1.0,
"vendor": "libvncserver",
"version": "0.9.12"
},
{
"model": "simatic itc2200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.1.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.2"
},
{
"model": "simatic itc1900",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0.0.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "simatic itc1500",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0.0.0"
},
{
"model": "simatic itc2200 pro",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0.0.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "20.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.10"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "simatic itc1900 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.1.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "simatic itc1500 pro",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.1.0"
},
{
"model": "simatic itc1900",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.1.0"
},
{
"model": "simatic itc1500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2.1.0"
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "libvncserver",
"scope": "eq",
"trust": 0.8,
"vendor": "libvnc",
"version": "0.9.12"
},
{
"model": "leap",
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-015072"
},
{
"db": "NVD",
"id": "CVE-2017-18922"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:canonical:ubuntu_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:libvncserver_project:libvncserver",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:opensuse_project:leap",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-015072"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "159024"
},
{
"db": "PACKETSTORM",
"id": "158809"
},
{
"db": "PACKETSTORM",
"id": "158725"
},
{
"db": "PACKETSTORM",
"id": "158880"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1844"
}
],
"trust": 1.0
},
"cve": "CVE-2017-18922",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-18922",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-015072",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-18922",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-015072",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-18922",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2017-015072",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1844",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-18922",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-18922"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-015072"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1844"
},
{
"db": "NVD",
"id": "CVE-2017-18922"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow. LibVNCServer Is vulnerable to lack of entropy.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. 8) - aarch64, ppc64le, x86_64\n\n3. ==========================================================================\nUbuntu Security Notice USN-4407-1\nJuly 01, 2020\n\nlibvncserver vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n- Ubuntu 19.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in LibVNCServer. An\nattacker could possibly use this issue to cause LibVNCServer to crash,\nresulting in a denial of service. (CVE-2019-15680)\n\nIt was discovered that an information disclosure vulnerability existed in\nLibVNCServer when sending a ServerCutText message. An attacker could\npossibly\nuse this issue to expose sensitive information. This issue only affected\nUbuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. (CVE-2019-15681)\n\nIt was discovered that LibVNCServer incorrectly handled cursor shape\nupdates. \nIf a user were tricked in to connecting to a malicious server, an attacker\ncould possibly use this issue to cause LibVNCServer to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. An attacker could possibly use this issue to cause LibVNCServer to\ncrash, resulting in a denial of service, or possibly execute arbitrary code. \nThis issue only affected Ubuntu 19.10, Ubuntu 18.04 LTS, and Ubuntu\n16.04 LTS. \n(CVE-2017-18922)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\nlibvncclient1 0.9.12+dfsg-9ubuntu0.1\nlibvncserver1 0.9.12+dfsg-9ubuntu0.1\n\nUbuntu 19.10:\nlibvncclient1 0.9.11+dfsg-1.3ubuntu0.1\nlibvncserver1 0.9.11+dfsg-1.3ubuntu0.1\n\nUbuntu 18.04 LTS:\nlibvncclient1 0.9.11+dfsg-1ubuntu1.2\nlibvncserver1 0.9.11+dfsg-1ubuntu1.2\n\nUbuntu 16.04 LTS:\nlibvncclient1 0.9.10+dfsg-3ubuntu0.16.04.4\nlibvncserver1 0.9.10+dfsg-3ubuntu0.16.04.4\n\nAfter a standard system update you need to restart LibVNCServer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: libvncserver security update\nAdvisory ID: RHSA-2020:3281-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3281\nIssue date: 2020-08-03\nCVE Names: CVE-2017-18922\n====================================================================\n1. Summary:\n\nAn update for libvncserver is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nLibVNCServer is a C library that enables you to implement VNC server\nfunctionality into own programs. \n\nSecurity Fix(es):\n\n* libvncserver: websocket decoding buffer overflow (CVE-2017-18922)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1852356 - CVE-2017-18922 libvncserver: websocket decoding buffer overflow\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nlibvncserver-0.9.9-14.el7_8.1.src.rpm\n\nx86_64:\nlibvncserver-0.9.9-14.el7_8.1.i686.rpm\nlibvncserver-0.9.9-14.el7_8.1.x86_64.rpm\nlibvncserver-debuginfo-0.9.9-14.el7_8.1.i686.rpm\nlibvncserver-debuginfo-0.9.9-14.el7_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nlibvncserver-debuginfo-0.9.9-14.el7_8.1.i686.rpm\nlibvncserver-debuginfo-0.9.9-14.el7_8.1.x86_64.rpm\nlibvncserver-devel-0.9.9-14.el7_8.1.i686.rpm\nlibvncserver-devel-0.9.9-14.el7_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nlibvncserver-0.9.9-14.el7_8.1.src.rpm\n\nppc64le:\nlibvncserver-0.9.9-14.el7_8.1.ppc64le.rpm\nlibvncserver-debuginfo-0.9.9-14.el7_8.1.ppc64le.rpm\n\nx86_64:\nlibvncserver-0.9.9-14.el7_8.1.i686.rpm\nlibvncserver-0.9.9-14.el7_8.1.x86_64.rpm\nlibvncserver-debuginfo-0.9.9-14.el7_8.1.i686.rpm\nlibvncserver-debuginfo-0.9.9-14.el7_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\nlibvncserver-debuginfo-0.9.9-14.el7_8.1.ppc64le.rpm\nlibvncserver-devel-0.9.9-14.el7_8.1.ppc64le.rpm\n\nx86_64:\nlibvncserver-debuginfo-0.9.9-14.el7_8.1.i686.rpm\nlibvncserver-debuginfo-0.9.9-14.el7_8.1.x86_64.rpm\nlibvncserver-devel-0.9.9-14.el7_8.1.i686.rpm\nlibvncserver-devel-0.9.9-14.el7_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nlibvncserver-0.9.9-14.el7_8.1.src.rpm\n\nx86_64:\nlibvncserver-0.9.9-14.el7_8.1.i686.rpm\nlibvncserver-0.9.9-14.el7_8.1.x86_64.rpm\nlibvncserver-debuginfo-0.9.9-14.el7_8.1.i686.rpm\nlibvncserver-debuginfo-0.9.9-14.el7_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nlibvncserver-debuginfo-0.9.9-14.el7_8.1.i686.rpm\nlibvncserver-debuginfo-0.9.9-14.el7_8.1.x86_64.rpm\nlibvncserver-devel-0.9.9-14.el7_8.1.i686.rpm\nlibvncserver-devel-0.9.9-14.el7_8.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-18922\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXygVLdzjgjWX9erEAQjn5BAAmrE0XEfwDvLUYWQkFeamAij8uUnf12Z4\nfJQmIn0PlNFlNJXtSChiqf0EKTk6cAuaGF+g2FBX1AeTDxqRmTZpvR8YFyw1GK0h\nOjScrrLyU4F0q+kgGS3S39bpBydUGaUefw+rB/Slg6NNT2+EEKHo6pogYrsJE7hP\nLlrrfTIGnfS3NOZj/co4Kx1MWG2EswZ0gJXlho4o7ZPuPZOWLLv3tqzoVl86UEhG\nXJtN1lWzW0jy/QRsN88/MWC+RXAEyTja37CHX+l+Se+RdN3G0BqoNEflnNxXtSZR\n1b+0VWFhqV/R3djpB7c/geCV5OW1n9InMvmdkcnXIbfA8WIUNbNGxcEAHX7SsZ1C\nyPsu9CrEef5ZuXycTyeLNam6wYwZiaTOkNuui3yAzmyvZOkyPZHhCYgzI31Xy7Jy\nOkCgxVebn0sxxle6aq3lm3g1c09Fw7eLgKFE2WJnUElWSql1peD2WaAcXFFkhgNI\nM3drMJzvG0B0aR+qvtIQARnsKlkMxrgaVXRa3S3ZGlFigTwao2CSI/2xHEvx0QfT\ntw2oTKLjboVuwBwnEj2MltXKSvSnHKSExF5Y0EnIJnZRg1XzPGavnAwjVk1k3uSg\nyT9Db8jds1GXsWoVyqfflp5qUhIpfrtA50pagzIIGyqE9zjiyW+S8+YZdMwXtYa8\nqgB/RwEdM5k=1gVa\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 8.1) - ppc64le, x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18922"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-015072"
},
{
"db": "VULMON",
"id": "CVE-2017-18922"
},
{
"db": "PACKETSTORM",
"id": "159024"
},
{
"db": "PACKETSTORM",
"id": "158809"
},
{
"db": "PACKETSTORM",
"id": "158281"
},
{
"db": "PACKETSTORM",
"id": "158725"
},
{
"db": "PACKETSTORM",
"id": "158880"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18922",
"trust": 3.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/06/30/2",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/06/30/3",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-390195",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-015072",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159024",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158809",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158281",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158725",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158880",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2831",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2727",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2657",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2469",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2746",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3000",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-350-12",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121649",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1844",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-18922",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-18922"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-015072"
},
{
"db": "PACKETSTORM",
"id": "159024"
},
{
"db": "PACKETSTORM",
"id": "158809"
},
{
"db": "PACKETSTORM",
"id": "158281"
},
{
"db": "PACKETSTORM",
"id": "158725"
},
{
"db": "PACKETSTORM",
"id": "158880"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1844"
},
{
"db": "NVD",
"id": "CVE-2017-18922"
}
]
},
"id": "VAR-202006-1845",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.33603895
},
"last_update_date": "2024-11-23T20:31:20.075000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2020-37112ac660",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVP7TJVYJDXDFRHVQ3ENEN3H354QPXEZ/"
},
{
"title": "fix overflow and refactor websockets decode (Hybi)",
"trust": 0.8,
"url": "https://github.com/LibVNC/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433"
},
{
"title": "openSUSE-SU-2020:0960-1",
"trust": 0.8,
"url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00020.html"
},
{
"title": "openSUSE-SU-2020:0978-1",
"trust": 0.8,
"url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00028.html"
},
{
"title": "openSUSE-SU-2020:0988-1",
"trust": 0.8,
"url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html"
},
{
"title": "openSUSE-SU-2020:1025-1",
"trust": 0.8,
"url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html"
},
{
"title": "openSUSE-SU-2020:1056-1",
"trust": 0.8,
"url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"
},
{
"title": "USN-4407-1",
"trust": 0.8,
"url": "https://ubuntu.com/security/notices/USN-4407-1"
},
{
"title": "LibVNCServer Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122803"
},
{
"title": "Red Hat: Important: libvncserver security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203588 - Security Advisory"
},
{
"title": "Red Hat: Important: libvncserver security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203385 - Security Advisory"
},
{
"title": "Red Hat: Important: libvncserver security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203281 - Security Advisory"
},
{
"title": "Red Hat: Important: libvncserver security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203456 - Security Advisory"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-18922"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-015072"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1844"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-015072"
},
{
"db": "NVD",
"id": "CVE-2017-18922"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18922"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00020.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00028.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2020/06/30/3"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852356"
},
{
"trust": 1.7,
"url": "https://github.com/libvnc/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4407-1/"
},
{
"trust": 1.7,
"url": "https://www.openwall.com/lists/oss-security/2020/06/30/2"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4f6fuh4efk4nap6gt4tqrtbkwirczliy/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nvp7tjvyjdxdfrhvq3enen3h354qpxez/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18922"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4f6fuh4efk4nap6gt4tqrtbkwirczliy/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nvp7tjvyjdxdfrhvq3enen3h354qpxez/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158880/red-hat-security-advisory-2020-3456-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158725/red-hat-security-advisory-2020-3281-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2469/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158809/red-hat-security-advisory-2020-3385-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2831/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2657/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2746/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159024/red-hat-security-advisory-2020-3588-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2727/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/libvncserver-buffer-overflow-via-websockets-c-32696"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121649"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-12"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3000/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158281/ubuntu-security-notice-usn-4407-1.html"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2017-18922"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:3588"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/184357"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3385"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4407-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15681"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15680"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libvncserver/0.9.12+dfsg-9ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1.3ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20788"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3281"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3456"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-18922"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-015072"
},
{
"db": "PACKETSTORM",
"id": "159024"
},
{
"db": "PACKETSTORM",
"id": "158809"
},
{
"db": "PACKETSTORM",
"id": "158281"
},
{
"db": "PACKETSTORM",
"id": "158725"
},
{
"db": "PACKETSTORM",
"id": "158880"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1844"
},
{
"db": "NVD",
"id": "CVE-2017-18922"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2017-18922"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-015072"
},
{
"db": "PACKETSTORM",
"id": "159024"
},
{
"db": "PACKETSTORM",
"id": "158809"
},
{
"db": "PACKETSTORM",
"id": "158281"
},
{
"db": "PACKETSTORM",
"id": "158725"
},
{
"db": "PACKETSTORM",
"id": "158880"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1844"
},
{
"db": "NVD",
"id": "CVE-2017-18922"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18922"
},
{
"date": "2020-08-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-015072"
},
{
"date": "2020-09-01T15:38:29",
"db": "PACKETSTORM",
"id": "159024"
},
{
"date": "2020-08-10T14:27:27",
"db": "PACKETSTORM",
"id": "158809"
},
{
"date": "2020-07-02T15:43:16",
"db": "PACKETSTORM",
"id": "158281"
},
{
"date": "2020-08-03T17:15:01",
"db": "PACKETSTORM",
"id": "158725"
},
{
"date": "2020-08-17T15:35:31",
"db": "PACKETSTORM",
"id": "158880"
},
{
"date": "2020-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1844"
},
{
"date": "2020-06-30T11:15:10.380000",
"db": "NVD",
"id": "CVE-2017-18922"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-24T00:00:00",
"db": "VULMON",
"id": "CVE-2017-18922"
},
{
"date": "2020-08-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-015072"
},
{
"date": "2021-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1844"
},
{
"date": "2024-11-21T03:21:16.067000",
"db": "NVD",
"id": "CVE-2017-18922"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1844"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LibVNCServer Vulnerability regarding lack of entropy in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-015072"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1844"
}
],
"trust": 0.6
}
}
var-202012-1547
Vulnerability from variot
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. Vendors must CID-c8bcd9c5be24 It is published as.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4843-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2021 https://www.debian.org/security/faq
Package : linux CVE ID : CVE-2020-27815 CVE-2020-27825 CVE-2020-27830 CVE-2020-28374 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2021-3347 CVE-2021-20177 Debian Bug : 970736 972345 977048 977615
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
CVE-2020-27825
Adam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace
ring buffer resizing logic due to a race condition, which could
result in denial of service or information leak.
CVE-2020-27830
Shisong Qin reported a NULL pointer dereference flaw in the Speakup
screen reader core driver.
CVE-2020-28374
David Disseldorp discovered that the LIO SCSI target implementation
performed insufficient checking in certain XCOPY requests. An
attacker with access to a LUN and knowledge of Unit Serial Number
assignments can take advantage of this flaw to read and write to any
LIO backstore, regardless of the SCSI transport settings.
CVE-2020-29568 (XSA-349)
Michael Kurth and Pawel Wieczorkiewicz reported that frontends can
trigger OOM in backends by updating a watched path. A
misbehaving guest can trigger a dom0 crash by continuously
connecting / disconnecting a block frontend.
CVE-2020-36158
A buffer overflow flaw was discovered in the mwifiex WiFi driver
which could result in denial of service or the execution of
arbitrary code via a long SSID value. A privileged user (with root or CAP_NET_ADMIN) can
take advantage of this flaw to cause a kernel panic when inserting
iptables rules.
For the stable distribution (buster), these problems have been fixed in version 4.19.171-2.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAXj9pfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Tf5Q//RdQojeX7VtJ61PsVXRszZh9DJ3PUo64NheFU+QWUYO7F6NUD3fMxiS9K I8Sgfsm28x7RBambjW6TZYseJhQd9aSvaANnPdUj/eZ9P3xBhXFM8wzISosUWgfO 2IIV40oOVj943+BzfIQiq1mgQtwLjh3pNTZAEpjnzD96Tc9tXGyW9/3iGkUHIQjv gUTSvoLIUAI4XfNNUjnok+6kPDyEEIdiwJaGDG+UPZ6HNL/hrG3A4klQc+X7KK5K NCOzl4Wl5pZN7u2Ietn3sFMsNJkMrsfLlVyj8J9PgNwbFQh/+RuvzFcONlQ8iaD9 kx42gkLwjl+hM2UeCpvQndzwqXKPKc6CjFemDj7KWzVA+KkVBRTXCGb9K9CasZOZ 0e/cu+5rjYGubIE3e/jo3Gmhp/fm9fXHESbruxuP+gjdbKcyrGrokNucjRvp6FPP rCX+e7OjsZwWGBIcAw+gDAZkDO7PFEoRtlByF2LmxxNvTufZQZHX8NwVyABCdpZi VQLLeQNXN1pJ4d1NPWgTlKfEmH0sGVQRHCliTkBZmIjvo+y1JClUDBAlWOS4YYQL 4Z4oe1qtOX9z+NkqDqcbgfWw69Q2PipNN3TR5YcBXvOtVhvL+/WFGiooJDqxkdCD j3wO/r/1gut/bK/OJnjmOB9J5OXP+cHxYtrhPqXFy2Hzkgj1CRU= =u23W -----END PGP SIGNATURE----- . Bugs fixed (https://bugzilla.redhat.com/):
2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-gkeop: Linux kernel for Google Container Engine (GKE) systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi: Linux kernel for Raspberry Pi (V8) systems - linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems - linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems - linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems - linux-gke-5.4: Linux kernel for Google Container Engine (GKE) systems - linux-gkeop-5.4: Linux kernel for Google Container Engine (GKE) systems - linux-hwe-5.4: Linux hardware enablement (HWE) kernel - linux-oracle-5.4: Linux kernel for Oracle Cloud systems - linux-raspi-5.4: Linux kernel for Raspberry Pi (V8) systems
Details:
Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. ========================================================================== Ubuntu Security Notice USN-4752-1 February 25, 2021
linux-oem-5.6 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux-oem-5.6: Linux kernel for OEM systems
Details:
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. (CVE-2020-10135)
Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-14314)
It was discovered that the block layer implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-15436)
It was discovered that the serial port driver in the Linux kernel did not properly initialize a pointer in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2020-15437)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the Linux kernel did not properly handle event advertisements of certain sizes, leading to a heap-based buffer overflow. A physically proximate remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-24490)
It was discovered that the NFS client implementation in the Linux kernel did not properly perform bounds checking before copying security labels in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-25212)
It was discovered that the Rados block device (rbd) driver in the Linux kernel did not properly perform privilege checks for access to rbd devices in some situations. A local attacker could use this to map or unmap rbd block devices. A local attacker could use this to cause a denial of service. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. A privileged attacker could use this to cause a denial of service (kernel memory exhaustion). A local attacker in a guest VM could possibly use this to cause a denial of service (host system crash). A local attacker could use this to possibly cause a denial of service (system crash). A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-28588)
It was discovered that the framebuffer implementation in the Linux kernel did not properly perform range checks in certain situations. A local attacker could use this to expose sensitive information (kernel memory). A local attacker could use this to gain unintended write access to read-only memory pages. (CVE-2020-29368)
Jann Horn discovered that the mmap implementation in the Linux kernel contained a race condition when handling munmap() operations, leading to a read-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2020-29369)
Jann Horn discovered that the romfs file system in the Linux kernel did not properly validate file system meta-data, leading to an out-of-bounds read. An attacker could use this to construct a malicious romfs image that, when mounted, exposed sensitive information (kernel memory). A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-29661)
It was discovered that a race condition existed that caused the Linux kernel to not properly restrict exit signal delivery. A local attacker could possibly use this to send signals to arbitrary processes. (CVE-2020-35508)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: linux-image-5.6.0-1048-oem 5.6.0-1048.52 linux-image-oem-20.04 5.6.0.1048.44
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://usn.ubuntu.com/4752-1 CVE-2020-10135, CVE-2020-14314, CVE-2020-15436, CVE-2020-15437, CVE-2020-24490, CVE-2020-25212, CVE-2020-25284, CVE-2020-25641, CVE-2020-25643, CVE-2020-25704, CVE-2020-27152, CVE-2020-27815, CVE-2020-28588, CVE-2020-28915, CVE-2020-29368, CVE-2020-29369, CVE-2020-29371, CVE-2020-29660, CVE-2020-29661, CVE-2020-35508
Package Information: https://launchpad.net/ubuntu/+source/linux-oem-5.6/5.6.0-1048.52 . Summary:
An update is now available for OpenShift Logging 5.3.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Openshift Logging Bug Fix Release (5.3.0)
Security Fix(es):
- golang: x/net/html: infinite loop in ParseFragment (CVE-2021-33194)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html
For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:
https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html
- Bugs fixed (https://bugzilla.redhat.com/):
1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1168 - Disable hostname verification in syslog TLS settings
LOG-1235 - Using HTTPS without a secret does not translate into the correct 'scheme' value in Fluentd
LOG-1375 - ssl_ca_cert should be optional
LOG-1378 - CLO should support sasl_plaintext(Password over http)
LOG-1392 - In fluentd config, flush_interval can't be set with flush_mode=immediate
LOG-1494 - Syslog output is serializing json incorrectly
LOG-1555 - Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server
LOG-1575 - Rejected by Elasticsearch and unexpected json-parsing
LOG-1735 - Regression introducing flush_at_shutdown
LOG-1774 - The collector logs should be excluded in fluent.conf
LOG-1776 - fluentd total_limit_size sets value beyond available space
LOG-1822 - OpenShift Alerting Rules Style-Guide Compliance
LOG-1859 - CLO Should not error and exit early on missing ca-bundle when cluster wide proxy is not enabled
LOG-1862 - Unsupported kafka parameters when enabled Kafka SASL
LOG-1903 - Fix the Display of ClusterLogging type in OLM
LOG-1911 - CLF API changes to Opt-in to multiline error detection
LOG-1918 - Alert FluentdNodeDown always firing
LOG-1939 - Opt-in multiline detection breaks cloudwatch forwarding
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYZJxoNzjgjWX9erEAQji2Q//bv8hVZq0D8Dz0Do5vdoPzpjDhM6wJr7U 3CqAqcxniXvHVbBiPHPsY3p3M62FSO5lg4oZnVfokEtrZmLe9ULZWLlNxVilAUCT 0urKKWCAIXF+QJcW9/KCuIfaMh8Mmvh2baq52azauCHCJ3UK9ontiGWqyUz/aq9F TM4P/eehnUU1WXAz9x4ycHP7fHZBuADkI8WOUZ5M/QpcoEvo7rLFdyat5MpMkeJx j7gGieb2ITvblxEML3LRdPljQxe56w7p2jC/EoXJnssjABozlWB936Ub/QSulGuz +HQS+RnAGxRRpNcs1wNQzpIkCFJN2S0jlEj5VLB8xLbZTYtILWhIx4rlwaFy6NJn /z7hpEfSAgmhPTejshI/2Gfu/sc+KStEJk2IasWO1wqQWRqYGVeLwgHxBt2wpX+I XJUjhkAdhAWyDfEhPXzpbN4dhmDk0QiGfL3KWZ8nO54IFQgZHT1P1YArnI1hMWC7 JhTyj1DtFOKJl8X28wf6RNui+ifD12hmIAuQRuJTPjZbTnywwpMy+Sq9mrfeHztb gPt2AqOPF5ksNB6OsjVKlMScLlLJzzlkBVgmurXaly0z2qLjy0Rl70oWeMOW4xUD 4Ravk3PLEMqSIHv0ECr4ku5ejMV1Rd46USrgVX2R0CALXIxPkk1IEN8hHmzIGz2D HHJuAvrlroc= =di1X -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1547",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "solidfire baseboard management controller",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "lte",
"trust": 1.0,
"vendor": "linux",
"version": "5.9.13"
},
{
"model": "8300",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "8700",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "a700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "a400",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "kernel",
"scope": null,
"trust": 0.8,
"vendor": "linux",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014189"
},
{
"db": "NVD",
"id": "CVE-2020-29660"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "161552"
},
{
"db": "PACKETSTORM",
"id": "161553"
},
{
"db": "PACKETSTORM",
"id": "161556"
},
{
"db": "PACKETSTORM",
"id": "164812"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-776"
}
],
"trust": 1.0
},
"cve": "CVE-2020-29660",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-29660",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2020-29660",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.4,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-29660",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-29660",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-29660",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202012-776",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-29660",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-29660"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014189"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-776"
},
{
"db": "NVD",
"id": "CVE-2020-29660"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. Vendors must CID-c8bcd9c5be24 It is published as.Information may be obtained. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4843-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nFebruary 01, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2020-27815 CVE-2020-27825 CVE-2020-27830 CVE-2020-28374\n CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661\n CVE-2020-36158 CVE-2021-3347 CVE-2021-20177\nDebian Bug : 970736 972345 977048 977615\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks. \n\nCVE-2020-27825\n\n Adam \u0027pi3\u0027 Zabrocki reported a use-after-free flaw in the ftrace\n ring buffer resizing logic due to a race condition, which could\n result in denial of service or information leak. \n\nCVE-2020-27830\n\n Shisong Qin reported a NULL pointer dereference flaw in the Speakup\n screen reader core driver. \n\nCVE-2020-28374\n\n David Disseldorp discovered that the LIO SCSI target implementation\n performed insufficient checking in certain XCOPY requests. An\n attacker with access to a LUN and knowledge of Unit Serial Number\n assignments can take advantage of this flaw to read and write to any\n LIO backstore, regardless of the SCSI transport settings. \n\nCVE-2020-29568 (XSA-349)\n\n Michael Kurth and Pawel Wieczorkiewicz reported that frontends can\n trigger OOM in backends by updating a watched path. A\n misbehaving guest can trigger a dom0 crash by continuously\n connecting / disconnecting a block frontend. \n\nCVE-2020-36158\n\n A buffer overflow flaw was discovered in the mwifiex WiFi driver\n which could result in denial of service or the execution of\n arbitrary code via a long SSID value. A privileged user (with root or CAP_NET_ADMIN) can\n take advantage of this flaw to cause a kernel panic when inserting\n iptables rules. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 4.19.171-2. \n\nWe recommend that you upgrade your linux packages. \n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAXj9pfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0Tf5Q//RdQojeX7VtJ61PsVXRszZh9DJ3PUo64NheFU+QWUYO7F6NUD3fMxiS9K\nI8Sgfsm28x7RBambjW6TZYseJhQd9aSvaANnPdUj/eZ9P3xBhXFM8wzISosUWgfO\n2IIV40oOVj943+BzfIQiq1mgQtwLjh3pNTZAEpjnzD96Tc9tXGyW9/3iGkUHIQjv\ngUTSvoLIUAI4XfNNUjnok+6kPDyEEIdiwJaGDG+UPZ6HNL/hrG3A4klQc+X7KK5K\nNCOzl4Wl5pZN7u2Ietn3sFMsNJkMrsfLlVyj8J9PgNwbFQh/+RuvzFcONlQ8iaD9\nkx42gkLwjl+hM2UeCpvQndzwqXKPKc6CjFemDj7KWzVA+KkVBRTXCGb9K9CasZOZ\n0e/cu+5rjYGubIE3e/jo3Gmhp/fm9fXHESbruxuP+gjdbKcyrGrokNucjRvp6FPP\nrCX+e7OjsZwWGBIcAw+gDAZkDO7PFEoRtlByF2LmxxNvTufZQZHX8NwVyABCdpZi\nVQLLeQNXN1pJ4d1NPWgTlKfEmH0sGVQRHCliTkBZmIjvo+y1JClUDBAlWOS4YYQL\n4Z4oe1qtOX9z+NkqDqcbgfWw69Q2PipNN3TR5YcBXvOtVhvL+/WFGiooJDqxkdCD\nj3wO/r/1gut/bK/OJnjmOB9J5OXP+cHxYtrhPqXFy2Hzkgj1CRU=\n=u23W\n-----END PGP SIGNATURE-----\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. \n\nSoftware Description:\n- linux: Linux kernel\n- linux-aws: Linux kernel for Amazon Web Services (AWS) systems\n- linux-azure: Linux kernel for Microsoft Azure Cloud systems\n- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems\n- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems\n- linux-kvm: Linux kernel for cloud environments\n- linux-oracle: Linux kernel for Oracle Cloud systems\n- linux-raspi: Linux kernel for Raspberry Pi (V8) systems\n- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems\n- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems\n- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems\n- linux-gke-5.4: Linux kernel for Google Container Engine (GKE) systems\n- linux-gkeop-5.4: Linux kernel for Google Container Engine (GKE) systems\n- linux-hwe-5.4: Linux hardware enablement (HWE) kernel\n- linux-oracle-5.4: Linux kernel for Oracle Cloud systems\n- linux-raspi-5.4: Linux kernel for Raspberry Pi (V8) systems\n\nDetails:\n\nBodong Zhao discovered a use-after-free in the Sun keyboard driver\nimplementation in the Linux kernel. ==========================================================================\nUbuntu Security Notice USN-4752-1\nFebruary 25, 2021\n\nlinux-oem-5.6 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. \n\nSoftware Description:\n- linux-oem-5.6: Linux kernel for OEM systems\n\nDetails:\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered\nthat legacy pairing and secure-connections pairing authentication in the\nBluetooth protocol could allow an unauthenticated user to complete\nauthentication without pairing credentials via adjacent access. A\nphysically proximate attacker could use this to impersonate a previously\npaired Bluetooth device. (CVE-2020-10135)\n\nJay Shin discovered that the ext4 file system implementation in the Linux\nkernel did not properly handle directory access with broken indexing,\nleading to an out-of-bounds read vulnerability. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2020-14314)\n\nIt was discovered that the block layer implementation in the Linux kernel\ndid not properly perform reference counting in some situations, leading to\na use-after-free vulnerability. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2020-15436)\n\nIt was discovered that the serial port driver in the Linux kernel did not\nproperly initialize a pointer in some situations. A local attacker could\npossibly use this to cause a denial of service (system crash). \n(CVE-2020-15437)\n\nAndy Nguyen discovered that the Bluetooth HCI event packet parser in the\nLinux kernel did not properly handle event advertisements of certain sizes,\nleading to a heap-based buffer overflow. A physically proximate remote\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2020-24490)\n\nIt was discovered that the NFS client implementation in the Linux kernel\ndid not properly perform bounds checking before copying security labels in\nsome situations. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. (CVE-2020-25212)\n\nIt was discovered that the Rados block device (rbd) driver in the Linux\nkernel did not properly perform privilege checks for access to rbd devices\nin some situations. A local attacker could use this to map or unmap rbd\nblock devices. A local attacker could use this\nto cause a denial of service. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. A privileged attacker\ncould use this to cause a denial of service (kernel memory exhaustion). A local attacker in a\nguest VM could possibly use this to cause a denial of service (host system\ncrash). A local attacker\ncould use this to possibly cause a denial of service (system crash). A local attacker\ncould use this to expose sensitive information (kernel memory). \n(CVE-2020-28588)\n\nIt was discovered that the framebuffer implementation in the Linux kernel\ndid not properly perform range checks in certain situations. A local\nattacker could use this to expose sensitive information (kernel memory). A local attacker could use\nthis to gain unintended write access to read-only memory pages. \n(CVE-2020-29368)\n\nJann Horn discovered that the mmap implementation in the Linux kernel\ncontained a race condition when handling munmap() operations, leading to a\nread-after-free vulnerability. A local attacker could use this to cause a\ndenial of service (system crash) or possibly expose sensitive information. \n(CVE-2020-29369)\n\nJann Horn discovered that the romfs file system in the Linux kernel did not\nproperly validate file system meta-data, leading to an out-of-bounds read. \nAn attacker could use this to construct a malicious romfs image that, when\nmounted, exposed sensitive information (kernel memory). A local attacker could use this to cause a denial of service\n(system crash) or possibly expose sensitive information (kernel memory). A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. (CVE-2020-29661)\n\nIt was discovered that a race condition existed that caused the Linux\nkernel to not properly restrict exit signal delivery. A local attacker\ncould possibly use this to send signals to arbitrary processes. \n(CVE-2020-35508)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\n linux-image-5.6.0-1048-oem 5.6.0-1048.52\n linux-image-oem-20.04 5.6.0.1048.44\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n https://usn.ubuntu.com/4752-1\n CVE-2020-10135, CVE-2020-14314, CVE-2020-15436, CVE-2020-15437,\n CVE-2020-24490, CVE-2020-25212, CVE-2020-25284, CVE-2020-25641,\n CVE-2020-25643, CVE-2020-25704, CVE-2020-27152, CVE-2020-27815,\n CVE-2020-28588, CVE-2020-28915, CVE-2020-29368, CVE-2020-29369,\n CVE-2020-29371, CVE-2020-29660, CVE-2020-29661, CVE-2020-35508\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/linux-oem-5.6/5.6.0-1048.52\n. Summary:\n\nAn update is now available for OpenShift Logging 5.3. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nOpenshift Logging Bug Fix Release (5.3.0)\n\nSecurity Fix(es):\n\n* golang: x/net/html: infinite loop in ParseFragment (CVE-2021-33194)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nFor OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1168 - Disable hostname verification in syslog TLS settings\nLOG-1235 - Using HTTPS without a secret does not translate into the correct \u0027scheme\u0027 value in Fluentd\nLOG-1375 - ssl_ca_cert should be optional\nLOG-1378 - CLO should support sasl_plaintext(Password over http)\nLOG-1392 - In fluentd config, flush_interval can\u0027t be set with flush_mode=immediate\nLOG-1494 - Syslog output is serializing json incorrectly\nLOG-1555 - Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server\nLOG-1575 - Rejected by Elasticsearch and unexpected json-parsing\nLOG-1735 - Regression introducing flush_at_shutdown \nLOG-1774 - The collector logs should be excluded in fluent.conf\nLOG-1776 - fluentd total_limit_size sets value beyond available space\nLOG-1822 - OpenShift Alerting Rules Style-Guide Compliance\nLOG-1859 - CLO Should not error and exit early on missing ca-bundle when cluster wide proxy is not enabled\nLOG-1862 - Unsupported kafka parameters when enabled Kafka SASL\nLOG-1903 - Fix the Display of ClusterLogging type in OLM\nLOG-1911 - CLF API changes to Opt-in to multiline error detection\nLOG-1918 - Alert `FluentdNodeDown` always firing \nLOG-1939 - Opt-in multiline detection breaks cloudwatch forwarding\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYZJxoNzjgjWX9erEAQji2Q//bv8hVZq0D8Dz0Do5vdoPzpjDhM6wJr7U\n3CqAqcxniXvHVbBiPHPsY3p3M62FSO5lg4oZnVfokEtrZmLe9ULZWLlNxVilAUCT\n0urKKWCAIXF+QJcW9/KCuIfaMh8Mmvh2baq52azauCHCJ3UK9ontiGWqyUz/aq9F\nTM4P/eehnUU1WXAz9x4ycHP7fHZBuADkI8WOUZ5M/QpcoEvo7rLFdyat5MpMkeJx\nj7gGieb2ITvblxEML3LRdPljQxe56w7p2jC/EoXJnssjABozlWB936Ub/QSulGuz\n+HQS+RnAGxRRpNcs1wNQzpIkCFJN2S0jlEj5VLB8xLbZTYtILWhIx4rlwaFy6NJn\n/z7hpEfSAgmhPTejshI/2Gfu/sc+KStEJk2IasWO1wqQWRqYGVeLwgHxBt2wpX+I\nXJUjhkAdhAWyDfEhPXzpbN4dhmDk0QiGfL3KWZ8nO54IFQgZHT1P1YArnI1hMWC7\nJhTyj1DtFOKJl8X28wf6RNui+ifD12hmIAuQRuJTPjZbTnywwpMy+Sq9mrfeHztb\ngPt2AqOPF5ksNB6OsjVKlMScLlLJzzlkBVgmurXaly0z2qLjy0Rl70oWeMOW4xUD\n4Ravk3PLEMqSIHv0ECr4ku5ejMV1Rd46USrgVX2R0CALXIxPkk1IEN8hHmzIGz2D\nHHJuAvrlroc=\n=di1X\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-29660"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014189"
},
{
"db": "VULMON",
"id": "CVE-2020-29660"
},
{
"db": "PACKETSTORM",
"id": "169012"
},
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "161552"
},
{
"db": "PACKETSTORM",
"id": "161553"
},
{
"db": "PACKETSTORM",
"id": "161556"
},
{
"db": "PACKETSTORM",
"id": "164967"
},
{
"db": "PACKETSTORM",
"id": "164812"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-29660",
"trust": 4.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/12/10/1",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "164950",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-24-074-07",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU93656033",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014189",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161556",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164812",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.3905",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0189",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0837",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0717",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0589",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0166",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4254",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3871",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0348",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3825",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164875",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021100407",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202012-776",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-29660",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169012",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165296",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161552",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161553",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164967",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-29660"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014189"
},
{
"db": "PACKETSTORM",
"id": "169012"
},
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "161552"
},
{
"db": "PACKETSTORM",
"id": "161553"
},
{
"db": "PACKETSTORM",
"id": "161556"
},
{
"db": "PACKETSTORM",
"id": "164967"
},
{
"db": "PACKETSTORM",
"id": "164812"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-776"
},
{
"db": "NVD",
"id": "CVE-2020-29660"
}
]
},
"id": "VAR-202012-1547",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.625
},
"last_update_date": "2024-11-29T22:26:28.519000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fix\u00a0-\u003esession\u00a0locking",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
},
{
"title": "Linux kernel Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137670"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-29660 log"
},
{
"title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-032",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2021-032"
},
{
"title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-031",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2021-031"
},
{
"title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-034",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2021-034"
},
{
"title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-033",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2021-033"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1477",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1477"
},
{
"title": "Amazon Linux 2: ALAS2KERNEL-5.4-2022-019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2KERNEL-5.4-2022-019"
},
{
"title": "Debian Security Advisories: DSA-4843-1 linux -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b95030247235becf9e017bec31e9d503"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1588",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1588"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "cve_diff_checker",
"trust": 0.1,
"url": "https://github.com/lcatro/cve_diff_checker "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-29660"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014189"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-776"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-667",
"trust": 1.0
},
{
"problemtype": "CWE-416",
"trust": 1.0
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " improper lock (CWE-667) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014189"
},
{
"db": "NVD",
"id": "CVE-2020-29660"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/164950/kernel-live-patch-security-notice-lsn-0082-1.html"
},
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29660"
},
{
"trust": 1.7,
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/mz7oakaefaxqrgbzk4lyuwincd3d2xcl/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bob25su6xul4tnp7kb63wnzsytiyfdpp/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93656033/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-07"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/mz7oakaefaxqrgbzk4lyuwincd3d2xcl/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bob25su6xul4tnp7kb63wnzsytiyfdpp/"
},
{
"trust": 0.6,
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-wearables-202111-0000001172568432"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0837"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0717"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164875/red-hat-security-advisory-2021-4140-02.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0589"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0348/"
},
{
"trust": 0.6,
"url": "https://source.android.com/security/bulletin/2021-10-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3905"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3825"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3871"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164812/ubuntu-security-notice-usn-5130-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0166/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021100407"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4254"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/linux-kernel-use-after-free-via-tiocgsid-34081"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0189/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161556/ubuntu-security-notice-usn-4752-1.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29661"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27815"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29568"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29569"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20177"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24504"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27777"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20239"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36158"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35448"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3635"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25013"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35522"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36386"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35524"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0427"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24586"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3348"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26140"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3487"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26146"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-31440"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3732"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-0129"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24502"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25014"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3564"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-0427"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23133"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25012"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26144"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35521"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3679"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36312"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-29368"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24588"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-29646"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-29155"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3489"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36331"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-29660"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26139"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-28971"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14615"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26143"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3600"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26145"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20673"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33200"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-29650"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33033"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20194"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26147"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-31916"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36332"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10001"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24503"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14615"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24502"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3481"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25009"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25010"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35523"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-31829"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3573"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20197"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26141"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-28950"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24587"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24503"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3659"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25669"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28588"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/667.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2020-29660"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alaslivepatch-2021-032.html"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/linux"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27830"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36158"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28374"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5137"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1093.106~16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1085.87"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1108.120"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1065.73"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1093.106"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1079.84"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-dell300x/4.15.0-1012.16"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1096.105"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-136.140"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1094.101~16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-136.140~16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1065.73~16.04.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4749-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29374"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1108.120~16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1079.84"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1094.101"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1038.41"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28941"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1038.40"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1010.11~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1040.42"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4750-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1037.40~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1038.41~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1037.40"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1033.34"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke-5.4/5.4.0-1036.38~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1029.32~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.4.0-66.74"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-66.74~18.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1040.42~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1029.32"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1038.40~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1010.11"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4752-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25212"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24490"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15437"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oem-5.6/5.6.0-1048.52"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29369"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27152"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28915"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25704"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25643"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14314"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29371"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35508"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33194"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4627"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5130-1"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-29660"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014189"
},
{
"db": "PACKETSTORM",
"id": "169012"
},
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "161552"
},
{
"db": "PACKETSTORM",
"id": "161553"
},
{
"db": "PACKETSTORM",
"id": "161556"
},
{
"db": "PACKETSTORM",
"id": "164967"
},
{
"db": "PACKETSTORM",
"id": "164812"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-776"
},
{
"db": "NVD",
"id": "CVE-2020-29660"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-29660"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014189"
},
{
"db": "PACKETSTORM",
"id": "169012"
},
{
"db": "PACKETSTORM",
"id": "165296"
},
{
"db": "PACKETSTORM",
"id": "161552"
},
{
"db": "PACKETSTORM",
"id": "161553"
},
{
"db": "PACKETSTORM",
"id": "161556"
},
{
"db": "PACKETSTORM",
"id": "164967"
},
{
"db": "PACKETSTORM",
"id": "164812"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-776"
},
{
"db": "NVD",
"id": "CVE-2020-29660"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-09T00:00:00",
"db": "VULMON",
"id": "CVE-2020-29660"
},
{
"date": "2021-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014189"
},
{
"date": "2021-02-28T20:12:00",
"db": "PACKETSTORM",
"id": "169012"
},
{
"date": "2021-12-15T15:27:05",
"db": "PACKETSTORM",
"id": "165296"
},
{
"date": "2021-02-25T15:30:40",
"db": "PACKETSTORM",
"id": "161552"
},
{
"date": "2021-02-25T15:30:47",
"db": "PACKETSTORM",
"id": "161553"
},
{
"date": "2021-02-25T15:31:12",
"db": "PACKETSTORM",
"id": "161556"
},
{
"date": "2021-11-15T17:25:56",
"db": "PACKETSTORM",
"id": "164967"
},
{
"date": "2021-11-09T16:59:39",
"db": "PACKETSTORM",
"id": "164812"
},
{
"date": "2020-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-776"
},
{
"date": "2020-12-09T17:15:31.743000",
"db": "NVD",
"id": "CVE-2020-29660"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-29660"
},
{
"date": "2024-03-22T07:17:00",
"db": "JVNDB",
"id": "JVNDB-2020-014189"
},
{
"date": "2021-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202012-776"
},
{
"date": "2024-11-21T05:24:22.803000",
"db": "NVD",
"id": "CVE-2020-29660"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "161552"
},
{
"db": "PACKETSTORM",
"id": "161553"
},
{
"db": "PACKETSTORM",
"id": "161556"
},
{
"db": "PACKETSTORM",
"id": "164812"
},
{
"db": "CNNVD",
"id": "CNNVD-202012-776"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux\u00a0Kernel\u00a0 Vulnerability in using free memory in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014189"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202012-776"
}
],
"trust": 0.6
}
}
var-202108-1251
Vulnerability from variot
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. apple's Safari Products from multiple vendors, including Microsoft, contain freed memory usage vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. (CVE-2020-27918) "Clear History and Website Data" did not clear the history. A user may be unable to fully delete browsing history. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1789) A port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870) A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775) A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779) An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. The victim needs to visit a malicious web site to trigger the vulnerability. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30661) An integer overflow was addressed with improved input validation. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30799) A use-after-free flaw was found in WebKitGTK. (CVE-2021-30809) A confusion type flaw was found in WebKitGTK. (CVE-2021-30818) An out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30887) An information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888) A buffer overflow flaw was found in WebKitGTK. (CVE-2021-30951) An integer overflow was addressed with improved input validation. (CVE-2021-30952) An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30984) ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912) BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762) A segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-26719) In WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. An app may be able to disclose kernel memory. Visiting a website that frames malicious content may lead to UI spoofing. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-46700) A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529) A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358) A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360) A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361) A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362) A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363) The vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932) The vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954) An out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373) N/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-12-15-6 watchOS 8.3
watchOS 8.3 addresses the following issues. CVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab
CFNetwork Proxies Available for: Apple Watch Series 3 and later Impact: User traffic might unexpectedly be leaked to a proxy server despite PAC configurations Description: A logic issue was addressed with improved state management. CVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab
CoreAudio Available for: Apple Watch Series 3 and later Impact: Playing a malicious audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab
Crash Reporter Available for: Apple Watch Series 3 and later Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30916: Zweig of Kunlun Lab
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30937: Sergei Glazunov of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30927: Xinru Chi of Pangu Lab CVE-2021-30980: Xinru Chi of Pangu Lab
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30949: Ian Beer of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2021-30955: Zweig of Kunlun Lab
Preferences Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to elevate privileges Description: A race condition was addressed with improved state handling. CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions. CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved restrictions. CVE-2021-30946: @gorelics
Sandbox Available for: Apple Watch Series 3 and later Impact: An application may be able to access a user's files Description: An access issue was addressed with additional sandbox restrictions. CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security
TCC Available for: Apple Watch Series 3 and later Impact: A local user may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30767: @gorelics
TCC Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass Privacy preferences Description: An inherited permissions issue was addressed with additional restrictions. CVE-2021-30954: Kunlun Lab
Additional recognition
Bluetooth We would like to acknowledge Haram Park, Korea University for their assistance.
ColorSync We would like to acknowledge Mateusz Jurczyk of Google Project Zero for their assistance.
Contacts We would like to acknowledge Minchan Park (03stin) for their assistance.
Kernel We would like to acknowledge Amit Klein of Bar-Ilan University's Center for Research in Applied Cryptography and Cyber Security for their assistance.
WebKit We would like to acknowledge Peter Snyder of Brave and Soroush Karami for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p rhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn wkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1 eG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh TL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj t1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+ wlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz xnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS rwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj FPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj zn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI 1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+ -----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202202-01
https://security.gentoo.org/
Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
[ 1 ] CVE-2021-30848 https://nvd.nist.gov/vuln/detail/CVE-2021-30848 [ 2 ] CVE-2021-30888 https://nvd.nist.gov/vuln/detail/CVE-2021-30888 [ 3 ] CVE-2021-30682 https://nvd.nist.gov/vuln/detail/CVE-2021-30682 [ 4 ] CVE-2021-30889 https://nvd.nist.gov/vuln/detail/CVE-2021-30889 [ 5 ] CVE-2021-30666 https://nvd.nist.gov/vuln/detail/CVE-2021-30666 [ 6 ] CVE-2021-30665 https://nvd.nist.gov/vuln/detail/CVE-2021-30665 [ 7 ] CVE-2021-30890 https://nvd.nist.gov/vuln/detail/CVE-2021-30890 [ 8 ] CVE-2021-30661 https://nvd.nist.gov/vuln/detail/CVE-2021-30661 [ 9 ] WSA-2021-0005 https://webkitgtk.org/security/WSA-2021-0005.html [ 10 ] CVE-2021-30761 https://nvd.nist.gov/vuln/detail/CVE-2021-30761 [ 11 ] CVE-2021-30897 https://nvd.nist.gov/vuln/detail/CVE-2021-30897 [ 12 ] CVE-2021-30823 https://nvd.nist.gov/vuln/detail/CVE-2021-30823 [ 13 ] CVE-2021-30734 https://nvd.nist.gov/vuln/detail/CVE-2021-30734 [ 14 ] CVE-2021-30934 https://nvd.nist.gov/vuln/detail/CVE-2021-30934 [ 15 ] CVE-2021-1871 https://nvd.nist.gov/vuln/detail/CVE-2021-1871 [ 16 ] CVE-2021-30762 https://nvd.nist.gov/vuln/detail/CVE-2021-30762 [ 17 ] WSA-2021-0006 https://webkitgtk.org/security/WSA-2021-0006.html [ 18 ] CVE-2021-30797 https://nvd.nist.gov/vuln/detail/CVE-2021-30797 [ 19 ] CVE-2021-30936 https://nvd.nist.gov/vuln/detail/CVE-2021-30936 [ 20 ] CVE-2021-30663 https://nvd.nist.gov/vuln/detail/CVE-2021-30663 [ 21 ] CVE-2021-1825 https://nvd.nist.gov/vuln/detail/CVE-2021-1825 [ 22 ] CVE-2021-30951 https://nvd.nist.gov/vuln/detail/CVE-2021-30951 [ 23 ] CVE-2021-30952 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 [ 24 ] CVE-2021-1788 https://nvd.nist.gov/vuln/detail/CVE-2021-1788 [ 25 ] CVE-2021-1820 https://nvd.nist.gov/vuln/detail/CVE-2021-1820 [ 26 ] CVE-2021-30953 https://nvd.nist.gov/vuln/detail/CVE-2021-30953 [ 27 ] CVE-2021-30749 https://nvd.nist.gov/vuln/detail/CVE-2021-30749 [ 28 ] CVE-2021-30849 https://nvd.nist.gov/vuln/detail/CVE-2021-30849 [ 29 ] CVE-2021-1826 https://nvd.nist.gov/vuln/detail/CVE-2021-1826 [ 30 ] CVE-2021-30836 https://nvd.nist.gov/vuln/detail/CVE-2021-30836 [ 31 ] CVE-2021-30954 https://nvd.nist.gov/vuln/detail/CVE-2021-30954 [ 32 ] CVE-2021-30984 https://nvd.nist.gov/vuln/detail/CVE-2021-30984 [ 33 ] CVE-2021-30851 https://nvd.nist.gov/vuln/detail/CVE-2021-30851 [ 34 ] CVE-2021-30758 https://nvd.nist.gov/vuln/detail/CVE-2021-30758 [ 35 ] CVE-2021-42762 https://nvd.nist.gov/vuln/detail/CVE-2021-42762 [ 36 ] CVE-2021-1844 https://nvd.nist.gov/vuln/detail/CVE-2021-1844 [ 37 ] CVE-2021-30689 https://nvd.nist.gov/vuln/detail/CVE-2021-30689 [ 38 ] CVE-2021-45482 https://nvd.nist.gov/vuln/detail/CVE-2021-45482 [ 39 ] CVE-2021-30858 https://nvd.nist.gov/vuln/detail/CVE-2021-30858 [ 40 ] CVE-2021-21779 https://nvd.nist.gov/vuln/detail/CVE-2021-21779 [ 41 ] WSA-2021-0004 https://webkitgtk.org/security/WSA-2021-0004.html [ 42 ] CVE-2021-30846 https://nvd.nist.gov/vuln/detail/CVE-2021-30846 [ 43 ] CVE-2021-30744 https://nvd.nist.gov/vuln/detail/CVE-2021-30744 [ 44 ] CVE-2021-30809 https://nvd.nist.gov/vuln/detail/CVE-2021-30809 [ 45 ] CVE-2021-30884 https://nvd.nist.gov/vuln/detail/CVE-2021-30884 [ 46 ] CVE-2021-30720 https://nvd.nist.gov/vuln/detail/CVE-2021-30720 [ 47 ] CVE-2021-30799 https://nvd.nist.gov/vuln/detail/CVE-2021-30799 [ 48 ] CVE-2021-30795 https://nvd.nist.gov/vuln/detail/CVE-2021-30795 [ 49 ] CVE-2021-1817 https://nvd.nist.gov/vuln/detail/CVE-2021-1817 [ 50 ] CVE-2021-21775 https://nvd.nist.gov/vuln/detail/CVE-2021-21775 [ 51 ] CVE-2021-30887 https://nvd.nist.gov/vuln/detail/CVE-2021-30887 [ 52 ] CVE-2021-21806 https://nvd.nist.gov/vuln/detail/CVE-2021-21806 [ 53 ] CVE-2021-30818 https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update Advisory ID: RHSA-2022:1777-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1777 Issue date: 2022-05-10 CVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 =====================================================================
- Summary:
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: webkit2gtk3-2.34.6-1.el8.src.rpm
aarch64: webkit2gtk3-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm
ppc64le: webkit2gtk3-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm
s390x: webkit2gtk3-2.34.6-1.el8.s390x.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm
x86_64: webkit2gtk3-2.34.6-1.el8.i686.rpm webkit2gtk3-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm webkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-30809 https://access.redhat.com/security/cve/CVE-2021-30818 https://access.redhat.com/security/cve/CVE-2021-30823 https://access.redhat.com/security/cve/CVE-2021-30836 https://access.redhat.com/security/cve/CVE-2021-30846 https://access.redhat.com/security/cve/CVE-2021-30848 https://access.redhat.com/security/cve/CVE-2021-30849 https://access.redhat.com/security/cve/CVE-2021-30851 https://access.redhat.com/security/cve/CVE-2021-30884 https://access.redhat.com/security/cve/CVE-2021-30887 https://access.redhat.com/security/cve/CVE-2021-30888 https://access.redhat.com/security/cve/CVE-2021-30889 https://access.redhat.com/security/cve/CVE-2021-30890 https://access.redhat.com/security/cve/CVE-2021-30897 https://access.redhat.com/security/cve/CVE-2021-30934 https://access.redhat.com/security/cve/CVE-2021-30936 https://access.redhat.com/security/cve/CVE-2021-30951 https://access.redhat.com/security/cve/CVE-2021-30952 https://access.redhat.com/security/cve/CVE-2021-30953 https://access.redhat.com/security/cve/CVE-2021-30954 https://access.redhat.com/security/cve/CVE-2021-30984 https://access.redhat.com/security/cve/CVE-2021-45481 https://access.redhat.com/security/cve/CVE-2021-45482 https://access.redhat.com/security/cve/CVE-2021-45483 https://access.redhat.com/security/cve/CVE-2022-22589 https://access.redhat.com/security/cve/CVE-2022-22590 https://access.redhat.com/security/cve/CVE-2022-22592 https://access.redhat.com/security/cve/CVE-2022-22594 https://access.redhat.com/security/cve/CVE-2022-22620 https://access.redhat.com/security/cve/CVE-2022-22637 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
For the oldstable distribution (buster), these problems have been fixed in version 2.34.4-1~deb10u1.
For the stable distribution (bullseye), these problems have been fixed in version 2.34.4-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1251",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.1"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "8.3"
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "8.3"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "tvos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021217"
},
{
"db": "NVD",
"id": "CVE-2021-30936"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
}
],
"trust": 0.3
},
"cve": "CVE-2021-30936",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-30936",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-390669",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-30936",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-30936",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-30936",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-30936",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-2034",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-390669",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-30936",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390669"
},
{
"db": "VULMON",
"id": "CVE-2021-30936"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021217"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2034"
},
{
"db": "NVD",
"id": "CVE-2021-30936"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. apple\u0027s Safari Products from multiple vendors, including Microsoft, contain freed memory usage vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. (CVE-2020-27918)\n\"Clear History and Website Data\" did not clear the history. A user may be unable to fully delete browsing history. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1789)\nA port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870)\nA use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\nA use-after-free vulnerability exists in the way Webkit\u0027s GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779)\nAn exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. The victim needs to visit a malicious web site to trigger the vulnerability. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30661)\nAn integer overflow was addressed with improved input validation. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30799)\nA use-after-free flaw was found in WebKitGTK. (CVE-2021-30809)\nA confusion type flaw was found in WebKitGTK. (CVE-2021-30818)\nAn out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30887)\nAn information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888)\nA buffer overflow flaw was found in WebKitGTK. (CVE-2021-30951)\nAn integer overflow was addressed with improved input validation. (CVE-2021-30952)\nAn out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30984)\n** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912)\nBubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762)\nA segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-26719)\nIn WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. An app may be able to disclose kernel memory. Visiting a website that frames malicious content may lead to UI spoofing. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-46700)\nA flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529)\nA use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358)\nA use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360)\nA use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361)\nA use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362)\nA use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363)\nThe vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932)\nThe vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954)\nAn out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373)\nN/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-12-15-6 watchOS 8.3\n\nwatchOS 8.3 addresses the following issues. \nCVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab\n\nCFNetwork Proxies\nAvailable for: Apple Watch Series 3 and later\nImpact: User traffic might unexpectedly be leaked to a proxy server\ndespite PAC configurations\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: Apple Watch Series 3 and later\nImpact: Playing a malicious audio file may lead to arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab\n\nCrash Reporter\nAvailable for: Apple Watch Series 3 and later\nImpact: A local attacker may be able to elevate their privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year\nLab, Mickey Jin (@patch1t) of Trend Micro\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30916: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2021-30937: Sergei Glazunov of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30927: Xinru Chi of Pangu Lab\nCVE-2021-30980: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30949: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30955: Zweig of Kunlun Lab\n\nPreferences\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A validation issue related to hard link behavior was\naddressed with improved sandbox restrictions. \nCVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30946: @gorelics\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to access a user\u0027s files\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30767: @gorelics\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: An inherited permissions issue was addressed with\nadditional restrictions. \nCVE-2021-30954: Kunlun Lab\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Haram Park, Korea University for their\nassistance. \n\nColorSync\nWe would like to acknowledge Mateusz Jurczyk of Google Project Zero\nfor their assistance. \n\nContacts\nWe would like to acknowledge Minchan Park (03stin) for their\nassistance. \n\nKernel\nWe would like to acknowledge Amit Klein of Bar-Ilan University\u0027s\nCenter for Research in Applied Cryptography and Cyber Security for\ntheir assistance. \n\nWebKit\nWe would like to acknowledge Peter Snyder of Brave and Soroush Karami\nfor their assistance. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p\nrhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn\nwkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1\neG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh\nTL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj\nt1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+\nwlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz\nxnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS\nrwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj\nFPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj\nzn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI\n1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+\n-----END PGP SIGNATURE-----\n\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202202-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: February 01, 2022\n Bugs: #779175, #801400, #813489, #819522, #820434, #829723,\n #831739\n ID: 202202-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.34.4 \u003e= 2.34.4\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in WebkitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.34.4\"\n\nReferences\n=========\n[ 1 ] CVE-2021-30848\n https://nvd.nist.gov/vuln/detail/CVE-2021-30848\n[ 2 ] CVE-2021-30888\n https://nvd.nist.gov/vuln/detail/CVE-2021-30888\n[ 3 ] CVE-2021-30682\n https://nvd.nist.gov/vuln/detail/CVE-2021-30682\n[ 4 ] CVE-2021-30889\n https://nvd.nist.gov/vuln/detail/CVE-2021-30889\n[ 5 ] CVE-2021-30666\n https://nvd.nist.gov/vuln/detail/CVE-2021-30666\n[ 6 ] CVE-2021-30665\n https://nvd.nist.gov/vuln/detail/CVE-2021-30665\n[ 7 ] CVE-2021-30890\n https://nvd.nist.gov/vuln/detail/CVE-2021-30890\n[ 8 ] CVE-2021-30661\n https://nvd.nist.gov/vuln/detail/CVE-2021-30661\n[ 9 ] WSA-2021-0005\n https://webkitgtk.org/security/WSA-2021-0005.html\n[ 10 ] CVE-2021-30761\n https://nvd.nist.gov/vuln/detail/CVE-2021-30761\n[ 11 ] CVE-2021-30897\n https://nvd.nist.gov/vuln/detail/CVE-2021-30897\n[ 12 ] CVE-2021-30823\n https://nvd.nist.gov/vuln/detail/CVE-2021-30823\n[ 13 ] CVE-2021-30734\n https://nvd.nist.gov/vuln/detail/CVE-2021-30734\n[ 14 ] CVE-2021-30934\n https://nvd.nist.gov/vuln/detail/CVE-2021-30934\n[ 15 ] CVE-2021-1871\n https://nvd.nist.gov/vuln/detail/CVE-2021-1871\n[ 16 ] CVE-2021-30762\n https://nvd.nist.gov/vuln/detail/CVE-2021-30762\n[ 17 ] WSA-2021-0006\n https://webkitgtk.org/security/WSA-2021-0006.html\n[ 18 ] CVE-2021-30797\n https://nvd.nist.gov/vuln/detail/CVE-2021-30797\n[ 19 ] CVE-2021-30936\n https://nvd.nist.gov/vuln/detail/CVE-2021-30936\n[ 20 ] CVE-2021-30663\n https://nvd.nist.gov/vuln/detail/CVE-2021-30663\n[ 21 ] CVE-2021-1825\n https://nvd.nist.gov/vuln/detail/CVE-2021-1825\n[ 22 ] CVE-2021-30951\n https://nvd.nist.gov/vuln/detail/CVE-2021-30951\n[ 23 ] CVE-2021-30952\n https://nvd.nist.gov/vuln/detail/CVE-2021-30952\n[ 24 ] CVE-2021-1788\n https://nvd.nist.gov/vuln/detail/CVE-2021-1788\n[ 25 ] CVE-2021-1820\n https://nvd.nist.gov/vuln/detail/CVE-2021-1820\n[ 26 ] CVE-2021-30953\n https://nvd.nist.gov/vuln/detail/CVE-2021-30953\n[ 27 ] CVE-2021-30749\n https://nvd.nist.gov/vuln/detail/CVE-2021-30749\n[ 28 ] CVE-2021-30849\n https://nvd.nist.gov/vuln/detail/CVE-2021-30849\n[ 29 ] CVE-2021-1826\n https://nvd.nist.gov/vuln/detail/CVE-2021-1826\n[ 30 ] CVE-2021-30836\n https://nvd.nist.gov/vuln/detail/CVE-2021-30836\n[ 31 ] CVE-2021-30954\n https://nvd.nist.gov/vuln/detail/CVE-2021-30954\n[ 32 ] CVE-2021-30984\n https://nvd.nist.gov/vuln/detail/CVE-2021-30984\n[ 33 ] CVE-2021-30851\n https://nvd.nist.gov/vuln/detail/CVE-2021-30851\n[ 34 ] CVE-2021-30758\n https://nvd.nist.gov/vuln/detail/CVE-2021-30758\n[ 35 ] CVE-2021-42762\n https://nvd.nist.gov/vuln/detail/CVE-2021-42762\n[ 36 ] CVE-2021-1844\n https://nvd.nist.gov/vuln/detail/CVE-2021-1844\n[ 37 ] CVE-2021-30689\n https://nvd.nist.gov/vuln/detail/CVE-2021-30689\n[ 38 ] CVE-2021-45482\n https://nvd.nist.gov/vuln/detail/CVE-2021-45482\n[ 39 ] CVE-2021-30858\n https://nvd.nist.gov/vuln/detail/CVE-2021-30858\n[ 40 ] CVE-2021-21779\n https://nvd.nist.gov/vuln/detail/CVE-2021-21779\n[ 41 ] WSA-2021-0004\n https://webkitgtk.org/security/WSA-2021-0004.html\n[ 42 ] CVE-2021-30846\n https://nvd.nist.gov/vuln/detail/CVE-2021-30846\n[ 43 ] CVE-2021-30744\n https://nvd.nist.gov/vuln/detail/CVE-2021-30744\n[ 44 ] CVE-2021-30809\n https://nvd.nist.gov/vuln/detail/CVE-2021-30809\n[ 45 ] CVE-2021-30884\n https://nvd.nist.gov/vuln/detail/CVE-2021-30884\n[ 46 ] CVE-2021-30720\n https://nvd.nist.gov/vuln/detail/CVE-2021-30720\n[ 47 ] CVE-2021-30799\n https://nvd.nist.gov/vuln/detail/CVE-2021-30799\n[ 48 ] CVE-2021-30795\n https://nvd.nist.gov/vuln/detail/CVE-2021-30795\n[ 49 ] CVE-2021-1817\n https://nvd.nist.gov/vuln/detail/CVE-2021-1817\n[ 50 ] CVE-2021-21775\n https://nvd.nist.gov/vuln/detail/CVE-2021-21775\n[ 51 ] CVE-2021-30887\n https://nvd.nist.gov/vuln/detail/CVE-2021-30887\n[ 52 ] CVE-2021-21806\n https://nvd.nist.gov/vuln/detail/CVE-2021-21806\n[ 53 ] CVE-2021-30818\n https://nvd.nist.gov/vuln/detail/CVE-2021-30818\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202202-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2022:1777-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1777\nIssue date: 2022-05-10\nCVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 \n CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 \n CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 \n CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 \n CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 \n CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 \n CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 \n CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 \n CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 \n CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 \n=====================================================================\n\n1. Summary:\n\nAn update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nWebKitGTK is the port of the portable web rendering engine WebKit to the\nGTK platform. \n\nThe following packages have been upgraded to a later upstream version:\nwebkit2gtk3 (2.34.6). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.6 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nwebkit2gtk3-2.34.6-1.el8.src.rpm\n\naarch64:\nwebkit2gtk3-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\n\nppc64le:\nwebkit2gtk3-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\n\ns390x:\nwebkit2gtk3-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm\n\nx86_64:\nwebkit2gtk3-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-30809\nhttps://access.redhat.com/security/cve/CVE-2021-30818\nhttps://access.redhat.com/security/cve/CVE-2021-30823\nhttps://access.redhat.com/security/cve/CVE-2021-30836\nhttps://access.redhat.com/security/cve/CVE-2021-30846\nhttps://access.redhat.com/security/cve/CVE-2021-30848\nhttps://access.redhat.com/security/cve/CVE-2021-30849\nhttps://access.redhat.com/security/cve/CVE-2021-30851\nhttps://access.redhat.com/security/cve/CVE-2021-30884\nhttps://access.redhat.com/security/cve/CVE-2021-30887\nhttps://access.redhat.com/security/cve/CVE-2021-30888\nhttps://access.redhat.com/security/cve/CVE-2021-30889\nhttps://access.redhat.com/security/cve/CVE-2021-30890\nhttps://access.redhat.com/security/cve/CVE-2021-30897\nhttps://access.redhat.com/security/cve/CVE-2021-30934\nhttps://access.redhat.com/security/cve/CVE-2021-30936\nhttps://access.redhat.com/security/cve/CVE-2021-30951\nhttps://access.redhat.com/security/cve/CVE-2021-30952\nhttps://access.redhat.com/security/cve/CVE-2021-30953\nhttps://access.redhat.com/security/cve/CVE-2021-30954\nhttps://access.redhat.com/security/cve/CVE-2021-30984\nhttps://access.redhat.com/security/cve/CVE-2021-45481\nhttps://access.redhat.com/security/cve/CVE-2021-45482\nhttps://access.redhat.com/security/cve/CVE-2021-45483\nhttps://access.redhat.com/security/cve/CVE-2022-22589\nhttps://access.redhat.com/security/cve/CVE-2022-22590\nhttps://access.redhat.com/security/cve/CVE-2022-22592\nhttps://access.redhat.com/security/cve/CVE-2022-22594\nhttps://access.redhat.com/security/cve/CVE-2022-22620\nhttps://access.redhat.com/security/cve/CVE-2022-22637\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.34.4-1~deb10u1. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.34.4-1~deb11u1. \n\nWe recommend that you upgrade your webkit2gtk packages",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-30936"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021217"
},
{
"db": "VULHUB",
"id": "VHN-390669"
},
{
"db": "VULMON",
"id": "CVE-2021-30936"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "169195"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-30936",
"trust": 4.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/21/2",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "167037",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165360",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021217",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022012631",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121510",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121434",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051140",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012301",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0371",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0899",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4260",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0405",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2034",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "165359",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165358",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-390669",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-30936",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165794",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169186",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169195",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390669"
},
{
"db": "VULMON",
"id": "CVE-2021-30936"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021217"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2034"
},
{
"db": "NVD",
"id": "CVE-2021-30936"
}
]
},
"id": "VAR-202108-1251",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-390669"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:17:27.986000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212980 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://www.debian.org/security/2022/dsa-5060"
},
{
"title": "Apple macOS Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175805"
},
{
"title": "Red Hat: CVE-2021-30936",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-30936"
},
{
"title": "Debian Security Advisories: DSA-5060-1 webkit2gtk -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=743b4956bba0b69beefec691bcb80a4f"
},
{
"title": "Debian Security Advisories: DSA-5061-1 wpewebkit -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=de655d6c12336519b9a7054c0eb4670d"
},
{
"title": "Amazon Linux 2: ALAS2-2023-2088",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-2088"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-30936"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021217"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2034"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390669"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021217"
},
{
"db": "NVD",
"id": "CVE-2021-30936"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.openwall.com/lists/oss-security/2022/01/21/2"
},
{
"trust": 2.4,
"url": "https://support.apple.com/en-us/ht212976"
},
{
"trust": 2.4,
"url": "https://support.apple.com/en-us/ht212982"
},
{
"trust": 1.9,
"url": "https://www.debian.org/security/2022/dsa-5060"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2022/dsa-5061"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212975"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212978"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212980"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30936"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-30936"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30984"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30953"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30952"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30951"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30954"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30934"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0371"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-37064"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167037/red-hat-security-advisory-2022-1777-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121510"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkitgtk-multiple-vulnerabilities-37345"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051140"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4260"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0405"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121434"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0899"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165360/apple-security-advisory-2021-12-15-7.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012301"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012631"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30966"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30926"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30957"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30958"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30960"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30916"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30945"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30939"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30955"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30937"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30980"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30949"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30947"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30887"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30884"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30890"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30818"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45482"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30809"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30889"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30823"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30888"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30836"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2023-2088.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30995"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212980."
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212975."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30767"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30964"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212982."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1820"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30762"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0005.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30758"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21779"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202202-01"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1871"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30795"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30661"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30666"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30689"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0004.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0006.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21806"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22592"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22637"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30809"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30846"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30890"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22620"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30887"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30952"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22590"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30848"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45483"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30849"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30836"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45481"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30818"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30951"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30984"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30954"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22590"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30884"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/webkit2gtk"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/wpewebkit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390669"
},
{
"db": "VULMON",
"id": "CVE-2021-30936"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021217"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2034"
},
{
"db": "NVD",
"id": "CVE-2021-30936"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-390669"
},
{
"db": "VULMON",
"id": "CVE-2021-30936"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021217"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2034"
},
{
"db": "NVD",
"id": "CVE-2021-30936"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-390669"
},
{
"date": "2021-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30936"
},
{
"date": "2024-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-021217"
},
{
"date": "2021-12-17T19:19:55",
"db": "PACKETSTORM",
"id": "165358"
},
{
"date": "2021-12-17T19:20:06",
"db": "PACKETSTORM",
"id": "165359"
},
{
"date": "2021-12-17T19:23:27",
"db": "PACKETSTORM",
"id": "165360"
},
{
"date": "2022-02-01T17:03:05",
"db": "PACKETSTORM",
"id": "165794"
},
{
"date": "2022-05-11T15:50:41",
"db": "PACKETSTORM",
"id": "167037"
},
{
"date": "2022-01-28T20:12:00",
"db": "PACKETSTORM",
"id": "169186"
},
{
"date": "2022-01-28T20:12:00",
"db": "PACKETSTORM",
"id": "169195"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2034"
},
{
"date": "2021-08-24T19:15:20.797000",
"db": "NVD",
"id": "CVE-2021-30936"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-19T00:00:00",
"db": "VULHUB",
"id": "VHN-390669"
},
{
"date": "2022-02-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30936"
},
{
"date": "2024-07-18T08:50:00",
"db": "JVNDB",
"id": "JVNDB-2021-021217"
},
{
"date": "2022-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2034"
},
{
"date": "2023-11-07T03:33:56.617000",
"db": "NVD",
"id": "CVE-2021-30936"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2034"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0Safari\u00a0 Vulnerability related to use of freed memory in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021217"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2034"
}
],
"trust": 0.6
}
}
var-202005-0223
Vulnerability from variot
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. SQLite There is an unspecified vulnerability in.Information may be tampered with. SQLite is an open source embedded relational database management system based on C language developed by American D.Richard Hipp software developer. The system has the characteristics of independence, isolation and cross-platform. An attacker could exploit this vulnerability to rename the virtual form to the name of one of the shadow forms. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: mingw packages security and bug fix update Advisory ID: RHSA-2021:1968-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1968 Issue date: 2021-05-18 CVE Names: CVE-2019-16168 CVE-2020-13434 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 ==================================================================== 1. Summary:
An update for mingw-binutils, mingw-bzip2, mingw-filesystem, and mingw-sqlite is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
MinGW is a free and open source software development environment to create Microsoft Windows applications.
The following packages have been upgraded to a later upstream version: mingw-sqlite (3.26.0.0).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat CodeReady Linux Builder (v. 8):
Source: mingw-binutils-2.30-3.el8.src.rpm mingw-bzip2-1.0.6-14.el8.src.rpm mingw-filesystem-104-2.el8.src.rpm mingw-sqlite-3.26.0.0-1.el8.src.rpm
aarch64: mingw-binutils-debuginfo-2.30-3.el8.aarch64.rpm mingw-binutils-debugsource-2.30-3.el8.aarch64.rpm mingw-binutils-generic-2.30-3.el8.aarch64.rpm mingw-binutils-generic-debuginfo-2.30-3.el8.aarch64.rpm mingw32-binutils-2.30-3.el8.aarch64.rpm mingw32-binutils-debuginfo-2.30-3.el8.aarch64.rpm mingw64-binutils-2.30-3.el8.aarch64.rpm mingw64-binutils-debuginfo-2.30-3.el8.aarch64.rpm
noarch: mingw-filesystem-base-104-2.el8.noarch.rpm mingw32-bzip2-1.0.6-14.el8.noarch.rpm mingw32-bzip2-debuginfo-1.0.6-14.el8.noarch.rpm mingw32-bzip2-static-1.0.6-14.el8.noarch.rpm mingw32-filesystem-104-2.el8.noarch.rpm mingw32-sqlite-3.26.0.0-1.el8.noarch.rpm mingw32-sqlite-debuginfo-3.26.0.0-1.el8.noarch.rpm mingw32-sqlite-static-3.26.0.0-1.el8.noarch.rpm mingw64-bzip2-1.0.6-14.el8.noarch.rpm mingw64-bzip2-debuginfo-1.0.6-14.el8.noarch.rpm mingw64-bzip2-static-1.0.6-14.el8.noarch.rpm mingw64-filesystem-104-2.el8.noarch.rpm mingw64-sqlite-3.26.0.0-1.el8.noarch.rpm mingw64-sqlite-debuginfo-3.26.0.0-1.el8.noarch.rpm mingw64-sqlite-static-3.26.0.0-1.el8.noarch.rpm
ppc64le: mingw-binutils-debuginfo-2.30-3.el8.ppc64le.rpm mingw-binutils-debugsource-2.30-3.el8.ppc64le.rpm mingw-binutils-generic-2.30-3.el8.ppc64le.rpm mingw-binutils-generic-debuginfo-2.30-3.el8.ppc64le.rpm mingw32-binutils-2.30-3.el8.ppc64le.rpm mingw32-binutils-debuginfo-2.30-3.el8.ppc64le.rpm mingw64-binutils-2.30-3.el8.ppc64le.rpm mingw64-binutils-debuginfo-2.30-3.el8.ppc64le.rpm
s390x: mingw-binutils-debuginfo-2.30-3.el8.s390x.rpm mingw-binutils-debugsource-2.30-3.el8.s390x.rpm mingw-binutils-generic-2.30-3.el8.s390x.rpm mingw-binutils-generic-debuginfo-2.30-3.el8.s390x.rpm mingw32-binutils-2.30-3.el8.s390x.rpm mingw32-binutils-debuginfo-2.30-3.el8.s390x.rpm mingw64-binutils-2.30-3.el8.s390x.rpm mingw64-binutils-debuginfo-2.30-3.el8.s390x.rpm
x86_64: mingw-binutils-debuginfo-2.30-3.el8.x86_64.rpm mingw-binutils-debugsource-2.30-3.el8.x86_64.rpm mingw-binutils-generic-2.30-3.el8.x86_64.rpm mingw-binutils-generic-debuginfo-2.30-3.el8.x86_64.rpm mingw32-binutils-2.30-3.el8.x86_64.rpm mingw32-binutils-debuginfo-2.30-3.el8.x86_64.rpm mingw64-binutils-2.30-3.el8.x86_64.rpm mingw64-binutils-debuginfo-2.30-3.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
iOS 14.0 and iPadOS 14.0 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT211850.
AppleAVD Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to cause unexpected system termination or write kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9958: Mohamed Ghannam (@_simo36)
Assets Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An attacker may be able to misuse a trust relationship to download malicious content Description: A trust issue was addressed by removing a legacy API. CVE-2020-9979: CodeColorist of LightYear Security Lab of AntGroup Entry updated November 12, 2020
Audio Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab Entry added November 12, 2020
Audio Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab Entry added November 12, 2020
CoreAudio Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Playing a malicious audio file may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2020-9954: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Group Light-Year Security Lab Entry added November 12, 2020
CoreCapture Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9949: Proteas Entry added November 12, 2020
Disk Images Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9965: Proteas CVE-2020-9966: Proteas Entry added November 12, 2020
Icons Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to identify what other applications a user has installed Description: The issue was addressed with improved handling of icon caches. CVE-2020-9773: Chilik Tamir of Zimperium zLabs
IDE Device Support Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network Description: This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. CVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen of Zimperium zLabs Entry updated September 17, 2020
ImageIO Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab Entry added November 12, 2020
ImageIO Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9876: Mickey Jin of Trend Micro Entry added November 12, 2020
IOSurfaceAccelerator Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A local user may be able to read kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03)
Kernel Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel Description: A routing issue was addressed with improved restrictions. CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall Entry added November 12, 2020
Keyboard Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved state management. CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany
libxml2 Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9981: found by OSS-Fuzz Entry added November 12, 2020
Mail Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A remote attacker may be able to unexpectedly alter application state Description: This issue was addressed with improved checks. CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences Entry added November 12, 2020
Messages Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A local user may be able to discover a user’s deleted messages Description: The issue was addressed with improved deletion. CVE-2020-9988: William Breuer of the Netherlands CVE-2020-9989: von Brunn Media Entry added November 12, 2020
Model I/O Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-13520: Aleksandar Nikolic of Cisco Talos Entry added November 12, 2020
Model I/O Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2020-6147: Aleksandar Nikolic of Cisco Talos CVE-2020-9972: Aleksandar Nikolic of Cisco Talos Entry added November 12, 2020
Model I/O Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9973: Aleksandar Nikolic of Cisco Talos
NetworkExtension Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to elevate privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and Mickey Jin of Trend Micro Entry added November 12, 2020
Phone Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: The screen lock may not engage after the specified time period Description: This issue was addressed with improved checks. CVE-2020-9946: Daniel Larsson of iolight AB
Quick Look Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious app may be able to determine the existence of files on the computer Description: The issue was addressed with improved handling of icon caches. CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security Entry added November 12, 2020
Safari Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to determine a user's open tabs in Safari Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. CVE-2020-9977: Josh Parnham (@joshparnham) Entry added November 12, 2020
Safari Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Visiting a malicious website may lead to address bar spoofing Description: The issue was addressed with improved UI handling. CVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba, Piotr Duszynski Entry added November 12, 2020
Sandbox Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A local user may be able to view senstive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog) Entry added November 12, 2020
Sandbox Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to access restricted files Description: A logic issue was addressed with improved restrictions. CVE-2020-9968: Adam Chester (@xpn) of TrustedSec Entry updated September 17, 2020
Siri Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A person with physical access to an iOS device may be able to view notification contents from the lockscreen Description: A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management. CVE-2020-9959: an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, Andrew Goldberg The University of Texas at Austin, McCombs School of Business, Meli̇h Kerem Güneş of Li̇v College, Sinan Gulguler
SQLite Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-13434 CVE-2020-13435 CVE-2020-9991 Entry added November 12, 2020
SQLite Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A remote attacker may be able to leak memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-9849 Entry added November 12, 2020
SQLite Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating SQLite to version 3.32.3. CVE-2020-15358 Entry added November 12, 2020
SQLite Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A maliciously crafted SQL query may lead to data corruption Description: This issue was addressed with improved checks. CVE-2020-13631 Entry added November 12, 2020
SQLite Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-13630 Entry added November 12, 2020
WebKit Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9947: cc working with Trend Micro Zero Day Initiative CVE-2020-9950: cc working with Trend Micro Zero Day Initiative CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos Entry added November 12, 2020
WebKit Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing maliciously crafted web content may lead to code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9983: zhunki Entry added November 12, 2020
WebKit Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-9952: Ryan Pickren (ryanpickren.com)
Wi-Fi Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2020-10013: Yu Wang of Didi Research America Entry added November 12, 2020
Additional recognition
App Store We would like to acknowledge Giyas Umarov of Holmdel High School for their assistance.
Audio We would like to acknowledge JunDong Xie and XingWei Lin of Ant- financial Light-Year Security Lab for their assistance. Entry added November 12, 2020
Bluetooth We would like to acknowledge Andy Davis of NCC Group and Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance.
CallKit We would like to acknowledge Federico Zanetello for their assistance.
CarPlay We would like to acknowledge an anonymous researcher for their assistance.
Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Entry added November 12, 2020
Core Location We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.
debugserver We would like to acknowledge Linus Henze (pinauten.de) for their assistance.
iAP We would like to acknowledge Andy Davis of NCC Group for their assistance.
iBoot We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.
Kernel We would like to acknowledge Brandon Azad of Google Project Zero, Stephen Röttger of Google for their assistance. Entry updated November 12, 2020
libarchive We would like to acknowledge Dzmitry Plotnikau and an anonymous researcher for their assistance.
lldb We would like to acknowledge Linus Henze (pinauten.de) for their assistance. Entry added November 12, 2020
Location Framework We would like to acknowledge Nicolas Brunner (linkedin.com/in/nicolas-brunner-651bb4128) for their assistance. Entry updated October 19, 2020
Mail We would like to acknowledge an anonymous researcher for their assistance. Entry added November 12, 2020
Mail Drafts We would like to acknowledge Jon Bottarini of HackerOne for their assistance. Entry added November 12, 2020
Maps We would like to acknowledge Matthew Dolan of Amazon Alexa for their assistance.
NetworkExtension We would like to acknowledge Thijs Alkemade of Computest and ‘Qubo Song’ of ‘Symantec, a division of Broadcom’ for their assistance.
Phone Keypad We would like to acknowledge Hasan Fahrettin Kaya of Akdeniz University, an anonymous researcher for their assistance. Entry updated November 12, 2020
Safari We would like to acknowledge Andreas Gutmann (@KryptoAndI) of OneSpan's Innovation Centre (onespan.com) and University College London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre (onespan.com) and University College London, Jack Cable of Lightning Security, Ryan Pickren (ryanpickren.com), Yair Amit for their assistance. Entry added November 12, 2020
Safari Reader We would like to acknowledge Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance. Entry added November 12, 2020
Security We would like to acknowledge Christian Starkjohann of Objective Development Software GmbH for their assistance. Entry added November 12, 2020
Status Bar We would like to acknowledge Abdul M. Majumder, Abdullah Fasihallah of Taif university, Adwait Vikas Bhide, Frederik Schmid, Nikita, and an anonymous researcher for their assistance.
Telephony We would like to acknowledge Onur Can Bıkmaz, Vodafone Turkey @canbkmaz, Yiğit Can YILMAZ (@yilmazcanyigit), an anonymous researcher for their assistance. Entry updated November 12, 2020
UIKit We would like to acknowledge Borja Marcos of Sarenet, Simon de Vegt, and Talal Haj Bakry (@hajbakri) and Tommy Mysk (@tommymysk) of Mysk Inc for their assistance.
Web App We would like to acknowledge Augusto Alvarez of Outcourse Limited for their assistance.
WebKit We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance. Entry added November 12, 2020
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "iOS 14.0 and iPadOS 14.0".
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxqgACgkQZcsbuWJ6 jjBhIhAAhLzDSjgjVzG0JLzEerhFBcAWQ1G8ogmIdxuC0aQfvxO4V1NriKzUcmsZ UgQCEdN4kzfLsj3KeuwSeq0pg2CX1eZdgY/FyuOBRzljsmGPXJgkyYapJww6mC8n 7jeJazKusiyaRmScLYDwvbOQGlaqCfu6HrM9umMpLfwPGjFqe/gz8jyxohdVZx9t pNC0g9l37dVJIvFRc1mAm9HAnIQoL8CDOEd96jVYiecB8xk0X6CwjZ7nGzYJc5LZ A54EaN0dDz+8q8jgylmAd8xkA8Pgdsxw+LWDr1TxPuu3XIzYa98S1AsItK2eiWx8 pIhrzVZ3fk1w3+W/cSWrgzUq4ouijWcWw9dmVgxmzv9ldL/pS+wIgFsYLJm4xHAp PH+9p3JmMQks9BWgr3h+NEcJwCUm5J7y0PNuCnQL2iKzn4jikqgfCXHZOidkPV3t KjeeIFX30AGI7cUqhRl9GbRn8l5SA4pbd4a0Y5df1PgkDjSXxw91Z1+5S15Qfrzs K8pBlPH37yU3aqMEvxBsN5Fd7vdFdA+pV/aWG5tw4pUlZJC25c50w1ZW0vrnsisg /isPJqXhUWiGAfQ7s5W6W3AMs4PyvRjY+7zzGiHAd+wNkUNwVTbXvKP4W4n/vGH8 uARpQRQsureymLerXpVTwH8ZoeDEeZZwaqNHTQKg/M9ifAZPZUA= =WdqR -----END PGP SIGNATURE-----
.
Bug Fix(es): * NVD feed fixed in Clair-v2 (clair-jwt image)
- Solution:
Download the release images via:
quay.io/redhat/quay:v3.3.3 quay.io/redhat/clair-jwt:v3.3.3 quay.io/redhat/quay-builder:v3.3.3 quay.io/redhat/clair:v3.3.3
- Bugs fixed (https://bugzilla.redhat.com/):
1905758 - CVE-2020-27831 quay: email notifications authorization bypass 1905784 - CVE-2020-27832 quay: persistent XSS in repository notification display
- JIRA issues fixed (https://issues.jboss.org/):
PROJQUAY-1124 - NVD feed is broken for latest Clair v2 version
- Summary:
Release of OpenShift Serverless 1.11.0
- Solution:
See the documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.6/html/serverless_applications/index
- Bugs fixed (https://bugzilla.redhat.com/):
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1889831 - Release of OpenShift Serverless Serving 1.11.0 1889833 - Release of OpenShift Serverless Eventing 1.11.0
Bug Fix(es):
-
Configuring the system with non-RT kernel will hang the system (BZ#1923220)
-
Bugs fixed (https://bugzilla.redhat.com/):
1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service
- JIRA issues fixed (https://issues.jboss.org/):
CNF-802 - Infrastructure-provided enablement/disablement of interrupt processing for guaranteed pod CPUs CNF-854 - Performance tests in CNF Tests
- Gentoo Linux Security Advisory GLSA 202007-26
https://security.gentoo.org/
Severity: Normal Title: SQLite: Multiple vulnerabilities Date: July 27, 2020 Bugs: #716748 ID: 202007-26
Synopsis
Multiple vulnerabilities have been found in SQLite, the worst of which could result in the arbitrary execution of code.
Background
SQLite is a C library that implements an SQL database engine.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-db/sqlite < 3.32.3 >= 3.32.3
Description
Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All SQLite users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">\xdev-db/sqlite-3.32.3"
References
[ 1 ] CVE-2019-20218 https://nvd.nist.gov/vuln/detail/CVE-2019-20218 [ 2 ] CVE-2020-11655 https://nvd.nist.gov/vuln/detail/CVE-2020-11655 [ 3 ] CVE-2020-11656 https://nvd.nist.gov/vuln/detail/CVE-2020-11656 [ 4 ] CVE-2020-13434 https://nvd.nist.gov/vuln/detail/CVE-2020-13434 [ 5 ] CVE-2020-13435 https://nvd.nist.gov/vuln/detail/CVE-2020-13435 [ 6 ] CVE-2020-13630 https://nvd.nist.gov/vuln/detail/CVE-2020-13630 [ 7 ] CVE-2020-13631 https://nvd.nist.gov/vuln/detail/CVE-2020-13631 [ 8 ] CVE-2020-13632 https://nvd.nist.gov/vuln/detail/CVE-2020-13632 [ 9 ] CVE-2020-13871 https://nvd.nist.gov/vuln/detail/CVE-2020-13871 [ 10 ] CVE-2020-15358 https://nvd.nist.gov/vuln/detail/CVE-2020-15358
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202007-26
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The compliance-operator image updates are now available for OpenShift Container Platform 4.6.
Bug Fix(es):
-
Aggregator pod tries to parse ConfigMaps without results (BZ#1899479)
-
The compliancesuite object returns error with ocp4-cis tailored profile (BZ#1902251)
-
The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object (BZ#1902634)
-
[OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object (BZ#1907414)
-
The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator (BZ#1908991)
-
Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" (BZ#1909081)
-
[OCP v46] Always update the default profilebundles on Compliance operator startup (BZ#1909122)
-
Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
1899479 - Aggregator pod tries to parse ConfigMaps without results 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902251 - The compliancesuite object returns error with ocp4-cis tailored profile 1902634 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object 1907414 - [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object 1908991 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator 1909081 - Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" 1909122 - [OCP v46] Always update the default profilebundles on Compliance operator startup
Alternatively, on your watch, select "My Watch > General > About"
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0223",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.0"
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.0"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.5"
},
{
"model": "fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "brocade",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.5"
},
{
"model": "hci compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "itunes",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.10.9"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "20.04"
},
{
"model": "sqlite",
"scope": "lt",
"trust": 1.0,
"vendor": "sqlite",
"version": "3.32.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.10"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "7.0"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.4"
},
{
"model": "solidfire\\, enterprise sds \\\u0026 hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "sqlite",
"scope": "eq",
"trust": 0.8,
"vendor": "sqlite",
"version": "3.32.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005730"
},
{
"db": "NVD",
"id": "CVE-2020-13631"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:sqlite:sqlite",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005730"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162659"
},
{
"db": "PACKETSTORM",
"id": "160889"
},
{
"db": "PACKETSTORM",
"id": "160125"
},
{
"db": "PACKETSTORM",
"id": "161548"
},
{
"db": "PACKETSTORM",
"id": "161016"
}
],
"trust": 0.5
},
"cve": "CVE-2020-13631",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-13631",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005730",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-166429",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2020-13631",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005730",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-13631",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-005730",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULHUB",
"id": "VHN-166429",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-166429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005730"
},
{
"db": "NVD",
"id": "CVE-2020-13631"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. SQLite There is an unspecified vulnerability in.Information may be tampered with. SQLite is an open source embedded relational database management system based on C language developed by American D.Richard Hipp software developer. The system has the characteristics of independence, isolation and cross-platform. An attacker could exploit this vulnerability to rename the virtual form to the name of one of the shadow forms. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: mingw packages security and bug fix update\nAdvisory ID: RHSA-2021:1968-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1968\nIssue date: 2021-05-18\nCVE Names: CVE-2019-16168 CVE-2020-13434 CVE-2020-13630\n CVE-2020-13631 CVE-2020-13632\n====================================================================\n1. Summary:\n\nAn update for mingw-binutils, mingw-bzip2, mingw-filesystem, and\nmingw-sqlite is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nMinGW is a free and open source software development environment to create\nMicrosoft Windows applications. \n\nThe following packages have been upgraded to a later upstream version:\nmingw-sqlite (3.26.0.0). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat CodeReady Linux Builder (v. 8):\n\nSource:\nmingw-binutils-2.30-3.el8.src.rpm\nmingw-bzip2-1.0.6-14.el8.src.rpm\nmingw-filesystem-104-2.el8.src.rpm\nmingw-sqlite-3.26.0.0-1.el8.src.rpm\n\naarch64:\nmingw-binutils-debuginfo-2.30-3.el8.aarch64.rpm\nmingw-binutils-debugsource-2.30-3.el8.aarch64.rpm\nmingw-binutils-generic-2.30-3.el8.aarch64.rpm\nmingw-binutils-generic-debuginfo-2.30-3.el8.aarch64.rpm\nmingw32-binutils-2.30-3.el8.aarch64.rpm\nmingw32-binutils-debuginfo-2.30-3.el8.aarch64.rpm\nmingw64-binutils-2.30-3.el8.aarch64.rpm\nmingw64-binutils-debuginfo-2.30-3.el8.aarch64.rpm\n\nnoarch:\nmingw-filesystem-base-104-2.el8.noarch.rpm\nmingw32-bzip2-1.0.6-14.el8.noarch.rpm\nmingw32-bzip2-debuginfo-1.0.6-14.el8.noarch.rpm\nmingw32-bzip2-static-1.0.6-14.el8.noarch.rpm\nmingw32-filesystem-104-2.el8.noarch.rpm\nmingw32-sqlite-3.26.0.0-1.el8.noarch.rpm\nmingw32-sqlite-debuginfo-3.26.0.0-1.el8.noarch.rpm\nmingw32-sqlite-static-3.26.0.0-1.el8.noarch.rpm\nmingw64-bzip2-1.0.6-14.el8.noarch.rpm\nmingw64-bzip2-debuginfo-1.0.6-14.el8.noarch.rpm\nmingw64-bzip2-static-1.0.6-14.el8.noarch.rpm\nmingw64-filesystem-104-2.el8.noarch.rpm\nmingw64-sqlite-3.26.0.0-1.el8.noarch.rpm\nmingw64-sqlite-debuginfo-3.26.0.0-1.el8.noarch.rpm\nmingw64-sqlite-static-3.26.0.0-1.el8.noarch.rpm\n\nppc64le:\nmingw-binutils-debuginfo-2.30-3.el8.ppc64le.rpm\nmingw-binutils-debugsource-2.30-3.el8.ppc64le.rpm\nmingw-binutils-generic-2.30-3.el8.ppc64le.rpm\nmingw-binutils-generic-debuginfo-2.30-3.el8.ppc64le.rpm\nmingw32-binutils-2.30-3.el8.ppc64le.rpm\nmingw32-binutils-debuginfo-2.30-3.el8.ppc64le.rpm\nmingw64-binutils-2.30-3.el8.ppc64le.rpm\nmingw64-binutils-debuginfo-2.30-3.el8.ppc64le.rpm\n\ns390x:\nmingw-binutils-debuginfo-2.30-3.el8.s390x.rpm\nmingw-binutils-debugsource-2.30-3.el8.s390x.rpm\nmingw-binutils-generic-2.30-3.el8.s390x.rpm\nmingw-binutils-generic-debuginfo-2.30-3.el8.s390x.rpm\nmingw32-binutils-2.30-3.el8.s390x.rpm\nmingw32-binutils-debuginfo-2.30-3.el8.s390x.rpm\nmingw64-binutils-2.30-3.el8.s390x.rpm\nmingw64-binutils-debuginfo-2.30-3.el8.s390x.rpm\n\nx86_64:\nmingw-binutils-debuginfo-2.30-3.el8.x86_64.rpm\nmingw-binutils-debugsource-2.30-3.el8.x86_64.rpm\nmingw-binutils-generic-2.30-3.el8.x86_64.rpm\nmingw-binutils-generic-debuginfo-2.30-3.el8.x86_64.rpm\nmingw32-binutils-2.30-3.el8.x86_64.rpm\nmingw32-binutils-debuginfo-2.30-3.el8.x86_64.rpm\nmingw64-binutils-2.30-3.el8.x86_64.rpm\nmingw64-binutils-debuginfo-2.30-3.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-16168\nhttps://access.redhat.com/security/cve/CVE-2020-13434\nhttps://access.redhat.com/security/cve/CVE-2020-13630\nhttps://access.redhat.com/security/cve/CVE-2020-13631\nhttps://access.redhat.com/security/cve/CVE-2020-13632\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-11-13-3 Additional information for\nAPPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0\n\niOS 14.0 and iPadOS 14.0 addresses the following issues. Information\nabout the security content is also available at\nhttps://support.apple.com/HT211850. \n\nAppleAVD\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9958: Mohamed Ghannam (@_simo36)\n\nAssets\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: An attacker may be able to misuse a trust relationship to\ndownload malicious content\nDescription: A trust issue was addressed by removing a legacy API. \nCVE-2020-9979: CodeColorist of LightYear Security Lab of AntGroup\nEntry updated November 12, 2020\n\nAudio\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A malicious application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab\nEntry added November 12, 2020\n\nAudio\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab\nEntry added November 12, 2020\n\nCoreAudio\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Playing a malicious audio file may lead to arbitrary code\nexecution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2020-9954: Francis working with Trend Micro Zero Day Initiative,\nJunDong Xie of Ant Group Light-Year Security Lab\nEntry added November 12, 2020\n\nCoreCapture\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-9949: Proteas\nEntry added November 12, 2020\n\nDisk Images\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-9965: Proteas\nCVE-2020-9966: Proteas\nEntry added November 12, 2020\n\nIcons\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A malicious application may be able to identify what other\napplications a user has installed\nDescription: The issue was addressed with improved handling of icon\ncaches. \nCVE-2020-9773: Chilik Tamir of Zimperium zLabs\n\nIDE Device Support\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code on a paired device during a debug session over\nthe network\nDescription: This issue was addressed by encrypting communications\nover the network to devices running iOS 14, iPadOS 14, tvOS 14, and\nwatchOS 7. \nCVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen of Zimperium\nzLabs\nEntry updated September 17, 2020\n\nImageIO\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab\nEntry added November 12, 2020\n\nImageIO\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9876: Mickey Jin of Trend Micro\nEntry added November 12, 2020\n\nIOSurfaceAccelerator\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A local user may be able to read kernel memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03)\n\nKernel\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: An attacker in a privileged network position may be able to\ninject into active connections within a VPN tunnel\nDescription: A routing issue was addressed with improved\nrestrictions. \nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. \nCrandall\nEntry added November 12, 2020\n\nKeyboard\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany\n\nlibxml2\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-9981: found by OSS-Fuzz\nEntry added November 12, 2020\n\nMail\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A remote attacker may be able to unexpectedly alter\napplication state\nDescription: This issue was addressed with improved checks. \nCVE-2020-9941: Fabian Ising of FH M\u00fcnster University of Applied\nSciences and Damian Poddebniak of FH M\u00fcnster University of Applied\nSciences\nEntry added November 12, 2020\n\nMessages\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A local user may be able to discover a user\u2019s deleted\nmessages\nDescription: The issue was addressed with improved deletion. \nCVE-2020-9988: William Breuer of the Netherlands\nCVE-2020-9989: von Brunn Media\nEntry added November 12, 2020\n\nModel I/O\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-13520: Aleksandar Nikolic of Cisco Talos\nEntry added November 12, 2020\n\nModel I/O\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2020-6147: Aleksandar Nikolic of Cisco Talos\nCVE-2020-9972: Aleksandar Nikolic of Cisco Talos\nEntry added November 12, 2020\n\nModel I/O\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9973: Aleksandar Nikolic of Cisco Talos\n\nNetworkExtension\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and\nMickey Jin of Trend Micro\nEntry added November 12, 2020\n\nPhone\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: The screen lock may not engage after the specified time\nperiod\nDescription: This issue was addressed with improved checks. \nCVE-2020-9946: Daniel Larsson of iolight AB\n\nQuick Look\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A malicious app may be able to determine the existence of\nfiles on the computer\nDescription: The issue was addressed with improved handling of icon\ncaches. \nCVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added November 12, 2020\n\nSafari\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A malicious application may be able to determine a user\u0027s\nopen tabs in Safari\nDescription: A validation issue existed in the entitlement\nverification. This issue was addressed with improved validation of\nthe process entitlement. \nCVE-2020-9977: Josh Parnham (@joshparnham)\nEntry added November 12, 2020\n\nSafari\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: The issue was addressed with improved UI handling. \nCVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba,\nPiotr Duszynski\nEntry added November 12, 2020\n\nSandbox\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A local user may be able to view senstive user information\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2020-9969: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\nEntry added November 12, 2020\n\nSandbox\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A malicious application may be able to access restricted\nfiles\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec\nEntry updated September 17, 2020\n\nSiri\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A person with physical access to an iOS device may be able to\nview notification contents from the lockscreen\nDescription: A lock screen issue allowed access to messages on a\nlocked device. This issue was addressed with improved state\nmanagement. \nCVE-2020-9959: an anonymous researcher, an anonymous researcher, an\nanonymous researcher, an anonymous researcher, an anonymous\nresearcher, Andrew Goldberg The University of Texas at Austin,\nMcCombs School of Business, Meli\u0307h Kerem G\u00fcne\u015f of Li\u0307v College, Sinan\nGulguler\n\nSQLite\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2020-13434\nCVE-2020-13435\nCVE-2020-9991\nEntry added November 12, 2020\n\nSQLite\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A remote attacker may be able to leak memory\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2020-9849\nEntry added November 12, 2020\n\nSQLite\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Multiple issues in SQLite\nDescription: Multiple issues were addressed by updating SQLite to\nversion 3.32.3. \nCVE-2020-15358\nEntry added November 12, 2020\n\nSQLite\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A maliciously crafted SQL query may lead to data corruption\nDescription: This issue was addressed with improved checks. \nCVE-2020-13631\nEntry added November 12, 2020\n\nSQLite\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-13630\nEntry added November 12, 2020\n\nWebKit\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-9947: cc working with Trend Micro Zero Day Initiative\nCVE-2020-9950: cc working with Trend Micro Zero Day Initiative\nCVE-2020-9951: Marcin \u0027Icewall\u0027 Noga of Cisco Talos\nEntry added November 12, 2020\n\nWebKit\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9983: zhunki\nEntry added November 12, 2020\n\nWebKit\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2020-9952: Ryan Pickren (ryanpickren.com)\n\nWi-Fi\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-10013: Yu Wang of Didi Research America\nEntry added November 12, 2020\n\nAdditional recognition\n\nApp Store\nWe would like to acknowledge Giyas Umarov of Holmdel High School for\ntheir assistance. \n\nAudio\nWe would like to acknowledge JunDong Xie and XingWei Lin of Ant-\nfinancial Light-Year Security Lab for their assistance. \nEntry added November 12, 2020\n\nBluetooth\nWe would like to acknowledge Andy Davis of NCC Group and Dennis\nHeinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for\ntheir assistance. \n\nCallKit\nWe would like to acknowledge Federico Zanetello for their assistance. \n\nCarPlay\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nClang\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \nEntry added November 12, 2020\n\nCore Location\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\ndebugserver\nWe would like to acknowledge Linus Henze (pinauten.de) for their\nassistance. \n\niAP\nWe would like to acknowledge Andy Davis of NCC Group for their\nassistance. \n\niBoot\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero,\nStephen R\u00f6ttger of Google for their assistance. \nEntry updated November 12, 2020\n\nlibarchive\nWe would like to acknowledge Dzmitry Plotnikau and an anonymous\nresearcher for their assistance. \n\nlldb\nWe would like to acknowledge Linus Henze (pinauten.de) for their\nassistance. \nEntry added November 12, 2020\n\nLocation Framework\nWe would like to acknowledge Nicolas Brunner\n(linkedin.com/in/nicolas-brunner-651bb4128) for their assistance. \nEntry updated October 19, 2020\n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added November 12, 2020\n\nMail Drafts\nWe would like to acknowledge Jon Bottarini of HackerOne for their\nassistance. \nEntry added November 12, 2020\n\nMaps\nWe would like to acknowledge Matthew Dolan of Amazon Alexa for their\nassistance. \n\nNetworkExtension\nWe would like to acknowledge Thijs Alkemade of Computest and \u2018Qubo\nSong\u2019 of \u2018Symantec, a division of Broadcom\u2019 for their assistance. \n\nPhone Keypad\nWe would like to acknowledge Hasan Fahrettin Kaya of Akdeniz\nUniversity, an anonymous researcher for their assistance. \nEntry updated November 12, 2020 \n\nSafari\nWe would like to acknowledge Andreas Gutmann (@KryptoAndI) of\nOneSpan\u0027s Innovation Centre (onespan.com) and University College\nLondon, Steven J. Murdoch (@SJMurdoch) of OneSpan\u0027s Innovation Centre\n(onespan.com) and University College London, Jack Cable of Lightning\nSecurity, Ryan Pickren (ryanpickren.com), Yair Amit for their\nassistance. \nEntry added November 12, 2020\n\nSafari Reader\nWe would like to acknowledge Zhiyang Zeng(@Wester) of OPPO ZIWU\nSecurity Lab for their assistance. \nEntry added November 12, 2020\n\nSecurity\nWe would like to acknowledge Christian Starkjohann of Objective\nDevelopment Software GmbH for their assistance. \nEntry added November 12, 2020\n\nStatus Bar\nWe would like to acknowledge Abdul M. Majumder, Abdullah Fasihallah\nof Taif university, Adwait Vikas Bhide, Frederik Schmid, Nikita, and\nan anonymous researcher for their assistance. \n\nTelephony\nWe would like to acknowledge Onur Can B\u0131kmaz, Vodafone Turkey\n@canbkmaz, Yi\u011fit Can YILMAZ (@yilmazcanyigit), an anonymous\nresearcher for their assistance. \nEntry updated November 12, 2020\n\nUIKit\nWe would like to acknowledge Borja Marcos of Sarenet, Simon de Vegt,\nand Talal Haj Bakry (@hajbakri) and Tommy Mysk (@tommymysk) of Mysk\nInc for their assistance. \n\nWeb App\nWe would like to acknowledge Augusto Alvarez of Outcourse Limited for\ntheir assistance. \n\nWebKit\nWe would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan\nPickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang\nZeng(@Wester) of OPPO ZIWU Security Lab for their assistance. \nEntry added November 12, 2020\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 14.0 and iPadOS 14.0\". \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxqgACgkQZcsbuWJ6\njjBhIhAAhLzDSjgjVzG0JLzEerhFBcAWQ1G8ogmIdxuC0aQfvxO4V1NriKzUcmsZ\nUgQCEdN4kzfLsj3KeuwSeq0pg2CX1eZdgY/FyuOBRzljsmGPXJgkyYapJww6mC8n\n7jeJazKusiyaRmScLYDwvbOQGlaqCfu6HrM9umMpLfwPGjFqe/gz8jyxohdVZx9t\npNC0g9l37dVJIvFRc1mAm9HAnIQoL8CDOEd96jVYiecB8xk0X6CwjZ7nGzYJc5LZ\nA54EaN0dDz+8q8jgylmAd8xkA8Pgdsxw+LWDr1TxPuu3XIzYa98S1AsItK2eiWx8\npIhrzVZ3fk1w3+W/cSWrgzUq4ouijWcWw9dmVgxmzv9ldL/pS+wIgFsYLJm4xHAp\nPH+9p3JmMQks9BWgr3h+NEcJwCUm5J7y0PNuCnQL2iKzn4jikqgfCXHZOidkPV3t\nKjeeIFX30AGI7cUqhRl9GbRn8l5SA4pbd4a0Y5df1PgkDjSXxw91Z1+5S15Qfrzs\nK8pBlPH37yU3aqMEvxBsN5Fd7vdFdA+pV/aWG5tw4pUlZJC25c50w1ZW0vrnsisg\n/isPJqXhUWiGAfQ7s5W6W3AMs4PyvRjY+7zzGiHAd+wNkUNwVTbXvKP4W4n/vGH8\nuARpQRQsureymLerXpVTwH8ZoeDEeZZwaqNHTQKg/M9ifAZPZUA=\n=WdqR\n-----END PGP SIGNATURE-----\n\n\n\n. \n\nBug Fix(es):\n* NVD feed fixed in Clair-v2 (clair-jwt image)\n\n3. Solution:\n\nDownload the release images via:\n\nquay.io/redhat/quay:v3.3.3\nquay.io/redhat/clair-jwt:v3.3.3\nquay.io/redhat/quay-builder:v3.3.3\nquay.io/redhat/clair:v3.3.3\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1905758 - CVE-2020-27831 quay: email notifications authorization bypass\n1905784 - CVE-2020-27832 quay: persistent XSS in repository notification display\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nPROJQUAY-1124 - NVD feed is broken for latest Clair v2 version\n\n6. Summary:\n\nRelease of OpenShift Serverless 1.11.0\n\n2. Solution:\n\nSee the documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/\n4.6/html/serverless_applications/index\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1889831 - Release of OpenShift Serverless Serving 1.11.0\n1889833 - Release of OpenShift Serverless Eventing 1.11.0\n\n5. \n\nBug Fix(es):\n\n* Configuring the system with non-RT kernel will hang the system\n(BZ#1923220)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nCNF-802 - Infrastructure-provided enablement/disablement of interrupt processing for guaranteed pod CPUs\nCNF-854 - Performance tests in CNF Tests\n\n6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202007-26\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: SQLite: Multiple vulnerabilities\n Date: July 27, 2020\n Bugs: #716748\n ID: 202007-26\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in SQLite, the worst of which\ncould result in the arbitrary execution of code. \n\nBackground\n=========\nSQLite is a C library that implements an SQL database engine. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-db/sqlite \u003c 3.32.3 \u003e= 3.32.3\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in SQLite. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll SQLite users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e\\xdev-db/sqlite-3.32.3\"\n\nReferences\n=========\n[ 1 ] CVE-2019-20218\n https://nvd.nist.gov/vuln/detail/CVE-2019-20218\n[ 2 ] CVE-2020-11655\n https://nvd.nist.gov/vuln/detail/CVE-2020-11655\n[ 3 ] CVE-2020-11656\n https://nvd.nist.gov/vuln/detail/CVE-2020-11656\n[ 4 ] CVE-2020-13434\n https://nvd.nist.gov/vuln/detail/CVE-2020-13434\n[ 5 ] CVE-2020-13435\n https://nvd.nist.gov/vuln/detail/CVE-2020-13435\n[ 6 ] CVE-2020-13630\n https://nvd.nist.gov/vuln/detail/CVE-2020-13630\n[ 7 ] CVE-2020-13631\n https://nvd.nist.gov/vuln/detail/CVE-2020-13631\n[ 8 ] CVE-2020-13632\n https://nvd.nist.gov/vuln/detail/CVE-2020-13632\n[ 9 ] CVE-2020-13871\n https://nvd.nist.gov/vuln/detail/CVE-2020-13871\n[ 10 ] CVE-2020-15358\n https://nvd.nist.gov/vuln/detail/CVE-2020-15358\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202007-26\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \nThe compliance-operator image updates are now available for OpenShift\nContainer Platform 4.6. \n\nBug Fix(es):\n\n* Aggregator pod tries to parse ConfigMaps without results (BZ#1899479)\n\n* The compliancesuite object returns error with ocp4-cis tailored profile\n(BZ#1902251)\n\n* The compliancesuite does not trigger when there are multiple rhcos4\nprofiles added in scansettingbinding object (BZ#1902634)\n\n* [OCP v46] Not all remediations get applied through machineConfig although\nthe status of all rules shows Applied in ComplianceRemediations object\n(BZ#1907414)\n\n* The profile parser pod deployment and associated profiles should get\nremoved after upgrade the compliance operator (BZ#1908991)\n\n* Applying the \"rhcos4-moderate\" compliance profile leads to Ignition error\n\"something else exists at that path\" (BZ#1909081)\n\n* [OCP v46] Always update the default profilebundles on Compliance operator\nstartup (BZ#1909122)\n\n3. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1899479 - Aggregator pod tries to parse ConfigMaps without results\n1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service\n1902251 - The compliancesuite object returns error with ocp4-cis tailored profile\n1902634 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object\n1907414 - [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object\n1908991 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator\n1909081 - Applying the \"rhcos4-moderate\" compliance profile leads to Ignition error \"something else exists at that path\"\n1909122 - [OCP v46] Always update the default profilebundles on Compliance operator startup\n\n5. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\"",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-13631"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005730"
},
{
"db": "VULHUB",
"id": "VHN-166429"
},
{
"db": "PACKETSTORM",
"id": "162659"
},
{
"db": "PACKETSTORM",
"id": "160061"
},
{
"db": "PACKETSTORM",
"id": "160889"
},
{
"db": "PACKETSTORM",
"id": "160125"
},
{
"db": "PACKETSTORM",
"id": "161548"
},
{
"db": "PACKETSTORM",
"id": "158592"
},
{
"db": "PACKETSTORM",
"id": "161016"
},
{
"db": "PACKETSTORM",
"id": "160064"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-166429",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-166429"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-13631",
"trust": 2.7
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005730",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162659",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161548",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "160061",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "160125",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "160064",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158592",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159817",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160062",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162694",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160545",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160961",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1351",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-50093",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-166429",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160889",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161016",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-166429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005730"
},
{
"db": "PACKETSTORM",
"id": "162659"
},
{
"db": "PACKETSTORM",
"id": "160061"
},
{
"db": "PACKETSTORM",
"id": "160889"
},
{
"db": "PACKETSTORM",
"id": "160125"
},
{
"db": "PACKETSTORM",
"id": "161548"
},
{
"db": "PACKETSTORM",
"id": "158592"
},
{
"db": "PACKETSTORM",
"id": "161016"
},
{
"db": "PACKETSTORM",
"id": "160064"
},
{
"db": "NVD",
"id": "CVE-2020-13631"
}
]
},
"id": "VAR-202005-0223",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-166429"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T22:04:38.253000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2020-0477f8840e",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/"
},
{
"title": "Check-in [eca0ba2c]",
"trust": 0.8,
"url": "https://sqlite.org/src/info/eca0ba2cf4c0fdf7"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005730"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-13631"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13631"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202007-26"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht211843"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht211844"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht211850"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht211931"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht211935"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht211952"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20200608-0002/"
},
{
"trust": 1.1,
"url": "https://security.freebsd.org/advisories/freebsd-sa-20:22.sqlite.asc"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2020/nov/20"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2020/nov/19"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2020/nov/22"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2020/dec/32"
},
{
"trust": 1.1,
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=1080459"
},
{
"trust": 1.1,
"url": "https://sqlite.org/src/info/eca0ba2cf4c0fdf7"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/4394-1/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3cissues.guacamole.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/l7kxqwhiy2mqp4lnm6odwjenmxyyqybn/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13631"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13630"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-16168"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-13630"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-13631"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-13632"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20218"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-19221"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-1751"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-9327"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-16935"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20916"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-5018"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-14422"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20387"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-1752"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8492"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-6405"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10029"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13632"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-15165"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14382"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-24659"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15165"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9961"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9951"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9947"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9944"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9954"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9941"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9943"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9965"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9946"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9876"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9949"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9849"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9950"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9952"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9925"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9802"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9895"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8625"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8812"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3899"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8819"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3867"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9893"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8808"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3902"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3900"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9805"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8820"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9807"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8769"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8710"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8813"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9850"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8811"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9803"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9862"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3885"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-15503"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10018"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8835"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8764"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8844"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3865"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3864"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14391"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3862"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3901"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8823"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3895"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11793"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9894"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8816"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9843"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8771"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3897"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9806"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8814"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8743"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9915"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8815"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8783"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20807"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8766"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3868"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8846"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-3894"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8782"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8177"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10029"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1551"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-1551"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17450"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17450"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27813"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l7kxqwhiy2mqp4lnm6odwjenmxyyqybn/"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3cissues.guacamole.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1968"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9964"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6147"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9773"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9958"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14899"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht211850."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9959"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0050"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27831"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8764"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8766"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5149"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25211"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10726"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10725"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10723"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10722"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10726"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5633"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11655"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11656"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13871"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18197"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9983"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9981"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9966"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9969"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht211844."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-166429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005730"
},
{
"db": "PACKETSTORM",
"id": "162659"
},
{
"db": "PACKETSTORM",
"id": "160061"
},
{
"db": "PACKETSTORM",
"id": "160889"
},
{
"db": "PACKETSTORM",
"id": "160125"
},
{
"db": "PACKETSTORM",
"id": "161548"
},
{
"db": "PACKETSTORM",
"id": "158592"
},
{
"db": "PACKETSTORM",
"id": "161016"
},
{
"db": "PACKETSTORM",
"id": "160064"
},
{
"db": "NVD",
"id": "CVE-2020-13631"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-166429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005730"
},
{
"db": "PACKETSTORM",
"id": "162659"
},
{
"db": "PACKETSTORM",
"id": "160061"
},
{
"db": "PACKETSTORM",
"id": "160889"
},
{
"db": "PACKETSTORM",
"id": "160125"
},
{
"db": "PACKETSTORM",
"id": "161548"
},
{
"db": "PACKETSTORM",
"id": "158592"
},
{
"db": "PACKETSTORM",
"id": "161016"
},
{
"db": "PACKETSTORM",
"id": "160064"
},
{
"db": "NVD",
"id": "CVE-2020-13631"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-27T00:00:00",
"db": "VULHUB",
"id": "VHN-166429"
},
{
"date": "2020-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005730"
},
{
"date": "2021-05-19T14:07:02",
"db": "PACKETSTORM",
"id": "162659"
},
{
"date": "2020-11-13T20:32:22",
"db": "PACKETSTORM",
"id": "160061"
},
{
"date": "2021-01-11T16:29:48",
"db": "PACKETSTORM",
"id": "160889"
},
{
"date": "2020-11-18T20:48:43",
"db": "PACKETSTORM",
"id": "160125"
},
{
"date": "2021-02-25T15:30:03",
"db": "PACKETSTORM",
"id": "161548"
},
{
"date": "2020-07-27T18:32:44",
"db": "PACKETSTORM",
"id": "158592"
},
{
"date": "2021-01-19T14:45:45",
"db": "PACKETSTORM",
"id": "161016"
},
{
"date": "2020-11-14T12:44:44",
"db": "PACKETSTORM",
"id": "160064"
},
{
"date": "2020-05-27T15:15:12.947000",
"db": "NVD",
"id": "CVE-2020-13631"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-13T00:00:00",
"db": "VULHUB",
"id": "VHN-166429"
},
{
"date": "2020-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005730"
},
{
"date": "2024-11-21T05:01:38.243000",
"db": "NVD",
"id": "CVE-2020-13631"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQLite In Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005730"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "162659"
},
{
"db": "PACKETSTORM",
"id": "161548"
},
{
"db": "PACKETSTORM",
"id": "161016"
}
],
"trust": 0.3
}
}
var-202205-1990
Vulnerability from variot
Buffer Over-read in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. Vim versions prior to 8.2 have a security vulnerability caused by buffer overreading. Summary:
Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat Enterprise Linux 8. Description:
Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.
Security Fix(es):
-
eventsource: Exposure of Sensitive Information (CVE-2022-1650)
-
moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
-
nodejs-set-value: type confusion allows bypass of CVE-2019-10747 (CVE-2021-23440)
-
nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
-
node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
-
follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
-
prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
-
golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
-
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
-
golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
-
golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
-
node-forge: Signature verification leniency in checking
digestAlgorithmstructure can lead to signature forgery (CVE-2022-24771) -
node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)
-
node-forge: Signature verification leniency in checking
DigestInfostructure (CVE-2022-24773) -
Moment.js: Path traversal in moment.locale (CVE-2022-24785)
-
golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
-
golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
-
golang: syscall: faccessat checks wrong group (CVE-2022-29526)
-
go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses (CVE-2022-29810)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:
https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index
All Red Hat OpenShift Data Foundation users are advised to upgrade to these updated images, which provide numerous bug fixes and enhancements. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1937117 - Deletion of StorageCluster doesn't remove ceph toolbox pod
1947482 - The device replacement process when deleting the volume metadata need to be fixed or modified
1973317 - libceph: read_partial_message and bad crc/signature errors
1996829 - Permissions assigned to ceph auth principals when using external storage are too broad
2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747
2027724 - Warning log for rook-ceph-toolbox in ocs-operator log
2029298 - [GSS] Noobaa is not compatible with aws bucket lifecycle rule creation policies
2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor
2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
2047173 - [RFE] Change controller-manager pod name in odf-lvm-operator to more relevant name to lvm
2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function
2050897 - CVE-2022-0235 mcg-core-container: node-fetch: exposure of sensitive information to an unauthorized actor [openshift-data-foundation-4]
2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak
2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements
2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
2056697 - odf-csi-addons-operator subscription failed while using custom catalog source
2058211 - Add validation for CIDR field in DRPolicy
2060487 - [ODF to ODF MS] Consumer lost connection to provider API if the endpoint node is powered off/replaced
2060790 - ODF under Storage missing for OCP 4.11 + ODF 4.10
2061713 - [KMS] The error message during creation of encrypted PVC mentions the parameter in UPPER_CASE
2063691 - [GSS] [RFE] Add termination policy to s3 route
2064426 - [GSS][External Mode] exporter python script does not support FQDN for RGW endpoint
2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression
2066514 - OCS operator to install Ceph prometheus alerts instead of Rook
2067079 - [GSS] [RFE] Add termination policy to ocs-storagecluster-cephobjectstore route
2067387 - CVE-2022-24771 node-forge: Signature verification leniency in checking digestAlgorithm structure can lead to signature forgery
2067458 - CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery
2067461 - CVE-2022-24773 node-forge: Signature verification leniency in checking DigestInfo structure
2069314 - OCS external mode should allow specifying names for all Ceph auth principals
2069319 - [RFE] OCS CephFS External Mode Multi-tenancy. Add cephfs subvolumegroup and path= caps per cluster.
2069812 - must-gather: rbd_vol_and_snap_info collection is broken
2069815 - must-gather: essential rbd mirror command outputs aren't collected
2070542 - After creating a new storage system it redirects to 404 error page instead of the "StorageSystems" page for OCP 4.11
2071494 - [DR] Applications are not getting deployed
2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale
2073920 - rook osd prepare failed with this error - failed to set kek as an environment variable: key encryption key is empty
2074810 - [Tracker for Bug 2074585] MCG standalone deployment page goes blank when the KMS option is enabled
2075426 - 4.10 must gather is not available after GA of 4.10
2075581 - [IBM Z] : ODF 4.11.0-38 deployment leaves the storagecluster in "Progressing" state although all the openshift-storage pods are up and Running
2076457 - After node replacement[provider], connection issue between consumer and provider if the provider node which was referenced MON-endpoint configmap (on consumer) is lost
2077242 - vg-manager missing permissions
2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
2079866 - [DR] odf-multicluster-console is in CLBO state
2079873 - csi-nfsplugin pods are not coming up after successful patch request to update "ROOK_CSI_ENABLE_NFS": "true"'
2080279 - CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses
2081680 - Add the LVM Operator into the Storage category in OperatorHub
2082028 - UI does not have the option to configure capacity, security and networks,etc. during storagesystem creation
2082078 - OBC's not getting created on primary cluster when manageds3 set as "true" for mirrorPeer
2082497 - Do not filter out removable devices
2083074 - [Tracker for Ceph BZ #2086419] Two Ceph mons crashed in ceph-16.2.7/src/mon/PaxosService.cc: 193: FAILED ceph_assert(have_pending)
2083441 - LVM operator should deploy the volumesnapshotclass resource
2083953 - [Tracker for Ceph BZ #2084579] PVC created with ocs-storagecluster-ceph-nfs storageclass is moving to pending status
2083993 - Add missing pieces for storageclassclaim
2084041 - [Console Migration] Link-able storage system name directs to blank page
2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group
2084201 - MCG operator pod is stuck in a CrashLoopBackOff; Panic Attack: [] an empty namespace may not be set when a resource name is provided"
2084503 - CLI falsely flags unique PVPool backingstore secrets as duplicates
2084546 - [Console Migration] Provider details absent under backing store in UI
2084565 - [Console Migration] The creation of new backing store , directs to a blank page
2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information
2085351 - [DR] Mirrorpeer failed to create with msg Internal error occurred
2085357 - [DR] When drpolicy is create drcluster resources are getting created under default namespace
2086557 - Thin pool in lvm operator doesn't use all disks
2086675 - [UI]No option to "add capacity" via the Installed Operators tab
2086982 - ODF 4.11 deployment is failing
2086983 - [odf-clone] Mons IP not updated correctly in the rook-ceph-mon-endpoints cm
2087078 - [RDR] [UI] Multiple instances of Object Bucket, Object Bucket Claims and 'Overview' tab is present under Storage section on the Hub cluster when navigated back from the Managed cluster using the Hybrid console dropdown
2087107 - Set default storage class if none is set
2087237 - [UI] After clicking on Create StorageSystem, it navigates to Storage Systems tab but shows an error message
2087675 - ocs-metrics-exporter pod crashes on odf v4.11
2087732 - [Console Migration] Events page missing under new namespace store
2087755 - [Console Migration] Bucket Class details page doesn't have the complete details in UI
2088359 - Send VG Metrics even if storage is being consumed from thinPool alone
2088380 - KMS using vault on standalone MCG cluster is not enabled
2088506 - ceph-external-cluster-details-exporter.py should not accept hostname for rgw-endpoint
2088587 - Removal of external storage system with misconfigured cephobjectstore fails on noobaa webhook
2089296 - [MS v2] Storage cluster in error phase and 'ocs-provider-qe' addon installation failed with ODF 4.10.2
2089342 - prometheus pod goes into OOMKilled state during ocs-osd-controller-manager pod restarts
2089397 - [GSS]OSD pods CLBO after upgrade to 4.10 from 4.9.
2089552 - [MS v2] Cannot create StorageClassClaim
2089567 - [Console Migration] Improve the styling of Various Components
2089786 - [Console Migration] "Attach to deployment" option is missing in kebab menu for Object Bucket Claims .
2089795 - [Console Migration] Yaml and Events page is missing for Object Bucket Claims and Object Bucket.
2089797 - [RDR] rbd image failed to mount with msg rbd error output: rbd: sysfs write failed
2090278 - [LVMO] Some containers are missing resource requirements and limits
2090314 - [LVMO] CSV is missing some useful annotations
2090953 - [MCO] DRCluster created under default namespace
2091487 - [Hybrid Console] Multicluster dashboard is not displaying any metrics
2091638 - [Console Migration] Yaml page is missing for existing and newly created Block pool.
2091641 - MCG operator pod is stuck in a CrashLoopBackOff; MapSecretToNamespaceStores invalid memory address or nil pointer dereference
2091681 - Auto replication policy type detection is not happneing on DRPolicy creation page when ceph cluster is external
2091894 - All backingstores in cluster spontaneously change their own secret
2091951 - [GSS] OCS pods are restarting due to liveness probe failure
2091998 - Volume Snapshots not work with external restricted mode
2092143 - Deleting a CephBlockPool CR does not delete the underlying Ceph pool
2092217 - [External] UI for uploding JSON data for external cluster connection has some strict checks
2092220 - [Tracker for Ceph BZ #2096882] CephNFS is not reaching to Ready state on ODF on IBM Power (ppc64le)
2092349 - Enable zeroing on the thin-pool during creation
2092372 - [MS v2] StorageClassClaim is not reaching Ready Phase
2092400 - [MS v2] StorageClassClaim creation is failing with error "no StorageCluster found"
2093266 - [RDR] When mirroring is enabled rbd mirror daemon restart config should be enabled automatically
2093848 - Note about token for encrypted PVCs should be removed when only cluster wide encryption checkbox is selected
2094179 - MCO fails to create DRClusters when replication mode is synchronous
2094853 - [Console Migration] Description under storage class drop down in add capacity is missing .
2094856 - [KMS] PVC creation using vaulttenantsa method is failing due to token secret missing in serviceaccount
2095155 - Use tool black to format the python external script
2096209 - ReclaimSpaceJob fails on OCP 4.11 + ODF 4.10 cluster
2096414 - Compression status for cephblockpool is reported as Enabled and Disabled at the same time
2096509 - [Console Migration] Unable to select Storage Class in Object Bucket Claim creation page
2096513 - Infinite BlockPool tabs get created when the StorageSystem details page is opened
2096823 - After upgrading the cluster from ODF4.10 to ODF4.11, the ROOK_CSI_ENABLE_CEPHFS move to False
2096937 - Storage - Data Foundation: i18n misses
2097216 - Collect StorageClassClaim details in must-gather
2097287 - [UI] Dropdown doesn't close on it's own after arbiter zone selection on 'Capacity and nodes' page
2097305 - Add translations for ODF 4.11
2098121 - Managed ODF not getting detected
2098261 - Remove BlockPools(no use case) and Object(redundat with Overview) tab on the storagesystem page for NooBaa only and remove BlockPools tab for External mode deployment
2098536 - [KMS] PVC creation using vaulttenantsa method is failing due to token secret missing in serviceaccount
2099265 - [KMS] The storagesystem creation page goes blank when KMS is enabled
2099581 - StorageClassClaim with encryption gets into Failed state
2099609 - The red-hat-storage/topolvm release-4.11 needs to be synced with the upstream project
2099646 - Block pool list page kebab action menu is showing empty options
2099660 - OCS dashbaords not appearing unless user clicks on "Overview" Tab
2099724 - S3 secret namespace on the managed cluster doesn't match with the namespace in the s3profile
2099965 - rbd: provide option to disable setting metadata on RBD images
2100326 - [ODF to ODF] Volume snapshot creation failed
2100352 - Make lvmo pod labels more uniform
2100946 - Avoid temporary ceph health alert for new clusters where the insecure global id is allowed longer than necessary
2101139 - [Tracker for OCP BZ #2102782] topolvm-controller get into CrashLoopBackOff few minutes after install
2101380 - Default backingstore is rejected with message INVALID_SCHEMA_PARAMS SERVER account_api#/methods/check_external_connection
2103818 - Restored snapshot don't have any content
2104833 - Need to update configmap for IBM storage odf operator GA
2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
- Solution:
The OpenShift Service Mesh Release Notes provide information on the features and known issues:
https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html
- Bugs fixed (https://bugzilla.redhat.com/):
2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
- JIRA issues fixed (https://issues.jboss.org/):
OSSM-1105 - IOR doesn't support a host with namespace/ prefix OSSM-1205 - Specifying logging parameter will make istio-ingressgateway and istio-egressgateway failed to start OSSM-1668 - [Regression] jwksResolverCA field in SMCP is missing OSSM-1718 - Istio Operator pauses reconciliation when gateway deployed to non-control plane namespace OSSM-1775 - [Regression] Incorrect 3scale image specified for 2.0 control planes OSSM-1800 - IOR should copy labels from Gateway to Route OSSM-1805 - Reconcile SMCP when Kiali is not available OSSM-1846 - SMCP fails to reconcile when enabling PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER OSSM-1868 - Container release for Maistra 2.2.2
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Logging Subsystem 5.5.0 - Red Hat OpenShift security update Advisory ID: RHSA-2022:6051-01 Product: RHOL Advisory URL: https://access.redhat.com/errata/RHSA-2022:6051 Issue date: 2022-08-18 CVE Names: CVE-2021-38561 CVE-2022-0759 CVE-2022-1012 CVE-2022-1292 CVE-2022-1586 CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 CVE-2022-2068 CVE-2022-2097 CVE-2022-21698 CVE-2022-30631 CVE-2022-32250 ==================================================================== 1. Summary:
An update is now available for RHOL-5.5-RHEL-8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Logging Subsystem 5.5.0 - Red Hat OpenShift
Security Fix(es):
-
kubeclient: kubeconfig parsing error can lead to MITM attacks (CVE-2022-0759)
-
golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
-
golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
-
prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2058404 - CVE-2022-0759 kubeclient: kubeconfig parsing error can lead to MITM attacks 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1415 - Allow users to tune fluentd
LOG-1539 - Events and CLO csv are not collected after running oc adm must-gather --image=$downstream-clo-image
LOG-1713 - Reduce Permissions granted for prometheus-k8s service account
LOG-2063 - Collector pods fail to start when a Vector only Cluster Logging instance is created.
LOG-2134 - The infra logs are sent to app-xx indices
LOG-2159 - Cluster Logging Pods in CrashLoopBackOff
LOG-2165 - [Vector] Default log level debug makes it hard to find useful error/failure messages.
LOG-2167 - [Vector] Collector pods fails to start with configuration error when using Kafka SASL over SSL
LOG-2169 - [Vector] Logs not being sent to Kafka with SASL plaintext.
LOG-2172 - [vector]The openshift-apiserver and ovn audit logs can not be collected.
LOG-2242 - Log file metric exporter is still following /var/log/containers files.
LOG-2243 - grafana-dashboard-cluster-logging should be deleted once clusterlogging/instance was removed
LOG-2264 - Logging link should contain an icon
LOG-2274 - [Logging 5.5] EO doesn't recreate secrets kibana and kibana-proxy after removing them.
LOG-2276 - Fluent config format is hard to read via configmap
LOG-2290 - ClusterLogging Instance status in not getting updated in UI
LOG-2291 - [release-5.5] Events listing out of order in Kibana 6.8.1
LOG-2294 - [Vector] Vector internal metrics are not exposed via HTTPS due to which OpenShift Monitoring Prometheus service cannot scrape the metrics endpoint.
LOG-2300 - [Logging 5.5]ES pods can't be ready after removing secret/signing-elasticsearch
LOG-2303 - [Logging 5.5] Elasticsearch cluster upgrade stuck
LOG-2308 - configmap grafana-dashboard-elasticsearch is being created and deleted continously
LOG-2333 - Journal logs not reaching Elasticsearch output
LOG-2337 - [Vector] Missing @ prefix from the timestamp field in log record.
LOG-2342 - [Logging 5.5] Kibana pod can't connect to ES cluster after removing secret/signing-elasticsearch: "x509: certificate signed by unknown authority"
LOG-2384 - Provide a method to get authenticated from GCP
LOG-2411 - [Vector] Audit logs forwarding not working.
LOG-2412 - CLO's loki output url is parsed wrongly
LOG-2413 - PriorityClass cluster-logging is deleted if provide an invalid log type
LOG-2418 - EO supported time units don't match the units specified in CRDs.
LOG-2439 - Telemetry: the managedStatus&healthStatus&version values are wrong
LOG-2440 - [loki-operator] Live tail of logs does not work on OpenShift
LOG-2444 - The write index is removed when the size of the index > diskThresholdPercent% * total size.
LOG-2460 - [Vector] Collector pods fail to start on a FIPS enabled cluster.
LOG-2461 - [Vector] Vector auth config not generated when user provided bearer token is used in a secret for connecting to LokiStack.
LOG-2463 - Elasticsearch operator repeatedly prints error message when checking indices
LOG-2474 - EO shouldn't grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.5]
LOG-2522 - CLO supported time units don't match the units specified in CRDs.
LOG-2525 - The container's logs are not sent to separate index if the annotation is added after the pod is ready.
LOG-2546 - TLS handshake error on loki-gateway for FIPS cluster
LOG-2549 - [Vector] [master] Journald logs not sent to the Log store when using Vector as collector.
LOG-2554 - [Vector] [master] Fallback index is not used when structuredTypeKey is missing from JSON log data
LOG-2588 - FluentdQueueLengthIncreasing rule failing to be evaluated.
LOG-2596 - [vector]the condition in [transforms.route_container_logs] is inaccurate
LOG-2599 - Supported values for level field don't match documentation
LOG-2605 - $labels.instance is empty in the message when firing FluentdNodeDown alert
LOG-2609 - fluentd and vector are unable to ship logs to elasticsearch when cluster-wide proxy is in effect
LOG-2619 - containers violate PodSecurity -- Log Exporation
LOG-2627 - containers violate PodSecurity -- Loki
LOG-2649 - Level Critical should match the beginning of the line as the other levels
LOG-2656 - Logging uses deprecated v1beta1 apis
LOG-2664 - Deprecated Feature logs causing too much noise
LOG-2665 - [Logging 5.5] Sometimes collector fails to push logs to Elasticsearch cluster
LOG-2693 - Integration with Jaeger fails for ServiceMonitor
LOG-2700 - [Vector] vector container can't start due to "unknown field pod_annotation_fields" .
LOG-2703 - Collector DaemonSet is not removed when CLF is deleted for fluentd/vector only CL instance
LOG-2725 - Upgrade logging-eventrouter Golang version and tags
LOG-2731 - CLO keeps reporting Reconcile ServiceMonitor retry error and Reconcile Service retry error after creating clusterlogging.
LOG-2732 - Prometheus Operator pod throws 'skipping servicemonitor' error on Jaeger integration
LOG-2742 - unrecognized outputs when use the sts role secret
LOG-2746 - CloudWatch forwarding rejecting large log events, fills tmpfs
LOG-2749 - OpenShift Logging Dashboard for Elastic Shards shows "active_primary" instead of "active" shards.
LOG-2753 - Update Grafana configuration for LokiStack integration on grafana/loki repo
LOG-2763 - [Vector]{Master} Vector's healthcheck fails when forwarding logs to Lokistack.
LOG-2764 - ElasticSearch operator does not respect referencePolicy when selecting oauth-proxy image
LOG-2765 - ingester pod can not be started in IPv6 cluster
LOG-2766 - [vector] failed to parse cluster url: invalid authority IPv6 http-proxy
LOG-2772 - arn validation failed when role_arn=arn:aws-us-gov:xxx
LOG-2773 - No cluster-logging-operator-metrics service in logging 5.5
LOG-2778 - [Vector] [OCP 4.11] SA token not added to Vector config when connecting to LokiStack instance without CLF creds secret required by LokiStack.
LOG-2784 - Japanese log messages are garbled at Kibana
LOG-2793 - [Vector] OVN audit logs are missing the level field.
LOG-2864 - [vector] Can not sent logs to default when loki is the default output in CLF
LOG-2867 - [fluentd] All logs are sent to application tenant when loki is used as default logstore in CLF.
LOG-2873 - [Vector] Cannot configure CPU/Memory requests/limits when using Vector as collector.
LOG-2875 - Seeing a black rectangle box on the graph in Logs view
LOG-2876 - The link to the 'Container details' page on the 'Logs' screen throws error
LOG-2877 - When there is no query entered, seeing error message on the Logs view
LOG-2882 - RefreshIntervalDropdown and TimeRangeDropdown always set back to its original values when switching between pages in 'Logs' screen
- References:
https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2022-0759 https://access.redhat.com/security/cve/CVE-2022-1012 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-32250 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYv5/w9zjgjWX9erEAQhRBBAAiZe24VtCQruCG/MvGEOowBvHf/YNANlR N6WAw2VezEfvFkG7z599MWZVWz2jnZO6cn9i+CoNDanAmItPJ8ljK4sitrP2ywrG OKwqIa4DPrywFFTSMxemB604ewE0cvXifuqG5bQDn+GvndiV/u/XaVTYZseY1P5X 8ZIJ20cxROOE9pg0/3eya27edZxDrgWx6BtzSEZw47ReV3Dogqy+KzRCAAoN+pE5 g2t/E0u0Ypmjil9Ttsop/ejUg/iz8UTGtua4m1nzhZrsoE84p5xIgvCEkYlh3OrD tfawpj1r9Avcjk4zbZkAe/enSQZQv0iWD792SoP7/ddX5tIu05ArvPWj/NvN/rI4 dFzMe2UmezuS2EQpzaWOug2xSQUbR1hI+Y4cy0YOHuwzeaMeoHSbNYTJmOxKR0v1 44a9oSBku+Xfk8nUNqS+9oq0z3DlAWt2BjbfrJCbSjZQdOUOIGM95L3ClrXY9LYF PT5v+h2W4myonj6HVhkv+Wy7aRbYQ7Qhk/3AaN7Dz5soBSNK4exvOzWXGuf/BdSf XFef6O87ipZveHQYmTfH+t8aJV1plEVTrm8pyz2EfzCv1Fnhjn0rvbGZAFBlvqW+ vhxoj505RQBBhcno16V1zczdd8KsiqY7aZniTuh2DQAVvNhqsHgn8rvQ7HJlExun eIFVKOxx310=ynB/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/):
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
RHEL-8-CNV-4.12
============= bridge-marker-container-v4.12.0-24 cluster-network-addons-operator-container-v4.12.0-24 cnv-containernetworking-plugins-container-v4.12.0-24 cnv-must-gather-container-v4.12.0-58 hco-bundle-registry-container-v4.12.0-769 hostpath-csi-driver-container-v4.12.0-30 hostpath-provisioner-container-v4.12.0-30 hostpath-provisioner-operator-container-v4.12.0-31 hyperconverged-cluster-operator-container-v4.12.0-96 hyperconverged-cluster-webhook-container-v4.12.0-96 kubemacpool-container-v4.12.0-24 kubevirt-console-plugin-container-v4.12.0-182 kubevirt-ssp-operator-container-v4.12.0-64 kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55 kubevirt-tekton-tasks-copy-template-container-v4.12.0-55 kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55 kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55 kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55 kubevirt-tekton-tasks-operator-container-v4.12.0-40 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55 kubevirt-template-validator-container-v4.12.0-32 libguestfs-tools-container-v4.12.0-255 ovs-cni-marker-container-v4.12.0-24 ovs-cni-plugin-container-v4.12.0-24 virt-api-container-v4.12.0-255 virt-artifacts-server-container-v4.12.0-255 virt-cdi-apiserver-container-v4.12.0-72 virt-cdi-cloner-container-v4.12.0-72 virt-cdi-controller-container-v4.12.0-72 virt-cdi-importer-container-v4.12.0-72 virt-cdi-operator-container-v4.12.0-72 virt-cdi-uploadproxy-container-v4.12.0-71 virt-cdi-uploadserver-container-v4.12.0-72 virt-controller-container-v4.12.0-255 virt-exportproxy-container-v4.12.0-255 virt-exportserver-container-v4.12.0-255 virt-handler-container-v4.12.0-255 virt-launcher-container-v4.12.0-255 virt-operator-container-v4.12.0-255 virtio-win-container-v4.12.0-10 vm-network-latency-checkup-container-v4.12.0-89
- Bugs fixed (https://bugzilla.redhat.com/):
1719190 - Unable to cancel live-migration if virt-launcher pod in pending state
2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume
2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
2040377 - Unable to delete failed VMIM after VM deleted
2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed
2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value
2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements
2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
2060499 - [RFE] Cannot add additional service (or other objects) to VM template
2069098 - Large scale |VMs migration is slow due to low migration parallelism
2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass
2071491 - Storage Throughput metrics are incorrect in Overview
2072797 - Metrics in Virtualization -> Overview period is not clear or configurable
2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers
2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering
2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group
2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode
2086551 - Min CPU feature found in labels
2087724 - Default template show no boot source even there are auto-upload boot sources
2088129 - [SSP] webhook does not comply with restricted security context
2088464 - [CDI] cdi-deployment does not comply with restricted security context
2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR
2089744 - HCO should label its control plane namespace to admit pods at privileged security level
2089751 - 4.12.0 containers
2089804 - 4.12.0 rpms
2091856 - ?Edit BootSource? action should have more explicit information when disabled
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer
2093771 - The disk source should be PVC if the template has no auto-update boot source
2093996 - kubectl get vmi API should always return primary interface if exist
2094202 - Cloud-init username field should have hint
2096285 - KubeVirt CR API documentation is missing docs for many fields
2096780 - [RFE] Add ssh-key and sysprep to template scripts tab
2097436 - Online disk expansion ignores filesystem overhead change
2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP
2099556 - [RFE] Add option to enable RDP service for windows vm
2099573 - [RFE] Improve template's message about not editable
2099923 - [RFE] Merge "SSH access" and "SSH command" into one
2100290 - Error is not dismissed on catalog review page
2100436 - VM list filtering ignores VMs in error-states
2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
2100629 - Update nested support KBASE article
2100679 - The number of hardware devices is not correct in vm overview tab
2100682 - All hardware devices get deleted while just delete one
2100684 - Workload profile are not editable during creation and after creation
2101144 - VM filter has two "Other" checkboxes which are triggered together
2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode
2101167 - Edit buttons clickable area is too large.
2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id
2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state
2101390 - Easy to miss the "tick" when adding GPU device to vm via UI
2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id
2101423 - wrong user name on using ignition
2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page
2101445 - "Pending changes - Boot Order"
2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user
2101499 - Cannot add NIC to VM template as non-priv user
2101501 - NAME parameter in VM template has no effect.
2101628 - non-priv user cannot load dataSource while edit template's rootdisk
2101667 - VMI view is not aligned with vm and tempates
2101681 - All templates are labeling "source available" in template list page
2102074 - VM Creation time on VM Overview Details card lacks string
2102125 - vm clone modal is displaying DV size instead of PVC size
2102132 - align the utilization card of single VM overview with the design
2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"?
2102256 - Add button moved to right
2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal
2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other'
2102561 - sysprep-info should link to downstream doc
2102737 - Clone a VM should lead to vm overview tab
2102740 - "Save" button on vm clone modal should be "Clone"
2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab
2103807 - PVC is not named by VM name while creating vm quickly
2103817 - Workload profile values in vm details should align with template's value
2103844 - VM nic model is empty
2104331 - VM list page scroll up automatically
2104402 - VM create button is not enabled while adding multiple environment disks
2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed
2104424 - Enable descheduler or hide it on template's scheduling tab
2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted
2104480 - Alerts in VM overview tab disappeared after a few seconds
2104785 - "Add disk" and "Disks" are on the same line
2104859 - [RFE] Add "Copy SSH command" to VM action list
2105257 - Can't set log verbosity level for virt-operator pod
2106175 - All pages are crashed after visit Virtualization -> Overview
2106963 - Cannot add configmap for windows VM
2107279 - VM Template's bootable disk can be marked as bootable
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse functions
2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
2108339 - datasource does not provide timestamp when updated
2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed
2109818 - Upstream metrics documentation is not detailed enough
2109975 - DataVolume fails to import "cirros-container-disk-demo" image
2110256 - Storage -> PVC -> upload data, does not support source reference
2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls
2111240 - GiB changes to B in Template's Edit boot source reference modal
2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics
2111328 - kubevirt plugin console crashed after visit vmi page
2111378 - VM SSH command generated by UI points at api VIP
2111744 - Cloned template should not label app.kubernetes.io/name: common-templates
2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi)
2112900 - button style are different
2114516 - Nothing happens after clicking on Fedora cloud image list link
2114636 - The style of displayed items are not unified on VM tabs
2114683 - VM overview tab is crashed just after the vm is created
2115257 - Need to Change system-product-name to "OpenShift Virtualization" in CNV-4.12
2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass
2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items
2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates
2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF'
2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found"
2117549 - Cannot edit cloud-init data after add ssh key
2117803 - Cannot edit ssh even vm is stopped
2117813 - Improve descriptive text of VM details while VM is off
2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs
2118257 - outdated doc link tolerations modal
2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format
2119069 - Unable to start windows VMs on PSI setups
2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24
2119309 - readinessProbe in VM stays on failed
2119615 - Change the disk size causes the unit changed
2120907 - Cannot filter disks by label
2121320 - Negative values in migration metrics
2122236 - Failing to delete HCO with SSP sticking around
2122990 - VMExport should check APIGroup
2124147 - "ReadOnlyMany" should not be added to supported values in memory dump
2124307 - Ui crash/stuck on loading when trying to detach disk on a VM
2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it
2124555 - View documentation link on MigrationPolicies page des not work
2124557 - MigrationPolicy description is not displayed on Details page
2124558 - Non-privileged user can start MigrationPolicy creation
2124565 - Deleted DataSource reappears in list
2124572 - First annotation can not be added to DataSource
2124582 - Filtering VMs by OS does not work
2124594 - Docker URL validation is inconsistent over application
2124597 - Wrong case in Create DataSource menu
2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile
2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state
2127787 - Expose the PVC source of the dataSource on UI
2127843 - UI crashed by selecting "Live migration network"
2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes
2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer
2128002 - Error after VM template deletion
2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards
2128872 - [4.11]Can't restore cloned VM
2128948 - Cannot create DataSource from default YAML
2128949 - Cannot create MigrationPolicy from example YAML
2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24
2129013 - Mark Windows 11 as TechPreview
2129234 - Service is not deleted along with the VM when the VM is created from a template with service
2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data'
2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook
2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV
2130588 - crypto-policy : Common Ciphers support by apiserver and hco
2130695 - crypto-policy : Logging Improvement and publish the source of ciphers
2130909 - Non-privileged user can start DataSource creation
2131157 - KV data transfer rate chart in VM Metrics tab is not displayed
2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough
2131674 - Bump virtlogd memory requirement to 20Mi
2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11
2132682 - Default YAML entity name convention.
2132721 - Delete dialogs
2132744 - Description text is missing in Live Migrations section
2132746 - Background is broken in Virtualization Monitoring page
2132783 - VM can not be created from Template with edited boot source
2132793 - Edited Template BSR is not saved
2132932 - Typo in PVC size units menu
2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed
2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed
2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed
2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed
2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed
2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed
2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed
2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed
2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod
2134672 - [e2e] add data-test-id for catalog -> storage section
2134825 - Authorization for expand-spec endpoint missing
2135805 - Windows 2022 template is missing vTPM and UEFI params in spec
2136051 - Name jumping when trying to create a VM with source from catalog
2136425 - Windows 11 is detected as Windows 10
2136534 - Not possible to specify a TTL on VMExports
2137123 - VMExport: export pod is not PSA complaint
2137241 - Checkbox about delete vm disks is not loaded while deleting VM
2137243 - registery input add docker prefix twice
2137349 - "Manage source" action infinitely loading on DataImportCron details page
2137591 - Inconsistent dialog headings/titles
2137731 - Link of VM status in overview is not working
2137733 - No link for VMs in error status in "VirtualMachine statuses" card
2137736 - The column name "MigrationPolicy name" can just be "Name"
2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly
2138112 - Unsupported S3 endpoint option in Add disk modal
2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals
2138199 - Win11 and Win22 templates are not filtered properly by Template provider
2138653 - Saving Template prameters reloads the page
2138657 - Setting DATA_SOURCE_ Template parameters makes VM creation fail
2138664 - VM that was created with SSH key fails to start
2139257 - Cannot add disk via "Using an existing PVC"
2139260 - Clone button is disabled while VM is running
2139293 - Non-admin user cannot load VM list page
2139296 - Non-admin cannot load MigrationPolicies page
2139299 - No auto-generated VM name while creating VM by non-admin user
2139306 - Non-admin cannot create VM via customize mode
2139479 - virtualization overview crashes for non-priv user
2139574 - VM name gets "emptyname" if click the create button quickly
2139651 - non-priv user can click create when have no permissions
2139687 - catalog shows template list for non-priv users
2139738 - [4.12]Can't restore cloned VM
2139820 - non-priv user cant reach vm details
2140117 - Provide upgrade path from 4.11.1->4.12.0
2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project
2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user
2140627 - Not able to select storageClass if there is no default storageclass defined
2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user
2140808 - Hyperv feature set to "enabled: false" prevents scheduling
2140977 - Alerts number is not correct on Virtualization overview
2140982 - The base template of cloned template is "Not available"
2140998 - Incorrect information shows in overview page per namespace
2141089 - Unable to upload boot images.
2141302 - Unhealthy states alerts and state metrics are missing
2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations
2141494 - "Start in pause mode" option is not available while creating the VM
2141654 - warning log appearing on VMs: found no SR-IOV networks
2141711 - Node column selector is redundant for non-priv user
2142468 - VM action "Stop" should not be disabled when VM in pause state
2142470 - Delete a VM or template from all projects leads to 404 error
2142511 - Enhance alerts card in overview
2142647 - Error after MigrationPolicy deletion
2142891 - VM latency checkup: Failed to create the checkup's Job
2142929 - Permission denied when try get instancestypes
2143268 - Topolvm storageProfile missing accessModes and volumeMode
2143498 - Could not load template while creating VM from catalog
2143964 - Could not load template while creating VM from catalog
2144580 - "?" icon is too big in VM Template Disk tab
2144828 - "?" icon is too big in VM Template Disk tab
2144839 - Alerts number is not correct on Virtualization overview
2153849 - After upgrade to 4.11.1->4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten
2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.6.0 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/
Security fixes:
-
CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
-
CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
-
CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
-
CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
-
CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
-
CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
-
CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
-
CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
-
CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
-
CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
-
CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
Bug fixes:
-
assisted-service repo pin-latest.py script should allow custom tags to be pinned (BZ# 2065661)
-
assisted-service-build image is too big in size (BZ# 2066059)
-
assisted-service pin-latest.py script should exclude the postgres image (BZ# 2076901)
-
PXE artifacts need to be served via HTTP (BZ# 2078531)
-
Implementing new service-agent protocol on agent side (BZ# 2081281)
-
RHACM 2.6.0 images (BZ# 2090906)
-
Assisted service POD keeps crashing after a bare metal host is created (BZ# 2093503)
-
Assisted service triggers the worker nodes re-provisioning on the hub cluster when the converged flow is enabled (BZ# 2096106)
-
Fix assisted CI jobs that fail for cluster-info readiness (BZ# 2097696)
-
Nodes are required to have installation disks of at least 120GB instead of at minimum of 100GB (BZ# 2099277)
-
The pre-selected search keyword is not readable (BZ# 2107736)
-
The value of label expressions in the new placement for policy and policysets cannot be shown real-time from UI (BZ# 2111843)
-
Bugs fixed (https://bugzilla.redhat.com/):
2065661 - assisted-service repo pin-latest.py script should allow custom tags to be pinned 2066059 - assisted-service-build image is too big in size 2076901 - assisted-service pin-latest.py script should exclude the postgres image 2078531 - iPXE artifacts need to be served via HTTP 2081281 - Implementing new service-agent protocol on agent side 2090901 - Capital letters in install-config.yaml .platform.baremetal.hosts[].name cause bootkube errors 2090906 - RHACM 2.6.0 images 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2093503 - Assisted service POD keeps crashing after a bare metal host is created 2096106 - Assisted service triggers the worker nodes re-provisioning on the hub cluster when the converged flow is enabled 2096445 - Assisted service POD keeps crashing after a bare metal host is created 2096460 - Spoke BMH stuck "inspecting" when deployed via the converged workflow 2097696 - Fix assisted CI jobs that fail for cluster-info readiness 2099277 - Nodes are required to have installation disks of at least 120GB instead of at minimum of 100GB 2103703 - Automatic version upgrade triggered for oadp operator installed by cluster-backup-chart 2104117 - Spoke BMH stuck ?available? after changing a BIOS attribute via the converged workflow 2104984 - Infrastructure operator missing clusterrole permissions for interacting with mutatingwebhookconfigurations 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2105339 - Search Application button on the Application Table for Subscription applications does not Redirect 2105357 - [UI] hypershift cluster creation error - n[0] is undefined 2106347 - Submariner error looking up service account submariner-operator/submariner-addon-sa 2106882 - Security Context Restrictions are restricting creation of some pods which affects the deployment of some applications 2107049 - The clusterrole for global clusterset did not created by default 2107065 - governance-policy-framework in CrashLoopBackOff state on spoke cluster: Failed to start manager {"error": "error listening on :8081: listen tcp :8081: bind: address already in use"} 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107370 - Helm Release resource recreation feature does not work with the local cluster 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 2108888 - Hypershift on AWS - control plane not running 2109370 - The button to create the cluster is not visible 2111203 - Add ocp 4.11 to filters for discovering clusters in ACM 2.6 2111218 - Create cluster - Infrastructure page crashes 2111651 - "View application" button on app table for Flux applications redirects to apiVersion=ocp instead of flux 2111663 - Hosted cluster in Pending import state 2111671 - Leaked namespaces after deleting hypershift deployment 2111770 - [ACM 2.6] there is no node info for remote cluster in multiple hubs 2111843 - The value of label expressions in the new placement for policy and policysets cannot be shown real-time from UI 2112180 - The policy page is crashed after input keywords in the search box 2112281 - config-policy-controller pod can't startup in the OCP3.11 managed cluster 2112318 - Can't delete the objects which are re-created by policy when deleting the policy 2112321 - BMAC reconcile loop never stops after changes 2112426 - No cluster discovered due to x509: certificate signed by unknown authority 2112478 - Value of delayAfterRunSeconds is not shown on the final submit panel and the word itself should not be wrapped. 2112793 - Can't view details of the policy template when set the spec.pruneObjectBehavior as unsupported value 2112803 - ClusterServiceVersion for release 2.6 branch references "latest" tag 2113787 - [ACM 2.6] can not delete namespaces after detaching the hosted cluster 2113838 - the cluster proxy-agent was deployed on the non-infra nodes 2113842 - [ACM 2.6] must restart hosting cluster registration pod if update work-manager-addon cr to change installNamespace 2114982 - Control plane type shows 'Standalone' for hypershift cluster 2115622 - Hub fromsecret function doesn't work for hosted mode in multiple hub 2115723 - Can't view details of the policy template for customer and hypershift cluster in hosted mode from UI 2115993 - Policy automation details panel was not updated after editing the mode back to disabled 2116211 - Count of violations with unknown status was not accurate when managed clusters have mixed status 2116329 - cluster-proxy-agent not startup due to the imagepullbackoff on spoke cluster 2117113 - The proxy-server-host was not correct in cluster-proxy-agent 2117187 - pruneObjectBehavior radio selection cannot work well and always switch the first one template in multiple configurationPolicy templates 2117480 - [ACM 2.6] infra-id of HypershiftDeployment doesn't work 2118338 - Report the "namespace not found" error after clicked view yaml link of a policy in the multiple hub env 2119326 - Can't view details of the SecurityContextConstraints policy for managed clusters from UI
- Bugs fixed (https://bugzilla.redhat.com/):
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays
- JIRA issues fixed (https://issues.jboss.org/):
LOG-3293 - log-file-metric-exporter container has not limits exhausting the resources of the node
-
To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
-
Solution:
For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html
You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.
The sha values for the release are
(For x86_64 architecture) The image digest is sha256:c6771b12bd873c0e3e5fbc7afa600d92079de6534dcb52f09cb1d22ee49608a9
(For s390x architecture) The image digest is sha256:622b5361f95d1d512ea84f363ac06155cbb9ee28e85ccaae1acd80b98b660fa8
(For ppc64le architecture) The image digest is sha256:50c131cf85dfb00f258af350a46b85eff8fb8084d3e1617520cd69b59caeaff7
(For aarch64 architecture) The image digest is sha256:9e575c4ece9caaf31acbef246ccad71959cd5bf634e7cb284b0849ddfa205ad7
All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
2215317 - CVE-2022-21235 github.com/Masterminds/vcs: Command Injection via argument injection
- JIRA issues fixed (https://issues.redhat.com/):
OCPBUGS-15446 - (release-4.11) gather "gateway-mode-config" config map from "openshift-network-operator" namespace OCPBUGS-15532 - visiting Configurations page returns error Cannot read properties of undefined (reading 'apiGroup') OCPBUGS-15645 - Can't use git lfs in BuildConfig git source with strategy Docker OCPBUGS-15739 - Environment cannot find Python OCPBUGS-15758 - [release-4.11] Bump Jenkins and Jenkins Agent Base image versions OCPBUGS-15942 - 9% of OKD tests failing on error: tag latest failed: Internal error occurred: registry.centos.org/dotnet/dotnet-31-centos7:latest: Get "https://registry.centos.org/v2/": dial tcp: lookup registry.centos.org on 172.30.0.10:53: no such host OCPBUGS-15966 - [4.12] MetalLB contains incorrect data Correct and incorrect MetalLB resources coexist should have correct statuses
6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-1990",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.5037"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011219"
},
{
"db": "NVD",
"id": "CVE-2022-1927"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168150"
},
{
"db": "PACKETSTORM",
"id": "168222"
},
{
"db": "PACKETSTORM",
"id": "168112"
},
{
"db": "PACKETSTORM",
"id": "168284"
},
{
"db": "PACKETSTORM",
"id": "170741"
},
{
"db": "PACKETSTORM",
"id": "168287"
},
{
"db": "PACKETSTORM",
"id": "170179"
},
{
"db": "PACKETSTORM",
"id": "173605"
}
],
"trust": 0.8
},
"cve": "CVE-2022-1927",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1927",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-423615",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1927",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1927",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1927",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1927",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-1927",
"trust": 0.8,
"value": "High"
},
{
"author": "VULHUB",
"id": "VHN-423615",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423615"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011219"
},
{
"db": "NVD",
"id": "CVE-2022-1927"
},
{
"db": "NVD",
"id": "CVE-2022-1927"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer Over-read in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. Vim versions prior to 8.2 have a security vulnerability caused by buffer overreading. Summary:\n\nUpdated images that include numerous enhancements, security, and bug fixes\nare now available for Red Hat OpenShift Data Foundation 4.11.0 on Red Hat\nEnterprise Linux 8. Description:\n\nRed Hat OpenShift Data Foundation is software-defined storage integrated\nwith and optimized for the Red Hat OpenShift Container Platform. Red Hat\nOpenShift Data Foundation is a highly scalable, production-grade persistent\nstorage for stateful applications running in the Red Hat OpenShift\nContainer Platform. In addition to persistent storage, Red Hat OpenShift\nData Foundation provisions a multicloud data management service with an S3\ncompatible API. \n\nSecurity Fix(es):\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* nodejs-set-value: type confusion allows bypass of CVE-2019-10747\n(CVE-2021-23440)\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\n* prometheus/client_golang: Denial of service using\nInstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled\noverflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect\naccess control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field\nelements (CVE-2022-23806)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* node-forge: Signature verification leniency in checking `digestAlgorithm`\nstructure can lead to signature forgery (CVE-2022-24771)\n\n* node-forge: Signature verification failing to check tailing garbage bytes\ncan lead to signature forgery (CVE-2022-24772)\n\n* node-forge: Signature verification leniency in checking `DigestInfo`\nstructure (CVE-2022-24773)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* golang: regexp: stack exhaustion via a deeply nested expression\n(CVE-2022-24921)\n\n* golang: crypto/elliptic: panic caused by oversized scalar\n(CVE-2022-28327)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* go-getter: writes SSH credentials into logfile, exposing sensitive\ncredentials to local uses (CVE-2022-29810)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\nThese updated images include numerous enhancements and bug fixes. Space\nprecludes documenting all of these changes in this advisory. Users are\ndirected to the Red Hat OpenShift Data Foundation Release Notes for\ninformation on the most significant of these changes:\n\nhttps://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to these\nupdated images, which provide numerous bug fixes and enhancements. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1937117 - Deletion of StorageCluster doesn\u0027t remove ceph toolbox pod\n1947482 - The device replacement process when deleting the volume metadata need to be fixed or modified\n1973317 - libceph: read_partial_message and bad crc/signature errors\n1996829 - Permissions assigned to ceph auth principals when using external storage are too broad\n2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747\n2027724 - Warning log for rook-ceph-toolbox in ocs-operator log\n2029298 - [GSS] Noobaa is not compatible with aws bucket lifecycle rule creation policies\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2047173 - [RFE] Change controller-manager pod name in odf-lvm-operator to more relevant name to lvm\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2050897 - CVE-2022-0235 mcg-core-container: node-fetch: exposure of sensitive information to an unauthorized actor [openshift-data-foundation-4]\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2056697 - odf-csi-addons-operator subscription failed while using custom catalog source\n2058211 - Add validation for CIDR field in DRPolicy\n2060487 - [ODF to ODF MS] Consumer lost connection to provider API if the endpoint node is powered off/replaced\n2060790 - ODF under Storage missing for OCP 4.11 + ODF 4.10\n2061713 - [KMS] The error message during creation of encrypted PVC mentions the parameter in UPPER_CASE\n2063691 - [GSS] [RFE] Add termination policy to s3 route\n2064426 - [GSS][External Mode] exporter python script does not support FQDN for RGW endpoint\n2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression\n2066514 - OCS operator to install Ceph prometheus alerts instead of Rook\n2067079 - [GSS] [RFE] Add termination policy to ocs-storagecluster-cephobjectstore route\n2067387 - CVE-2022-24771 node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery\n2067458 - CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery\n2067461 - CVE-2022-24773 node-forge: Signature verification leniency in checking `DigestInfo` structure\n2069314 - OCS external mode should allow specifying names for all Ceph auth principals\n2069319 - [RFE] OCS CephFS External Mode Multi-tenancy. Add cephfs subvolumegroup and path= caps per cluster. \n2069812 - must-gather: rbd_vol_and_snap_info collection is broken\n2069815 - must-gather: essential rbd mirror command outputs aren\u0027t collected\n2070542 - After creating a new storage system it redirects to 404 error page instead of the \"StorageSystems\" page for OCP 4.11\n2071494 - [DR] Applications are not getting deployed\n2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale\n2073920 - rook osd prepare failed with this error - failed to set kek as an environment variable: key encryption key is empty\n2074810 - [Tracker for Bug 2074585] MCG standalone deployment page goes blank when the KMS option is enabled\n2075426 - 4.10 must gather is not available after GA of 4.10\n2075581 - [IBM Z] : ODF 4.11.0-38 deployment leaves the storagecluster in \"Progressing\" state although all the openshift-storage pods are up and Running\n2076457 - After node replacement[provider], connection issue between consumer and provider if the provider node which was referenced MON-endpoint configmap (on consumer) is lost\n2077242 - vg-manager missing permissions\n2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode\n2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar\n2079866 - [DR] odf-multicluster-console is in CLBO state\n2079873 - csi-nfsplugin pods are not coming up after successful patch request to update \"ROOK_CSI_ENABLE_NFS\": \"true\"\u0027\n2080279 - CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses\n2081680 - Add the LVM Operator into the Storage category in OperatorHub\n2082028 - UI does not have the option to configure capacity, security and networks,etc. during storagesystem creation\n2082078 - OBC\u0027s not getting created on primary cluster when manageds3 set as \"true\" for mirrorPeer\n2082497 - Do not filter out removable devices\n2083074 - [Tracker for Ceph BZ #2086419] Two Ceph mons crashed in ceph-16.2.7/src/mon/PaxosService.cc: 193: FAILED ceph_assert(have_pending)\n2083441 - LVM operator should deploy the volumesnapshotclass resource\n2083953 - [Tracker for Ceph BZ #2084579] PVC created with ocs-storagecluster-ceph-nfs storageclass is moving to pending status\n2083993 - Add missing pieces for storageclassclaim\n2084041 - [Console Migration] Link-able storage system name directs to blank page\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2084201 - MCG operator pod is stuck in a CrashLoopBackOff; Panic Attack: [] an empty namespace may not be set when a resource name is provided\"\n2084503 - CLI falsely flags unique PVPool backingstore secrets as duplicates\n2084546 - [Console Migration] Provider details absent under backing store in UI\n2084565 - [Console Migration] The creation of new backing store , directs to a blank page\n2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information\n2085351 - [DR] Mirrorpeer failed to create with msg Internal error occurred\n2085357 - [DR] When drpolicy is create drcluster resources are getting created under default namespace\n2086557 - Thin pool in lvm operator doesn\u0027t use all disks\n2086675 - [UI]No option to \"add capacity\" via the Installed Operators tab\n2086982 - ODF 4.11 deployment is failing\n2086983 - [odf-clone] Mons IP not updated correctly in the rook-ceph-mon-endpoints cm\n2087078 - [RDR] [UI] Multiple instances of Object Bucket, Object Bucket Claims and \u0027Overview\u0027 tab is present under Storage section on the Hub cluster when navigated back from the Managed cluster using the Hybrid console dropdown\n2087107 - Set default storage class if none is set\n2087237 - [UI] After clicking on Create StorageSystem, it navigates to Storage Systems tab but shows an error message\n2087675 - ocs-metrics-exporter pod crashes on odf v4.11\n2087732 - [Console Migration] Events page missing under new namespace store\n2087755 - [Console Migration] Bucket Class details page doesn\u0027t have the complete details in UI\n2088359 - Send VG Metrics even if storage is being consumed from thinPool alone\n2088380 - KMS using vault on standalone MCG cluster is not enabled\n2088506 - ceph-external-cluster-details-exporter.py should not accept hostname for rgw-endpoint\n2088587 - Removal of external storage system with misconfigured cephobjectstore fails on noobaa webhook\n2089296 - [MS v2] Storage cluster in error phase and \u0027ocs-provider-qe\u0027 addon installation failed with ODF 4.10.2\n2089342 - prometheus pod goes into OOMKilled state during ocs-osd-controller-manager pod restarts\n2089397 - [GSS]OSD pods CLBO after upgrade to 4.10 from 4.9. \n2089552 - [MS v2] Cannot create StorageClassClaim\n2089567 - [Console Migration] Improve the styling of Various Components\n2089786 - [Console Migration] \"Attach to deployment\" option is missing in kebab menu for Object Bucket Claims . \n2089795 - [Console Migration] Yaml and Events page is missing for Object Bucket Claims and Object Bucket. \n2089797 - [RDR] rbd image failed to mount with msg rbd error output: rbd: sysfs write failed\n2090278 - [LVMO] Some containers are missing resource requirements and limits\n2090314 - [LVMO] CSV is missing some useful annotations\n2090953 - [MCO] DRCluster created under default namespace\n2091487 - [Hybrid Console] Multicluster dashboard is not displaying any metrics\n2091638 - [Console Migration] Yaml page is missing for existing and newly created Block pool. \n2091641 - MCG operator pod is stuck in a CrashLoopBackOff; MapSecretToNamespaceStores invalid memory address or nil pointer dereference\n2091681 - Auto replication policy type detection is not happneing on DRPolicy creation page when ceph cluster is external\n2091894 - All backingstores in cluster spontaneously change their own secret\n2091951 - [GSS] OCS pods are restarting due to liveness probe failure\n2091998 - Volume Snapshots not work with external restricted mode\n2092143 - Deleting a CephBlockPool CR does not delete the underlying Ceph pool\n2092217 - [External] UI for uploding JSON data for external cluster connection has some strict checks\n2092220 - [Tracker for Ceph BZ #2096882] CephNFS is not reaching to Ready state on ODF on IBM Power (ppc64le)\n2092349 - Enable zeroing on the thin-pool during creation\n2092372 - [MS v2] StorageClassClaim is not reaching Ready Phase\n2092400 - [MS v2] StorageClassClaim creation is failing with error \"no StorageCluster found\"\n2093266 - [RDR] When mirroring is enabled rbd mirror daemon restart config should be enabled automatically\n2093848 - Note about token for encrypted PVCs should be removed when only cluster wide encryption checkbox is selected\n2094179 - MCO fails to create DRClusters when replication mode is synchronous\n2094853 - [Console Migration] Description under storage class drop down in add capacity is missing . \n2094856 - [KMS] PVC creation using vaulttenantsa method is failing due to token secret missing in serviceaccount\n2095155 - Use tool `black` to format the python external script\n2096209 - ReclaimSpaceJob fails on OCP 4.11 + ODF 4.10 cluster\n2096414 - Compression status for cephblockpool is reported as Enabled and Disabled at the same time\n2096509 - [Console Migration] Unable to select Storage Class in Object Bucket Claim creation page\n2096513 - Infinite BlockPool tabs get created when the StorageSystem details page is opened\n2096823 - After upgrading the cluster from ODF4.10 to ODF4.11, the ROOK_CSI_ENABLE_CEPHFS move to False\n2096937 - Storage - Data Foundation: i18n misses\n2097216 - Collect StorageClassClaim details in must-gather\n2097287 - [UI] Dropdown doesn\u0027t close on it\u0027s own after arbiter zone selection on \u0027Capacity and nodes\u0027 page\n2097305 - Add translations for ODF 4.11\n2098121 - Managed ODF not getting detected\n2098261 - Remove BlockPools(no use case) and Object(redundat with Overview) tab on the storagesystem page for NooBaa only and remove BlockPools tab for External mode deployment\n2098536 - [KMS] PVC creation using vaulttenantsa method is failing due to token secret missing in serviceaccount\n2099265 - [KMS] The storagesystem creation page goes blank when KMS is enabled\n2099581 - StorageClassClaim with encryption gets into Failed state\n2099609 - The red-hat-storage/topolvm release-4.11 needs to be synced with the upstream project\n2099646 - Block pool list page kebab action menu is showing empty options\n2099660 - OCS dashbaords not appearing unless user clicks on \"Overview\" Tab\n2099724 - S3 secret namespace on the managed cluster doesn\u0027t match with the namespace in the s3profile\n2099965 - rbd: provide option to disable setting metadata on RBD images\n2100326 - [ODF to ODF] Volume snapshot creation failed\n2100352 - Make lvmo pod labels more uniform\n2100946 - Avoid temporary ceph health alert for new clusters where the insecure global id is allowed longer than necessary\n2101139 - [Tracker for OCP BZ #2102782] topolvm-controller get into CrashLoopBackOff few minutes after install\n2101380 - Default backingstore is rejected with message INVALID_SCHEMA_PARAMS SERVER account_api#/methods/check_external_connection\n2103818 - Restored snapshot don\u0027t have any content\n2104833 - Need to update configmap for IBM storage odf operator GA\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n5. Solution:\n\nThe OpenShift Service Mesh Release Notes provide information on the\nfeatures and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nOSSM-1105 - IOR doesn\u0027t support a host with namespace/ prefix\nOSSM-1205 - Specifying logging parameter will make istio-ingressgateway and istio-egressgateway failed to start\nOSSM-1668 - [Regression] jwksResolverCA field in SMCP is missing\nOSSM-1718 - Istio Operator pauses reconciliation when gateway deployed to non-control plane namespace\nOSSM-1775 - [Regression] Incorrect 3scale image specified for 2.0 control planes\nOSSM-1800 - IOR should copy labels from Gateway to Route\nOSSM-1805 - Reconcile SMCP when Kiali is not available\nOSSM-1846 - SMCP fails to reconcile when enabling PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER\nOSSM-1868 - Container release for Maistra 2.2.2\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Logging Subsystem 5.5.0 - Red Hat OpenShift security update\nAdvisory ID: RHSA-2022:6051-01\nProduct: RHOL\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6051\nIssue date: 2022-08-18\nCVE Names: CVE-2021-38561 CVE-2022-0759 CVE-2022-1012\n CVE-2022-1292 CVE-2022-1586 CVE-2022-1785\n CVE-2022-1897 CVE-2022-1927 CVE-2022-2068\n CVE-2022-2097 CVE-2022-21698 CVE-2022-30631\n CVE-2022-32250\n====================================================================\n1. Summary:\n\nAn update is now available for RHOL-5.5-RHEL-8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nLogging Subsystem 5.5.0 - Red Hat OpenShift\n\nSecurity Fix(es):\n\n* kubeclient: kubeconfig parsing error can lead to MITM attacks\n(CVE-2022-0759)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* prometheus/client_golang: Denial of service using\nInstrumentHandlerCounter (CVE-2022-21698)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2058404 - CVE-2022-0759 kubeclient: kubeconfig parsing error can lead to MITM attacks\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1415 - Allow users to tune fluentd\nLOG-1539 - Events and CLO csv are not collected after running `oc adm must-gather --image=$downstream-clo-image `\nLOG-1713 - Reduce Permissions granted for prometheus-k8s service account\nLOG-2063 - Collector pods fail to start when a Vector only Cluster Logging instance is created. \nLOG-2134 - The infra logs are sent to app-xx indices\nLOG-2159 - Cluster Logging Pods in CrashLoopBackOff\nLOG-2165 - [Vector] Default log level debug makes it hard to find useful error/failure messages. \nLOG-2167 - [Vector] Collector pods fails to start with configuration error when using Kafka SASL over SSL\nLOG-2169 - [Vector] Logs not being sent to Kafka with SASL plaintext. \nLOG-2172 - [vector]The openshift-apiserver and ovn audit logs can not be collected. \nLOG-2242 - Log file metric exporter is still following /var/log/containers files. \nLOG-2243 - grafana-dashboard-cluster-logging should be deleted once clusterlogging/instance was removed\nLOG-2264 - Logging link should contain an icon\nLOG-2274 - [Logging 5.5] EO doesn\u0027t recreate secrets kibana and kibana-proxy after removing them. \nLOG-2276 - Fluent config format is hard to read via configmap\nLOG-2290 - ClusterLogging Instance status in not getting updated in UI\nLOG-2291 - [release-5.5] Events listing out of order in Kibana 6.8.1\nLOG-2294 - [Vector] Vector internal metrics are not exposed via HTTPS due to which OpenShift Monitoring Prometheus service cannot scrape the metrics endpoint. \nLOG-2300 - [Logging 5.5]ES pods can\u0027t be ready after removing secret/signing-elasticsearch\nLOG-2303 - [Logging 5.5] Elasticsearch cluster upgrade stuck\nLOG-2308 - configmap grafana-dashboard-elasticsearch is being created and deleted continously\nLOG-2333 - Journal logs not reaching Elasticsearch output\nLOG-2337 - [Vector] Missing @ prefix from the timestamp field in log record. \nLOG-2342 - [Logging 5.5] Kibana pod can\u0027t connect to ES cluster after removing secret/signing-elasticsearch: \"x509: certificate signed by unknown authority\"\nLOG-2384 - Provide a method to get authenticated from GCP\nLOG-2411 - [Vector] Audit logs forwarding not working. \nLOG-2412 - CLO\u0027s loki output url is parsed wrongly\nLOG-2413 - PriorityClass cluster-logging is deleted if provide an invalid log type\nLOG-2418 - EO supported time units don\u0027t match the units specified in CRDs. \nLOG-2439 - Telemetry: the managedStatus\u0026healthStatus\u0026version values are wrong\nLOG-2440 - [loki-operator] Live tail of logs does not work on OpenShift\nLOG-2444 - The write index is removed when `the size of the index` \u003e `diskThresholdPercent% * total size`. \nLOG-2460 - [Vector] Collector pods fail to start on a FIPS enabled cluster. \nLOG-2461 - [Vector] Vector auth config not generated when user provided bearer token is used in a secret for connecting to LokiStack. \nLOG-2463 - Elasticsearch operator repeatedly prints error message when checking indices\nLOG-2474 - EO shouldn\u0027t grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.5]\nLOG-2522 - CLO supported time units don\u0027t match the units specified in CRDs. \nLOG-2525 - The container\u0027s logs are not sent to separate index if the annotation is added after the pod is ready. \nLOG-2546 - TLS handshake error on loki-gateway for FIPS cluster\nLOG-2549 - [Vector] [master] Journald logs not sent to the Log store when using Vector as collector. \nLOG-2554 - [Vector] [master] Fallback index is not used when structuredTypeKey is missing from JSON log data\nLOG-2588 - FluentdQueueLengthIncreasing rule failing to be evaluated. \nLOG-2596 - [vector]the condition in [transforms.route_container_logs] is inaccurate\nLOG-2599 - Supported values for level field don\u0027t match documentation\nLOG-2605 - $labels.instance is empty in the message when firing FluentdNodeDown alert\nLOG-2609 - fluentd and vector are unable to ship logs to elasticsearch when cluster-wide proxy is in effect\nLOG-2619 - containers violate PodSecurity -- Log Exporation\nLOG-2627 - containers violate PodSecurity -- Loki\nLOG-2649 - Level Critical should match the beginning of the line as the other levels\nLOG-2656 - Logging uses deprecated v1beta1 apis\nLOG-2664 - Deprecated Feature logs causing too much noise\nLOG-2665 - [Logging 5.5] Sometimes collector fails to push logs to Elasticsearch cluster\nLOG-2693 - Integration with Jaeger fails for ServiceMonitor\nLOG-2700 - [Vector] vector container can\u0027t start due to \"unknown field `pod_annotation_fields`\" . \nLOG-2703 - Collector DaemonSet is not removed when CLF is deleted for fluentd/vector only CL instance\nLOG-2725 - Upgrade logging-eventrouter Golang version and tags\nLOG-2731 - CLO keeps reporting `Reconcile ServiceMonitor retry error` and `Reconcile Service retry error` after creating clusterlogging. \nLOG-2732 - Prometheus Operator pod throws \u0027skipping servicemonitor\u0027 error on Jaeger integration\nLOG-2742 - unrecognized outputs when use the sts role secret\nLOG-2746 - CloudWatch forwarding rejecting large log events, fills tmpfs\nLOG-2749 - OpenShift Logging Dashboard for Elastic Shards shows \"active_primary\" instead of \"active\" shards. \nLOG-2753 - Update Grafana configuration for LokiStack integration on grafana/loki repo\nLOG-2763 - [Vector]{Master} Vector\u0027s healthcheck fails when forwarding logs to Lokistack. \nLOG-2764 - ElasticSearch operator does not respect referencePolicy when selecting oauth-proxy image\nLOG-2765 - ingester pod can not be started in IPv6 cluster\nLOG-2766 - [vector] failed to parse cluster url: invalid authority IPv6 http-proxy\nLOG-2772 - arn validation failed when role_arn=arn:aws-us-gov:xxx\nLOG-2773 - No cluster-logging-operator-metrics service in logging 5.5\nLOG-2778 - [Vector] [OCP 4.11] SA token not added to Vector config when connecting to LokiStack instance without CLF creds secret required by LokiStack. \nLOG-2784 - Japanese log messages are garbled at Kibana\nLOG-2793 - [Vector] OVN audit logs are missing the level field. \nLOG-2864 - [vector] Can not sent logs to default when loki is the default output in CLF\nLOG-2867 - [fluentd] All logs are sent to application tenant when loki is used as default logstore in CLF. \nLOG-2873 - [Vector] Cannot configure CPU/Memory requests/limits when using Vector as collector. \nLOG-2875 - Seeing a black rectangle box on the graph in Logs view\nLOG-2876 - The link to the \u0027Container details\u0027 page on the \u0027Logs\u0027 screen throws error\nLOG-2877 - When there is no query entered, seeing error message on the Logs view\nLOG-2882 - RefreshIntervalDropdown and TimeRangeDropdown always set back to its original values when switching between pages in \u0027Logs\u0027 screen\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-38561\nhttps://access.redhat.com/security/cve/CVE-2022-0759\nhttps://access.redhat.com/security/cve/CVE-2022-1012\nhttps://access.redhat.com/security/cve/CVE-2022-1292\nhttps://access.redhat.com/security/cve/CVE-2022-1586\nhttps://access.redhat.com/security/cve/CVE-2022-1785\nhttps://access.redhat.com/security/cve/CVE-2022-1897\nhttps://access.redhat.com/security/cve/CVE-2022-1927\nhttps://access.redhat.com/security/cve/CVE-2022-2068\nhttps://access.redhat.com/security/cve/CVE-2022-2097\nhttps://access.redhat.com/security/cve/CVE-2022-21698\nhttps://access.redhat.com/security/cve/CVE-2022-30631\nhttps://access.redhat.com/security/cve/CVE-2022-32250\nhttps://access.redhat.com/security/updates/classification/#important\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYv5/w9zjgjWX9erEAQhRBBAAiZe24VtCQruCG/MvGEOowBvHf/YNANlR\nN6WAw2VezEfvFkG7z599MWZVWz2jnZO6cn9i+CoNDanAmItPJ8ljK4sitrP2ywrG\nOKwqIa4DPrywFFTSMxemB604ewE0cvXifuqG5bQDn+GvndiV/u/XaVTYZseY1P5X\n8ZIJ20cxROOE9pg0/3eya27edZxDrgWx6BtzSEZw47ReV3Dogqy+KzRCAAoN+pE5\ng2t/E0u0Ypmjil9Ttsop/ejUg/iz8UTGtua4m1nzhZrsoE84p5xIgvCEkYlh3OrD\ntfawpj1r9Avcjk4zbZkAe/enSQZQv0iWD792SoP7/ddX5tIu05ArvPWj/NvN/rI4\ndFzMe2UmezuS2EQpzaWOug2xSQUbR1hI+Y4cy0YOHuwzeaMeoHSbNYTJmOxKR0v1\n44a9oSBku+Xfk8nUNqS+9oq0z3DlAWt2BjbfrJCbSjZQdOUOIGM95L3ClrXY9LYF\nPT5v+h2W4myonj6HVhkv+Wy7aRbYQ7Qhk/3AaN7Dz5soBSNK4exvOzWXGuf/BdSf\nXFef6O87ipZveHQYmTfH+t8aJV1plEVTrm8pyz2EfzCv1Fnhjn0rvbGZAFBlvqW+\nvhxoj505RQBBhcno16V1zczdd8KsiqY7aZniTuh2DQAVvNhqsHgn8rvQ7HJlExun\neIFVKOxx310=ynB/\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n\n5. \n\nRHEL-8-CNV-4.12\n\n=============\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1719190 - Unable to cancel live-migration if virt-launcher pod in pending state\n2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040377 - Unable to delete failed VMIM after VM deleted\n2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed\n2052556 - Metric \"kubevirt_num_virt_handlers_by_node_running_virt_launcher\" reporting incorrect value\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2060499 - [RFE] Cannot add additional service (or other objects) to VM template\n2069098 - Large scale |VMs migration is slow due to low migration parallelism\n2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2071491 - Storage Throughput metrics are incorrect in Overview\n2072797 - Metrics in Virtualization -\u003e Overview period is not clear or configurable\n2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers\n2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode\n2086551 - Min CPU feature found in labels\n2087724 - Default template show no boot source even there are auto-upload boot sources\n2088129 - [SSP] webhook does not comply with restricted security context\n2088464 - [CDI] cdi-deployment does not comply with restricted security context\n2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR\n2089744 - HCO should label its control plane namespace to admit pods at privileged security level\n2089751 - 4.12.0 containers\n2089804 - 4.12.0 rpms\n2091856 - ?Edit BootSource? action should have more explicit information when disabled\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer\n2093771 - The disk source should be PVC if the template has no auto-update boot source\n2093996 - kubectl get vmi API should always return primary interface if exist\n2094202 - Cloud-init username field should have hint\n2096285 - KubeVirt CR API documentation is missing docs for many fields\n2096780 - [RFE] Add ssh-key and sysprep to template scripts tab\n2097436 - Online disk expansion ignores filesystem overhead change\n2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2099556 - [RFE] Add option to enable RDP service for windows vm\n2099573 - [RFE] Improve template\u0027s message about not editable\n2099923 - [RFE] Merge \"SSH access\" and \"SSH command\" into one\n2100290 - Error is not dismissed on catalog review page\n2100436 - VM list filtering ignores VMs in error-states\n2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2100629 - Update nested support KBASE article\n2100679 - The number of hardware devices is not correct in vm overview tab\n2100682 - All hardware devices get deleted while just delete one\n2100684 - Workload profile are not editable during creation and after creation\n2101144 - VM filter has two \"Other\" checkboxes which are triggered together\n2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2101167 - Edit buttons clickable area is too large. \n2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id\n2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state\n2101390 - Easy to miss the \"tick\" when adding GPU device to vm via UI\n2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id\n2101423 - wrong user name on using ignition\n2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2101445 - \"Pending changes - Boot Order\"\n2101454 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2101499 - Cannot add NIC to VM template as non-priv user\n2101501 - NAME parameter in VM template has no effect. \n2101628 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2101667 - VMI view is not aligned with vm and tempates\n2101681 - All templates are labeling \"source available\" in template list page\n2102074 - VM Creation time on VM Overview Details card lacks string\n2102125 - vm clone modal is displaying DV size instead of PVC size\n2102132 - align the utilization card of single VM overview with the design\n2102138 - Should the word \"new\" be removed from \"Create new VirtualMachine from catalog\"?\n2102256 - Add button moved to right\n2102448 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102475 - Template \u0027vm-template-example\u0027 should be filtered by \u0027Fedora\u0027 rather than \u0027Other\u0027\n2102561 - sysprep-info should link to downstream doc\n2102737 - Clone a VM should lead to vm overview tab\n2102740 - \"Save\" button on vm clone modal should be \"Clone\"\n2103806 - \"404: Not Found\" appears shortly by clicking the PVC link on vm disk tab\n2103807 - PVC is not named by VM name while creating vm quickly\n2103817 - Workload profile values in vm details should align with template\u0027s value\n2103844 - VM nic model is empty\n2104331 - VM list page scroll up automatically\n2104402 - VM create button is not enabled while adding multiple environment disks\n2104422 - Storage status report \"OpenShift Data Foundation is not available\" even the operator is installed\n2104424 - Enable descheduler or hide it on template\u0027s scheduling tab\n2104479 - [4.12] Cloned VM\u0027s snapshot restore fails if the source VM disk is deleted\n2104480 - Alerts in VM overview tab disappeared after a few seconds\n2104785 - \"Add disk\" and \"Disks\" are on the same line\n2104859 - [RFE] Add \"Copy SSH command\" to VM action list\n2105257 - Can\u0027t set log verbosity level for virt-operator pod\n2106175 - All pages are crashed after visit Virtualization -\u003e Overview\n2106963 - Cannot add configmap for windows VM\n2107279 - VM Template\u0027s bootable disk can be marked as bootable\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2108339 - datasource does not provide timestamp when updated\n2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed\n2109818 - Upstream metrics documentation is not detailed enough\n2109975 - DataVolume fails to import \"cirros-container-disk-demo\" image\n2110256 - Storage -\u003e PVC -\u003e upload data, does not support source reference\n2110562 - CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls\n2111240 - GiB changes to B in Template\u0027s Edit boot source reference modal\n2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics\n2111328 - kubevirt plugin console crashed after visit vmi page\n2111378 - VM SSH command generated by UI points at api VIP\n2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates`\n2111794 - the virtlogd process is taking too much RAM! (17468Ki \u003e 17Mi)\n2112900 - button style are different\n2114516 - Nothing happens after clicking on Fedora cloud image list link\n2114636 - The style of displayed items are not unified on VM tabs\n2114683 - VM overview tab is crashed just after the vm is created\n2115257 - Need to Change system-product-name to \"OpenShift Virtualization\" in CNV-4.12\n2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass\n2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items\n2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates\n2116225 - The filter keyword of the related operator \u0027Openshift Data Foundation\u0027 is \u0027OCS\u0027 rather than \u0027ODF\u0027\n2116644 - Importer pod is failing to start with error \"MountVolume.SetUp failed for volume \"cdi-proxy-cert-vol\" : configmap \"custom-ca\" not found\"\n2117549 - Cannot edit cloud-init data after add ssh key\n2117803 - Cannot edit ssh even vm is stopped\n2117813 - Improve descriptive text of VM details while VM is off\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n2118257 - outdated doc link tolerations modal\n2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format\n2119069 - Unable to start windows VMs on PSI setups\n2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2119309 - readinessProbe in VM stays on failed\n2119615 - Change the disk size causes the unit changed\n2120907 - Cannot filter disks by label\n2121320 - Negative values in migration metrics\n2122236 - Failing to delete HCO with SSP sticking around\n2122990 - VMExport should check APIGroup\n2124147 - \"ReadOnlyMany\" should not be added to supported values in memory dump\n2124307 - Ui crash/stuck on loading when trying to detach disk on a VM\n2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it\n2124555 - View documentation link on MigrationPolicies page des not work\n2124557 - MigrationPolicy description is not displayed on Details page\n2124558 - Non-privileged user can start MigrationPolicy creation\n2124565 - Deleted DataSource reappears in list\n2124572 - First annotation can not be added to DataSource\n2124582 - Filtering VMs by OS does not work\n2124594 - Docker URL validation is inconsistent over application\n2124597 - Wrong case in Create DataSource menu\n2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile\n2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state\n2127787 - Expose the PVC source of the dataSource on UI\n2127843 - UI crashed by selecting \"Live migration network\"\n2127931 - Change default time range on Virtualization -\u003e Overview -\u003e Monitoring dashboard to 30 minutes\n2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer\n2128002 - Error after VM template deletion\n2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards\n2128872 - [4.11]Can\u0027t restore cloned VM\n2128948 - Cannot create DataSource from default YAML\n2128949 - Cannot create MigrationPolicy from example YAML\n2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2129013 - Mark Windows 11 as TechPreview\n2129234 - Service is not deleted along with the VM when the VM is created from a template with service\n2129301 - Cloud-init network data don\u0027t wipe out on uncheck checkbox \u0027Add network data\u0027\n2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook\n2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV\n2130588 - crypto-policy : Common Ciphers support by apiserver and hco\n2130695 - crypto-policy : Logging Improvement and publish the source of ciphers\n2130909 - Non-privileged user can start DataSource creation\n2131157 - KV data transfer rate chart in VM Metrics tab is not displayed\n2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough\n2131674 - Bump virtlogd memory requirement to 20Mi\n2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11\n2132682 - Default YAML entity name convention. \n2132721 - Delete dialogs\n2132744 - Description text is missing in Live Migrations section\n2132746 - Background is broken in Virtualization Monitoring page\n2132783 - VM can not be created from Template with edited boot source\n2132793 - Edited Template BSR is not saved\n2132932 - Typo in PVC size units menu\n2133540 - [pod security violation audit] Audit violation in \"cni-plugins\" container should be fixed\n2133541 - [pod security violation audit] Audit violation in \"bridge-marker\" container should be fixed\n2133542 - [pod security violation audit] Audit violation in \"manager\" container should be fixed\n2133543 - [pod security violation audit] Audit violation in \"kube-rbac-proxy\" container should be fixed\n2133655 - [pod security violation audit] Audit violation in \"cdi-operator\" container should be fixed\n2133656 - [4.12][pod security violation audit] Audit violation in \"hostpath-provisioner-operator\" container should be fixed\n2133659 - [pod security violation audit] Audit violation in \"cdi-controller\" container should be fixed\n2133660 - [pod security violation audit] Audit violation in \"cdi-source-update-poller\" container should be fixed\n2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod\n2134672 - [e2e] add data-test-id for catalog -\u003e storage section\n2134825 - Authorization for expand-spec endpoint missing\n2135805 - Windows 2022 template is missing vTPM and UEFI params in spec\n2136051 - Name jumping when trying to create a VM with source from catalog\n2136425 - Windows 11 is detected as Windows 10\n2136534 - Not possible to specify a TTL on VMExports\n2137123 - VMExport: export pod is not PSA complaint\n2137241 - Checkbox about delete vm disks is not loaded while deleting VM\n2137243 - registery input add docker prefix twice\n2137349 - \"Manage source\" action infinitely loading on DataImportCron details page\n2137591 - Inconsistent dialog headings/titles\n2137731 - Link of VM status in overview is not working\n2137733 - No link for VMs in error status in \"VirtualMachine statuses\" card\n2137736 - The column name \"MigrationPolicy name\" can just be \"Name\"\n2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly\n2138112 - Unsupported S3 endpoint option in Add disk modal\n2138119 - \"Customize VirtualMachine\" flow is not user-friendly because settings are split into 2 modals\n2138199 - Win11 and Win22 templates are not filtered properly by Template provider\n2138653 - Saving Template prameters reloads the page\n2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail\n2138664 - VM that was created with SSH key fails to start\n2139257 - Cannot add disk via \"Using an existing PVC\"\n2139260 - Clone button is disabled while VM is running\n2139293 - Non-admin user cannot load VM list page\n2139296 - Non-admin cannot load MigrationPolicies page\n2139299 - No auto-generated VM name while creating VM by non-admin user\n2139306 - Non-admin cannot create VM via customize mode\n2139479 - virtualization overview crashes for non-priv user\n2139574 - VM name gets \"emptyname\" if click the create button quickly\n2139651 - non-priv user can click create when have no permissions\n2139687 - catalog shows template list for non-priv users\n2139738 - [4.12]Can\u0027t restore cloned VM\n2139820 - non-priv user cant reach vm details\n2140117 - Provide upgrade path from 4.11.1-\u003e4.12.0\n2140521 - Click the breadcrumb list about \"VirtualMachines\" goes to undefined project\n2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user\n2140627 - Not able to select storageClass if there is no default storageclass defined\n2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user\n2140808 - Hyperv feature set to \"enabled: false\" prevents scheduling\n2140977 - Alerts number is not correct on Virtualization overview\n2140982 - The base template of cloned template is \"Not available\"\n2140998 - Incorrect information shows in overview page per namespace\n2141089 - Unable to upload boot images. \n2141302 - Unhealthy states alerts and state metrics are missing\n2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations\n2141494 - \"Start in pause mode\" option is not available while creating the VM\n2141654 - warning log appearing on VMs: found no SR-IOV networks\n2141711 - Node column selector is redundant for non-priv user\n2142468 - VM action \"Stop\" should not be disabled when VM in pause state\n2142470 - Delete a VM or template from all projects leads to 404 error\n2142511 - Enhance alerts card in overview\n2142647 - Error after MigrationPolicy deletion\n2142891 - VM latency checkup: Failed to create the checkup\u0027s Job\n2142929 - Permission denied when try get instancestypes\n2143268 - Topolvm storageProfile missing accessModes and volumeMode\n2143498 - Could not load template while creating VM from catalog\n2143964 - Could not load template while creating VM from catalog\n2144580 - \"?\" icon is too big in VM Template Disk tab\n2144828 - \"?\" icon is too big in VM Template Disk tab\n2144839 - Alerts number is not correct on Virtualization overview\n2153849 - After upgrade to 4.11.1-\u003e4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten\n2155757 - Incorrect upstream-version label \"v1.6.0-unstable-410-g09ea881c\" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.6.0 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/\n\nSecurity fixes: \n\n* CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n* CVE-2022-30629 golang: crypto/tls: session tickets lack random\nticket_age_add\n\n* CVE-2022-1705 golang: net/http: improper sanitization of\nTransfer-Encoding header\n\n* CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n\n* CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n\n* CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n\n* CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n* CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n\n* CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n\n* CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n\n* CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy -\nomit X-Forwarded-For not working\n\nBug fixes:\n\n* assisted-service repo pin-latest.py script should allow custom tags to be\npinned (BZ# 2065661)\n\n* assisted-service-build image is too big in size (BZ# 2066059)\n\n* assisted-service pin-latest.py script should exclude the postgres image\n(BZ# 2076901)\n\n* PXE artifacts need to be served via HTTP (BZ# 2078531)\n\n* Implementing new service-agent protocol on agent side (BZ# 2081281)\n\n* RHACM 2.6.0 images (BZ# 2090906)\n\n* Assisted service POD keeps crashing after a bare metal host is created\n(BZ# 2093503)\n\n* Assisted service triggers the worker nodes re-provisioning on the hub\ncluster when the converged flow is enabled (BZ# 2096106)\n\n* Fix assisted CI jobs that fail for cluster-info readiness (BZ# 2097696)\n\n* Nodes are required to have installation disks of at least 120GB instead\nof at minimum of 100GB (BZ# 2099277)\n\n* The pre-selected search keyword is not readable (BZ# 2107736)\n\n* The value of label expressions in the new placement for policy and\npolicysets cannot be shown real-time from UI (BZ# 2111843)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2065661 - assisted-service repo pin-latest.py script should allow custom tags to be pinned\n2066059 - assisted-service-build image is too big in size\n2076901 - assisted-service pin-latest.py script should exclude the postgres image\n2078531 - iPXE artifacts need to be served via HTTP\n2081281 - Implementing new service-agent protocol on agent side\n2090901 - Capital letters in install-config.yaml .platform.baremetal.hosts[].name cause bootkube errors\n2090906 - RHACM 2.6.0 images\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2093503 - Assisted service POD keeps crashing after a bare metal host is created\n2096106 - Assisted service triggers the worker nodes re-provisioning on the hub cluster when the converged flow is enabled\n2096445 - Assisted service POD keeps crashing after a bare metal host is created\n2096460 - Spoke BMH stuck \"inspecting\" when deployed via the converged workflow\n2097696 - Fix assisted CI jobs that fail for cluster-info readiness\n2099277 - Nodes are required to have installation disks of at least 120GB instead of at minimum of 100GB\n2103703 - Automatic version upgrade triggered for oadp operator installed by cluster-backup-chart\n2104117 - Spoke BMH stuck ?available? after changing a BIOS attribute via the converged workflow\n2104984 - Infrastructure operator missing clusterrole permissions for interacting with mutatingwebhookconfigurations\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2105339 - Search Application button on the Application Table for Subscription applications does not Redirect\n2105357 - [UI] hypershift cluster creation error - n[0] is undefined\n2106347 - Submariner error looking up service account submariner-operator/submariner-addon-sa\n2106882 - Security Context Restrictions are restricting creation of some pods which affects the deployment of some applications\n2107049 - The clusterrole for global clusterset did not created by default\n2107065 - governance-policy-framework in CrashLoopBackOff state on spoke cluster: Failed to start manager {\"error\": \"error listening on :8081: listen tcp :8081: bind: address already in use\"}\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107370 - Helm Release resource recreation feature does not work with the local cluster\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2108888 - Hypershift on AWS - control plane not running\n2109370 - The button to create the cluster is not visible\n2111203 - Add ocp 4.11 to filters for discovering clusters in ACM 2.6\n2111218 - Create cluster - Infrastructure page crashes\n2111651 - \"View application\" button on app table for Flux applications redirects to apiVersion=ocp instead of flux\n2111663 - Hosted cluster in Pending import state\n2111671 - Leaked namespaces after deleting hypershift deployment\n2111770 - [ACM 2.6] there is no node info for remote cluster in multiple hubs\n2111843 - The value of label expressions in the new placement for policy and policysets cannot be shown real-time from UI\n2112180 - The policy page is crashed after input keywords in the search box\n2112281 - config-policy-controller pod can\u0027t startup in the OCP3.11 managed cluster\n2112318 - Can\u0027t delete the objects which are re-created by policy when deleting the policy\n2112321 - BMAC reconcile loop never stops after changes\n2112426 - No cluster discovered due to x509: certificate signed by unknown authority\n2112478 - Value of delayAfterRunSeconds is not shown on the final submit panel and the word itself should not be wrapped. \n2112793 - Can\u0027t view details of the policy template when set the spec.pruneObjectBehavior as unsupported value\n2112803 - ClusterServiceVersion for release 2.6 branch references \"latest\" tag\n2113787 - [ACM 2.6] can not delete namespaces after detaching the hosted cluster\n2113838 - the cluster proxy-agent was deployed on the non-infra nodes\n2113842 - [ACM 2.6] must restart hosting cluster registration pod if update work-manager-addon cr to change installNamespace\n2114982 - Control plane type shows \u0027Standalone\u0027 for hypershift cluster\n2115622 - Hub fromsecret function doesn\u0027t work for hosted mode in multiple hub\n2115723 - Can\u0027t view details of the policy template for customer and hypershift cluster in hosted mode from UI\n2115993 - Policy automation details panel was not updated after editing the mode back to disabled\n2116211 - Count of violations with unknown status was not accurate when managed clusters have mixed status\n2116329 - cluster-proxy-agent not startup due to the imagepullbackoff on spoke cluster\n2117113 - The proxy-server-host was not correct in cluster-proxy-agent\n2117187 - pruneObjectBehavior radio selection cannot work well and always switch the first one template in multiple configurationPolicy templates\n2117480 - [ACM 2.6] infra-id of HypershiftDeployment doesn\u0027t work\n2118338 - Report the \"namespace not found\" error after clicked view yaml link of a policy in the multiple hub env\n2119326 - Can\u0027t view details of the SecurityContextConstraints policy for managed clusters from UI\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-3293 - log-file-metric-exporter container has not limits exhausting the resources of the node\n\n6. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags. \n\nThe sha values for the release are\n\n(For x86_64 architecture)\nThe image digest is\nsha256:c6771b12bd873c0e3e5fbc7afa600d92079de6534dcb52f09cb1d22ee49608a9\n\n(For s390x architecture)\nThe image digest is\nsha256:622b5361f95d1d512ea84f363ac06155cbb9ee28e85ccaae1acd80b98b660fa8\n\n(For ppc64le architecture)\nThe image digest is\nsha256:50c131cf85dfb00f258af350a46b85eff8fb8084d3e1617520cd69b59caeaff7\n\n(For aarch64 architecture)\nThe image digest is\nsha256:9e575c4ece9caaf31acbef246ccad71959cd5bf634e7cb284b0849ddfa205ad7\n\nAll OpenShift Container Platform 4.11 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2215317 - CVE-2022-21235 github.com/Masterminds/vcs: Command Injection via argument injection\n\n5. JIRA issues fixed (https://issues.redhat.com/):\n\nOCPBUGS-15446 - (release-4.11) gather \"gateway-mode-config\" config map from \"openshift-network-operator\" namespace\nOCPBUGS-15532 - visiting Configurations page returns error Cannot read properties of undefined (reading \u0027apiGroup\u0027)\nOCPBUGS-15645 - Can\u0027t use git lfs in BuildConfig git source with strategy Docker\nOCPBUGS-15739 - Environment cannot find Python\nOCPBUGS-15758 - [release-4.11] Bump Jenkins and Jenkins Agent Base image versions\nOCPBUGS-15942 - 9% of OKD tests failing on error: tag latest failed: Internal error occurred: registry.centos.org/dotnet/dotnet-31-centos7:latest: Get \"https://registry.centos.org/v2/\": dial tcp: lookup registry.centos.org on 172.30.0.10:53: no such host\nOCPBUGS-15966 - [4.12] MetalLB contains incorrect data Correct and incorrect MetalLB resources coexist should have correct statuses\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1927"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011219"
},
{
"db": "VULHUB",
"id": "VHN-423615"
},
{
"db": "PACKETSTORM",
"id": "168150"
},
{
"db": "PACKETSTORM",
"id": "168222"
},
{
"db": "PACKETSTORM",
"id": "168112"
},
{
"db": "PACKETSTORM",
"id": "168284"
},
{
"db": "PACKETSTORM",
"id": "170741"
},
{
"db": "PACKETSTORM",
"id": "168287"
},
{
"db": "PACKETSTORM",
"id": "170179"
},
{
"db": "PACKETSTORM",
"id": "173605"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1927",
"trust": 3.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011219",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168150",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168112",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168287",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168222",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168284",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168516",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167944",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168538",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168378",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168182",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168289",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168139",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168013",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169443",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169435",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168022",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168213",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4253",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-423615",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170741",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170179",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "173605",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423615"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011219"
},
{
"db": "PACKETSTORM",
"id": "168150"
},
{
"db": "PACKETSTORM",
"id": "168222"
},
{
"db": "PACKETSTORM",
"id": "168112"
},
{
"db": "PACKETSTORM",
"id": "168284"
},
{
"db": "PACKETSTORM",
"id": "170741"
},
{
"db": "PACKETSTORM",
"id": "168287"
},
{
"db": "PACKETSTORM",
"id": "170179"
},
{
"db": "PACKETSTORM",
"id": "173605"
},
{
"db": "NVD",
"id": "CVE-2022-1927"
}
]
},
"id": "VAR-202205-1990",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-423615"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T19:42:03.324000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011219"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-126",
"trust": 1.1
},
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423615"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011219"
},
{
"db": "NVD",
"id": "CVE-2022-1927"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.1,
"url": "https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.1,
"url": "https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ozslfikfyu5y2km5ejkqnyhwrubdq4gj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/"
},
{
"trust": 1.0,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qmfhbc5oqxdpv2sdya2juqgvcpyastjb/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-1586"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-1785"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-1897"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-1927"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-2097"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-30631"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-30630"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-30635"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-28131"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-30633"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-30632"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-1962"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-32148"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-1705"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-32206"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-32208"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-35525"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-34903"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-35527"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-42898"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-37434"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-29526"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-29824"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23806"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21698"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-40528"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23773"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23772"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1962"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28131"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-38561"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-32250"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1012"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1705"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2526"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-29154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-30629"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26716"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27406"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-30293"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40674"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22624"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22662"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-3709"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22629"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26717"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26719"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2509"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26709"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26700"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27405"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26710"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1304"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27404"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22628"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3515"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qmfhbc5oqxdpv2sdya2juqgvcpyastjb/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ozslfikfyu5y2km5ejkqnyhwrubdq4gj/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.11/html/4.11_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24921"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0670"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22576"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24772"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29810"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27774"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23440"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23440"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1650"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1650"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6156"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24773"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30635"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30633"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0759"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32250"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0759"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32148"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0408"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0391"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0256"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3787"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25309"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30699"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25310"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1798"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-20107"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0924"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0562"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0908"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1055"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0865"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26373"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-20368"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1048"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3640"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0561"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-39399"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0562"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0854"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29581"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1016"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2078"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21499"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-36946"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42003"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0865"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0909"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0561"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0854"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21626"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28390"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36558"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27950"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23960"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1184"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25255"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42004"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1355"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28893"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0215"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-47629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-1281"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3634"
},
{
"trust": 0.1,
"url": "https://registry.centos.org/v2/\":"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:4053"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42012"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42010"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-32233"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42011"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-24329"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2023:4052"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4450"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3580"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423615"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011219"
},
{
"db": "PACKETSTORM",
"id": "168150"
},
{
"db": "PACKETSTORM",
"id": "168222"
},
{
"db": "PACKETSTORM",
"id": "168112"
},
{
"db": "PACKETSTORM",
"id": "168284"
},
{
"db": "PACKETSTORM",
"id": "170741"
},
{
"db": "PACKETSTORM",
"id": "168287"
},
{
"db": "PACKETSTORM",
"id": "170179"
},
{
"db": "PACKETSTORM",
"id": "173605"
},
{
"db": "NVD",
"id": "CVE-2022-1927"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-423615"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011219"
},
{
"db": "PACKETSTORM",
"id": "168150"
},
{
"db": "PACKETSTORM",
"id": "168222"
},
{
"db": "PACKETSTORM",
"id": "168112"
},
{
"db": "PACKETSTORM",
"id": "168284"
},
{
"db": "PACKETSTORM",
"id": "170741"
},
{
"db": "PACKETSTORM",
"id": "168287"
},
{
"db": "PACKETSTORM",
"id": "170179"
},
{
"db": "PACKETSTORM",
"id": "173605"
},
{
"db": "NVD",
"id": "CVE-2022-1927"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-29T00:00:00",
"db": "VULHUB",
"id": "VHN-423615"
},
{
"date": "2023-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011219"
},
{
"date": "2022-08-25T15:22:18",
"db": "PACKETSTORM",
"id": "168150"
},
{
"date": "2022-09-01T16:33:07",
"db": "PACKETSTORM",
"id": "168222"
},
{
"date": "2022-08-19T15:03:34",
"db": "PACKETSTORM",
"id": "168112"
},
{
"date": "2022-09-07T16:57:47",
"db": "PACKETSTORM",
"id": "168284"
},
{
"date": "2023-01-26T15:29:09",
"db": "PACKETSTORM",
"id": "170741"
},
{
"date": "2022-09-07T17:07:14",
"db": "PACKETSTORM",
"id": "168287"
},
{
"date": "2022-12-09T14:52:40",
"db": "PACKETSTORM",
"id": "170179"
},
{
"date": "2023-07-19T15:37:11",
"db": "PACKETSTORM",
"id": "173605"
},
{
"date": "2022-05-29T14:15:08.047000",
"db": "NVD",
"id": "CVE-2022-1927"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-423615"
},
{
"date": "2023-08-21T05:10:00",
"db": "JVNDB",
"id": "JVNDB-2022-011219"
},
{
"date": "2024-11-21T06:41:46.120000",
"db": "NVD",
"id": "CVE-2022-1927"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011219"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "173605"
}
],
"trust": 0.1
}
}
var-202208-0814
Vulnerability from variot
The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak. feep.net of libtar Products from multiple other vendors are vulnerable to lack of freeing memory after expiration.Service operation interruption (DoS) It may be in a state. openEuler is an operating system of the Open Atom Open Source Foundation. There are security vulnerabilities in openEuler 20.03-LTS-SP1, 20.03-LTS-SP3 and 22.03-LTS versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: libtar security update Advisory ID: RHSA-2023:2898-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2898 Issue date: 2023-05-16 CVE Names: CVE-2021-33643 CVE-2021-33644 CVE-2021-33645 CVE-2021-33646 ==================================================================== 1. Summary:
An update for libtar is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The libtar packages contain a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions.
Security Fix(es):
-
libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)
-
libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)
-
libtar: memory leak found in th_read() function (CVE-2021-33645)
-
libtar: memory leak found in th_read() function (CVE-2021-33646)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: libtar-1.2.20-17.el8.src.rpm
aarch64: libtar-1.2.20-17.el8.aarch64.rpm libtar-debuginfo-1.2.20-17.el8.aarch64.rpm libtar-debugsource-1.2.20-17.el8.aarch64.rpm
ppc64le: libtar-1.2.20-17.el8.ppc64le.rpm libtar-debuginfo-1.2.20-17.el8.ppc64le.rpm libtar-debugsource-1.2.20-17.el8.ppc64le.rpm
s390x: libtar-1.2.20-17.el8.s390x.rpm libtar-debuginfo-1.2.20-17.el8.s390x.rpm libtar-debugsource-1.2.20-17.el8.s390x.rpm
x86_64: libtar-1.2.20-17.el8.i686.rpm libtar-1.2.20-17.el8.x86_64.rpm libtar-debuginfo-1.2.20-17.el8.i686.rpm libtar-debuginfo-1.2.20-17.el8.x86_64.rpm libtar-debugsource-1.2.20-17.el8.i686.rpm libtar-debugsource-1.2.20-17.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-33643 https://access.redhat.com/security/cve/CVE-2021-33644 https://access.redhat.com/security/cve/CVE-2021-33645 https://access.redhat.com/security/cve/CVE-2021-33646 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBZGNwdNzjgjWX9erEAQjfPw//SoG/pVemP1peDGxUFDfBMBbldrFWpNro Te4tTe3YAkVgQgtnGZ8n3Arlrryk+3wfgQj3u9gdUj1w14YyEZC8hpWLCXI5iw/P Ul4dHHOnO0UW568dkaqUeJjl02o2ugRp2RZVt14yuZqLKmF9WCJW7lCZQLoqCIVp 7P3vZOQBlyU6BuGXO4Th86fpLDEZCboBQDA2QeNFvt+qNwvNxgb3A05217tfXnZ4 EpltZPIrl8pzEmmWA09XeFgIm5GXNiWjjR/fF3OHSgQ9cmXnafxWSBNiDlzHNQCk 0/z5gcvl+BJLceQoZBo6hdldHCiOF20jCxr8Nb/3sSJ+zAqQqqNsnDQ1TGs2GMDz Mx5JECSk0p79MMKR0mrP2NbCqxqEsqOkjinIa0PDlKNPFbEikA4l7fXu58KyHsr/ V9otYHvD1ilS7cTw1FGi198oodCofA+euZCQBNnWuFbnrCo1cyRBN6mjCMZwDgww ZhNWOUvAmkhtC5ebBb8zuMJ73ojSwiv886kJbEjDlG7SDGbMPHxEAgTHWZp5l+jw z36m+SegsAXE/UKHRYTFriRA5p1pyq/AVUMwhMXvQhwwNxPl2wsaUOJGFBw3Fu3n bAFXpxAngQvELHEFOtmL9fzbnFo93OTkvuz9tJpbvNOCmDBJJEN6Znhic0iWzT0p kHiakPvkvj4=I+bk -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-0814",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openeuler",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "22.03"
},
{
"model": "openeuler",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "20.03"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "libtar",
"scope": "lt",
"trust": 1.0,
"vendor": "feep",
"version": "1.2.21"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "openeuler",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "libtar",
"scope": null,
"trust": 0.8,
"vendor": "feep net",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020151"
},
{
"db": "NVD",
"id": "CVE-2021-33646"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "172362"
}
],
"trust": 0.1
},
"cve": "CVE-2021-33646",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-33646",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-33646",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33646",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-33646",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2782",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020151"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2782"
},
{
"db": "NVD",
"id": "CVE-2021-33646"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The th_read() function doesn\u2019t free a variable t-\u003eth_buf.gnu_longname after allocating memory, which may cause a memory leak. feep.net of libtar Products from multiple other vendors are vulnerable to lack of freeing memory after expiration.Service operation interruption (DoS) It may be in a state. openEuler is an operating system of the Open Atom Open Source Foundation. There are security vulnerabilities in openEuler 20.03-LTS-SP1, 20.03-LTS-SP3 and 22.03-LTS versions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: libtar security update\nAdvisory ID: RHSA-2023:2898-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:2898\nIssue date: 2023-05-16\nCVE Names: CVE-2021-33643 CVE-2021-33644 CVE-2021-33645\n CVE-2021-33646\n====================================================================\n1. Summary:\n\nAn update for libtar is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe libtar packages contain a C library for manipulating tar archives. The\nlibrary supports both the strict POSIX tar format and many of the commonly\nused GNU extensions. \n\nSecurity Fix(es):\n\n* libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)\n\n* libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)\n\n* libtar: memory leak found in th_read() function (CVE-2021-33645)\n\n* libtar: memory leak found in th_read() function (CVE-2021-33646)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.8 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nlibtar-1.2.20-17.el8.src.rpm\n\naarch64:\nlibtar-1.2.20-17.el8.aarch64.rpm\nlibtar-debuginfo-1.2.20-17.el8.aarch64.rpm\nlibtar-debugsource-1.2.20-17.el8.aarch64.rpm\n\nppc64le:\nlibtar-1.2.20-17.el8.ppc64le.rpm\nlibtar-debuginfo-1.2.20-17.el8.ppc64le.rpm\nlibtar-debugsource-1.2.20-17.el8.ppc64le.rpm\n\ns390x:\nlibtar-1.2.20-17.el8.s390x.rpm\nlibtar-debuginfo-1.2.20-17.el8.s390x.rpm\nlibtar-debugsource-1.2.20-17.el8.s390x.rpm\n\nx86_64:\nlibtar-1.2.20-17.el8.i686.rpm\nlibtar-1.2.20-17.el8.x86_64.rpm\nlibtar-debuginfo-1.2.20-17.el8.i686.rpm\nlibtar-debuginfo-1.2.20-17.el8.x86_64.rpm\nlibtar-debugsource-1.2.20-17.el8.i686.rpm\nlibtar-debugsource-1.2.20-17.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-33643\nhttps://access.redhat.com/security/cve/CVE-2021-33644\nhttps://access.redhat.com/security/cve/CVE-2021-33645\nhttps://access.redhat.com/security/cve/CVE-2021-33646\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZGNwdNzjgjWX9erEAQjfPw//SoG/pVemP1peDGxUFDfBMBbldrFWpNro\nTe4tTe3YAkVgQgtnGZ8n3Arlrryk+3wfgQj3u9gdUj1w14YyEZC8hpWLCXI5iw/P\nUl4dHHOnO0UW568dkaqUeJjl02o2ugRp2RZVt14yuZqLKmF9WCJW7lCZQLoqCIVp\n7P3vZOQBlyU6BuGXO4Th86fpLDEZCboBQDA2QeNFvt+qNwvNxgb3A05217tfXnZ4\nEpltZPIrl8pzEmmWA09XeFgIm5GXNiWjjR/fF3OHSgQ9cmXnafxWSBNiDlzHNQCk\n0/z5gcvl+BJLceQoZBo6hdldHCiOF20jCxr8Nb/3sSJ+zAqQqqNsnDQ1TGs2GMDz\nMx5JECSk0p79MMKR0mrP2NbCqxqEsqOkjinIa0PDlKNPFbEikA4l7fXu58KyHsr/\nV9otYHvD1ilS7cTw1FGi198oodCofA+euZCQBNnWuFbnrCo1cyRBN6mjCMZwDgww\nZhNWOUvAmkhtC5ebBb8zuMJ73ojSwiv886kJbEjDlG7SDGbMPHxEAgTHWZp5l+jw\nz36m+SegsAXE/UKHRYTFriRA5p1pyq/AVUMwhMXvQhwwNxPl2wsaUOJGFBw3Fu3n\nbAFXpxAngQvELHEFOtmL9fzbnFo93OTkvuz9tJpbvNOCmDBJJEN6Znhic0iWzT0p\nkHiakPvkvj4=I+bk\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33646"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020151"
},
{
"db": "VULHUB",
"id": "VHN-393724"
},
{
"db": "PACKETSTORM",
"id": "172362"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33646",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020151",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2782",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-393724",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172362",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393724"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020151"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2782"
},
{
"db": "NVD",
"id": "CVE-2021-33646"
}
]
},
"id": "VAR-202208-0814",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-393724"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:02:28.911000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "openEuler Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=204271"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2782"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-401",
"trust": 1.1
},
{
"problemtype": "Lack of memory release after expiration (CWE-401) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393724"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020151"
},
{
"db": "NVD",
"id": "CVE-2021-33646"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openeuler-sa-2022-1807"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7q26qdnojdofywmjweik5xr62m2ff6ij/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/od4hebsti22fnykokk7w3x6zqe6fv3xc/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4s4pjrcjleawn2ekxglsobtl7o57v7nc/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7wx5ye66ct7y5c2hthxsfdkqwywywj2t/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5yshzy753r7xw6cikjvawi373ww3yrrj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4s4pjrcjleawn2ekxglsobtl7o57v7nc/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5yshzy753r7xw6cikjvawi373ww3yrrj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7q26qdnojdofywmjweik5xr62m2ff6ij/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7wx5ye66ct7y5c2hthxsfdkqwywywj2t/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/od4hebsti22fnykokk7w3x6zqe6fv3xc/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33646"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/libtar-four-vulnerabilities-39176"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-33646/"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33646"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33644"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33644"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33643"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393724"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020151"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2782"
},
{
"db": "NVD",
"id": "CVE-2021-33646"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-393724"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020151"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2782"
},
{
"db": "NVD",
"id": "CVE-2021-33646"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-393724"
},
{
"date": "2023-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-020151"
},
{
"date": "2023-05-16T17:07:39",
"db": "PACKETSTORM",
"id": "172362"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2782"
},
{
"date": "2022-08-10T20:15:20.637000",
"db": "NVD",
"id": "CVE-2021-33646"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-11T00:00:00",
"db": "VULHUB",
"id": "VHN-393724"
},
{
"date": "2023-09-19T08:11:00",
"db": "JVNDB",
"id": "JVNDB-2021-020151"
},
{
"date": "2022-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2782"
},
{
"date": "2023-11-07T03:35:53.873000",
"db": "NVD",
"id": "CVE-2021-33646"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2782"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "feep.net\u00a0 of \u00a0libtar\u00a0 Vulnerability related to lack of free memory after expiration in products from other vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020151"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2782"
}
],
"trust": 0.6
}
}
var-202205-2059
Vulnerability from variot
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. Solution:
The OpenShift Service Mesh Release Notes provide information on the features and known issues:
https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html
- JIRA issues fixed (https://issues.jboss.org/):
OSSM-1105 - IOR doesn't support a host with namespace/ prefix OSSM-1205 - Specifying logging parameter will make istio-ingressgateway and istio-egressgateway failed to start OSSM-1668 - [Regression] jwksResolverCA field in SMCP is missing OSSM-1718 - Istio Operator pauses reconciliation when gateway deployed to non-control plane namespace OSSM-1775 - [Regression] Incorrect 3scale image specified for 2.0 control planes OSSM-1800 - IOR should copy labels from Gateway to Route OSSM-1805 - Reconcile SMCP when Kiali is not available OSSM-1846 - SMCP fails to reconcile when enabling PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER OSSM-1868 - Container release for Maistra 2.2.2
- Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Summary:
OpenShift sandboxed containers 1.3.1 is now available. Description:
OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. Solution:
Before applying this update, ensure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):
KATA-1751 - CVE-2022-24675 osc-operator-container: golang: encoding/pem: fix stack overflow in Decode [rhosc-1] KATA-1752 - CVE-2022-28327 osc-operator-container: golang: crypto/elliptic: panic caused by oversized scalar [rhosc-1] KATA-1754 - OSC Pod security issue in 4.12 prevents subscribing to operator KATA-1758 - CVE-2022-30632 osc-operator-container: golang: path/filepath: stack exhaustion in Glob [rhosc-1]
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
Vim (Vi IMproved) is an updated and improved version of the vi editor. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.3.12 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Bugs fixed (https://bugzilla.redhat.com/):
2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation 2101411 - RHACM 2.3.12 images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
- Summary:
This is an updated release of the Self Node Remediation Operator. The Self Node Remediation Operator replaces the Poison Pill Operator, and is delivered by Red Hat Workload Availability. Description:
The Self Node Remediation Operator works in conjunction with the Machine Health Check or the Node Health Check Operators to provide automatic remediation of unhealthy nodes by rebooting them. This minimizes downtime for stateful applications and RWO volumes, as well as restoring compute capacity in the event of transient failures. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html
Security Fix(es):
- github.com/Masterminds/vcs: Command Injection via argument injection (CVE-2022-21235)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags. Bugs fixed (https://bugzilla.redhat.com/):
2215317 - CVE-2022-21235 github.com/Masterminds/vcs: Command Injection via argument injection
- JIRA issues fixed (https://issues.redhat.com/):
OCPBUGS-15446 - (release-4.11) gather "gateway-mode-config" config map from "openshift-network-operator" namespace OCPBUGS-15532 - visiting Configurations page returns error Cannot read properties of undefined (reading 'apiGroup') OCPBUGS-15645 - Can't use git lfs in BuildConfig git source with strategy Docker OCPBUGS-15739 - Environment cannot find Python OCPBUGS-15758 - [release-4.11] Bump Jenkins and Jenkins Agent Base image versions OCPBUGS-15942 - 9% of OKD tests failing on error: tag latest failed: Internal error occurred: registry.centos.org/dotnet/dotnet-31-centos7:latest: Get "https://registry.centos.org/v2/": dial tcp: lookup registry.centos.org on 172.30.0.10:53: no such host OCPBUGS-15966 - [4.12] MetalLB contains incorrect data Correct and incorrect MetalLB resources coexist should have correct statuses
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.13.0 security update Advisory ID: RHSA-2023:1326-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:1326 Issue date: 2023-05-17 CVE Names: CVE-2021-4235 CVE-2021-4238 CVE-2021-20329 CVE-2021-38561 CVE-2021-43519 CVE-2021-44964 CVE-2022-1271 CVE-2022-1586 CVE-2022-1587 CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 CVE-2022-2509 CVE-2022-2990 CVE-2022-3080 CVE-2022-3259 CVE-2022-4203 CVE-2022-4304 CVE-2022-4450 CVE-2022-21698 CVE-2022-23525 CVE-2022-23526 CVE-2022-26280 CVE-2022-27191 CVE-2022-29154 CVE-2022-29824 CVE-2022-34903 CVE-2022-38023 CVE-2022-38177 CVE-2022-38178 CVE-2022-40674 CVE-2022-41316 CVE-2022-41717 CVE-2022-41721 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898 CVE-2022-42919 CVE-2022-46146 CVE-2022-47629 CVE-2023-0056 CVE-2023-0215 CVE-2023-0216 CVE-2023-0217 CVE-2023-0229 CVE-2023-0286 CVE-2023-0361 CVE-2023-0401 CVE-2023-0620 CVE-2023-0665 CVE-2023-0778 CVE-2023-25000 CVE-2023-25165 CVE-2023-25173 CVE-2023-25577 CVE-2023-25725 CVE-2023-25809 CVE-2023-27561 CVE-2023-28642 CVE-2023-30570 CVE-2023-30841 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.13.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2023:1325
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html
Security Fix(es):
-
goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238)
-
go-yaml: Denial of Service in go-yaml (CVE-2021-4235)
-
mongo-go-driver: specific cstrings input may not be properly validated (CVE-2021-20329)
-
golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
-
prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
-
helm: Denial of service through through repository index file (CVE-2022-23525)
-
helm: Denial of service through schema file (CVE-2022-23526)
-
golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
-
vault: insufficient certificate revocation list checking (CVE-2022-41316)
-
golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
-
x/net/http2/h2c: request smuggling (CVE-2022-41721)
-
net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)
-
golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)
-
golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)
-
exporter-toolkit: authentication bypass via cache poisoning (CVE-2022-46146)
-
vault: Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File (CVE-2023-0620)
-
hashicorp/vault: Vault’s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata (CVE-2023-0665)
-
hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations (CVE-2023-25000)
-
helm: getHostByName Function Information Disclosure (CVE-2023-25165)
-
containerd: Supplementary groups are not set up properly (CVE-2023-25173)
-
runc: volume mount race condition (regression of CVE-2019-19921) (CVE-2023-27561)
-
runc: AppArmor can be bypassed when
/procinside the container is symlinked with a specific mount configuration (CVE-2023-28642) -
baremetal-operator: plain-text username and hashed password readable by anyone having a cluster-wide read-access (CVE-2023-30841)
-
runc: Rootless runc makes
/sys/fs/cgroupwritable (CVE-2023-25809)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html
- Solution:
For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html
You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags
The sha values for the release are:
(For x86_64 architecture) The image digest is sha256:74b23ed4bbb593195a721373ed6693687a9b444c97065ce8ac653ba464375711
(For s390x architecture) The image digest is sha256:a32d509d960eb3e889a22c4673729f95170489789c85308794287e6e9248fb79
(For ppc64le architecture) The image digest is sha256:bca0e4a4ed28b799e860e302c4f6bb7e11598f7c136c56938db0bf9593fb76f8
(For aarch64 architecture) The image digest is sha256:e07e4075c07fca21a1aed9d7f9c165696b1d0fa4940a219a000894e5683d846c
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1770297 - console odo download link needs to go to an official location or have caveats [openshift-4.4]
1853264 - Metrics produce high unbound cardinality
1877261 - [RFE] Mounted volume size issue when restore a larger size pvc than snapshot
1904573 - OpenShift: containers modify /etc/passwd group writable
1943194 - when using gpus, more nodes than needed are created by the node autoscaler
1948666 - After entering valid git repo url on Import from git page, throwing warning message instead Validated
1971033 - CVE-2021-20329 mongo-go-driver: specific cstrings input may not be properly validated
2005232 - Pods list page should only show Create Pod button to user has sufficient permission
2016006 - Repositories list does not show the running pipelinerun as last pipelinerun
2027000 - The user is ignored when we create a new file using a MachineConfig
2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
2047299 - nodeport not reachable port connection timeout
2050230 - Implement LIST call chunking in openshift-sdn
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2065166 - GCP - Less privileged service accounts are created with Service Account User role
2066388 - Wrong Error generates when https is missing in the value of regionEndpoint in configs.imageregistry.operator.openshift.io/cluster
2066664 - [cluster-storage-operator] - Minimize wildcard/privilege Usage in Cluster and Local Roles
2070744 - openshift-install destroy in us-gov-west-1 results in infinite loop - AWS govcloud
2075548 - Support AllocateLoadBalancerNodePorts=False with ETP=local, LGW mode
2076619 - Could not create deployment with an unknown git repo and builder image build strategy
2078222 - egressIPs behave inconsistently towards in-cluster traffic (hosts and services backed by host-networked pods)
2079981 - PVs not deleting on azure (or very slow to delete) since CSI migration to azuredisk
2081858 - OVN-Kubernetes: SyncServices for nodePortWatcherIptables should propagate failures back to caller
2083087 - "Delete dependent objects of this resource" might cause confusions
2084452 - PodDisruptionBudgets help message should be semantic
2087043 - Cluster API components should use K8s 1.24 dependencies
2087553 - No rhcos-4.11/x86_64 images in the 2 new regions on alibabacloud, "ap-northeast-2 (South Korea (Seoul))" and "ap-southeast-7 (Thailand (Bangkok))"
2089093 - CVO hotloops on OperatorGroup due to the diff of "upgradeStrategy": string("Default")
2089138 - CVO hotloops on ValidatingWebhookConfiguration /performance-addon-operator
2090680 - upgrade for a disconnected cluster get hang on retrieving and verifying payload
2092567 - Network policy is not being applied as expected
2092811 - Datastore name is too long
2093339 - [rebase v1.24] Only known images used by tests
2095719 - serviceaccounts are not updated after upgrade from 4.10 to 4.11
2100181 - WebScale: configure-ovs.sh fails because it picks the wrong default interface
2100429 - [apiserver-auth] default SCC restricted allow volumes don't have "ephemeral" caused deployment with Generic Ephemeral Volumes stuck at Pending
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
2104978 - MCD degrades are not overwrite-able by subsequent errors
2110565 - PDB: Remove add/edit/remove actions in Pod resource action menu
2110570 - Topology sidebar: Edit pod count shows not the latest replicas value when edit the count again
2110982 - On GCP, need to check load balancer health check IPs required for restricted installation
2113973 - operator scc is nor fixed when we define a custom scc with readOnlyRootFilesystem: true
2114515 - Getting critical NodeFilesystemAlmostOutOfSpace alert for 4K tmpfs
2115265 - Search page: LazyActionMenus are shown below Add/Remove from navigation button
2116686 - [capi] Cluster kind should be valid
2117374 - Improve Pod Admission failure for restricted-v2 denials that pass with restricted
2135339 - CVE-2022-41316 vault: insufficient certificate revocation list checking
2149436 - CVE-2022-46146 exporter-toolkit: authentication bypass via cache poisoning
2154196 - CVE-2022-23526 helm: Denial of service through schema file
2154202 - CVE-2022-23525 helm: Denial of service through through repository index file
2156727 - CVE-2021-4235 go-yaml: Denial of Service in go-yaml
2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be
2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests
2162182 - CVE-2022-41721 x/net/http2/h2c: request smuggling
2168458 - CVE-2023-25165 helm: getHostByName Function Information Disclosure
2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly
2175721 - CVE-2023-27561 runc: volume mount race condition (regression of CVE-2019-19921)
2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding
2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption
2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics
2182883 - CVE-2023-28642 runc: AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration
2182884 - CVE-2023-25809 runc: Rootless runc makes /sys/fs/cgroup writable
2182972 - CVE-2023-25000 hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations
2182981 - CVE-2023-0665 hashicorp/vault: Vault?s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata
2184663 - CVE-2023-0620 vault: Vault?s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
2190116 - CVE-2023-30841 baremetal-operator: plain-text username and hashed password readable by anyone having a cluster-wide read-access
- JIRA issues fixed (https://issues.jboss.org/):
OCPBUGS-10036 - Enable aesgcm encryption provider by default in openshift/api
OCPBUGS-10038 - Enable aesgcm encryption provider by default in openshift/cluster-config-operator
OCPBUGS-10042 - Enable aesgcm encryption provider by default in openshift/cluster-kube-apiserver-operator
OCPBUGS-10043 - Enable aesgcm encryption provider by default in openshift/cluster-openshift-apiserver-operator
OCPBUGS-10044 - Enable aesgcm encryption provider by default in openshift/cluster-authentication-operator
OCPBUGS-10047 - oc-mirror print log: unable to parse reference oci://mno/redhat-operator-index:v4.12
OCPBUGS-10057 - With WPC card configured as GM or BC, phc2sys clock lock state is shown as FREERUN in ptp metrics while it should be LOCKED
OCPBUGS-10213 - aws: mismatch between RHCOS and AWS SDK regions
OCPBUGS-10220 - Newly provisioned machines unable to join cluster
OCPBUGS-10221 - Risk cache warming takes too long on channel changes
OCPBUGS-10237 - Limit the nested repository path while mirroring the images using oc-mirror for those who cant have nested paths in their container registry
OCPBUGS-10239 - [release-4.13] Fix of ServiceAccounts gathering
OCPBUGS-10249 - PollConsoleUpdates won't fire toast if one or more manifests errors when plugins change
OCPBUGS-10267 - NetworkManager TUI quits regardless of a detected unsupported configuration
OCPBUGS-10271 - [4.13] Netflink overflow alert
OCPBUGS-10278 - Graph-data is not mounted on graph-builder correctly while install using graph-data image built by oc-mirror
OCPBUGS-10281 - Openshift Ansible OVS version out of sync with RHCOS
OCPBUGS-10291 - Broken link for Ansible tagging
OCPBUGS-10298 - TenantID is ignored in some cases
OCPBUGS-10320 - Catalogs should not be included in the ImageContentSourcePolicy.yaml
OCPBUGS-10321 - command cannot be worked after chroot /host for oc debug pod
OCPBUGS-1033 - Multiple extra manifests in the same file are not applied correctly
OCPBUGS-10334 - Nutanix cloud-controller-manager pod not have permission to get/list ConfigMap
OCPBUGS-10353 - kube-apiserver not receiving or processing shutdown signal after coreos 9.2 bump
OCPBUGS-10367 - Pausing pools in OCP 4.13 will cause critical alerts to fire
OCPBUGS-10377 - [gcp] IPI installation with Shielded VMs enabled failed on restarting the master machines
OCPBUGS-10404 - Workload annotation missing from deployments
OCPBUGS-10421 - RHCOS 4.13 live iso x84_64 contains restrictive policy.json
OCPBUGS-10426 - node-topology is not exported due to kubelet.sock: connect: permission denied
OCPBUGS-10427 - 4.1 born cluster fails to scale-up due to podman run missing --authfile flag
OCPBUGS-10432 - CSI Inline Volume admission plugin does not log object name correctly
OCPBUGS-10440 - OVN IPSec - does not create IPSec tunnels
OCPBUGS-10474 - OpenShift pipeline TaskRun(s) column Duration is not present as column in UI
OCPBUGS-10476 - Disable netlink mode of netclass collector in Node Exporter.
OCPBUGS-1048 - if tag categories don't exist, the installation will fail to bootstrap
OCPBUGS-10483 - [4.13 arm64 image][AWS EFS] Driver fails to get installed/exec format error
OCPBUGS-10558 - MAPO failing to retrieve flavour information after rotating credentials
OCPBUGS-10585 - [4.13] Request to update RHCOS installer bootimage metadata
OCPBUGS-10586 - Console shows x509 error when requesting token from oauth endpoint
OCPBUGS-10597 - The agent-tui shows again during the installation
OCPBUGS-1061 - administrator console, monitoring-alertmanager-edit user list or create silence, "Observe - Alerting - Silences" page is pending
OCPBUGS-10645 - 4.13: Operands running management side missing affinity, tolerations, node selector and priority rules than the operator
OCPBUGS-10656 - create image command erroneously logs that Base ISO was obtained from release
OCPBUGS-10657 - When releaseImage is a digest the create image command generates spurious warning
OCPBUGS-10658 - Wrong PrimarySubnet in OpenstackProviderSpec when using Failure Domains
OCPBUGS-10661 - machine API operator failing with No Major.Minor.Patch elements found
OCPBUGS-10678 - Developer catalog shows ImageStreams as samples which has no sampleRepo
OCPBUGS-10679 - Show type of sample on the samples view
OCPBUGS-10689 - [IPI on BareMetal]: Workers failing inspection when installing with proxy
OCPBUGS-10697 - [release-4.13] User is allowed to create IP Address pool with duplicate entries for namespace and matchExpression for serviceSelector and namespaceSelector
OCPBUGS-10698 - [release-4.13] Already assigned IP address is removed from a service on editing the ip address pool.
OCPBUGS-10710 - Metal virtual media job permafails during early bootstrap
OCPBUGS-10716 - Image Registry default to Removed on IBM cloud after 4.13.0-ec.3
OCPBUGS-10739 - [4.13] Bootimage bump tracker
OCPBUGS-10744 - [4.13] EgressFirewall status disappeared
OCPBUGS-10746 - Downstream Operator-SDK v1.22.2 to OCP 4.13
OCPBUGS-10771 - upgrade test failure with "Cluster operator control-plane-machine-set is not available"
OCPBUGS-10773 - TestNewAppRun unit test failing
OCPBUGS-10792 - Hypershift namespace servicemonitor has wrong API group
OCPBUGS-10793 - Ignore device list missing in Node Exporter
OCPBUGS-10796 - [4.13] Egress firewall is not retried on error
OCPBUGS-10799 - Network policy perf improvements
OCPBUGS-10801 - [4.13] Upgrade to 4.10 stalled on timeout completing syncEgressFirewall
OCPBUGS-10811 - Missing vCenter build number in telemetry
OCPBUGS-10813 - SCOS bootstrap should skip pivot when root is not writable
OCPBUGS-10826 - RHEL 9.2 doesn't contain the kernel-abi-whitelists package.
OCPBUGS-10832 - Edit Deployment (and DC) form doesn't enable Save button when changing strategy type
OCPBUGS-10833 - update the default pipelineRun template name
OCPBUGS-10834 - [OVNK] [IC] Having only one leader election in the master process
OCPBUGS-10873 - OVN to OVN-H migration seems broken
OCPBUGS-10888 - oauth-server fails to invalidate cache, causing non existing groups being referenced
OCPBUGS-10890 - Hypershift replace upgrade: node in NotReady after upgrading from a 4.14 image to another 4.14 image
OCPBUGS-10891 - Cluster Autoscaler balancing similar nodes test fails randomly
OCPBUGS-10892 - Passwords printed in log messages
OCPBUGS-10893 - Remove unsupported warning in oc-mirror when using the --skip-pruning flag
OCPBUGS-10902 - [IBMCloud] destroyed the private cluster, fail to cleanup the dns records
OCPBUGS-10903 - [IBMCloud] fail to ssh to master/bootstrap/worker nodes from the bastion inside a customer vpc.
OCPBUGS-10907 - move to rhel9 in DTK for 4.13
OCPBUGS-10914 - Node healthz server: return unhealthy when pod is to be deleted
OCPBUGS-10919 - Update Samples Operator to use latest jenkins 4.12 release
OCPBUGS-10923 - Cluster bootstrap waits for only one master to join before finishing
OCPBUGS-10929 - Kube 1.26 for ovn-k
OCPBUGS-10946 - For IPv6-primary dual-stack cluster, kubelet.service renders only single node-ip
OCPBUGS-10951 - When imagesetconfigure without OCI FBC format config, but command with use-oci-feature flag, the oc-mirror command should check the imagesetconfigure firstly and print error immediately
OCPBUGS-10953 - ovnkube-node does not close up correctly
OCPBUGS-10955 - [release-4.13] NMstate complains about ping not working when adding multiple routing tables with different gateways
OCPBUGS-10960 - [4.13] Vertical Scaling: do not trigger inadvertent machine deletion during bootstrap
OCPBUGS-10965 - The network-tools image stream is missing in the cluster samples
OCPBUGS-10982 - [4.13] nodeSelector in EgressFirewall doesn't work in dualstack cluster
OCPBUGS-10989 - Agent create sub-command is returning fatal error
OCPBUGS-10990 - EgressIP doesn't work in GCP XPN cluster
OCPBUGS-11004 - Bootstrap kubelet client cert should include system:serviceaccounts group
OCPBUGS-11010 - [vsphere] zone cluster installation fails if vSphere Cluster is embedded in Folder
OCPBUGS-11022 - [4.13][scale] all egressfirewalls will be updated on every node update
OCPBUGS-11023 - [4.13][scale] Ingress network policy creates more flows than before
OCPBUGS-11031 - SNO OCP upgrade from 4.12 to 4.13 failed due to node-tuning operator is not available - tuned pod stuck at Terminating
OCPBUGS-11032 - Update the validation interval for the cluster transfer to 12 hours
OCPBUGS-11040 - --container-runtime is being removed in k8s 1.27
OCPBUGS-11054 - GCP: add europe-west12 region to the survey as supported region
OCPBUGS-11055 - APIServer service isn't selected correctly for PublicAndPrivate cluster when external-dns is not configured
OCPBUGS-11058 - [4.13] Conmon leaks symbolic links in /var/run/crio when pods are deleted
OCPBUGS-11068 - nodeip-configuration not enabled for VSphere UPI
OCPBUGS-11107 - Alerts display incorrect source when adding external alert sources
OCPBUGS-11117 - The provided gcc RPM inside DTK does not match the gcc used to build the kernel
OCPBUGS-11120 - DTK docs should mention the ubi9 base image instead of ubi8
OCPBUGS-11213 - BMH moves to deleting before all finalizers are processed
OCPBUGS-11218 - "pipelines-as-code-pipelinerun-go" configMap is not been used for the Go repository
OCPBUGS-11222 - kube-controller-manager cluster operator is degraded due connection refused while querying rules
OCPBUGS-11227 - Relax CSR check due to k8s 1.27 changes
OCPBUGS-11232 - All projects options shows as undefined after selection in Dev perspective Pipelines page
OCPBUGS-11248 - Secret name variable get renders in Create Image pull secret alert
OCPBUGS-1125 - Fix disaster recovery test [sig-etcd][Feature:DisasterRecovery][Disruptive] [Feature:EtcdRecovery] Cluster should restore itself after quorum loss [Serial]
OCPBUGS-11257 - egressip cannot be assigned on hypershift hosted cluster node
OCPBUGS-11261 - [AWS][4.13] installer get stuck if BYO private hosted zone is configured
OCPBUGS-11263 - PTP KPI version 4.13 RC2 WPC - offset jumps to huge numbers
OCPBUGS-11307 - Egress firewall node selector test missing
OCPBUGS-11333 - startupProbe for UWM prometheus is still 15m
OCPBUGS-11339 - ose-ansible-operator base image version is still 4.12 in the operators that generated by operator-sdk 4.13
OCPBUGS-11340 - ose-helm-operator base image version is still 4.12 in the operators that generated by operator-sdk 4.13
OCPBUGS-11341 - openshift-manila-csi-driver is missing the workload.openshift.io/allowed label
OCPBUGS-11354 - CPMS: node readiness transitions not always trigger reconcile
OCPBUGS-11384 - Switching from enabling realTime to disabling Realtime Workloadhint causes stalld to be enabled
OCPBUGS-11390 - Service Binding Operator installation fails: "A subscription for this operator already exists in namespace ..."
OCPBUGS-11424 - [release-4.13] new whereabouts reconciler relies on HOSTNAME which != spec.nodeName
OCPBUGS-11427 - [release-4.13] whereabouts reads wrong annotation "k8s.v1.cni.cncf.io/networks-status", should be "k8s.v1.cni.cncf.io/network-status"
OCPBUGS-11456 - PTP - When GM and downstream slaves are configured on same server, ptp metrics show slaves as FREERUN
OCPBUGS-11458 - Ingress Takes 40s on Average Downtime During GCP OVN Upgrades
OCPBUGS-11460 - CPMS doesn't always generate configurations for AWS
OCPBUGS-11468 - Community operator cannot be mirrored due to malformed image address
OCPBUGS-11469 - [release4.13] "exclude bundles with olm.deprecated property when rendering" not backport
OCPBUGS-11473 - NS autolabeler requires RoleBinding subject namespace to be set when using ServiceAccount
OCPBUGS-11485 - [4.13] NVMe disk by-id rename breaks LSO/ODF
OCPBUGS-11503 - Update 4.13 cluster-network-operator image in Dockerfile to be consistent with ART
OCPBUGS-11506 - CPMS e2e periodics tests timeout failures
OCPBUGS-11507 - Potential 4.12 to 4.13 upgrade failure due to NIC rename
OCPBUGS-11510 - Setting cpu-quota.crio.io to disable with crun causes container creation to fail
OCPBUGS-11511 - [4.13] static container pod cannot be running due to CNI request failed with status 400
OCPBUGS-11529 - [Azure] fail to collect the vm serial log with ?gather bootstrap?
OCPBUGS-11536 - Cluster monitoring operator runs node-exporter with btrfs collector
OCPBUGS-11545 - multus-admission-controller should not run as root under Hypershift-managed CNO
OCPBUGS-11558 - multus-admission-controller should not run as root under Hypershift-managed CNO
OCPBUGS-11589 - Ensure systemd is compatible with rhel8 journalctl
OCPBUGS-11598 - openshift-azure-routes triggered continously on rhel9
OCPBUGS-11606 - User configured In-cluster proxy configuration squashed in hypershift
OCPBUGS-11643 - Updating kube-rbac-proxy images to be consistent with ART
OCPBUGS-11657 - [4.13] Static IPv6 LACP bonding is randomly failing in RHCOS 413.92
OCPBUGS-11659 - Error extracting libnmstate.so.1.3.3 when create image
OCPBUGS-11661 - AWS s3 policy changes block all OCP installs on AWS
OCPBUGS-11669 - Bump to kubernetes 1.26.3
OCPBUGS-11683 - [4.13] Add Controller health to CEO liveness probe
OCPBUGS-11694 - [4.13] Update legacy toolbox to use registry.redhat.io/rhel9/support-tools
OCPBUGS-11706 - ccoctl cannot create STS documents in 4.10-4.13 due to s3 policy changes
OCPBUGS-11750 - TuningCNI cnf-test failure: sysctl allowlist update
OCPBUGS-11765 - [4.13] Keep current OpenSSH default config in RHCOS 9
OCPBUGS-11776 - [4.13] VSphereStorageDriver does not document the platform default
OCPBUGS-11778 - Upgrade SNO: no resolv.conf caused by failure in forcedns dispatcher script
OCPBUGS-11787 - Update 4.14 ose-vmware-vsphere-csi-driver image to be consistent with ART
OCPBUGS-11789 - [4.13] Bootimage bump tracker
OCPBUGS-11799 - [4.13] Bootimage bump tracker
OCPBUGS-11823 - [Reliability]kube-apiserver's memory usage keep increasing to max 3GB in 7 days
OCPBUGS-11848 - PtpOperatorsConfig not applying correctly
OCPBUGS-11866 - Pipeline is not removed when Deployment/DC/Knative Service or Application is deleted
OCPBUGS-11870 - [4.13] Nodes in Ironic are created without namespaces initially
OCPBUGS-11876 - oc-mirror generated file-based catalogs crashloop
OCPBUGS-11908 - Got the file exists error when different digest direct to the same tag
OCPBUGS-11917 - the warn message won't disappear in co/node-tuning when scale down machineset
OCPBUGS-11919 - Console metrics could have a high cardinality (4.13)
OCPBUGS-11950 - fail to create vSphere IPI cluster as apiVIP and ingressVIP are not in machine networks
OCPBUGS-11955 - NTP config not applied
OCPBUGS-11968 - Instance shouldn't be moved back from f to a
OCPBUGS-11985 - [4.13] Ironic inspector service should be proxied
OCPBUGS-12172 - Users don't know what type of resource is being created by Import from Git or Deploy Image flows
OCPBUGS-12179 - agent-tui is failing to start when using libnmstate.2
OCPBUGS-12186 - Pipeline doesn't render correctly when displayed but looks fine in edit mode
OCPBUGS-12198 - create hosted cluster failed with aws s3 access issue
OCPBUGS-12212 - cluster failed to convert from dualstack to ipv4 single stack
OCPBUGS-12225 - Add new OCP 4.13 storage admission plugin
OCPBUGS-12257 - Catalogs rebuilt by oc-mirror are in crashloop : cache is invalid
OCPBUGS-12259 - oc-mirror fails to complete with heads only complaining about devworkspace-operator
OCPBUGS-12271 - Hypershift conformance test fails new cpu partitioning tests
OCPBUGS-12272 - Importing a kn Service shows a non-working Open URL decorator also when the Add Route checkbox was unselected
OCPBUGS-12273 - When Creating Sample Devfile from the Samples Page, Topology Icon is not set
OCPBUGS-12450 - [4.13] Fix Flake TestAttemptToScaleDown/scale_down_only_by_one_machine_at_a_time
OCPBUGS-12465 - --use-oci-feature leads to confusion and needs to be better named
OCPBUGS-12478 - CSI driver + operator containers are not pinned to mgmt cores
OCPBUGS-1264 - e2e-vsphere-zones failing due to unable to parse cloud-config
OCPBUGS-12698 - redfish-virtualmedia mount not working
OCPBUGS-12703 - redfish-virtualmedia mount not working
OCPBUGS-12708 - [4.13] Changing a PreprovisioningImage ImageURL and/or ExtraKernelParams should reboot the host
OCPBUGS-1272 - "opm alpha render-veneer basic" doesn't support pipe stdin
OCPBUGS-12737 - Multus admission controller must have "hypershift.openshift.io/release-image" annotation when CNO is managed by Hypershift
OCPBUGS-12786 - OLM CatalogSources in guest cluster cannot pull images if pre-GA
OCPBUGS-12804 - Dual stack VIPs incompatible with EnableUnicast setting
OCPBUGS-12854 - cluster-reader role cannot access "k8s.ovn.org" API Group resources
OCPBUGS-12862 - IPv6 ingress VIP not configured in keepalived on vSphere Dual-stack
OCPBUGS-12865 - Kubernetes-NMState CI is perma-failing
OCPBUGS-12933 - Node Tuning Operator crashloops when in Hypershift mode
OCPBUGS-12994 - TCP DNS Local Preference is not working for Openshift SDN
OCPBUGS-12999 - Backport owners through 4.13, 4.12
OCPBUGS-13029 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13
OCPBUGS-13057 - ppc64le releases don't install because ovs fails to start (invalid permissions)
OCPBUGS-13069 - [whereabouts-cni] CNO must use reconciliation controller in order to support dual stack in 4.12 [4.13 dependency]
OCPBUGS-13071 - CI fails on TestClientTLS
OCPBUGS-13072 - Capture tests don't work in OVNK
OCPBUGS-13076 - Load balancers/ Ingress controller removal race condition
OCPBUGS-13157 - CI fails on TestRouterCompressionOperation
OCPBUGS-13254 - Nutanix cloud provider should use Kubernetes 1.26 dependencies
OCPBUGS-1327 - [IBMCloud] Worker machines unreachable during initial bring up
OCPBUGS-1352 - OVN silently failing in case of a stuck pod
OCPBUGS-1427 - Ignore non-ready endpoints when processing endpointslices
OCPBUGS-1428 - service account token secret reference
OCPBUGS-1435 - [Ingress Node Firewall Operator] [Web Console] Allow user to override namespace where the operator is installed, currently user can install it only in openshift-operators ns
OCPBUGS-1443 - Unable to get ClusterVersion error while upgrading 4.11 to 4.12
OCPBUGS-1453 - TargetDown alert expression is NOT correctly joining kube-state-metrics metric
OCPBUGS-1458 - cvo pod crashloop during bootstrap: featuregates: connection refused
OCPBUGS-1486 - Avoid re-metric'ing the pods that are already setup when ovnkube-master disrupts/reinitializes/restarts/goes through leader election
OCPBUGS-1557 - Default to floating automaticRestart for new GCP instances
OCPBUGS-1560 - [vsphere] installation fails when only configure single zone in install-config
OCPBUGS-1565 - Possible split brain with keepalived unicast
OCPBUGS-1566 - Automation Offline CPUs Test cases
OCPBUGS-1577 - Incorrect network configuration in worker node with two interfaces
OCPBUGS-1604 - Common resources out-of-date when using multicluster switcher
OCPBUGS-1606 - Multi-cluster: We should not filter OLM catalog by console pod architecture and OS on managed clusters
OCPBUGS-1612 - [vsphere] installation errors out when missing topology in a failure domain
OCPBUGS-1617 - Remove unused node.kubernetes.io/not-reachable toleration
OCPBUGS-1627 - [vsphere] installation fails when setting user-defined folder in failure domain
OCPBUGS-1646 - [osp][octavia lb] LBs type svcs not updated until all the LBs are created
OCPBUGS-166 - 4.11 SNOs fail to complete install because of "failed to get pod annotation: timed out waiting for annotations: context deadline exceeded"
OCPBUGS-1665 - Scorecard failed because of the request of PodSecurity
OCPBUGS-1671 - Creating a statefulset with the example image from the UI on ARM64 leads to a Pod in crashloopbackoff due to the only-amd64 image provided
OCPBUGS-1704 - [gcp] when the optional Service Usage API is disabled, IPI installation cannot succeed
OCPBUGS-1725 - Affinity rule created in router deployment for single-replica infrastructure and "NodePortService" endpoint publishing strategy
OCPBUGS-1741 - Can't load additional Alertmanager templates with latest 4.12 OpenShift
OCPBUGS-1748 - PipelineRun templates must be fetched from OpenShift namespace
OCPBUGS-1761 - osImages that cannot be pulled do not set the node as Degraded properly
OCPBUGS-1769 - gracefully fail when iam:GetRole is denied
OCPBUGS-1778 - Can't install clusters with schedulable masters
OCPBUGS-1791 - Wait-for install-complete did not exit upon completion.
OCPBUGS-1805 - [vsphere-csi-driver-operator] CSI cloud.conf doesn't list multiple datacenters when specified
OCPBUGS-1807 - Ingress Operator startup bad log message formatting
OCPBUGS-1844 - Ironic dnsmasq doesn't include existing DNS settings during iPXE boot
OCPBUGS-1852 - [RHOCP 4.10] Subscription tab for operator doesn't land on correct URL
OCPBUGS-186 - PipelineRun task status overlaps status text
OCPBUGS-1998 - Cluster monitoring fails to achieve new level during upgrade w/ unavailable node
OCPBUGS-2015 - TestCertRotationTimeUpgradeable failing consistently in kube-apiserver-operator
OCPBUGS-2083 - OCP 4.10.33 uses a weak 3DES cipher in the VMWare CSI Operator for communication and provides no method to disable it
OCPBUGS-2088 - User can set rendezvous host to be a worker
OCPBUGS-2141 - doc link in PrometheusDataPersistenceNotConfigured message is 4.8
OCPBUGS-2145 - 'maxUnavailable' and 'minAvailable' on PDB creation page - i18n misses
OCPBUGS-2209 - Hard eviction thresholds is different with k8s default when PAO is enabled
OCPBUGS-2248 - [alibabacloud] IPI installation failed with master nodes being NotReady and CCM error "alicloud: unable to split instanceid and region from providerID"
OCPBUGS-2260 - KubePodNotReady - Increase Tolerance During Master Node Restarts
OCPBUGS-2306 - On Make Serverless page, to change values of the inputs minpod, maxpod and concurrency fields, we need to click the ? + ? or ? - ', it can't be changed by typing in it.
OCPBUGS-2319 - metal-ipi upgrade success rate dropped 30+% in last week
OCPBUGS-2384 - [2035720] [IPI on Alibabacloud] deploying a private cluster by 'publish: Internal' failed due to 'dns_public_record'
OCPBUGS-2440 - unknown field logs in prometheus-operator
OCPBUGS-2471 - BareMetalHost is available without cleaning if the cleaning attempt fails
OCPBUGS-2479 - Right border radius is 0 for the pipeline visualization wrapper in dark mode
OCPBUGS-2500 - Developer Topology always blanks with large contents when first rendering
OCPBUGS-2513 - Disconnected cluster installation fails with pull secret must contain auth for "registry.ci.openshift.org"
OCPBUGS-2525 - [CI Watcher] Ongoing timeout failures associated with multiple CRD-extensions tests
OCPBUGS-2532 - Upgrades from 4.11.9 to latest 4.12.x Nightly builds do not succeed
OCPBUGS-2551 - "Error loading" when normal user check operands on All namespaces
OCPBUGS-2569 - ovn-k network policy races
OCPBUGS-2579 - Helm Charts and Samples are not disabled in topology actions if actions are disabled in customization
OCPBUGS-266 - Project Access tab cannot differentiate between users and groups
OCPBUGS-2666 - create a project link not backed by RBAC check
OCPBUGS-272 - Getting duplicate word "find" when kube-apiserver degraded=true if webhook matches a virtual resource
OCPBUGS-2727 - ClusterVersionRecommendedUpdate condition blocks explicitly allowed upgrade which is not in the available updates
OCPBUGS-2729 - should ignore enP.* NICs from node-exporter on Azure cluster
OCPBUGS-2735 - Operand List Page Layout Incorrect on small screen size.
OCPBUGS-2738 - CVE-2022-26945 CVE-2022-30321 CVE-2022-30322 CVE-2022-30323 ose-baremetal-installer-container: various flaws [openshift-4.13.z]
OCPBUGS-2824 - The dropdown list component will be covered by deployment details page on Topology page
OCPBUGS-2827 - OVNK: NAT issue for packets exceeding check_pkt_larger() for NodePort services that route to hostNetworked pods
OCPBUGS-2841 - Need validation rule for supported arch
OCPBUGS-2845 - Unable to use application credentials for Cinder CSI after OpenStack credentials update
OCPBUGS-2847 - GCP XPN should only be available with Tech Preview
OCPBUGS-2851 - [OCI feature] registries.conf support in oc mirror
OCPBUGS-2852 - etcd failure: failed to make etcd client for endpoints [https://[2620:52:0:1eb:367x:5axx:xxx:xxx]:2379]: context deadline exceeded
OCPBUGS-2868 - Container networking pods cannot be access hosted network pods on another node in ipv6 single stack cluster
OCPBUGS-2873 - Prometheus doesn't reload TLS certificate and key files on disk
OCPBUGS-2886 - The LoadBalaner section shouldn't be set when using Kuryr on cloud-provider
OCPBUGS-2891 - AWS Deprovision Fails with unrecognized elastic load balancing resource type listener
OCPBUGS-2895 - [RFE] 4.11 Azure DiskEncryptionSet static validation does not support upper-case letters
OCPBUGS-2904 - If all the actions are disabled in add page, Details on/off toggle switch to be disabled
OCPBUGS-2907 - provisioning of baremetal nodes fails when using multipath device as rootDeviceHints
OCPBUGS-2921 - br-ex interface not configured makes ovnkube-node Pod to crashloop
OCPBUGS-2922 - 'Status' column sorting doesn't work as expected
OCPBUGS-2926 - Unable to gather OpenStack console logs since kernel cmd line has no console args
OCPBUGS-2934 - Ingress node firewall pod 's events container on the node causing pod in CrashLoopBackOff state when sctp module is loaded on node
OCPBUGS-2941 - CIRO unable to detect swift when content-type is omitted in 204-responses
OCPBUGS-2946 - [AWS] curl network Loadbalancer always get "Connection time out"
OCPBUGS-2948 - Whereabouts CNI timesout while iterating exclude range
OCPBUGS-2988 - apiserver pods cannot reach etcd on single node IPv6 cluster: transport: authentication handshake failed: x509: certificate is valid for ::1, 127.0.0.1, ::1, fd69::2, not 2620:52:0:198::10"
OCPBUGS-2991 - CI jobs are failing with: admission webhook "validation.csi.vsphere.vmware.com" denied the request
OCPBUGS-2992 - metal3 pod crashloops on OKD in BareMetal IPI or assisted-installer bare metal installations
OCPBUGS-2994 - Keepalived monitor stuck for long period of time on kube-api call while installing
OCPBUGS-2996 - [4.13] Bootimage bump tracker
OCPBUGS-3018 - panic in WaitForBootstrapComplete
OCPBUGS-3021 - GCP: missing me-west1 region
OCPBUGS-3024 - Service list shows undefined:80 when type is ExternalName or LoadBalancer
OCPBUGS-3027 - Metrics are not available when running console in development mode
OCPBUGS-3029 - BareMetalHost CR fails to delete on cluster cleanup
OCPBUGS-3033 - Clicking the logo in the masthead goes to /dashboards, even if metrics are disabled
OCPBUGS-3041 - Guard Pod Hostnames Too Long and Truncated Down Into Collisions With Other Masters
OCPBUGS-3069 - Should show information on page if the upgrade to a target version doesn't take effect.
OCPBUGS-3072 - Operator-sdk run bundle with old sqllite index image failed
OCPBUGS-3079 - RPS hook only sets the first queue, but there are now many
OCPBUGS-3085 - [IPI-BareMetal]: Dual stack deployment failed on BootStrap stage
OCPBUGS-3093 - The control plane should tag AWS security groups at creation
OCPBUGS-3096 - The terraform binaries shipped by the installer are not statically linked
OCPBUGS-3109 - Change text colour for ConsoleNotification that notifies user that the cluster is being
OCPBUGS-3114 - CNO reporting incorrect status
OCPBUGS-3123 - Operator attempts to render both GA and Tech Preview API Extensions
OCPBUGS-3127 - nodeip-configuration retries forever on network failure, blocking ovs-configuration, spamming syslog
OCPBUGS-3168 - Add Capacity button does not exist after upgrade OCP version [OCP4.11->OCP4.12]
OCPBUGS-3172 - Console shouldn't try to install dynamic plugins if permissions aren't available
OCPBUGS-3180 - Regression in ptp-operator conformance tests
OCPBUGS-3186 - [ibmcloud] unclear error msg when zones is not match with the Subnets in BYON install
OCPBUGS-3192 - [4.8][OVN] RHEL 7.9 DHCP worker ovs-configuration fails
OCPBUGS-3195 - Service-ca controller exits immediately with an error on sigterm
OCPBUGS-3206 - [sdn2ovn] Migration failed in vsphere cluster
OCPBUGS-3207 - SCOS build fails due to pinned kernel
OCPBUGS-3214 - Installer does not always add router CA to kubeconfig
OCPBUGS-3228 - Broken secret created while starting a Pipeline
OCPBUGS-3235 - Topology gets stuck loading
OCPBUGS-3245 - ovn-kubernetes ovnkube-master containers crashlooping after 4.11.0-0.okd-2022-10-15-073651 update
OCPBUGS-3248 - CVE-2022-27191 ose-installer-container: golang: crash in a golang.org/x/crypto/ssh server [openshift-4]
OCPBUGS-3253 - No warning when using wait-for vs. agent wait-for commands
OCPBUGS-3272 - Unhealthy Readiness probe failed message failing CI when ovnkube DBs are still coming up
OCPBUGS-3275 - No-op: Unable to retrieve machine from node "xxx": expecting one machine for node xxx got: []
OCPBUGS-3277 - Install failure in create-cluster-and-infraenv.service
OCPBUGS-3278 - Shouldn't need to put host data in platform baremetal section in installconfig
OCPBUGS-3280 - Install ends in preparing-failed due to container-images-available validation
OCPBUGS-3283 - remove unnecessary RBAC in KCM
OCPBUGS-3292 - DaemonSet "/openshift-network-diagnostics/network-check-target" is not available
OCPBUGS-3314 - 'gitlab.secretReference' disappears when the buildconfig is edited on ?From View?
OCPBUGS-3316 - Branch name should sanitised to match actual github branch name in repository plr list
OCPBUGS-3320 - New master will be created if add duplicated failuredomains in controlplanemachineset
OCPBUGS-3331 - Update dependencies in CMO release 4.13
OCPBUGS-3334 - Console should be using v1 apiVersion for ConsolePlugin model
OCPBUGS-3337 - revert "force cert rotation every couple days for development" in 4.12
OCPBUGS-3338 - Environment cannot find Python
OCPBUGS-3358 - Revert BUILD-407
OCPBUGS-3372 - error message is too generic when creating a silence with end time before start
OCPBUGS-3373 - cluster-monitoring-view user can not list servicemonitors on "Observe -> Targets" page
OCPBUGS-3377 - CephCluster and StorageCluster resources use the same paths
OCPBUGS-3381 - Make ovnkube-trace work on hypershift deployments
OCPBUGS-3382 - Unable to configure cluster-wide proxy
OCPBUGS-3391 - seccomp profile unshare.json missing from nodes
OCPBUGS-3395 - Event Source is visible without even creating knative-eventing and knative-serving.
OCPBUGS-3404 - IngressController.spec.nodePlacement.nodeSelector.matchExpressions does not work
OCPBUGS-3414 - Missing 'ImageContentSourcePolicy' and 'CatalogSource' in the oci fbc feature implementation
OCPBUGS-3424 - Azure Disk CSI Driver Operator gets degraded without "CSISnapshot" capability
OCPBUGS-3426 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13
OCPBUGS-3427 - Skip broken [sig-devex][Feature:ImageEcosystem] tests
OCPBUGS-3438 - cloud-network-config-controller not using proxy settings of the management cluster
OCPBUGS-3440 - Authentication operator doesn't respond to console being enabled
OCPBUGS-3441 - Update cluster-authentication-operator not to go degraded without console
OCPBUGS-3444 - [4.13] Descheduler pod is OOM killed when using descheduler-operator profiles on big clusters
OCPBUGS-3456 - track rhcos-4.12 branch for fedora-coreos-config submodule
OCPBUGS-3458 - Surface ClusterVersion RetrievedUpdates condition messages
OCPBUGS-3465 - IBM operator needs deployment manifest fixes
OCPBUGS-3473 - Allow listing crio and kernel versions in machine-os components
OCPBUGS-3476 - Show Tag label and tag name if tag is detected in repository PipelineRun list and details page
OCPBUGS-3480 - Baremetal Provisioning fails on HP Gen9 systems due to eTag handling
OCPBUGS-3499 - Route CRD validation behavior must be the same as openshift-apiserver behavior
OCPBUGS-3501 - Route CRD host-assignment behavior must be the same as openshift-apiserver behavior
OCPBUGS-3502 - CRD-based and openshift-apiserver-based Route validation/defaulting must use the shared implementation
OCPBUGS-3508 - masters repeatedly losing connection to API and going NotReady
OCPBUGS-3524 - The storage account for the CoreOS image is publicly accessible when deploying fully private cluster on Azure
OCPBUGS-3526 - oc fails to extract layers that set xattr on Darwin
OCPBUGS-3539 - [OVN-provider]loadBalancer svc with monitors not working
OCPBUGS-3612 - [IPI] Baremetal ovs-configure.sh script fails to start secondary bridge br-ex1
OCPBUGS-3621 - EUS upgrade stuck on worker pool update: error running skopeo inspect --no-tags
OCPBUGS-3648 - Container security operator Image Manifest Vulnerabilities encounters runtime errors under some circumstances
OCPBUGS-3659 - Expose AzureDisk metrics port over HTTPS
OCPBUGS-3662 - don't enforce PSa in 4.12
OCPBUGS-3667 - PTP 4.12 Regression - CLOCK REALTIME status is locked when physical interface is down
OCPBUGS-3668 - 4.12.0-rc.0 fails to deploy on VMware IPI
OCPBUGS-3676 - After node's reboot some pods fail to start - deleteLogicalPort failed for pod cannot delete GR SNAT for pod
OCPBUGS-3693 - Router e2e: drop template.openshift.io apigroup dependency
OCPBUGS-3709 - Special characters in subject name breaks prefilling role binding form
OCPBUGS-3713 - [vsphere-problem-detector] fully qualified username must be used when checking permissions
OCPBUGS-3714 - 'oc adm upgrade ...' should expose ClusterVersion Failing=True
OCPBUGS-3739 - Pod stuck in containerCreating state when the node on which it is running is Terminated
OCPBUGS-3744 - Egress router POD creation is failing while using openshift-sdn network plugin
OCPBUGS-3755 - Create Alertmanager silence form does not explain the new "Negative matcher" option
OCPBUGS-3761 - Consistent e2e test failure:Events.Events: event view displays created pod
OCPBUGS-3765 - [RFE] Add kernel-rpm-macros to DTK image
OCPBUGS-3771 - contrib/multicluster-environment.sh needs to be updated to work with ACM cluster proxy
OCPBUGS-3776 - Manage columns tooltip remains displayed after dialog is closed
OCPBUGS-3777 - [Dual Stack] ovn-ipsec crashlooping due to cert signing issues
OCPBUGS-3797 - [4.13] Bump OVS control plane to get "ovsdb/transaction.c: Refactor assess_weak_refs."
OCPBUGS-3822 - Cluster-admin cannot know whether operator is fully deleted or not after normal user trigger "Delete CSV"
OCPBUGS-3827 - CCM not able to remove a LB in ERROR state
OCPBUGS-3877 - RouteTargetReference missing default for "weight" in Route CRD v1 schema
OCPBUGS-3880 - [Ingress Node Firewall] Change the logo used for ingress node firewall operator
OCPBUGS-3883 - Hosted ovnkubernetes pods are not being spread among workers evenly
OCPBUGS-3896 - Console nav toggle button reports expanded in both expanded and not expanded states
OCPBUGS-3904 - Delete/Add a failureDomain in CPMS to trigger update cannot work right on GCP
OCPBUGS-3909 - Node is degraded when a machine config deploys a unit with content and mask=true
OCPBUGS-3916 - expr for SDNPodNotReady is wrong due to there is not node label for kube_pod_status_ready
OCPBUGS-3919 - Azure: unable to configure EgressIP if an ASG is set
OCPBUGS-3921 - Openshift-install bootstrap operation cannot find a cloud defined in clouds.yaml in the current directory
OCPBUGS-3923 - [CI] cluster-monitoring-operator produces more watch requests than expected
OCPBUGS-3924 - Remove autoscaling/v2beta2 in 4.12 and later
OCPBUGS-3929 - Use flowcontrol/v1beta2 for apf manifests in 4.13
OCPBUGS-3931 - When all extensions are installed, "libkadm5" rpm package is duplicated in the rpm -q command
OCPBUGS-3933 - Fails to deprovision cluster when swift omits 'content-type'
OCPBUGS-3945 - Handle 0600 kubeconfig
OCPBUGS-3951 - Dynamic plugin extensions disappear from the UI when a codeRef fails to load
OCPBUGS-3960 - Use kernel-rt from ose repo
OCPBUGS-3965 - must-gather namespace should have ?privileged? warn and audit pod security labels besides enforce
OCPBUGS-3973 - [SNO] csi-snapshot-controller CO is degraded when upgrade from 4.12 to 4.13 and reports permissions issue.
OCPBUGS-3974 - CIRO panics when suspended flag is nil
OCPBUGS-3975 - "Failed to open directory, disabling udev device properties" in node-exporter logs
OCPBUGS-3978 - AWS EBS CSI driver operator is degraded without "CSISnapshot" capability
OCPBUGS-3985 - Allow PSa enforcement in 4.13 by using featuresets
OCPBUGS-3987 - Some nmstate validations are skipped when NM config is in agent-config.yaml
OCPBUGS-3990 - HyperShift control plane operators have wrong priorityClass
OCPBUGS-3993 - egressIP annotation including two interfaces when multiple networks
OCPBUGS-4000 - fix operator naming convention
OCPBUGS-4008 - Console deployment does not roll out when managed cluster configmap is updated
OCPBUGS-4012 - Disabled Serverless add actions should not be displayed in topology menu
OCPBUGS-4026 - Endless rerender loop and a stuck browser on the add and topology page when SBO is installed
OCPBUGS-4047 - [CI-Watcher] e2e test flake: Create key/value secrets Validate a key/value secret
OCPBUGS-4049 - MCO reconcile fails if user replace the pull secret to empty one
OCPBUGS-4052 - [ALBO] OpenShift Load Balancer Operator does not properly support cluster wide proxy
OCPBUGS-4054 - cluster-ingress-operator's configurable-route controller's startup is noisy
OCPBUGS-4089 - Kube-State-metrics pod fails to start due to panic
OCPBUGS-4090 - OCP on OSP - Image registry is deployed with cinder instead of swift storage backend
OCPBUGS-4101 - Empty/missing node-sizing SYSTEM_RESERVED_ES parameter can result in kubelet not starting
OCPBUGS-4110 - Form footer buttons are misaligned in web terminal form
OCPBUGS-4119 - Random SYN drops in OVS bridges of OVN-Kubernetes
OCPBUGS-4166 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13
OCPBUGS-4168 - Prometheus continuously restarts due to slow WAL replay
OCPBUGS-4173 - vsphere-problem-detector should re-check passwords after change
OCPBUGS-4181 - Prometheus and Alertmanager incorrect ExternalURL configured
OCPBUGS-4184 - Use mTLS authentication for all monitoring components instead of bearer token
OCPBUGS-4203 - Unnecessary padding around alert atop debug pod terminal
OCPBUGS-4206 - getContainerStateValue contains incorrectly internationalized text
OCPBUGS-4207 - Remove debug level logging on openshift-config-operator
OCPBUGS-4219 - Add runbook link to PrometheusRuleFailures
OCPBUGS-4225 - [4.13] boot sequence override request fails with Base.1.8.PropertyNotWritable on Lenovo SE450
OCPBUGS-4232 - CNCC: Wrong log format for Azure locking
OCPBUGS-4245 - L2 does not work if a metallb is not able to listen to arp requests on a single interface
OCPBUGS-4252 - Node Terminal tab results in error
OCPBUGS-4253 - Add PodNetworkConnectivityCheck for must-gather
OCPBUGS-4266 - crio.service should use a more safe restart policy to provide recoverability against concurrency issues
OCPBUGS-4279 - Custom Victory-Core components in monitoring ui code causing build issues
OCPBUGS-4280 - Return 0 when oc import-image failed
OCPBUGS-4282 - [IR-269]Can't pull sub-manifest image using imagestream of manifest list
OCPBUGS-4291 - [OVN]Sometimes after reboot egress node, egress IP cannot be applied anymore.
OCPBUGS-4293 - Specify resources.requests for operator pod
OCPBUGS-4298 - Specify resources.requests for operator pod
OCPBUGS-4302 - Specify resources.requests for operator pod
OCPBUGS-4305 - [4.13] Improve ironic logging configuration in metal3
OCPBUGS-4317 - [IBM][4.13][Snapshot] restore size in snapshot is not the same size of pvc request size
OCPBUGS-4328 - Update installer images to be consistent with ART
OCPBUGS-434 - After FIPS enabled in S390X, ingress controller in degraded state
OCPBUGS-4343 - Use flowcontrol/v1beta3 for apf manifests in 4.13
OCPBUGS-4347 - set TLS cipher suites in Kube RBAC sidecars
OCPBUGS-4350 - CNO in HyperShift reports upgrade complete in clusteroperator prematurely
OCPBUGS-4352 - [RHOCP] HPA shows different API versions in web console
OCPBUGS-4357 - Bump samples operator k8s dep to 1.25.2
OCPBUGS-4359 - cluster-dns-operator corrupts /etc/hosts when fs full
OCPBUGS-4367 - Debug log messages missing from output and Info messages malformed
OCPBUGS-4377 - Service name search ability while creating the Route from console
OCPBUGS-4401 - limit cluster-policy-controller RBAC permissions
OCPBUGS-4411 - ovnkube node pod crashed after converting to a dual-stack cluster network
OCPBUGS-4417 - ip-reconciler removes the overlappingrangeipreservations whether the pod is alive or not
OCPBUGS-4425 - Egress FW ACL rules are invalid in dualstack mode
OCPBUGS-4447 - [MetalLB Operator] The CSV needs an update to reflect the correct version of operator
OCPBUGS-446 - Cannot Add a project from DevConsole in airgap mode using git importing
OCPBUGS-4483 - apply retry logic to ovnk-node controllers
OCPBUGS-4490 - hypershift: csi-snapshot-controller uses wrong kubeconfig
OCPBUGS-4491 - hypershift: aws-ebs-csi-driver-operator uses wrong kubeconfig
OCPBUGS-4492 - [4.13] The property TransferProtocolType is required for VirtualMedia.InsertMedia
OCPBUGS-4502 - [4.13] [OVNK] Add support for service session affinity timeout
OCPBUGS-4516 - oc-mirror does not work as expected relative path for OCI format copy
OCPBUGS-4517 - Better to detail the --command-os of mac for oc adm release extract command
OCPBUGS-4521 - all kubelet targets are down after a few hours
OCPBUGS-4524 - Hold lock when deleting completed pod during update event
OCPBUGS-4525 - Don't log in iterateRetryResources when there are no retry entries
OCPBUGS-4535 - There is no 4.13 gcp-filestore-csi-driver-operator version for test
OCPBUGS-4536 - Image registry panics while deploying OCP in eu-south-2 AWS region
OCPBUGS-4537 - Image registry panics while deploying OCP in eu-central-2 AWS region
OCPBUGS-4538 - Image registry panics while deploying OCP in ap-south-2 AWS region
OCPBUGS-4541 - Azure: remove deprecated ADAL
OCPBUGS-4546 - CVE-2021-38561 ose-installer-container: golang: out-of-bounds read in golang.org/x/text/language leads to DoS [openshift-4]
OCPBUGS-4549 - Azure: replace deprecated AD Graph API
OCPBUGS-4550 - [CI] console-operator produces more watch requests than expected
OCPBUGS-4571 - The operator recommended namespace is incorrect after change installation mode to "A specific namespace on the cluster"
OCPBUGS-4574 - Machine stuck in no phase when creating in a nonexistent zone and stuck in Deleting when deleting on GCP
OCPBUGS-463 - OVN-Kubernetes should not send IPs with leading zeros to OVN
OCPBUGS-4630 - Bump documentationBaseURL to 4.13
OCPBUGS-4635 - [OCP 4.13] ironic container images have old packages
OCPBUGS-4638 - Support RHOBS monitoring for HyperShift in CNO
OCPBUGS-4652 - Fixes for RHCOS 9 based on RHEL 9.0
OCPBUGS-4654 - Azure: UPI: Fix storage arm template to work with Galleries and MAO
OCPBUGS-4659 - Network Policy executes duplicate transactions for every pod update
OCPBUGS-4684 - In DeploymentConfig both the Form view and Yaml view are not in sync
OCPBUGS-4689 - SNO not able to bring up Provisioning resource in 4.11.17
OCPBUGS-4691 - Topology sidebar actions doesn't show the latest resource data
OCPBUGS-4692 - PTP operator: Use priority class node critical
OCPBUGS-4700 - read-only update UX: confusing "Update blocked" pop-up
OCPBUGS-4701 - read-only update UX: confusing "Control plane is hosted" banner
OCPBUGS-4703 - Router can migrate to use LivenessProbe.TerminationGracePeriodSeconds
OCPBUGS-4712 - ironic-proxy daemonset not deleted when provisioningNetwork is changed from Disabled to Managed/Unmanaged
OCPBUGS-4724 - [4.13] egressIP annotations not present on OpenShift on Openstack multiAZ installation
OCPBUGS-4725 - mapi_machinehealthcheck_short_circuit not properly reconciling causing MachineHealthCheckUnterminatedShortCircuit alert to fire
OCPBUGS-4746 - Removal of detection of host kubelet kubeconfig breaks IBM Cloud ROKS
OCPBUGS-4756 - OLM generates invalid component selector labels
OCPBUGS-4757 - Revert Catalog PSA decisions for 4.13 (OLM)
OCPBUGS-4758 - Revert Catalog PSA decisions for 4.13 (Marketplace)
OCPBUGS-4769 - Old AWS boot images vs. 4.12: unknown provider 'ec2'
OCPBUGS-4780 - Update openshift/builder release-4.13 to go1.19
OCPBUGS-4781 - Get Helm Release seems to be using List Releases api
OCPBUGS-4793 - CMO may generate Kubernetes events with a wrong object reference
OCPBUGS-4802 - Update formatting with gofmt for go1.19
OCPBUGS-4825 - Pods completed + deleted may leak
OCPBUGS-4827 - Ingress Controller is missing a required AWS resource permission for SC2S region us-isob-east-1
OCPBUGS-4873 - openshift-marketplace namespace missing "audit-version" and "warn-version" PSA label
OCPBUGS-4874 - Baremetal host data is still sometimes required
OCPBUGS-4883 - Default Git type to other info alert should get remove after changing the git type
OCPBUGS-4894 - Disabled Serverless add actions should not be displayed for Knative Service
OCPBUGS-4899 - coreos-installer output not available in the logs
OCPBUGS-4900 - Volume limits test broken on AWS and GCP TechPreview clusters
OCPBUGS-4906 - Cross-namespace template processing is not being tested
OCPBUGS-4909 - Can't reach own service when egress netpol are enabled
OCPBUGS-4913 - Need to wait longer for VM to obtain IP from DHCP
OCPBUGS-4941 - Fails to deprovision cluster when swift omits 'content-type' and there are empty containers
OCPBUGS-4950 - OLM K8s Dependencies should be at 1.25
OCPBUGS-4954 - [IBMCloud] COS Reclamation prevents ResourceGroup cleanup
OCPBUGS-4955 - Bundle Unpacker Using "Always" ImagePullPolicy for digests
OCPBUGS-4969 - ROSA Machinepool EgressIP Labels Not Discovered
OCPBUGS-4975 - Missing translation in ceph storage plugin
OCPBUGS-4986 - precondition: Do not claim warnings would have blocked
OCPBUGS-4997 - Agent ISO does not respect proxy settings
OCPBUGS-5001 - MachineConfigControllerPausedPoolKubeletCA should have a working runbook URI
OCPBUGS-501 - oc get dc fails when AllRequestBodies audit-profile is set in apiserver
OCPBUGS-5010 - Should always delete the must-gather pod when run the must-gather
OCPBUGS-5016 - Editing Pipeline in the ocp console to get information error
OCPBUGS-5018 - Upgrade from 4.11 to 4.12 with Windows machine workers (Spot Instances) failing due to: hcnCreateEndpoint failed in Win32: The object already exists.
OCPBUGS-5036 - Cloud Controller Managers do not react to changes in configuration leading to assorted errors
OCPBUGS-5045 - unit test data race with egress ip tests
OCPBUGS-5068 - [4.13] virtual media provisioning fails when iLO Ironic driver is used
OCPBUGS-5073 - Connection reset by peer issue with SSL OAuth Proxy when route objects are created more than 80.
OCPBUGS-5079 - [CI Watcher] pull-ci-openshift-console-master-e2e-gcp-console jobs: Process did not finish before 4h0m0s timeout
OCPBUGS-5085 - Should only show the selected catalog when after apply the ICSP and catalogsource
OCPBUGS-5101 - [GCP] [capi] Deletion of cluster is happening , it shouldn't be allowed
OCPBUGS-5116 - machine.openshift.io API is not supported in Machine API webhooks
OCPBUGS-512 - Permission denied when write data to mounted gcp filestore volume instance
OCPBUGS-5124 - kubernetes-nmstate does not pass CVP tests in 4.12
OCPBUGS-5136 - provisioning on ilo4-virtualmedia BMC driver fails with error: "Creating vfat image failed: Unexpected error while running command"
OCPBUGS-5140 - [alibabacloud] IPI install got bootstrap failure and without any node ready, due to enforced EIP bandwidth 5 Mbit/s
OCPBUGS-5151 - Installer - provisioning interface on master node not getting ipv4 dhcp ip address from bootstrap dhcp server on OCP IPI BareMetal install
OCPBUGS-5164 - Add support for API version v1beta1 for knativeServing and knativeEventing
OCPBUGS-5165 - Dev Sandbox clusters uses clusterType OSD and there is no way to enforce DEVSANDBOX
OCPBUGS-5182 - [azure] Fail to create master node with vm size in family ECIADSv5 and ECIASv5
OCPBUGS-5184 - [azure] Fail to create master node with vm size in standardNVSv4Family
OCPBUGS-5188 - Wrong message in MCCDrainError alert
OCPBUGS-5234 - [azure] Azure Stack Hub (wwt) UPI installation failed to scale up worker nodes using machinesets
OCPBUGS-5235 - mapi_instance_create_failed metric cannot work when set acceleratedNetworking: true on Azure
OCPBUGS-5269 - remove unnecessary RBAC in KCM: file removal
OCPBUGS-5275 - remove unnecessary RBAC in OCM
OCPBUGS-5287 - Bug with Red Hat Integration - 3scale - Managed Application Services causes operator-install-single-namespace.spec.ts to fail
OCPBUGS-5292 - Multus: Interface name contains an invalid character / [ocp 4.13]
OCPBUGS-5300 - WriteRequestBodies audit profile records routes/status events at RequestResponse level
OCPBUGS-5306 - One old machine stuck in Deleting and many co get degraded when doing master replacement on the cluster with OVN network
OCPBUGS-5346 - Reported vSphere Connection status is misleading
OCPBUGS-5347 - Clusteroperator Available condition is updated every 2 mins when operator is disabled
OCPBUGS-5353 - Dashboard graph should not be stacked - Kubernetes / Compute Resources / Pod Dashboard
OCPBUGS-5410 - [AWS-EBS-CSI-Driver] provision volume using customer kms key couldn't restore its snapshot successfully
OCPBUGS-5423 - openshift-marketplace pods cause PodSecurityViolation alert to fire
OCPBUGS-5428 - Many plugin SDK extension docs are missing descriptions
OCPBUGS-5432 - Downstream Operator-SDK v1.25.1 to OCP 4.13
OCPBUGS-5458 - wal: max entry size limit exceeded
OCPBUGS-5465 - Context Deadline exceeded when PTP service is disabled from the switch
OCPBUGS-5466 - Default CatalogSource aren't always reverted to default settings
OCPBUGS-5492 - CI "[Feature:bond] should create a pod with bond interface" fail for MTU migration jobs
OCPBUGS-5497 - MCDRebootError alarm disappears after 15 minutes
OCPBUGS-5498 - Host inventory quick start for OCP
OCPBUGS-5505 - Upgradeability check is throttled too much and with unnecessary non-determinism
OCPBUGS-5508 - Report topology usage in vSphere environment via telemetry
OCPBUGS-5517 - [Azure/ARO] Update Azure SDK to v63.1.0+incompatible
OCPBUGS-5520 - MCDPivotError alert fires due temporary transient failures
OCPBUGS-5523 - Catalog, fatal error: concurrent map read and map write
OCPBUGS-5524 - Disable vsphere intree tests that exercise multiple tests
OCPBUGS-5534 - [UI] When OCP and ODF are upgraded, refresh web console pop-up doesn't appear after ODF upgrade resulting in dashboard crash
OCPBUGS-5540 - Typo in WTO for Milliseconds
OCPBUGS-5542 - Project dropdown order is not as smart as project list page order
OCPBUGS-5546 - Machine API Provider Azure should not modify the Machine spec
OCPBUGS-5547 - Webhook Secret (1 of 2) is not removed when Knative Service is deleted
OCPBUGS-5559 - add default noProxy config for Azure
OCPBUGS-5733 - [Openshift Pipelines] Description of parameters are not shown in pipelinerun description page
OCPBUGS-5734 - Azure: VIP 168.63.129.16 should be noProxy to all clouds except Public
OCPBUGS-5736 - The main section of the page will keep loading after normal user login
OCPBUGS-5759 - Deletion of BYOH Windows node hangs in Ready,SchedulingDisabled
OCPBUGS-5802 - update sprig to v3 in cno
OCPBUGS-5836 - Incorrect redirection when user try to download windows oc binary
OCPBUGS-5842 - executes /host/usr/bin/oc
OCPBUGS-5851 - [CI-Watcher]: Using OLM descriptor components deletes operand
OCPBUGS-5873 - etcd_object_counts is deprecated and replaced with apiserver_storage_objects, causing "etcd Object Count" dashboard to only show OpenShift resources
OCPBUGS-5888 - Failed to install 4.13 ocp on SNO with "error during syncRequiredMachineConfigPools"
OCPBUGS-5891 - oc-mirror heads-only does not work with target name
OCPBUGS-5903 - gather default ingress controller definition
OCPBUGS-5922 - [2047299 Jira placeholder] nodeport not reachable port connection timeout
OCPBUGS-5939 - revert "force cert rotation every couple days for development" in 4.13
OCPBUGS-5948 - Runtime error using API Explorer with AdmissionReview resource
OCPBUGS-5949 - oc --icsp mapping scope does not match openshift icsp mapping scope
OCPBUGS-5959 - [4.13] Bootimage bump tracker
OCPBUGS-5988 - Degraded etcd on assisted-installer installation- bootstrap etcd is not removed properly
OCPBUGS-5991 - Kube APIServer panics in admission controller
OCPBUGS-5997 - Add Git Repository form shows empty permission content and non-working help link until a git url is entered
OCPBUGS-6004 - apiserver pods cannot reach etcd on single node IPv6 cluster: transport: authentication handshake failed: x509: certificate is valid for ::1, 127.0.0.1, ::1, fd69::2, not 2620:52:0:198::10"
OCPBUGS-6011 - openshift-client package has wrong version of kubectl bundled
OCPBUGS-6018 - The MCO can generate a rendered config with old KubeletConfig contents, blocking upgrades
OCPBUGS-6026 - cannot change /etc folder ownership inside pod
OCPBUGS-6033 - metallb 4.12.0-202301042354 (OCP 4.12) refers to external image
OCPBUGS-6049 - Do not show UpdateInProgress when status is Failing
OCPBUGS-6053 - availableUpdates: null results in run-time error on Cluster Settings page
OCPBUGS-6055 - thanos-ruler-user-workload-1 pod is getting repeatedly re-created after upgrade do 4.10.41
OCPBUGS-6063 - PVs(vmdk) get deleted when scaling down machineSet with vSphere IPI
OCPBUGS-6089 - Unnecessary event reprocessing
OCPBUGS-6092 - ovs-configuration.service fails - Error: Connection activation failed: No suitable device found for this connection
OCPBUGS-6097 - CVO hotloops on ImageStream and logs the information incorrectly
OCPBUGS-6098 - Show Git icon and URL in repository link in PLR details page should be based on the git provider
OCPBUGS-6101 - Daemonset is not upgraded after operator upgrade
OCPBUGS-6175 - Image registry Operator does not use Proxy when connecting to openstack
OCPBUGS-6185 - Update 4.13 ose-cluster-config-operator image to be consistent with ART
OCPBUGS-6187 - Update 4.13 openshift-state-metrics image to be consistent with ART
OCPBUGS-6189 - Update 4.13 ose-cluster-authentication-operator image to be consistent with ART
OCPBUGS-6191 - Update 4.13 ose-network-metrics-daemon image to be consistent with ART
OCPBUGS-6197 - Update 4.13 ose-openshift-apiserver image to be consistent with ART
OCPBUGS-6201 - Update 4.13 openshift-enterprise-pod image to be consistent with ART
OCPBUGS-6202 - Update 4.13 ose-cluster-kube-apiserver-operator image to be consistent with ART
OCPBUGS-6213 - Update 4.13 ose-machine-config-operator image to be consistent with ART
OCPBUGS-6222 - Update 4.13 ose-alibaba-cloud-csi-driver image to be consistent with ART
OCPBUGS-6228 - Update 4.13 coredns image to be consistent with ART
OCPBUGS-6231 - Update 4.13 ose-kube-storage-version-migrator image to be consistent with ART
OCPBUGS-6232 - Update 4.13 marketplace-operator image to be consistent with ART
OCPBUGS-6233 - Update 4.13 ose-cluster-openshift-apiserver-operator image to be consistent with ART
OCPBUGS-6234 - Update 4.13 ose-cluster-bootstrap image to be consistent with ART
OCPBUGS-6235 - Update 4.13 cluster-network-operator image to be consistent with ART
OCPBUGS-6238 - Update 4.13 oauth-server image to be consistent with ART
OCPBUGS-6240 - Update 4.13 ose-cluster-kube-storage-version-migrator-operator image to be consistent with ART
OCPBUGS-6241 - Update 4.13 operator-lifecycle-manager image to be consistent with ART
OCPBUGS-6247 - Update 4.13 ose-cluster-ingress-operator image to be consistent with ART
OCPBUGS-6262 - Add more logs to "oc extract" in mco-first boot service
OCPBUGS-6265 - When installing SNO with bootstrap in place it takes CVO 6 minutes to acquire the leader lease
OCPBUGS-6270 - Irrelevant vsphere platform data is required
OCPBUGS-6272 - E2E tests: Entire pipeline flow from Builder page Start the pipeline with workspace
OCPBUGS-631 - machineconfig service is failed to start because Podman storage gets corrupted
OCPBUGS-6486 - Image upload fails when installing cluster
OCPBUGS-6503 - admin ack test nondeterministically does a check post-upgrade
OCPBUGS-6504 - IPI Baremetal Master Node in DualStack getting fd69:: address randomly, OVN CrashLoopBackOff
OCPBUGS-6507 - Don't retry network policy peer pods if ips couldn't be fetched
OCPBUGS-6577 - Node-exporter NodeFilesystemAlmostOutOfSpace alert exception needed
OCPBUGS-6610 - Developer - Topology : 'Filter by resource' drop-down i18n misses
OCPBUGS-6621 - Image registry panics while deploying OCP in ap-southeast-4 AWS region
OCPBUGS-6624 - Issue deploying the master node with IPI
OCPBUGS-6634 - Let the console able to build on other architectures and compatible with prow builds
OCPBUGS-6646 - Ingress node firewall CI is broken with latest
OCPBUGS-6647 - User Preferences - Applications : Resource type drop-down i18n misses
OCPBUGS-6651 - Nodes unready in PublicAndPrivate / Private Hypershift setups behind a proxy
OCPBUGS-6660 - Uninstall Operator? modal instructions always reference optional checkbox
OCPBUGS-6663 - Platform baremetal warnings during create image when fields not defined
OCPBUGS-6682 - [OVN] ovs-configuration vSphere vmxnet3 allmulti workaround is now permanent
OCPBUGS-6698 - Fix conflict error message in cluster-ingress-operator's ensureNodePortService
OCPBUGS-6700 - Cluster-ingress-operator's updateIngressClass function logs success message when error
OCPBUGS-6701 - The ingress-operator spuriously updates ingressClass on startup
OCPBUGS-6714 - Traffic from egress IPs was interrupted after Cluster patch to Openshift 4.10.46
OCPBUGS-672 - Redhat-operators are failing regularly due to startup probe timing out which in turn increases CPU/Mem usage on Master nodes
OCPBUGS-6722 - s390x: failed to generate asset "Image": multiple "disk" artifacts found
OCPBUGS-6730 - Pod latency spikes are observed when there is a compaction/leadership transfer
OCPBUGS-6731 - Gathered Environment variables (HTTP_PROXY/HTTPS_PROXY) may contain sensible information and should be obfuscated
OCPBUGS-6741 - opm fails to serve FBC if cachedir not provided
OCPBUGS-6757 - Pipeline Repository (Pipeline-as-Code) list page shows an empty Event type column
OCPBUGS-6760 - Couldn't update/delete cpms on gcp private cluster
OCPBUGS-6762 - Enhance the user experience for the name-filter-input on Metrics target page
OCPBUGS-6765 - "Delete dependent objects of this resource" might cause confusions
OCPBUGS-6777 - [gcp][CORS-1988] "create manifests" without an existing "install-config.yaml" missing 4 YAML files in "/openshift" which leads to "create cluster" failure
OCPBUGS-6781 - gather Machine objects
OCPBUGS-6797 - Empty IBMCOS storage config causes operator to crashloop
OCPBUGS-6799 - Repositories list does not show the running pipelinerun as last pipelinerun
OCPBUGS-6809 - Uploading large layers fails with "blob upload invalid"
OCPBUGS-6811 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13
OCPBUGS-6821 - Update NTO images to be consistent with ART
OCPBUGS-6832 - Include openshift_apps_deploymentconfigs_strategy_total to recent_metrics
OCPBUGS-6893 - Dev console doesn't finish loading for users with limited access
OCPBUGS-6902 - 4.13-e2e-metal-ipi-upgrade-ovn-ipv6 on permafail
OCPBUGS-6917 - MultinetworkPolicy: unknown service runtime.v1alpha2.RuntimeService
OCPBUGS-6925 - Update OWNERS_ALIASES in release-4.13 branch
OCPBUGS-6945 - OS Release reports incorrect version ID
OCPBUGS-6953 - ovnkube-master panic nil deref
OCPBUGS-6955 - panic in an ovnkube-master pod
OCPBUGS-6962 - 'agent_installer' invoker not showing up in telemetry
OCPBUGS-6977 - pod-identity-webhook replicas=2 is failing single node jobs
OCPBUGS-6978 - Index violation on IGMP_Group during upgrade from 4.12.0 to 4.12.1
OCPBUGS-6994 - All Clusters perspective is not activated automatically when ACM is installed
OCPBUGS-702 - The caBundle field of alertmanagerconfigs.monitoring.coreos.com crd is getting removed
OCPBUGS-7031 - Pipelines repository list and creation form doesn't show Tech Preview status
OCPBUGS-7090 - Add to navigation button in search result does nothing
OCPBUGS-7102 - OLM downstream utest fails due to new release-XX+1 branch creation
OCPBUGS-7106 - network-tools needs to be updated to give ovn-k master leader info
OCPBUGS-7118 - OCP 4.12 does not support launching SGX enclaves
OCPBUGS-7144 - On mobile screens, At pipeline details page the info alert on metrics tab is not showing correctly
OCPBUGS-7149 - IPv6 multinode spoke no moving from rebooting/configuring stage
OCPBUGS-7173 - [OVN] DHCP timeouts on Azure arm64, install fails
OCPBUGS-7180 - [4.13] Bootimage bump tracker
OCPBUGS-7186 - [gcp][CORS-2424] with "secureBoot" enabled, after deleting control-plane machine, the new machine is created with "enableSecureBoot" being False unexpectedly
OCPBUGS-7195 - [CI-Watcher] e2e issue with tests: Create Samples Page Timeout Error
OCPBUGS-7199 - [CI-Watcher] e2e issue with tests: Interacting with CatalogSource page
OCPBUGS-7204 - Manifests generated to multiple "results-xxx" folders when using the oci feature with OCI and nonOCI catalogs
OCPBUGS-7207 - MTU migration configuration is cleaned up prematurely while in progress
OCPBUGS-723 - ClusterResourceQuota values are not reflecting.
OCPBUGS-7268 - [4.13] Modify the PSa pod extractor to mutate pod controller pod specs
OCPBUGS-7284 - Hypershift failing new SCC conformance tests
OCPBUGS-7291 - ptp keeps trying to start phc2sys even if it's configured as empty string in phc2sysOpts
OCPBUGS-7293 - RHCOS 9.2 Failing to Bootstrap on Metal, OpenStack, vSphere (all baremetal runtime platforms)
OCPBUGS-7300 - aws-ebs-csi-driver-operator crash loops with HC proxy configured
OCPBUGS-7301 - Not possible to use certain start addresses in whereabouts IPv6 range [Backport 4.13]
OCPBUGS-7308 - Download kubeconfig for ServiceAccount returns error
OCPBUGS-7354 - Installation failed on Azure SDN as network is degraded
OCPBUGS-7356 - Default channel on OCP 4.13 should be stable-4.13
OCPBUGS-7359 - [Azure] Replace master failed as new master did not add into lb backend
OCPBUGS-736 - Kuryr uses default MTU for service network
OCPBUGS-7366 - [gcp] New machine stuck in Provisioning when delete one zone from cpms on gcp with customer vpc
OCPBUGS-7372 - fail early on missing node status envs
OCPBUGS-7374 - set default timeouts in etcdcli
OCPBUGS-7391 - Monitoring operator long delay reconciling extension-apiserver-authentication
OCPBUGS-7399 - In the Edit application mode, the name of the added pipeline is not displayed anymore
OCPBUGS-7408 - AzureDisk CSI driver does not compile with cachito
OCPBUGS-7412 - gomod dependencies failures in 4.13-4.14 container builds
OCPBUGS-7417 - gomod dependencies failures in 4.13-4.14 container builds
OCPBUGS-7418 - Default values for Scaling fields is not set in Create Serverless function form
OCPBUGS-7419 - CVO delay when setting clusterversion available status to true
OCPBUGS-7421 - Missing i18n key for PAC section in Git import form
OCPBUGS-7424 - Bump cluster-ingress-operator to k8s APIs v0.26.1
OCPBUGS-7427 - dynamic-demo-plugin.spec.ts requires 10 minutes of unnecessary wait time
OCPBUGS-7438 - Egress service does not handle invalid nodeSelectors correctly
OCPBUGS-7482 - Fix handling of single failure-domain (non-tagged) deployments in vsphere
OCPBUGS-7483 - Hypershift installs on "platform: none" are broken
OCPBUGS-7488 - test flake: should not reconcile SC when state is Unmanaged
OCPBUGS-7495 - Platform type is ignored
OCPBUGS-7517 - Helm page crashes on old releases with a new Secret
OCPBUGS-7519 - NFS Storage Tests trigger Kernel Panic on Azure and Metal
OCPBUGS-7523 - Add new AWS regions for ROSA
OCPBUGS-7542 - Bump router to k8s APIs v0.26.1
OCPBUGS-7555 - Enable default sysctls for kubelet
OCPBUGS-7558 - Rebase coredns to 1.10.1
OCPBUGS-7563 - vSphere install can't complete with out-of-tree CCM
OCPBUGS-7579 - [azure] failed to parse client certificate when using certificate-based Service Principal with passpharse
OCPBUGS-7611 - PTPOperator config transportHost with AMQ is not detected
OCPBUGS-7616 - vSphere multiple in-tree test failures (non-zonal)
OCPBUGS-7617 - Azure Disk volume is taking time to attach/detach
OCPBUGS-7622 - vSphere UPI jobs failing with 'Managed cluster should have machine resources'
OCPBUGS-7648 - Bump cluster-dns-operator to k8s APIs v0.26.1
OCPBUGS-7689 - Project Admin is able to Label project with empty string in RHOCP 4
OCPBUGS-7696 - [ Azure ]not able to deploy machine with publicIp:true
OCPBUGS-7707 - /etc/NetworkManager/dispatcher.d needs to be relabeled during pivot from 8.6 to 9.2
OCPBUGS-7719 - Update to 4.13.0-ec.3 stuck on leaked MachineConfig
OCPBUGS-7729 - Remove ETCD liviness probe.
OCPBUGS-7731 - Need to cancel threads when agent-tui timeout is stopped
OCPBUGS-7733 - Afterburn fails on AWS/GCP clusters born in OCP 4.1/4.2
OCPBUGS-7743 - SNO upgrade from 4.12 to 4.13 rhel9.2 is broken cause of dnsmasq default config
OCPBUGS-7750 - fix gofmt check issue in network-metrics-daemon
OCPBUGS-7754 - ART having trouble building olm images
OCPBUGS-7774 - RawCNIConfig is printed in byte representation on failure, not human readable
OCPBUGS-7785 - migrate to using Lease for leader election
OCPBUGS-7806 - add "nfs-export" under PV details page
OCPBUGS-7809 - sg3_utils package is missing in the assisted-installer-agent Docker file
OCPBUGS-781 - ironic-proxy is using a deprecated field to fetch cluster VIP
OCPBUGS-7833 - Storage tests failing in no-capabilities job
OCPBUGS-7837 - hypershift: aws-ebs-csi-driver-operator uses guest cluster proxy causing PV provisioning failure
OCPBUGS-7860 - [azure] message is unclear when missing clientCertificatePassword in osServicePrincipal.json
OCPBUGS-7876 - [Descheduler] Enabling LifeCycleUtilization to test namespace filtering does not work
OCPBUGS-7879 - Devfile isn't be processed correctly on 'Add from git repo'
OCPBUGS-7896 - MCO should not add keepalived pod manifests in case of VSPHERE UPI
OCPBUGS-7899 - ODF Monitor pods failing to be bounded because timeout issue with thin-csi SC
OCPBUGS-7903 - Pool degraded with error: rpm-ostree kargs: signal: terminated
OCPBUGS-7909 - Baremetal runtime prepender creates /etc/resolv.conf mode 0600 and bad selinux context
OCPBUGS-794 - OLM version rule is not clear
OCPBUGS-7940 - apiserver panics in admission controller
OCPBUGS-7943 - AzureFile CSI driver does not compile with cachito
OCPBUGS-7970 - [E2E] Always close the filter dropdown in listPage.filter.by
OCPBUGS-799 - Reply packet for DNS conversation to service IP uses pod IP as source
OCPBUGS-8066 - Create Serverless Function form breaks if Pipeline Operator is not installed
OCPBUGS-8086 - Visual issues with listing items
OCPBUGS-8243 - [release 4.13] Gather Monitoring pods' Persistent Volumes
OCPBUGS-8308 - Bump openshift/kubernetes to 1.26.2
OCPBUGS-8312 - IPI on Power VS clusters cannot deploy MCO
OCPBUGS-8326 - Azure cloud provider should use Kubernetes 1.26 dependencies
OCPBUGS-8341 - Unable to set capabilities with agent installer based installation
OCPBUGS-8342 - create cluster-manifests fails when imageContentSources is missing
OCPBUGS-8353 - PXE support is incomplete
OCPBUGS-8381 - Console shows x509 error when requesting token from oauth endpoint
OCPBUGS-8401 - Bump openshift/origin to kube 1.26.2
OCPBUGS-8424 - ControlPlaneMachineSet: Machine's Node should be Ready to consider the Machine Ready
OCPBUGS-8445 - cgroups default setting in OCP 4.13 generates extra MachineConfig
OCPBUGS-8463 - OpenStack Failure domains as 4.13 TechPreview
OCPBUGS-8471 - [4.13] egress firewall only createas 1 acl for long namespace names
OCPBUGS-8475 - TestBoundTokenSignerController causes unrecoverable disruption in e2e-gcp-operator CI job
OCPBUGS-8481 - CAPI rebases 4.13 backports
OCPBUGS-8490 - agent-tui: display additional checks only when primary check fails
OCPBUGS-8498 - aws-ebs-csi-driver-operator ServiceAccount does not include the HCP pull-secret in its imagePullSecrets
OCPBUGS-8505 - [4.13] egress firewall acls are deleted on restart
OCPBUGS-8511 - [4.13+ ONLY] Don't use port 80 in bootstrap IPI bare metal
OCPBUGS-855 - When setting allowedRegistries urls the openshift-samples operator is degraded
OCPBUGS-859 - monitor not working with UDP lb when externalTrafficPolicy: Local
OCPBUGS-860 - CSR are generated with incorrect Subject Alternate Names
OCPBUGS-8699 - Metal IPI Install Rate Below 90%
OCPBUGS-8701 - oc patch project not working with OCP 4.12
OCPBUGS-8702 - OKD SCOS: remove workaround for rpm-ostree auth
OCPBUGS-8703 - fails to switch to kernel-rt with rhel 9.2
OCPBUGS-8710 - [4.13] don't enforce PSa in 4.13
OCPBUGS-8712 - AES-GCM encryption at rest is not supported by kube-apiserver-operator
OCPBUGS-8719 - Allow the user to scroll the content of the agent-tui details view
OCPBUGS-8741 - [4.13] Pods in same deployment will have different ability to query services in same namespace from one another; ocp 4.10
OCPBUGS-8742 - Origin tests should not specify readyz as the health check path
OCPBUGS-881 - fail to create install-config.yaml as apiVIP and ingressVIP are not in machine networks
OCPBUGS-8941 - Introduce tooltips for contextual information
OCPBUGS-904 - Alerts from MCO are missing namespace
OCPBUGS-9079 - ICMP fragmentation needed sent to pods behind a service don't seem to reach the pods
OCPBUGS-91 - [ExtDNS] New TXT record breaks downward compatibility by retroactively limiting record length
OCPBUGS-9132 - WebSCale: ovn logical router polices incorrect/l3 gw config not updated after IP change
OCPBUGS-9185 - Pod latency spikes are observed when there is a compaction/leadership transfer
OCPBUGS-9233 - ConsoleQuickStart {{copy}} and {{execute}} features do not work in some cases
OCPBUGS-931 - [osp][octavia lb] NodePort allocation cannot be disabled for LB type svcs
OCPBUGS-9338 - editor toggle radio input doesn't have distinguishable attributes
OCPBUGS-9389 - Detach code in vsphere csi driver is failing
OCPBUGS-948 - OLM sets invalid SCC label on its namespaces
OCPBUGS-95 - NMstate removes egressip in OpenShift cluster with SDN plugin
OCPBUGS-9913 - bacport tests for PDBUnhealthyPodEvictionPolicy as Tech Preview
OCPBUGS-9924 - Remove unsupported warning in oc-mirror when using the --skip-pruning flag
OCPBUGS-9926 - Enable node healthz server for ovnk in CNO
OCPBUGS-9951 - fails to reconcile to RT kernel on interrupted updates
OCPBUGS-9957 - Garbage collect grafana-dashboard-etcd
OCPBUGS-996 - Control Plane Machine Set Operator OnDelete update should cause an error when more than one machine is ready in an index
OCPBUGS-9963 - Better to change the error information more clearly to help understand
OCPBUGS-9968 - Operands running management side missing affinity, tolerations, node selector and priority rules than the operator
- References:
https://access.redhat.com/security/cve/CVE-2021-4235 https://access.redhat.com/security/cve/CVE-2021-4238 https://access.redhat.com/security/cve/CVE-2021-20329 https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2021-43519 https://access.redhat.com/security/cve/CVE-2021-44964 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1586 https://access.redhat.com/security/cve/CVE-2022-1587 https://access.redhat.com/security/cve/CVE-2022-1785 https://access.redhat.com/security/cve/CVE-2022-1897 https://access.redhat.com/security/cve/CVE-2022-1927 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-2990 https://access.redhat.com/security/cve/CVE-2022-3080 https://access.redhat.com/security/cve/CVE-2022-3259 https://access.redhat.com/security/cve/CVE-2022-4203 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-23525 https://access.redhat.com/security/cve/CVE-2022-23526 https://access.redhat.com/security/cve/CVE-2022-26280 https://access.redhat.com/security/cve/CVE-2022-27191 https://access.redhat.com/security/cve/CVE-2022-29154 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/cve/CVE-2022-34903 https://access.redhat.com/security/cve/CVE-2022-38023 https://access.redhat.com/security/cve/CVE-2022-38177 https://access.redhat.com/security/cve/CVE-2022-38178 https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/cve/CVE-2022-41316 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-41721 https://access.redhat.com/security/cve/CVE-2022-41723 https://access.redhat.com/security/cve/CVE-2022-41724 https://access.redhat.com/security/cve/CVE-2022-41725 https://access.redhat.com/security/cve/CVE-2022-42010 https://access.redhat.com/security/cve/CVE-2022-42011 https://access.redhat.com/security/cve/CVE-2022-42012 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/cve/CVE-2022-42919 https://access.redhat.com/security/cve/CVE-2022-46146 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2023-0056 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0216 https://access.redhat.com/security/cve/CVE-2023-0217 https://access.redhat.com/security/cve/CVE-2023-0229 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-0401 https://access.redhat.com/security/cve/CVE-2023-0620 https://access.redhat.com/security/cve/CVE-2023-0665 https://access.redhat.com/security/cve/CVE-2023-0778 https://access.redhat.com/security/cve/CVE-2023-25000 https://access.redhat.com/security/cve/CVE-2023-25165 https://access.redhat.com/security/cve/CVE-2023-25173 https://access.redhat.com/security/cve/CVE-2023-25577 https://access.redhat.com/security/cve/CVE-2023-25725 https://access.redhat.com/security/cve/CVE-2023-25809 https://access.redhat.com/security/cve/CVE-2023-27561 https://access.redhat.com/security/cve/CVE-2023-28642 https://access.redhat.com/security/cve/CVE-2023-30570 https://access.redhat.com/security/cve/CVE-2023-30841 https://access.redhat.com/security/updates/classification/#important https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBZGVrhNzjgjWX9erEAQjD7BAAihZ8nlrasEU8QISGjHMUkUXKPHgV6LlZ IT2h0MLam8ICSCDdZ8PUVXhWP+CTTIYYdpEPTaIdKdB16iecRXm2ML8GtQ38zSjC LpCB4NUmAdoH91FbT2oazgrCgg+2hizfufLYk/8nNm9yVR0zT5kZbuXMFZH/PbCb dYYyRsXsNt4+MpaWGf1q3jS7OX8l5UXbfO+nnKHWoow5/PeclygxFbRclr7o62Dy tnfgs+OwbroI6L0nohsUTk4Es1koyD8FaGdo28ViLcgVH1VDhBqzHXSAe1P+XmAc PSG6slSRIrgJpARfN8OEI89wfI+ttyqEi4yAdoKjCo/pbshhLw3JZQcavmQc8XEK o1afTtx0XFHJsAdZRjvq+7zExqnDANRLbtkkYG2gYuc8LgGmh6P0ZlhxQFMS3f/T cTLSLaP6XSnHQaJyc0kqULHcWBZRzepcIDPYkmTCbCVCwLjXuIoF6eMQvo7eRXCy 4qN3nT0+M90jWxf/uQzo9NpeWFB7y2cccHMvaPzZ8cAAxpwM3Rphutu9lzRfJCl8 TMincIMIFq3vLmrfxHX5YOKfgH/Kjc06TbtnzxtucFQVNFxyKIWKgJB/hl1mGDTJ 8cibppoX+mLmUirPuu+5JwaAmq7skX5HKX3r3t8sajmij17nS2Ff8q52ZLgdZQ6H XbiJN3SZj5U= =WGO2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/
Security fixes:
- moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)
- vm2: Sandbox Escape in vm2 (CVE-2022-36067)
Bug fixes:
-
Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters (BZ# 2074547)
-
OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constrain (BZ# 2082254)
-
subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec (BZ# 2083659)
-
Yaml editor for creating vSphere cluster moves to next line after typing (BZ# 2086883)
-
Submariner addon status doesn't track all deployment failures (BZ# 2090311)
-
Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret (BZ# 2091170)
-
After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors (BZ# 2095481)
-
Enforce failed and report the violation after modified memory value in limitrange policy (BZ# 2100036)
-
Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" (BZ# 2101577)
-
Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies (BZ# 2102273)
-
managed cluster is in "unknown" state for 120 mins after OADP restore
-
RHACM 2.5.2 images (BZ# 2104553)
-
Subscription UI does not allow binding to label with empty value (BZ# 2104961)
-
Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ# 2106069)
-
Region information is not available for Azure cloud in managedcluster CR (BZ# 2107134)
-
cluster uninstall log points to incorrect container name (BZ# 2107359)
-
ACM shows wrong path for Argo CD applicationset git generator (BZ# 2107885)
-
Single node checkbox not visible for 4.11 images (BZ# 2109134)
-
Unable to deploy hypershift cluster when enabling validate-cluster-security (BZ# 2109544)
-
Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application (BZ# 20110026)
-
After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating (BZ# 2117728)
-
pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)
-
ArgoCD and AppSet Applications do not deploy to local-cluster (BZ# 2124707)
-
Bugs fixed (https://bugzilla.redhat.com/):
2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters 2082254 - OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constraint 2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec 2086883 - Yaml editor for creating vSphere cluster moves to next line after typing 2090311 - Submariner addon status doesn't track all deployment failures 2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret 2095481 - After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors 2100036 - Enforce failed and report the violation after modified memory value in limitrange policy 2101577 - Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" 2102273 - Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies 2103653 - managed cluster is in "unknown" state for 120 mins after OADP restore 2104553 - RHACM 2.5.2 images 2104961 - Subscription UI does not allow binding to label with empty value 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD 2107134 - Region information is not available for Azure cloud in managedcluster CR 2107359 - cluster uninstall log points to incorrect container name 2107885 - ACM shows wrong path for Argo CD applicationset git generator 2109134 - Single node checkbox not visible for 4.11 images 2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application 2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating 2122292 - pods in CrashLoopBackoff on 3.11 managed cluster 2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-2059",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.0.5023"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011217"
},
{
"db": "NVD",
"id": "CVE-2022-1897"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168222"
},
{
"db": "PACKETSTORM",
"id": "169443"
},
{
"db": "PACKETSTORM",
"id": "167944"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "168182"
},
{
"db": "PACKETSTORM",
"id": "173605"
},
{
"db": "PACKETSTORM",
"id": "172441"
},
{
"db": "PACKETSTORM",
"id": "168378"
}
],
"trust": 0.8
},
"cve": "CVE-2022-1897",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1897",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-423551",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1897",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1897",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1897",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1897",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-1897",
"trust": 0.8,
"value": "High"
},
{
"author": "VULHUB",
"id": "VHN-423551",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423551"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011217"
},
{
"db": "NVD",
"id": "CVE-2022-1897"
},
{
"db": "NVD",
"id": "CVE-2022-1897"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. Solution:\n\nThe OpenShift Service Mesh Release Notes provide information on the\nfeatures and known issues:\n\nhttps://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html\n\n4. JIRA issues fixed (https://issues.jboss.org/):\n\nOSSM-1105 - IOR doesn\u0027t support a host with namespace/ prefix\nOSSM-1205 - Specifying logging parameter will make istio-ingressgateway and istio-egressgateway failed to start\nOSSM-1668 - [Regression] jwksResolverCA field in SMCP is missing\nOSSM-1718 - Istio Operator pauses reconciliation when gateway deployed to non-control plane namespace\nOSSM-1775 - [Regression] Incorrect 3scale image specified for 2.0 control planes\nOSSM-1800 - IOR should copy labels from Gateway to Route\nOSSM-1805 - Reconcile SMCP when Kiali is not available\nOSSM-1846 - SMCP fails to reconcile when enabling PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER\nOSSM-1868 - Container release for Maistra 2.2.2\n\n6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Summary:\n\nOpenShift sandboxed containers 1.3.1 is now available. Description:\n\nOpenShift sandboxed containers support for OpenShift Container Platform\nprovides users with built-in support for running Kata containers as an\nadditional, optional runtime. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nKATA-1751 - CVE-2022-24675 osc-operator-container: golang: encoding/pem: fix stack overflow in Decode [rhosc-1]\nKATA-1752 - CVE-2022-28327 osc-operator-container: golang: crypto/elliptic: panic caused by oversized scalar [rhosc-1]\nKATA-1754 - OSC Pod security issue in 4.12 prevents subscribing to operator\nKATA-1758 - CVE-2022-30632 osc-operator-container: golang: path/filepath: stack exhaustion in Glob [rhosc-1]\n\n6. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nVim (Vi IMproved) is an updated and improved version of the vi editor. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.12 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. Bugs fixed (https://bugzilla.redhat.com/):\n\n2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation\n2101411 - RHACM 2.3.12 images\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n5. Summary:\n\nThis is an updated release of the Self Node Remediation Operator. The Self\nNode Remediation Operator replaces the Poison Pill Operator, and is\ndelivered by Red Hat Workload Availability. Description:\n\nThe Self Node Remediation Operator works in conjunction with the Machine\nHealth Check or the Node Health Check Operators to provide automatic\nremediation of unhealthy nodes by rebooting them. This minimizes downtime\nfor stateful applications and RWO volumes, as well as restoring compute\ncapacity in the event of transient failures. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nSecurity Fix(es):\n\n* github.com/Masterminds/vcs: Command Injection via argument injection\n(CVE-2022-21235)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags. Bugs fixed (https://bugzilla.redhat.com/):\n\n2215317 - CVE-2022-21235 github.com/Masterminds/vcs: Command Injection via argument injection\n\n5. JIRA issues fixed (https://issues.redhat.com/):\n\nOCPBUGS-15446 - (release-4.11) gather \"gateway-mode-config\" config map from \"openshift-network-operator\" namespace\nOCPBUGS-15532 - visiting Configurations page returns error Cannot read properties of undefined (reading \u0027apiGroup\u0027)\nOCPBUGS-15645 - Can\u0027t use git lfs in BuildConfig git source with strategy Docker\nOCPBUGS-15739 - Environment cannot find Python\nOCPBUGS-15758 - [release-4.11] Bump Jenkins and Jenkins Agent Base image versions\nOCPBUGS-15942 - 9% of OKD tests failing on error: tag latest failed: Internal error occurred: registry.centos.org/dotnet/dotnet-31-centos7:latest: Get \"https://registry.centos.org/v2/\": dial tcp: lookup registry.centos.org on 172.30.0.10:53: no such host\nOCPBUGS-15966 - [4.12] MetalLB contains incorrect data Correct and incorrect MetalLB resources coexist should have correct statuses\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.13.0 security update\nAdvisory ID: RHSA-2023:1326-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:1326\nIssue date: 2023-05-17\nCVE Names: CVE-2021-4235 CVE-2021-4238 CVE-2021-20329 \n CVE-2021-38561 CVE-2021-43519 CVE-2021-44964 \n CVE-2022-1271 CVE-2022-1586 CVE-2022-1587 \n CVE-2022-1785 CVE-2022-1897 CVE-2022-1927 \n CVE-2022-2509 CVE-2022-2990 CVE-2022-3080 \n CVE-2022-3259 CVE-2022-4203 CVE-2022-4304 \n CVE-2022-4450 CVE-2022-21698 CVE-2022-23525 \n CVE-2022-23526 CVE-2022-26280 CVE-2022-27191 \n CVE-2022-29154 CVE-2022-29824 CVE-2022-34903 \n CVE-2022-38023 CVE-2022-38177 CVE-2022-38178 \n CVE-2022-40674 CVE-2022-41316 CVE-2022-41717 \n CVE-2022-41721 CVE-2022-41723 CVE-2022-41724 \n CVE-2022-41725 CVE-2022-42010 CVE-2022-42011 \n CVE-2022-42012 CVE-2022-42898 CVE-2022-42919 \n CVE-2022-46146 CVE-2022-47629 CVE-2023-0056 \n CVE-2023-0215 CVE-2023-0216 CVE-2023-0217 \n CVE-2023-0229 CVE-2023-0286 CVE-2023-0361 \n CVE-2023-0401 CVE-2023-0620 CVE-2023-0665 \n CVE-2023-0778 CVE-2023-25000 CVE-2023-25165 \n CVE-2023-25173 CVE-2023-25577 CVE-2023-25725 \n CVE-2023-25809 CVE-2023-27561 CVE-2023-28642 \n CVE-2023-30570 CVE-2023-30841 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.13.0 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.13. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.13.0. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2023:1325\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html\n\nSecurity Fix(es):\n\n* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as\nrandom as they should be (CVE-2021-4238)\n\n* go-yaml: Denial of Service in go-yaml (CVE-2021-4235)\n\n* mongo-go-driver: specific cstrings input may not be properly validated\n(CVE-2021-20329)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* prometheus/client_golang: Denial of service using\nInstrumentHandlerCounter (CVE-2022-21698)\n\n* helm: Denial of service through through repository index file\n(CVE-2022-23525)\n\n* helm: Denial of service through schema file (CVE-2022-23526)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* vault: insufficient certificate revocation list checking (CVE-2022-41316)\n\n* golang: net/http: excessive memory growth in a Go server accepting HTTP/2\nrequests (CVE-2022-41717)\n\n* x/net/http2/h2c: request smuggling (CVE-2022-41721)\n\n* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK\ndecoding (CVE-2022-41723)\n\n* golang: crypto/tls: large handshake records may cause panics\n(CVE-2022-41724)\n\n* golang: net/http, mime/multipart: denial of service from excessive\nresource consumption (CVE-2022-41725)\n\n* exporter-toolkit: authentication bypass via cache poisoning\n(CVE-2022-46146)\n\n* vault: Vault\u2019s Microsoft SQL Database Storage Backend Vulnerable to SQL\nInjection Via Configuration File (CVE-2023-0620)\n\n* hashicorp/vault: Vault\u2019s PKI Issuer Endpoint Did Not Correctly Authorize\nAccess to Issuer Metadata (CVE-2023-0665)\n\n* hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations\n(CVE-2023-25000)\n\n* helm: getHostByName Function Information Disclosure (CVE-2023-25165)\n\n* containerd: Supplementary groups are not set up properly (CVE-2023-25173)\n\n* runc: volume mount race condition (regression of CVE-2019-19921)\n(CVE-2023-27561)\n\n* runc: AppArmor can be bypassed when `/proc` inside the container is\nsymlinked with a specific mount configuration (CVE-2023-28642)\n\n* baremetal-operator: plain-text username and hashed password readable by\nanyone having a cluster-wide read-access (CVE-2023-30841)\n\n* runc: Rootless runc makes `/sys/fs/cgroup` writable (CVE-2023-25809)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.13 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags\n\nThe sha values for the release are:\n\n(For x86_64 architecture)\nThe image digest is\nsha256:74b23ed4bbb593195a721373ed6693687a9b444c97065ce8ac653ba464375711\n\n(For s390x architecture)\nThe image digest is\nsha256:a32d509d960eb3e889a22c4673729f95170489789c85308794287e6e9248fb79\n\n(For ppc64le architecture)\nThe image digest is\nsha256:bca0e4a4ed28b799e860e302c4f6bb7e11598f7c136c56938db0bf9593fb76f8\n\n(For aarch64 architecture)\nThe image digest is\nsha256:e07e4075c07fca21a1aed9d7f9c165696b1d0fa4940a219a000894e5683d846c\n\nAll OpenShift Container Platform 4.13 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1770297 - console odo download link needs to go to an official location or have caveats [openshift-4.4]\n1853264 - Metrics produce high unbound cardinality\n1877261 - [RFE] Mounted volume size issue when restore a larger size pvc than snapshot\n1904573 - OpenShift: containers modify /etc/passwd group writable\n1943194 - when using gpus, more nodes than needed are created by the node autoscaler\n1948666 - After entering valid git repo url on Import from git page, throwing warning message instead Validated\n1971033 - CVE-2021-20329 mongo-go-driver: specific cstrings input may not be properly validated\n2005232 - Pods list page should only show Create Pod button to user has sufficient permission\n2016006 - Repositories list does not show the running pipelinerun as last pipelinerun\n2027000 - The user is ignored when we create a new file using a MachineConfig\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2047299 - nodeport not reachable port connection timeout\n2050230 - Implement LIST call chunking in openshift-sdn\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2065166 - GCP - Less privileged service accounts are created with Service Account User role\n2066388 - Wrong Error generates when https is missing in the value of `regionEndpoint` in `configs.imageregistry.operator.openshift.io/cluster`\n2066664 - [cluster-storage-operator] - Minimize wildcard/privilege Usage in Cluster and Local Roles\n2070744 - openshift-install destroy in us-gov-west-1 results in infinite loop - AWS govcloud\n2075548 - Support AllocateLoadBalancerNodePorts=False with ETP=local, LGW mode\n2076619 - Could not create deployment with an unknown git repo and builder image build strategy\n2078222 - egressIPs behave inconsistently towards in-cluster traffic (hosts and services backed by host-networked pods)\n2079981 - PVs not deleting on azure (or very slow to delete) since CSI migration to azuredisk\n2081858 - OVN-Kubernetes: SyncServices for nodePortWatcherIptables should propagate failures back to caller\n2083087 - \"Delete dependent objects of this resource\" might cause confusions\n2084452 - PodDisruptionBudgets help message should be semantic\n2087043 - Cluster API components should use K8s 1.24 dependencies\n2087553 - No rhcos-4.11/x86_64 images in the 2 new regions on alibabacloud, \"ap-northeast-2 (South Korea (Seoul))\" and \"ap-southeast-7 (Thailand (Bangkok))\"\n2089093 - CVO hotloops on OperatorGroup due to the diff of \"upgradeStrategy\": string(\"Default\")\n2089138 - CVO hotloops on ValidatingWebhookConfiguration /performance-addon-operator\n2090680 - upgrade for a disconnected cluster get hang on retrieving and verifying payload\n2092567 - Network policy is not being applied as expected\n2092811 - Datastore name is too long\n2093339 - [rebase v1.24] Only known images used by tests\n2095719 - serviceaccounts are not updated after upgrade from 4.10 to 4.11\n2100181 - WebScale: configure-ovs.sh fails because it picks the wrong default interface\n2100429 - [apiserver-auth] default SCC restricted allow volumes don\u0027t have \"ephemeral\" caused deployment with Generic Ephemeral Volumes stuck at Pending\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2104978 - MCD degrades are not overwrite-able by subsequent errors\n2110565 - PDB: Remove add/edit/remove actions in Pod resource action menu\n2110570 - Topology sidebar: Edit pod count shows not the latest replicas value when edit the count again\n2110982 - On GCP, need to check load balancer health check IPs required for restricted installation\n2113973 - operator scc is nor fixed when we define a custom scc with readOnlyRootFilesystem: true\n2114515 - Getting critical NodeFilesystemAlmostOutOfSpace alert for 4K tmpfs\n2115265 - Search page: LazyActionMenus are shown below Add/Remove from navigation button\n2116686 - [capi] Cluster kind should be valid\n2117374 - Improve Pod Admission failure for restricted-v2 denials that pass with restricted\n2135339 - CVE-2022-41316 vault: insufficient certificate revocation list checking\n2149436 - CVE-2022-46146 exporter-toolkit: authentication bypass via cache poisoning\n2154196 - CVE-2022-23526 helm: Denial of service through schema file\n2154202 - CVE-2022-23525 helm: Denial of service through through repository index file\n2156727 - CVE-2021-4235 go-yaml: Denial of Service in go-yaml\n2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be\n2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests\n2162182 - CVE-2022-41721 x/net/http2/h2c: request smuggling\n2168458 - CVE-2023-25165 helm: getHostByName Function Information Disclosure\n2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly\n2175721 - CVE-2023-27561 runc: volume mount race condition (regression of CVE-2019-19921)\n2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding\n2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption\n2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics\n2182883 - CVE-2023-28642 runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration\n2182884 - CVE-2023-25809 runc: Rootless runc makes `/sys/fs/cgroup` writable\n2182972 - CVE-2023-25000 hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations\n2182981 - CVE-2023-0665 hashicorp/vault: Vault?s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata\n2184663 - CVE-2023-0620 vault: Vault?s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File\n2190116 - CVE-2023-30841 baremetal-operator: plain-text username and hashed password readable by anyone having a cluster-wide read-access\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nOCPBUGS-10036 - Enable aesgcm encryption provider by default in openshift/api\nOCPBUGS-10038 - Enable aesgcm encryption provider by default in openshift/cluster-config-operator\nOCPBUGS-10042 - Enable aesgcm encryption provider by default in openshift/cluster-kube-apiserver-operator\nOCPBUGS-10043 - Enable aesgcm encryption provider by default in openshift/cluster-openshift-apiserver-operator\nOCPBUGS-10044 - Enable aesgcm encryption provider by default in openshift/cluster-authentication-operator\nOCPBUGS-10047 - oc-mirror print log: unable to parse reference oci://mno/redhat-operator-index:v4.12\nOCPBUGS-10057 - With WPC card configured as GM or BC, phc2sys clock lock state is shown as FREERUN in ptp metrics while it should be LOCKED\nOCPBUGS-10213 - aws: mismatch between RHCOS and AWS SDK regions\nOCPBUGS-10220 - Newly provisioned machines unable to join cluster\nOCPBUGS-10221 - Risk cache warming takes too long on channel changes\nOCPBUGS-10237 - Limit the nested repository path while mirroring the images using oc-mirror for those who cant have nested paths in their container registry\nOCPBUGS-10239 - [release-4.13] Fix of ServiceAccounts gathering\nOCPBUGS-10249 - PollConsoleUpdates won\u0027t fire toast if one or more manifests errors when plugins change\nOCPBUGS-10267 - NetworkManager TUI quits regardless of a detected unsupported configuration\nOCPBUGS-10271 - [4.13] Netflink overflow alert\nOCPBUGS-10278 - Graph-data is not mounted on graph-builder correctly while install using graph-data image built by oc-mirror\nOCPBUGS-10281 - Openshift Ansible OVS version out of sync with RHCOS\nOCPBUGS-10291 - Broken link for Ansible tagging\nOCPBUGS-10298 - TenantID is ignored in some cases\nOCPBUGS-10320 - Catalogs should not be included in the ImageContentSourcePolicy.yaml\nOCPBUGS-10321 - command cannot be worked after chroot /host for oc debug pod\nOCPBUGS-1033 - Multiple extra manifests in the same file are not applied correctly\nOCPBUGS-10334 - Nutanix cloud-controller-manager pod not have permission to get/list ConfigMap\nOCPBUGS-10353 - kube-apiserver not receiving or processing shutdown signal after coreos 9.2 bump\nOCPBUGS-10367 - Pausing pools in OCP 4.13 will cause critical alerts to fire\nOCPBUGS-10377 - [gcp] IPI installation with Shielded VMs enabled failed on restarting the master machines\nOCPBUGS-10404 - Workload annotation missing from deployments\nOCPBUGS-10421 - RHCOS 4.13 live iso x84_64 contains restrictive policy.json\nOCPBUGS-10426 - node-topology is not exported due to kubelet.sock: connect: permission denied \nOCPBUGS-10427 - 4.1 born cluster fails to scale-up due to podman run missing `--authfile` flag\nOCPBUGS-10432 - CSI Inline Volume admission plugin does not log object name correctly\nOCPBUGS-10440 - OVN IPSec - does not create IPSec tunnels\nOCPBUGS-10474 - OpenShift pipeline TaskRun(s) column Duration is not present as column in UI\nOCPBUGS-10476 - Disable netlink mode of netclass collector in Node Exporter. \nOCPBUGS-1048 - if tag categories don\u0027t exist, the installation will fail to bootstrap\nOCPBUGS-10483 - [4.13 arm64 image][AWS EFS] Driver fails to get installed/exec format error\nOCPBUGS-10558 - MAPO failing to retrieve flavour information after rotating credentials\nOCPBUGS-10585 - [4.13] Request to update RHCOS installer bootimage metadata \nOCPBUGS-10586 - Console shows x509 error when requesting token from oauth endpoint\nOCPBUGS-10597 - The agent-tui shows again during the installation\nOCPBUGS-1061 - administrator console, monitoring-alertmanager-edit user list or create silence, \"Observe - Alerting - Silences\" page is pending\nOCPBUGS-10645 - 4.13: Operands running management side missing affinity, tolerations, node selector and priority rules than the operator\nOCPBUGS-10656 - create image command erroneously logs that Base ISO was obtained from release\nOCPBUGS-10657 - When releaseImage is a digest the create image command generates spurious warning\nOCPBUGS-10658 - Wrong PrimarySubnet in OpenstackProviderSpec when using Failure Domains\nOCPBUGS-10661 - machine API operator failing with No Major.Minor.Patch elements found\nOCPBUGS-10678 - Developer catalog shows ImageStreams as samples which has no sampleRepo\nOCPBUGS-10679 - Show type of sample on the samples view\nOCPBUGS-10689 - [IPI on BareMetal]: Workers failing inspection when installing with proxy\nOCPBUGS-10697 - [release-4.13] User is allowed to create IP Address pool with duplicate entries for namespace and matchExpression for serviceSelector and namespaceSelector\nOCPBUGS-10698 - [release-4.13] Already assigned IP address is removed from a service on editing the ip address pool. \nOCPBUGS-10710 - Metal virtual media job permafails during early bootstrap\nOCPBUGS-10716 - Image Registry default to Removed on IBM cloud after 4.13.0-ec.3\nOCPBUGS-10739 - [4.13] Bootimage bump tracker\nOCPBUGS-10744 - [4.13] EgressFirewall status disappeared \nOCPBUGS-10746 - Downstream Operator-SDK v1.22.2 to OCP 4.13\nOCPBUGS-10771 - upgrade test failure with \"Cluster operator control-plane-machine-set is not available\"\nOCPBUGS-10773 - TestNewAppRun unit test failing\nOCPBUGS-10792 - Hypershift namespace servicemonitor has wrong API group\nOCPBUGS-10793 - Ignore device list missing in Node Exporter \nOCPBUGS-10796 - [4.13] Egress firewall is not retried on error\nOCPBUGS-10799 - Network policy perf improvements\nOCPBUGS-10801 - [4.13] Upgrade to 4.10 stalled on timeout completing syncEgressFirewall\nOCPBUGS-10811 - Missing vCenter build number in telemetry\nOCPBUGS-10813 - SCOS bootstrap should skip pivot when root is not writable\nOCPBUGS-10826 - RHEL 9.2 doesn\u0027t contain the `kernel-abi-whitelists` package. \nOCPBUGS-10832 - Edit Deployment (and DC) form doesn\u0027t enable Save button when changing strategy type\nOCPBUGS-10833 - update the default pipelineRun template name\nOCPBUGS-10834 - [OVNK] [IC] Having only one leader election in the master process\nOCPBUGS-10873 - OVN to OVN-H migration seems broken\nOCPBUGS-10888 - oauth-server fails to invalidate cache, causing non existing groups being referenced\nOCPBUGS-10890 - Hypershift replace upgrade: node in NotReady after upgrading from a 4.14 image to another 4.14 image\nOCPBUGS-10891 - Cluster Autoscaler balancing similar nodes test fails randomly\nOCPBUGS-10892 - Passwords printed in log messages\nOCPBUGS-10893 - Remove unsupported warning in oc-mirror when using the --skip-pruning flag\nOCPBUGS-10902 - [IBMCloud] destroyed the private cluster, fail to cleanup the dns records\nOCPBUGS-10903 - [IBMCloud] fail to ssh to master/bootstrap/worker nodes from the bastion inside a customer vpc. \nOCPBUGS-10907 - move to rhel9 in DTK for 4.13\nOCPBUGS-10914 - Node healthz server: return unhealthy when pod is to be deleted\nOCPBUGS-10919 - Update Samples Operator to use latest jenkins 4.12 release\nOCPBUGS-10923 - Cluster bootstrap waits for only one master to join before finishing \nOCPBUGS-10929 - Kube 1.26 for ovn-k\nOCPBUGS-10946 - For IPv6-primary dual-stack cluster, kubelet.service renders only single node-ip\nOCPBUGS-10951 - When imagesetconfigure without OCI FBC format config, but command with use-oci-feature flag, the oc-mirror command should check the imagesetconfigure firstly and print error immediately\nOCPBUGS-10953 - ovnkube-node does not close up correctly\nOCPBUGS-10955 - [release-4.13] NMstate complains about ping not working when adding multiple routing tables with different gateways\nOCPBUGS-10960 - [4.13] Vertical Scaling: do not trigger inadvertent machine deletion during bootstrap\nOCPBUGS-10965 - The network-tools image stream is missing in the cluster samples\nOCPBUGS-10982 - [4.13] nodeSelector in EgressFirewall doesn\u0027t work in dualstack cluster\nOCPBUGS-10989 - Agent create sub-command is returning fatal error\nOCPBUGS-10990 - EgressIP doesn\u0027t work in GCP XPN cluster\nOCPBUGS-11004 - Bootstrap kubelet client cert should include system:serviceaccounts group\nOCPBUGS-11010 - [vsphere] zone cluster installation fails if vSphere Cluster is embedded in Folder\nOCPBUGS-11022 - [4.13][scale] all egressfirewalls will be updated on every node update\nOCPBUGS-11023 - [4.13][scale] Ingress network policy creates more flows than before\nOCPBUGS-11031 - SNO OCP upgrade from 4.12 to 4.13 failed due to node-tuning operator is not available - tuned pod stuck at Terminating\nOCPBUGS-11032 - Update the validation interval for the cluster transfer to 12 hours\nOCPBUGS-11040 - --container-runtime is being removed in k8s 1.27\nOCPBUGS-11054 - GCP: add europe-west12 region to the survey as supported region\nOCPBUGS-11055 - APIServer service isn\u0027t selected correctly for PublicAndPrivate cluster when external-dns is not configured\nOCPBUGS-11058 - [4.13] Conmon leaks symbolic links in /var/run/crio when pods are deleted\nOCPBUGS-11068 - nodeip-configuration not enabled for VSphere UPI\nOCPBUGS-11107 - Alerts display incorrect source when adding external alert sources\nOCPBUGS-11117 - The provided gcc RPM inside DTK does not match the gcc used to build the kernel\nOCPBUGS-11120 - DTK docs should mention the ubi9 base image instead of ubi8\nOCPBUGS-11213 - BMH moves to deleting before all finalizers are processed\nOCPBUGS-11218 - \"pipelines-as-code-pipelinerun-go\" configMap is not been used for the Go repository \nOCPBUGS-11222 - kube-controller-manager cluster operator is degraded due connection refused while querying rules\nOCPBUGS-11227 - Relax CSR check due to k8s 1.27 changes\nOCPBUGS-11232 - All projects options shows as undefined after selection in Dev perspective Pipelines page \nOCPBUGS-11248 - Secret name variable get renders in Create Image pull secret alert\nOCPBUGS-1125 - Fix disaster recovery test [sig-etcd][Feature:DisasterRecovery][Disruptive] [Feature:EtcdRecovery] Cluster should restore itself after quorum loss [Serial]\nOCPBUGS-11257 - egressip cannot be assigned on hypershift hosted cluster node\nOCPBUGS-11261 - [AWS][4.13] installer get stuck if BYO private hosted zone is configured\nOCPBUGS-11263 - PTP KPI version 4.13 RC2 WPC - offset jumps to huge numbers \nOCPBUGS-11307 - Egress firewall node selector test missing\nOCPBUGS-11333 - startupProbe for UWM prometheus is still 15m\nOCPBUGS-11339 - ose-ansible-operator base image version is still 4.12 in the operators that generated by operator-sdk 4.13\nOCPBUGS-11340 - ose-helm-operator base image version is still 4.12 in the operators that generated by operator-sdk 4.13\nOCPBUGS-11341 - openshift-manila-csi-driver is missing the workload.openshift.io/allowed label\nOCPBUGS-11354 - CPMS: node readiness transitions not always trigger reconcile \nOCPBUGS-11384 - Switching from enabling realTime to disabling Realtime Workloadhint causes stalld to be enabled\nOCPBUGS-11390 - Service Binding Operator installation fails: \"A subscription for this operator already exists in namespace ...\"\nOCPBUGS-11424 - [release-4.13] new whereabouts reconciler relies on HOSTNAME which != spec.nodeName\nOCPBUGS-11427 - [release-4.13] whereabouts reads wrong annotation \"k8s.v1.cni.cncf.io/networks-status\", should be \"k8s.v1.cni.cncf.io/network-status\"\nOCPBUGS-11456 - PTP - When GM and downstream slaves are configured on same server, ptp metrics show slaves as FREERUN\nOCPBUGS-11458 - Ingress Takes 40s on Average Downtime During GCP OVN Upgrades\nOCPBUGS-11460 - CPMS doesn\u0027t always generate configurations for AWS\nOCPBUGS-11468 - Community operator cannot be mirrored due to malformed image address\nOCPBUGS-11469 - [release4.13] \"exclude bundles with `olm.deprecated` property when rendering\" not backport\nOCPBUGS-11473 - NS autolabeler requires RoleBinding subject namespace to be set when using ServiceAccount\nOCPBUGS-11485 - [4.13] NVMe disk by-id rename breaks LSO/ODF\nOCPBUGS-11503 - Update 4.13 cluster-network-operator image in Dockerfile to be consistent with ART\nOCPBUGS-11506 - CPMS e2e periodics tests timeout failures\nOCPBUGS-11507 - Potential 4.12 to 4.13 upgrade failure due to NIC rename\nOCPBUGS-11510 - Setting cpu-quota.crio.io to `disable` with crun causes container creation to fail\nOCPBUGS-11511 - [4.13] static container pod cannot be running due to CNI request failed with status 400\nOCPBUGS-11529 - [Azure] fail to collect the vm serial log with ?gather bootstrap?\nOCPBUGS-11536 - Cluster monitoring operator runs node-exporter with btrfs collector\nOCPBUGS-11545 - multus-admission-controller should not run as root under Hypershift-managed CNO\nOCPBUGS-11558 - multus-admission-controller should not run as root under Hypershift-managed CNO\nOCPBUGS-11589 - Ensure systemd is compatible with rhel8 journalctl\nOCPBUGS-11598 - openshift-azure-routes triggered continously on rhel9\nOCPBUGS-11606 - User configured In-cluster proxy configuration squashed in hypershift\nOCPBUGS-11643 - Updating kube-rbac-proxy images to be consistent with ART\nOCPBUGS-11657 - [4.13] Static IPv6 LACP bonding is randomly failing in RHCOS 413.92\nOCPBUGS-11659 - Error extracting libnmstate.so.1.3.3 when create image\nOCPBUGS-11661 - AWS s3 policy changes block all OCP installs on AWS\nOCPBUGS-11669 - Bump to kubernetes 1.26.3\nOCPBUGS-11683 - [4.13] Add Controller health to CEO liveness probe\nOCPBUGS-11694 - [4.13] Update legacy toolbox to use registry.redhat.io/rhel9/support-tools\nOCPBUGS-11706 - ccoctl cannot create STS documents in 4.10-4.13 due to s3 policy changes\nOCPBUGS-11750 - TuningCNI cnf-test failure: sysctl allowlist update\nOCPBUGS-11765 - [4.13] Keep current OpenSSH default config in RHCOS 9\nOCPBUGS-11776 - [4.13] VSphereStorageDriver does not document the platform default\nOCPBUGS-11778 - Upgrade SNO: no resolv.conf caused by failure in forcedns dispatcher script\nOCPBUGS-11787 - Update 4.14 ose-vmware-vsphere-csi-driver image to be consistent with ART\nOCPBUGS-11789 - [4.13] Bootimage bump tracker\nOCPBUGS-11799 - [4.13] Bootimage bump tracker\nOCPBUGS-11823 - [Reliability]kube-apiserver\u0027s memory usage keep increasing to max 3GB in 7 days\nOCPBUGS-11848 - PtpOperatorsConfig not applying correctly\nOCPBUGS-11866 - Pipeline is not removed when Deployment/DC/Knative Service or Application is deleted\nOCPBUGS-11870 - [4.13] Nodes in Ironic are created without namespaces initially\nOCPBUGS-11876 - oc-mirror generated file-based catalogs crashloop\nOCPBUGS-11908 - Got the `file exists` error when different digest direct to the same tag\nOCPBUGS-11917 - the warn message won\u0027t disappear in co/node-tuning when scale down machineset\nOCPBUGS-11919 - Console metrics could have a high cardinality (4.13)\nOCPBUGS-11950 - fail to create vSphere IPI cluster as apiVIP and ingressVIP are not in machine networks\nOCPBUGS-11955 - NTP config not applied\nOCPBUGS-11968 - Instance shouldn\u0027t be moved back from f to a\nOCPBUGS-11985 - [4.13] Ironic inspector service should be proxied\nOCPBUGS-12172 - Users don\u0027t know what type of resource is being created by Import from Git or Deploy Image flows\nOCPBUGS-12179 - agent-tui is failing to start when using libnmstate.2\nOCPBUGS-12186 - Pipeline doesn\u0027t render correctly when displayed but looks fine in edit mode\nOCPBUGS-12198 - create hosted cluster failed with aws s3 access issue\nOCPBUGS-12212 - cluster failed to convert from dualstack to ipv4 single stack\nOCPBUGS-12225 - Add new OCP 4.13 storage admission plugin\nOCPBUGS-12257 - Catalogs rebuilt by oc-mirror are in crashloop : cache is invalid\nOCPBUGS-12259 - oc-mirror fails to complete with heads only complaining about devworkspace-operator\nOCPBUGS-12271 - Hypershift conformance test fails new cpu partitioning tests\nOCPBUGS-12272 - Importing a kn Service shows a non-working Open URL decorator also when the Add Route checkbox was unselected\nOCPBUGS-12273 - When Creating Sample Devfile from the Samples Page, Topology Icon is not set\nOCPBUGS-12450 - [4.13] Fix Flake TestAttemptToScaleDown/scale_down_only_by_one_machine_at_a_time\nOCPBUGS-12465 - --use-oci-feature leads to confusion and needs to be better named\nOCPBUGS-12478 - CSI driver + operator containers are not pinned to mgmt cores\nOCPBUGS-1264 - e2e-vsphere-zones failing due to unable to parse cloud-config\nOCPBUGS-12698 - redfish-virtualmedia mount not working \nOCPBUGS-12703 - redfish-virtualmedia mount not working \nOCPBUGS-12708 - [4.13] Changing a PreprovisioningImage ImageURL and/or ExtraKernelParams should reboot the host\nOCPBUGS-1272 - \"opm alpha render-veneer basic\" doesn\u0027t support pipe stdin\nOCPBUGS-12737 - Multus admission controller must have \"hypershift.openshift.io/release-image\" annotation when CNO is managed by Hypershift\nOCPBUGS-12786 - OLM CatalogSources in guest cluster cannot pull images if pre-GA\nOCPBUGS-12804 - Dual stack VIPs incompatible with EnableUnicast setting\nOCPBUGS-12854 - `cluster-reader` role cannot access \"k8s.ovn.org\" API Group resources\nOCPBUGS-12862 - IPv6 ingress VIP not configured in keepalived on vSphere Dual-stack\nOCPBUGS-12865 - Kubernetes-NMState CI is perma-failing\nOCPBUGS-12933 - Node Tuning Operator crashloops when in Hypershift mode\nOCPBUGS-12994 - TCP DNS Local Preference is not working for Openshift SDN\nOCPBUGS-12999 - Backport owners through 4.13, 4.12\nOCPBUGS-13029 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13\nOCPBUGS-13057 - ppc64le releases don\u0027t install because ovs fails to start (invalid permissions)\nOCPBUGS-13069 - [whereabouts-cni] CNO must use reconciliation controller in order to support dual stack in 4.12 [4.13 dependency]\nOCPBUGS-13071 - CI fails on TestClientTLS\nOCPBUGS-13072 - Capture tests don\u0027t work in OVNK\nOCPBUGS-13076 - Load balancers/ Ingress controller removal race condition\nOCPBUGS-13157 - CI fails on TestRouterCompressionOperation\nOCPBUGS-13254 - Nutanix cloud provider should use Kubernetes 1.26 dependencies\nOCPBUGS-1327 - [IBMCloud] Worker machines unreachable during initial bring up\nOCPBUGS-1352 - OVN silently failing in case of a stuck pod\nOCPBUGS-1427 - Ignore non-ready endpoints when processing endpointslices\nOCPBUGS-1428 - service account token secret reference\nOCPBUGS-1435 - [Ingress Node Firewall Operator] [Web Console] Allow user to override namespace where the operator is installed, currently user can install it only in openshift-operators ns\nOCPBUGS-1443 - Unable to get ClusterVersion error while upgrading 4.11 to 4.12\nOCPBUGS-1453 - TargetDown alert expression is NOT correctly joining kube-state-metrics metric\nOCPBUGS-1458 - cvo pod crashloop during bootstrap: featuregates: connection refused\nOCPBUGS-1486 - Avoid re-metric\u0027ing the pods that are already setup when ovnkube-master disrupts/reinitializes/restarts/goes through leader election\nOCPBUGS-1557 - Default to floating automaticRestart for new GCP instances\nOCPBUGS-1560 - [vsphere] installation fails when only configure single zone in install-config\nOCPBUGS-1565 - Possible split brain with keepalived unicast\nOCPBUGS-1566 - Automation Offline CPUs Test cases\nOCPBUGS-1577 - Incorrect network configuration in worker node with two interfaces\nOCPBUGS-1604 - Common resources out-of-date when using multicluster switcher\nOCPBUGS-1606 - Multi-cluster: We should not filter OLM catalog by console pod architecture and OS on managed clusters \nOCPBUGS-1612 - [vsphere] installation errors out when missing topology in a failure domain\nOCPBUGS-1617 - Remove unused node.kubernetes.io/not-reachable toleration\nOCPBUGS-1627 - [vsphere] installation fails when setting user-defined folder in failure domain\nOCPBUGS-1646 - [osp][octavia lb] LBs type svcs not updated until all the LBs are created\nOCPBUGS-166 - 4.11 SNOs fail to complete install because of \"failed to get pod annotation: timed out waiting for annotations: context deadline exceeded\"\nOCPBUGS-1665 - Scorecard failed because of the request of PodSecurity\nOCPBUGS-1671 - Creating a statefulset with the example image from the UI on ARM64 leads to a Pod in crashloopbackoff due to the only-amd64 image provided\nOCPBUGS-1704 - [gcp] when the optional Service Usage API is disabled, IPI installation cannot succeed\nOCPBUGS-1725 - Affinity rule created in router deployment for single-replica infrastructure and \"NodePortService\" endpoint publishing strategy\nOCPBUGS-1741 - Can\u0027t load additional Alertmanager templates with latest 4.12 OpenShift\nOCPBUGS-1748 - PipelineRun templates must be fetched from OpenShift namespace\nOCPBUGS-1761 - osImages that cannot be pulled do not set the node as Degraded properly\nOCPBUGS-1769 - gracefully fail when iam:GetRole is denied\nOCPBUGS-1778 - Can\u0027t install clusters with schedulable masters\nOCPBUGS-1791 - Wait-for install-complete did not exit upon completion. \nOCPBUGS-1805 - [vsphere-csi-driver-operator] CSI cloud.conf doesn\u0027t list multiple datacenters when specified \nOCPBUGS-1807 - Ingress Operator startup bad log message formatting\nOCPBUGS-1844 - Ironic dnsmasq doesn\u0027t include existing DNS settings during iPXE boot\nOCPBUGS-1852 - [RHOCP 4.10] Subscription tab for operator doesn\u0027t land on correct URL\nOCPBUGS-186 - PipelineRun task status overlaps status text\nOCPBUGS-1998 - Cluster monitoring fails to achieve new level during upgrade w/ unavailable node\nOCPBUGS-2015 - TestCertRotationTimeUpgradeable failing consistently in kube-apiserver-operator\nOCPBUGS-2083 - OCP 4.10.33 uses a weak 3DES cipher in the VMWare CSI Operator for communication and provides no method to disable it\nOCPBUGS-2088 - User can set rendezvous host to be a worker\nOCPBUGS-2141 - doc link in PrometheusDataPersistenceNotConfigured message is 4.8\nOCPBUGS-2145 - \u0027maxUnavailable\u0027 and \u0027minAvailable\u0027 on PDB creation page - i18n misses\nOCPBUGS-2209 - Hard eviction thresholds is different with k8s default when PAO is enabled\nOCPBUGS-2248 - [alibabacloud] IPI installation failed with master nodes being NotReady and CCM error \"alicloud: unable to split instanceid and region from providerID\"\nOCPBUGS-2260 - KubePodNotReady - Increase Tolerance During Master Node Restarts\nOCPBUGS-2306 - On Make Serverless page, to change values of the inputs minpod, maxpod and concurrency fields, we need to click the ? + ? or ? - \u0027, it can\u0027t be changed by typing in it. \nOCPBUGS-2319 - metal-ipi upgrade success rate dropped 30+% in last week\nOCPBUGS-2384 - [2035720] [IPI on Alibabacloud] deploying a private cluster by \u0027publish: Internal\u0027 failed due to \u0027dns_public_record\u0027\nOCPBUGS-2440 - unknown field logs in prometheus-operator\nOCPBUGS-2471 - BareMetalHost is available without cleaning if the cleaning attempt fails\nOCPBUGS-2479 - Right border radius is 0 for the pipeline visualization wrapper in dark mode\nOCPBUGS-2500 - Developer Topology always blanks with large contents when first rendering\nOCPBUGS-2513 - Disconnected cluster installation fails with pull secret must contain auth for \"registry.ci.openshift.org\" \nOCPBUGS-2525 - [CI Watcher] Ongoing timeout failures associated with multiple CRD-extensions tests\nOCPBUGS-2532 - Upgrades from 4.11.9 to latest 4.12.x Nightly builds do not succeed\nOCPBUGS-2551 - \"Error loading\" when normal user check operands on All namespaces\nOCPBUGS-2569 - ovn-k network policy races\nOCPBUGS-2579 - Helm Charts and Samples are not disabled in topology actions if actions are disabled in customization\nOCPBUGS-266 - Project Access tab cannot differentiate between users and groups\nOCPBUGS-2666 - `create a project` link not backed by RBAC check\nOCPBUGS-272 - Getting duplicate word \"find\" when kube-apiserver degraded=true if webhook matches a virtual resource\nOCPBUGS-2727 - ClusterVersionRecommendedUpdate condition blocks explicitly allowed upgrade which is not in the available updates\nOCPBUGS-2729 - should ignore enP.* NICs from node-exporter on Azure cluster\nOCPBUGS-2735 - Operand List Page Layout Incorrect on small screen size. \nOCPBUGS-2738 - CVE-2022-26945 CVE-2022-30321 CVE-2022-30322 CVE-2022-30323 ose-baremetal-installer-container: various flaws [openshift-4.13.z]\nOCPBUGS-2824 - The dropdown list component will be covered by deployment details page on Topology page\nOCPBUGS-2827 - OVNK: NAT issue for packets exceeding check_pkt_larger() for NodePort services that route to hostNetworked pods\nOCPBUGS-2841 - Need validation rule for supported arch\nOCPBUGS-2845 - Unable to use application credentials for Cinder CSI after OpenStack credentials update\nOCPBUGS-2847 - GCP XPN should only be available with Tech Preview\nOCPBUGS-2851 - [OCI feature] registries.conf support in oc mirror\nOCPBUGS-2852 - etcd failure: failed to make etcd client for endpoints [https://[2620:52:0:1eb:367x:5axx:xxx:xxx]:2379]: context deadline exceeded \nOCPBUGS-2868 - Container networking pods cannot be access hosted network pods on another node in ipv6 single stack cluster\nOCPBUGS-2873 - Prometheus doesn\u0027t reload TLS certificate and key files on disk\nOCPBUGS-2886 - The LoadBalaner section shouldn\u0027t be set when using Kuryr on cloud-provider\nOCPBUGS-2891 - AWS Deprovision Fails with unrecognized elastic load balancing resource type listener \nOCPBUGS-2895 - [RFE] 4.11 Azure DiskEncryptionSet static validation does not support upper-case letters\nOCPBUGS-2904 - If all the actions are disabled in add page, Details on/off toggle switch to be disabled\nOCPBUGS-2907 - provisioning of baremetal nodes fails when using multipath device as rootDeviceHints\nOCPBUGS-2921 - br-ex interface not configured makes ovnkube-node Pod to crashloop \nOCPBUGS-2922 - \u0027Status\u0027 column sorting doesn\u0027t work as expected\nOCPBUGS-2926 - Unable to gather OpenStack console logs since kernel cmd line has no console args\nOCPBUGS-2934 - Ingress node firewall pod \u0027s events container on the node causing pod in CrashLoopBackOff state when sctp module is loaded on node\nOCPBUGS-2941 - CIRO unable to detect swift when content-type is omitted in 204-responses\nOCPBUGS-2946 - [AWS] curl network Loadbalancer always get \"Connection time out\"\nOCPBUGS-2948 - Whereabouts CNI timesout while iterating exclude range\nOCPBUGS-2988 - apiserver pods cannot reach etcd on single node IPv6 cluster: transport: authentication handshake failed: x509: certificate is valid for ::1, 127.0.0.1, ::1, fd69::2, not 2620:52:0:198::10\"\nOCPBUGS-2991 - CI jobs are failing with: admission webhook \"validation.csi.vsphere.vmware.com\" denied the request\nOCPBUGS-2992 - metal3 pod crashloops on OKD in BareMetal IPI or assisted-installer bare metal installations\nOCPBUGS-2994 - Keepalived monitor stuck for long period of time on kube-api call while installing\nOCPBUGS-2996 - [4.13] Bootimage bump tracker\nOCPBUGS-3018 - panic in WaitForBootstrapComplete\nOCPBUGS-3021 - GCP: missing me-west1 region\nOCPBUGS-3024 - Service list shows undefined:80 when type is ExternalName or LoadBalancer\nOCPBUGS-3027 - Metrics are not available when running console in development mode\nOCPBUGS-3029 - BareMetalHost CR fails to delete on cluster cleanup\nOCPBUGS-3033 - Clicking the logo in the masthead goes to `/dashboards`, even if metrics are disabled\nOCPBUGS-3041 - Guard Pod Hostnames Too Long and Truncated Down Into Collisions With Other Masters\nOCPBUGS-3069 - Should show information on page if the upgrade to a target version doesn\u0027t take effect. \nOCPBUGS-3072 - Operator-sdk run bundle with old sqllite index image failed \nOCPBUGS-3079 - RPS hook only sets the first queue, but there are now many\nOCPBUGS-3085 - [IPI-BareMetal]: Dual stack deployment failed on BootStrap stage \nOCPBUGS-3093 - The control plane should tag AWS security groups at creation\nOCPBUGS-3096 - The terraform binaries shipped by the installer are not statically linked\nOCPBUGS-3109 - Change text colour for ConsoleNotification that notifies user that the cluster is being \nOCPBUGS-3114 - CNO reporting incorrect status\nOCPBUGS-3123 - Operator attempts to render both GA and Tech Preview API Extensions\nOCPBUGS-3127 - nodeip-configuration retries forever on network failure, blocking ovs-configuration, spamming syslog\nOCPBUGS-3168 - Add Capacity button does not exist after upgrade OCP version [OCP4.11-\u003eOCP4.12]\nOCPBUGS-3172 - Console shouldn\u0027t try to install dynamic plugins if permissions aren\u0027t available\nOCPBUGS-3180 - Regression in ptp-operator conformance tests\nOCPBUGS-3186 - [ibmcloud] unclear error msg when zones is not match with the Subnets in BYON install\nOCPBUGS-3192 - [4.8][OVN] RHEL 7.9 DHCP worker ovs-configuration fails \nOCPBUGS-3195 - Service-ca controller exits immediately with an error on sigterm\nOCPBUGS-3206 - [sdn2ovn] Migration failed in vsphere cluster\nOCPBUGS-3207 - SCOS build fails due to pinned kernel\nOCPBUGS-3214 - Installer does not always add router CA to kubeconfig\nOCPBUGS-3228 - Broken secret created while starting a Pipeline\nOCPBUGS-3235 - Topology gets stuck loading\nOCPBUGS-3245 - ovn-kubernetes ovnkube-master containers crashlooping after 4.11.0-0.okd-2022-10-15-073651 update\nOCPBUGS-3248 - CVE-2022-27191 ose-installer-container: golang: crash in a golang.org/x/crypto/ssh server [openshift-4]\nOCPBUGS-3253 - No warning when using wait-for vs. agent wait-for commands\nOCPBUGS-3272 - Unhealthy Readiness probe failed message failing CI when ovnkube DBs are still coming up\nOCPBUGS-3275 - No-op: Unable to retrieve machine from node \"xxx\": expecting one machine for node xxx got: []\nOCPBUGS-3277 - Install failure in create-cluster-and-infraenv.service\nOCPBUGS-3278 - Shouldn\u0027t need to put host data in platform baremetal section in installconfig\nOCPBUGS-3280 - Install ends in preparing-failed due to container-images-available validation\nOCPBUGS-3283 - remove unnecessary RBAC in KCM\nOCPBUGS-3292 - DaemonSet \"/openshift-network-diagnostics/network-check-target\" is not available\nOCPBUGS-3314 - \u0027gitlab.secretReference\u0027 disappears when the buildconfig is edited on ?From View?\nOCPBUGS-3316 - Branch name should sanitised to match actual github branch name in repository plr list\nOCPBUGS-3320 - New master will be created if add duplicated failuredomains in controlplanemachineset\nOCPBUGS-3331 - Update dependencies in CMO release 4.13\nOCPBUGS-3334 - Console should be using v1 apiVersion for ConsolePlugin model\nOCPBUGS-3337 - revert \"force cert rotation every couple days for development\" in 4.12\nOCPBUGS-3338 - Environment cannot find Python\nOCPBUGS-3358 - Revert BUILD-407\nOCPBUGS-3372 - error message is too generic when creating a silence with end time before start\nOCPBUGS-3373 - cluster-monitoring-view user can not list servicemonitors on \"Observe -\u003e Targets\" page\nOCPBUGS-3377 - CephCluster and StorageCluster resources use the same paths\nOCPBUGS-3381 - Make ovnkube-trace work on hypershift deployments\nOCPBUGS-3382 - Unable to configure cluster-wide proxy\nOCPBUGS-3391 - seccomp profile unshare.json missing from nodes\nOCPBUGS-3395 - Event Source is visible without even creating knative-eventing and knative-serving. \nOCPBUGS-3404 - IngressController.spec.nodePlacement.nodeSelector.matchExpressions does not work\nOCPBUGS-3414 - Missing \u0027ImageContentSourcePolicy\u0027 and \u0027CatalogSource\u0027 in the oci fbc feature implementation\nOCPBUGS-3424 - Azure Disk CSI Driver Operator gets degraded without \"CSISnapshot\" capability\nOCPBUGS-3426 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13\nOCPBUGS-3427 - Skip broken [sig-devex][Feature:ImageEcosystem] tests\nOCPBUGS-3438 - cloud-network-config-controller not using proxy settings of the management cluster\nOCPBUGS-3440 - Authentication operator doesn\u0027t respond to console being enabled\nOCPBUGS-3441 - Update cluster-authentication-operator not to go degraded without console\nOCPBUGS-3444 - [4.13] Descheduler pod is OOM killed when using descheduler-operator profiles on big clusters\nOCPBUGS-3456 - track `rhcos-4.12` branch for fedora-coreos-config submodule\nOCPBUGS-3458 - Surface ClusterVersion RetrievedUpdates condition messages\nOCPBUGS-3465 - IBM operator needs deployment manifest fixes\nOCPBUGS-3473 - Allow listing crio and kernel versions in machine-os components\nOCPBUGS-3476 - Show Tag label and tag name if tag is detected in repository PipelineRun list and details page\nOCPBUGS-3480 - Baremetal Provisioning fails on HP Gen9 systems due to eTag handling\nOCPBUGS-3499 - Route CRD validation behavior must be the same as openshift-apiserver behavior\nOCPBUGS-3501 - Route CRD host-assignment behavior must be the same as openshift-apiserver behavior\nOCPBUGS-3502 - CRD-based and openshift-apiserver-based Route validation/defaulting must use the shared implementation\nOCPBUGS-3508 - masters repeatedly losing connection to API and going NotReady\nOCPBUGS-3524 - The storage account for the CoreOS image is publicly accessible when deploying fully private cluster on Azure\nOCPBUGS-3526 - oc fails to extract layers that set xattr on Darwin\nOCPBUGS-3539 - [OVN-provider]loadBalancer svc with monitors not working\nOCPBUGS-3612 - [IPI] Baremetal ovs-configure.sh script fails to start secondary bridge br-ex1\nOCPBUGS-3621 - EUS upgrade stuck on worker pool update: error running skopeo inspect --no-tags\nOCPBUGS-3648 - Container security operator Image Manifest Vulnerabilities encounters runtime errors under some circumstances\nOCPBUGS-3659 - Expose AzureDisk metrics port over HTTPS\nOCPBUGS-3662 - don\u0027t enforce PSa in 4.12\nOCPBUGS-3667 - PTP 4.12 Regression - CLOCK REALTIME status is locked when physical interface is down\nOCPBUGS-3668 - 4.12.0-rc.0 fails to deploy on VMware IPI\nOCPBUGS-3676 - After node\u0027s reboot some pods fail to start - deleteLogicalPort failed for pod cannot delete GR SNAT for pod\nOCPBUGS-3693 - Router e2e: drop template.openshift.io apigroup dependency\nOCPBUGS-3709 - Special characters in subject name breaks prefilling role binding form\nOCPBUGS-3713 - [vsphere-problem-detector] fully qualified username must be used when checking permissions\nOCPBUGS-3714 - \u0027oc adm upgrade ...\u0027 should expose ClusterVersion Failing=True\nOCPBUGS-3739 - Pod stuck in containerCreating state when the node on which it is running is Terminated\nOCPBUGS-3744 - Egress router POD creation is failing while using openshift-sdn network plugin\nOCPBUGS-3755 - Create Alertmanager silence form does not explain the new \"Negative matcher\" option\nOCPBUGS-3761 - Consistent e2e test failure:Events.Events: event view displays created pod\nOCPBUGS-3765 - [RFE] Add kernel-rpm-macros to DTK image\nOCPBUGS-3771 - contrib/multicluster-environment.sh needs to be updated to work with ACM cluster proxy\nOCPBUGS-3776 - Manage columns tooltip remains displayed after dialog is closed\nOCPBUGS-3777 - [Dual Stack] ovn-ipsec crashlooping due to cert signing issues\nOCPBUGS-3797 - [4.13] Bump OVS control plane to get \"ovsdb/transaction.c: Refactor assess_weak_refs.\"\nOCPBUGS-3822 - Cluster-admin cannot know whether operator is fully deleted or not after normal user trigger \"Delete CSV\"\nOCPBUGS-3827 - CCM not able to remove a LB in ERROR state\nOCPBUGS-3877 - RouteTargetReference missing default for \"weight\" in Route CRD v1 schema\nOCPBUGS-3880 - [Ingress Node Firewall] Change the logo used for ingress node firewall operator\nOCPBUGS-3883 - Hosted ovnkubernetes pods are not being spread among workers evenly\nOCPBUGS-3896 - Console nav toggle button reports expanded in both expanded and not expanded states\nOCPBUGS-3904 - Delete/Add a failureDomain in CPMS to trigger update cannot work right on GCP\nOCPBUGS-3909 - Node is degraded when a machine config deploys a unit with content and mask=true\nOCPBUGS-3916 - expr for SDNPodNotReady is wrong due to there is not node label for kube_pod_status_ready\nOCPBUGS-3919 - Azure: unable to configure EgressIP if an ASG is set\nOCPBUGS-3921 - Openshift-install bootstrap operation cannot find a cloud defined in clouds.yaml in the current directory\nOCPBUGS-3923 - [CI] cluster-monitoring-operator produces more watch requests than expected\nOCPBUGS-3924 - Remove autoscaling/v2beta2 in 4.12 and later\nOCPBUGS-3929 - Use flowcontrol/v1beta2 for apf manifests in 4.13\nOCPBUGS-3931 - When all extensions are installed, \"libkadm5\" rpm package is duplicated in the `rpm -q` command\nOCPBUGS-3933 - Fails to deprovision cluster when swift omits \u0027content-type\u0027\nOCPBUGS-3945 - Handle 0600 kubeconfig\nOCPBUGS-3951 - Dynamic plugin extensions disappear from the UI when a codeRef fails to load\nOCPBUGS-3960 - Use kernel-rt from ose repo\nOCPBUGS-3965 - must-gather namespace should have ?privileged? warn and audit pod security labels besides enforce\nOCPBUGS-3973 - [SNO] csi-snapshot-controller CO is degraded when upgrade from 4.12 to 4.13 and reports permissions issue. \nOCPBUGS-3974 - CIRO panics when suspended flag is nil\nOCPBUGS-3975 - \"Failed to open directory, disabling udev device properties\" in node-exporter logs\nOCPBUGS-3978 - AWS EBS CSI driver operator is degraded without \"CSISnapshot\" capability\nOCPBUGS-3985 - Allow PSa enforcement in 4.13 by using featuresets\nOCPBUGS-3987 - Some nmstate validations are skipped when NM config is in agent-config.yaml\nOCPBUGS-3990 - HyperShift control plane operators have wrong priorityClass\nOCPBUGS-3993 - egressIP annotation including two interfaces when multiple networks\nOCPBUGS-4000 - fix operator naming convention \nOCPBUGS-4008 - Console deployment does not roll out when managed cluster configmap is updated\nOCPBUGS-4012 - Disabled Serverless add actions should not be displayed in topology menu\nOCPBUGS-4026 - Endless rerender loop and a stuck browser on the add and topology page when SBO is installed\nOCPBUGS-4047 - [CI-Watcher] e2e test flake: Create key/value secrets Validate a key/value secret\nOCPBUGS-4049 - MCO reconcile fails if user replace the pull secret to empty one\nOCPBUGS-4052 - [ALBO] OpenShift Load Balancer Operator does not properly support cluster wide proxy\nOCPBUGS-4054 - cluster-ingress-operator\u0027s configurable-route controller\u0027s startup is noisy\nOCPBUGS-4089 - Kube-State-metrics pod fails to start due to panic\nOCPBUGS-4090 - OCP on OSP - Image registry is deployed with cinder instead of swift storage backend \nOCPBUGS-4101 - Empty/missing node-sizing SYSTEM_RESERVED_ES parameter can result in kubelet not starting\nOCPBUGS-4110 - Form footer buttons are misaligned in web terminal form\nOCPBUGS-4119 - Random SYN drops in OVS bridges of OVN-Kubernetes\nOCPBUGS-4166 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13\nOCPBUGS-4168 - Prometheus continuously restarts due to slow WAL replay\nOCPBUGS-4173 - vsphere-problem-detector should re-check passwords after change\nOCPBUGS-4181 - Prometheus and Alertmanager incorrect ExternalURL configured\nOCPBUGS-4184 - Use mTLS authentication for all monitoring components instead of bearer token\nOCPBUGS-4203 - Unnecessary padding around alert atop debug pod terminal\nOCPBUGS-4206 - getContainerStateValue contains incorrectly internationalized text\nOCPBUGS-4207 - Remove debug level logging on openshift-config-operator\nOCPBUGS-4219 - Add runbook link to PrometheusRuleFailures\nOCPBUGS-4225 - [4.13] boot sequence override request fails with Base.1.8.PropertyNotWritable on Lenovo SE450\nOCPBUGS-4232 - CNCC: Wrong log format for Azure locking\nOCPBUGS-4245 - L2 does not work if a metallb is not able to listen to arp requests on a single interface\nOCPBUGS-4252 - Node Terminal tab results in error\nOCPBUGS-4253 - Add PodNetworkConnectivityCheck for must-gather\nOCPBUGS-4266 - crio.service should use a more safe restart policy to provide recoverability against concurrency issues\nOCPBUGS-4279 - Custom Victory-Core components in monitoring ui code causing build issues \nOCPBUGS-4280 - Return 0 when `oc import-image` failed\nOCPBUGS-4282 - [IR-269]Can\u0027t pull sub-manifest image using imagestream of manifest list\nOCPBUGS-4291 - [OVN]Sometimes after reboot egress node, egress IP cannot be applied anymore. \nOCPBUGS-4293 - Specify resources.requests for operator pod\nOCPBUGS-4298 - Specify resources.requests for operator pod\nOCPBUGS-4302 - Specify resources.requests for operator pod\nOCPBUGS-4305 - [4.13] Improve ironic logging configuration in metal3\nOCPBUGS-4317 - [IBM][4.13][Snapshot] restore size in snapshot is not the same size of pvc request size \nOCPBUGS-4328 - Update installer images to be consistent with ART\nOCPBUGS-434 - After FIPS enabled in S390X, ingress controller in degraded state\nOCPBUGS-4343 - Use flowcontrol/v1beta3 for apf manifests in 4.13\nOCPBUGS-4347 - set TLS cipher suites in Kube RBAC sidecars\nOCPBUGS-4350 - CNO in HyperShift reports upgrade complete in clusteroperator prematurely\nOCPBUGS-4352 - [RHOCP] HPA shows different API versions in web console\nOCPBUGS-4357 - Bump samples operator k8s dep to 1.25.2\nOCPBUGS-4359 - cluster-dns-operator corrupts /etc/hosts when fs full\nOCPBUGS-4367 - Debug log messages missing from output and Info messages malformed\nOCPBUGS-4377 - Service name search ability while creating the Route from console\nOCPBUGS-4401 - limit cluster-policy-controller RBAC permissions\nOCPBUGS-4411 - ovnkube node pod crashed after converting to a dual-stack cluster network\nOCPBUGS-4417 - ip-reconciler removes the overlappingrangeipreservations whether the pod is alive or not\nOCPBUGS-4425 - Egress FW ACL rules are invalid in dualstack mode\nOCPBUGS-4447 - [MetalLB Operator] The CSV needs an update to reflect the correct version of operator\nOCPBUGS-446 - Cannot Add a project from DevConsole in airgap mode using git importing\nOCPBUGS-4483 - apply retry logic to ovnk-node controllers\nOCPBUGS-4490 - hypershift: csi-snapshot-controller uses wrong kubeconfig\nOCPBUGS-4491 - hypershift: aws-ebs-csi-driver-operator uses wrong kubeconfig\nOCPBUGS-4492 - [4.13] The property TransferProtocolType is required for VirtualMedia.InsertMedia\nOCPBUGS-4502 - [4.13] [OVNK] Add support for service session affinity timeout\nOCPBUGS-4516 - `oc-mirror` does not work as expected relative path for OCI format copy \nOCPBUGS-4517 - Better to detail the --command-os of mac for `oc adm release extract` command\nOCPBUGS-4521 - all kubelet targets are down after a few hours\nOCPBUGS-4524 - Hold lock when deleting completed pod during update event\nOCPBUGS-4525 - Don\u0027t log in iterateRetryResources when there are no retry entries\nOCPBUGS-4535 - There is no 4.13 gcp-filestore-csi-driver-operator version for test\nOCPBUGS-4536 - Image registry panics while deploying OCP in eu-south-2 AWS region\nOCPBUGS-4537 - Image registry panics while deploying OCP in eu-central-2 AWS region\nOCPBUGS-4538 - Image registry panics while deploying OCP in ap-south-2 AWS region\nOCPBUGS-4541 - Azure: remove deprecated ADAL\nOCPBUGS-4546 - CVE-2021-38561 ose-installer-container: golang: out-of-bounds read in golang.org/x/text/language leads to DoS [openshift-4]\nOCPBUGS-4549 - Azure: replace deprecated AD Graph API\nOCPBUGS-4550 - [CI] console-operator produces more watch requests than expected\nOCPBUGS-4571 - The operator recommended namespace is incorrect after change installation mode to \"A specific namespace on the cluster\"\nOCPBUGS-4574 - Machine stuck in no phase when creating in a nonexistent zone and stuck in Deleting when deleting on GCP\nOCPBUGS-463 - OVN-Kubernetes should not send IPs with leading zeros to OVN\nOCPBUGS-4630 - Bump documentationBaseURL to 4.13\nOCPBUGS-4635 - [OCP 4.13] ironic container images have old packages\nOCPBUGS-4638 - Support RHOBS monitoring for HyperShift in CNO\nOCPBUGS-4652 - Fixes for RHCOS 9 based on RHEL 9.0\nOCPBUGS-4654 - Azure: UPI: Fix storage arm template to work with Galleries and MAO\nOCPBUGS-4659 - Network Policy executes duplicate transactions for every pod update\nOCPBUGS-4684 - In DeploymentConfig both the Form view and Yaml view are not in sync\nOCPBUGS-4689 - SNO not able to bring up Provisioning resource in 4.11.17\nOCPBUGS-4691 - Topology sidebar actions doesn\u0027t show the latest resource data\nOCPBUGS-4692 - PTP operator: Use priority class node critical\nOCPBUGS-4700 - read-only update UX: confusing \"Update blocked\" pop-up\nOCPBUGS-4701 - read-only update UX: confusing \"Control plane is hosted\" banner\nOCPBUGS-4703 - Router can migrate to use LivenessProbe.TerminationGracePeriodSeconds\nOCPBUGS-4712 - ironic-proxy daemonset not deleted when provisioningNetwork is changed from Disabled to Managed/Unmanaged\nOCPBUGS-4724 - [4.13] egressIP annotations not present on OpenShift on Openstack multiAZ installation\nOCPBUGS-4725 - mapi_machinehealthcheck_short_circuit not properly reconciling causing MachineHealthCheckUnterminatedShortCircuit alert to fire\nOCPBUGS-4746 - Removal of detection of host kubelet kubeconfig breaks IBM Cloud ROKS\nOCPBUGS-4756 - OLM generates invalid component selector labels\nOCPBUGS-4757 - Revert Catalog PSA decisions for 4.13 (OLM)\nOCPBUGS-4758 - Revert Catalog PSA decisions for 4.13 (Marketplace)\nOCPBUGS-4769 - Old AWS boot images vs. 4.12: unknown provider \u0027ec2\u0027\nOCPBUGS-4780 - Update openshift/builder release-4.13 to go1.19\nOCPBUGS-4781 - Get Helm Release seems to be using List Releases api\nOCPBUGS-4793 - CMO may generate Kubernetes events with a wrong object reference\nOCPBUGS-4802 - Update formatting with gofmt for go1.19\nOCPBUGS-4825 - Pods completed + deleted may leak\nOCPBUGS-4827 - Ingress Controller is missing a required AWS resource permission for SC2S region us-isob-east-1\nOCPBUGS-4873 - openshift-marketplace namespace missing \"audit-version\" and \"warn-version\" PSA label\nOCPBUGS-4874 - Baremetal host data is still sometimes required\nOCPBUGS-4883 - Default Git type to other info alert should get remove after changing the git type\nOCPBUGS-4894 - Disabled Serverless add actions should not be displayed for Knative Service\nOCPBUGS-4899 - coreos-installer output not available in the logs\nOCPBUGS-4900 - Volume limits test broken on AWS and GCP TechPreview clusters\nOCPBUGS-4906 - Cross-namespace template processing is not being tested\nOCPBUGS-4909 - Can\u0027t reach own service when egress netpol are enabled\nOCPBUGS-4913 - Need to wait longer for VM to obtain IP from DHCP\nOCPBUGS-4941 - Fails to deprovision cluster when swift omits \u0027content-type\u0027 and there are empty containers\nOCPBUGS-4950 - OLM K8s Dependencies should be at 1.25\nOCPBUGS-4954 - [IBMCloud] COS Reclamation prevents ResourceGroup cleanup\nOCPBUGS-4955 - Bundle Unpacker Using \"Always\" ImagePullPolicy for digests\nOCPBUGS-4969 - ROSA Machinepool EgressIP Labels Not Discovered\nOCPBUGS-4975 - Missing translation in ceph storage plugin\nOCPBUGS-4986 - precondition: Do not claim warnings would have blocked\nOCPBUGS-4997 - Agent ISO does not respect proxy settings\nOCPBUGS-5001 - MachineConfigControllerPausedPoolKubeletCA should have a working runbook URI\nOCPBUGS-501 - oc get dc fails when AllRequestBodies audit-profile is set in apiserver\nOCPBUGS-5010 - Should always delete the must-gather pod when run the must-gather\nOCPBUGS-5016 - Editing Pipeline in the ocp console to get information error\nOCPBUGS-5018 - Upgrade from 4.11 to 4.12 with Windows machine workers (Spot Instances) failing due to: hcnCreateEndpoint failed in Win32: The object already exists. \nOCPBUGS-5036 - Cloud Controller Managers do not react to changes in configuration leading to assorted errors\nOCPBUGS-5045 - unit test data race with egress ip tests\nOCPBUGS-5068 - [4.13] virtual media provisioning fails when iLO Ironic driver is used\nOCPBUGS-5073 - Connection reset by peer issue with SSL OAuth Proxy when route objects are created more than 80. \nOCPBUGS-5079 - [CI Watcher] pull-ci-openshift-console-master-e2e-gcp-console jobs: Process did not finish before 4h0m0s timeout\nOCPBUGS-5085 - Should only show the selected catalog when after apply the ICSP and catalogsource\nOCPBUGS-5101 - [GCP] [capi] Deletion of cluster is happening , it shouldn\u0027t be allowed\nOCPBUGS-5116 - machine.openshift.io API is not supported in Machine API webhooks\nOCPBUGS-512 - Permission denied when write data to mounted gcp filestore volume instance\nOCPBUGS-5124 - kubernetes-nmstate does not pass CVP tests in 4.12\nOCPBUGS-5136 - provisioning on ilo4-virtualmedia BMC driver fails with error: \"Creating vfat image failed: Unexpected error while running command\"\nOCPBUGS-5140 - [alibabacloud] IPI install got bootstrap failure and without any node ready, due to enforced EIP bandwidth 5 Mbit/s\nOCPBUGS-5151 - Installer - provisioning interface on master node not getting ipv4 dhcp ip address from bootstrap dhcp server on OCP IPI BareMetal install\nOCPBUGS-5164 - Add support for API version v1beta1 for knativeServing and knativeEventing\nOCPBUGS-5165 - Dev Sandbox clusters uses clusterType OSD and there is no way to enforce DEVSANDBOX\nOCPBUGS-5182 - [azure] Fail to create master node with vm size in family ECIADSv5 and ECIASv5\nOCPBUGS-5184 - [azure] Fail to create master node with vm size in standardNVSv4Family\nOCPBUGS-5188 - Wrong message in MCCDrainError alert\nOCPBUGS-5234 - [azure] Azure Stack Hub (wwt) UPI installation failed to scale up worker nodes using machinesets \nOCPBUGS-5235 - mapi_instance_create_failed metric cannot work when set acceleratedNetworking: true on Azure\nOCPBUGS-5269 - remove unnecessary RBAC in KCM: file removal\nOCPBUGS-5275 - remove unnecessary RBAC in OCM\nOCPBUGS-5287 - Bug with Red Hat Integration - 3scale - Managed Application Services causes operator-install-single-namespace.spec.ts to fail\nOCPBUGS-5292 - Multus: Interface name contains an invalid character / [ocp 4.13]\nOCPBUGS-5300 - WriteRequestBodies audit profile records routes/status events at RequestResponse level\nOCPBUGS-5306 - One old machine stuck in Deleting and many co get degraded when doing master replacement on the cluster with OVN network\nOCPBUGS-5346 - Reported vSphere Connection status is misleading\nOCPBUGS-5347 - Clusteroperator Available condition is updated every 2 mins when operator is disabled\nOCPBUGS-5353 - Dashboard graph should not be stacked - Kubernetes / Compute Resources / Pod Dashboard\nOCPBUGS-5410 - [AWS-EBS-CSI-Driver] provision volume using customer kms key couldn\u0027t restore its snapshot successfully\nOCPBUGS-5423 - openshift-marketplace pods cause PodSecurityViolation alert to fire\nOCPBUGS-5428 - Many plugin SDK extension docs are missing descriptions\nOCPBUGS-5432 - Downstream Operator-SDK v1.25.1 to OCP 4.13\nOCPBUGS-5458 - wal: max entry size limit exceeded\nOCPBUGS-5465 - Context Deadline exceeded when PTP service is disabled from the switch\nOCPBUGS-5466 - Default CatalogSource aren\u0027t always reverted to default settings\nOCPBUGS-5492 - CI \"[Feature:bond] should create a pod with bond interface\" fail for MTU migration jobs\nOCPBUGS-5497 - MCDRebootError alarm disappears after 15 minutes\nOCPBUGS-5498 - Host inventory quick start for OCP\nOCPBUGS-5505 - Upgradeability check is throttled too much and with unnecessary non-determinism\nOCPBUGS-5508 - Report topology usage in vSphere environment via telemetry\nOCPBUGS-5517 - [Azure/ARO] Update Azure SDK to v63.1.0+incompatible \nOCPBUGS-5520 - MCDPivotError alert fires due temporary transient failures \nOCPBUGS-5523 - Catalog, fatal error: concurrent map read and map write\nOCPBUGS-5524 - Disable vsphere intree tests that exercise multiple tests\nOCPBUGS-5534 - [UI] When OCP and ODF are upgraded, refresh web console pop-up doesn\u0027t appear after ODF upgrade resulting in dashboard crash\nOCPBUGS-5540 - Typo in WTO for Milliseconds\nOCPBUGS-5542 - Project dropdown order is not as smart as project list page order\nOCPBUGS-5546 - Machine API Provider Azure should not modify the Machine spec\nOCPBUGS-5547 - Webhook Secret (1 of 2) is not removed when Knative Service is deleted\nOCPBUGS-5559 - add default noProxy config for Azure\nOCPBUGS-5733 - [Openshift Pipelines] Description of parameters are not shown in pipelinerun description page\nOCPBUGS-5734 - Azure: VIP 168.63.129.16 should be noProxy to all clouds except Public\nOCPBUGS-5736 - The main section of the page will keep loading after normal user login\nOCPBUGS-5759 - Deletion of BYOH Windows node hangs in Ready,SchedulingDisabled\nOCPBUGS-5802 - update sprig to v3 in cno\nOCPBUGS-5836 - Incorrect redirection when user try to download windows oc binary\nOCPBUGS-5842 - executes /host/usr/bin/oc\nOCPBUGS-5851 - [CI-Watcher]: Using OLM descriptor components deletes operand \nOCPBUGS-5873 - etcd_object_counts is deprecated and replaced with apiserver_storage_objects, causing \"etcd Object Count\" dashboard to only show OpenShift resources\nOCPBUGS-5888 - Failed to install 4.13 ocp on SNO with \"error during syncRequiredMachineConfigPools\"\nOCPBUGS-5891 - oc-mirror heads-only does not work with target name\nOCPBUGS-5903 - gather default ingress controller definition\nOCPBUGS-5922 - [2047299 Jira placeholder] nodeport not reachable port connection timeout\nOCPBUGS-5939 - revert \"force cert rotation every couple days for development\" in 4.13\nOCPBUGS-5948 - Runtime error using API Explorer with AdmissionReview resource\nOCPBUGS-5949 - oc --icsp mapping scope does not match openshift icsp mapping scope\nOCPBUGS-5959 - [4.13] Bootimage bump tracker\nOCPBUGS-5988 - Degraded etcd on assisted-installer installation- bootstrap etcd is not removed properly\nOCPBUGS-5991 - Kube APIServer panics in admission controller\nOCPBUGS-5997 - Add Git Repository form shows empty permission content and non-working help link until a git url is entered\nOCPBUGS-6004 - apiserver pods cannot reach etcd on single node IPv6 cluster: transport: authentication handshake failed: x509: certificate is valid for ::1, 127.0.0.1, ::1, fd69::2, not 2620:52:0:198::10\"\nOCPBUGS-6011 - openshift-client package has wrong version of kubectl bundled\nOCPBUGS-6018 - The MCO can generate a rendered config with old KubeletConfig contents, blocking upgrades\nOCPBUGS-6026 - cannot change /etc folder ownership inside pod\nOCPBUGS-6033 - metallb 4.12.0-202301042354 (OCP 4.12) refers to external image\nOCPBUGS-6049 - Do not show UpdateInProgress when status is Failing\nOCPBUGS-6053 - `availableUpdates: null` results in run-time error on Cluster Settings page\nOCPBUGS-6055 - thanos-ruler-user-workload-1 pod is getting repeatedly re-created after upgrade do 4.10.41\nOCPBUGS-6063 - PVs(vmdk) get deleted when scaling down machineSet with vSphere IPI\nOCPBUGS-6089 - Unnecessary event reprocessing\nOCPBUGS-6092 - ovs-configuration.service fails - Error: Connection activation failed: No suitable device found for this connection\nOCPBUGS-6097 - CVO hotloops on ImageStream and logs the information incorrectly\nOCPBUGS-6098 - Show Git icon and URL in repository link in PLR details page should be based on the git provider\nOCPBUGS-6101 - Daemonset is not upgraded after operator upgrade\nOCPBUGS-6175 - Image registry Operator does not use Proxy when connecting to openstack\nOCPBUGS-6185 - Update 4.13 ose-cluster-config-operator image to be consistent with ART\nOCPBUGS-6187 - Update 4.13 openshift-state-metrics image to be consistent with ART\nOCPBUGS-6189 - Update 4.13 ose-cluster-authentication-operator image to be consistent with ART\nOCPBUGS-6191 - Update 4.13 ose-network-metrics-daemon image to be consistent with ART\nOCPBUGS-6197 - Update 4.13 ose-openshift-apiserver image to be consistent with ART\nOCPBUGS-6201 - Update 4.13 openshift-enterprise-pod image to be consistent with ART\nOCPBUGS-6202 - Update 4.13 ose-cluster-kube-apiserver-operator image to be consistent with ART\nOCPBUGS-6213 - Update 4.13 ose-machine-config-operator image to be consistent with ART\nOCPBUGS-6222 - Update 4.13 ose-alibaba-cloud-csi-driver image to be consistent with ART\nOCPBUGS-6228 - Update 4.13 coredns image to be consistent with ART\nOCPBUGS-6231 - Update 4.13 ose-kube-storage-version-migrator image to be consistent with ART\nOCPBUGS-6232 - Update 4.13 marketplace-operator image to be consistent with ART\nOCPBUGS-6233 - Update 4.13 ose-cluster-openshift-apiserver-operator image to be consistent with ART\nOCPBUGS-6234 - Update 4.13 ose-cluster-bootstrap image to be consistent with ART\nOCPBUGS-6235 - Update 4.13 cluster-network-operator image to be consistent with ART\nOCPBUGS-6238 - Update 4.13 oauth-server image to be consistent with ART\nOCPBUGS-6240 - Update 4.13 ose-cluster-kube-storage-version-migrator-operator image to be consistent with ART\nOCPBUGS-6241 - Update 4.13 operator-lifecycle-manager image to be consistent with ART\nOCPBUGS-6247 - Update 4.13 ose-cluster-ingress-operator image to be consistent with ART\nOCPBUGS-6262 - Add more logs to \"oc extract\" in mco-first boot service \nOCPBUGS-6265 - When installing SNO with bootstrap in place it takes CVO 6 minutes to acquire the leader lease \nOCPBUGS-6270 - Irrelevant vsphere platform data is required\nOCPBUGS-6272 - E2E tests: Entire pipeline flow from Builder page Start the pipeline with workspace\nOCPBUGS-631 - machineconfig service is failed to start because Podman storage gets corrupted\nOCPBUGS-6486 - Image upload fails when installing cluster\nOCPBUGS-6503 - admin ack test nondeterministically does a check post-upgrade\nOCPBUGS-6504 - IPI Baremetal Master Node in DualStack getting fd69:: address randomly, OVN CrashLoopBackOff\nOCPBUGS-6507 - Don\u0027t retry network policy peer pods if ips couldn\u0027t be fetched\nOCPBUGS-6577 - Node-exporter NodeFilesystemAlmostOutOfSpace alert exception needed\nOCPBUGS-6610 - Developer - Topology : \u0027Filter by resource\u0027 drop-down i18n misses\nOCPBUGS-6621 - Image registry panics while deploying OCP in ap-southeast-4 AWS region\nOCPBUGS-6624 - Issue deploying the master node with IPI\nOCPBUGS-6634 - Let the console able to build on other architectures and compatible with prow builds\nOCPBUGS-6646 - Ingress node firewall CI is broken with latest\nOCPBUGS-6647 - User Preferences - Applications : Resource type drop-down i18n misses\nOCPBUGS-6651 - Nodes unready in PublicAndPrivate / Private Hypershift setups behind a proxy\nOCPBUGS-6660 - Uninstall Operator? modal instructions always reference optional checkbox\nOCPBUGS-6663 - Platform baremetal warnings during create image when fields not defined\nOCPBUGS-6682 - [OVN] ovs-configuration vSphere vmxnet3 allmulti workaround is now permanent\nOCPBUGS-6698 - Fix conflict error message in cluster-ingress-operator\u0027s ensureNodePortService\nOCPBUGS-6700 - Cluster-ingress-operator\u0027s updateIngressClass function logs success message when error\nOCPBUGS-6701 - The ingress-operator spuriously updates ingressClass on startup\nOCPBUGS-6714 - Traffic from egress IPs was interrupted after Cluster patch to Openshift 4.10.46\nOCPBUGS-672 - Redhat-operators are failing regularly due to startup probe timing out which in turn increases CPU/Mem usage on Master nodes\nOCPBUGS-6722 - s390x: failed to generate asset \"Image\": multiple \"disk\" artifacts found\nOCPBUGS-6730 - Pod latency spikes are observed when there is a compaction/leadership transfer\nOCPBUGS-6731 - Gathered Environment variables (HTTP_PROXY/HTTPS_PROXY) may contain sensible information and should be obfuscated\nOCPBUGS-6741 - opm fails to serve FBC if cachedir not provided\nOCPBUGS-6757 - Pipeline Repository (Pipeline-as-Code) list page shows an empty Event type column\nOCPBUGS-6760 - Couldn\u0027t update/delete cpms on gcp private cluster\nOCPBUGS-6762 - Enhance the user experience for the name-filter-input on Metrics target page\nOCPBUGS-6765 - \"Delete dependent objects of this resource\" might cause confusions\nOCPBUGS-6777 - [gcp][CORS-1988] \"create manifests\" without an existing \"install-config.yaml\" missing 4 YAML files in \"\u003cinstall dir\u003e/openshift\" which leads to \"create cluster\" failure\nOCPBUGS-6781 - gather Machine objects\nOCPBUGS-6797 - Empty IBMCOS storage config causes operator to crashloop\nOCPBUGS-6799 - Repositories list does not show the running pipelinerun as last pipelinerun\nOCPBUGS-6809 - Uploading large layers fails with \"blob upload invalid\"\nOCPBUGS-6811 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13\nOCPBUGS-6821 - Update NTO images to be consistent with ART\nOCPBUGS-6832 - Include openshift_apps_deploymentconfigs_strategy_total to recent_metrics\nOCPBUGS-6893 - Dev console doesn\u0027t finish loading for users with limited access\nOCPBUGS-6902 - 4.13-e2e-metal-ipi-upgrade-ovn-ipv6 on permafail\nOCPBUGS-6917 - MultinetworkPolicy: unknown service runtime.v1alpha2.RuntimeService\nOCPBUGS-6925 - Update OWNERS_ALIASES in release-4.13 branch\nOCPBUGS-6945 - OS Release reports incorrect version ID\nOCPBUGS-6953 - ovnkube-master panic nil deref\nOCPBUGS-6955 - panic in an ovnkube-master pod\nOCPBUGS-6962 - \u0027agent_installer\u0027 invoker not showing up in telemetry\nOCPBUGS-6977 - pod-identity-webhook replicas=2 is failing single node jobs\nOCPBUGS-6978 - Index violation on IGMP_Group during upgrade from 4.12.0 to 4.12.1\nOCPBUGS-6994 - All Clusters perspective is not activated automatically when ACM is installed\nOCPBUGS-702 - The caBundle field of alertmanagerconfigs.monitoring.coreos.com crd is getting removed\nOCPBUGS-7031 - Pipelines repository list and creation form doesn\u0027t show Tech Preview status\nOCPBUGS-7090 - Add to navigation button in search result does nothing\nOCPBUGS-7102 - OLM downstream utest fails due to new release-XX+1 branch creation\nOCPBUGS-7106 - network-tools needs to be updated to give ovn-k master leader info\nOCPBUGS-7118 - OCP 4.12 does not support launching SGX enclaves\nOCPBUGS-7144 - On mobile screens, At pipeline details page the info alert on metrics tab is not showing correctly\nOCPBUGS-7149 - IPv6 multinode spoke no moving from rebooting/configuring stage\nOCPBUGS-7173 - [OVN] DHCP timeouts on Azure arm64, install fails\nOCPBUGS-7180 - [4.13] Bootimage bump tracker\nOCPBUGS-7186 - [gcp][CORS-2424] with \"secureBoot\" enabled, after deleting control-plane machine, the new machine is created with \"enableSecureBoot\" being False unexpectedly\nOCPBUGS-7195 - [CI-Watcher] e2e issue with tests: Create Samples Page Timeout Error\nOCPBUGS-7199 - [CI-Watcher] e2e issue with tests: Interacting with CatalogSource page\nOCPBUGS-7204 - Manifests generated to multiple \"results-xxx\" folders when using the oci feature with OCI and nonOCI catalogs \nOCPBUGS-7207 - MTU migration configuration is cleaned up prematurely while in progress\nOCPBUGS-723 - ClusterResourceQuota values are not reflecting. \nOCPBUGS-7268 - [4.13] Modify the PSa pod extractor to mutate pod controller pod specs\nOCPBUGS-7284 - Hypershift failing new SCC conformance tests\nOCPBUGS-7291 - ptp keeps trying to start phc2sys even if it\u0027s configured as empty string in phc2sysOpts\nOCPBUGS-7293 - RHCOS 9.2 Failing to Bootstrap on Metal, OpenStack, vSphere (all baremetal runtime platforms)\nOCPBUGS-7300 - aws-ebs-csi-driver-operator crash loops with HC proxy configured\nOCPBUGS-7301 - Not possible to use certain start addresses in whereabouts IPv6 range [Backport 4.13]\nOCPBUGS-7308 - Download kubeconfig for ServiceAccount returns error\nOCPBUGS-7354 - Installation failed on Azure SDN as network is degraded \nOCPBUGS-7356 - Default channel on OCP 4.13 should be stable-4.13\nOCPBUGS-7359 - [Azure] Replace master failed as new master did not add into lb backend \nOCPBUGS-736 - Kuryr uses default MTU for service network\nOCPBUGS-7366 - [gcp] New machine stuck in Provisioning when delete one zone from cpms on gcp with customer vpc\nOCPBUGS-7372 - fail early on missing node status envs\nOCPBUGS-7374 - set default timeouts in etcdcli\nOCPBUGS-7391 - Monitoring operator long delay reconciling extension-apiserver-authentication\nOCPBUGS-7399 - In the Edit application mode, the name of the added pipeline is not displayed anymore\nOCPBUGS-7408 - AzureDisk CSI driver does not compile with cachito\nOCPBUGS-7412 - gomod dependencies failures in 4.13-4.14 container builds\nOCPBUGS-7417 - gomod dependencies failures in 4.13-4.14 container builds\nOCPBUGS-7418 - Default values for Scaling fields is not set in Create Serverless function form\nOCPBUGS-7419 - CVO delay when setting clusterversion available status to true \nOCPBUGS-7421 - Missing i18n key for PAC section in Git import form\nOCPBUGS-7424 - Bump cluster-ingress-operator to k8s APIs v0.26.1\nOCPBUGS-7427 - dynamic-demo-plugin.spec.ts requires 10 minutes of unnecessary wait time\nOCPBUGS-7438 - Egress service does not handle invalid nodeSelectors correctly\nOCPBUGS-7482 - Fix handling of single failure-domain (non-tagged) deployments in vsphere\nOCPBUGS-7483 - Hypershift installs on \"platform: none\" are broken\nOCPBUGS-7488 - test flake: should not reconcile SC when state is Unmanaged\nOCPBUGS-7495 - Platform type is ignored\nOCPBUGS-7517 - Helm page crashes on old releases with a new Secret\nOCPBUGS-7519 - NFS Storage Tests trigger Kernel Panic on Azure and Metal\nOCPBUGS-7523 - Add new AWS regions for ROSA\nOCPBUGS-7542 - Bump router to k8s APIs v0.26.1\nOCPBUGS-7555 - Enable default sysctls for kubelet\nOCPBUGS-7558 - Rebase coredns to 1.10.1\nOCPBUGS-7563 - vSphere install can\u0027t complete with out-of-tree CCM\nOCPBUGS-7579 - [azure] failed to parse client certificate when using certificate-based Service Principal with passpharse\nOCPBUGS-7611 - PTPOperator config transportHost with AMQ is not detected \nOCPBUGS-7616 - vSphere multiple in-tree test failures (non-zonal)\nOCPBUGS-7617 - Azure Disk volume is taking time to attach/detach\nOCPBUGS-7622 - vSphere UPI jobs failing with \u0027Managed cluster should have machine resources\u0027\nOCPBUGS-7648 - Bump cluster-dns-operator to k8s APIs v0.26.1\nOCPBUGS-7689 - Project Admin is able to Label project with empty string in RHOCP 4\nOCPBUGS-7696 - [ Azure ]not able to deploy machine with publicIp:true\nOCPBUGS-7707 - /etc/NetworkManager/dispatcher.d needs to be relabeled during pivot from 8.6 to 9.2\nOCPBUGS-7719 - Update to 4.13.0-ec.3 stuck on leaked MachineConfig\nOCPBUGS-7729 - Remove ETCD liviness probe. \nOCPBUGS-7731 - Need to cancel threads when agent-tui timeout is stopped\nOCPBUGS-7733 - Afterburn fails on AWS/GCP clusters born in OCP 4.1/4.2\nOCPBUGS-7743 - SNO upgrade from 4.12 to 4.13 rhel9.2 is broken cause of dnsmasq default config\nOCPBUGS-7750 - fix gofmt check issue in network-metrics-daemon\nOCPBUGS-7754 - ART having trouble building olm images\nOCPBUGS-7774 - RawCNIConfig is printed in byte representation on failure, not human readable\nOCPBUGS-7785 - migrate to using Lease for leader election\nOCPBUGS-7806 - add \"nfs-export\" under PV details page\nOCPBUGS-7809 - sg3_utils package is missing in the assisted-installer-agent Docker file\nOCPBUGS-781 - ironic-proxy is using a deprecated field to fetch cluster VIP\nOCPBUGS-7833 - Storage tests failing in no-capabilities job\nOCPBUGS-7837 - hypershift: aws-ebs-csi-driver-operator uses guest cluster proxy causing PV provisioning failure\nOCPBUGS-7860 - [azure] message is unclear when missing clientCertificatePassword in osServicePrincipal.json\nOCPBUGS-7876 - [Descheduler] Enabling LifeCycleUtilization to test namespace filtering does not work\nOCPBUGS-7879 - Devfile isn\u0027t be processed correctly on \u0027Add from git repo\u0027\nOCPBUGS-7896 - MCO should not add keepalived pod manifests in case of VSPHERE UPI\nOCPBUGS-7899 - ODF Monitor pods failing to be bounded because timeout issue with thin-csi SC\nOCPBUGS-7903 - Pool degraded with error: rpm-ostree kargs: signal: terminated\nOCPBUGS-7909 - Baremetal runtime prepender creates /etc/resolv.conf mode 0600 and bad selinux context\nOCPBUGS-794 - OLM version rule is not clear\nOCPBUGS-7940 - apiserver panics in admission controller\nOCPBUGS-7943 - AzureFile CSI driver does not compile with cachito\nOCPBUGS-7970 - [E2E] Always close the filter dropdown in listPage.filter.by\nOCPBUGS-799 - Reply packet for DNS conversation to service IP uses pod IP as source\nOCPBUGS-8066 - Create Serverless Function form breaks if Pipeline Operator is not installed\nOCPBUGS-8086 - Visual issues with listing items\nOCPBUGS-8243 - [release 4.13] Gather Monitoring pods\u0027 Persistent Volumes\nOCPBUGS-8308 - Bump openshift/kubernetes to 1.26.2\nOCPBUGS-8312 - IPI on Power VS clusters cannot deploy MCO\nOCPBUGS-8326 - Azure cloud provider should use Kubernetes 1.26 dependencies\nOCPBUGS-8341 - Unable to set capabilities with agent installer based installation \nOCPBUGS-8342 - create cluster-manifests fails when imageContentSources is missing\nOCPBUGS-8353 - PXE support is incomplete\nOCPBUGS-8381 - Console shows x509 error when requesting token from oauth endpoint\nOCPBUGS-8401 - Bump openshift/origin to kube 1.26.2\nOCPBUGS-8424 - ControlPlaneMachineSet: Machine\u0027s Node should be Ready to consider the Machine Ready\nOCPBUGS-8445 - cgroups default setting in OCP 4.13 generates extra MachineConfig\nOCPBUGS-8463 - OpenStack Failure domains as 4.13 TechPreview\nOCPBUGS-8471 - [4.13] egress firewall only createas 1 acl for long namespace names\nOCPBUGS-8475 - TestBoundTokenSignerController causes unrecoverable disruption in e2e-gcp-operator CI job\nOCPBUGS-8481 - CAPI rebases 4.13 backports\nOCPBUGS-8490 - agent-tui: display additional checks only when primary check fails\nOCPBUGS-8498 - aws-ebs-csi-driver-operator ServiceAccount does not include the HCP pull-secret in its imagePullSecrets\nOCPBUGS-8505 - [4.13] egress firewall acls are deleted on restart\nOCPBUGS-8511 - [4.13+ ONLY] Don\u0027t use port 80 in bootstrap IPI bare metal\nOCPBUGS-855 - When setting allowedRegistries urls the openshift-samples operator is degraded\nOCPBUGS-859 - monitor not working with UDP lb when externalTrafficPolicy: Local\nOCPBUGS-860 - CSR are generated with incorrect Subject Alternate Names\nOCPBUGS-8699 - Metal IPI Install Rate Below 90%\nOCPBUGS-8701 - `oc patch project` not working with OCP 4.12\nOCPBUGS-8702 - OKD SCOS: remove workaround for rpm-ostree auth\nOCPBUGS-8703 - fails to switch to kernel-rt with rhel 9.2\nOCPBUGS-8710 - [4.13] don\u0027t enforce PSa in 4.13\nOCPBUGS-8712 - AES-GCM encryption at rest is not supported by kube-apiserver-operator\nOCPBUGS-8719 - Allow the user to scroll the content of the agent-tui details view\nOCPBUGS-8741 - [4.13] Pods in same deployment will have different ability to query services in same namespace from one another; ocp 4.10\nOCPBUGS-8742 - Origin tests should not specify `readyz` as the health check path\nOCPBUGS-881 - fail to create install-config.yaml as apiVIP and ingressVIP are not in machine networks\nOCPBUGS-8941 - Introduce tooltips for contextual information\nOCPBUGS-904 - Alerts from MCO are missing namespace\nOCPBUGS-9079 - ICMP fragmentation needed sent to pods behind a service don\u0027t seem to reach the pods\nOCPBUGS-91 - [ExtDNS] New TXT record breaks downward compatibility by retroactively limiting record length\nOCPBUGS-9132 - WebSCale: ovn logical router polices incorrect/l3 gw config not updated after IP change\nOCPBUGS-9185 - Pod latency spikes are observed when there is a compaction/leadership transfer\nOCPBUGS-9233 - ConsoleQuickStart {{copy}} and {{execute}} features do not work in some cases\nOCPBUGS-931 - [osp][octavia lb] NodePort allocation cannot be disabled for LB type svcs\nOCPBUGS-9338 - editor toggle radio input doesn\u0027t have distinguishable attributes\nOCPBUGS-9389 - Detach code in vsphere csi driver is failing\nOCPBUGS-948 - OLM sets invalid SCC label on its namespaces\nOCPBUGS-95 - NMstate removes egressip in OpenShift cluster with SDN plugin\nOCPBUGS-9913 - bacport tests for PDBUnhealthyPodEvictionPolicy as Tech Preview\nOCPBUGS-9924 - Remove unsupported warning in oc-mirror when using the --skip-pruning flag\nOCPBUGS-9926 - Enable node healthz server for ovnk in CNO \nOCPBUGS-9951 - fails to reconcile to RT kernel on interrupted updates\nOCPBUGS-9957 - Garbage collect grafana-dashboard-etcd\nOCPBUGS-996 - Control Plane Machine Set Operator OnDelete update should cause an error when more than one machine is ready in an index\nOCPBUGS-9963 - Better to change the error information more clearly to help understand \nOCPBUGS-9968 - Operands running management side missing affinity, tolerations, node selector and priority rules than the operator\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-4235\nhttps://access.redhat.com/security/cve/CVE-2021-4238\nhttps://access.redhat.com/security/cve/CVE-2021-20329\nhttps://access.redhat.com/security/cve/CVE-2021-38561\nhttps://access.redhat.com/security/cve/CVE-2021-43519\nhttps://access.redhat.com/security/cve/CVE-2021-44964\nhttps://access.redhat.com/security/cve/CVE-2022-1271\nhttps://access.redhat.com/security/cve/CVE-2022-1586\nhttps://access.redhat.com/security/cve/CVE-2022-1587\nhttps://access.redhat.com/security/cve/CVE-2022-1785\nhttps://access.redhat.com/security/cve/CVE-2022-1897\nhttps://access.redhat.com/security/cve/CVE-2022-1927\nhttps://access.redhat.com/security/cve/CVE-2022-2509\nhttps://access.redhat.com/security/cve/CVE-2022-2990\nhttps://access.redhat.com/security/cve/CVE-2022-3080\nhttps://access.redhat.com/security/cve/CVE-2022-3259\nhttps://access.redhat.com/security/cve/CVE-2022-4203\nhttps://access.redhat.com/security/cve/CVE-2022-4304\nhttps://access.redhat.com/security/cve/CVE-2022-4450\nhttps://access.redhat.com/security/cve/CVE-2022-21698\nhttps://access.redhat.com/security/cve/CVE-2022-23525\nhttps://access.redhat.com/security/cve/CVE-2022-23526\nhttps://access.redhat.com/security/cve/CVE-2022-26280\nhttps://access.redhat.com/security/cve/CVE-2022-27191\nhttps://access.redhat.com/security/cve/CVE-2022-29154\nhttps://access.redhat.com/security/cve/CVE-2022-29824\nhttps://access.redhat.com/security/cve/CVE-2022-34903\nhttps://access.redhat.com/security/cve/CVE-2022-38023\nhttps://access.redhat.com/security/cve/CVE-2022-38177\nhttps://access.redhat.com/security/cve/CVE-2022-38178\nhttps://access.redhat.com/security/cve/CVE-2022-40674\nhttps://access.redhat.com/security/cve/CVE-2022-41316\nhttps://access.redhat.com/security/cve/CVE-2022-41717\nhttps://access.redhat.com/security/cve/CVE-2022-41721\nhttps://access.redhat.com/security/cve/CVE-2022-41723\nhttps://access.redhat.com/security/cve/CVE-2022-41724\nhttps://access.redhat.com/security/cve/CVE-2022-41725\nhttps://access.redhat.com/security/cve/CVE-2022-42010\nhttps://access.redhat.com/security/cve/CVE-2022-42011\nhttps://access.redhat.com/security/cve/CVE-2022-42012\nhttps://access.redhat.com/security/cve/CVE-2022-42898\nhttps://access.redhat.com/security/cve/CVE-2022-42919\nhttps://access.redhat.com/security/cve/CVE-2022-46146\nhttps://access.redhat.com/security/cve/CVE-2022-47629\nhttps://access.redhat.com/security/cve/CVE-2023-0056\nhttps://access.redhat.com/security/cve/CVE-2023-0215\nhttps://access.redhat.com/security/cve/CVE-2023-0216\nhttps://access.redhat.com/security/cve/CVE-2023-0217\nhttps://access.redhat.com/security/cve/CVE-2023-0229\nhttps://access.redhat.com/security/cve/CVE-2023-0286\nhttps://access.redhat.com/security/cve/CVE-2023-0361\nhttps://access.redhat.com/security/cve/CVE-2023-0401\nhttps://access.redhat.com/security/cve/CVE-2023-0620\nhttps://access.redhat.com/security/cve/CVE-2023-0665\nhttps://access.redhat.com/security/cve/CVE-2023-0778\nhttps://access.redhat.com/security/cve/CVE-2023-25000\nhttps://access.redhat.com/security/cve/CVE-2023-25165\nhttps://access.redhat.com/security/cve/CVE-2023-25173\nhttps://access.redhat.com/security/cve/CVE-2023-25577\nhttps://access.redhat.com/security/cve/CVE-2023-25725\nhttps://access.redhat.com/security/cve/CVE-2023-25809\nhttps://access.redhat.com/security/cve/CVE-2023-27561\nhttps://access.redhat.com/security/cve/CVE-2023-28642\nhttps://access.redhat.com/security/cve/CVE-2023-30570\nhttps://access.redhat.com/security/cve/CVE-2023-30841\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZGVrhNzjgjWX9erEAQjD7BAAihZ8nlrasEU8QISGjHMUkUXKPHgV6LlZ\nIT2h0MLam8ICSCDdZ8PUVXhWP+CTTIYYdpEPTaIdKdB16iecRXm2ML8GtQ38zSjC\nLpCB4NUmAdoH91FbT2oazgrCgg+2hizfufLYk/8nNm9yVR0zT5kZbuXMFZH/PbCb\ndYYyRsXsNt4+MpaWGf1q3jS7OX8l5UXbfO+nnKHWoow5/PeclygxFbRclr7o62Dy\ntnfgs+OwbroI6L0nohsUTk4Es1koyD8FaGdo28ViLcgVH1VDhBqzHXSAe1P+XmAc\nPSG6slSRIrgJpARfN8OEI89wfI+ttyqEi4yAdoKjCo/pbshhLw3JZQcavmQc8XEK\no1afTtx0XFHJsAdZRjvq+7zExqnDANRLbtkkYG2gYuc8LgGmh6P0ZlhxQFMS3f/T\ncTLSLaP6XSnHQaJyc0kqULHcWBZRzepcIDPYkmTCbCVCwLjXuIoF6eMQvo7eRXCy\n4qN3nT0+M90jWxf/uQzo9NpeWFB7y2cccHMvaPzZ8cAAxpwM3Rphutu9lzRfJCl8\nTMincIMIFq3vLmrfxHX5YOKfgH/Kjc06TbtnzxtucFQVNFxyKIWKgJB/hl1mGDTJ\n8cibppoX+mLmUirPuu+5JwaAmq7skX5HKX3r3t8sajmij17nS2Ff8q52ZLgdZQ6H\nXbiJN3SZj5U=\n=WGO2\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/\n\nSecurity fixes:\n\n* moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)\n* vm2: Sandbox Escape in vm2 (CVE-2022-36067)\n\nBug fixes:\n\n* Submariner Globalnet e2e tests failed on MTU between On-Prem to Public\nclusters (BZ# 2074547)\n\n* OCP 4.11 - Install fails because of: pods\n\"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate\nagainst any security context constrain (BZ# 2082254)\n\n* subctl gather fails to gather libreswan data if CableDriver field is\nmissing/empty in Submariner Spec (BZ# 2083659)\n\n* Yaml editor for creating vSphere cluster moves to next line after typing\n(BZ# 2086883)\n\n* Submariner addon status doesn\u0027t track all deployment failures (BZ#\n2090311)\n\n* Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn\nwithout including s3 secret (BZ# 2091170)\n\n* After switching to ACM 2.5 the managed clusters log \"unable to create\nClusterClaim\" errors (BZ# 2095481)\n\n* Enforce failed and report the violation after modified memory value in\nlimitrange policy (BZ# 2100036)\n\n* Creating an application fails with \"This application has no subscription\nmatch selector (spec.selector.matchExpressions)\" (BZ# 2101577)\n\n* Inconsistent cluster resource statuses between \"All Subscription\"\ntopology and individual topologies (BZ# 2102273)\n\n* managed cluster is in \"unknown\" state for 120 mins after OADP restore\n\n* RHACM 2.5.2 images (BZ# 2104553)\n\n* Subscription UI does not allow binding to label with empty value (BZ#\n2104961)\n\n* Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ#\n2106069)\n\n* Region information is not available for Azure cloud in managedcluster CR\n(BZ# 2107134)\n\n* cluster uninstall log points to incorrect container name (BZ# 2107359)\n\n* ACM shows wrong path for Argo CD applicationset git generator (BZ#\n2107885)\n\n* Single node checkbox not visible for 4.11 images (BZ# 2109134)\n\n* Unable to deploy hypershift cluster when enabling\nvalidate-cluster-security (BZ# 2109544)\n\n* Deletion of Application (including app related resources) from the\nconsole fails to delete PlacementRule for the application (BZ# 20110026)\n\n* After the creation by a policy of job or deployment (in case the object\nis missing)ACM is trying to add new containers instead of updating (BZ#\n2117728)\n\n* pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)\n\n* ArgoCD and AppSet Applications do not deploy to local-cluster (BZ#\n2124707)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters\n2082254 - OCP 4.11 - Install fails because of: pods \"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate against any security context constraint\n2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec\n2086883 - Yaml editor for creating vSphere cluster moves to next line after typing\n2090311 - Submariner addon status doesn\u0027t track all deployment failures\n2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret\n2095481 - After switching to ACM 2.5 the managed clusters log \"unable to create ClusterClaim\" errors\n2100036 - Enforce failed and report the violation after modified memory value in limitrange policy\n2101577 - Creating an application fails with \"This application has no subscription match selector (spec.selector.matchExpressions)\"\n2102273 - Inconsistent cluster resource statuses between \"All Subscription\" topology and individual topologies\n2103653 - managed cluster is in \"unknown\" state for 120 mins after OADP restore\n2104553 - RHACM 2.5.2 images\n2104961 - Subscription UI does not allow binding to label with empty value\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD\n2107134 - Region information is not available for Azure cloud in managedcluster CR\n2107359 - cluster uninstall log points to incorrect container name\n2107885 - ACM shows wrong path for Argo CD applicationset git generator\n2109134 - Single node checkbox not visible for 4.11 images\n2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application\n2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating\n2122292 - pods in CrashLoopBackoff on 3.11 managed cluster\n2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster\n2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1897"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011217"
},
{
"db": "VULHUB",
"id": "VHN-423551"
},
{
"db": "PACKETSTORM",
"id": "168222"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "169443"
},
{
"db": "PACKETSTORM",
"id": "167944"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "168182"
},
{
"db": "PACKETSTORM",
"id": "173605"
},
{
"db": "PACKETSTORM",
"id": "172441"
},
{
"db": "PACKETSTORM",
"id": "168378"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1897",
"trust": 3.6
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011217",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167944",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168378",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168182",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168222",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169443",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168213",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2022-50690",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168516",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170083",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168150",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168538",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167729",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168112",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168289",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168287",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168139",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168284",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168013",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169435",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168022",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4246",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-423551",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "173605",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172441",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423551"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011217"
},
{
"db": "PACKETSTORM",
"id": "168222"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "169443"
},
{
"db": "PACKETSTORM",
"id": "167944"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "168182"
},
{
"db": "PACKETSTORM",
"id": "173605"
},
{
"db": "PACKETSTORM",
"id": "172441"
},
{
"db": "PACKETSTORM",
"id": "168378"
},
{
"db": "NVD",
"id": "CVE-2022-1897"
}
]
},
"id": "VAR-202205-2059",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-423551"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T21:58:09.296000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011217"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423551"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011217"
},
{
"db": "NVD",
"id": "CVE-2022-1897"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.1,
"url": "https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.1,
"url": "https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ozslfikfyu5y2km5ejkqnyhwrubdq4gj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/"
},
{
"trust": 1.0,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qmfhbc5oqxdpv2sdya2juqgvcpyastjb/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-1785"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-1897"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-1927"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-1586"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-2097"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-29154"
},
{
"trust": 0.3,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-32208"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-34903"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-32206"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-40674"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-29824"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30632"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-30632"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-32250"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1012"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-40528"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2526"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0215"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-47629"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42898"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42012"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42010"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42011"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-4304"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38177"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0361"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38178"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-4450"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qmfhbc5oqxdpv2sdya2juqgvcpyastjb/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ozslfikfyu5y2km5ejkqnyhwrubdq4gj/"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/service_mesh/v2x/servicemesh-release-notes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30635"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6283"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1962"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30635"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31107"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28131"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28131"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30633"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30633"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1962"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24675"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/sandboxed_containers/sandboxed-containers-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0391"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7058"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/sandboxed_containers/upgrade-sandboxed-containers.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-20107"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1729"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21123"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21166"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21125"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22576"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1966"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1966"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27774"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6184"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30631"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-1281"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3634"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35525"
},
{
"trust": 0.1,
"url": "https://registry.centos.org/v2/\":"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:4053"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35527"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-32233"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-37434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-24329"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2023:4052"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20329"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26280"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0620"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0665"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25173"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-46146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25725"
},
{
"trust": 0.1,
"url": "https://[2620:52:0:1eb:367x:5axx:xxx:xxx]:2379]:"
},
{
"trust": 0.1,
"url": "https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27191"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4238"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1587"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-28642"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3259"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23526"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0286"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41316"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25577"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-30570"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1325"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43519"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43519"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2509"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0056"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-30841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20329"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41723"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42919"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38561"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0229"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-27561"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44964"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4238"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0401"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44964"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0216"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41725"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41724"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4203"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25809"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3080"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6507"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-36067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32250"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423551"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011217"
},
{
"db": "PACKETSTORM",
"id": "168222"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "169443"
},
{
"db": "PACKETSTORM",
"id": "167944"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "168182"
},
{
"db": "PACKETSTORM",
"id": "173605"
},
{
"db": "PACKETSTORM",
"id": "172441"
},
{
"db": "PACKETSTORM",
"id": "168378"
},
{
"db": "NVD",
"id": "CVE-2022-1897"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-423551"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011217"
},
{
"db": "PACKETSTORM",
"id": "168222"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "169443"
},
{
"db": "PACKETSTORM",
"id": "167944"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "168182"
},
{
"db": "PACKETSTORM",
"id": "173605"
},
{
"db": "PACKETSTORM",
"id": "172441"
},
{
"db": "PACKETSTORM",
"id": "168378"
},
{
"db": "NVD",
"id": "CVE-2022-1897"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-27T00:00:00",
"db": "VULHUB",
"id": "VHN-423551"
},
{
"date": "2023-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011217"
},
{
"date": "2022-09-01T16:33:07",
"db": "PACKETSTORM",
"id": "168222"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-10-20T14:21:57",
"db": "PACKETSTORM",
"id": "169443"
},
{
"date": "2022-08-04T14:47:31",
"db": "PACKETSTORM",
"id": "167944"
},
{
"date": "2022-09-01T16:30:25",
"db": "PACKETSTORM",
"id": "168213"
},
{
"date": "2022-08-25T15:29:18",
"db": "PACKETSTORM",
"id": "168182"
},
{
"date": "2023-07-19T15:37:11",
"db": "PACKETSTORM",
"id": "173605"
},
{
"date": "2023-05-18T13:46:17",
"db": "PACKETSTORM",
"id": "172441"
},
{
"date": "2022-09-14T15:08:07",
"db": "PACKETSTORM",
"id": "168378"
},
{
"date": "2022-05-27T15:15:07.620000",
"db": "NVD",
"id": "CVE-2022-1897"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-423551"
},
{
"date": "2023-08-21T05:07:00",
"db": "JVNDB",
"id": "JVNDB-2022-011217"
},
{
"date": "2024-11-21T06:41:42.313000",
"db": "NVD",
"id": "CVE-2022-1897"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "172441"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011217"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "173605"
}
],
"trust": 0.1
}
}
var-202203-0809
Vulnerability from variot
Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). Liblouis Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-5476-1 June 13, 2022
liblouis vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in liblouis.
Software Description: - liblouis: Braille translation library - utilities
Details:
Han Zheng discovered that Liblouis incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash. This issue was addressed in Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2022-26981)
It was discovered that Liblouis incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash. (CVE-2022-31783)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: liblouis-bin 3.20.0-2ubuntu0.1 liblouis20 3.20.0-2ubuntu0.1
Ubuntu 21.10: liblouis-bin 3.18.0-1ubuntu0.2 liblouis20 3.18.0-1ubuntu0.2
Ubuntu 20.04 LTS: liblouis-bin 3.12.0-3ubuntu0.1 liblouis20 3.12.0-3ubuntu0.1
Ubuntu 18.04 LTS: liblouis-bin 3.5.0-1ubuntu0.4 liblouis14 3.5.0-1ubuntu0.4
In general, a standard system update will make all the necessary changes. Alternatively, on your watch, select "My Watch > General > About". CVE-2022-32832: Tommy Muir (@Muirey03)
AppleAVD Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote user may be able to cause kernel code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2022-32821: John Aakerblom (@jaakerblom)
Home Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 15.6 and iPadOS 15.6". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202301-06
https://security.gentoo.org/
Severity: Low Title: liblouis: Multiple Vulnerabilities Date: January 11, 2023 Bugs: #835093 ID: 202301-06
Synopsis
Multiple vulnerabilities have been discovered in liblouis, the worst of which could result in denial of service.
Background
liblouis is an open-source braille translator and back-translator.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/liblouis < 3.22.0 >= 3.22.0
Description
Multiple vulnerabilities have been discovered in liblouis. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All liblouis users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/liblouis-3.22.0"
References
[ 1 ] CVE-2022-26981 https://nvd.nist.gov/vuln/detail/CVE-2022-26981 [ 2 ] CVE-2022-31783 https://nvd.nist.gov/vuln/detail/CVE-2022-31783
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202301-06
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-07-20-2 macOS Monterey 12.5
macOS Monterey 12.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213345.
APFS Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03)
AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32810: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32840: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2022-32845: Mohamed Ghannam (@_simo36)
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: This issue was addressed with improved checks. CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security
Audio Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher
Audio Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32825: John Aakerblom (@jaakerblom)
Automation Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved checks. CVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Calendar Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: The issue was addressed with improved handling of caches. CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security
CoreMedia Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)
CoreText Available for: macOS Monterey Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg)
File System Events Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant
GPU Drivers Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: Multiple out-of-bounds write issues were addressed with improved bounds checking. CVE-2022-32793: an anonymous researcher
GPU Drivers Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-32821: John Aakerblom (@jaakerblom)
iCloud Photo Library Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones
ICU Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-32841: hjy79425575 ImageIO Available for: macOS Monterey Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)
Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2022-32811: ABC Research s.r.o
Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.
Kernel Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32813: Xinru Chi of Pangu Lab CVE-2022-32815: Xinru Chi of Pangu Lab
Kernel Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32817: Xinru Chi of Pangu Lab
Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32829: an anonymous researcher
Liblouis Available for: macOS Monterey Impact: An app may cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)
libxml2 Available for: macOS Monterey Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823
Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: An issue in the handling of environment variables was addressed with improved validation. CVE-2022-32786: Mickey Jin (@patch1t)
PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2022-32800: Mickey Jin (@patch1t)
PluginKit Available for: macOS Monterey Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro
PS Normalizer Available for: macOS Monterey Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz
SMB Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: A user in a privileged network position may be able to leak sensitive information Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)
Software Update Available for: macOS Monterey Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin)
Spindump Available for: macOS Monterey Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed with improved file handling. CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Spotlight Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: This issue was addressed with improved checks. CVE-2022-32801: Joshua Mason (@josh@jhu.edu)
subversion Available for: macOS Monterey Impact: Multiple issues in subversion Description: Multiple issues were addressed by updating subversion. CVE-2021-28544: Evgeny Kotkov, visualsvn.com CVE-2022-24070: Evgeny Kotkov, visualsvn.com CVE-2022-29046: Evgeny Kotkov, visualsvn.com CVE-2022-29048: Evgeny Kotkov, visualsvn.com
TCC Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An access issue was addressed with improvements to the sandbox. CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
WebKit Available for: macOS Monterey Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 239316 CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. WebKit Bugzilla: 240720 CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative
WebRTC Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 242339 CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team
Wi-Fi Available for: macOS Monterey Impact: An app may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks. CVE-2022-32837: Wang Yu of Cyberserval
Wi-Fi Available for: macOS Monterey Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval
Windows Server Available for: macOS Monterey Impact: An app may be able to capture a user’s screen Description: A logic issue was addressed with improved checks. CVE-2022-32848: Jeremy Legendre of MacEnhance
Additional recognition
802.1X We would like to acknowledge Shin Sun of National Taiwan University for their assistance.
AppleMobileFileIntegrity We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
Calendar We would like to acknowledge Joshua Jones for their assistance.
configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
DiskArbitration We would like to acknowledge Mike Cush for their assistance.
macOS Monterey 12.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p rhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b /Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh 6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn Er5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa mcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9 V1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr pfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD TY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q WqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV fz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n DJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg= =ibIr -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0809",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.6"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.5"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "8.7"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.6"
},
{
"model": "liblouis",
"scope": "lte",
"trust": 1.0,
"vendor": "liblouis",
"version": "3.21.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.6"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "watchos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "tvos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "liblouis",
"scope": null,
"trust": 0.8,
"vendor": "liblouis",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007713"
},
{
"db": "NVD",
"id": "CVE-2022-26981"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "167791"
},
{
"db": "PACKETSTORM",
"id": "167790"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "167787"
}
],
"trust": 0.4
},
"cve": "CVE-2022-26981",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-26981",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-415492",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-26981",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-26981",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-26981",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-26981",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1229",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-415492",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-26981",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415492"
},
{
"db": "VULMON",
"id": "CVE-2022-26981"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007713"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1229"
},
{
"db": "NVD",
"id": "CVE-2022-26981"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). Liblouis Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ==========================================================================\nUbuntu Security Notice USN-5476-1\nJune 13, 2022\n\nliblouis vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in liblouis. \n\nSoftware Description:\n- liblouis: Braille translation library - utilities\n\nDetails:\n\nHan Zheng discovered that Liblouis incorrectly handled certain inputs. \nAn attacker could possibly use this issue to cause a crash. This issue was\naddressed in Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2022-26981)\n\nIt was discovered that Liblouis incorrectly handled certain inputs. \nAn attacker could possibly use this issue to execute arbitrary code\nor cause a crash. (CVE-2022-31783)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n liblouis-bin 3.20.0-2ubuntu0.1\n liblouis20 3.20.0-2ubuntu0.1\n\nUbuntu 21.10:\n liblouis-bin 3.18.0-1ubuntu0.2\n liblouis20 3.18.0-1ubuntu0.2\n\nUbuntu 20.04 LTS:\n liblouis-bin 3.12.0-3ubuntu0.1\n liblouis20 3.12.0-3ubuntu0.1\n\nUbuntu 18.04 LTS:\n liblouis-bin 3.5.0-1ubuntu0.4\n liblouis14 3.5.0-1ubuntu0.4\n\nIn general, a standard system update will make all the necessary changes. Alternatively, on your watch, select\n\"My Watch \u003e General \u003e About\". \nCVE-2022-32832: Tommy Muir (@Muirey03)\n\nAppleAVD\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A remote user may be able to cause kernel code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\nHome\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/ iTunes and Software Update on the\ndevice will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it is downloaded and the option\nto be installed is presented to the user when the iOS device is\ndocked. We recommend applying the update immediately if possible. \nSelecting Don\u0027t Install will present the option the next time you\nconnect your iOS device. The automatic update process may take up to\na week depending on the day that iTunes or the device checks for\nupdates. You may manually obtain the update via the Check for Updates\nbutton within iTunes, or the Software Update on your device. To\ncheck that the iPhone, iPod touch, or iPad has been updated: *\nNavigate to Settings * Select General * Select About. The version\nafter applying this update will be \"iOS 15.6 and iPadOS 15.6\". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202301-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: liblouis: Multiple Vulnerabilities\n Date: January 11, 2023\n Bugs: #835093\n ID: 202301-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in liblouis, the worst of\nwhich could result in denial of service. \n\nBackground\n==========\n\nliblouis is an open-source braille translator and back-translator. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/liblouis \u003c 3.22.0 \u003e= 3.22.0\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in liblouis. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll liblouis users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/liblouis-3.22.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-26981\n https://nvd.nist.gov/vuln/detail/CVE-2022-26981\n[ 2 ] CVE-2022-31783\n https://nvd.nist.gov/vuln/detail/CVE-2022-31783\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202301-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-07-20-2 macOS Monterey 12.5\n\nmacOS Monterey 12.5 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213345. \n\nAPFS\nAvailable for: macOS Monterey\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32832: Tommy Muir (@Muirey03)\n\nAppleMobileFileIntegrity\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32810: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32840: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to break out of its sandbox\nDescription: This issue was addressed with improved checks. \nCVE-2022-32845: Mohamed Ghannam (@_simo36)\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu\nSecurity, Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security\nCVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security\nCVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security\n\nAudio\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-32820: an anonymous researcher\n\nAudio\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32825: John Aakerblom (@jaakerblom)\n\nAutomation\nAvailable for: macOS Monterey\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nCalendar\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security\n\nCoreMedia\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom\n(@jaakerblom)\n\nCoreText\nAvailable for: macOS Monterey\nImpact: A remote user may cause an unexpected app termination or\narbitrary code execution\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\nFile System Events\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32819: Joshua Mason of Mandiant\n\nGPU Drivers\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: Multiple out-of-bounds write issues were addressed with\nimproved bounds checking. \nCVE-2022-32793: an anonymous researcher\n\nGPU Drivers\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\niCloud Photo Library\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2022-32849: Joshua Jones\n\nICU\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may result in\ndisclosure of process memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32841: hjy79425575\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing an image may lead to a denial-of-service\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-32785: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2022-32811: ABC Research s.r.o\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. \n\nKernel\nAvailable for: macOS Monterey\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32813: Xinru Chi of Pangu Lab\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32817: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32829: an anonymous researcher\n\nLiblouis\nAvailable for: macOS Monterey\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: This issue was addressed with improved checks. \nCVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China\n(nipc.org.cn)\n\nlibxml2\nAvailable for: macOS Monterey\nImpact: An app may be able to leak sensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-32823\n\nMulti-Touch\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\nMulti-Touch\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: An issue in the handling of environment variables was\naddressed with improved validation. \nCVE-2022-32786: Mickey Jin (@patch1t)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed with improved checks. \nCVE-2022-32800: Mickey Jin (@patch1t)\n\nPluginKit\nAvailable for: macOS Monterey\nImpact: An app may be able to read arbitrary files\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro\n\nPS Normalizer\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted Postscript file may result\nin unexpected app termination or disclosure of process memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32843: Kai Lu of Zscaler\u0027s ThreatLabz\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A user in a privileged network position may be able to leak\nsensitive information\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)\n\nSoftware Update\nAvailable for: macOS Monterey\nImpact: A user in a privileged network position can track a user\u2019s\nactivity\nDescription: This issue was addressed by using HTTPS when sending\ninformation over the network. \nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\nSpindump\nAvailable for: macOS Monterey\nImpact: An app may be able to overwrite arbitrary files\nDescription: This issue was addressed with improved file handling. \nCVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nSpotlight\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32801: Joshua Mason (@josh@jhu.edu)\n\nsubversion\nAvailable for: macOS Monterey\nImpact: Multiple issues in subversion\nDescription: Multiple issues were addressed by updating subversion. \nCVE-2021-28544: Evgeny Kotkov, visualsvn.com\nCVE-2022-24070: Evgeny Kotkov, visualsvn.com\nCVE-2022-29046: Evgeny Kotkov, visualsvn.com\nCVE-2022-29048: Evgeny Kotkov, visualsvn.com\n\nTCC\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: An access issue was addressed with improvements to the\nsandbox. \nCVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Visiting a website that frames malicious content may lead to\nUI spoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 239316\nCVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nWebKit Bugzilla: 240720\nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero\nDay Initiative\n\nWebRTC\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. \nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 242339\nCVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: An app may be able to cause unexpected system termination or\nwrite kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32837: Wang Yu of Cyberserval\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A remote user may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32847: Wang Yu of Cyberserval\n\nWindows Server\nAvailable for: macOS Monterey\nImpact: An app may be able to capture a user\u2019s screen\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32848: Jeremy Legendre of MacEnhance\n\nAdditional recognition\n\n802.1X\nWe would like to acknowledge Shin Sun of National Taiwan University\nfor their assistance. \n\nAppleMobileFileIntegrity\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a\n(@_r3ggi) of SecuRing for their assistance. \n\nCalendar\nWe would like to acknowledge Joshua Jones for their assistance. \n\nconfigd\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a\n(@_r3ggi) of SecuRing for their assistance. \n\nDiskArbitration\nWe would like to acknowledge Mike Cush for their assistance. \n\nmacOS Monterey 12.5 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p\nrhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b\n/Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh\n6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn\nEr5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa\nmcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9\nV1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr\npfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD\nTY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q\nWqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV\nfz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n\nDJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg=\n=ibIr\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26981"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007713"
},
{
"db": "VULHUB",
"id": "VHN-415492"
},
{
"db": "VULMON",
"id": "CVE-2022-26981"
},
{
"db": "PACKETSTORM",
"id": "167541"
},
{
"db": "PACKETSTORM",
"id": "167791"
},
{
"db": "PACKETSTORM",
"id": "167790"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "170454"
},
{
"db": "PACKETSTORM",
"id": "167787"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26981",
"trust": 4.0
},
{
"db": "PACKETSTORM",
"id": "167791",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167541",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "170454",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167790",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007713",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.3563",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3270",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2893",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072107",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070204",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071137",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070435",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1229",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167786",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167787",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-415492",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-26981",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415492"
},
{
"db": "VULMON",
"id": "CVE-2022-26981"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007713"
},
{
"db": "PACKETSTORM",
"id": "167541"
},
{
"db": "PACKETSTORM",
"id": "167791"
},
{
"db": "PACKETSTORM",
"id": "167790"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "170454"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1229"
},
{
"db": "NVD",
"id": "CVE-2022-26981"
}
]
},
"id": "VAR-202203-0809",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415492"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:41:25.021000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213345 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFD2KIHESDUCNWTEW3USFB5GKTWT624L/"
},
{
"title": "Debian CVElist Bug Report Logs: liblouis: CVE-2022-26981",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=0e4a71c43cacf92e530083843b41f98c"
},
{
"title": "Ubuntu Security Notice: USN-5476-1: Liblouis vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5476-1"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-26981"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2022-26981"
},
{
"title": "Apple: iOS 15.6 and iPadOS 15.6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=25de7f37f4830a629a57f79175aeaa2a"
},
{
"title": "Apple: macOS Monterey 12.5",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=c765c13fa342a7957a4e91e6dc3d34f4"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-26981"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007713"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.1
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415492"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007713"
},
{
"db": "NVD",
"id": "CVE-2022-26981"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://security.gentoo.org/glsa/202301-06"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213340"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213342"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213345"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213346"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/jul/12"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/jul/18"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/jul/15"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/jul/16"
},
{
"trust": 1.8,
"url": "https://github.com/liblouis/liblouis/issues/1171"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26981"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cfd2kihesducnwtew3usfb5gktwt624l/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cfd2kihesducnwtew3usfb5gktwt624l/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167791/apple-security-advisory-2022-07-20-6.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071137"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213346"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26981/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-26981"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3270"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170454/gentoo-linux-security-advisory-202301-06.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167541/ubuntu-security-notice-usn-5476-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3563"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167790/apple-security-advisory-2022-07-20-5.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2893"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072107"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070204"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070435"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/liblouis-buffer-overflow-via-compilepassopcode-38566"
},
{
"trust": 0.4,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32792"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32793"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
},
{
"trust": 0.4,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32788"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32814"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32813"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32815"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5476-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31783"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32810"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32817"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32816"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32821"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32820"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32819"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32802"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2294"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008009"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/liblouis/3.18.0-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/liblouis/3.20.0-2ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/liblouis/3.5.0-1ubuntu0.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/liblouis/3.12.0-3ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213340."
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213342."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32784"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213346."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26768"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24070"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213345."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29046"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29048"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32789"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415492"
},
{
"db": "VULMON",
"id": "CVE-2022-26981"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007713"
},
{
"db": "PACKETSTORM",
"id": "167541"
},
{
"db": "PACKETSTORM",
"id": "167791"
},
{
"db": "PACKETSTORM",
"id": "167790"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "170454"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1229"
},
{
"db": "NVD",
"id": "CVE-2022-26981"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415492"
},
{
"db": "VULMON",
"id": "CVE-2022-26981"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007713"
},
{
"db": "PACKETSTORM",
"id": "167541"
},
{
"db": "PACKETSTORM",
"id": "167791"
},
{
"db": "PACKETSTORM",
"id": "167790"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "170454"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1229"
},
{
"db": "NVD",
"id": "CVE-2022-26981"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-415492"
},
{
"date": "2022-03-13T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26981"
},
{
"date": "2023-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007713"
},
{
"date": "2022-06-20T15:47:26",
"db": "PACKETSTORM",
"id": "167541"
},
{
"date": "2022-07-22T16:24:29",
"db": "PACKETSTORM",
"id": "167791"
},
{
"date": "2022-07-22T16:24:11",
"db": "PACKETSTORM",
"id": "167790"
},
{
"date": "2022-07-22T16:22:17",
"db": "PACKETSTORM",
"id": "167786"
},
{
"date": "2023-01-11T15:34:19",
"db": "PACKETSTORM",
"id": "170454"
},
{
"date": "2022-07-22T16:22:49",
"db": "PACKETSTORM",
"id": "167787"
},
{
"date": "2022-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1229"
},
{
"date": "2022-03-13T18:15:08.343000",
"db": "NVD",
"id": "CVE-2022-26981"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-13T00:00:00",
"db": "VULHUB",
"id": "VHN-415492"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26981"
},
{
"date": "2023-07-20T07:30:00",
"db": "JVNDB",
"id": "JVNDB-2022-007713"
},
{
"date": "2023-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1229"
},
{
"date": "2024-11-21T06:54:54.530000",
"db": "NVD",
"id": "CVE-2022-26981"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1229"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Liblouis\u00a0 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007713"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1229"
}
],
"trust": 0.6
}
}
var-202108-1268
Vulnerability from variot
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. apple's Safari Out-of-bounds read vulnerabilities exist in products from multiple vendors.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. (CVE-2020-22592) A use after free issue was addressed with improved memory management. (CVE-2020-27918) "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. A user may be unable to fully delete browsing history. (CVE-2020-29623) This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1765) A use after free issue was addressed with improved memory management. (CVE-2021-1788) A type confusion issue was addressed with improved state handling. (CVE-2021-1789) A port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. (CVE-2021-1799) This issue was addressed with improved iframe sandbox enforcement. (CVE-2021-1801) A memory corruption issue was addressed with improved state management. (CVE-2021-1817) A memory initialization issue was addressed with improved memory handling. (CVE-2021-1820) An input validation issue was addressed with improved input validation. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870) A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775) A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779) An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. The victim needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806) A use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30663) A memory corruption issue was addressed with improved state management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30665) A buffer overflow issue was addressed with improved memory handling. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30720) Multiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30734) Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. (CVE-2021-30744) Multiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30749) A type confusion issue was addressed with improved state handling. (CVE-2021-30758) A memory corruption issue was addressed with improved state management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30761) A use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30762) A use after free issue was addressed with improved memory management. (CVE-2021-30797) Multiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30799) A use-after-free flaw was found in WebKitGTK. (CVE-2021-30809) A confusion type flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30836) A memory corruption issue was addressed with improved memory handling. (CVE-2021-30846) A memory corruption issue was addressed with improved memory handling. (CVE-2021-30848) Multiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30887) An information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888) A buffer overflow flaw was found in WebKitGTK. (CVE-2021-30890) A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30934) A use after free issue was addressed with improved memory management. (CVE-2021-30936) A use after free issue was addressed with improved memory management. (CVE-2021-30953) A type confusion issue was addressed with improved memory handling. (CVE-2021-30984) ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912) BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762) A segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45483) A use after free issue was addressed with improved memory management. (CVE-2022-22592) A cookie management issue was addressed with improved state management. (CVE-2022-22662) A logic issue in the handling of concurrent media was addressed with improved state handling. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-22677) A memory corruption issue was addressed with improved state management. (CVE-2022-26700) A use after free issue was addressed with improved memory management. (CVE-2022-26709) A use after free issue was addressed with improved memory management. (CVE-2022-26710) A memory corruption issue was addressed with improved state management. (CVE-2022-26716) A use after free issue was addressed with improved memory management. (CVE-2022-26717) A memory corruption issue was addressed with improved state management. (CVE-2022-26719) In WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. An app may be able to disclose kernel memory. (CVE-2022-32793) The issue was addressed with improved UI handling. Visiting a website that frames malicious content may lead to UI spoofing. (CVE-2022-32923) The issue was addressed with improved UI handling. Visiting a malicious website may lead to user interface spoofing. (CVE-2022-42852) A type confusion issue was addressed with improved state handling. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-42856) A memory corruption issue was addressed with improved state management. (CVE-2022-42863) A use after free issue was addressed with improved memory management. (CVE-2022-42867) A memory consumption issue was addressed with improved memory handling. (CVE-2022-46698) A memory corruption issue was addressed with improved state management. (CVE-2022-46699) A memory corruption issue was addressed with improved input validation. (CVE-2022-46700) A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529) A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358) A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360) A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361) A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362) A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363) The vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932) The vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954) An out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. (CVE-2023-28204) A use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373) N/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update Advisory ID: RHSA-2022:1777-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1777 Issue date: 2022-05-10 CVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 =====================================================================
- Summary:
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: webkit2gtk3-2.34.6-1.el8.src.rpm
aarch64: webkit2gtk3-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm
ppc64le: webkit2gtk3-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm
s390x: webkit2gtk3-2.34.6-1.el8.s390x.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm
x86_64: webkit2gtk3-2.34.6-1.el8.i686.rpm webkit2gtk3-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm webkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-30809 https://access.redhat.com/security/cve/CVE-2021-30818 https://access.redhat.com/security/cve/CVE-2021-30823 https://access.redhat.com/security/cve/CVE-2021-30836 https://access.redhat.com/security/cve/CVE-2021-30846 https://access.redhat.com/security/cve/CVE-2021-30848 https://access.redhat.com/security/cve/CVE-2021-30849 https://access.redhat.com/security/cve/CVE-2021-30851 https://access.redhat.com/security/cve/CVE-2021-30884 https://access.redhat.com/security/cve/CVE-2021-30887 https://access.redhat.com/security/cve/CVE-2021-30888 https://access.redhat.com/security/cve/CVE-2021-30889 https://access.redhat.com/security/cve/CVE-2021-30890 https://access.redhat.com/security/cve/CVE-2021-30897 https://access.redhat.com/security/cve/CVE-2021-30934 https://access.redhat.com/security/cve/CVE-2021-30936 https://access.redhat.com/security/cve/CVE-2021-30951 https://access.redhat.com/security/cve/CVE-2021-30952 https://access.redhat.com/security/cve/CVE-2021-30953 https://access.redhat.com/security/cve/CVE-2021-30954 https://access.redhat.com/security/cve/CVE-2021-30984 https://access.redhat.com/security/cve/CVE-2021-45481 https://access.redhat.com/security/cve/CVE-2021-45482 https://access.redhat.com/security/cve/CVE-2021-45483 https://access.redhat.com/security/cve/CVE-2022-22589 https://access.redhat.com/security/cve/CVE-2022-22590 https://access.redhat.com/security/cve/CVE-2022-22592 https://access.redhat.com/security/cve/CVE-2022-22594 https://access.redhat.com/security/cve/CVE-2022-22620 https://access.redhat.com/security/cve/CVE-2022-22637 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
For the oldstable distribution (buster), these problems have been fixed in version 2.34.4-1~deb10u1.
For the stable distribution (bullseye), these problems have been fixed in version 2.34.4-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-12-15-6 watchOS 8.3
watchOS 8.3 addresses the following issues. CVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab
CFNetwork Proxies Available for: Apple Watch Series 3 and later Impact: User traffic might unexpectedly be leaked to a proxy server despite PAC configurations Description: A logic issue was addressed with improved state management. CVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab
CoreAudio Available for: Apple Watch Series 3 and later Impact: Playing a malicious audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab
Crash Reporter Available for: Apple Watch Series 3 and later Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30916: Zweig of Kunlun Lab
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30937: Sergei Glazunov of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30927: Xinru Chi of Pangu Lab CVE-2021-30980: Xinru Chi of Pangu Lab
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30949: Ian Beer of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2021-30955: Zweig of Kunlun Lab
Preferences Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to elevate privileges Description: A race condition was addressed with improved state handling. CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions. CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved restrictions. CVE-2021-30946: @gorelics
Sandbox Available for: Apple Watch Series 3 and later Impact: An application may be able to access a user's files Description: An access issue was addressed with additional sandbox restrictions. CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security
TCC Available for: Apple Watch Series 3 and later Impact: A local user may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30767: @gorelics
TCC Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass Privacy preferences Description: An inherited permissions issue was addressed with additional restrictions. CVE-2021-30954: Kunlun Lab
Additional recognition
Bluetooth We would like to acknowledge Haram Park, Korea University for their assistance.
ColorSync We would like to acknowledge Mateusz Jurczyk of Google Project Zero for their assistance.
Contacts We would like to acknowledge Minchan Park (03stin) for their assistance.
Kernel We would like to acknowledge Amit Klein of Bar-Ilan University's Center for Research in Applied Cryptography and Cyber Security for their assistance.
WebKit We would like to acknowledge Peter Snyder of Brave and Soroush Karami for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p rhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn wkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1 eG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh TL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj t1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+ wlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz xnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS rwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj FPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj zn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI 1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+ -----END PGP SIGNATURE-----
. ========================================================================== Ubuntu Security Notice USN-5255-1 January 27, 2022
webkit2gtk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: libjavascriptcoregtk-4.0-18 2.34.4-0ubuntu0.21.10.1 libwebkit2gtk-4.0-37 2.34.4-0ubuntu0.21.10.1
Ubuntu 20.04 LTS: libjavascriptcoregtk-4.0-18 2.34.4-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 2.34.4-0ubuntu0.20.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202202-01
https://security.gentoo.org/
Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
[ 1 ] CVE-2021-30848 https://nvd.nist.gov/vuln/detail/CVE-2021-30848 [ 2 ] CVE-2021-30888 https://nvd.nist.gov/vuln/detail/CVE-2021-30888 [ 3 ] CVE-2021-30682 https://nvd.nist.gov/vuln/detail/CVE-2021-30682 [ 4 ] CVE-2021-30889 https://nvd.nist.gov/vuln/detail/CVE-2021-30889 [ 5 ] CVE-2021-30666 https://nvd.nist.gov/vuln/detail/CVE-2021-30666 [ 6 ] CVE-2021-30665 https://nvd.nist.gov/vuln/detail/CVE-2021-30665 [ 7 ] CVE-2021-30890 https://nvd.nist.gov/vuln/detail/CVE-2021-30890 [ 8 ] CVE-2021-30661 https://nvd.nist.gov/vuln/detail/CVE-2021-30661 [ 9 ] WSA-2021-0005 https://webkitgtk.org/security/WSA-2021-0005.html [ 10 ] CVE-2021-30761 https://nvd.nist.gov/vuln/detail/CVE-2021-30761 [ 11 ] CVE-2021-30897 https://nvd.nist.gov/vuln/detail/CVE-2021-30897 [ 12 ] CVE-2021-30823 https://nvd.nist.gov/vuln/detail/CVE-2021-30823 [ 13 ] CVE-2021-30734 https://nvd.nist.gov/vuln/detail/CVE-2021-30734 [ 14 ] CVE-2021-30934 https://nvd.nist.gov/vuln/detail/CVE-2021-30934 [ 15 ] CVE-2021-1871 https://nvd.nist.gov/vuln/detail/CVE-2021-1871 [ 16 ] CVE-2021-30762 https://nvd.nist.gov/vuln/detail/CVE-2021-30762 [ 17 ] WSA-2021-0006 https://webkitgtk.org/security/WSA-2021-0006.html [ 18 ] CVE-2021-30797 https://nvd.nist.gov/vuln/detail/CVE-2021-30797 [ 19 ] CVE-2021-30936 https://nvd.nist.gov/vuln/detail/CVE-2021-30936 [ 20 ] CVE-2021-30663 https://nvd.nist.gov/vuln/detail/CVE-2021-30663 [ 21 ] CVE-2021-1825 https://nvd.nist.gov/vuln/detail/CVE-2021-1825 [ 22 ] CVE-2021-30951 https://nvd.nist.gov/vuln/detail/CVE-2021-30951 [ 23 ] CVE-2021-30952 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 [ 24 ] CVE-2021-1788 https://nvd.nist.gov/vuln/detail/CVE-2021-1788 [ 25 ] CVE-2021-1820 https://nvd.nist.gov/vuln/detail/CVE-2021-1820 [ 26 ] CVE-2021-30953 https://nvd.nist.gov/vuln/detail/CVE-2021-30953 [ 27 ] CVE-2021-30749 https://nvd.nist.gov/vuln/detail/CVE-2021-30749 [ 28 ] CVE-2021-30849 https://nvd.nist.gov/vuln/detail/CVE-2021-30849 [ 29 ] CVE-2021-1826 https://nvd.nist.gov/vuln/detail/CVE-2021-1826 [ 30 ] CVE-2021-30836 https://nvd.nist.gov/vuln/detail/CVE-2021-30836 [ 31 ] CVE-2021-30954 https://nvd.nist.gov/vuln/detail/CVE-2021-30954 [ 32 ] CVE-2021-30984 https://nvd.nist.gov/vuln/detail/CVE-2021-30984 [ 33 ] CVE-2021-30851 https://nvd.nist.gov/vuln/detail/CVE-2021-30851 [ 34 ] CVE-2021-30758 https://nvd.nist.gov/vuln/detail/CVE-2021-30758 [ 35 ] CVE-2021-42762 https://nvd.nist.gov/vuln/detail/CVE-2021-42762 [ 36 ] CVE-2021-1844 https://nvd.nist.gov/vuln/detail/CVE-2021-1844 [ 37 ] CVE-2021-30689 https://nvd.nist.gov/vuln/detail/CVE-2021-30689 [ 38 ] CVE-2021-45482 https://nvd.nist.gov/vuln/detail/CVE-2021-45482 [ 39 ] CVE-2021-30858 https://nvd.nist.gov/vuln/detail/CVE-2021-30858 [ 40 ] CVE-2021-21779 https://nvd.nist.gov/vuln/detail/CVE-2021-21779 [ 41 ] WSA-2021-0004 https://webkitgtk.org/security/WSA-2021-0004.html [ 42 ] CVE-2021-30846 https://nvd.nist.gov/vuln/detail/CVE-2021-30846 [ 43 ] CVE-2021-30744 https://nvd.nist.gov/vuln/detail/CVE-2021-30744 [ 44 ] CVE-2021-30809 https://nvd.nist.gov/vuln/detail/CVE-2021-30809 [ 45 ] CVE-2021-30884 https://nvd.nist.gov/vuln/detail/CVE-2021-30884 [ 46 ] CVE-2021-30720 https://nvd.nist.gov/vuln/detail/CVE-2021-30720 [ 47 ] CVE-2021-30799 https://nvd.nist.gov/vuln/detail/CVE-2021-30799 [ 48 ] CVE-2021-30795 https://nvd.nist.gov/vuln/detail/CVE-2021-30795 [ 49 ] CVE-2021-1817 https://nvd.nist.gov/vuln/detail/CVE-2021-1817 [ 50 ] CVE-2021-21775 https://nvd.nist.gov/vuln/detail/CVE-2021-21775 [ 51 ] CVE-2021-30887 https://nvd.nist.gov/vuln/detail/CVE-2021-30887 [ 52 ] CVE-2021-21806 https://nvd.nist.gov/vuln/detail/CVE-2021-21806 [ 53 ] CVE-2021-30818 https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1268",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "12.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "8.3"
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "8.3"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "tvos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021205"
},
{
"db": "NVD",
"id": "CVE-2021-30953"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
}
],
"trust": 0.3
},
"cve": "CVE-2021-30953",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-30953",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-390686",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-30953",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-30953",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-30953",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-30953",
"trust": 0.8,
"value": "High"
},
{
"author": "VULHUB",
"id": "VHN-390686",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-30953",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390686"
},
{
"db": "VULMON",
"id": "CVE-2021-30953"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021205"
},
{
"db": "NVD",
"id": "CVE-2021-30953"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. apple\u0027s Safari Out-of-bounds read vulnerabilities exist in products from multiple vendors.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. (CVE-2020-22592)\nA use after free issue was addressed with improved memory management. (CVE-2020-27918)\n\"Clear History and Website Data\" did not clear the history. The issue was addressed with improved data deletion. A user may be unable to fully delete browsing history. (CVE-2020-29623)\nThis issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1765)\nA use after free issue was addressed with improved memory management. (CVE-2021-1788)\nA type confusion issue was addressed with improved state handling. (CVE-2021-1789)\nA port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. (CVE-2021-1799)\nThis issue was addressed with improved iframe sandbox enforcement. (CVE-2021-1801)\nA memory corruption issue was addressed with improved state management. (CVE-2021-1817)\nA memory initialization issue was addressed with improved memory handling. (CVE-2021-1820)\nAn input validation issue was addressed with improved input validation. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870)\nA use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\nA use-after-free vulnerability exists in the way Webkit\u0027s GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779)\nAn exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. The victim needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806)\nA use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30663)\nA memory corruption issue was addressed with improved state management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30665)\nA buffer overflow issue was addressed with improved memory handling. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30720)\nMultiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30734)\nDescription: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. (CVE-2021-30744)\nMultiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30749)\nA type confusion issue was addressed with improved state handling. (CVE-2021-30758)\nA memory corruption issue was addressed with improved state management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30761)\nA use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30762)\nA use after free issue was addressed with improved memory management. (CVE-2021-30797)\nMultiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30799)\nA use-after-free flaw was found in WebKitGTK. (CVE-2021-30809)\nA confusion type flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30836)\nA memory corruption issue was addressed with improved memory handling. (CVE-2021-30846)\nA memory corruption issue was addressed with improved memory handling. (CVE-2021-30848)\nMultiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30887)\nAn information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888)\nA buffer overflow flaw was found in WebKitGTK. (CVE-2021-30890)\nA buffer overflow issue was addressed with improved memory handling. (CVE-2021-30934)\nA use after free issue was addressed with improved memory management. (CVE-2021-30936)\nA use after free issue was addressed with improved memory management. (CVE-2021-30953)\nA type confusion issue was addressed with improved memory handling. (CVE-2021-30984)\n** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912)\nBubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762)\nA segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45483)\nA use after free issue was addressed with improved memory management. (CVE-2022-22592)\nA cookie management issue was addressed with improved state management. (CVE-2022-22662)\nA logic issue in the handling of concurrent media was addressed with improved state handling. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-22677)\nA memory corruption issue was addressed with improved state management. (CVE-2022-26700)\nA use after free issue was addressed with improved memory management. (CVE-2022-26709)\nA use after free issue was addressed with improved memory management. (CVE-2022-26710)\nA memory corruption issue was addressed with improved state management. (CVE-2022-26716)\nA use after free issue was addressed with improved memory management. (CVE-2022-26717)\nA memory corruption issue was addressed with improved state management. (CVE-2022-26719)\nIn WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. An app may be able to disclose kernel memory. (CVE-2022-32793)\nThe issue was addressed with improved UI handling. Visiting a website that frames malicious content may lead to UI spoofing. (CVE-2022-32923)\nThe issue was addressed with improved UI handling. Visiting a malicious website may lead to user interface spoofing. (CVE-2022-42852)\nA type confusion issue was addressed with improved state handling. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-42856)\nA memory corruption issue was addressed with improved state management. (CVE-2022-42863)\nA use after free issue was addressed with improved memory management. (CVE-2022-42867)\nA memory consumption issue was addressed with improved memory handling. (CVE-2022-46698)\nA memory corruption issue was addressed with improved state management. (CVE-2022-46699)\nA memory corruption issue was addressed with improved input validation. (CVE-2022-46700)\nA flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529)\nA use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358)\nA use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360)\nA use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361)\nA use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362)\nA use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363)\nThe vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932)\nThe vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954)\nAn out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. (CVE-2023-28204)\nA use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373)\nN/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2022:1777-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1777\nIssue date: 2022-05-10\nCVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 \n CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 \n CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 \n CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 \n CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 \n CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 \n CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 \n CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 \n CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 \n CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 \n=====================================================================\n\n1. Summary:\n\nAn update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nWebKitGTK is the port of the portable web rendering engine WebKit to the\nGTK platform. \n\nThe following packages have been upgraded to a later upstream version:\nwebkit2gtk3 (2.34.6). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.6 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nwebkit2gtk3-2.34.6-1.el8.src.rpm\n\naarch64:\nwebkit2gtk3-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\n\nppc64le:\nwebkit2gtk3-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\n\ns390x:\nwebkit2gtk3-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm\n\nx86_64:\nwebkit2gtk3-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-30809\nhttps://access.redhat.com/security/cve/CVE-2021-30818\nhttps://access.redhat.com/security/cve/CVE-2021-30823\nhttps://access.redhat.com/security/cve/CVE-2021-30836\nhttps://access.redhat.com/security/cve/CVE-2021-30846\nhttps://access.redhat.com/security/cve/CVE-2021-30848\nhttps://access.redhat.com/security/cve/CVE-2021-30849\nhttps://access.redhat.com/security/cve/CVE-2021-30851\nhttps://access.redhat.com/security/cve/CVE-2021-30884\nhttps://access.redhat.com/security/cve/CVE-2021-30887\nhttps://access.redhat.com/security/cve/CVE-2021-30888\nhttps://access.redhat.com/security/cve/CVE-2021-30889\nhttps://access.redhat.com/security/cve/CVE-2021-30890\nhttps://access.redhat.com/security/cve/CVE-2021-30897\nhttps://access.redhat.com/security/cve/CVE-2021-30934\nhttps://access.redhat.com/security/cve/CVE-2021-30936\nhttps://access.redhat.com/security/cve/CVE-2021-30951\nhttps://access.redhat.com/security/cve/CVE-2021-30952\nhttps://access.redhat.com/security/cve/CVE-2021-30953\nhttps://access.redhat.com/security/cve/CVE-2021-30954\nhttps://access.redhat.com/security/cve/CVE-2021-30984\nhttps://access.redhat.com/security/cve/CVE-2021-45481\nhttps://access.redhat.com/security/cve/CVE-2021-45482\nhttps://access.redhat.com/security/cve/CVE-2021-45483\nhttps://access.redhat.com/security/cve/CVE-2022-22589\nhttps://access.redhat.com/security/cve/CVE-2022-22590\nhttps://access.redhat.com/security/cve/CVE-2022-22592\nhttps://access.redhat.com/security/cve/CVE-2022-22594\nhttps://access.redhat.com/security/cve/CVE-2022-22620\nhttps://access.redhat.com/security/cve/CVE-2022-22637\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.34.4-1~deb10u1. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.34.4-1~deb11u1. \n\nWe recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-12-15-6 watchOS 8.3\n\nwatchOS 8.3 addresses the following issues. \nCVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab\n\nCFNetwork Proxies\nAvailable for: Apple Watch Series 3 and later\nImpact: User traffic might unexpectedly be leaked to a proxy server\ndespite PAC configurations\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: Apple Watch Series 3 and later\nImpact: Playing a malicious audio file may lead to arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab\n\nCrash Reporter\nAvailable for: Apple Watch Series 3 and later\nImpact: A local attacker may be able to elevate their privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year\nLab, Mickey Jin (@patch1t) of Trend Micro\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30916: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2021-30937: Sergei Glazunov of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30927: Xinru Chi of Pangu Lab\nCVE-2021-30980: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30949: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30955: Zweig of Kunlun Lab\n\nPreferences\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A validation issue related to hard link behavior was\naddressed with improved sandbox restrictions. \nCVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30946: @gorelics\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to access a user\u0027s files\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30767: @gorelics\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: An inherited permissions issue was addressed with\nadditional restrictions. \nCVE-2021-30954: Kunlun Lab\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Haram Park, Korea University for their\nassistance. \n\nColorSync\nWe would like to acknowledge Mateusz Jurczyk of Google Project Zero\nfor their assistance. \n\nContacts\nWe would like to acknowledge Minchan Park (03stin) for their\nassistance. \n\nKernel\nWe would like to acknowledge Amit Klein of Bar-Ilan University\u0027s\nCenter for Research in Applied Cryptography and Cyber Security for\ntheir assistance. \n\nWebKit\nWe would like to acknowledge Peter Snyder of Brave and Soroush Karami\nfor their assistance. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p\nrhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn\nwkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1\neG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh\nTL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj\nt1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+\nwlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz\nxnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS\nrwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj\nFPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj\nzn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI\n1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+\n-----END PGP SIGNATURE-----\n\n\n\n. ==========================================================================\nUbuntu Security Notice USN-5255-1\nJanuary 27, 2022\n\nwebkit2gtk vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n libjavascriptcoregtk-4.0-18 2.34.4-0ubuntu0.21.10.1\n libwebkit2gtk-4.0-37 2.34.4-0ubuntu0.21.10.1\n\nUbuntu 20.04 LTS:\n libjavascriptcoregtk-4.0-18 2.34.4-0ubuntu0.20.04.1\n libwebkit2gtk-4.0-37 2.34.4-0ubuntu0.20.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK, such as Epiphany, to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202202-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: February 01, 2022\n Bugs: #779175, #801400, #813489, #819522, #820434, #829723,\n #831739\n ID: 202202-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.34.4 \u003e= 2.34.4\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in WebkitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.34.4\"\n\nReferences\n=========\n[ 1 ] CVE-2021-30848\n https://nvd.nist.gov/vuln/detail/CVE-2021-30848\n[ 2 ] CVE-2021-30888\n https://nvd.nist.gov/vuln/detail/CVE-2021-30888\n[ 3 ] CVE-2021-30682\n https://nvd.nist.gov/vuln/detail/CVE-2021-30682\n[ 4 ] CVE-2021-30889\n https://nvd.nist.gov/vuln/detail/CVE-2021-30889\n[ 5 ] CVE-2021-30666\n https://nvd.nist.gov/vuln/detail/CVE-2021-30666\n[ 6 ] CVE-2021-30665\n https://nvd.nist.gov/vuln/detail/CVE-2021-30665\n[ 7 ] CVE-2021-30890\n https://nvd.nist.gov/vuln/detail/CVE-2021-30890\n[ 8 ] CVE-2021-30661\n https://nvd.nist.gov/vuln/detail/CVE-2021-30661\n[ 9 ] WSA-2021-0005\n https://webkitgtk.org/security/WSA-2021-0005.html\n[ 10 ] CVE-2021-30761\n https://nvd.nist.gov/vuln/detail/CVE-2021-30761\n[ 11 ] CVE-2021-30897\n https://nvd.nist.gov/vuln/detail/CVE-2021-30897\n[ 12 ] CVE-2021-30823\n https://nvd.nist.gov/vuln/detail/CVE-2021-30823\n[ 13 ] CVE-2021-30734\n https://nvd.nist.gov/vuln/detail/CVE-2021-30734\n[ 14 ] CVE-2021-30934\n https://nvd.nist.gov/vuln/detail/CVE-2021-30934\n[ 15 ] CVE-2021-1871\n https://nvd.nist.gov/vuln/detail/CVE-2021-1871\n[ 16 ] CVE-2021-30762\n https://nvd.nist.gov/vuln/detail/CVE-2021-30762\n[ 17 ] WSA-2021-0006\n https://webkitgtk.org/security/WSA-2021-0006.html\n[ 18 ] CVE-2021-30797\n https://nvd.nist.gov/vuln/detail/CVE-2021-30797\n[ 19 ] CVE-2021-30936\n https://nvd.nist.gov/vuln/detail/CVE-2021-30936\n[ 20 ] CVE-2021-30663\n https://nvd.nist.gov/vuln/detail/CVE-2021-30663\n[ 21 ] CVE-2021-1825\n https://nvd.nist.gov/vuln/detail/CVE-2021-1825\n[ 22 ] CVE-2021-30951\n https://nvd.nist.gov/vuln/detail/CVE-2021-30951\n[ 23 ] CVE-2021-30952\n https://nvd.nist.gov/vuln/detail/CVE-2021-30952\n[ 24 ] CVE-2021-1788\n https://nvd.nist.gov/vuln/detail/CVE-2021-1788\n[ 25 ] CVE-2021-1820\n https://nvd.nist.gov/vuln/detail/CVE-2021-1820\n[ 26 ] CVE-2021-30953\n https://nvd.nist.gov/vuln/detail/CVE-2021-30953\n[ 27 ] CVE-2021-30749\n https://nvd.nist.gov/vuln/detail/CVE-2021-30749\n[ 28 ] CVE-2021-30849\n https://nvd.nist.gov/vuln/detail/CVE-2021-30849\n[ 29 ] CVE-2021-1826\n https://nvd.nist.gov/vuln/detail/CVE-2021-1826\n[ 30 ] CVE-2021-30836\n https://nvd.nist.gov/vuln/detail/CVE-2021-30836\n[ 31 ] CVE-2021-30954\n https://nvd.nist.gov/vuln/detail/CVE-2021-30954\n[ 32 ] CVE-2021-30984\n https://nvd.nist.gov/vuln/detail/CVE-2021-30984\n[ 33 ] CVE-2021-30851\n https://nvd.nist.gov/vuln/detail/CVE-2021-30851\n[ 34 ] CVE-2021-30758\n https://nvd.nist.gov/vuln/detail/CVE-2021-30758\n[ 35 ] CVE-2021-42762\n https://nvd.nist.gov/vuln/detail/CVE-2021-42762\n[ 36 ] CVE-2021-1844\n https://nvd.nist.gov/vuln/detail/CVE-2021-1844\n[ 37 ] CVE-2021-30689\n https://nvd.nist.gov/vuln/detail/CVE-2021-30689\n[ 38 ] CVE-2021-45482\n https://nvd.nist.gov/vuln/detail/CVE-2021-45482\n[ 39 ] CVE-2021-30858\n https://nvd.nist.gov/vuln/detail/CVE-2021-30858\n[ 40 ] CVE-2021-21779\n https://nvd.nist.gov/vuln/detail/CVE-2021-21779\n[ 41 ] WSA-2021-0004\n https://webkitgtk.org/security/WSA-2021-0004.html\n[ 42 ] CVE-2021-30846\n https://nvd.nist.gov/vuln/detail/CVE-2021-30846\n[ 43 ] CVE-2021-30744\n https://nvd.nist.gov/vuln/detail/CVE-2021-30744\n[ 44 ] CVE-2021-30809\n https://nvd.nist.gov/vuln/detail/CVE-2021-30809\n[ 45 ] CVE-2021-30884\n https://nvd.nist.gov/vuln/detail/CVE-2021-30884\n[ 46 ] CVE-2021-30720\n https://nvd.nist.gov/vuln/detail/CVE-2021-30720\n[ 47 ] CVE-2021-30799\n https://nvd.nist.gov/vuln/detail/CVE-2021-30799\n[ 48 ] CVE-2021-30795\n https://nvd.nist.gov/vuln/detail/CVE-2021-30795\n[ 49 ] CVE-2021-1817\n https://nvd.nist.gov/vuln/detail/CVE-2021-1817\n[ 50 ] CVE-2021-21775\n https://nvd.nist.gov/vuln/detail/CVE-2021-21775\n[ 51 ] CVE-2021-30887\n https://nvd.nist.gov/vuln/detail/CVE-2021-30887\n[ 52 ] CVE-2021-21806\n https://nvd.nist.gov/vuln/detail/CVE-2021-21806\n[ 53 ] CVE-2021-30818\n https://nvd.nist.gov/vuln/detail/CVE-2021-30818\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202202-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-30953"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021205"
},
{
"db": "VULHUB",
"id": "VHN-390686"
},
{
"db": "VULMON",
"id": "CVE-2021-30953"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "PACKETSTORM",
"id": "165765"
},
{
"db": "PACKETSTORM",
"id": "165794"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-390686",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390686"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-30953",
"trust": 3.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/21/2",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021205",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165359",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167037",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165358",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165360",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165765",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-390686",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-30953",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169186",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169195",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165794",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390686"
},
{
"db": "VULMON",
"id": "CVE-2021-30953"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021205"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "PACKETSTORM",
"id": "165765"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "NVD",
"id": "CVE-2021-30953"
}
]
},
"id": "VAR-202108-1268",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-390686"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T22:07:57.241000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212980 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://www.debian.org/security/2022/dsa-5060"
},
{
"title": "Red Hat: CVE-2021-30953",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-30953"
},
{
"title": "Debian Security Advisories: DSA-5060-1 webkit2gtk -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=743b4956bba0b69beefec691bcb80a4f"
},
{
"title": "Debian Security Advisories: DSA-5061-1 wpewebkit -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=de655d6c12336519b9a7054c0eb4670d"
},
{
"title": "Amazon Linux 2: ALAS2-2023-2088",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-2088"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-30953"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021205"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390686"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021205"
},
{
"db": "NVD",
"id": "CVE-2021-30953"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.openwall.com/lists/oss-security/2022/01/21/2"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30953"
},
{
"trust": 1.3,
"url": "https://www.debian.org/security/2022/dsa-5060"
},
{
"trust": 1.2,
"url": "https://www.debian.org/security/2022/dsa-5061"
},
{
"trust": 1.2,
"url": "https://support.apple.com/en-us/ht212975"
},
{
"trust": 1.2,
"url": "https://support.apple.com/en-us/ht212976"
},
{
"trust": 1.2,
"url": "https://support.apple.com/en-us/ht212978"
},
{
"trust": 1.2,
"url": "https://support.apple.com/en-us/ht212980"
},
{
"trust": 1.2,
"url": "https://support.apple.com/en-us/ht212982"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30934"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30952"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30984"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30936"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30954"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30951"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.2,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/"
},
{
"trust": 0.2,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30953"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30888"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30884"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45482"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30809"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30836"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30887"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30823"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30889"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30818"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30890"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30966"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30926"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30957"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30958"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30960"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30916"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30945"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30939"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30955"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30937"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30980"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30949"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30947"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30942"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2023-2088.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22592"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22637"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30809"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30846"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30890"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22620"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30887"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30952"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22590"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30936"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30848"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45483"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30849"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30836"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45481"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30818"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30951"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30984"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30954"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22590"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30884"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/webkit2gtk"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30995"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212980."
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212975."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30767"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30964"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212982."
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/wpewebkit"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5255-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.34.4-0ubuntu0.21.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.34.4-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1820"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30762"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0005.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30758"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21779"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202202-01"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1871"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30795"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30661"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30666"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30689"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0004.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0006.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21806"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390686"
},
{
"db": "VULMON",
"id": "CVE-2021-30953"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021205"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "PACKETSTORM",
"id": "165765"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "NVD",
"id": "CVE-2021-30953"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-390686"
},
{
"db": "VULMON",
"id": "CVE-2021-30953"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021205"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "PACKETSTORM",
"id": "165765"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "NVD",
"id": "CVE-2021-30953"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-390686"
},
{
"date": "2021-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30953"
},
{
"date": "2024-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-021205"
},
{
"date": "2022-05-11T15:50:41",
"db": "PACKETSTORM",
"id": "167037"
},
{
"date": "2022-01-28T20:12:00",
"db": "PACKETSTORM",
"id": "169186"
},
{
"date": "2021-12-17T19:19:55",
"db": "PACKETSTORM",
"id": "165358"
},
{
"date": "2021-12-17T19:20:06",
"db": "PACKETSTORM",
"id": "165359"
},
{
"date": "2021-12-17T19:23:27",
"db": "PACKETSTORM",
"id": "165360"
},
{
"date": "2022-01-28T20:12:00",
"db": "PACKETSTORM",
"id": "169195"
},
{
"date": "2022-01-28T14:36:27",
"db": "PACKETSTORM",
"id": "165765"
},
{
"date": "2022-02-01T17:03:05",
"db": "PACKETSTORM",
"id": "165794"
},
{
"date": "2021-08-24T19:15:21.817000",
"db": "NVD",
"id": "CVE-2021-30953"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-25T00:00:00",
"db": "VULHUB",
"id": "VHN-390686"
},
{
"date": "2022-02-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30953"
},
{
"date": "2024-07-18T08:04:00",
"db": "JVNDB",
"id": "JVNDB-2021-021205"
},
{
"date": "2023-11-07T03:34:01.670000",
"db": "NVD",
"id": "CVE-2021-30953"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "165765"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0Safari\u00a0 Out-of-bounds read vulnerabilities in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021205"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow, code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
}
],
"trust": 0.3
}
}
var-202108-1266
Vulnerability from variot
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. apple's Safari Products from multiple vendors, including Microsoft, contain freed memory usage vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. (CVE-2020-27918) "Clear History and Website Data" did not clear the history. A user may be unable to fully delete browsing history. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1789) A port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870) A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775) A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779) An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. The victim needs to visit a malicious web site to trigger the vulnerability. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30661) An integer overflow was addressed with improved input validation. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30799) A use-after-free flaw was found in WebKitGTK. (CVE-2021-30809) A confusion type flaw was found in WebKitGTK. (CVE-2021-30818) An out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30887) An information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888) A buffer overflow flaw was found in WebKitGTK. (CVE-2021-30951) An integer overflow was addressed with improved input validation. (CVE-2021-30952) An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30984) ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912) BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762) A segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-26719) In WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. An app may be able to disclose kernel memory. Visiting a website that frames malicious content may lead to UI spoofing. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-46700) A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529) A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358) A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360) A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361) A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362) A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363) The vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932) The vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954) An out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373) N/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-12-15-6 watchOS 8.3
watchOS 8.3 addresses the following issues. CVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab
CFNetwork Proxies Available for: Apple Watch Series 3 and later Impact: User traffic might unexpectedly be leaked to a proxy server despite PAC configurations Description: A logic issue was addressed with improved state management. CVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab
CoreAudio Available for: Apple Watch Series 3 and later Impact: Playing a malicious audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab
Crash Reporter Available for: Apple Watch Series 3 and later Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30916: Zweig of Kunlun Lab
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30937: Sergei Glazunov of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30927: Xinru Chi of Pangu Lab CVE-2021-30980: Xinru Chi of Pangu Lab
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30949: Ian Beer of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2021-30955: Zweig of Kunlun Lab
Preferences Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to elevate privileges Description: A race condition was addressed with improved state handling. CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions. CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved restrictions. CVE-2021-30946: @gorelics
Sandbox Available for: Apple Watch Series 3 and later Impact: An application may be able to access a user's files Description: An access issue was addressed with additional sandbox restrictions. CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security
TCC Available for: Apple Watch Series 3 and later Impact: A local user may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30767: @gorelics
TCC Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass Privacy preferences Description: An inherited permissions issue was addressed with additional restrictions. CVE-2021-30954: Kunlun Lab
Additional recognition
Bluetooth We would like to acknowledge Haram Park, Korea University for their assistance.
ColorSync We would like to acknowledge Mateusz Jurczyk of Google Project Zero for their assistance.
Contacts We would like to acknowledge Minchan Park (03stin) for their assistance.
Kernel We would like to acknowledge Amit Klein of Bar-Ilan University's Center for Research in Applied Cryptography and Cyber Security for their assistance.
WebKit We would like to acknowledge Peter Snyder of Brave and Soroush Karami for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p rhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn wkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1 eG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh TL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj t1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+ wlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz xnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS rwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj FPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj zn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI 1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+ -----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202202-01
https://security.gentoo.org/
Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
[ 1 ] CVE-2021-30848 https://nvd.nist.gov/vuln/detail/CVE-2021-30848 [ 2 ] CVE-2021-30888 https://nvd.nist.gov/vuln/detail/CVE-2021-30888 [ 3 ] CVE-2021-30682 https://nvd.nist.gov/vuln/detail/CVE-2021-30682 [ 4 ] CVE-2021-30889 https://nvd.nist.gov/vuln/detail/CVE-2021-30889 [ 5 ] CVE-2021-30666 https://nvd.nist.gov/vuln/detail/CVE-2021-30666 [ 6 ] CVE-2021-30665 https://nvd.nist.gov/vuln/detail/CVE-2021-30665 [ 7 ] CVE-2021-30890 https://nvd.nist.gov/vuln/detail/CVE-2021-30890 [ 8 ] CVE-2021-30661 https://nvd.nist.gov/vuln/detail/CVE-2021-30661 [ 9 ] WSA-2021-0005 https://webkitgtk.org/security/WSA-2021-0005.html [ 10 ] CVE-2021-30761 https://nvd.nist.gov/vuln/detail/CVE-2021-30761 [ 11 ] CVE-2021-30897 https://nvd.nist.gov/vuln/detail/CVE-2021-30897 [ 12 ] CVE-2021-30823 https://nvd.nist.gov/vuln/detail/CVE-2021-30823 [ 13 ] CVE-2021-30734 https://nvd.nist.gov/vuln/detail/CVE-2021-30734 [ 14 ] CVE-2021-30934 https://nvd.nist.gov/vuln/detail/CVE-2021-30934 [ 15 ] CVE-2021-1871 https://nvd.nist.gov/vuln/detail/CVE-2021-1871 [ 16 ] CVE-2021-30762 https://nvd.nist.gov/vuln/detail/CVE-2021-30762 [ 17 ] WSA-2021-0006 https://webkitgtk.org/security/WSA-2021-0006.html [ 18 ] CVE-2021-30797 https://nvd.nist.gov/vuln/detail/CVE-2021-30797 [ 19 ] CVE-2021-30936 https://nvd.nist.gov/vuln/detail/CVE-2021-30936 [ 20 ] CVE-2021-30663 https://nvd.nist.gov/vuln/detail/CVE-2021-30663 [ 21 ] CVE-2021-1825 https://nvd.nist.gov/vuln/detail/CVE-2021-1825 [ 22 ] CVE-2021-30951 https://nvd.nist.gov/vuln/detail/CVE-2021-30951 [ 23 ] CVE-2021-30952 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 [ 24 ] CVE-2021-1788 https://nvd.nist.gov/vuln/detail/CVE-2021-1788 [ 25 ] CVE-2021-1820 https://nvd.nist.gov/vuln/detail/CVE-2021-1820 [ 26 ] CVE-2021-30953 https://nvd.nist.gov/vuln/detail/CVE-2021-30953 [ 27 ] CVE-2021-30749 https://nvd.nist.gov/vuln/detail/CVE-2021-30749 [ 28 ] CVE-2021-30849 https://nvd.nist.gov/vuln/detail/CVE-2021-30849 [ 29 ] CVE-2021-1826 https://nvd.nist.gov/vuln/detail/CVE-2021-1826 [ 30 ] CVE-2021-30836 https://nvd.nist.gov/vuln/detail/CVE-2021-30836 [ 31 ] CVE-2021-30954 https://nvd.nist.gov/vuln/detail/CVE-2021-30954 [ 32 ] CVE-2021-30984 https://nvd.nist.gov/vuln/detail/CVE-2021-30984 [ 33 ] CVE-2021-30851 https://nvd.nist.gov/vuln/detail/CVE-2021-30851 [ 34 ] CVE-2021-30758 https://nvd.nist.gov/vuln/detail/CVE-2021-30758 [ 35 ] CVE-2021-42762 https://nvd.nist.gov/vuln/detail/CVE-2021-42762 [ 36 ] CVE-2021-1844 https://nvd.nist.gov/vuln/detail/CVE-2021-1844 [ 37 ] CVE-2021-30689 https://nvd.nist.gov/vuln/detail/CVE-2021-30689 [ 38 ] CVE-2021-45482 https://nvd.nist.gov/vuln/detail/CVE-2021-45482 [ 39 ] CVE-2021-30858 https://nvd.nist.gov/vuln/detail/CVE-2021-30858 [ 40 ] CVE-2021-21779 https://nvd.nist.gov/vuln/detail/CVE-2021-21779 [ 41 ] WSA-2021-0004 https://webkitgtk.org/security/WSA-2021-0004.html [ 42 ] CVE-2021-30846 https://nvd.nist.gov/vuln/detail/CVE-2021-30846 [ 43 ] CVE-2021-30744 https://nvd.nist.gov/vuln/detail/CVE-2021-30744 [ 44 ] CVE-2021-30809 https://nvd.nist.gov/vuln/detail/CVE-2021-30809 [ 45 ] CVE-2021-30884 https://nvd.nist.gov/vuln/detail/CVE-2021-30884 [ 46 ] CVE-2021-30720 https://nvd.nist.gov/vuln/detail/CVE-2021-30720 [ 47 ] CVE-2021-30799 https://nvd.nist.gov/vuln/detail/CVE-2021-30799 [ 48 ] CVE-2021-30795 https://nvd.nist.gov/vuln/detail/CVE-2021-30795 [ 49 ] CVE-2021-1817 https://nvd.nist.gov/vuln/detail/CVE-2021-1817 [ 50 ] CVE-2021-21775 https://nvd.nist.gov/vuln/detail/CVE-2021-21775 [ 51 ] CVE-2021-30887 https://nvd.nist.gov/vuln/detail/CVE-2021-30887 [ 52 ] CVE-2021-21806 https://nvd.nist.gov/vuln/detail/CVE-2021-21806 [ 53 ] CVE-2021-30818 https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update Advisory ID: RHSA-2022:1777-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1777 Issue date: 2022-05-10 CVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 =====================================================================
- Summary:
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: webkit2gtk3-2.34.6-1.el8.src.rpm
aarch64: webkit2gtk3-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm
ppc64le: webkit2gtk3-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm
s390x: webkit2gtk3-2.34.6-1.el8.s390x.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm
x86_64: webkit2gtk3-2.34.6-1.el8.i686.rpm webkit2gtk3-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm webkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-30809 https://access.redhat.com/security/cve/CVE-2021-30818 https://access.redhat.com/security/cve/CVE-2021-30823 https://access.redhat.com/security/cve/CVE-2021-30836 https://access.redhat.com/security/cve/CVE-2021-30846 https://access.redhat.com/security/cve/CVE-2021-30848 https://access.redhat.com/security/cve/CVE-2021-30849 https://access.redhat.com/security/cve/CVE-2021-30851 https://access.redhat.com/security/cve/CVE-2021-30884 https://access.redhat.com/security/cve/CVE-2021-30887 https://access.redhat.com/security/cve/CVE-2021-30888 https://access.redhat.com/security/cve/CVE-2021-30889 https://access.redhat.com/security/cve/CVE-2021-30890 https://access.redhat.com/security/cve/CVE-2021-30897 https://access.redhat.com/security/cve/CVE-2021-30934 https://access.redhat.com/security/cve/CVE-2021-30936 https://access.redhat.com/security/cve/CVE-2021-30951 https://access.redhat.com/security/cve/CVE-2021-30952 https://access.redhat.com/security/cve/CVE-2021-30953 https://access.redhat.com/security/cve/CVE-2021-30954 https://access.redhat.com/security/cve/CVE-2021-30984 https://access.redhat.com/security/cve/CVE-2021-45481 https://access.redhat.com/security/cve/CVE-2021-45482 https://access.redhat.com/security/cve/CVE-2021-45483 https://access.redhat.com/security/cve/CVE-2022-22589 https://access.redhat.com/security/cve/CVE-2022-22590 https://access.redhat.com/security/cve/CVE-2022-22592 https://access.redhat.com/security/cve/CVE-2022-22594 https://access.redhat.com/security/cve/CVE-2022-22620 https://access.redhat.com/security/cve/CVE-2022-22637 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
For the oldstable distribution (buster), these problems have been fixed in version 2.34.4-1~deb10u1.
For the stable distribution (bullseye), these problems have been fixed in version 2.34.4-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1266",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.1"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "8.3"
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "8.3"
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "tvos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021202"
},
{
"db": "NVD",
"id": "CVE-2021-30951"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
}
],
"trust": 0.3
},
"cve": "CVE-2021-30951",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-30951",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-390684",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-30951",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-30951",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-30951",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-30951",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-2052",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-390684",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-30951",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390684"
},
{
"db": "VULMON",
"id": "CVE-2021-30951"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021202"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2052"
},
{
"db": "NVD",
"id": "CVE-2021-30951"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. apple\u0027s Safari Products from multiple vendors, including Microsoft, contain freed memory usage vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. (CVE-2020-27918)\n\"Clear History and Website Data\" did not clear the history. A user may be unable to fully delete browsing history. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1789)\nA port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870)\nA use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\nA use-after-free vulnerability exists in the way Webkit\u0027s GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779)\nAn exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. The victim needs to visit a malicious web site to trigger the vulnerability. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30661)\nAn integer overflow was addressed with improved input validation. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30799)\nA use-after-free flaw was found in WebKitGTK. (CVE-2021-30809)\nA confusion type flaw was found in WebKitGTK. (CVE-2021-30818)\nAn out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30887)\nAn information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888)\nA buffer overflow flaw was found in WebKitGTK. (CVE-2021-30951)\nAn integer overflow was addressed with improved input validation. (CVE-2021-30952)\nAn out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30984)\n** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912)\nBubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762)\nA segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-26719)\nIn WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. An app may be able to disclose kernel memory. Visiting a website that frames malicious content may lead to UI spoofing. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-46700)\nA flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529)\nA use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358)\nA use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360)\nA use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361)\nA use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362)\nA use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363)\nThe vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932)\nThe vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954)\nAn out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373)\nN/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-12-15-6 watchOS 8.3\n\nwatchOS 8.3 addresses the following issues. \nCVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab\n\nCFNetwork Proxies\nAvailable for: Apple Watch Series 3 and later\nImpact: User traffic might unexpectedly be leaked to a proxy server\ndespite PAC configurations\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: Apple Watch Series 3 and later\nImpact: Playing a malicious audio file may lead to arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab\n\nCrash Reporter\nAvailable for: Apple Watch Series 3 and later\nImpact: A local attacker may be able to elevate their privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year\nLab, Mickey Jin (@patch1t) of Trend Micro\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30916: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2021-30937: Sergei Glazunov of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30927: Xinru Chi of Pangu Lab\nCVE-2021-30980: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30949: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30955: Zweig of Kunlun Lab\n\nPreferences\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A validation issue related to hard link behavior was\naddressed with improved sandbox restrictions. \nCVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30946: @gorelics\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to access a user\u0027s files\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30767: @gorelics\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: An inherited permissions issue was addressed with\nadditional restrictions. \nCVE-2021-30954: Kunlun Lab\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Haram Park, Korea University for their\nassistance. \n\nColorSync\nWe would like to acknowledge Mateusz Jurczyk of Google Project Zero\nfor their assistance. \n\nContacts\nWe would like to acknowledge Minchan Park (03stin) for their\nassistance. \n\nKernel\nWe would like to acknowledge Amit Klein of Bar-Ilan University\u0027s\nCenter for Research in Applied Cryptography and Cyber Security for\ntheir assistance. \n\nWebKit\nWe would like to acknowledge Peter Snyder of Brave and Soroush Karami\nfor their assistance. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p\nrhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn\nwkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1\neG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh\nTL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj\nt1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+\nwlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz\nxnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS\nrwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj\nFPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj\nzn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI\n1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+\n-----END PGP SIGNATURE-----\n\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202202-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: February 01, 2022\n Bugs: #779175, #801400, #813489, #819522, #820434, #829723,\n #831739\n ID: 202202-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.34.4 \u003e= 2.34.4\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in WebkitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.34.4\"\n\nReferences\n=========\n[ 1 ] CVE-2021-30848\n https://nvd.nist.gov/vuln/detail/CVE-2021-30848\n[ 2 ] CVE-2021-30888\n https://nvd.nist.gov/vuln/detail/CVE-2021-30888\n[ 3 ] CVE-2021-30682\n https://nvd.nist.gov/vuln/detail/CVE-2021-30682\n[ 4 ] CVE-2021-30889\n https://nvd.nist.gov/vuln/detail/CVE-2021-30889\n[ 5 ] CVE-2021-30666\n https://nvd.nist.gov/vuln/detail/CVE-2021-30666\n[ 6 ] CVE-2021-30665\n https://nvd.nist.gov/vuln/detail/CVE-2021-30665\n[ 7 ] CVE-2021-30890\n https://nvd.nist.gov/vuln/detail/CVE-2021-30890\n[ 8 ] CVE-2021-30661\n https://nvd.nist.gov/vuln/detail/CVE-2021-30661\n[ 9 ] WSA-2021-0005\n https://webkitgtk.org/security/WSA-2021-0005.html\n[ 10 ] CVE-2021-30761\n https://nvd.nist.gov/vuln/detail/CVE-2021-30761\n[ 11 ] CVE-2021-30897\n https://nvd.nist.gov/vuln/detail/CVE-2021-30897\n[ 12 ] CVE-2021-30823\n https://nvd.nist.gov/vuln/detail/CVE-2021-30823\n[ 13 ] CVE-2021-30734\n https://nvd.nist.gov/vuln/detail/CVE-2021-30734\n[ 14 ] CVE-2021-30934\n https://nvd.nist.gov/vuln/detail/CVE-2021-30934\n[ 15 ] CVE-2021-1871\n https://nvd.nist.gov/vuln/detail/CVE-2021-1871\n[ 16 ] CVE-2021-30762\n https://nvd.nist.gov/vuln/detail/CVE-2021-30762\n[ 17 ] WSA-2021-0006\n https://webkitgtk.org/security/WSA-2021-0006.html\n[ 18 ] CVE-2021-30797\n https://nvd.nist.gov/vuln/detail/CVE-2021-30797\n[ 19 ] CVE-2021-30936\n https://nvd.nist.gov/vuln/detail/CVE-2021-30936\n[ 20 ] CVE-2021-30663\n https://nvd.nist.gov/vuln/detail/CVE-2021-30663\n[ 21 ] CVE-2021-1825\n https://nvd.nist.gov/vuln/detail/CVE-2021-1825\n[ 22 ] CVE-2021-30951\n https://nvd.nist.gov/vuln/detail/CVE-2021-30951\n[ 23 ] CVE-2021-30952\n https://nvd.nist.gov/vuln/detail/CVE-2021-30952\n[ 24 ] CVE-2021-1788\n https://nvd.nist.gov/vuln/detail/CVE-2021-1788\n[ 25 ] CVE-2021-1820\n https://nvd.nist.gov/vuln/detail/CVE-2021-1820\n[ 26 ] CVE-2021-30953\n https://nvd.nist.gov/vuln/detail/CVE-2021-30953\n[ 27 ] CVE-2021-30749\n https://nvd.nist.gov/vuln/detail/CVE-2021-30749\n[ 28 ] CVE-2021-30849\n https://nvd.nist.gov/vuln/detail/CVE-2021-30849\n[ 29 ] CVE-2021-1826\n https://nvd.nist.gov/vuln/detail/CVE-2021-1826\n[ 30 ] CVE-2021-30836\n https://nvd.nist.gov/vuln/detail/CVE-2021-30836\n[ 31 ] CVE-2021-30954\n https://nvd.nist.gov/vuln/detail/CVE-2021-30954\n[ 32 ] CVE-2021-30984\n https://nvd.nist.gov/vuln/detail/CVE-2021-30984\n[ 33 ] CVE-2021-30851\n https://nvd.nist.gov/vuln/detail/CVE-2021-30851\n[ 34 ] CVE-2021-30758\n https://nvd.nist.gov/vuln/detail/CVE-2021-30758\n[ 35 ] CVE-2021-42762\n https://nvd.nist.gov/vuln/detail/CVE-2021-42762\n[ 36 ] CVE-2021-1844\n https://nvd.nist.gov/vuln/detail/CVE-2021-1844\n[ 37 ] CVE-2021-30689\n https://nvd.nist.gov/vuln/detail/CVE-2021-30689\n[ 38 ] CVE-2021-45482\n https://nvd.nist.gov/vuln/detail/CVE-2021-45482\n[ 39 ] CVE-2021-30858\n https://nvd.nist.gov/vuln/detail/CVE-2021-30858\n[ 40 ] CVE-2021-21779\n https://nvd.nist.gov/vuln/detail/CVE-2021-21779\n[ 41 ] WSA-2021-0004\n https://webkitgtk.org/security/WSA-2021-0004.html\n[ 42 ] CVE-2021-30846\n https://nvd.nist.gov/vuln/detail/CVE-2021-30846\n[ 43 ] CVE-2021-30744\n https://nvd.nist.gov/vuln/detail/CVE-2021-30744\n[ 44 ] CVE-2021-30809\n https://nvd.nist.gov/vuln/detail/CVE-2021-30809\n[ 45 ] CVE-2021-30884\n https://nvd.nist.gov/vuln/detail/CVE-2021-30884\n[ 46 ] CVE-2021-30720\n https://nvd.nist.gov/vuln/detail/CVE-2021-30720\n[ 47 ] CVE-2021-30799\n https://nvd.nist.gov/vuln/detail/CVE-2021-30799\n[ 48 ] CVE-2021-30795\n https://nvd.nist.gov/vuln/detail/CVE-2021-30795\n[ 49 ] CVE-2021-1817\n https://nvd.nist.gov/vuln/detail/CVE-2021-1817\n[ 50 ] CVE-2021-21775\n https://nvd.nist.gov/vuln/detail/CVE-2021-21775\n[ 51 ] CVE-2021-30887\n https://nvd.nist.gov/vuln/detail/CVE-2021-30887\n[ 52 ] CVE-2021-21806\n https://nvd.nist.gov/vuln/detail/CVE-2021-21806\n[ 53 ] CVE-2021-30818\n https://nvd.nist.gov/vuln/detail/CVE-2021-30818\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202202-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2022:1777-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1777\nIssue date: 2022-05-10\nCVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 \n CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 \n CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 \n CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 \n CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 \n CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 \n CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 \n CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 \n CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 \n CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 \n=====================================================================\n\n1. Summary:\n\nAn update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nWebKitGTK is the port of the portable web rendering engine WebKit to the\nGTK platform. \n\nThe following packages have been upgraded to a later upstream version:\nwebkit2gtk3 (2.34.6). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.6 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nwebkit2gtk3-2.34.6-1.el8.src.rpm\n\naarch64:\nwebkit2gtk3-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\n\nppc64le:\nwebkit2gtk3-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\n\ns390x:\nwebkit2gtk3-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm\n\nx86_64:\nwebkit2gtk3-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-30809\nhttps://access.redhat.com/security/cve/CVE-2021-30818\nhttps://access.redhat.com/security/cve/CVE-2021-30823\nhttps://access.redhat.com/security/cve/CVE-2021-30836\nhttps://access.redhat.com/security/cve/CVE-2021-30846\nhttps://access.redhat.com/security/cve/CVE-2021-30848\nhttps://access.redhat.com/security/cve/CVE-2021-30849\nhttps://access.redhat.com/security/cve/CVE-2021-30851\nhttps://access.redhat.com/security/cve/CVE-2021-30884\nhttps://access.redhat.com/security/cve/CVE-2021-30887\nhttps://access.redhat.com/security/cve/CVE-2021-30888\nhttps://access.redhat.com/security/cve/CVE-2021-30889\nhttps://access.redhat.com/security/cve/CVE-2021-30890\nhttps://access.redhat.com/security/cve/CVE-2021-30897\nhttps://access.redhat.com/security/cve/CVE-2021-30934\nhttps://access.redhat.com/security/cve/CVE-2021-30936\nhttps://access.redhat.com/security/cve/CVE-2021-30951\nhttps://access.redhat.com/security/cve/CVE-2021-30952\nhttps://access.redhat.com/security/cve/CVE-2021-30953\nhttps://access.redhat.com/security/cve/CVE-2021-30954\nhttps://access.redhat.com/security/cve/CVE-2021-30984\nhttps://access.redhat.com/security/cve/CVE-2021-45481\nhttps://access.redhat.com/security/cve/CVE-2021-45482\nhttps://access.redhat.com/security/cve/CVE-2021-45483\nhttps://access.redhat.com/security/cve/CVE-2022-22589\nhttps://access.redhat.com/security/cve/CVE-2022-22590\nhttps://access.redhat.com/security/cve/CVE-2022-22592\nhttps://access.redhat.com/security/cve/CVE-2022-22594\nhttps://access.redhat.com/security/cve/CVE-2022-22620\nhttps://access.redhat.com/security/cve/CVE-2022-22637\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.34.4-1~deb10u1. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.34.4-1~deb11u1. \n\nWe recommend that you upgrade your webkit2gtk packages",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-30951"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021202"
},
{
"db": "VULHUB",
"id": "VHN-390684"
},
{
"db": "VULMON",
"id": "CVE-2021-30951"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "169195"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-30951",
"trust": 4.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/21/2",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "167037",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165360",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021202",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022012631",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121510",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121434",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051140",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012301",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0371",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0899",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4260",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0405",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2052",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "165359",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165358",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-390684",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-30951",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165794",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169186",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169195",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390684"
},
{
"db": "VULMON",
"id": "CVE-2021-30951"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021202"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2052"
},
{
"db": "NVD",
"id": "CVE-2021-30951"
}
]
},
"id": "VAR-202108-1266",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-390684"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:04:50.494000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212980 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://www.debian.org/security/2022/dsa-5060"
},
{
"title": "Apple iOS and iPadOS Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175814"
},
{
"title": "Red Hat: CVE-2021-30951",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-30951"
},
{
"title": "Debian Security Advisories: DSA-5060-1 webkit2gtk -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=743b4956bba0b69beefec691bcb80a4f"
},
{
"title": "Debian Security Advisories: DSA-5061-1 wpewebkit -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=de655d6c12336519b9a7054c0eb4670d"
},
{
"title": "Amazon Linux 2: ALAS2-2023-2088",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-2088"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-30951"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021202"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2052"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390684"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021202"
},
{
"db": "NVD",
"id": "CVE-2021-30951"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.openwall.com/lists/oss-security/2022/01/21/2"
},
{
"trust": 2.4,
"url": "https://support.apple.com/en-us/ht212976"
},
{
"trust": 2.4,
"url": "https://support.apple.com/en-us/ht212982"
},
{
"trust": 1.9,
"url": "https://www.debian.org/security/2022/dsa-5060"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2022/dsa-5061"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212975"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212978"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212980"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30951"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-30951"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30936"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30984"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30953"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30952"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30954"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30934"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0371"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-37064"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167037/red-hat-security-advisory-2022-1777-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121510"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkitgtk-multiple-vulnerabilities-37345"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051140"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4260"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0405"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121434"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0899"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165360/apple-security-advisory-2021-12-15-7.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012301"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012631"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30966"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30926"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30957"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30958"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30960"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30916"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30945"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30939"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30955"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30937"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30980"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30949"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30947"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30887"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30884"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30890"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30818"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45482"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30809"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30889"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30823"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30888"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30836"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2023-2088.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30995"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212980."
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212975."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30767"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30964"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212982."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1820"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30762"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0005.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30758"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21779"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202202-01"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1871"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30795"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30661"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30666"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30689"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0004.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0006.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21806"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22592"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22637"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30809"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30846"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30890"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22620"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30887"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30952"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22590"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30936"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30848"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45483"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30849"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30836"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45481"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30818"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30984"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30954"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22590"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30884"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/webkit2gtk"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/wpewebkit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390684"
},
{
"db": "VULMON",
"id": "CVE-2021-30951"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021202"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2052"
},
{
"db": "NVD",
"id": "CVE-2021-30951"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-390684"
},
{
"db": "VULMON",
"id": "CVE-2021-30951"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021202"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2052"
},
{
"db": "NVD",
"id": "CVE-2021-30951"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-390684"
},
{
"date": "2021-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30951"
},
{
"date": "2024-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-021202"
},
{
"date": "2021-12-17T19:19:55",
"db": "PACKETSTORM",
"id": "165358"
},
{
"date": "2021-12-17T19:20:06",
"db": "PACKETSTORM",
"id": "165359"
},
{
"date": "2021-12-17T19:23:27",
"db": "PACKETSTORM",
"id": "165360"
},
{
"date": "2022-02-01T17:03:05",
"db": "PACKETSTORM",
"id": "165794"
},
{
"date": "2022-05-11T15:50:41",
"db": "PACKETSTORM",
"id": "167037"
},
{
"date": "2022-01-28T20:12:00",
"db": "PACKETSTORM",
"id": "169186"
},
{
"date": "2022-01-28T20:12:00",
"db": "PACKETSTORM",
"id": "169195"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2052"
},
{
"date": "2021-08-24T19:15:21.683000",
"db": "NVD",
"id": "CVE-2021-30951"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-25T00:00:00",
"db": "VULHUB",
"id": "VHN-390684"
},
{
"date": "2022-02-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30951"
},
{
"date": "2024-07-18T07:52:00",
"db": "JVNDB",
"id": "JVNDB-2021-021202"
},
{
"date": "2022-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2052"
},
{
"date": "2023-11-07T03:34:01.090000",
"db": "NVD",
"id": "CVE-2021-30951"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2052"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0Safari\u00a0 Vulnerability related to use of freed memory in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021202"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2052"
}
],
"trust": 0.6
}
}
var-202202-0148
Vulnerability from variot
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. vim/vim Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. No detailed vulnerability details were provided at this time. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13
macOS Ventura 13 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213488.
Accelerate Framework Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36)
AppleAVD Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to cause a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, an anonymous researcher
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc.
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved checks. CVE-2022-32890: Mickey Jin (@patch1t)
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2022-42796: an anonymous researcher
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022
AVEVideoEncoder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o.
Calendar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher
CFNetwork Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)
ColorSync Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. CVE-2022-26730: David Hoyt of Hoyt LLC
Crash Reporter Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection. CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike
curl Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.84.0. CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208
Directory Utility Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: A logic issue was addressed with improved checks. CVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc.
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03)
Exchange Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher
FaceTime Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2022-32935: Bistrit Dahal Entry added October 27, 2022
Find My Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A malicious application may be able to read sensitive location information Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security, Wojciech Reguła of SecuRing (wojciechregula.blog)
Finder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges Description: This issue was addressed with improved validation of symlinks. CVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies LTD
GPU Drivers Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi)
Grapher Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution Description: The issue was addressed with improved memory handling. CVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)
Heimdal Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-3437: Evgeny Legerov of Intevydis Entry added October 25, 2022
Image Processing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)
ImageIO Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622
Intel Graphics Driver Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-32936: Antonio Zekic (@antoniozekic)
IOHIDFamily Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom) Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero Entry added October 27, 2022
Mail Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: This issue was addressed with improved data protection. CVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security
Maps Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com
MediaLibrary Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
Model I/O Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: The issue was addressed with improved memory handling. CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security Light-Year Lab Entry added October 27, 2022
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: A denial-of-service issue was addressed with improved validation. CVE-2022-29458
Notes Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to track user activity Description: This issue was addressed with improved data protection. CVE-2022-42818: Gustav Hansen from WithSecure
Notifications Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer
PackageKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A race condition was addressed with improved state handling. CVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Photos Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection. CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022
Ruby Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Security Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania
Sidecar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital
Siri Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)
SMB Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger
Software Update Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro
SQLite Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690
Vim Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0696 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1381 CVE-2022-1420 CVE-2022-1725 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126
Weather Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc (@xmzyshypnc1)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose internal states of the app Description: A correctness issue in the JIT was addressed with improved checks. WebKit Bugzilla: 242964 CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab Entry added October 27, 2022
WebKit PDF Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative
WebKit Sandboxing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab
zlib Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022
Additional recognition
Airport We would like to acknowledge Joseph Salazar Acuña and Renato Llamoca of Intrado-Life & Safety/Globant for their assistance. AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance.
FaceTime We would like to acknowledge an anonymous researcher for their assistance.
FileVault We would like to acknowledge Timothy Perfitt of Twocanoes Software for their assistance.
Find My We would like to acknowledge an anonymous researcher for their assistance.
Identity Services We would like to acknowledge Joshua Jones for their assistance.
IOAcceleratorFamily We would like to acknowledge Antonio Zekic (@antoniozekic) for their assistance.
Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous researcher for their assistance.
Mail We would like to acknowledge an anonymous researcher for their assistance.
Mail Drafts We would like to acknowledge an anonymous researcher for their assistance.
Networking We would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video Communications for their assistance.
Photo Booth We would like to acknowledge Prashanth Kannan of Dremio for their assistance.
Quick Look We would like to acknowledge Hilary “It’s off by a Pixel” Street for their assistance.
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
smbx We would like to acknowledge HD Moore of runZero Asset Inventory for their assistance.
System We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.
System Settings We would like to acknowledge Bjorn Hellenbrand for their assistance.
UIKit We would like to acknowledge Aleczander Ewing for their assistance.
WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance.
WebRTC We would like to acknowledge an anonymous researcher for their assistance.
macOS Ventura 13 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke Nxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC /v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5 hyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb h3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z Eois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ qdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok r5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ MzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv tswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY +aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU w3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA= =lIdC -----END PGP SIGNATURE-----
. ========================================================================== Ubuntu Security Notice USN-5460-1 June 06, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0943)
It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1616)
It was discovered that Vim was not properly processing latin1 data when issuing Ex commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1619)
It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers, which could cause a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-1620)
It was discovered that Vim was not properly processing invalid bytes when performing spell check operations, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1621)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm6
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5460-1 CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0148",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4418"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005910"
},
{
"db": "NVD",
"id": "CVE-2022-0685"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169551"
}
],
"trust": 0.2
},
"cve": "CVE-2022-0685",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0685",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-415357",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0685",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2022-0685",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-0685",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0685",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0685",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-0685",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1663",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-415357",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0685",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415357"
},
{
"db": "VULMON",
"id": "CVE-2022-0685"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005910"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1663"
},
{
"db": "NVD",
"id": "CVE-2022-0685"
},
{
"db": "NVD",
"id": "CVE-2022-0685"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. vim/vim Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. No detailed vulnerability details were provided at this time. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13\n\nmacOS Ventura 13 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213488. \n\nAccelerate Framework\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\n\nAppleAVD\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to cause a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, an anonymous researcher\n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32890: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-42796: an anonymous researcher\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42798: Anonymous working with Trend Micro Zero Day\nInitiative\nEntry added October 27, 2022\n\nAVEVideoEncoder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32940: ABC Research s.r.o. \n\nCalendar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\n\nCFNetwork\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A certificate validation issue existed in the handling\nof WKWebView. This issue was addressed with improved validation. \nCVE-2022-42813: Jonathan Zhang of Open Computing Facility\n(ocf.berkeley.edu)\n\nColorSync\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the processing of\nICC profiles. This issue was addressed with improved input\nvalidation. \nCVE-2022-26730: David Hoyt of Hoyt LLC\n\nCrash Reporter\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\n\ncurl\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.84.0. \nCVE-2022-32205\nCVE-2022-32206\nCVE-2022-32207\nCVE-2022-32208\n\nDirectory Utility\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc. \n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32915: Tommy Muir (@Muirey03)\n\nExchange\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\n\nFaceTime\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen \nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2022-32935: Bistrit Dahal\nEntry added October 27, 2022\n\nFind My\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A malicious application may be able to read sensitive\nlocation information\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security,\nWojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nFinder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted DMG file may lead to\narbitrary code execution with system privileges\nDescription: This issue was addressed with improved validation of\nsymlinks. \nCVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies\nLTD\n\nGPU Drivers\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32947: Asahi Lina (@LinaAsahi)\n\nGrapher\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted gcx file may lead to\nunexpected app termination or arbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)\n\nHeimdal\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-3437: Evgeny Legerov of Intevydis\nEntry added October 25, 2022\n\nImage Processing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nImageIO\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\n\nIntel Graphics Driver\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-32936: Antonio Zekic (@antoniozekic)\n\nIOHIDFamily\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-42820: Peter Pan ZhenPeng of STAR Labs\n\nIOKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42806: Tingting Yin of Tsinghua University\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-42808: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: A race condition was addressed with improved locking. \nCVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42801: Ian Beer of Google Project Zero\nEntry added October 27, 2022\n\nMail\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security\n\nMaps\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\n\nMediaLibrary\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nModel I/O\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security\nLight-Year Lab\nEntry added October 27, 2022\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-29458\n\nNotes\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to track\nuser activity\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42818: Gustav Hansen from WithSecure\n\nNotifications\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\n\nPackageKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nPhotos\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-42829: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42830: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42831: an anonymous researcher\nCVE-2022-42832: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A buffer overflow may result in arbitrary code execution \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32941: an anonymous researcher\nEntry added October 27, 2022\n\nRuby\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: A memory corruption issue was addressed by updating Ruby\nto version 2.6.10. \nCVE-2022-28739\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32862: an anonymous researcher\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-42811: Justin Bui (@slyd0g) of Snowflake\n\nSecurity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\n\nShortcuts\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A shortcut may be able to check the existence of an arbitrary\npath on the file system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of\nComputer Science of. Romania\n\nSidecar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\n\nSiri\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)\n\nSMB\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\n\nSoftware Update\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro\n\nSQLite\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\n\nVim\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2022-0261\nCVE-2022-0318\nCVE-2022-0319\nCVE-2022-0351\nCVE-2022-0359\nCVE-2022-0361\nCVE-2022-0368\nCVE-2022-0392\nCVE-2022-0554\nCVE-2022-0572\nCVE-2022-0629\nCVE-2022-0685\nCVE-2022-0696\nCVE-2022-0714\nCVE-2022-0729\nCVE-2022-0943\nCVE-2022-1381\nCVE-2022-1420\nCVE-2022-1725\nCVE-2022-1616\nCVE-2022-1619\nCVE-2022-1620\nCVE-2022-1621\nCVE-2022-1629\nCVE-2022-1674\nCVE-2022-1733\nCVE-2022-1735\nCVE-2022-1769\nCVE-2022-1927\nCVE-2022-1942\nCVE-2022-1968\nCVE-2022-1851\nCVE-2022-1897\nCVE-2022-1898\nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\n\nWeather\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc\n(@xmzyshypnc1)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243693\nCVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 244622\nCVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 245058\nCVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser\nVulnerability Research, Ryan Shin of IAAI SecLab at Korea University,\nDohyun Lee (@l33d0hyun) of DNSLab at Korea University\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\ninternal states of the app\nDescription: A correctness issue in the JIT was addressed with\nimproved checks. \nWebKit Bugzilla: 242964\nCVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab\nEntry added October 27, 2022\n\nWebKit PDF\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 242781\nCVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend\nMicro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\n\nzlib\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution \nDescription: This issue was addressed with improved checks. \nCVE-2022-37434: Evgeny Legerov\nCVE-2022-42800: Evgeny Legerov\nEntry added October 27, 2022\n\nAdditional recognition\n\nAirport\nWe would like to acknowledge Joseph Salazar Acu\u00f1a and Renato Llamoca\nof Intrado-Life \u0026 Safety/Globant for their assistance. \nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nFileVault\nWe would like to acknowledge Timothy Perfitt of Twocanoes Software\nfor their assistance. \n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nIOAcceleratorFamily\nWe would like to acknowledge Antonio Zekic (@antoniozekic) for their\nassistance. \n\nKernel\nWe would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud\n(@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University,\nand Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous\nresearcher for their assistance. \n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMail Drafts\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNetworking\nWe would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video\nCommunications for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \n\nQuick Look\nWe would like to acknowledge Hilary \u201cIt\u2019s off by a Pixel\u201d Street for\ntheir assistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nsmbx\nWe would like to acknowledge HD Moore of runZero Asset Inventory for\ntheir assistance. \n\nSystem\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\nSystem Settings\nWe would like to acknowledge Bjorn Hellenbrand for their assistance. \n\nUIKit\nWe would like to acknowledge Aleczander Ewing for their assistance. \n\nWebKit\nWe would like to acknowledge Maddie Stone of Google Project Zero,\nNarendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an\nanonymous researcher for their assistance. \n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nmacOS Ventura 13 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke\nNxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC\n/v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5\nhyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb\nh3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z\nEois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ\nqdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok\nr5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ\nMzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv\ntswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY\n+aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU\nw3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA=\n=lIdC\n-----END PGP SIGNATURE-----\n\n\n. ==========================================================================\nUbuntu Security Notice USN-5460-1\nJune 06, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. \nAn attacker could possibly use this issue to perform illegal memory\naccess and expose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks\nfor column numbers when replacing tabs with spaces or spaces with\ntabs, which could cause a heap buffer overflow. An attacker could\npossibly use this issue to cause a denial of service or execute\narbitrary code. (CVE-2022-0572)\n\nIt was discovered that Vim was not properly performing validation of\ndata that contained special multi-byte characters, which could cause\nan out-of-bounds read. An attacker could possibly use this issue to\ncause a denial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to\ndefine indentation in a file, which could cause a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial\nof service. (CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds\nread. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2022-0729)\n\nIt was discovered that Vim was not properly performing bounds checks\nwhen executing spell suggestion commands, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-0943)\n\nIt was discovered that Vim was incorrectly performing bounds checks\nwhen processing invalid commands with composing characters in Ex\nmode, which could cause a buffer overflow. An attacker could possibly\nuse this issue to cause a denial of service or execute arbitrary\ncode. (CVE-2022-1616)\n\nIt was discovered that Vim was not properly processing latin1 data\nwhen issuing Ex commands, which could cause a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-1619)\n\nIt was discovered that Vim was not properly performing memory\nmanagement when dealing with invalid regular expression patterns in\nbuffers, which could cause a NULL pointer dereference. An attacker\ncould possibly use this issue to cause a denial of service. \n(CVE-2022-1620)\n\nIt was discovered that Vim was not properly processing invalid bytes\nwhen performing spell check operations, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-1621)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n vim 2:7.4.1689-3ubuntu1.5+esm6\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5460-1\n CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714,\n CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619,\n CVE-2022-1620, CVE-2022-1621\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0685"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005910"
},
{
"db": "VULHUB",
"id": "VHN-415357"
},
{
"db": "VULMON",
"id": "CVE-2022-0685"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0685",
"trust": 3.8
},
{
"db": "PACKETSTORM",
"id": "169561",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167419",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005910",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.2791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1056",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060635",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1663",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169551",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2022-13206",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-415357",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0685",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415357"
},
{
"db": "VULMON",
"id": "CVE-2022-0685"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005910"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1663"
},
{
"db": "NVD",
"id": "CVE-2022-0685"
}
]
},
"id": "VAR-202202-0148",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415357"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:58:19.040000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "crash\u00a0when\u00a0using\u00a0special\u00a0multi-byte\u00a0character Apple Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"title": "vim Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=183678"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0685"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1771",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1771"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1579",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1579"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-077",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-077"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0685"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005910"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1663"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-823",
"trust": 1.1
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415357"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005910"
},
{
"db": "NVD",
"id": "CVE-2022-0685"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"trust": 1.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1056"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-vim-isupper-37655"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2791"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-0685/"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167419/ubuntu-security-notice-usn-5460-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060635"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169561/apple-security-advisory-2022-10-27-5.html"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht213488."
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/823.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2022-1771.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5460-1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415357"
},
{
"db": "VULMON",
"id": "CVE-2022-0685"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005910"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1663"
},
{
"db": "NVD",
"id": "CVE-2022-0685"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415357"
},
{
"db": "VULMON",
"id": "CVE-2022-0685"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005910"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1663"
},
{
"db": "NVD",
"id": "CVE-2022-0685"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-20T00:00:00",
"db": "VULHUB",
"id": "VHN-415357"
},
{
"date": "2022-02-20T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0685"
},
{
"date": "2023-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005910"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-10-31T14:22:32",
"db": "PACKETSTORM",
"id": "169561"
},
{
"date": "2022-06-07T15:13:22",
"db": "PACKETSTORM",
"id": "167419"
},
{
"date": "2022-10-31T14:19:00",
"db": "PACKETSTORM",
"id": "169551"
},
{
"date": "2022-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1663"
},
{
"date": "2022-02-20T11:15:07.373000",
"db": "NVD",
"id": "CVE-2022-0685"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-415357"
},
{
"date": "2022-03-29T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0685"
},
{
"date": "2023-06-19T04:52:00",
"db": "JVNDB",
"id": "JVNDB-2022-005910"
},
{
"date": "2022-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1663"
},
{
"date": "2024-11-21T06:39:10.937000",
"db": "NVD",
"id": "CVE-2022-0685"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1663"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005910"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1663"
}
],
"trust": 0.6
}
}
var-202103-0218
Vulnerability from variot
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. Open vSwitch Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state. Canonical Ubuntu is a set of desktop application-based GNU/Linux operating system developed by British company Canonical. A security vulnerability exists in the Ubuntu lldp software that could be exploited by an attacker to trigger a denial of service attack. The following products and models are affected: Ubuntu 20.10 openvswitch-common, Ubuntu 20.04 LTS openvswitch-common Ubuntu 18.04 LTS openvswitch-common, Ubuntu 16.04 LTS: openvswitch-common.
For the stable distribution (buster), these problems have been fixed in version 2.10.6+ds1-0+deb10u1.
For the detailed security status of openvswitch please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openvswitch
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmALHj0ACgkQEMKTtsN8 TjaYHw/6Atkb8+AS+g8R3FpNe0L+Eqie3RzZ1ZOhbJTvkBzeKdusw4dNk7DfsbJt uy/b2hHvooR+MQVpxeDXD/Azpf+k7b1m3LZ7P/fKKsXDmuMX6jge8rai8DZyJdfI IRYjU+yqd6z9ytKRg8bPcXgG/1hmdMznunBdpdLKQnmtH2EsVrflAaqAkABqVjO6 X0NHzUsRrI0yXWLDI3pqD7bc8Oq/TFtHi6BCBVxk3VPegBC3CzAelPfHu5KJeSKC lOyrmc+ut/HbXJexRFzkrrNQsYB2M7/ZgJLv0XQmYaP7vnpu09xaaqYBreCIp8Q9 DZmCy9pLVzop0WNJzdLnRbwhBB2eBZF6qyax6ldvifcN/QAnLLC4Zzg1eNdktrPE Dq9rJ/6U56DycmqKrlyKvlpTHM0IJ4+4TI5yM4OL2/wDkT/Mfjr7lwQbo/Xafy/X +vviNQGFd2z/8aIdkc0auPhGle/VME+mlBBLCNU47HrfaWTIR94PFjKfmTL/9dzM VRz6TfS5yG9kCi9H1xB/94q50no186IVUh5+Jr7SnfCr0sSm5ahNIIEtg5lmvqHd pUDZD7tO0uvcMUIV06xXSealz1ECKzwB0ZaJYfngOZ/KnBr7opZsDXm0wRVZdSBN DFZQX3XNSM1Gi0xHlV6uYQgi2HRuPk5QdW2TqmEN7XUNeQ9xdpI= =BZCg -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202311-16
https://security.gentoo.org/
Severity: Low Title: Open vSwitch: Multiple Vulnerabilities Date: November 26, 2023 Bugs: #765346, #769995, #803107, #887561 ID: 202311-16
Synopsis
Multiple denial of service vulnerabilites have been found in Open vSwitch.
Background
Open vSwitch is a production quality multilayer virtual switch.
Affected packages
Package Vulnerable Unaffected
net-misc/openvswitch < 2.17.6 >= 2.17.6
Description
Multiple vulnerabilities have been discovered in Open vSwitch. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Open vSwitch users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openvswitch-2.17.6"
References
[ 1 ] CVE-2020-27827 https://nvd.nist.gov/vuln/detail/CVE-2020-27827 [ 2 ] CVE-2020-35498 https://nvd.nist.gov/vuln/detail/CVE-2020-35498 [ 3 ] CVE-2021-3905 https://nvd.nist.gov/vuln/detail/CVE-2021-3905 [ 4 ] CVE-2021-36980 https://nvd.nist.gov/vuln/detail/CVE-2021-36980 [ 5 ] CVE-2022-4337 https://nvd.nist.gov/vuln/detail/CVE-2022-4337 [ 6 ] CVE-2022-4338 https://nvd.nist.gov/vuln/detail/CVE-2022-4338 [ 7 ] CVE-2023-1668 https://nvd.nist.gov/vuln/detail/CVE-2023-1668
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202311-16
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Description:
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Bug Fix(es):
-
[RFE] Add auto load balance params (BZ#1920121)
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat Virtualization Host security, bug fix and enhancement update (4.4.4-2) Advisory ID: RHSA-2021:0976-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2021:0976 Issue date: 2021-03-23 CVE Names: CVE-2020-27827 ==================================================================== 1. Summary:
An update for imgbased, redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - noarch
- Description:
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
The following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.4.4), redhat-virtualization-host (4.4.4)
Changes to the imgbased component:
- Previously, the chronyd symlink was removed during the upgrade process. As a result, the chronyd service was disabled following the upgrade. In this release, the chronyd service is enabled after upgrade. (BZ#1903777)
Security Fix(es):
- lldp/openvswitch: denial of service via externally triggered memory leak (CVE-2020-27827)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/2974891
- Bugs fixed (https://bugzilla.redhat.com/):
1903777 - chronyd is disabled after upgrading RHV-H 4.4.2 -> 4.4.3 1915877 - Rebase RHV-H 4.4.4 on RHEL 8.3.1 1916659 - Upgrade imgbased to 1.2.16 1921438 - CVE-2020-27827 lldp/openvswitch: denial of service via externally triggered memory leak 1932763 - Rebase RHV-H 4.4.4 on FDP 2.11 (21B)
- Package List:
Red Hat Virtualization 4 Hypervisor for RHEL 8:
Source: redhat-virtualization-host-4.4.4-20210307.0.el8_3.src.rpm
noarch: redhat-virtualization-host-image-update-4.4.4-20210307.0.el8_3.noarch.rpm
RHEL 8-based RHEV-H for RHEV 4 (build requirements):
Source: redhat-release-virtualization-host-4.4.4-2.el8ev.src.rpm
noarch: redhat-virtualization-host-image-update-placeholder-4.4.4-2.el8ev.noarch.rpm
x86_64: redhat-release-virtualization-host-4.4.4-2.el8ev.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-27827 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYFo5HtzjgjWX9erEAQhMtg//Wr6sNIkXoFWvB1Rf6IrjG6mumtZtQROR 7AucVC7FRmoyeqy+HiURXUdyBT4JiapEswPlEqI5Lg1s1pIfm0ONf4vf8CAXr6in u8T6LHR4rREldydYTFoW15KV7fl5O1pKV0m+xsmx6a8Ark9CZvA31x5rdexYEPHI GDjUOc7jh+CF+j+OGsA5mOLoEGTdxSX3j8Wr1rFuTDw+9ceIvddLAPXymc6NVhf7 5NCkRkcDeD/8PPjYYSBE+3c98uANPKGAb0HV+g20wZ46Qn7Jz+gLOYz7RrGDsGH0 yNzGdbZdovCdFkjNp852WswWzK3IK7Qrd3ow52mgweMlqxIMXJ/X7500D94DDiAs F1pkS+qKRdlR6RHfH5yuTBcugmTghDKkrt1+zsXdOja+/f5+Pc3JRIhz6wZIjEsC ZYezIyFhWjQHlkakmMRzdlFXboBNhBr5mGn7z2t0E2aoz/1j+tG7UbIp++HXFxqq 2hdIKGbCn/ETbKE5z3YEq+9Sndezg0GUsSpJTO2R8xre/O3P9bKdSphSF4e4gk0U CTjVTC1BrKUVQ5REb1trJqTHLHk6/igSg24Glez8ztE0WrKc2ncw0NYx8dDYtU7O XTrP6O6oPxU9zTd+22Dh5L/hVLsXndkBZSsoAdKoRBQ51P0WZlxNWObehIz3ZRhf Q5Xmbi8UbaY=QNMM -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.4. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2021:0958
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
This update fixes the following bugs among others:
-
A flaw was found in golang: crypto/elliptic, in which P-224 keys as generated could return incorrect inputs, which reduced the strength of the cryptography. (BZ#1918750)
-
This update adds new capabilities to the Baremetal Operator, allowing for different reboot modes to be utilized. This allows workloads to be relocated as quickly as possible in the event of a node failure. Additionally, it provides a path for clients to quickly power down systems for remediation purposes and to recover workloads. As a result, workload recovery time is significantly reduced. (BZ#1936407)
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.20-x86_64
The image digest is sha256:999a6a4bd731075e389ae601b373194c6cb2c7b4dadd1ad06ef607e86476b129
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.20-s390x
The image digest is sha256:90be6b7e97d8da9fbb2afc7fe6d7dd4da6265fb847ec440e46bda1a25c224b0c
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.6.20-ppc64le
The image digest is sha256:475367e4991d6e8ea3617cf3dfe2dd472db76a89f23484f118932d6bdd6f53e9
Security Fix(es):
- golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. Solution:
For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
1910352 - When creating a worker with a used mac-address stuck on registering 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1922417 - Issue configuring nodes with VLAN and teaming 1927554 - [sig-devex][Feature:ImageEcosystem][Slow] openshift sample application repositories rails/nodejs/cakephp 1929257 - The KubeletConfigController cannot process multiple confs for a pool/ pool changes 1929371 - 4.7 CNO claims to be done upgrading before it even starts 1929721 - Enable host-based disk encryption on Azure platform 1930106 - Cannot IPI with tang/tpm disk encryption 1930152 - Web console crashes during VM creation from template when no storage classes are defined 1931401 - test: openshift-tests.[sig-cli] oc observe works as expected [Suite:openshift/conformance/parallel] 1931863 - NetworkManager overlay FS not being created on None platform 1931950 - Whereabouts IPv6 addresses not calculated when leading hextets equal 0 1933839 - Panic in OLM packageserver when invoking webhook authorization endpoint 1934645 - [4.7z] Need BFD failover capability on ECMP routes 1935636 - High RAM usage on machine api termination node system oom 1936707 - New CSV using ServiceAccount named "default" stuck in Pending during upgrade 1936803 - Support ServiceBinding 0.5.0+ 1936861 - (release-4.7] Configmap gatherer doesn't include namespace name (in the archive path) in case of a configmap with binary data 1937313 - Topology view - vm details screen isntt stop loading 1937469 - Pod/node/ip/template isn't showing when vm is running 1937695 - ironic image "/" cluttered with files 1937829 - ovn-kube must handle single-stack to dual-stack migration 1937998 - [4.7] wrong community catalog image reference 1938405 - catalog operator causing CPU spikes and bad etcd performance 1939218 - Images built on OCP 4.6 clusters create manifests that result in quay.io (and other registries) rejecting those manifests 1939278 - Backport Avoid node disruption when kube-apiserver-to-kubelet-signer is rotated 1939477 - CI tests using openshift/hello-world broken by Ruby Version Update 1940283 - [VPA] Updater failed to trigger evictions due to "vpa-admission-controller" not found 1941297 - OCP-Metal images
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-0218",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "simatic hmi unified comfort panels",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "17"
},
{
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.8.0"
},
{
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.9.0"
},
{
"model": "lldpd",
"scope": "lt",
"trust": 1.0,
"vendor": "lldpd",
"version": "1.0.8"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.12.0"
},
{
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.7.12"
},
{
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.11.5"
},
{
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.6.0"
},
{
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.8.10"
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "13"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.10.0"
},
{
"model": "simatic net cp 1243-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.10.6"
},
{
"model": "simatic net cp 1543-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "10"
},
{
"model": "simatic net cp 1545-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.14.1"
},
{
"model": "openshift container platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "simatic net cp 1243-8 irc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "tim 1531 irc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.7.0"
},
{
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.6.9"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "sinumerik one",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0.1"
},
{
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.14.0"
},
{
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.13.0"
},
{
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.12.2"
},
{
"model": "simatic net cp 1542sp-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "simatic net cp 1543sp-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.9.8"
},
{
"model": "simatic net cp 1542sp-1 irc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "openvswitch",
"scope": "lt",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.13.2"
},
{
"model": "openvswitch",
"scope": "gte",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.11.0"
},
{
"model": "lldpd",
"scope": null,
"trust": 0.8,
"vendor": "lldpd",
"version": null
},
{
"model": "red hat openstack",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "red hat enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "red hat openshift container platform",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "open vswitch",
"scope": null,
"trust": 0.8,
"vendor": "open vswitch",
"version": null
},
{
"model": "red hat virtualization",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016396"
},
{
"db": "NVD",
"id": "CVE-2020-27827"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "161391"
},
{
"db": "PACKETSTORM",
"id": "161951"
},
{
"db": "PACKETSTORM",
"id": "162017"
},
{
"db": "PACKETSTORM",
"id": "161789"
},
{
"db": "PACKETSTORM",
"id": "162043"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1127"
}
],
"trust": 1.1
},
"cve": "CVE-2020-27827",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-27827",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-371938",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-27827",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-27827",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-27827",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-27827",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-1127",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-371938",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-371938"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016396"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1127"
},
{
"db": "NVD",
"id": "CVE-2020-27827"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. Open vSwitch Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state. Canonical Ubuntu is a set of desktop application-based GNU/Linux operating system developed by British company Canonical. A security vulnerability exists in the Ubuntu lldp software that could be exploited by an attacker to trigger a denial of service attack. The following products and models are affected: Ubuntu 20.10 openvswitch-common, Ubuntu 20.04 LTS openvswitch-common Ubuntu 18.04 LTS openvswitch-common, Ubuntu 16.04 LTS: openvswitch-common. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.10.6+ds1-0+deb10u1. \n\nFor the detailed security status of openvswitch please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openvswitch\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmALHj0ACgkQEMKTtsN8\nTjaYHw/6Atkb8+AS+g8R3FpNe0L+Eqie3RzZ1ZOhbJTvkBzeKdusw4dNk7DfsbJt\nuy/b2hHvooR+MQVpxeDXD/Azpf+k7b1m3LZ7P/fKKsXDmuMX6jge8rai8DZyJdfI\nIRYjU+yqd6z9ytKRg8bPcXgG/1hmdMznunBdpdLKQnmtH2EsVrflAaqAkABqVjO6\nX0NHzUsRrI0yXWLDI3pqD7bc8Oq/TFtHi6BCBVxk3VPegBC3CzAelPfHu5KJeSKC\nlOyrmc+ut/HbXJexRFzkrrNQsYB2M7/ZgJLv0XQmYaP7vnpu09xaaqYBreCIp8Q9\nDZmCy9pLVzop0WNJzdLnRbwhBB2eBZF6qyax6ldvifcN/QAnLLC4Zzg1eNdktrPE\nDq9rJ/6U56DycmqKrlyKvlpTHM0IJ4+4TI5yM4OL2/wDkT/Mfjr7lwQbo/Xafy/X\n+vviNQGFd2z/8aIdkc0auPhGle/VME+mlBBLCNU47HrfaWTIR94PFjKfmTL/9dzM\nVRz6TfS5yG9kCi9H1xB/94q50no186IVUh5+Jr7SnfCr0sSm5ahNIIEtg5lmvqHd\npUDZD7tO0uvcMUIV06xXSealz1ECKzwB0ZaJYfngOZ/KnBr7opZsDXm0wRVZdSBN\nDFZQX3XNSM1Gi0xHlV6uYQgi2HRuPk5QdW2TqmEN7XUNeQ9xdpI=\n=BZCg\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202311-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Open vSwitch: Multiple Vulnerabilities\n Date: November 26, 2023\n Bugs: #765346, #769995, #803107, #887561\n ID: 202311-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple denial of service vulnerabilites have been found in Open\nvSwitch. \n\nBackground\n=========\nOpen vSwitch is a production quality multilayer virtual switch. \n\nAffected packages\n================\nPackage Vulnerable Unaffected\n-------------------- ------------ ------------\nnet-misc/openvswitch \u003c 2.17.6 \u003e= 2.17.6\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Open vSwitch. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Open vSwitch users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/openvswitch-2.17.6\"\n\nReferences\n=========\n[ 1 ] CVE-2020-27827\n https://nvd.nist.gov/vuln/detail/CVE-2020-27827\n[ 2 ] CVE-2020-35498\n https://nvd.nist.gov/vuln/detail/CVE-2020-35498\n[ 3 ] CVE-2021-3905\n https://nvd.nist.gov/vuln/detail/CVE-2021-3905\n[ 4 ] CVE-2021-36980\n https://nvd.nist.gov/vuln/detail/CVE-2021-36980\n[ 5 ] CVE-2022-4337\n https://nvd.nist.gov/vuln/detail/CVE-2022-4337\n[ 6 ] CVE-2022-4338\n https://nvd.nist.gov/vuln/detail/CVE-2022-4338\n[ 7 ] CVE-2023-1668\n https://nvd.nist.gov/vuln/detail/CVE-2023-1668\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202311-16\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Description:\n\nOpen vSwitch provides standard network bridging functions and support for\nthe OpenFlow protocol for remote per-flow control of traffic. \n\nBug Fix(es):\n\n* [RFE] Add auto load balance params (BZ#1920121)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Red Hat Virtualization Host security, bug fix and enhancement update (4.4.4-2)\nAdvisory ID: RHSA-2021:0976-01\nProduct: Red Hat Virtualization\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0976\nIssue date: 2021-03-23\nCVE Names: CVE-2020-27827\n====================================================================\n1. Summary:\n\nAn update for imgbased, redhat-release-virtualization-host and\nredhat-virtualization-host is now available for Red Hat Virtualization 4\nfor Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64\nRed Hat Virtualization 4 Hypervisor for RHEL 8 - noarch\n\n3. Description:\n\nThe redhat-virtualization-host packages provide the Red Hat Virtualization\nHost. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are\ninstalled using a special build of Red Hat Enterprise Linux with only the\npackages required to host virtual machines. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. \n\nThe ovirt-node-ng packages provide the Red Hat Virtualization Host. These\npackages include redhat-release-virtualization-host, ovirt-node, and\nrhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a\nspecial build of Red Hat Enterprise Linux with only the packages required\nto host virtual machines. RHVH features a Cockpit user interface for\nmonitoring the host\u0027s resources and performing administrative tasks. \n\nThe following packages have been upgraded to a later upstream version:\nredhat-release-virtualization-host (4.4.4), redhat-virtualization-host\n(4.4.4)\n\nChanges to the imgbased component:\n\n* Previously, the chronyd symlink was removed during the upgrade process. \nAs a result, the chronyd service was disabled following the upgrade. \nIn this release, the chronyd service is enabled after upgrade. (BZ#1903777)\n\nSecurity Fix(es):\n\n* lldp/openvswitch: denial of service via externally triggered memory leak\n(CVE-2020-27827)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1903777 - chronyd is disabled after upgrading RHV-H 4.4.2 -\u003e 4.4.3\n1915877 - Rebase RHV-H 4.4.4 on RHEL 8.3.1\n1916659 - Upgrade imgbased to 1.2.16\n1921438 - CVE-2020-27827 lldp/openvswitch: denial of service via externally triggered memory leak\n1932763 - Rebase RHV-H 4.4.4 on FDP 2.11 (21B)\n\n6. Package List:\n\nRed Hat Virtualization 4 Hypervisor for RHEL 8:\n\nSource:\nredhat-virtualization-host-4.4.4-20210307.0.el8_3.src.rpm\n\nnoarch:\nredhat-virtualization-host-image-update-4.4.4-20210307.0.el8_3.noarch.rpm\n\nRHEL 8-based RHEV-H for RHEV 4 (build requirements):\n\nSource:\nredhat-release-virtualization-host-4.4.4-2.el8ev.src.rpm\n\nnoarch:\nredhat-virtualization-host-image-update-placeholder-4.4.4-2.el8ev.noarch.rpm\n\nx86_64:\nredhat-release-virtualization-host-4.4.4-2.el8ev.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-27827\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYFo5HtzjgjWX9erEAQhMtg//Wr6sNIkXoFWvB1Rf6IrjG6mumtZtQROR\n7AucVC7FRmoyeqy+HiURXUdyBT4JiapEswPlEqI5Lg1s1pIfm0ONf4vf8CAXr6in\nu8T6LHR4rREldydYTFoW15KV7fl5O1pKV0m+xsmx6a8Ark9CZvA31x5rdexYEPHI\nGDjUOc7jh+CF+j+OGsA5mOLoEGTdxSX3j8Wr1rFuTDw+9ceIvddLAPXymc6NVhf7\n5NCkRkcDeD/8PPjYYSBE+3c98uANPKGAb0HV+g20wZ46Qn7Jz+gLOYz7RrGDsGH0\nyNzGdbZdovCdFkjNp852WswWzK3IK7Qrd3ow52mgweMlqxIMXJ/X7500D94DDiAs\nF1pkS+qKRdlR6RHfH5yuTBcugmTghDKkrt1+zsXdOja+/f5+Pc3JRIhz6wZIjEsC\nZYezIyFhWjQHlkakmMRzdlFXboBNhBr5mGn7z2t0E2aoz/1j+tG7UbIp++HXFxqq\n2hdIKGbCn/ETbKE5z3YEq+9Sndezg0GUsSpJTO2R8xre/O3P9bKdSphSF4e4gk0U\nCTjVTC1BrKUVQ5REb1trJqTHLHk6/igSg24Glez8ztE0WrKc2ncw0NYx8dDYtU7O\nXTrP6O6oPxU9zTd+22Dh5L/hVLsXndkBZSsoAdKoRBQ51P0WZlxNWObehIz3ZRhf\nQ5Xmbi8UbaY=QNMM\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.4. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2021:0958\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nThis update fixes the following bugs among others:\n\n* A flaw was found in golang: crypto/elliptic, in which P-224 keys as\ngenerated could return incorrect inputs, which reduced the strength of the\ncryptography. (BZ#1918750)\n\n* This update adds new capabilities to the Baremetal Operator, allowing for\ndifferent reboot modes to be utilized. This allows workloads to be\nrelocated as quickly as possible in the event of a node failure. \nAdditionally, it provides a path for clients to quickly power down systems\nfor remediation purposes and to recover workloads. As a result, workload\nrecovery time is significantly reduced. (BZ#1936407)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.6.20-x86_64\n\nThe image digest is\nsha256:999a6a4bd731075e389ae601b373194c6cb2c7b4dadd1ad06ef607e86476b129\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.6.20-s390x\n\nThe image digest is\nsha256:90be6b7e97d8da9fbb2afc7fe6d7dd4da6265fb847ec440e46bda1a25c224b0c\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.6.20-ppc64le\n\nThe image digest is\nsha256:475367e4991d6e8ea3617cf3dfe2dd472db76a89f23484f118932d6bdd6f53e9\n\nSecurity Fix(es):\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve\n(CVE-2021-3114)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1910352 - When creating a worker with a used mac-address stuck on registering\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n1922417 - Issue configuring nodes with VLAN and teaming\n1927554 - [sig-devex][Feature:ImageEcosystem][Slow] openshift sample application repositories rails/nodejs/cakephp\n1929257 - The KubeletConfigController cannot process multiple confs for a pool/ pool changes\n1929371 - 4.7 CNO claims to be done upgrading before it even starts\n1929721 - Enable host-based disk encryption on Azure platform\n1930106 - Cannot IPI with tang/tpm disk encryption\n1930152 - Web console crashes during VM creation from template when no storage classes are defined\n1931401 - test: openshift-tests.[sig-cli] oc observe works as expected [Suite:openshift/conformance/parallel]\n1931863 - NetworkManager overlay FS not being created on None platform\n1931950 - Whereabouts IPv6 addresses not calculated when leading hextets equal 0\n1933839 - Panic in OLM packageserver when invoking webhook authorization endpoint\n1934645 - [4.7z] Need BFD failover capability on ECMP routes\n1935636 - High RAM usage on machine api termination node system oom\n1936707 - New CSV using ServiceAccount named \"default\" stuck in Pending during upgrade\n1936803 - Support ServiceBinding 0.5.0+\n1936861 - (release-4.7] Configmap gatherer doesn\u0027t include namespace name (in the archive path) in case of a configmap with binary data\n1937313 - Topology view - vm details screen isntt stop loading\n1937469 - Pod/node/ip/template isn\u0027t showing when vm is running\n1937695 - ironic image \"/\" cluttered with files\n1937829 - ovn-kube must handle single-stack to dual-stack migration\n1937998 - [4.7] wrong community catalog image reference\n1938405 - catalog operator causing CPU spikes and bad etcd performance\n1939218 - Images built on OCP 4.6 clusters create manifests that result in quay.io (and other registries) rejecting those manifests\n1939278 - Backport Avoid node disruption when kube-apiserver-to-kubelet-signer is rotated\n1939477 - CI tests using openshift/hello-world broken by Ruby Version Update\n1940283 - [VPA] Updater failed to trigger evictions due to \"vpa-admission-controller\" not found\n1941297 - OCP-Metal images\n\n5. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27827"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016396"
},
{
"db": "VULHUB",
"id": "VHN-371938"
},
{
"db": "VULMON",
"id": "CVE-2020-27827"
},
{
"db": "PACKETSTORM",
"id": "168972"
},
{
"db": "PACKETSTORM",
"id": "175917"
},
{
"db": "PACKETSTORM",
"id": "161391"
},
{
"db": "PACKETSTORM",
"id": "161951"
},
{
"db": "PACKETSTORM",
"id": "162017"
},
{
"db": "PACKETSTORM",
"id": "161789"
},
{
"db": "PACKETSTORM",
"id": "162043"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-27827",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-21-194-07",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-941426",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "161391",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161951",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162017",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162043",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016396",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162733",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161781",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163180",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1127",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.0274",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0907",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2134",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0999",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0520",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2155",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0169",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1109",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0639",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1086",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2402",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0358",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1780",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052513",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062138",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161789",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162044",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161785",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-371938",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-27827",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168972",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175917",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-371938"
},
{
"db": "VULMON",
"id": "CVE-2020-27827"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016396"
},
{
"db": "PACKETSTORM",
"id": "168972"
},
{
"db": "PACKETSTORM",
"id": "175917"
},
{
"db": "PACKETSTORM",
"id": "161391"
},
{
"db": "PACKETSTORM",
"id": "161951"
},
{
"db": "PACKETSTORM",
"id": "162017"
},
{
"db": "PACKETSTORM",
"id": "161789"
},
{
"db": "PACKETSTORM",
"id": "162043"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1127"
},
{
"db": "NVD",
"id": "CVE-2020-27827"
}
]
},
"id": "VAR-202103-0218",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-371938"
}
],
"trust": 0.7875
},
"last_update_date": "2024-11-29T21:03:09.130000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Externally\u00a0triggered\u00a0memory\u00a0leak. Red hat Red\u00a0Hat\u00a0Bugzilla",
"trust": 0.8,
"url": "https://getfedora.org/ja/"
},
{
"title": "Canonical Ubuntu lldp Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=139475"
},
{
"title": "Debian CVElist Bug Report Logs: openvswitch: CVE-2020-27827",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=6e19c1cee1c2d0d3976ce8d1d62fbe23"
},
{
"title": "Debian Security Advisories: DSA-4836-1 openvswitch -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=4eb3ba5e3f5ae90d7aae6bc224bc63b7"
},
{
"title": "Arch Linux Advisories: [ASA-202101-29] lldpd: information disclosure",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202101-29"
},
{
"title": "Arch Linux Advisories: [ASA-202101-28] openvswitch: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202101-28"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-27827 log"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-27827"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016396"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1127"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "Resource exhaustion (CWE-400) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-371938"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016396"
},
{
"db": "NVD",
"id": "CVE-2020-27827"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27827"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921438"
},
{
"trust": 1.7,
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2021-january/379471.html"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202311-16"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jya4amjxcnf6upfg36l2tppt32c242sp/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3t5xhpogipwcrrpjue6p3hvc5ptsd5js/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/skqwhg2szjzsgc7pxvdaejybn7esdr7d/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3t5xhpogipwcrrpjue6p3hvc5ptsd5js/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/skqwhg2szjzsgc7pxvdaejybn7esdr7d/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jya4amjxcnf6upfg36l2tppt32c242sp/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162733/red-hat-security-advisory-2021-2077-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0639"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161391/red-hat-security-advisory-2021-0497-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0907"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052513"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0169/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0358/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2402"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162017/red-hat-security-advisory-2021-0957-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161781/red-hat-security-advisory-2021-0834-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0999"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1109"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2134"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2155"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1780"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0274/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161951/red-hat-security-advisory-2021-0976-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1086"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/lldp-memory-leak-34341"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0520"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062138"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162043/red-hat-security-advisory-2021-1051-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163180/red-hat-security-advisory-2021-2456-01.html"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-27827"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35498"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-35498"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980132"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/2021/dsa-4836"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2020-27827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8011"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/openvswitch"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3905"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4337"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4338"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1668"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36980"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0497"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0976"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0958"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0957"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1051"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-371938"
},
{
"db": "VULMON",
"id": "CVE-2020-27827"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016396"
},
{
"db": "PACKETSTORM",
"id": "168972"
},
{
"db": "PACKETSTORM",
"id": "175917"
},
{
"db": "PACKETSTORM",
"id": "161391"
},
{
"db": "PACKETSTORM",
"id": "161951"
},
{
"db": "PACKETSTORM",
"id": "162017"
},
{
"db": "PACKETSTORM",
"id": "161789"
},
{
"db": "PACKETSTORM",
"id": "162043"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1127"
},
{
"db": "NVD",
"id": "CVE-2020-27827"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-371938"
},
{
"db": "VULMON",
"id": "CVE-2020-27827"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016396"
},
{
"db": "PACKETSTORM",
"id": "168972"
},
{
"db": "PACKETSTORM",
"id": "175917"
},
{
"db": "PACKETSTORM",
"id": "161391"
},
{
"db": "PACKETSTORM",
"id": "161951"
},
{
"db": "PACKETSTORM",
"id": "162017"
},
{
"db": "PACKETSTORM",
"id": "161789"
},
{
"db": "PACKETSTORM",
"id": "162043"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1127"
},
{
"db": "NVD",
"id": "CVE-2020-27827"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-18T00:00:00",
"db": "VULHUB",
"id": "VHN-371938"
},
{
"date": "2021-03-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27827"
},
{
"date": "2021-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-016396"
},
{
"date": "2021-01-28T20:12:00",
"db": "PACKETSTORM",
"id": "168972"
},
{
"date": "2023-11-27T15:42:18",
"db": "PACKETSTORM",
"id": "175917"
},
{
"date": "2021-02-11T15:26:10",
"db": "PACKETSTORM",
"id": "161391"
},
{
"date": "2021-03-24T14:36:40",
"db": "PACKETSTORM",
"id": "161951"
},
{
"date": "2021-03-30T14:19:26",
"db": "PACKETSTORM",
"id": "162017"
},
{
"date": "2021-03-15T20:30:52",
"db": "PACKETSTORM",
"id": "161789"
},
{
"date": "2021-03-31T14:36:16",
"db": "PACKETSTORM",
"id": "162043"
},
{
"date": "2021-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1127"
},
{
"date": "2021-03-18T17:15:13.510000",
"db": "NVD",
"id": "CVE-2020-27827"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-371938"
},
{
"date": "2021-03-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27827"
},
{
"date": "2021-11-30T06:47:00",
"db": "JVNDB",
"id": "JVNDB-2020-016396"
},
{
"date": "2023-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1127"
},
{
"date": "2024-11-21T05:21:53.260000",
"db": "NVD",
"id": "CVE-2020-27827"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "161391"
},
{
"db": "PACKETSTORM",
"id": "161789"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1127"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Open\u00a0vSwitch\u00a0 Resource Depletion Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016396"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-1127"
}
],
"trust": 0.6
}
}
var-202310-1673
Vulnerability from variot
Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2.
Users are recommended to upgrade to version 9.2.3, which fixes the issue. This vulnerability is caused by an HTTP/2 frame format error and is vulnerable to HTTP/2 and s3 authentication plug-in attacks. An attacker could exploit this vulnerability to cause a denial of service. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5549-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 05, 2023 https://www.debian.org/security/faq
Package : trafficserver CVE ID : CVE-2022-47185 CVE-2023-33934 CVE-2023-39456 CVE-2023-41752 CVE-2023-44487
Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service or information disclosure.
For the oldstable distribution (bullseye), these problems have been fixed in version 8.1.9+ds-1~deb11u1.
For the stable distribution (bookworm), these problems have been fixed in version 9.2.3+ds-1+deb12u1.
We recommend that you upgrade your trafficserver packages.
For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVH8qoACgkQEMKTtsN8 TjbxOhAAkZMjvXgCcE1d9hO03bcOOVEU8dm3D7POoeIVqmZlgHRH6Q7xh1E3ER+C dl2Nix0Y+8KiCP9JjL6K9yzNcMpmeQ1M6QYD8HJxyj/ihVpWv+SMrdelVyYG5BPM ClWLHzNk6oQm3fMWE//EXm6vxoXOust61gTjhjozV7D1VvWYvLdDt/w59I+wHHc2 XIJ9gVakNvVrmdB2ItEwrYmPrRA6uECB3ag3xP4Wh1H9SkwVgcbBW6ZrgmPAjVQO UTxdCYJuoWkYavr6bolxUG833DfnJRPk9mZJVCdvX4FJnNI6Mp/XGWQ0KNx8K2Xj u6bG//dTJ948q0i5c4thWlCuKkalpZAJ3KxcFyZo6Io1QjCaSN49Rj1agCuiJp4r nmbh0GAlebvOypuiOZieJEEbTIhJpgF1hCLS2jy/Eo8qLP7Iodvr2US7JNwVEirj v0GZx9w9uyFYKfNgRDlJDdaJsmi+2YfbXO4uxp8rFNUY3acL/P8mTsMJohiWjNuH q+/hY7egr7igRPSe+zl2m/tpx1zlPxH761qMqdTVNwztE4t09vW4crPrQ8siwmC1 0HCyGef7R8eNqlODCwpeG1wC+DXHzx00FWUG1r24lNGf7koFnsuALJBPGRptbHqm v6z+piRi8deQNb1vCsQXBzsXjVrK+i/MAAjNixnvTJ9BnVh2ZPY= =gKYQ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202310-1673",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "9.0.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "38"
},
{
"model": "traffic server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "9.2.3"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "traffic server",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "traffic server",
"scope": "gte",
"trust": 0.6,
"vendor": "apache",
"version": "9.0.0,\u003c9.2.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-93321"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-014915"
},
{
"db": "NVD",
"id": "CVE-2023-39456"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Debian",
"sources": [
{
"db": "PACKETSTORM",
"id": "175650"
}
],
"trust": 0.1
},
"cve": "CVE-2023-39456",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-93321",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2023-39456",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2023-39456",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-39456",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-39456",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2023-93321",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-93321"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-014915"
},
{
"db": "NVD",
"id": "CVE-2023-39456"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. \n\nUsers are recommended to upgrade to version 9.2.3, which fixes the issue. This vulnerability is caused by an HTTP/2 frame format error and is vulnerable to HTTP/2 and s3 authentication plug-in attacks. An attacker could exploit this vulnerability to cause a denial of service. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5549-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 05, 2023 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : trafficserver\nCVE ID : CVE-2022-47185 CVE-2023-33934 CVE-2023-39456\n CVE-2023-41752 CVE-2023-44487\n\nSeveral vulnerabilities were discovered in Apache Traffic Server, a\nreverse and forward proxy server, which could result in denial of\nservice or information disclosure. \n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 8.1.9+ds-1~deb11u1. \n\nFor the stable distribution (bookworm), these problems have been fixed in\nversion 9.2.3+ds-1+deb12u1. \n\nWe recommend that you upgrade your trafficserver packages. \n\nFor the detailed security status of trafficserver please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/trafficserver\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVH8qoACgkQEMKTtsN8\nTjbxOhAAkZMjvXgCcE1d9hO03bcOOVEU8dm3D7POoeIVqmZlgHRH6Q7xh1E3ER+C\ndl2Nix0Y+8KiCP9JjL6K9yzNcMpmeQ1M6QYD8HJxyj/ihVpWv+SMrdelVyYG5BPM\nClWLHzNk6oQm3fMWE//EXm6vxoXOust61gTjhjozV7D1VvWYvLdDt/w59I+wHHc2\nXIJ9gVakNvVrmdB2ItEwrYmPrRA6uECB3ag3xP4Wh1H9SkwVgcbBW6ZrgmPAjVQO\nUTxdCYJuoWkYavr6bolxUG833DfnJRPk9mZJVCdvX4FJnNI6Mp/XGWQ0KNx8K2Xj\nu6bG//dTJ948q0i5c4thWlCuKkalpZAJ3KxcFyZo6Io1QjCaSN49Rj1agCuiJp4r\nnmbh0GAlebvOypuiOZieJEEbTIhJpgF1hCLS2jy/Eo8qLP7Iodvr2US7JNwVEirj\nv0GZx9w9uyFYKfNgRDlJDdaJsmi+2YfbXO4uxp8rFNUY3acL/P8mTsMJohiWjNuH\nq+/hY7egr7igRPSe+zl2m/tpx1zlPxH761qMqdTVNwztE4t09vW4crPrQ8siwmC1\n0HCyGef7R8eNqlODCwpeG1wC+DXHzx00FWUG1r24lNGf7koFnsuALJBPGRptbHqm\nv6z+piRi8deQNb1vCsQXBzsXjVrK+i/MAAjNixnvTJ9BnVh2ZPY=\n=gKYQ\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-39456"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-014915"
},
{
"db": "CNVD",
"id": "CNVD-2023-93321"
},
{
"db": "PACKETSTORM",
"id": "175650"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-39456",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2023-014915",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-93321",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "175650",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-93321"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-014915"
},
{
"db": "PACKETSTORM",
"id": "175650"
},
{
"db": "NVD",
"id": "CVE-2023-39456"
}
]
},
"id": "VAR-202310-1673",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-93321"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-93321"
}
]
},
"last_update_date": "2024-08-14T13:06:21.905000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Apache Traffic Server input validation error vulnerability (CNVD-2023-93321)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/492411"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-93321"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-014915"
},
{
"db": "NVD",
"id": "CVE-2023-39456"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"trust": 1.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jizsefc3ykcgaba2bzw6zjrmdzjmb7pj/"
},
{
"trust": 1.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vhuhtsxlxgxs7jykbxta3vinuphtngvu/"
},
{
"trust": 1.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zkqsikiat5tj3wslu3rdbq35yx4gy4v3/"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2023/dsa-5549"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-39456"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-33934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47185"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-44487"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/trafficserver"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-41752"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-93321"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-014915"
},
{
"db": "PACKETSTORM",
"id": "175650"
},
{
"db": "NVD",
"id": "CVE-2023-39456"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-93321"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-014915"
},
{
"db": "PACKETSTORM",
"id": "175650"
},
{
"db": "NVD",
"id": "CVE-2023-39456"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-93321"
},
{
"date": "2023-12-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-014915"
},
{
"date": "2023-11-13T22:11:28",
"db": "PACKETSTORM",
"id": "175650"
},
{
"date": "2023-10-17T07:15:09.737000",
"db": "NVD",
"id": "CVE-2023-39456"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-93321"
},
{
"date": "2023-12-26T06:58:00",
"db": "JVNDB",
"id": "JVNDB-2023-014915"
},
{
"date": "2023-11-06T03:15:11.950000",
"db": "NVD",
"id": "CVE-2023-39456"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache\u00a0Software\u00a0Foundation\u00a0 of \u00a0Apache\u00a0Traffic\u00a0Server\u00a0 Vulnerability related to input verification in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-014915"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "info disclosure",
"sources": [
{
"db": "PACKETSTORM",
"id": "175650"
}
],
"trust": 0.1
}
}
var-202012-1546
Vulnerability from variot
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. Linux Kernel contains a resource locking vulnerability and a freed memory usage vulnerability. Vendors must CID-54ffccbf053b It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. 7.4) - noarch, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:0856-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0856 Issue date: 2021-03-16 CVE Names: CVE-2019-19532 CVE-2020-0427 CVE-2020-7053 CVE-2020-14351 CVE-2020-25211 CVE-2020-25645 CVE-2020-25656 CVE-2020-25705 CVE-2020-28374 CVE-2020-29661 CVE-2021-20265 =====================================================================
- Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
-
kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)
-
kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)
-
kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)
-
kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532)
-
kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)
-
kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)
-
kernel: performance counters race condition use-after-free (CVE-2020-14351)
-
kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645)
-
kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)
-
kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)
-
kernel: increase slab leak leads to DoS (CVE-2021-20265)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
BUG: scheduling while atomic: memory allocation under spinlock in scsi_register_device_handler() (BZ#1619147)
-
WARNING in __iscsit_free_cmd during recovery Abort (BZ#1784540)
-
lpfc does not issue adisc to fcp-2 devices, does not respond to nvme targer that send an adisc. (BZ#1875961)
-
Panic in semctl_nolock.constprop.15+0x25b (BZ#1877264)
-
[RHEL 7.7][md]Crash due to invalid pool workqueue pointer, work queue race (BZ#1889372)
-
Guest crash on intel CPU with -cpu host,-spec-ctrl,+ibpb (BZ#1890669)
-
RHEL7.9 - kernel/uv: handle length extension properly (BZ#1899172)
-
Commit b144f013fc16a06d7a4b9a4be668a3583fafeda2 'i40e: don't report link up for a VF who hasn't enabled queues' introducing issues with VM using DPDK (BZ#1901064)
-
writing to /sys/devices/(...)/net/eno49/queues/tx-16/xps_cpus triggers kernel panic (BZ#1903819)
-
[Hyper-V][RHEL-7.9]video: hyperv_fb: Fix the cache type when mapping the VRAM Edit (BZ#1908896)
-
kvm-rhel7.9 [AMD] - system crash observed while powering on virtual machine with attached VF interfaces. (BZ#1909036)
-
kernel: nvme nvme7: Connect command failed, error wo/DNR bit: 2 (BZ#1910817)
-
dm-mirror crashes from assuming underlying storage will have a non-NULL merge_bvec_fn (BZ#1916407)
-
watchdog: use nmi registers snapshot in hardlockup handler (BZ#1916589)
-
[DELL EMC 7.9 BUG] - Intel E810 NIC interfaces are not functional in RHEL 7.9 on system with AMD Rome CPUs (BZ#1918273)
-
[DELL EMC BUG] RHEL system log shows AMD-Vi error when system connected with Gen 4 NVMe drives. (BZ#1921187)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1781821 - CVE-2019-19532 kernel: malicious USB devices can lead to multiple out-of-bounds write 1795624 - CVE-2020-7053 kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c 1862849 - CVE-2020-14351 kernel: performance counters race condition use-after-free 1877571 - CVE-2020-25211 kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c 1883988 - CVE-2020-25645 kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints 1888726 - CVE-2020-25656 kernel: use-after-free in read in vt_do_kdgkb_ioctl 1894579 - CVE-2020-25705 kernel: ICMP rate limiting can be used for DNS poisoning attack 1899804 - CVE-2020-28374 kernel: SCSI target (LIO) write to any block on ILO backstore 1901064 - Commit b144f013fc16a06d7a4b9a4be668a3583fafeda2 'i40e: don't report link up for a VF who hasn't enabled queues' introducing issues with VM using DPDK 1906525 - CVE-2020-29661 kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free 1908827 - CVE-2021-20265 kernel: increase slab leak leads to DoS 1916589 - watchdog: use nmi registers snapshot in hardlockup handler 1919893 - CVE-2020-0427 kernel: out-of-bounds reads in pinctrl subsystem.
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: kernel-3.10.0-1160.21.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm kernel-doc-3.10.0-1160.21.1.el7.noarch.rpm
x86_64: bpftool-3.10.0-1160.21.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm perf-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: kernel-3.10.0-1160.21.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm kernel-doc-3.10.0-1160.21.1.el7.noarch.rpm
x86_64: bpftool-3.10.0-1160.21.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm perf-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: kernel-3.10.0-1160.21.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm kernel-doc-3.10.0-1160.21.1.el7.noarch.rpm
ppc64: bpftool-3.10.0-1160.21.1.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-3.10.0-1160.21.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debug-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.21.1.el7.ppc64.rpm kernel-devel-3.10.0-1160.21.1.el7.ppc64.rpm kernel-headers-3.10.0-1160.21.1.el7.ppc64.rpm kernel-tools-3.10.0-1160.21.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.ppc64.rpm perf-3.10.0-1160.21.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm python-perf-3.10.0-1160.21.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm
ppc64le: bpftool-3.10.0-1160.21.1.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debug-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-devel-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-headers-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-tools-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.ppc64le.rpm perf-3.10.0-1160.21.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm python-perf-3.10.0-1160.21.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm
s390x: bpftool-3.10.0-1160.21.1.el7.s390x.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm kernel-3.10.0-1160.21.1.el7.s390x.rpm kernel-debug-3.10.0-1160.21.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.s390x.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1160.21.1.el7.s390x.rpm kernel-devel-3.10.0-1160.21.1.el7.s390x.rpm kernel-headers-3.10.0-1160.21.1.el7.s390x.rpm kernel-kdump-3.10.0-1160.21.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-1160.21.1.el7.s390x.rpm perf-3.10.0-1160.21.1.el7.s390x.rpm perf-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm python-perf-3.10.0-1160.21.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm
x86_64: bpftool-3.10.0-1160.21.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm perf-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: bpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.21.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm
ppc64le: bpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm
x86_64: bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: kernel-3.10.0-1160.21.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm kernel-doc-3.10.0-1160.21.1.el7.noarch.rpm
x86_64: bpftool-3.10.0-1160.21.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm perf-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: bpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-19532 https://access.redhat.com/security/cve/CVE-2020-0427 https://access.redhat.com/security/cve/CVE-2020-7053 https://access.redhat.com/security/cve/CVE-2020-14351 https://access.redhat.com/security/cve/CVE-2020-25211 https://access.redhat.com/security/cve/CVE-2020-25645 https://access.redhat.com/security/cve/CVE-2020-25656 https://access.redhat.com/security/cve/CVE-2020-25705 https://access.redhat.com/security/cve/CVE-2020-28374 https://access.redhat.com/security/cve/CVE-2020-29661 https://access.redhat.com/security/cve/CVE-2021-20265 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYFC579zjgjWX9erEAQirxQ/9FKZDGdDIPfGpiOwbkmMoqySgNxALO02Q mSTFgrFP/TM4sHCZxPhyuL1rbgPTVnrPKE8M/fTA2EzRQiMZud+vSy4Dvf/WwBXQ 1dStOQIJNmVohUXCRed043xJtfZxyLtteFoxhVjlVU2Eia1+f7d9t42vWQAXhtVB SuEDmitq+9dvv9S48bDJkZtSUkBvZTY9zCtjx6neqypg0j4KKwrYgr+Ui+VF3yJk xRtkw5SVhRiSFv8lBGKSkbIX9AqaoTi25HQPZ1rxB43Rjw0dxNZzlwC5LAs4LQUD mCRHZQcDaKCWmDC+bCy3g5sfETvblJfKiBF61mEOo0nTnPwyOalEciwG0bBcyrnu Bupt4OsM71s/KSK5IUA0jv6vVUy4fLL/5IfAz63XAdZD/ZMQq+hlPiB0e+8QmNDP o7rKWut+BEgqHrgtur7SNPzUIWCj7OVIZUO+7+dEMLKkIUlRQJKYudm3JUbF1M/c 9pc6DyR2pxjvbW+0pIAln+nawSt3OvCIEnwCewJuX0R/Pie09hRp/sh2xfItDcHj mYcpCz75VnMeV4tMm2JXn9HXQOqkAx/LPYtBh8ZNui6G+O3NRyTSOv4ouiT12e5r UfBBYb2KtK6VViAy83150q+qkws8nPykpeRkBukYZELtGQjpiMBwlaVTq809GShi 65tXPtffy4k= =OXZI -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 6 ELS) - i386, s390x, x86_64
Bug Fix(es):
-
Enable CI and changelog for GitLab workflow (BZ#1930523)
-
Description:
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 2.6.0 images:
RHEL-8-CNV-2.6 =============kubevirt-cpu-node-labeller-container-v2.6.0-5 kubevirt-cpu-model-nfd-plugin-container-v2.6.0-5 node-maintenance-operator-container-v2.6.0-13 kubevirt-vmware-container-v2.6.0-5 virtio-win-container-v2.6.0-5 kubevirt-kvm-info-nfd-plugin-container-v2.6.0-5 bridge-marker-container-v2.6.0-9 kubevirt-template-validator-container-v2.6.0-9 kubevirt-v2v-conversion-container-v2.6.0-6 kubemacpool-container-v2.6.0-13 kubevirt-ssp-operator-container-v2.6.0-40 hyperconverged-cluster-webhook-container-v2.6.0-73 hyperconverged-cluster-operator-container-v2.6.0-73 ovs-cni-plugin-container-v2.6.0-10 cnv-containernetworking-plugins-container-v2.6.0-10 ovs-cni-marker-container-v2.6.0-10 cluster-network-addons-operator-container-v2.6.0-16 hostpath-provisioner-container-v2.6.0-11 hostpath-provisioner-operator-container-v2.6.0-14 vm-import-virtv2v-container-v2.6.0-21 kubernetes-nmstate-handler-container-v2.6.0-19 vm-import-controller-container-v2.6.0-21 vm-import-operator-container-v2.6.0-21 virt-api-container-v2.6.0-111 virt-controller-container-v2.6.0-111 virt-handler-container-v2.6.0-111 virt-operator-container-v2.6.0-111 virt-launcher-container-v2.6.0-111 cnv-must-gather-container-v2.6.0-54 virt-cdi-importer-container-v2.6.0-24 virt-cdi-cloner-container-v2.6.0-24 virt-cdi-controller-container-v2.6.0-24 virt-cdi-uploadserver-container-v2.6.0-24 virt-cdi-apiserver-container-v2.6.0-24 virt-cdi-uploadproxy-container-v2.6.0-24 virt-cdi-operator-container-v2.6.0-24 hco-bundle-registry-container-v2.6.0-582
Security Fix(es):
-
golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)
-
golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)
-
gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
-
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
-
golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)
-
golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)
-
jwt-go: access restriction bypass vulnerability (CVE-2020-26160)
-
golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)
-
golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)
-
containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1732329 - Virtual Machine is missing documentation of its properties in yaml editor
1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv
1791753 - [RFE] [SSP] Template validator should check validations in template's parent template
1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic
1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration
1848956 - KMP requires downtime for CA stabilization during certificate rotation
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1853911 - VM with dot in network name fails to start with unclear message
1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show"
1856347 - SR-IOV : Missing network name for sriov during vm setup
1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS
1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination
1860714 - No API information from oc explain
1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints
1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem
1866593 - CDI is not handling vm disk clone
1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs
1868817 - Container-native Virtualization 2.6.0 Images
1873771 - Improve the VMCreationFailed error message caused by VM low memory
1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it
1878499 - DV import doesn't recover from scratch space PVC deletion
1879108 - Inconsistent naming of "oc virt" command in help text
1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running
1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT
1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability
1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message
1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used
1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, before the NodeNetworkConfigurationPolicy is applied
1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request.
1891285 - Common templates and kubevirt-config cm - update machine-type
1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error
1892227 - [SSP] cluster scoped resources are not being reconciled
1893278 - openshift-virtualization-os-images namespace not seen by user
1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza
1894428 - Message for VMI not migratable is not clear enough
1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium
1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import
1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
1898072 - Add Fedora33 to Fedora common templates
1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail
1899558 - CNV 2.6 - nmstate fails to set state
1901480 - VM disk io can't worked if namespace have label kubemacpool
1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig)
1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service
1903014 - hco-webhook pod in CreateContainerError
1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode
1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT "default"
1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers
1907151 - kubevirt version is not reported correctly via virtctl
1907352 - VM/VMI link changes to kubevirt.io~v1~VirtualMachineInstance on CNV 2.6
1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused "Internal error occurred" for creating datavolume
1907988 - VM loses dynamic IP address of its default interface after migration
1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity
1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error
1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference
1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import to Ceph RBD/BLOCK fails on "qemu-img: /data/disk.img" error
1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO
1911118 - Windows VMI LiveMigration / shutdown fails on 'XML error: non unique alias detected: ua-')
1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface
1911662 - el6 guests don't work properly if virtio bus is specified on various devices
1912908 - Allow using "scsi" bus for disks in template validation
1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails
1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user
1913717 - Users should have read permitions for golden images data volumes
1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes
1914177 - CNV does not preallocate blank file data volumes
1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes
1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer
1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block
1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored
1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration
1920576 - HCO can report ready=true when it failed to create a CR for a component operator
1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool
1927373 - NoExecute taint violates pdb; VMIs are not live migrated
1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4->CNV-2.6.0 upgrade
-
8.2) - ppc64le, x86_64
-
Description:
This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. 7) - aarch64, noarch, ppc64le
-
8.2) - aarch64, noarch, ppc64le, s390x, x86_64
-
(BZ#1919886)
-
[CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap (BZ#1929909)
-
rpmbuild cannot build the userspace RPMs in the kernel package when the kernel itself is not built (BZ#1929911)
Enhancement(s):
-
[Mellanox 8.4 FEAT] mlx5: Add messages when VF-LAG fails to start (BZ#1892345)
-
Add kernel option to change cpumask for kernel threads (BZ#1915344)
-
Linux kernel vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary
Several security issues were fixed in the kernel. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-29661)
De4dCr0w of 360 Alpha Lab discovered that the BPF verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker could use this to expose sensitive information (kernel memory) or possibly execute arbitrary code. (CVE-2021-3444)
kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)
Update instructions
The problem can be corrected by updating your kernel livepatch to the following versions:
Ubuntu 20.04 LTS gcp - 82.2 generic - 82.2 gke - 82.2 gkeop - 82.2 lowlatency - 82.2
Ubuntu 18.04 LTS generic - 82.1 generic - 82.2 gke - 82.1 gke - 82.2 gkeop - 82.2 lowlatency - 82.1 lowlatency - 82.2 oem - 82.1 oem - 82.2
Ubuntu 16.04 ESM generic - 82.1 generic - 82.2 lowlatency - 82.1 lowlatency - 82.2
Support Information
Kernels older than the levels listed below do not receive livepatch updates. If you are running a kernel version earlier than the one listed below, please upgrade your kernel as soon as possible.
Ubuntu 20.04 LTS linux-aws - 5.4.0-1009 linux-azure - 5.4.0-1010 linux-gcp - 5.4.0-1009 linux-gke - 5.4.0-1033 linux-gkeop - 5.4.0-1009 linux-oem - 5.4.0-26 linux - 5.4.0-26
Ubuntu 18.04 LTS linux-aws - 4.15.0-1054 linux-azure-4.15 - 4.15.0-1115 linux-gke-4.15 - 4.15.0-1076 linux-gke-5.4 - 5.4.0-1009 linux-gkeop-5.4 - 5.4.0-1007 linux-hwe-5.4 - 5.4.0-26 linux-oem - 4.15.0-1063 linux - 4.15.0-69
Ubuntu 16.04 ESM linux-aws - 4.4.0-1098 linux-azure - 4.15.0-1063 linux-hwe - 4.15.0-69 linux - 4.4.0-168
Ubuntu 14.04 ESM linux-lts-xenial - 4.4.0-168
References
- CVE-2020-29660
- CVE-2020-29661
- CVE-2021-3444
- CVE-2021-3715
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1546",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.5"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.4.248"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.15"
},
{
"model": "8300",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "2.6.26"
},
{
"model": "a400",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.5"
},
{
"model": "a700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "tekelec platform distribution",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.9.248"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.10"
},
{
"model": "tekelec platform distribution",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.7.1"
},
{
"model": "solidfire baseboard management controller",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.14.212"
},
{
"model": "8700",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.9.14"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.19.163"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.20"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.4.83"
},
{
"model": "kernel",
"scope": null,
"trust": 0.8,
"vendor": "linux",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014190"
},
{
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162878"
},
{
"db": "PACKETSTORM",
"id": "161826"
},
{
"db": "PACKETSTORM",
"id": "161609"
},
{
"db": "PACKETSTORM",
"id": "162253"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161710"
},
{
"db": "PACKETSTORM",
"id": "161250"
},
{
"db": "PACKETSTORM",
"id": "161720"
}
],
"trust": 0.8
},
"cve": "CVE-2020-29661",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-29661",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-29661",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-29661",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-29661",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-29661",
"trust": 0.8,
"value": "High"
},
{
"author": "VULMON",
"id": "CVE-2020-29661",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014190"
},
{
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. Linux Kernel contains a resource locking vulnerability and a freed memory usage vulnerability. Vendors must CID-54ffccbf053b It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. 7.4) - noarch, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: kernel security and bug fix update\nAdvisory ID: RHSA-2021:0856-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0856\nIssue date: 2021-03-16\nCVE Names: CVE-2019-19532 CVE-2020-0427 CVE-2020-7053 \n CVE-2020-14351 CVE-2020-25211 CVE-2020-25645 \n CVE-2020-25656 CVE-2020-25705 CVE-2020-28374 \n CVE-2020-29661 CVE-2021-20265 \n=====================================================================\n\n1. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system. \n\nSecurity Fix(es):\n\n* kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in\nnet/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)\n\n* kernel: SCSI target (LIO) write to any block on ILO backstore\n(CVE-2020-28374)\n\n* kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an\nuse-after-free (CVE-2020-29661)\n\n* kernel: malicious USB devices can lead to multiple out-of-bounds write\n(CVE-2019-19532)\n\n* kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427)\n\n* kernel: use-after-free in i915_ppgtt_close in\ndrivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053)\n\n* kernel: performance counters race condition use-after-free\n(CVE-2020-14351)\n\n* kernel: Geneve/IPsec traffic may be unencrypted between two Geneve\nendpoints (CVE-2020-25645)\n\n* kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656)\n\n* kernel: ICMP rate limiting can be used for DNS poisoning attack\n(CVE-2020-25705)\n\n* kernel: increase slab leak leads to DoS (CVE-2021-20265)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* BUG: scheduling while atomic: memory allocation under spinlock in\nscsi_register_device_handler() (BZ#1619147)\n\n* WARNING in __iscsit_free_cmd during recovery Abort (BZ#1784540)\n\n* lpfc does not issue adisc to fcp-2 devices, does not respond to nvme\ntarger that send an adisc. (BZ#1875961)\n\n* Panic in semctl_nolock.constprop.15+0x25b (BZ#1877264)\n\n* [RHEL 7.7][md]Crash due to invalid pool workqueue pointer, work queue\nrace (BZ#1889372)\n\n* Guest crash on intel CPU with -cpu host,-spec-ctrl,+ibpb (BZ#1890669)\n\n* RHEL7.9 - kernel/uv: handle length extension properly (BZ#1899172)\n\n* Commit b144f013fc16a06d7a4b9a4be668a3583fafeda2 \u0027i40e: don\u0027t report link\nup for a VF who hasn\u0027t enabled queues\u0027 introducing issues with VM using\nDPDK (BZ#1901064)\n\n* writing to /sys/devices/(...)/net/eno49/queues/tx-16/xps_cpus triggers\nkernel panic (BZ#1903819)\n\n* [Hyper-V][RHEL-7.9]video: hyperv_fb: Fix the cache type when mapping the\nVRAM Edit (BZ#1908896)\n\n* kvm-rhel7.9 [AMD] - system crash observed while powering on virtual\nmachine with attached VF interfaces. (BZ#1909036)\n\n* kernel: nvme nvme7: Connect command failed, error wo/DNR bit: 2\n(BZ#1910817)\n\n* dm-mirror crashes from assuming underlying storage will have a non-NULL\nmerge_bvec_fn (BZ#1916407)\n\n* watchdog: use nmi registers snapshot in hardlockup handler (BZ#1916589)\n\n* [DELL EMC 7.9 BUG] - Intel E810 NIC interfaces are not functional in RHEL\n7.9 on system with AMD Rome CPUs (BZ#1918273)\n\n* [DELL EMC BUG] RHEL system log shows AMD-Vi error when system connected\nwith Gen 4 NVMe drives. (BZ#1921187)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1781821 - CVE-2019-19532 kernel: malicious USB devices can lead to multiple out-of-bounds write\n1795624 - CVE-2020-7053 kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c\n1862849 - CVE-2020-14351 kernel: performance counters race condition use-after-free\n1877571 - CVE-2020-25211 kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c\n1883988 - CVE-2020-25645 kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints\n1888726 - CVE-2020-25656 kernel: use-after-free in read in vt_do_kdgkb_ioctl\n1894579 - CVE-2020-25705 kernel: ICMP rate limiting can be used for DNS poisoning attack\n1899804 - CVE-2020-28374 kernel: SCSI target (LIO) write to any block on ILO backstore\n1901064 - Commit b144f013fc16a06d7a4b9a4be668a3583fafeda2 \u0027i40e: don\u0027t report link up for a VF who hasn\u0027t enabled queues\u0027 introducing issues with VM using DPDK\n1906525 - CVE-2020-29661 kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free\n1908827 - CVE-2021-20265 kernel: increase slab leak leads to DoS\n1916589 - watchdog: use nmi registers snapshot in hardlockup handler\n1919893 - CVE-2020-0427 kernel: out-of-bounds reads in pinctrl subsystem. \n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nkernel-3.10.0-1160.21.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm\nkernel-doc-3.10.0-1160.21.1.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-1160.21.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nkernel-3.10.0-1160.21.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm\nkernel-doc-3.10.0-1160.21.1.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-1160.21.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nkernel-3.10.0-1160.21.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm\nkernel-doc-3.10.0-1160.21.1.el7.noarch.rpm\n\nppc64:\nbpftool-3.10.0-1160.21.1.el7.ppc64.rpm\nbpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-bootwrapper-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debug-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debug-devel-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-devel-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-headers-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-tools-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-tools-libs-3.10.0-1160.21.1.el7.ppc64.rpm\nperf-3.10.0-1160.21.1.el7.ppc64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\npython-perf-3.10.0-1160.21.1.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\n\nppc64le:\nbpftool-3.10.0-1160.21.1.el7.ppc64le.rpm\nbpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-bootwrapper-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debug-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-devel-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-headers-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-tools-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-tools-libs-3.10.0-1160.21.1.el7.ppc64le.rpm\nperf-3.10.0-1160.21.1.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\npython-perf-3.10.0-1160.21.1.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\n\ns390x:\nbpftool-3.10.0-1160.21.1.el7.s390x.rpm\nbpftool-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-debug-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-debug-devel-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-debuginfo-common-s390x-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-devel-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-headers-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-kdump-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-kdump-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm\nkernel-kdump-devel-3.10.0-1160.21.1.el7.s390x.rpm\nperf-3.10.0-1160.21.1.el7.s390x.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm\npython-perf-3.10.0-1160.21.1.el7.s390x.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.s390x.rpm\n\nx86_64:\nbpftool-3.10.0-1160.21.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nbpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-debuginfo-common-ppc64-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\nkernel-tools-libs-devel-3.10.0-1160.21.1.el7.ppc64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64.rpm\n\nppc64le:\nbpftool-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debug-devel-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\nkernel-tools-libs-devel-3.10.0-1160.21.1.el7.ppc64le.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.ppc64le.rpm\n\nx86_64:\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nkernel-3.10.0-1160.21.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-1160.21.1.el7.noarch.rpm\nkernel-doc-3.10.0-1160.21.1.el7.noarch.rpm\n\nx86_64:\nbpftool-3.10.0-1160.21.1.el7.x86_64.rpm\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-headers-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nbpftool-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-1160.21.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-1160.21.1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-19532\nhttps://access.redhat.com/security/cve/CVE-2020-0427\nhttps://access.redhat.com/security/cve/CVE-2020-7053\nhttps://access.redhat.com/security/cve/CVE-2020-14351\nhttps://access.redhat.com/security/cve/CVE-2020-25211\nhttps://access.redhat.com/security/cve/CVE-2020-25645\nhttps://access.redhat.com/security/cve/CVE-2020-25656\nhttps://access.redhat.com/security/cve/CVE-2020-25705\nhttps://access.redhat.com/security/cve/CVE-2020-28374\nhttps://access.redhat.com/security/cve/CVE-2020-29661\nhttps://access.redhat.com/security/cve/CVE-2021-20265\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYFC579zjgjWX9erEAQirxQ/9FKZDGdDIPfGpiOwbkmMoqySgNxALO02Q\nmSTFgrFP/TM4sHCZxPhyuL1rbgPTVnrPKE8M/fTA2EzRQiMZud+vSy4Dvf/WwBXQ\n1dStOQIJNmVohUXCRed043xJtfZxyLtteFoxhVjlVU2Eia1+f7d9t42vWQAXhtVB\nSuEDmitq+9dvv9S48bDJkZtSUkBvZTY9zCtjx6neqypg0j4KKwrYgr+Ui+VF3yJk\nxRtkw5SVhRiSFv8lBGKSkbIX9AqaoTi25HQPZ1rxB43Rjw0dxNZzlwC5LAs4LQUD\nmCRHZQcDaKCWmDC+bCy3g5sfETvblJfKiBF61mEOo0nTnPwyOalEciwG0bBcyrnu\nBupt4OsM71s/KSK5IUA0jv6vVUy4fLL/5IfAz63XAdZD/ZMQq+hlPiB0e+8QmNDP\no7rKWut+BEgqHrgtur7SNPzUIWCj7OVIZUO+7+dEMLKkIUlRQJKYudm3JUbF1M/c\n9pc6DyR2pxjvbW+0pIAln+nawSt3OvCIEnwCewJuX0R/Pie09hRp/sh2xfItDcHj\nmYcpCz75VnMeV4tMm2JXn9HXQOqkAx/LPYtBh8ZNui6G+O3NRyTSOv4ouiT12e5r\nUfBBYb2KtK6VViAy83150q+qkws8nPykpeRkBukYZELtGQjpiMBwlaVTq809GShi\n65tXPtffy4k=\n=OXZI\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 6 ELS) - i386, s390x, x86_64\n\n3. \n\nBug Fix(es):\n\n* Enable CI and changelog for GitLab workflow (BZ#1930523)\n\n4. Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. \n\nThis advisory contains the following OpenShift Virtualization 2.6.0 images:\n\nRHEL-8-CNV-2.6\n=============kubevirt-cpu-node-labeller-container-v2.6.0-5\nkubevirt-cpu-model-nfd-plugin-container-v2.6.0-5\nnode-maintenance-operator-container-v2.6.0-13\nkubevirt-vmware-container-v2.6.0-5\nvirtio-win-container-v2.6.0-5\nkubevirt-kvm-info-nfd-plugin-container-v2.6.0-5\nbridge-marker-container-v2.6.0-9\nkubevirt-template-validator-container-v2.6.0-9\nkubevirt-v2v-conversion-container-v2.6.0-6\nkubemacpool-container-v2.6.0-13\nkubevirt-ssp-operator-container-v2.6.0-40\nhyperconverged-cluster-webhook-container-v2.6.0-73\nhyperconverged-cluster-operator-container-v2.6.0-73\novs-cni-plugin-container-v2.6.0-10\ncnv-containernetworking-plugins-container-v2.6.0-10\novs-cni-marker-container-v2.6.0-10\ncluster-network-addons-operator-container-v2.6.0-16\nhostpath-provisioner-container-v2.6.0-11\nhostpath-provisioner-operator-container-v2.6.0-14\nvm-import-virtv2v-container-v2.6.0-21\nkubernetes-nmstate-handler-container-v2.6.0-19\nvm-import-controller-container-v2.6.0-21\nvm-import-operator-container-v2.6.0-21\nvirt-api-container-v2.6.0-111\nvirt-controller-container-v2.6.0-111\nvirt-handler-container-v2.6.0-111\nvirt-operator-container-v2.6.0-111\nvirt-launcher-container-v2.6.0-111\ncnv-must-gather-container-v2.6.0-54\nvirt-cdi-importer-container-v2.6.0-24\nvirt-cdi-cloner-container-v2.6.0-24\nvirt-cdi-controller-container-v2.6.0-24\nvirt-cdi-uploadserver-container-v2.6.0-24\nvirt-cdi-apiserver-container-v2.6.0-24\nvirt-cdi-uploadproxy-container-v2.6.0-24\nvirt-cdi-operator-container-v2.6.0-24\nhco-bundle-registry-container-v2.6.0-582\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows\nfor panic (CVE-2020-9283)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil\npointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* golang: data race in certain net/http servers including ReverseProxy can\nlead to DoS (CVE-2020-15586)\n\n* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes\nfrom invalid inputs (CVE-2020-16845)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of\nservice (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers\n(CVE-2020-28362)\n\n* containernetworking-cni: Arbitrary path injection via type field in CNI\nconfiguration (CVE-2021-20206)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1732329 - Virtual Machine is missing documentation of its properties in yaml editor\n1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv\n1791753 - [RFE] [SSP] Template validator should check validations in template\u0027s parent template\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration\n1848956 - KMP requires downtime for CA stabilization during certificate rotation\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1853911 - VM with dot in network name fails to start with unclear message\n1854098 - NodeNetworkState on workers doesn\u0027t have \"status\" key due to nmstate-handler pod failure to run \"nmstatectl show\"\n1856347 - SR-IOV : Missing network name for sriov during vm setup\n1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS\n1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination\n1860714 - No API information from `oc explain`\n1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints\n1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem\n1866593 - CDI is not handling vm disk clone\n1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs\n1868817 - Container-native Virtualization 2.6.0 Images\n1873771 - Improve the VMCreationFailed error message caused by VM low memory\n1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it\n1878499 - DV import doesn\u0027t recover from scratch space PVC deletion\n1879108 - Inconsistent naming of \"oc virt\" command in help text\n1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running\n1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT\n1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability\n1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message\n1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used\n1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied\n1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. \n1891285 - Common templates and kubevirt-config cm - update machine-type\n1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error\n1892227 - [SSP] cluster scoped resources are not being reconciled\n1893278 - openshift-virtualization-os-images namespace not seen by user\n1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza\n1894428 - Message for VMI not migratable is not clear enough\n1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium\n1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import\n1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1898072 - Add Fedora33 to Fedora common templates\n1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail\n1899558 - CNV 2.6 - nmstate fails to set state\n1901480 - VM disk io can\u0027t worked if namespace have label kubemacpool\n1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig)\n1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service\n1903014 - hco-webhook pod in CreateContainerError\n1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode\n1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT \"default\"\n1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers\n1907151 - kubevirt version is not reported correctly via virtctl\n1907352 - VM/VMI link changes to `kubevirt.io~v1~VirtualMachineInstance` on CNV 2.6\n1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused \"Internal error occurred\" for creating datavolume\n1907988 - VM loses dynamic IP address of its default interface after migration\n1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity\n1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error\n1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference\n1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import to Ceph RBD/BLOCK fails on \"qemu-img: /data/disk.img\" error\n1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO\n1911118 - Windows VMI LiveMigration / shutdown fails on \u0027XML error: non unique alias detected: ua-\u0027)\n1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface\n1911662 - el6 guests don\u0027t work properly if virtio bus is specified on various devices\n1912908 - Allow using \"scsi\" bus for disks in template validation\n1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails\n1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user\n1913717 - Users should have read permitions for golden images data volumes\n1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes\n1914177 - CNV does not preallocate blank file data volumes\n1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes\n1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer\n1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block\n1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored\n1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration\n1920576 - HCO can report ready=true when it failed to create a CR for a component operator\n1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool\n1927373 - NoExecute taint violates pdb; VMIs are not live migrated\n1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4-\u003eCNV-2.6.0 upgrade\n\n5. 8.2) - ppc64le, x86_64\n\n3. Description:\n\nThis is a kernel live patch module which is automatically loaded by the RPM\npost-install script to modify the code of a running kernel. 7) - aarch64, noarch, ppc64le\n\n3. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. (BZ#1919886)\n\n* [CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap\n(BZ#1929909)\n\n* rpmbuild cannot build the userspace RPMs in the kernel package when the\nkernel itself is not built (BZ#1929911)\n\nEnhancement(s):\n\n* [Mellanox 8.4 FEAT] mlx5: Add messages when VF-LAG fails to start\n(BZ#1892345)\n\n* Add kernel option to change cpumask for kernel threads (BZ#1915344)\n\n4. Linux kernel vulnerabilities\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 ESM\n\nSummary\n\nSeveral security issues were fixed in the kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly expose sensitive information (kernel\nmemory). A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. \n(CVE-2020-29661)\n\nDe4dCr0w of 360 Alpha Lab discovered that the BPF verifier in the Linux\nkernel did not properly handle mod32 destination register truncation\nwhen the source register was known to be 0. A local attacker could use\nthis to expose sensitive information (kernel memory) or possibly execute\narbitrary code. (CVE-2021-3444)\n\nkernel: use-after-free in route4_change() in net/sched/cls_route.c \n(CVE-2021-3715)\n\nUpdate instructions\n\nThe problem can be corrected by updating your kernel livepatch to the\nfollowing versions:\n\nUbuntu 20.04 LTS\n gcp - 82.2\n generic - 82.2\n gke - 82.2\n gkeop - 82.2\n lowlatency - 82.2\n\nUbuntu 18.04 LTS\n generic - 82.1\n generic - 82.2\n gke - 82.1\n gke - 82.2\n gkeop - 82.2\n lowlatency - 82.1\n lowlatency - 82.2\n oem - 82.1\n oem - 82.2\n\nUbuntu 16.04 ESM\n generic - 82.1\n generic - 82.2\n lowlatency - 82.1\n lowlatency - 82.2\n\nSupport Information\n\nKernels older than the levels listed below do not receive livepatch\nupdates. If you are running a kernel version earlier than the one listed\nbelow, please upgrade your kernel as soon as possible. \n\nUbuntu 20.04 LTS\n linux-aws - 5.4.0-1009\n linux-azure - 5.4.0-1010\n linux-gcp - 5.4.0-1009\n linux-gke - 5.4.0-1033\n linux-gkeop - 5.4.0-1009\n linux-oem - 5.4.0-26\n linux - 5.4.0-26\n\nUbuntu 18.04 LTS\n linux-aws - 4.15.0-1054\n linux-azure-4.15 - 4.15.0-1115\n linux-gke-4.15 - 4.15.0-1076\n linux-gke-5.4 - 5.4.0-1009\n linux-gkeop-5.4 - 5.4.0-1007\n linux-hwe-5.4 - 5.4.0-26\n linux-oem - 4.15.0-1063\n linux - 4.15.0-69\n\nUbuntu 16.04 ESM\n linux-aws - 4.4.0-1098\n linux-azure - 4.15.0-1063\n linux-hwe - 4.15.0-69\n linux - 4.4.0-168\n\nUbuntu 14.04 ESM\n linux-lts-xenial - 4.4.0-168\n\nReferences\n\n- CVE-2020-29660\n- CVE-2020-29661\n- CVE-2021-3444\n- CVE-2021-3715\n\n\n\n-- \nubuntu-security-announce mailing list\nubuntu-security-announce@lists.ubuntu.com\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-29661"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014190"
},
{
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"db": "PACKETSTORM",
"id": "162878"
},
{
"db": "PACKETSTORM",
"id": "161826"
},
{
"db": "PACKETSTORM",
"id": "161609"
},
{
"db": "PACKETSTORM",
"id": "162253"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161710"
},
{
"db": "PACKETSTORM",
"id": "161250"
},
{
"db": "PACKETSTORM",
"id": "161720"
},
{
"db": "PACKETSTORM",
"id": "164950"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-29661",
"trust": 3.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/12/10/1",
"trust": 1.9
},
{
"db": "PACKETSTORM",
"id": "164950",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "160681",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-24-074-07",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU93656033",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014190",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2020-29661",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162878",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161826",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161609",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162253",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161742",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161710",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161250",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161720",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014190"
},
{
"db": "PACKETSTORM",
"id": "162878"
},
{
"db": "PACKETSTORM",
"id": "161826"
},
{
"db": "PACKETSTORM",
"id": "161609"
},
{
"db": "PACKETSTORM",
"id": "162253"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161710"
},
{
"db": "PACKETSTORM",
"id": "161250"
},
{
"db": "PACKETSTORM",
"id": "161720"
},
{
"db": "PACKETSTORM",
"id": "164950"
},
{
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"id": "VAR-202012-1546",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.625
},
"last_update_date": "2024-11-29T21:01:32.415000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fix\u00a0-\u003epgrp\u00a0locking\u00a0in\u00a0tiocspgrp()",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOB25SU6XUL4TNP7KB63WNZSYTIYFDPP/"
},
{
"title": "Red Hat: Important: kernel-rt security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210537 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel-alt security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210354 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210558 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-29661 log"
},
{
"title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-032",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2021-032"
},
{
"title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-031",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2021-031"
},
{
"title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-034",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2021-034"
},
{
"title": "Amazon Linux 2: ALAS2LIVEPATCH-2021-033",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2LIVEPATCH-2021-033"
},
{
"title": "IBM: Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d39f316392b1adf4ca22f6ef041af00f"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1477",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1477"
},
{
"title": "Amazon Linux 2: ALAS2KERNEL-5.4-2022-019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2KERNEL-5.4-2022-019"
},
{
"title": "Debian Security Advisories: DSA-4843-1 linux -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b95030247235becf9e017bec31e9d503"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1588",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1588"
},
{
"title": "IBM: Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e9d6f12dfd14652e2bb7e5c28ded162b"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "https://github.com/lcatro/cve_diff_checker",
"trust": 0.1,
"url": "https://github.com/lcatro/cve_diff_checker "
},
{
"title": "veracode-container-security-finding-parser",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014190"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-667",
"trust": 1.0
},
{
"problemtype": "CWE-416",
"trust": 1.0
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " improper lock (CWE-667) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014190"
},
{
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.openwall.com/lists/oss-security/2020/12/10/1"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29661"
},
{
"trust": 1.1,
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/160681/linux-tiocspgrp-broken-locking.html"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210122-0001/"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/164950/kernel-live-patch-security-notice-lsn-0082-1.html"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/mz7oakaefaxqrgbzk4lyuwincd3d2xcl/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bob25su6xul4tnp7kb63wnzsytiyfdpp/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93656033/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-07"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-29661"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-25705"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-25211"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25705"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25211"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-14351"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14351"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-0444"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0444"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19532"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19532"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20265"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20265"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/667.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/lcatro/cve_diff_checker"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alaslivepatch-2021-032.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2164"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25656"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28374"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0427"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7053"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7053"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0856"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28374"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0686"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1288"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27365"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27365"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16300"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14466"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10105"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25684"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15166"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9802"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26160"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16230"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6829"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12403"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14382"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3156"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8812"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3899"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14467"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10103"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14469"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3867"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16229"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9893"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8808"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3902"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14882"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16227"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25683"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3900"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14461"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14881"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9805"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14464"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8820"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9850"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14463"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16228"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14879"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29652"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9862"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24659"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9327"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10105"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14880"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3885"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15503"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14461"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14468"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8764"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14466"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3865"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14882"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16227"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14464"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16452"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16230"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20387"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14391"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14468"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14467"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14559"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14462"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14880"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25682"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14881"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3901"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16300"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14462"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1752"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16229"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8622"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11793"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25685"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6405"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16451"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10103"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0799"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14463"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8815"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25687"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10029"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16451"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14879"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14470"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25681"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14470"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13631"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16452"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8846"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3868"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0763"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0354"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15436"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0765"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29660"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3444"
},
{
"trust": 0.1,
"url": "https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014190"
},
{
"db": "PACKETSTORM",
"id": "162878"
},
{
"db": "PACKETSTORM",
"id": "161826"
},
{
"db": "PACKETSTORM",
"id": "161609"
},
{
"db": "PACKETSTORM",
"id": "162253"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161710"
},
{
"db": "PACKETSTORM",
"id": "161250"
},
{
"db": "PACKETSTORM",
"id": "161720"
},
{
"db": "PACKETSTORM",
"id": "164950"
},
{
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014190"
},
{
"db": "PACKETSTORM",
"id": "162878"
},
{
"db": "PACKETSTORM",
"id": "161826"
},
{
"db": "PACKETSTORM",
"id": "161609"
},
{
"db": "PACKETSTORM",
"id": "162253"
},
{
"db": "PACKETSTORM",
"id": "161742"
},
{
"db": "PACKETSTORM",
"id": "161710"
},
{
"db": "PACKETSTORM",
"id": "161250"
},
{
"db": "PACKETSTORM",
"id": "161720"
},
{
"db": "PACKETSTORM",
"id": "164950"
},
{
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-09T00:00:00",
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"date": "2021-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014190"
},
{
"date": "2021-06-01T14:45:52",
"db": "PACKETSTORM",
"id": "162878"
},
{
"date": "2021-03-17T14:14:38",
"db": "PACKETSTORM",
"id": "161826"
},
{
"date": "2021-03-02T16:26:19",
"db": "PACKETSTORM",
"id": "161609"
},
{
"date": "2021-04-20T16:31:47",
"db": "PACKETSTORM",
"id": "162253"
},
{
"date": "2021-03-10T16:02:43",
"db": "PACKETSTORM",
"id": "161742"
},
{
"date": "2021-03-09T15:57:57",
"db": "PACKETSTORM",
"id": "161710"
},
{
"date": "2021-02-02T16:11:22",
"db": "PACKETSTORM",
"id": "161250"
},
{
"date": "2021-03-09T16:10:13",
"db": "PACKETSTORM",
"id": "161720"
},
{
"date": "2021-11-12T17:07:48",
"db": "PACKETSTORM",
"id": "164950"
},
{
"date": "2020-12-09T17:15:31.807000",
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-29661"
},
{
"date": "2024-03-22T07:18:00",
"db": "JVNDB",
"id": "JVNDB-2020-014190"
},
{
"date": "2024-11-21T05:24:23.040000",
"db": "NVD",
"id": "CVE-2020-29661"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "164950"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux\u00a0Kernel\u00a0 resource locking vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014190"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "162878"
},
{
"db": "PACKETSTORM",
"id": "161826"
},
{
"db": "PACKETSTORM",
"id": "162253"
},
{
"db": "PACKETSTORM",
"id": "161710"
},
{
"db": "PACKETSTORM",
"id": "161720"
}
],
"trust": 0.5
}
}
var-202105-0755
Vulnerability from variot
An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker. Prosody Is vulnerable to a race condition.Information may be obtained. Prosodical Thoughts Prosody is an open source application system of Prosodical Thoughts. A modern XMPP communication server. Remote attackers can use this vulnerability to obtain sensitive information. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202105-15
https://security.gentoo.org/
Severity: Low Title: Prosŏdy IM: Multiple vulnerabilities Date: May 26, 2021 Bugs: #771144, #789969 ID: 202105-15
Synopsis
Multiple vulnerabilities have been found in Prosŏdy IM, the worst of which could result in a Denial of Service condition. It aims to be easy to set up and configure, and efficient with system resources.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-im/prosody < 0.11.9 >= 0.11.9
Description
Multiple vulnerabilities have been discovered in Prosŏdy IM. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Prosŏdy IM users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-im/prosody-0.11.9"
References
[ 1 ] CVE-2021-32917 https://nvd.nist.gov/vuln/detail/CVE-2021-32917 [ 2 ] CVE-2021-32918 https://nvd.nist.gov/vuln/detail/CVE-2021-32918 [ 3 ] CVE-2021-32919 https://nvd.nist.gov/vuln/detail/CVE-2021-32919 [ 4 ] CVE-2021-32920 https://nvd.nist.gov/vuln/detail/CVE-2021-32920 [ 5 ] CVE-2021-32921 https://nvd.nist.gov/vuln/detail/CVE-2021-32921
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202105-15
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
.
For the stable distribution (buster), these problems have been fixed in version 0.11.2-1+deb10u1.
We recommend that you upgrade your prosody packages.
For the detailed security status of prosody please refer to its security tracker page at: https://security-tracker.debian.org/tracker/prosody
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCi0+8ACgkQEMKTtsN8 TjZnCg/+NZAMCpnKUqKs3vy7pZkXJXgCmCQgs3TYMXPGty3GuhjCO6Ao2sLnb0OE Jh6QBpgUmGknhMEuU6wbscBK8oMUEkVvvrlFv1sjp8yHwqQ65KkZvnNNbOsVBFXB Yy/aQzk8bYe601ZLXLR29IBVGPUA9+rjUXMqeBNok5LyEQW00yhe/WOOf8UqU7Ly NteRRmc8aR3WL392EVChvKNtVftC+5n6CtegXwzD+OQYCWFEmKbo449ySQJDHHfY oWvQBH9mk+lrfrRgIXqqZ9zFCEAg1cRaUQc0EBLkHFmRbHWCk/Ybk7mUm0dc3BFv OdOHYR3+IHedOjhuBaDnbexffQaVpP8G8/av9Hpzu+SRbmlDVRNfzrtG6M3k3SGn S9j7ah/uxsmuwYXQ4gjnYAhlpRDRkswpms22fZr4wEWRy17LgIIWQh1zIwii3s+U M1uMhU56F0jjZ/X+SGhIdUIKhcKIv+vPbxlBM700T3VLDhpoWhd4+K6JZFcXhMeT mIv12dghuHXwNp9ONw3kC946CLIMcerRqI1eB13f0XZw//+IcqBMPR6PzSkxqRdA KxEOPLzipHNtnNTo/RevUyI1hbi1eWW0QT/sLtuhFSzQUtOW0EFf8ZxJFHBaADeu vBvc9XewmRRGPpwXj42GaYZ/5c7VE3hiMEvdhFimSt666MnwhKg= =miBj -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-0755",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "prosody",
"scope": "lt",
"trust": 1.0,
"vendor": "prosody",
"version": "0.11.9"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "prosody",
"scope": null,
"trust": 0.8,
"vendor": "the prosody team",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "prosody",
"scope": "eq",
"trust": 0.6,
"vendor": "prosody",
"version": "0.11.9"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-47380"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006911"
},
{
"db": "NVD",
"id": "CVE-2021-32921"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "162828"
}
],
"trust": 0.1
},
"cve": "CVE-2021-32921",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-32921",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-47380",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2021-32921",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-32921",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-32921",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-32921",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-47380",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-841",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-32921",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-47380"
},
{
"db": "VULMON",
"id": "CVE-2021-32921"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006911"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-841"
},
{
"db": "NVD",
"id": "CVE-2021-32921"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker. Prosody Is vulnerable to a race condition.Information may be obtained. Prosodical Thoughts Prosody is an open source application system of Prosodical Thoughts. A modern XMPP communication server. Remote attackers can use this vulnerability to obtain sensitive information. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202105-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Pros\u014fdy IM: Multiple vulnerabilities\n Date: May 26, 2021\n Bugs: #771144, #789969\n ID: 202105-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Pros\u014fdy IM, the worst of\nwhich could result in a Denial of Service condition. It aims to be easy to\nset up and configure, and efficient with system resources. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-im/prosody \u003c 0.11.9 \u003e= 0.11.9\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Pros\u014fdy IM. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Pros\u014fdy IM users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-im/prosody-0.11.9\"\n\nReferences\n==========\n\n[ 1 ] CVE-2021-32917\n https://nvd.nist.gov/vuln/detail/CVE-2021-32917\n[ 2 ] CVE-2021-32918\n https://nvd.nist.gov/vuln/detail/CVE-2021-32918\n[ 3 ] CVE-2021-32919\n https://nvd.nist.gov/vuln/detail/CVE-2021-32919\n[ 4 ] CVE-2021-32920\n https://nvd.nist.gov/vuln/detail/CVE-2021-32920\n[ 5 ] CVE-2021-32921\n https://nvd.nist.gov/vuln/detail/CVE-2021-32921\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202105-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 0.11.2-1+deb10u1. \n\nWe recommend that you upgrade your prosody packages. \n\nFor the detailed security status of prosody please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/prosody\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCi0+8ACgkQEMKTtsN8\nTjZnCg/+NZAMCpnKUqKs3vy7pZkXJXgCmCQgs3TYMXPGty3GuhjCO6Ao2sLnb0OE\nJh6QBpgUmGknhMEuU6wbscBK8oMUEkVvvrlFv1sjp8yHwqQ65KkZvnNNbOsVBFXB\nYy/aQzk8bYe601ZLXLR29IBVGPUA9+rjUXMqeBNok5LyEQW00yhe/WOOf8UqU7Ly\nNteRRmc8aR3WL392EVChvKNtVftC+5n6CtegXwzD+OQYCWFEmKbo449ySQJDHHfY\noWvQBH9mk+lrfrRgIXqqZ9zFCEAg1cRaUQc0EBLkHFmRbHWCk/Ybk7mUm0dc3BFv\nOdOHYR3+IHedOjhuBaDnbexffQaVpP8G8/av9Hpzu+SRbmlDVRNfzrtG6M3k3SGn\nS9j7ah/uxsmuwYXQ4gjnYAhlpRDRkswpms22fZr4wEWRy17LgIIWQh1zIwii3s+U\nM1uMhU56F0jjZ/X+SGhIdUIKhcKIv+vPbxlBM700T3VLDhpoWhd4+K6JZFcXhMeT\nmIv12dghuHXwNp9ONw3kC946CLIMcerRqI1eB13f0XZw//+IcqBMPR6PzSkxqRdA\nKxEOPLzipHNtnNTo/RevUyI1hbi1eWW0QT/sLtuhFSzQUtOW0EFf8ZxJFHBaADeu\nvBvc9XewmRRGPpwXj42GaYZ/5c7VE3hiMEvdhFimSt666MnwhKg=\n=miBj\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-32921"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006911"
},
{
"db": "CNVD",
"id": "CNVD-2021-47380"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-32921"
},
{
"db": "PACKETSTORM",
"id": "162828"
},
{
"db": "PACKETSTORM",
"id": "169060"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-32921",
"trust": 4.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/05/14/2",
"trust": 2.3
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/05/13/1",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006911",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162828",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-47380",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051714",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052610",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051924",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2143",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1668",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-841",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-32921",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169060",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-47380"
},
{
"db": "VULMON",
"id": "CVE-2021-32921"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006911"
},
{
"db": "PACKETSTORM",
"id": "162828"
},
{
"db": "PACKETSTORM",
"id": "169060"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-841"
},
{
"db": "NVD",
"id": "CVE-2021-32921"
}
]
},
"id": "VAR-202105-0755",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-47380"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-47380"
}
]
},
"last_update_date": "2024-08-14T13:03:37.608000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2021-a33f6e36e1 The\u00a0Prosody\u00a0TeamProsody",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00016.html"
},
{
"title": "Patch for Prosodical Thoughts Prosody has unspecified vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/276796"
},
{
"title": "Prosodical Thoughts Prosody Repair measures for the competition condition problem loophole",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151579"
},
{
"title": "Debian CVElist Bug Report Logs: prosody: CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 CVE-2021-32921",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=7e41f41000c2cab381645f71a452e062"
},
{
"title": "Debian Security Advisories: DSA-4916-1 prosody -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=4c6e99d47bcacbd4d7778a12ef9e2dd1"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-32921 log"
},
{
"title": "Arch Linux Advisories: [ASA-202105-11] prosody: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202105-11"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-47380"
},
{
"db": "VULMON",
"id": "CVE-2021-32921"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006911"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-841"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 1.0
},
{
"problemtype": "Race condition (CWE-362) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006911"
},
{
"db": "NVD",
"id": "CVE-2021-32921"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.openwall.com/lists/oss-security/2021/05/14/2"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2021/dsa-4916"
},
{
"trust": 1.7,
"url": "https://blog.prosody.im/prosody-0.11.9-released/"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/05/13/1"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202105-15"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00016.html"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32921"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00018.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6mffbzwxkpzevznqsvjncue7wrf3t7dg/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gun63ahewb2wrrojhu3bvjrwlonct2b7/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lwj2dg2dfjoefewoun26imyywgsa2zee/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6mffbzwxkpzevznqsvjncue7wrf3t7dg/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gun63ahewb2wrrojhu3bvjrwlonct2b7/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lwj2dg2dfjoefewoun26imyywgsa2zee/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052610"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2143"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162828/gentoo-linux-security-advisory-202105-15.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1668"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051924"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051714"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32918"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32917"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32919"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32920"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988668"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/prosody"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-47380"
},
{
"db": "VULMON",
"id": "CVE-2021-32921"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006911"
},
{
"db": "PACKETSTORM",
"id": "162828"
},
{
"db": "PACKETSTORM",
"id": "169060"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-841"
},
{
"db": "NVD",
"id": "CVE-2021-32921"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-47380"
},
{
"db": "VULMON",
"id": "CVE-2021-32921"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006911"
},
{
"db": "PACKETSTORM",
"id": "162828"
},
{
"db": "PACKETSTORM",
"id": "169060"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-841"
},
{
"db": "NVD",
"id": "CVE-2021-32921"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-47380"
},
{
"date": "2021-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32921"
},
{
"date": "2022-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006911"
},
{
"date": "2021-05-26T17:51:36",
"db": "PACKETSTORM",
"id": "162828"
},
{
"date": "2021-05-28T19:12:00",
"db": "PACKETSTORM",
"id": "169060"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-841"
},
{
"date": "2021-05-13T16:15:08.407000",
"db": "NVD",
"id": "CVE-2021-32921"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-47380"
},
{
"date": "2021-05-22T00:00:00",
"db": "VULMON",
"id": "CVE-2021-32921"
},
{
"date": "2022-01-25T07:26:00",
"db": "JVNDB",
"id": "JVNDB-2021-006911"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-841"
},
{
"date": "2023-11-07T03:35:45.450000",
"db": "NVD",
"id": "CVE-2021-32921"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-841"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Prosody\u00a0 Race Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006911"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-202203-0043
Vulnerability from variot
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. Linux Kernel Has an initialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This update provides security fixes, bug fixes, and updates the container images. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/
Security updates:
-
golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)
-
nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450)
-
nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
-
nodejs-shelljs: improper privilege management (CVE-2022-0144)
-
search-ui-container: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)
-
node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
-
follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
-
openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
-
imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778)
-
golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
-
opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)
Related bugs:
-
RHACM 2.4.3 image files (BZ #2057249)
-
Observability - dashboard name contains
/would cause error when generating dashboard cm (BZ #2032128) -
ACM application placement fails after renaming the application name (BZ
2033051)
-
Disable the obs metric collect should not impact the managed cluster upgrade (BZ #2039197)
-
Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard (BZ #2039820)
-
The value of name label changed from clusterclaim name to cluster name (BZ #2042223)
-
VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ
2048500)
-
clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI (BZ #2053211)
-
Application cluster status is not updated in UI after restoring (BZ
2053279)
-
OpenStack cluster creation is using deprecated floating IP config for 4.7+ (BZ #2056610)
-
The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift (BZ #2059039)
-
Subscriptions stop reconciling after channel secrets are recreated (BZ
2059954)
-
Placementrule is not reconciling on a new fresh environment (BZ #2074156)
-
The cluster claimed from clusterpool cannot auto imported (BZ #2074543)
-
Bugs fixed (https://bugzilla.redhat.com/):
2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion
2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic
2032128 - Observability - dashboard name contains / would cause error when generating dashboard cm
2033051 - ACM application placement fails after renaming the application name
2039197 - disable the obs metric collect should not impact the managed cluster upgrade
2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard
2042223 - the value of name label changed from clusterclaim name to cluster name
2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management
2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor
2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor
2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys
2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function
2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account
2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI
2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak
2053279 - Application cluster status is not updated in UI after restoring
2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+
2057249 - RHACM 2.4.3 images
2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift
2059954 - Subscriptions stop reconciling after channel secrets are recreated
2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path
2074156 - Placementrule is not reconciling on a new fresh environment
2074543 - The cluster claimed from clusterpool can not auto imported
- See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/
Security updates:
-
nanoid: Information disclosure via valueOf() function (CVE-2021-23566)
-
nodejs-shelljs: improper privilege management (CVE-2022-0144)
-
follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)
-
node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
-
follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
Bug fix:
-
RHACM 2.3.8 images (Bugzilla #2062316)
-
Bugs fixed (https://bugzilla.redhat.com/):
2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2062316 - RHACM 2.3.8 images
- ========================================================================== Ubuntu Security Notice USN-5317-1 March 09, 2022
linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oem-5.14, linux-oracle, linux-oracle-5.13, linux-raspi vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-25636)
Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by ARM to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information. (CVE-2022-23960)
Max Kellermann discovered that the Linux kernel incorrectly handled Unix pipes. A local attacker could potentially use this to modify any file that could be opened for reading. (CVE-2022-0847)
Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by Intel to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information. (CVE-2022-0001, CVE-2022-0002)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: linux-image-5.13.0-1016-kvm 5.13.0-1016.17 linux-image-5.13.0-1017-aws 5.13.0-1017.19 linux-image-5.13.0-1017-azure 5.13.0-1017.19 linux-image-5.13.0-1019-gcp 5.13.0-1019.23 linux-image-5.13.0-1020-raspi 5.13.0-1020.22 linux-image-5.13.0-1020-raspi-nolpae 5.13.0-1020.22 linux-image-5.13.0-1021-oracle 5.13.0-1021.26 linux-image-5.13.0-35-generic 5.13.0-35.40 linux-image-5.13.0-35-generic-64k 5.13.0-35.40 linux-image-5.13.0-35-generic-lpae 5.13.0-35.40 linux-image-5.13.0-35-lowlatency 5.13.0-35.40 linux-image-aws 5.13.0.1017.18 linux-image-azure 5.13.0.1017.17 linux-image-gcp 5.13.0.1019.17 linux-image-generic 5.13.0.35.44 linux-image-generic-64k 5.13.0.35.44 linux-image-generic-lpae 5.13.0.35.44 linux-image-gke 5.13.0.1019.17 linux-image-kvm 5.13.0.1016.16 linux-image-lowlatency 5.13.0.35.44 linux-image-oem-20.04 5.13.0.35.44 linux-image-oracle 5.13.0.1021.21 linux-image-raspi 5.13.0.1020.25 linux-image-raspi-nolpae 5.13.0.1020.25 linux-image-virtual 5.13.0.35.44
Ubuntu 20.04 LTS: linux-image-5.13.0-1017-aws 5.13.0-1017.19~20.04.1 linux-image-5.13.0-1017-azure 5.13.0-1017.19~20.04.1 linux-image-5.13.0-1019-gcp 5.13.0-1019.23~20.04.1 linux-image-5.13.0-1021-oracle 5.13.0-1021.26~20.04.1 linux-image-5.13.0-35-generic 5.13.0-35.40~20.04.1 linux-image-5.13.0-35-generic-64k 5.13.0-35.40~20.04.1 linux-image-5.13.0-35-generic-lpae 5.13.0-35.40~20.04.1 linux-image-5.13.0-35-lowlatency 5.13.0-35.40~20.04.1 linux-image-5.14.0-1027-oem 5.14.0-1027.30 linux-image-aws 5.13.0.1017.19~20.04.10 linux-image-azure 5.13.0.1017.19~20.04.7 linux-image-gcp 5.13.0.1019.23~20.04.1 linux-image-generic-64k-hwe-20.04 5.13.0.35.40~20.04.20 linux-image-generic-hwe-20.04 5.13.0.35.40~20.04.20 linux-image-generic-lpae-hwe-20.04 5.13.0.35.40~20.04.20 linux-image-lowlatency-hwe-20.04 5.13.0.35.40~20.04.20 linux-image-oem-20.04 5.14.0.1027.24 linux-image-oem-20.04b 5.14.0.1027.24 linux-image-oem-20.04c 5.14.0.1027.24 linux-image-oem-20.04d 5.14.0.1027.24 linux-image-oracle 5.13.0.1021.26~20.04.1 linux-image-virtual-hwe-20.04 5.13.0.35.40~20.04.20
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. 8.2) - x86_64
- Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Bug Fix(es):
-
kernel-rt: update RT source tree to the latest RHEL-8.2.z16 Batch (BZ#2057698)
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2022:0825-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0825 Issue date: 2022-03-10 CVE Names: CVE-2021-0920 CVE-2021-4154 CVE-2022-0330 CVE-2022-0435 CVE-2022-0492 CVE-2022-0516 CVE-2022-0847 CVE-2022-22942 =====================================================================
- Summary:
An update for kernel is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
The following packages have been upgraded to a later upstream version: kernel (4.18.0). (BZ#2036888)
Security Fix(es):
-
kernel: improper initialization of the "flags" member of the new pipe_buffer (CVE-2022-0847)
-
kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)
-
kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout (CVE-2021-4154)
-
kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)
-
kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS (CVE-2022-0435)
-
kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)
-
kernel: missing check in ioctl allows kernel memory read/write (CVE-2022-0516)
-
kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Intel QAT Kernel power up fix (BZ#2016437)
-
RHEL8.4 seeing scsi_dma_map failed with mpt3sas driver and affecting performance (BZ#2018928)
-
[Lenovo 8.4 bug] audio_HDMI certification failed on RHEL 8.4GA (No hdmi out) (BZ#2027335)
-
[RHEL-8.5][4.18.0-323.el8.ppc64le][POWER8/9/10] security_flavor mode is not set back to zero post online migration (BZ#2027448)
-
iommu/amd: Fix unable to handle page fault due to AVIC (BZ#2030854)
-
[Lenovo 8.4 bug]The VGA display shows no signal (black screen) when install RHEL8.4(beta or rc1) in the legacy BIOS mode. (BZ#2034949)
-
Double free of kmalloc-64 cache struct ib_port->pkey_group from module ib_core . (BZ#2038724)
-
Bus error with huge pages enabled (BZ#2039015)
-
RHEL8 - kvm: floating interrupts may get stuck (BZ#2040769)
-
Data corruption on small files served by httpd, which is backed by cifs-mount (BZ#2041529)
-
Add a net/mlx5 patch for Hardware Offload Fix (BZ#2042663)
-
Windows guest random Bsod when 'hv-tlbflush' enlightenment is enabled (BZ#2043237)
-
DNS lookup failures when run two times in a row (BZ#2043548)
-
net/sched: Fix ct zone matching for invalid conntrack state (BZ#2043550)
-
Kernel 4.18.0-348.2.1 secpath_cache memory leak involving strongswan tunnel (BZ#2047427)
-
OCP node XFS metadata corruption after numerous reboots (BZ#2049292)
-
Broadcom bnxt_re: RDMA stats are not incrementing (BZ#2049684)
-
ice: bug fix series for 8.6 (BZ#2051951)
-
panic while looking up a symlink due to NULL i_op->get_link (BZ#2052558)
-
ceph omnibus backport for RHEL-8.6.0 (BZ#2053725)
-
SCTP peel-off with SELinux and containers in OCP (BZ#2054112)
-
Selinux is not allowing SCTP connection setup between inter pod communication in enforcing mode (BZ#2054117)
-
dnf fails with fsync() over local repository present on CIFS mount point (BZ#2055824)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
2031930 - CVE-2021-0920 kernel: Use After Free in unix_gc() which could result in a local privilege escalation 2034514 - CVE-2021-4154 kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout 2042404 - CVE-2022-0330 kernel: possible privileges escalation due to missing TLB flush 2044809 - CVE-2022-22942 kernel: failing usercopy allows for use-after-free exploitation 2048738 - CVE-2022-0435 kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS 2050237 - CVE-2022-0516 kernel: missing check in ioctl allows kernel memory read/write 2051505 - CVE-2022-0492 kernel: cgroups v1 release_agent feature may allow privilege escalation 2060795 - CVE-2022-0847 kernel: improper initialization of the "flags" member of the new pipe_buffer
- Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source: kernel-4.18.0-348.20.1.el8_5.src.rpm
aarch64: bpftool-4.18.0-348.20.1.el8_5.aarch64.rpm bpftool-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-core-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-cross-headers-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-debug-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-debug-core-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-debug-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-debug-devel-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-debug-modules-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-debug-modules-extra-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-devel-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-headers-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-modules-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-modules-extra-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-tools-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-tools-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-tools-libs-4.18.0-348.20.1.el8_5.aarch64.rpm perf-4.18.0-348.20.1.el8_5.aarch64.rpm perf-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm python3-perf-4.18.0-348.20.1.el8_5.aarch64.rpm python3-perf-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm
noarch: kernel-abi-stablelists-4.18.0-348.20.1.el8_5.noarch.rpm kernel-doc-4.18.0-348.20.1.el8_5.noarch.rpm
ppc64le: bpftool-4.18.0-348.20.1.el8_5.ppc64le.rpm bpftool-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-core-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-cross-headers-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-debug-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-debug-core-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-debug-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-debug-devel-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-debug-modules-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-debug-modules-extra-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-devel-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-headers-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-modules-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-modules-extra-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-tools-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-tools-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-tools-libs-4.18.0-348.20.1.el8_5.ppc64le.rpm perf-4.18.0-348.20.1.el8_5.ppc64le.rpm perf-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm python3-perf-4.18.0-348.20.1.el8_5.ppc64le.rpm python3-perf-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm
s390x: bpftool-4.18.0-348.20.1.el8_5.s390x.rpm bpftool-debuginfo-4.18.0-348.20.1.el8_5.s390x.rpm kernel-4.18.0-348.20.1.el8_5.s390x.rpm kernel-core-4.18.0-348.20.1.el8_5.s390x.rpm kernel-cross-headers-4.18.0-348.20.1.el8_5.s390x.rpm kernel-debug-4.18.0-348.20.1.el8_5.s390x.rpm kernel-debug-core-4.18.0-348.20.1.el8_5.s390x.rpm kernel-debug-debuginfo-4.18.0-348.20.1.el8_5.s390x.rpm kernel-debug-devel-4.18.0-348.20.1.el8_5.s390x.rpm kernel-debug-modules-4.18.0-348.20.1.el8_5.s390x.rpm kernel-debug-modules-extra-4.18.0-348.20.1.el8_5.s390x.rpm kernel-debuginfo-4.18.0-348.20.1.el8_5.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-348.20.1.el8_5.s390x.rpm kernel-devel-4.18.0-348.20.1.el8_5.s390x.rpm kernel-headers-4.18.0-348.20.1.el8_5.s390x.rpm kernel-modules-4.18.0-348.20.1.el8_5.s390x.rpm kernel-modules-extra-4.18.0-348.20.1.el8_5.s390x.rpm kernel-tools-4.18.0-348.20.1.el8_5.s390x.rpm kernel-tools-debuginfo-4.18.0-348.20.1.el8_5.s390x.rpm kernel-zfcpdump-4.18.0-348.20.1.el8_5.s390x.rpm kernel-zfcpdump-core-4.18.0-348.20.1.el8_5.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-348.20.1.el8_5.s390x.rpm kernel-zfcpdump-devel-4.18.0-348.20.1.el8_5.s390x.rpm kernel-zfcpdump-modules-4.18.0-348.20.1.el8_5.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-348.20.1.el8_5.s390x.rpm perf-4.18.0-348.20.1.el8_5.s390x.rpm perf-debuginfo-4.18.0-348.20.1.el8_5.s390x.rpm python3-perf-4.18.0-348.20.1.el8_5.s390x.rpm python3-perf-debuginfo-4.18.0-348.20.1.el8_5.s390x.rpm
x86_64: bpftool-4.18.0-348.20.1.el8_5.x86_64.rpm bpftool-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-core-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-cross-headers-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-debug-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-debug-core-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-debug-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-debug-devel-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-debug-modules-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-debug-modules-extra-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-devel-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-headers-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-modules-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-modules-extra-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-tools-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-tools-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-tools-libs-4.18.0-348.20.1.el8_5.x86_64.rpm perf-4.18.0-348.20.1.el8_5.x86_64.rpm perf-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm python3-perf-4.18.0-348.20.1.el8_5.x86_64.rpm python3-perf-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
aarch64: bpftool-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-debug-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-tools-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm kernel-tools-libs-devel-4.18.0-348.20.1.el8_5.aarch64.rpm perf-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm python3-perf-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm
ppc64le: bpftool-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-debug-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-tools-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm kernel-tools-libs-devel-4.18.0-348.20.1.el8_5.ppc64le.rpm perf-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm python3-perf-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm
x86_64: bpftool-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-debug-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-tools-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-tools-libs-devel-4.18.0-348.20.1.el8_5.x86_64.rpm perf-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm python3-perf-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-0920 https://access.redhat.com/security/cve/CVE-2021-4154 https://access.redhat.com/security/cve/CVE-2022-0330 https://access.redhat.com/security/cve/CVE-2022-0435 https://access.redhat.com/security/cve/CVE-2022-0492 https://access.redhat.com/security/cve/CVE-2022-0516 https://access.redhat.com/security/cve/CVE-2022-0847 https://access.redhat.com/security/cve/CVE-2022-22942 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2022-002
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYippdNzjgjWX9erEAQjVrg//WBuZgEcpFf/4YBR6yXjJpyzeNdP/33wU b+G6E6fGXrwoJkMNfLMMr+PmoK5QxZvX3GAqJFApn9SHXtk5M7IM68TCnTXZsXVF M0V2ktlHJwOABXBJEXHFjnq9QllGzRkV+xJPOLKJwRB2fKtNAgOiLTJ7MrJZJtNu WIt5IsPclPoTKrSChCL/b535XKh3hAUqD1eymuk05SqWv3mo2joLQbZpHbM0fQW3 pnvDPnE+HDM8lW8dPJTiw1K3nBRrwmuvyKxNpnGYoRN/8USNJrIGJP5gGjrI1/b8 IrV/OGeA2lk6lu48JmkAjrE/FZ+VeGn51fngrYYk6nfj8Ln8nklZjdLWQ8o+ImGD /CbWFlY3qw1Ml90mjyFyXhUWnz6rhquJvIZo2w3CeCR6/in4qN195aikaLmMAzZm 5ar+9AkUGd2YsSAzeYn+FuGKEVucYZZCYc0wntVYwAMDTL3WPSIx+0m4TO+7pEvi 9ZqnZ0Rn7iaAx6nEc1TQynzGbWBQr13k6h/2xhPhURDYnkULuxjJlWtIo8r+SdEH N8g66V55B16BkLXPRYg/DikuiF9+d2neszj8ZWvBKTnU2iSVaGCii7MQ5EdjkCdi 0xk52SLKdk2I+Q2fLa+DJh5RW3fnP1NULPuW7350UBgbCUX2QdHsLMK+UnYkkmyV /Hdqi2gHENg= =duKX -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0043",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux for real time for nfv tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "sma1000",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "12.4.2-02044"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.10.102"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux for real time tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux server update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.1"
},
{
"model": "enterprise linux server update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "enterprise linux for power little endian eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.15.25"
},
{
"model": "enterprise linux server for power little endian update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.1"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.15"
},
{
"model": "enterprise linux server for power little endian update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "ovirt-engine",
"scope": "eq",
"trust": 1.0,
"vendor": "ovirt",
"version": "4.4.10.2"
},
{
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "virtualization host",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "enterprise linux for ibm z systems eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux for real time for nfv tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux for real time tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux for real time for nfv",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.16"
},
{
"model": "scalance lpe9403",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.16.11"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.8"
},
{
"model": "enterprise linux for power little endian eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "codeready linux builder",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux for real time",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8"
},
{
"model": "enterprise linux server update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux for ibm z systems eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux for power little endian",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux server for power little endian update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "sma1000",
"scope": null,
"trust": 0.8,
"vendor": "sonicwall",
"version": null
},
{
"model": "red hat enterprise linux eus",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "h300s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "ovirt-engine",
"scope": null,
"trust": 0.8,
"vendor": "ovirt",
"version": null
},
{
"model": "red hat enterprise linux for ibm z systems - extended update support",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "red hat enterprise linux for ibm z systems",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "kernel",
"scope": null,
"trust": 0.8,
"vendor": "linux",
"version": null
},
{
"model": "red hat enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "scalance lpe9403",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007117"
},
{
"db": "NVD",
"id": "CVE-2022-0847"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "166305"
},
{
"db": "PACKETSTORM",
"id": "166280"
},
{
"db": "PACKETSTORM",
"id": "166282"
},
{
"db": "PACKETSTORM",
"id": "166281"
},
{
"db": "PACKETSTORM",
"id": "166272"
}
],
"trust": 0.7
},
"cve": "CVE-2022-0847",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-0847",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0847",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-0847",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0847",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-0847",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-522",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-0847",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0847"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007117"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-522"
},
{
"db": "NVD",
"id": "CVE-2022-0847"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A flaw was found in the way the \"flags\" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. Linux Kernel Has an initialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This update provides security fixes, bug\nfixes, and updates the container images. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.4.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/\n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* nats-server: misusing the \"dynamically provisioned sandbox accounts\"\nfeature authenticated user can obtain the privileges of the System account\n(CVE-2022-24450)\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* search-ui-container: follow-redirects: Exposure of Private Personal\nInformation to an Unauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\n* openssl: Infinite loop in BN_mod_sqrt() reachable when parsing\ncertificates (CVE-2022-0778)\n\n* imgcrypt: Unauthorized access to encryted container image on a shared\nsystem due to missing check in CheckAuthorization() code path\n(CVE-2022-24778)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nRelated bugs:\n\n* RHACM 2.4.3 image files (BZ #2057249)\n\n* Observability - dashboard name contains `/` would cause error when\ngenerating dashboard cm (BZ #2032128)\n\n* ACM application placement fails after renaming the application name (BZ\n#2033051)\n\n* Disable the obs metric collect should not impact the managed cluster\nupgrade (BZ #2039197)\n\n* Observability - cluster list should only contain OCP311 cluster on OCP311\ndashboard (BZ #2039820)\n\n* The value of name label changed from clusterclaim name to cluster name\n(BZ #2042223)\n\n* VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ\n#2048500)\n\n* clusterSelector matchLabels spec are cleared when changing app\nname/namespace during creating an app in UI (BZ #2053211)\n\n* Application cluster status is not updated in UI after restoring (BZ\n#2053279)\n\n* OpenStack cluster creation is using deprecated floating IP config for\n4.7+ (BZ #2056610)\n\n* The value of Vendor reported by cluster metrics was Other even if the\nvendor label in managedcluster was Openshift (BZ #2059039)\n\n* Subscriptions stop reconciling after channel secrets are recreated (BZ\n#2059954)\n\n* Placementrule is not reconciling on a new fresh environment (BZ #2074156)\n\n* The cluster claimed from clusterpool cannot auto imported (BZ #2074543)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2032128 - Observability - dashboard name contains `/` would cause error when generating dashboard cm\n2033051 - ACM application placement fails after renaming the application name\n2039197 - disable the obs metric collect should not impact the managed cluster upgrade\n2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard\n2042223 - the value of name label changed from clusterclaim name to cluster name\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2052573 - CVE-2022-24450 nats-server: misusing the \"dynamically provisioned sandbox accounts\" feature authenticated user can obtain the privileges of the System account\n2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2053279 - Application cluster status is not updated in UI after restoring\n2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+\n2057249 - RHACM 2.4.3 images\n2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift\n2059954 - Subscriptions stop reconciling after channel secrets are recreated\n2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path\n2074156 - Placementrule is not reconciling on a new fresh environment\n2074543 - The cluster claimed from clusterpool can not auto imported\n\n5. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity updates:\n\n* nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* nodejs-shelljs: improper privilege management (CVE-2022-0144)\n\n* follow-redirects: Exposure of Private Personal Information to an\nUnauthorized Actor (CVE-2022-0155)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\nBug fix:\n\n* RHACM 2.3.8 images (Bugzilla #2062316)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2062316 - RHACM 2.3.8 images\n\n5. ==========================================================================\nUbuntu Security Notice USN-5317-1\nMarch 09, 2022\n\nlinux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13,\nlinux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oem-5.14,\nlinux-oracle, linux-oracle-5.13, linux-raspi vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. A local attacker could use this to cause a denial of\nservice or possibly execute arbitrary code. (CVE-2022-25636)\n\nEnrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano\nGiuffrida discovered that hardware mitigations added by ARM to their\nprocessors to address Spectre-BTI were insufficient. A local attacker could\npotentially use this to expose sensitive information. (CVE-2022-23960)\n\nMax Kellermann discovered that the Linux kernel incorrectly handled Unix\npipes. A local attacker could potentially use this to modify any file that\ncould be opened for reading. (CVE-2022-0847)\n\nEnrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano\nGiuffrida discovered that hardware mitigations added by Intel to their\nprocessors to address Spectre-BTI were insufficient. A local attacker could\npotentially use this to expose sensitive information. (CVE-2022-0001,\nCVE-2022-0002)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n linux-image-5.13.0-1016-kvm 5.13.0-1016.17\n linux-image-5.13.0-1017-aws 5.13.0-1017.19\n linux-image-5.13.0-1017-azure 5.13.0-1017.19\n linux-image-5.13.0-1019-gcp 5.13.0-1019.23\n linux-image-5.13.0-1020-raspi 5.13.0-1020.22\n linux-image-5.13.0-1020-raspi-nolpae 5.13.0-1020.22\n linux-image-5.13.0-1021-oracle 5.13.0-1021.26\n linux-image-5.13.0-35-generic 5.13.0-35.40\n linux-image-5.13.0-35-generic-64k 5.13.0-35.40\n linux-image-5.13.0-35-generic-lpae 5.13.0-35.40\n linux-image-5.13.0-35-lowlatency 5.13.0-35.40\n linux-image-aws 5.13.0.1017.18\n linux-image-azure 5.13.0.1017.17\n linux-image-gcp 5.13.0.1019.17\n linux-image-generic 5.13.0.35.44\n linux-image-generic-64k 5.13.0.35.44\n linux-image-generic-lpae 5.13.0.35.44\n linux-image-gke 5.13.0.1019.17\n linux-image-kvm 5.13.0.1016.16\n linux-image-lowlatency 5.13.0.35.44\n linux-image-oem-20.04 5.13.0.35.44\n linux-image-oracle 5.13.0.1021.21\n linux-image-raspi 5.13.0.1020.25\n linux-image-raspi-nolpae 5.13.0.1020.25\n linux-image-virtual 5.13.0.35.44\n\nUbuntu 20.04 LTS:\n linux-image-5.13.0-1017-aws 5.13.0-1017.19~20.04.1\n linux-image-5.13.0-1017-azure 5.13.0-1017.19~20.04.1\n linux-image-5.13.0-1019-gcp 5.13.0-1019.23~20.04.1\n linux-image-5.13.0-1021-oracle 5.13.0-1021.26~20.04.1\n linux-image-5.13.0-35-generic 5.13.0-35.40~20.04.1\n linux-image-5.13.0-35-generic-64k 5.13.0-35.40~20.04.1\n linux-image-5.13.0-35-generic-lpae 5.13.0-35.40~20.04.1\n linux-image-5.13.0-35-lowlatency 5.13.0-35.40~20.04.1\n linux-image-5.14.0-1027-oem 5.14.0-1027.30\n linux-image-aws 5.13.0.1017.19~20.04.10\n linux-image-azure 5.13.0.1017.19~20.04.7\n linux-image-gcp 5.13.0.1019.23~20.04.1\n linux-image-generic-64k-hwe-20.04 5.13.0.35.40~20.04.20\n linux-image-generic-hwe-20.04 5.13.0.35.40~20.04.20\n linux-image-generic-lpae-hwe-20.04 5.13.0.35.40~20.04.20\n linux-image-lowlatency-hwe-20.04 5.13.0.35.40~20.04.20\n linux-image-oem-20.04 5.14.0.1027.24\n linux-image-oem-20.04b 5.14.0.1027.24\n linux-image-oem-20.04c 5.14.0.1027.24\n linux-image-oem-20.04d 5.14.0.1027.24\n linux-image-oracle 5.13.0.1021.26~20.04.1\n linux-image-virtual-hwe-20.04 5.13.0.35.40~20.04.20\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. 8.2) - x86_64\n\n3. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. \n\nBug Fix(es):\n\n* kernel-rt: update RT source tree to the latest RHEL-8.2.z16 Batch\n(BZ#2057698)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: kernel security, bug fix, and enhancement update\nAdvisory ID: RHSA-2022:0825-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0825\nIssue date: 2022-03-10\nCVE Names: CVE-2021-0920 CVE-2021-4154 CVE-2022-0330 \n CVE-2022-0435 CVE-2022-0492 CVE-2022-0516 \n CVE-2022-0847 CVE-2022-22942 \n=====================================================================\n\n1. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system. \n\nThe following packages have been upgraded to a later upstream version:\nkernel (4.18.0). (BZ#2036888)\n\nSecurity Fix(es):\n\n* kernel: improper initialization of the \"flags\" member of the new\npipe_buffer (CVE-2022-0847)\n\n* kernel: Use After Free in unix_gc() which could result in a local\nprivilege escalation (CVE-2021-0920)\n\n* kernel: local privilege escalation by exploiting the fsconfig syscall\nparameter leads to container breakout (CVE-2021-4154)\n\n* kernel: possible privileges escalation due to missing TLB flush\n(CVE-2022-0330)\n\n* kernel: remote stack overflow via kernel panic on systems using TIPC may\nlead to DoS (CVE-2022-0435)\n\n* kernel: cgroups v1 release_agent feature may allow privilege escalation\n(CVE-2022-0492)\n\n* kernel: missing check in ioctl allows kernel memory read/write\n(CVE-2022-0516)\n\n* kernel: failing usercopy allows for use-after-free exploitation\n(CVE-2022-22942)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Intel QAT Kernel power up fix (BZ#2016437)\n\n* RHEL8.4 seeing scsi_dma_map failed with mpt3sas driver and affecting\nperformance (BZ#2018928)\n\n* [Lenovo 8.4 bug] audio_HDMI certification failed on RHEL 8.4GA (No hdmi\nout) (BZ#2027335)\n\n* [RHEL-8.5][4.18.0-323.el8.ppc64le][POWER8/9/10] security_flavor mode is\nnot set back to zero post online migration (BZ#2027448)\n\n* iommu/amd: Fix unable to handle page fault due to AVIC (BZ#2030854)\n\n* [Lenovo 8.4 bug]The VGA display shows no signal (black screen) when\ninstall RHEL8.4(beta or rc1) in the legacy BIOS mode. (BZ#2034949)\n\n* Double free of kmalloc-64 cache struct ib_port-\u003epkey_group from module\nib_core . (BZ#2038724)\n\n* Bus error with huge pages enabled (BZ#2039015)\n\n* RHEL8 - kvm: floating interrupts may get stuck (BZ#2040769)\n\n* Data corruption on small files served by httpd, which is backed by\ncifs-mount (BZ#2041529)\n\n* Add a net/mlx5 patch for Hardware Offload Fix (BZ#2042663)\n\n* Windows guest random Bsod when \u0027hv-tlbflush\u0027 enlightenment is enabled\n(BZ#2043237)\n\n* DNS lookup failures when run two times in a row (BZ#2043548)\n\n* net/sched: Fix ct zone matching for invalid conntrack state (BZ#2043550)\n\n* Kernel 4.18.0-348.2.1 secpath_cache memory leak involving strongswan\ntunnel (BZ#2047427)\n\n* OCP node XFS metadata corruption after numerous reboots (BZ#2049292)\n\n* Broadcom bnxt_re: RDMA stats are not incrementing (BZ#2049684)\n\n* ice: bug fix series for 8.6 (BZ#2051951)\n\n* panic while looking up a symlink due to NULL i_op-\u003eget_link (BZ#2052558)\n\n* ceph omnibus backport for RHEL-8.6.0 (BZ#2053725)\n\n* SCTP peel-off with SELinux and containers in OCP (BZ#2054112)\n\n* Selinux is not allowing SCTP connection setup between inter pod\ncommunication in enforcing mode (BZ#2054117)\n\n* dnf fails with fsync() over local repository present on CIFS mount point\n(BZ#2055824)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2031930 - CVE-2021-0920 kernel: Use After Free in unix_gc() which could result in a local privilege escalation\n2034514 - CVE-2021-4154 kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout\n2042404 - CVE-2022-0330 kernel: possible privileges escalation due to missing TLB flush\n2044809 - CVE-2022-22942 kernel: failing usercopy allows for use-after-free exploitation\n2048738 - CVE-2022-0435 kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS\n2050237 - CVE-2022-0516 kernel: missing check in ioctl allows kernel memory read/write\n2051505 - CVE-2022-0492 kernel: cgroups v1 release_agent feature may allow privilege escalation\n2060795 - CVE-2022-0847 kernel: improper initialization of the \"flags\" member of the new pipe_buffer\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nkernel-4.18.0-348.20.1.el8_5.src.rpm\n\naarch64:\nbpftool-4.18.0-348.20.1.el8_5.aarch64.rpm\nbpftool-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-core-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-cross-headers-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-debug-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-debug-core-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-debug-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-debug-devel-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-debug-modules-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-debug-modules-extra-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-debuginfo-common-aarch64-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-devel-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-headers-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-modules-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-modules-extra-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-tools-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-tools-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-tools-libs-4.18.0-348.20.1.el8_5.aarch64.rpm\nperf-4.18.0-348.20.1.el8_5.aarch64.rpm\nperf-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm\npython3-perf-4.18.0-348.20.1.el8_5.aarch64.rpm\npython3-perf-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm\n\nnoarch:\nkernel-abi-stablelists-4.18.0-348.20.1.el8_5.noarch.rpm\nkernel-doc-4.18.0-348.20.1.el8_5.noarch.rpm\n\nppc64le:\nbpftool-4.18.0-348.20.1.el8_5.ppc64le.rpm\nbpftool-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-core-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-cross-headers-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-debug-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-debug-core-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-debug-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-debug-devel-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-debug-modules-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-debug-modules-extra-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-devel-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-headers-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-modules-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-modules-extra-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-tools-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-tools-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-tools-libs-4.18.0-348.20.1.el8_5.ppc64le.rpm\nperf-4.18.0-348.20.1.el8_5.ppc64le.rpm\nperf-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm\npython3-perf-4.18.0-348.20.1.el8_5.ppc64le.rpm\npython3-perf-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm\n\ns390x:\nbpftool-4.18.0-348.20.1.el8_5.s390x.rpm\nbpftool-debuginfo-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-core-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-cross-headers-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-debug-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-debug-core-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-debug-debuginfo-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-debug-devel-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-debug-modules-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-debug-modules-extra-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-debuginfo-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-debuginfo-common-s390x-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-devel-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-headers-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-modules-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-modules-extra-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-tools-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-tools-debuginfo-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-zfcpdump-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-zfcpdump-core-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-zfcpdump-debuginfo-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-zfcpdump-devel-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-zfcpdump-modules-4.18.0-348.20.1.el8_5.s390x.rpm\nkernel-zfcpdump-modules-extra-4.18.0-348.20.1.el8_5.s390x.rpm\nperf-4.18.0-348.20.1.el8_5.s390x.rpm\nperf-debuginfo-4.18.0-348.20.1.el8_5.s390x.rpm\npython3-perf-4.18.0-348.20.1.el8_5.s390x.rpm\npython3-perf-debuginfo-4.18.0-348.20.1.el8_5.s390x.rpm\n\nx86_64:\nbpftool-4.18.0-348.20.1.el8_5.x86_64.rpm\nbpftool-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-core-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-cross-headers-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-debug-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-debug-core-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-debug-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-debug-devel-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-debug-modules-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-debug-modules-extra-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-debuginfo-common-x86_64-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-devel-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-headers-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-modules-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-modules-extra-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-tools-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-tools-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-tools-libs-4.18.0-348.20.1.el8_5.x86_64.rpm\nperf-4.18.0-348.20.1.el8_5.x86_64.rpm\nperf-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm\npython3-perf-4.18.0-348.20.1.el8_5.x86_64.rpm\npython3-perf-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm\n\nRed Hat CodeReady Linux Builder (v. 8):\n\naarch64:\nbpftool-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-debug-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-debuginfo-common-aarch64-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-tools-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm\nkernel-tools-libs-devel-4.18.0-348.20.1.el8_5.aarch64.rpm\nperf-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm\npython3-perf-debuginfo-4.18.0-348.20.1.el8_5.aarch64.rpm\n\nppc64le:\nbpftool-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-debug-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-tools-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm\nkernel-tools-libs-devel-4.18.0-348.20.1.el8_5.ppc64le.rpm\nperf-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm\npython3-perf-debuginfo-4.18.0-348.20.1.el8_5.ppc64le.rpm\n\nx86_64:\nbpftool-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-debug-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-debuginfo-common-x86_64-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-tools-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm\nkernel-tools-libs-devel-4.18.0-348.20.1.el8_5.x86_64.rpm\nperf-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm\npython3-perf-debuginfo-4.18.0-348.20.1.el8_5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-0920\nhttps://access.redhat.com/security/cve/CVE-2021-4154\nhttps://access.redhat.com/security/cve/CVE-2022-0330\nhttps://access.redhat.com/security/cve/CVE-2022-0435\nhttps://access.redhat.com/security/cve/CVE-2022-0492\nhttps://access.redhat.com/security/cve/CVE-2022-0516\nhttps://access.redhat.com/security/cve/CVE-2022-0847\nhttps://access.redhat.com/security/cve/CVE-2022-22942\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2022-002\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYippdNzjgjWX9erEAQjVrg//WBuZgEcpFf/4YBR6yXjJpyzeNdP/33wU\nb+G6E6fGXrwoJkMNfLMMr+PmoK5QxZvX3GAqJFApn9SHXtk5M7IM68TCnTXZsXVF\nM0V2ktlHJwOABXBJEXHFjnq9QllGzRkV+xJPOLKJwRB2fKtNAgOiLTJ7MrJZJtNu\nWIt5IsPclPoTKrSChCL/b535XKh3hAUqD1eymuk05SqWv3mo2joLQbZpHbM0fQW3\npnvDPnE+HDM8lW8dPJTiw1K3nBRrwmuvyKxNpnGYoRN/8USNJrIGJP5gGjrI1/b8\nIrV/OGeA2lk6lu48JmkAjrE/FZ+VeGn51fngrYYk6nfj8Ln8nklZjdLWQ8o+ImGD\n/CbWFlY3qw1Ml90mjyFyXhUWnz6rhquJvIZo2w3CeCR6/in4qN195aikaLmMAzZm\n5ar+9AkUGd2YsSAzeYn+FuGKEVucYZZCYc0wntVYwAMDTL3WPSIx+0m4TO+7pEvi\n9ZqnZ0Rn7iaAx6nEc1TQynzGbWBQr13k6h/2xhPhURDYnkULuxjJlWtIo8r+SdEH\nN8g66V55B16BkLXPRYg/DikuiF9+d2neszj8ZWvBKTnU2iSVaGCii7MQ5EdjkCdi\n0xk52SLKdk2I+Q2fLa+DJh5RW3fnP1NULPuW7350UBgbCUX2QdHsLMK+UnYkkmyV\n/Hdqi2gHENg=\n=duKX\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0847"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007117"
},
{
"db": "VULMON",
"id": "CVE-2022-0847"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "166241"
},
{
"db": "PACKETSTORM",
"id": "166305"
},
{
"db": "PACKETSTORM",
"id": "166280"
},
{
"db": "PACKETSTORM",
"id": "166282"
},
{
"db": "PACKETSTORM",
"id": "166281"
},
{
"db": "PACKETSTORM",
"id": "166272"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0847",
"trust": 4.1
},
{
"db": "PACKETSTORM",
"id": "166230",
"trust": 2.4
},
{
"db": "PACKETSTORM",
"id": "166258",
"trust": 2.4
},
{
"db": "PACKETSTORM",
"id": "166229",
"trust": 2.4
},
{
"db": "SIEMENS",
"id": "SSA-222547",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-167-09",
"trust": 1.4
},
{
"db": "PACKETSTORM",
"id": "176534",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU99030761",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007117",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166812",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166516",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166241",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166305",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166280",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166569",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032843",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031421",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022030808",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042576",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031308",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031036",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1027",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0965",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2981",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1677",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1405",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1064",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0944",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022030042",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022030060",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "50808",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-522",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-0847",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166282",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166281",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166272",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0847"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007117"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "166241"
},
{
"db": "PACKETSTORM",
"id": "166305"
},
{
"db": "PACKETSTORM",
"id": "166280"
},
{
"db": "PACKETSTORM",
"id": "166282"
},
{
"db": "PACKETSTORM",
"id": "166281"
},
{
"db": "PACKETSTORM",
"id": "166272"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-522"
},
{
"db": "NVD",
"id": "CVE-2022-0847"
}
]
},
"id": "VAR-202203-0043",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.26739928
},
"last_update_date": "2024-11-29T20:38:01.546000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug\u00a02060795",
"trust": 0.8,
"url": "https://fedoraproject.org/"
},
{
"title": "Linux kernel Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184957"
},
{
"title": "Red Hat: Important: kernel-rt security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220822 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220831 - Security Advisory"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0847"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2022-0847"
},
{
"title": "Dirty-Pipe-Oneshot",
"trust": 0.1,
"url": "https://github.com/badboy-sft/Dirty-Pipe-Oneshot "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0847"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007117"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-522"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-665",
"trust": 1.0
},
{
"problemtype": "Improper initialization (CWE-665) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007117"
},
{
"db": "NVD",
"id": "CVE-2022-0847"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://packetstormsecurity.com/files/166229/dirty-pipe-linux-privilege-escalation.html"
},
{
"trust": 3.0,
"url": "http://packetstormsecurity.com/files/166258/dirty-pipe-local-privilege-escalation.html"
},
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/166230/dirty-pipe-suid-binary-hijack-privilege-escalation.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0847"
},
{
"trust": 1.6,
"url": "https://dirtypipe.cm4all.com/"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"
},
{
"trust": 1.6,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0015"
},
{
"trust": 1.6,
"url": "https://www.suse.com/support/kb/doc/?id=000020603"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060795"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20220325-0005/"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0847"
},
{
"trust": 1.0,
"url": "http://packetstormsecurity.com/files/176534/linux-4.20-ktls-read-only-write.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99030761/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-167-09"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0330"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-0330"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-22942"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022030060"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/50808"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022030042"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166305/red-hat-security-advisory-2022-0841-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031308"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166516/red-hat-security-advisory-2022-1083-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032843"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166241/ubuntu-security-notice-usn-5317-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1405"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031036"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166280/red-hat-security-advisory-2022-0822-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1027"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022030808"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1064"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-09"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042576"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166569/ubuntu-security-notice-usn-5362-1.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-0847/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166812/red-hat-security-advisory-2022-1476-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/linux-kernel-file-write-via-dirty-pipe-37724"
},
{
"trust": 0.6,
"url": "https://source.android.com/security/bulletin/2022-05-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0944"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2981"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0965"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031421"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-0920"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-0492"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0492"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2022-002"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0435"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-0435"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4154"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-4154"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22942"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0516"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0516"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0413"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0536"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25236"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22827"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0392"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22824"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23219"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3999"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23308"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-45960"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-46143"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0261"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0155"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22826"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23566"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22825"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0155"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0359"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22822"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0144"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0318"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23566"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22823"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0235"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25315"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23218"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0536"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25235"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0144"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-4083"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4083"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41190"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0811"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27191"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1476"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41190"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1083"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle-5.13/5.13.0-1021.26~20.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25636"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.13.0-1017.19"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0001"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe-5.13/5.13.0-35.40~20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.13.0-1017.19"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.13.0-35.40"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-5.13/5.13.0-1017.19~20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp-5.13/5.13.0-1019.23~20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi/5.13.0-1020.22"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws-5.13/5.13.0-1017.19~20.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0002"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.13.0-1019.23"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5317-1"
},
{
"trust": 0.1,
"url": "https://wiki.ubuntu.com/securityteam/knowledgebase/bhi"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.13.0-1021.26"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oem-5.14/5.14.0-1027.30"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.13.0-1016.17"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0841"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0822"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0821"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4028"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4028"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0825"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007117"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "166241"
},
{
"db": "PACKETSTORM",
"id": "166305"
},
{
"db": "PACKETSTORM",
"id": "166280"
},
{
"db": "PACKETSTORM",
"id": "166282"
},
{
"db": "PACKETSTORM",
"id": "166281"
},
{
"db": "PACKETSTORM",
"id": "166272"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-522"
},
{
"db": "NVD",
"id": "CVE-2022-0847"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-0847"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007117"
},
{
"db": "PACKETSTORM",
"id": "166812"
},
{
"db": "PACKETSTORM",
"id": "166516"
},
{
"db": "PACKETSTORM",
"id": "166241"
},
{
"db": "PACKETSTORM",
"id": "166305"
},
{
"db": "PACKETSTORM",
"id": "166280"
},
{
"db": "PACKETSTORM",
"id": "166282"
},
{
"db": "PACKETSTORM",
"id": "166281"
},
{
"db": "PACKETSTORM",
"id": "166272"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-522"
},
{
"db": "NVD",
"id": "CVE-2022-0847"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0847"
},
{
"date": "2023-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007117"
},
{
"date": "2022-04-21T15:12:25",
"db": "PACKETSTORM",
"id": "166812"
},
{
"date": "2022-03-29T15:53:19",
"db": "PACKETSTORM",
"id": "166516"
},
{
"date": "2022-03-09T15:15:52",
"db": "PACKETSTORM",
"id": "166241"
},
{
"date": "2022-03-14T18:59:34",
"db": "PACKETSTORM",
"id": "166305"
},
{
"date": "2022-03-11T16:38:56",
"db": "PACKETSTORM",
"id": "166280"
},
{
"date": "2022-03-11T16:39:27",
"db": "PACKETSTORM",
"id": "166282"
},
{
"date": "2022-03-11T16:39:13",
"db": "PACKETSTORM",
"id": "166281"
},
{
"date": "2022-03-11T16:33:46",
"db": "PACKETSTORM",
"id": "166272"
},
{
"date": "2022-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-522"
},
{
"date": "2022-03-10T17:44:57.283000",
"db": "NVD",
"id": "CVE-2022-0847"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-01-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0847"
},
{
"date": "2023-07-12T06:29:00",
"db": "JVNDB",
"id": "JVNDB-2022-007117"
},
{
"date": "2022-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-522"
},
{
"date": "2024-11-21T06:39:30.990000",
"db": "NVD",
"id": "CVE-2022-0847"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "166241"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-522"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux\u00a0Kernel\u00a0 Initialization vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007117"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-522"
}
],
"trust": 0.6
}
}
var-202206-1534
Vulnerability from variot
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7
macOS Big Sur 11.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213443.
AppleMobileFileIntegrity Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. Entry added October 27, 2022
ATS Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t) Entry added October 27, 2022
ATS Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
Calendar Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher Entry added October 27, 2022
Contacts Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved checks. CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security
GarageBand Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: A configuration issue was addressed with additional restrictions. CVE-2022-32877: Wojciech Reguła (@_r3ggi) of SecuRing Entry added October 27, 2022
ImageIO Available for: macOS Big Sur Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622 Entry added October 27, 2022
Image Processing Available for: macOS Big Sur Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added October 27, 2022
iMovie Available for: macOS Big Sur Impact: A user may be able to view sensitive user information Description: This issue was addressed by enabling hardened runtime. CVE-2022-32896: Wojciech Reguła (@_r3ggi)
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab Entry added October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero Entry updated October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32894: an anonymous researcher
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: The issue was addressed with improved bounds checks. CVE-2022-32917: an anonymous researcher
Maps Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com Entry updated October 27, 2022
MediaLibrary Available for: macOS Big Sur Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
ncurses Available for: macOS Big Sur Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537 Entry added October 27, 2022
PackageKit Available for: macOS Big Sur Impact: An app may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-32900: Mickey Jin (@patch1t)
Sandbox Available for: macOS Big Sur Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022
Security Available for: macOS Big Sur Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de) Entry added October 27, 2022
Sidecar Available for: macOS Big Sur Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital Entry added October 27, 2022
SMB Available for: macOS Big Sur Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger Entry added October 27, 2022
Vim Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 Entry added October 27, 2022
Weather Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher Entry added October 27, 2022
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer) Entry added October 27, 2022
Additional recognition
Identity Services We would like to acknowledge Joshua Jones for their assistance.
macOS Big Sur 11.7 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpYACgkQ4RjMIDke NxnDzw/7BbMWXxZ6uPMWb3LMFZlymEZMCtL5S27GA8HXiz7SU6c2wPrF1ofp8Bbz pYGy4OrK17rAb/qHIig03TVE6EJl4ScZHv7STn1gQ5ciKqud6jL16mm2BjRCm2T4 ZQtTzrQrSRHJbBSUSsnZxi5Wp9wjIA6w8JVvMqdBrnpu3yWt8Jo0tW0d/nO1EK3I QlfDgOaiZrdHN2m/Y+kjWOhRqDLe2QWObQh95Gyybi3++ctTr58PBLBYLhWgLMoV AMj69PLudFI8cEeqhDlfVK7ept2O+WLkYeI/Px5nG7YHhndr9fiR55Rz5m2Hl44k rnxDKs9hVQLwSHAo9uJ1DBUteEzgdUJWiwGxP4InnCmhlXpJl7AkVsr7bq5iaDcT o32wNfv1BEzBBvINNfw1PZ+JwNmEwugSj1UX54GFOj3B9WjGguIi0dMqOc0j6GKm xnIwzPIlHhHb/1D17kl/kTQH602w/Mf5OIlSfL/mk0CKjwR+0QvQF5HXhULJHbqJ Kpx8C1JfhnyWqBoCuh+URCKlZJ4T3P6IUgoRzuX4Jk3TDABCP5jgEZOzj76JPE1y IVt8ULLARjjUdEOzC8dZkaeGUOAerzfxIU8QJwmrnHQI3vQX7JR9MbK1S+PRJsGy 1h69HcdL2HGpjPyDf9uI2nMOntOUrTz/PqjQUzmfllq3B42RPZs= =euaC -----END PGP SIGNATURE-----
. ========================================================================== Ubuntu Security Notice USN-5723-1 November 14, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim could be made to crash when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-1674)
It was discovered that there existed a NULL pointer dereference in Vim. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-1725)
It was discovered that there existed a buffer over-read in Vim when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2124)
It was discovered that there existed a heap buffer overflow in Vim when auto-indenting lisp. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2125)
It was discovered that there existed an out of bounds read in Vim when performing spelling suggestions. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2126)
It was discovered that Vim accessed invalid memory when executing specially crafted command line expressions. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2175)
It was discovered that there existed an out-of-bounds read in Vim when auto-indenting lisp. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2183)
It was discovered that Vim accessed invalid memory when terminal size changed. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2206)
It was discovered that there existed a stack buffer overflow in Vim's spelldump. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2304)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm13 vim-athena 2:7.4.1689-3ubuntu1.5+esm13 vim-athena-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gnome 2:7.4.1689-3ubuntu1.5+esm13 vim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk3 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-nox 2:7.4.1689-3ubuntu1.5+esm13 vim-nox-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-tiny 2:7.4.1689-3ubuntu1.5+esm13
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5723-1 CVE-2022-1674, CVE-2022-1725, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1534",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.5122"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011658"
},
{
"db": "NVD",
"id": "CVE-2022-2125"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-2125",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-2125",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-426194",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-2125",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-2125",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2125",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-2125",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2125",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-1996",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-426194",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-2125",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426194"
},
{
"db": "VULMON",
"id": "CVE-2022-2125"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011658"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1996"
},
{
"db": "NVD",
"id": "CVE-2022-2125"
},
{
"db": "NVD",
"id": "CVE-2022-2125"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7\n\nmacOS Big Sur 11.7 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213443. \n\nAppleMobileFileIntegrity\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \nEntry added October 27, 2022\n\nATS\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\nEntry added October 27, 2022\n\nATS\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nCalendar\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\nEntry added October 27, 2022\n\nContacts\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved checks. \nCVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security\n\nGarageBand\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: A configuration issue was addressed with additional\nrestrictions. \nCVE-2022-32877: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nEntry added October 27, 2022\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\nEntry added October 27, 2022\n\nImage Processing\nAvailable for: macOS Big Sur\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\nEntry added October 27, 2022\n\niMovie\nAvailable for: macOS Big Sur\nImpact: A user may be able to view sensitive user information\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2022-32896: Wojciech Regu\u0142a (@_r3ggi)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\nEntry added October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\nEntry updated October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32894: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32917: an anonymous researcher\n\nMaps\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\nEntry updated October 27, 2022\n\nMediaLibrary\nAvailable for: macOS Big Sur\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nncurses\nAvailable for: macOS Big Sur\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\nEntry added October 27, 2022\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: An app may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32900: Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nSecurity\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\nEntry added October 27, 2022\n\nSidecar\nAvailable for: macOS Big Sur\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\nEntry added October 27, 2022\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\nEntry added October 27, 2022\n\nVim\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: This issue was addressed with improved checks. \nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\nEntry added October 27, 2022\n\nWeather\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\nEntry added October 27, 2022\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\nEntry added October 27, 2022\n\nAdditional recognition\n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nmacOS Big Sur 11.7 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpYACgkQ4RjMIDke\nNxnDzw/7BbMWXxZ6uPMWb3LMFZlymEZMCtL5S27GA8HXiz7SU6c2wPrF1ofp8Bbz\npYGy4OrK17rAb/qHIig03TVE6EJl4ScZHv7STn1gQ5ciKqud6jL16mm2BjRCm2T4\nZQtTzrQrSRHJbBSUSsnZxi5Wp9wjIA6w8JVvMqdBrnpu3yWt8Jo0tW0d/nO1EK3I\nQlfDgOaiZrdHN2m/Y+kjWOhRqDLe2QWObQh95Gyybi3++ctTr58PBLBYLhWgLMoV\nAMj69PLudFI8cEeqhDlfVK7ept2O+WLkYeI/Px5nG7YHhndr9fiR55Rz5m2Hl44k\nrnxDKs9hVQLwSHAo9uJ1DBUteEzgdUJWiwGxP4InnCmhlXpJl7AkVsr7bq5iaDcT\no32wNfv1BEzBBvINNfw1PZ+JwNmEwugSj1UX54GFOj3B9WjGguIi0dMqOc0j6GKm\nxnIwzPIlHhHb/1D17kl/kTQH602w/Mf5OIlSfL/mk0CKjwR+0QvQF5HXhULJHbqJ\nKpx8C1JfhnyWqBoCuh+URCKlZJ4T3P6IUgoRzuX4Jk3TDABCP5jgEZOzj76JPE1y\nIVt8ULLARjjUdEOzC8dZkaeGUOAerzfxIU8QJwmrnHQI3vQX7JR9MbK1S+PRJsGy\n1h69HcdL2HGpjPyDf9uI2nMOntOUrTz/PqjQUzmfllq3B42RPZs=\n=euaC\n-----END PGP SIGNATURE-----\n\n\n. ==========================================================================\nUbuntu Security Notice USN-5723-1\nNovember 14, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim could be made to crash when searching specially\ncrafted patterns. An attacker could possibly use this to crash Vim and\ncause denial of service. (CVE-2022-1674)\n\nIt was discovered that there existed a NULL pointer dereference in Vim. An\nattacker could possibly use this to crash Vim and cause denial of service. \n(CVE-2022-1725)\n\nIt was discovered that there existed a buffer over-read in Vim when\nsearching specially crafted patterns. An attacker could possibly use this\nto crash Vim and cause denial of service. (CVE-2022-2124)\n\nIt was discovered that there existed a heap buffer overflow in Vim when\nauto-indenting lisp. An attacker could possibly use this to crash Vim and\ncause denial of service. (CVE-2022-2125)\n\nIt was discovered that there existed an out of bounds read in Vim when\nperforming spelling suggestions. An attacker could possibly use this to\ncrash Vim and cause denial of service. (CVE-2022-2126)\n\nIt was discovered that Vim accessed invalid memory when executing specially\ncrafted command line expressions. An attacker could possibly use this to\ncrash Vim, access or modify memory, or execute arbitrary commands. \n(CVE-2022-2175)\n\nIt was discovered that there existed an out-of-bounds read in Vim when\nauto-indenting lisp. An attacker could possibly use this to crash Vim,\naccess or modify memory, or execute arbitrary commands. (CVE-2022-2183)\n\n\nIt was discovered that Vim accessed invalid memory when terminal size\nchanged. An attacker could possibly use this to crash Vim, access or modify\nmemory, or execute arbitrary commands. (CVE-2022-2206)\n\nIt was discovered that there existed a stack buffer overflow in Vim\u0027s\nspelldump. An attacker could possibly use this to crash Vim and cause\ndenial of service. (CVE-2022-2304)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\nvim 2:7.4.1689-3ubuntu1.5+esm13\nvim-athena 2:7.4.1689-3ubuntu1.5+esm13\nvim-athena-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gnome 2:7.4.1689-3ubuntu1.5+esm13\nvim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk3 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-nox 2:7.4.1689-3ubuntu1.5+esm13\nvim-nox-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-tiny 2:7.4.1689-3ubuntu1.5+esm13\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\nhttps://ubuntu.com/security/notices/USN-5723-1\nCVE-2022-1674, CVE-2022-1725, CVE-2022-2124, CVE-2022-2125,\nCVE-2022-2126, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\nCVE-2022-2304\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2125"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011658"
},
{
"db": "VULHUB",
"id": "VHN-426194"
},
{
"db": "VULMON",
"id": "CVE-2022-2125"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169832"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-426194",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426194"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2125",
"trust": 3.8
},
{
"db": "PACKETSTORM",
"id": "169585",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169832",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011658",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1996",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5872",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426194",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2125",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426194"
},
{
"db": "VULMON",
"id": "CVE-2022-2125"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011658"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1996"
},
{
"db": "NVD",
"id": "CVE-2022-2125"
}
]
},
"id": "VAR-202206-1534",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426194"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:26:47.289000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213444 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=212451"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-2125"
},
{
"title": "Ubuntu Security Notice: USN-5723-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5723-1"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11dbcf77118f7ec64d0ef6c1e3c087e3"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-116",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-116"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2125"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011658"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1996"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426194"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011658"
},
{
"db": "NVD",
"id": "CVE-2022-2125"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213443"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213444"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/43"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/45"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/0e8e938d497260dd57be67b4966cb27a5f72376f"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/u743fmjgfq35gbpcq6owmvzejpdfvewm/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gfd2a4ylbr7oirhtl7ck6ynmeiq264cn/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gfd2a4ylbr7oirhtl7ck6ynmeiq264cn/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/u743fmjgfq35gbpcq6owmvzejpdfvewm/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-2125"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2125/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-out-of-bounds-memory-reading-via-get-lisp-indent-38694"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169585/apple-security-advisory-2022-10-27-9.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169832/ubuntu-security-notice-usn-5723-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5872"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5723-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32864"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32854"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32881"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213443."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426194"
},
{
"db": "VULMON",
"id": "CVE-2022-2125"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011658"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1996"
},
{
"db": "NVD",
"id": "CVE-2022-2125"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426194"
},
{
"db": "VULMON",
"id": "CVE-2022-2125"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011658"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1996"
},
{
"db": "NVD",
"id": "CVE-2022-2125"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-19T00:00:00",
"db": "VULHUB",
"id": "VHN-426194"
},
{
"date": "2022-06-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2125"
},
{
"date": "2023-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011658"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-10-31T14:50:18",
"db": "PACKETSTORM",
"id": "169585"
},
{
"date": "2022-11-15T16:38:43",
"db": "PACKETSTORM",
"id": "169832"
},
{
"date": "2022-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1996"
},
{
"date": "2022-06-19T12:15:07.897000",
"db": "NVD",
"id": "CVE-2022-2125"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-426194"
},
{
"date": "2022-10-31T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2125"
},
{
"date": "2023-08-23T07:47:00",
"db": "JVNDB",
"id": "JVNDB-2022-011658"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1996"
},
{
"date": "2024-11-21T07:00:21.880000",
"db": "NVD",
"id": "CVE-2022-2125"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1996"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011658"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1996"
}
],
"trust": 0.6
}
}
var-202303-1599
Vulnerability from variot
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection. Haxx of libcurl Products from other vendors have authentication vulnerabilities.Information may be obtained. Description This CVE is under investigation by Red Hat Product Security. ========================================================================== Ubuntu Security Notice USN-5964-1 March 20, 2023
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing, curl could pass on user name and telnet options to the server as provided, contrary to expectations. (CVE-2023-27533)
Harry Sintonen discovered that curl incorrectly handled special tilde characters when used with SFTP paths. A remote attacker could possibly use this issue to circumvent filtering. (CVE-2023-27534)
Harry Sintonen discovered that curl incorrectly reused certain FTP connections. This could lead to the wrong credentials being reused, contrary to expectations. (CVE-2023-27535)
Harry Sintonen discovered that curl incorrectly reused connections when the GSS delegation option had been changed. This could lead to the option being reused, contrary to expectations. (CVE-2023-27536)
Harry Sintonen discovered that curl incorrectly reused certain SSH connections. This could lead to the wrong credentials being reused, contrary to expectations. (CVE-2023-27538)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10: curl 7.85.0-1ubuntu0.5 libcurl3-gnutls 7.85.0-1ubuntu0.5 libcurl3-nss 7.85.0-1ubuntu0.5 libcurl4 7.85.0-1ubuntu0.5
Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.10 libcurl3-gnutls 7.81.0-1ubuntu1.10 libcurl3-nss 7.81.0-1ubuntu1.10 libcurl4 7.81.0-1ubuntu1.10
Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.18 libcurl3-gnutls 7.68.0-1ubuntu2.18 libcurl3-nss 7.68.0-1ubuntu2.18 libcurl4 7.68.0-1ubuntu2.18
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.24 libcurl3-gnutls 7.58.0-2ubuntu3.24 libcurl3-nss 7.58.0-2ubuntu3.24 libcurl4 7.58.0-2ubuntu3.24
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5964-1 CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538
Package Information: https://launchpad.net/ubuntu/+source/curl/7.85.0-1ubuntu0.5 https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.10 https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.18 https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.24 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-12
https://security.gentoo.org/
Severity: High Title: curl: Multiple Vulnerabilities Date: October 11, 2023 Bugs: #887745, #894676, #902801, #906590, #910564, #914091, #915195 ID: 202310-12
Synopsis
Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.
Background
A command line tool and library for transferring data with URLs.
Affected packages
Package Vulnerable Unaffected
net-misc/curl < 8.3.0-r2 >= 8.3.0-r2
Description
Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Note that the risk of remote code execution is limited to SOCKS usage.
Workaround
There is no known workaround at this time.
Resolution
All curl users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-8.3.0-r2"
References
[ 1 ] CVE-2022-43551 https://nvd.nist.gov/vuln/detail/CVE-2022-43551 [ 2 ] CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 [ 3 ] CVE-2023-23914 https://nvd.nist.gov/vuln/detail/CVE-2023-23914 [ 4 ] CVE-2023-23915 https://nvd.nist.gov/vuln/detail/CVE-2023-23915 [ 5 ] CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 [ 6 ] CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 [ 7 ] CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 [ 8 ] CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 [ 9 ] CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 [ 10 ] CVE-2023-27537 https://nvd.nist.gov/vuln/detail/CVE-2023-27537 [ 11 ] CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 [ 12 ] CVE-2023-28319 https://nvd.nist.gov/vuln/detail/CVE-2023-28319 [ 13 ] CVE-2023-28320 https://nvd.nist.gov/vuln/detail/CVE-2023-28320 [ 14 ] CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 [ 15 ] CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 [ 16 ] CVE-2023-32001 https://nvd.nist.gov/vuln/detail/CVE-2023-32001 [ 17 ] CVE-2023-38039 https://nvd.nist.gov/vuln/detail/CVE-2023-38039 [ 18 ] CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 [ 19 ] CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202310-12
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202303-1599",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "brocade fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": "9.0"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "libcurl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "8.0.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "libcurl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.16.1"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "h300s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "ontap",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "brocade fabric os",
"scope": null,
"trust": 0.8,
"vendor": "broadcom",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "libcurl",
"scope": null,
"trust": 0.8,
"vendor": "haxx",
"version": null
},
{
"model": "h410s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "h700s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "h500s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "active iq unified manager",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-006571"
},
{
"db": "NVD",
"id": "CVE-2023-27538"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "171407"
}
],
"trust": 0.1
},
"cve": "CVE-2023-27538",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-27538",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-27538",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-27538",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2023-27538",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202303-1552",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-006571"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-1552"
},
{
"db": "NVD",
"id": "CVE-2023-27538"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection. Haxx of libcurl Products from other vendors have authentication vulnerabilities.Information may be obtained. Description\u003c!----\u003e This CVE is under investigation by Red Hat Product Security. ==========================================================================\nUbuntu Security Notice USN-5964-1\nMarch 20, 2023\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nHarry Sintonen discovered that curl incorrectly handled certain TELNET\nconnection options. Due to lack of proper input scrubbing, curl could pass\non user name and telnet options to the server as provided, contrary to\nexpectations. (CVE-2023-27533)\n\nHarry Sintonen discovered that curl incorrectly handled special tilde\ncharacters when used with SFTP paths. A remote attacker could possibly use\nthis issue to circumvent filtering. (CVE-2023-27534)\n\nHarry Sintonen discovered that curl incorrectly reused certain FTP\nconnections. This could lead to the wrong credentials being reused,\ncontrary to expectations. (CVE-2023-27535)\n\nHarry Sintonen discovered that curl incorrectly reused connections when the\nGSS delegation option had been changed. This could lead to the option being\nreused, contrary to expectations. (CVE-2023-27536)\n\nHarry Sintonen discovered that curl incorrectly reused certain SSH\nconnections. This could lead to the wrong credentials being reused,\ncontrary to expectations. (CVE-2023-27538)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.10:\n curl 7.85.0-1ubuntu0.5\n libcurl3-gnutls 7.85.0-1ubuntu0.5\n libcurl3-nss 7.85.0-1ubuntu0.5\n libcurl4 7.85.0-1ubuntu0.5\n\nUbuntu 22.04 LTS:\n curl 7.81.0-1ubuntu1.10\n libcurl3-gnutls 7.81.0-1ubuntu1.10\n libcurl3-nss 7.81.0-1ubuntu1.10\n libcurl4 7.81.0-1ubuntu1.10\n\nUbuntu 20.04 LTS:\n curl 7.68.0-1ubuntu2.18\n libcurl3-gnutls 7.68.0-1ubuntu2.18\n libcurl3-nss 7.68.0-1ubuntu2.18\n libcurl4 7.68.0-1ubuntu2.18\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.24\n libcurl3-gnutls 7.58.0-2ubuntu3.24\n libcurl3-nss 7.58.0-2ubuntu3.24\n libcurl4 7.58.0-2ubuntu3.24\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5964-1\n CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536,\n CVE-2023-27538\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/curl/7.85.0-1ubuntu0.5\n https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.10\n https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.18\n https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.24\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202310-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: curl: Multiple Vulnerabilities\n Date: October 11, 2023\n Bugs: #887745, #894676, #902801, #906590, #910564, #914091, #915195\n ID: 202310-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in curl, the worst of\nwhich could result in arbitrary code execution. \n\nBackground\n==========\n\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n------------- ------------ ------------\nnet-misc/curl \u003c 8.3.0-r2 \u003e= 8.3.0-r2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in curl. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nNote that the risk of remote code execution is limited to SOCKS usage. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll curl users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-8.3.0-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-43551\n https://nvd.nist.gov/vuln/detail/CVE-2022-43551\n[ 2 ] CVE-2022-43552\n https://nvd.nist.gov/vuln/detail/CVE-2022-43552\n[ 3 ] CVE-2023-23914\n https://nvd.nist.gov/vuln/detail/CVE-2023-23914\n[ 4 ] CVE-2023-23915\n https://nvd.nist.gov/vuln/detail/CVE-2023-23915\n[ 5 ] CVE-2023-23916\n https://nvd.nist.gov/vuln/detail/CVE-2023-23916\n[ 6 ] CVE-2023-27533\n https://nvd.nist.gov/vuln/detail/CVE-2023-27533\n[ 7 ] CVE-2023-27534\n https://nvd.nist.gov/vuln/detail/CVE-2023-27534\n[ 8 ] CVE-2023-27535\n https://nvd.nist.gov/vuln/detail/CVE-2023-27535\n[ 9 ] CVE-2023-27536\n https://nvd.nist.gov/vuln/detail/CVE-2023-27536\n[ 10 ] CVE-2023-27537\n https://nvd.nist.gov/vuln/detail/CVE-2023-27537\n[ 11 ] CVE-2023-27538\n https://nvd.nist.gov/vuln/detail/CVE-2023-27538\n[ 12 ] CVE-2023-28319\n https://nvd.nist.gov/vuln/detail/CVE-2023-28319\n[ 13 ] CVE-2023-28320\n https://nvd.nist.gov/vuln/detail/CVE-2023-28320\n[ 14 ] CVE-2023-28321\n https://nvd.nist.gov/vuln/detail/CVE-2023-28321\n[ 15 ] CVE-2023-28322\n https://nvd.nist.gov/vuln/detail/CVE-2023-28322\n[ 16 ] CVE-2023-32001\n https://nvd.nist.gov/vuln/detail/CVE-2023-32001\n[ 17 ] CVE-2023-38039\n https://nvd.nist.gov/vuln/detail/CVE-2023-38039\n[ 18 ] CVE-2023-38545\n https://nvd.nist.gov/vuln/detail/CVE-2023-38545\n[ 19 ] CVE-2023-38546\n https://nvd.nist.gov/vuln/detail/CVE-2023-38546\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202310-12\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-27538"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-006571"
},
{
"db": "VULMON",
"id": "CVE-2023-27538"
},
{
"db": "PACKETSTORM",
"id": "171407"
},
{
"db": "PACKETSTORM",
"id": "175074"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-27538",
"trust": 3.5
},
{
"db": "HACKERONE",
"id": "1898475",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-23-348-10",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-046-15",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-348-16",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98271228",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91198149",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-006571",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.3327",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2293",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1917",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3143",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1733",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3732",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202303-1552",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-27538",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171407",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175074",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-27538"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-006571"
},
{
"db": "PACKETSTORM",
"id": "171407"
},
{
"db": "PACKETSTORM",
"id": "175074"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-1552"
},
{
"db": "NVD",
"id": "CVE-2023-27538"
}
]
},
"id": "VAR-202303-1599",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.625
},
"last_update_date": "2024-08-14T12:43:41.683000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "libcurl Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=232712"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2023-27538"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-27538"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-1552"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "CWE-305",
"trust": 1.0
},
{
"problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-006571"
},
{
"db": "NVD",
"id": "CVE-2023-27538"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://hackerone.com/reports/1898475"
},
{
"trust": 2.4,
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html"
},
{
"trust": 2.4,
"url": "https://security.netapp.com/advisory/ntap-20230420-0010/"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202310-12"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27538"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98271228/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91198149/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-16"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2023-27538"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36nbd5yljxxedzldgnfcerwryjq6laqw/"
},
{
"trust": 0.6,
"url": "https://curl.se/docs/cve-2023-27538.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2293"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1733"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3327"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-27538/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1917"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27535"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27533"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27534"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27536"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.10"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.85.0-1ubuntu0.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.24"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5964-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.18"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28321"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28322"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23915"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43552"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-38545"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-38546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-38039"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28320"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23914"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28319"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-27538"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-006571"
},
{
"db": "PACKETSTORM",
"id": "171407"
},
{
"db": "PACKETSTORM",
"id": "175074"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-1552"
},
{
"db": "NVD",
"id": "CVE-2023-27538"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-27538"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-006571"
},
{
"db": "PACKETSTORM",
"id": "171407"
},
{
"db": "PACKETSTORM",
"id": "175074"
},
{
"db": "CNNVD",
"id": "CNNVD-202303-1552"
},
{
"db": "NVD",
"id": "CVE-2023-27538"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-006571"
},
{
"date": "2023-03-21T17:30:09",
"db": "PACKETSTORM",
"id": "171407"
},
{
"date": "2023-10-11T16:50:55",
"db": "PACKETSTORM",
"id": "175074"
},
{
"date": "2023-03-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202303-1552"
},
{
"date": "2023-03-30T20:15:07.677000",
"db": "NVD",
"id": "CVE-2023-27538"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-02-20T07:55:00",
"db": "JVNDB",
"id": "JVNDB-2023-006571"
},
{
"date": "2023-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202303-1552"
},
{
"date": "2024-03-27T14:46:06.490000",
"db": "NVD",
"id": "CVE-2023-27538"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202303-1552"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Haxx\u00a0 of \u00a0libcurl\u00a0 Authentication vulnerabilities in products from multiple vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-006571"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202303-1552"
}
],
"trust": 0.6
}
}
var-202205-0215
Vulnerability from variot
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. Clam AntiVirus (ClamAV) for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. ========================================================================== Ubuntu Security Notice USN-5423-2 May 17, 2022
clamav vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in ClamAV.
Software Description: - clamav: Anti-virus utility for Unix
Details:
USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.
Original advisory details:
Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20770)
Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20771)
Michał Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service. (CVE-2022-20785)
Michał Dardas discovered that ClamAV incorrectly handled loading the signature database. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-20792)
Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly handled the scan verdict cache check. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.(CVE-2022-20796)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1
Ubuntu 14.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5423-2 https://ubuntu.com/security/notices/USN-5423-1 CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792, CVE-2022-20796 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-01
https://security.gentoo.org/
Severity: Normal Title: ClamAV: Multiple Vulnerabilities Date: October 01, 2023 Bugs: #831083, #842813, #894672 ID: 202310-01
Synopsis
Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.
Background
ClamAV is a GPL virus scanner.
Affected packages
Package Vulnerable Unaffected
app-antivirus/clamav < 0.103.7 >= 0.103.7
Description
Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All ClamAV users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.103.7"
References
[ 1 ] CVE-2022-20698 https://nvd.nist.gov/vuln/detail/CVE-2022-20698 [ 2 ] CVE-2022-20770 https://nvd.nist.gov/vuln/detail/CVE-2022-20770 [ 3 ] CVE-2022-20771 https://nvd.nist.gov/vuln/detail/CVE-2022-20771 [ 4 ] CVE-2022-20785 https://nvd.nist.gov/vuln/detail/CVE-2022-20785 [ 5 ] CVE-2022-20792 https://nvd.nist.gov/vuln/detail/CVE-2022-20792 [ 6 ] CVE-2022-20796 https://nvd.nist.gov/vuln/detail/CVE-2022-20796 [ 7 ] CVE-2022-20803 https://nvd.nist.gov/vuln/detail/CVE-2022-20803 [ 8 ] CVE-2023-20032 https://nvd.nist.gov/vuln/detail/CVE-2023-20032 [ 9 ] CVE-2023-20052 https://nvd.nist.gov/vuln/detail/CVE-2023-20052
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202310-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0215",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clamav",
"scope": "eq",
"trust": 1.0,
"vendor": "clamav",
"version": "0.103.5"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.18.2"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.17.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "secure endpoint",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.18.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "clamav",
"scope": "eq",
"trust": 1.0,
"vendor": "clamav",
"version": "0.103.4"
},
{
"model": "clamav",
"scope": "eq",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "clamav",
"scope": "eq",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.2"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.16.3"
},
{
"model": "cisco secure endpoint",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "clamav",
"scope": null,
"trust": 0.8,
"vendor": "clamav",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010228"
},
{
"db": "NVD",
"id": "CVE-2022-20796"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
}
],
"trust": 0.2
},
"cve": "CVE-2022-20796",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-20796",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-405349",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2022-20796",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.0,
"id": "CVE-2022-20796",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-20796",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-20796",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2022-20796",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-20796",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2060",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-405349",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-20796",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405349"
},
{
"db": "VULMON",
"id": "CVE-2022-20796"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010228"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2060"
},
{
"db": "NVD",
"id": "CVE-2022-20796"
},
{
"db": "NVD",
"id": "CVE-2022-20796"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. Clam AntiVirus (ClamAV) for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. ==========================================================================\nUbuntu Security Notice USN-5423-2\nMay 17, 2022\n\nclamav vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in ClamAV. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nUSN-5423-1 fixed several vulnerabilities in ClamAV. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. \n\n\nOriginal advisory details:\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing CHM files. \n A remote attacker could possibly use this issue to cause ClamAV to stop\n responding, resulting in a denial of service. (CVE-2022-20770)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing TIFF\n files. A remote attacker could possibly use this issue to cause ClamAV to\n stop responding, resulting in a denial of service. (CVE-2022-20771)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing HTML\n files. A remote attacker could possibly use this issue to cause ClamAV to\n consume resources, resulting in a denial of service. (CVE-2022-20785)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled loading the\n signature database. A remote attacker could possibly use this issue to\n cause ClamAV to crash, resulting in a denial of service, or possibly\n execute arbitrary code. (CVE-2022-20792)\n\n Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly\n handled the scan verdict cache check. A remote attacker could possibly use\n this issue to cause ClamAV to crash, resulting in a denial of service, or\n possibly execute arbitrary code.(CVE-2022-20796)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1\n\nUbuntu 14.04 ESM:\n clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. In general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5423-2\n https://ubuntu.com/security/notices/USN-5423-1\n CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792,\n CVE-2022-20796\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202310-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: ClamAV: Multiple Vulnerabilities\n Date: October 01, 2023\n Bugs: #831083, #842813, #894672\n ID: 202310-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in ClamAV, the worst of\nwhich could result in remote code execution. \n\nBackground\n==========\n\nClamAV is a GPL virus scanner. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n-------------------- ------------ ------------\napp-antivirus/clamav \u003c 0.103.7 \u003e= 0.103.7\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in ClamAV. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll ClamAV users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-antivirus/clamav-0.103.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-20698\n https://nvd.nist.gov/vuln/detail/CVE-2022-20698\n[ 2 ] CVE-2022-20770\n https://nvd.nist.gov/vuln/detail/CVE-2022-20770\n[ 3 ] CVE-2022-20771\n https://nvd.nist.gov/vuln/detail/CVE-2022-20771\n[ 4 ] CVE-2022-20785\n https://nvd.nist.gov/vuln/detail/CVE-2022-20785\n[ 5 ] CVE-2022-20792\n https://nvd.nist.gov/vuln/detail/CVE-2022-20792\n[ 6 ] CVE-2022-20796\n https://nvd.nist.gov/vuln/detail/CVE-2022-20796\n[ 7 ] CVE-2022-20803\n https://nvd.nist.gov/vuln/detail/CVE-2022-20803\n[ 8 ] CVE-2023-20032\n https://nvd.nist.gov/vuln/detail/CVE-2023-20032\n[ 9 ] CVE-2023-20052\n https://nvd.nist.gov/vuln/detail/CVE-2023-20052\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202310-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-20796"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010228"
},
{
"db": "VULHUB",
"id": "VHN-405349"
},
{
"db": "VULMON",
"id": "CVE-2022-20796"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-20796",
"trust": 3.7
},
{
"db": "PACKETSTORM",
"id": "167211",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167199",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010228",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.2784",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2431",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2362",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051836",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050437",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051732",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2060",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-64259",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-405349",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-20796",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174873",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405349"
},
{
"db": "VULMON",
"id": "CVE-2022-20796"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010228"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2060"
},
{
"db": "NVD",
"id": "CVE-2022-20796"
}
]
},
"id": "VAR-202205-0215",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-405349"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:58:17.529000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2022-0ac71a8f3a Cisco Systems Cisco\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.clamav.net/"
},
{
"title": "ClamAV Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=243165"
},
{
"title": "Cisco: ClamAV Truncated File Denial of Service Vulnerability Affecting Cisco Products: May 2022",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-clamav-dos-vL9x58p4"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-20796"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2022-20796"
},
{
"title": "Ubuntu Security Notice: USN-5423-1: ClamAV vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5423-1"
},
{
"title": "Ubuntu Security Notice: USN-5423-2: ClamAV vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5423-2"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1621",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1621"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-090",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-090"
},
{
"title": "Amazon Linux 2022: ALAS-2022-229",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS-2022-229"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-20796"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010228"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2060"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
},
{
"problemtype": "CWE-822",
"trust": 1.0
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405349"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010228"
},
{
"db": "NVD",
"id": "CVE-2022-20796"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-dos-vl9x58p4"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202310-01"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20796"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050437"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/clamav-multiple-vulnerabilities-38245"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051836"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-20796/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2362"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167199/ubuntu-security-notice-usn-5423-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2431"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167211/ubuntu-security-notice-usn-5423-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2784"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051732"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5423-1"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20770"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20771"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20792"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20785"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5423-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.22.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.21.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20052"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20803"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20698"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405349"
},
{
"db": "VULMON",
"id": "CVE-2022-20796"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010228"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2060"
},
{
"db": "NVD",
"id": "CVE-2022-20796"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-405349"
},
{
"db": "VULMON",
"id": "CVE-2022-20796"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010228"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2060"
},
{
"db": "NVD",
"id": "CVE-2022-20796"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-405349"
},
{
"date": "2022-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20796"
},
{
"date": "2023-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010228"
},
{
"date": "2022-05-18T16:36:26",
"db": "PACKETSTORM",
"id": "167211"
},
{
"date": "2022-05-17T17:12:26",
"db": "PACKETSTORM",
"id": "167199"
},
{
"date": "2023-10-02T15:09:41",
"db": "PACKETSTORM",
"id": "174873"
},
{
"date": "2022-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2060"
},
{
"date": "2022-05-04T17:15:08.797000",
"db": "NVD",
"id": "CVE-2022-20796"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-405349"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20796"
},
{
"date": "2023-08-14T01:51:00",
"db": "JVNDB",
"id": "JVNDB-2022-010228"
},
{
"date": "2023-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2060"
},
{
"date": "2024-11-21T06:43:34.413000",
"db": "NVD",
"id": "CVE-2022-20796"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2060"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Clam\u00a0AntiVirus\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010228"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2060"
}
],
"trust": 0.6
}
}
var-201401-0088
Vulnerability from variot
Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions. libsrtp is prone to a buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. RTP is used for Voice over IP (VoIP) and audio and video streaming. SRTP adds privacy and authentication. There are buffer overflow vulnerabilities in the 'crypto_policy_set_from_profile_for_rtp' and 'srtp_protect' functions in the srtp.c file of the libsrtp library in srtp 1.4.5 and earlier versions.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2139 http://advisories.mageia.org/MGASA-2014-0465.html
Updated Packages:
Mandriva Business Server 1/X86_64: e0447c9fa33ab8edce9657a5dce43fc7 mbs1/x86_64/srtp-1.4.4-3.1.mbs1.x86_64.rpm 745fcb1bd29913e979132a27511dd807 mbs1/SRPMS/srtp-1.4.4-3.1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-2840-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 10, 2014 http://www.debian.org/security/faq
Package : srtp Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2013-2139 Debian Bug : 711163
Fernando Russ from Groundworks Technologies reported a buffer overflow flaw in srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), in how the crypto_policy_set_from_profile_for_rtp() function applies cryptographic profiles to an srtp_policy.
For the oldstable distribution (squeeze), this problem has been fixed in version 1.4.4~dfsg-6+deb6u1.
For the stable distribution (wheezy), this problem has been fixed in version 1.4.4+20100615~dfsg-2+deb7u1.
For the testing distribution (jessie), this problem has been fixed in version 1.4.5~20130609~dfsg-1.
For the unstable distribution (sid), this problem has been fixed in version 1.4.5~20130609~dfsg-1.
We recommend that you upgrade your srtp packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: libsrtp security and bug fix update Advisory ID: RHSA-2020:3873-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3873 Issue date: 2020-09-29 CVE Names: CVE-2013-2139 CVE-2015-6360 ==================================================================== 1. Summary:
An update for libsrtp is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The libsrtp package provides an implementation of the Secure Real-time Transport Protocol (SRTP), the Universal Security Transform (UST), and a supporting cryptographic kernel.
Security Fix(es):
-
libsrtp: improper handling of CSRC count and extension header length in RTP header (CVE-2015-6360)
-
libsrtp: buffer overflow in application of crypto profiles (CVE-2013-2139)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
970697 - CVE-2013-2139 libsrtp: buffer overflow in application of crypto profiles 1301202 - libsrtp global-buffer-overflow 1323702 - CVE-2015-6360 libsrtp: improper handling of CSRC count and extension header length in RTP header 1323705 - CVE-2015-6360 libsrtp: improper handling of CSRC count and extension header length in RTP header [rhel-7]
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: libsrtp-1.4.4-11.20101004cvs.el7.src.rpm
x86_64: libsrtp-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: libsrtp-1.4.4-11.20101004cvs.el7.src.rpm
x86_64: libsrtp-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: libsrtp-1.4.4-11.20101004cvs.el7.src.rpm
ppc64: libsrtp-1.4.4-11.20101004cvs.el7.ppc.rpm libsrtp-1.4.4-11.20101004cvs.el7.ppc64.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc64.rpm
ppc64le: libsrtp-1.4.4-11.20101004cvs.el7.ppc64le.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc64le.rpm
s390x: libsrtp-1.4.4-11.20101004cvs.el7.s390.rpm libsrtp-1.4.4-11.20101004cvs.el7.s390x.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.s390.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.s390x.rpm
x86_64: libsrtp-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc64.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.ppc.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.ppc64.rpm
ppc64le: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc64le.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.ppc64le.rpm
s390x: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.s390.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.s390x.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.s390.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.s390x.rpm
x86_64: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: libsrtp-1.4.4-11.20101004cvs.el7.src.rpm
x86_64: libsrtp-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2013-2139 https://access.redhat.com/security/cve/CVE-2015-6360 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX3OeoNzjgjWX9erEAQiDzQ/+IXUAdmMRlgeg/t8Z+ApQ4ur4BxO/WRBl 5Nd8anDnQzl3uduHgXz7AcsbON2M/jWq5xUfgdydHT8fEQ7g814QbTeNMsbEQ1zS Cuv1XztiGKy5fY5my3P80+kM+tL5uFfZ22oJqpSfS7sqGFzWEl1j+TldgURSva1G XbNudX77Gp975wMDVPJlA9S9Puf59Cz6DQaoYu5Fqzwka8z1RWOdR1IfFlAcBGrO NODvSxOZB+FDzvwikgoVTNay+e7ct+Yb1Ygg1nsGjyexinkchiuKDX2Mnv1Sc/JP vaHARZmpN6llZ8Vo++hd8WGFhsIzocqF0dposlj/PmtuoFydu7x5zpluEFc2mVaM pNCwzggc8BforUdoo6z27qqpiU0o/eTmVR97Jtbzm5BTs+28IGwg6iz374VdoAeP wy1XTj2WBw0ys+0UVkAxwiSWit6RuPRhRf85B7IPsW1BwkvPm4nAi45+50cTUQ5S PldnrWd9VILcfmj1ThdevaiFjkHrAZE4HFRxd1V3uIdIwZyvtP7w4wrt8ma51CyZ isP53JER/PhJY4du3deCo4qqca5SyecLTj/gbqXoPQFn6ppUbNacWPwadjDRA5Nu qPQVoSW8Z+L91vtqM+SGapuxNN0OuqiPFcWOlMyrM8R8MqKIhTQaTLQZE1vCJx5e AhxrRaOeyWw=X+yJ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201405-02
http://security.gentoo.org/
Severity: Normal Title: libSRTP: Denial of Service Date: May 03, 2014 Bugs: #472302 ID: 201405-02
Synopsis
A vulnerability in libSRTP can result in a Denial of Service condition.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/libsrtp < 1.4.4_p20121108-r1>= 1.4.4_p20121108-r1
Description
A flaw was found in how the crypto_policy_set_from_profile_for_rtp() function applies cryptographic profiles to an srtp_policy in libSRTP.
Workaround
There is no known workaround at this time.
Resolution
All libSRTP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=net-libs/libsrtp-1.4.4_p20121108-r1"
References
[ 1 ] CVE-2013-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2139
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201405-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0088",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "libsrtp",
"scope": "lte",
"trust": 1.8,
"vendor": "cisco",
"version": "1.4.5"
},
{
"model": "libsrtp",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.4.0"
},
{
"model": "libsrtp",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.0.2"
},
{
"model": "libsrtp",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.4.1"
},
{
"model": "libsrtp",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.0.5"
},
{
"model": "libsrtp",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.0.4"
},
{
"model": "libsrtp",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.4.2"
},
{
"model": "libsrtp",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.3.20"
},
{
"model": "libsrtp",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.0.6"
},
{
"model": "libsrtp",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.0.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "20"
},
{
"model": "libsrtp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.4"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "19"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "18"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "12.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 0.8,
"vendor": "fedora",
"version": "18"
},
{
"model": "fedora",
"scope": "eq",
"trust": 0.8,
"vendor": "fedora",
"version": "19"
},
{
"model": "fedora",
"scope": "eq",
"trust": 0.8,
"vendor": "fedora",
"version": "20"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.8,
"vendor": "novell",
"version": "12.3"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "libsrtp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "60323"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005852"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-056"
},
{
"db": "NVD",
"id": "CVE-2013-2139"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:novell:opensuse",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:libsrtp",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005852"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "159345"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-056"
}
],
"trust": 0.7
},
"cve": "CVE-2013-2139",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CVE-2013-2139",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "VHN-62141",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-2139",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2013-2139",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201306-056",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-62141",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62141"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005852"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-056"
},
{
"db": "NVD",
"id": "CVE-2013-2139"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions. libsrtp is prone to a buffer-overflow vulnerability. \nAttackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. RTP is used for Voice over IP (VoIP) and audio and video streaming. SRTP adds privacy and authentication. There are buffer overflow vulnerabilities in the \u0027crypto_policy_set_from_profile_for_rtp\u0027 and \u0027srtp_protect\u0027 functions in the srtp.c file of the libsrtp library in srtp 1.4.5 and earlier versions. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2139\n http://advisories.mageia.org/MGASA-2014-0465.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n e0447c9fa33ab8edce9657a5dce43fc7 mbs1/x86_64/srtp-1.4.4-3.1.mbs1.x86_64.rpm \n 745fcb1bd29913e979132a27511dd807 mbs1/SRPMS/srtp-1.4.4-3.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2840-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 10, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : srtp\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-2139\nDebian Bug : 711163\n\n Fernando Russ from Groundworks Technologies reported a buffer overflow\n flaw in srtp, Cisco\u0027s reference implementation of the Secure Real-time\n Transport Protocol (SRTP), in how the\n crypto_policy_set_from_profile_for_rtp() function applies\n cryptographic profiles to an srtp_policy. \n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.4.4~dfsg-6+deb6u1. \n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.4.4+20100615~dfsg-2+deb7u1. \n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1.4.5~20130609~dfsg-1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.5~20130609~dfsg-1. \n\nWe recommend that you upgrade your srtp packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: libsrtp security and bug fix update\nAdvisory ID: RHSA-2020:3873-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3873\nIssue date: 2020-09-29\nCVE Names: CVE-2013-2139 CVE-2015-6360\n====================================================================\n1. Summary:\n\nAn update for libsrtp is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe libsrtp package provides an implementation of the Secure Real-time\nTransport Protocol (SRTP), the Universal Security Transform (UST), and a\nsupporting cryptographic kernel. \n\nSecurity Fix(es):\n\n* libsrtp: improper handling of CSRC count and extension header length in\nRTP header (CVE-2015-6360)\n\n* libsrtp: buffer overflow in application of crypto profiles\n(CVE-2013-2139)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.9 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n970697 - CVE-2013-2139 libsrtp: buffer overflow in application of crypto profiles\n1301202 - libsrtp global-buffer-overflow\n1323702 - CVE-2015-6360 libsrtp: improper handling of CSRC count and extension header length in RTP header\n1323705 - CVE-2015-6360 libsrtp: improper handling of CSRC count and extension header length in RTP header [rhel-7]\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nlibsrtp-1.4.4-11.20101004cvs.el7.src.rpm\n\nx86_64:\nlibsrtp-1.4.4-11.20101004cvs.el7.i686.rpm\nlibsrtp-1.4.4-11.20101004cvs.el7.x86_64.rpm\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm\nlibsrtp-devel-1.4.4-11.20101004cvs.el7.i686.rpm\nlibsrtp-devel-1.4.4-11.20101004cvs.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nlibsrtp-1.4.4-11.20101004cvs.el7.src.rpm\n\nx86_64:\nlibsrtp-1.4.4-11.20101004cvs.el7.i686.rpm\nlibsrtp-1.4.4-11.20101004cvs.el7.x86_64.rpm\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm\nlibsrtp-devel-1.4.4-11.20101004cvs.el7.i686.rpm\nlibsrtp-devel-1.4.4-11.20101004cvs.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nlibsrtp-1.4.4-11.20101004cvs.el7.src.rpm\n\nppc64:\nlibsrtp-1.4.4-11.20101004cvs.el7.ppc.rpm\nlibsrtp-1.4.4-11.20101004cvs.el7.ppc64.rpm\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc.rpm\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc64.rpm\n\nppc64le:\nlibsrtp-1.4.4-11.20101004cvs.el7.ppc64le.rpm\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc64le.rpm\n\ns390x:\nlibsrtp-1.4.4-11.20101004cvs.el7.s390.rpm\nlibsrtp-1.4.4-11.20101004cvs.el7.s390x.rpm\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.s390.rpm\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.s390x.rpm\n\nx86_64:\nlibsrtp-1.4.4-11.20101004cvs.el7.i686.rpm\nlibsrtp-1.4.4-11.20101004cvs.el7.x86_64.rpm\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc.rpm\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc64.rpm\nlibsrtp-devel-1.4.4-11.20101004cvs.el7.ppc.rpm\nlibsrtp-devel-1.4.4-11.20101004cvs.el7.ppc64.rpm\n\nppc64le:\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc64le.rpm\nlibsrtp-devel-1.4.4-11.20101004cvs.el7.ppc64le.rpm\n\ns390x:\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.s390.rpm\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.s390x.rpm\nlibsrtp-devel-1.4.4-11.20101004cvs.el7.s390.rpm\nlibsrtp-devel-1.4.4-11.20101004cvs.el7.s390x.rpm\n\nx86_64:\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm\nlibsrtp-devel-1.4.4-11.20101004cvs.el7.i686.rpm\nlibsrtp-devel-1.4.4-11.20101004cvs.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nlibsrtp-1.4.4-11.20101004cvs.el7.src.rpm\n\nx86_64:\nlibsrtp-1.4.4-11.20101004cvs.el7.i686.rpm\nlibsrtp-1.4.4-11.20101004cvs.el7.x86_64.rpm\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm\nlibsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm\nlibsrtp-devel-1.4.4-11.20101004cvs.el7.i686.rpm\nlibsrtp-devel-1.4.4-11.20101004cvs.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2013-2139\nhttps://access.redhat.com/security/cve/CVE-2015-6360\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX3OeoNzjgjWX9erEAQiDzQ/+IXUAdmMRlgeg/t8Z+ApQ4ur4BxO/WRBl\n5Nd8anDnQzl3uduHgXz7AcsbON2M/jWq5xUfgdydHT8fEQ7g814QbTeNMsbEQ1zS\nCuv1XztiGKy5fY5my3P80+kM+tL5uFfZ22oJqpSfS7sqGFzWEl1j+TldgURSva1G\nXbNudX77Gp975wMDVPJlA9S9Puf59Cz6DQaoYu5Fqzwka8z1RWOdR1IfFlAcBGrO\nNODvSxOZB+FDzvwikgoVTNay+e7ct+Yb1Ygg1nsGjyexinkchiuKDX2Mnv1Sc/JP\nvaHARZmpN6llZ8Vo++hd8WGFhsIzocqF0dposlj/PmtuoFydu7x5zpluEFc2mVaM\npNCwzggc8BforUdoo6z27qqpiU0o/eTmVR97Jtbzm5BTs+28IGwg6iz374VdoAeP\nwy1XTj2WBw0ys+0UVkAxwiSWit6RuPRhRf85B7IPsW1BwkvPm4nAi45+50cTUQ5S\nPldnrWd9VILcfmj1ThdevaiFjkHrAZE4HFRxd1V3uIdIwZyvtP7w4wrt8ma51CyZ\nisP53JER/PhJY4du3deCo4qqca5SyecLTj/gbqXoPQFn6ppUbNacWPwadjDRA5Nu\nqPQVoSW8Z+L91vtqM+SGapuxNN0OuqiPFcWOlMyrM8R8MqKIhTQaTLQZE1vCJx5e\nAhxrRaOeyWw=X+yJ\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201405-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: libSRTP: Denial of Service\n Date: May 03, 2014\n Bugs: #472302\n ID: 201405-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability in libSRTP can result in a Denial of Service condition. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/libsrtp \u003c 1.4.4_p20121108-r1\u003e= 1.4.4_p20121108-r1\n\nDescription\n===========\n\nA flaw was found in how the crypto_policy_set_from_profile_for_rtp()\nfunction applies cryptographic profiles to an srtp_policy in libSRTP. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll libSRTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=net-libs/libsrtp-1.4.4_p20121108-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-2139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2139\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201405-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2139"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005852"
},
{
"db": "BID",
"id": "60323"
},
{
"db": "VULHUB",
"id": "VHN-62141"
},
{
"db": "PACKETSTORM",
"id": "129219"
},
{
"db": "PACKETSTORM",
"id": "124742"
},
{
"db": "PACKETSTORM",
"id": "159345"
},
{
"db": "PACKETSTORM",
"id": "126477"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-62141",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62141"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2139",
"trust": 3.2
},
{
"db": "OSVDB",
"id": "93852",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "159345",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005852",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201306-056",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3354",
"trust": 0.6
},
{
"db": "BID",
"id": "60323",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "124742",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "129219",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "126477",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-62141",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62141"
},
{
"db": "BID",
"id": "60323"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005852"
},
{
"db": "PACKETSTORM",
"id": "129219"
},
{
"db": "PACKETSTORM",
"id": "124742"
},
{
"db": "PACKETSTORM",
"id": "159345"
},
{
"db": "PACKETSTORM",
"id": "126477"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-056"
},
{
"db": "NVD",
"id": "CVE-2013-2139"
}
]
},
"id": "VAR-201401-0088",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-62141"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:46:50.050000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2840",
"trust": 0.8,
"url": "http://www.debian.org/security/2014/dsa-2840"
},
{
"title": "FEDORA-2013-24153",
"trust": 0.8,
"url": "http://lwn.net/Articles/579633/"
},
{
"title": "Docupdate",
"trust": 0.8,
"url": "https://github.com/cisco/libsrtp/pull/27"
},
{
"title": "openSUSE-SU-2013:1258",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00083.html"
},
{
"title": "Bug 970697",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=970697"
},
{
"title": "srtp",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47629"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005852"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-056"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62141"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005852"
},
{
"db": "NVD",
"id": "CVE-2013-2139"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://advisories.mageia.org/mgasa-2014-0465.html"
},
{
"trust": 1.4,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=970697"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2013/jun/10"
},
{
"trust": 1.1,
"url": "http://www.osvdb.org/93852"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2014/dsa-2840"
},
{
"trust": 1.1,
"url": "http://lwn.net/articles/579633/"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:219"
},
{
"trust": 1.1,
"url": "https://github.com/cisco/libsrtp/pull/27"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00083.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00059.html"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2139"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2139"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159345/red-hat-security-advisory-2020-3873-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3354/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/libsrtp-buffer-overflow-via-crypto-policy-set-from-profile-for-rtp-33458"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2139"
},
{
"trust": 0.3,
"url": "https://github.com/cisco/libsrtp#readme"
},
{
"trust": 0.3,
"url": "https://github.com/cisco/libsrtp/issues/24"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-6360"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-2139"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6360"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3873"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201405-02.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2139"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62141"
},
{
"db": "BID",
"id": "60323"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005852"
},
{
"db": "PACKETSTORM",
"id": "129219"
},
{
"db": "PACKETSTORM",
"id": "124742"
},
{
"db": "PACKETSTORM",
"id": "159345"
},
{
"db": "PACKETSTORM",
"id": "126477"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-056"
},
{
"db": "NVD",
"id": "CVE-2013-2139"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-62141"
},
{
"db": "BID",
"id": "60323"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005852"
},
{
"db": "PACKETSTORM",
"id": "129219"
},
{
"db": "PACKETSTORM",
"id": "124742"
},
{
"db": "PACKETSTORM",
"id": "159345"
},
{
"db": "PACKETSTORM",
"id": "126477"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-056"
},
{
"db": "NVD",
"id": "CVE-2013-2139"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-16T00:00:00",
"db": "VULHUB",
"id": "VHN-62141"
},
{
"date": "2013-06-04T00:00:00",
"db": "BID",
"id": "60323"
},
{
"date": "2014-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005852"
},
{
"date": "2014-11-21T18:56:48",
"db": "PACKETSTORM",
"id": "129219"
},
{
"date": "2014-01-10T22:09:45",
"db": "PACKETSTORM",
"id": "124742"
},
{
"date": "2020-09-30T15:42:49",
"db": "PACKETSTORM",
"id": "159345"
},
{
"date": "2014-05-05T17:14:00",
"db": "PACKETSTORM",
"id": "126477"
},
{
"date": "2013-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-056"
},
{
"date": "2014-01-16T05:05:23.947000",
"db": "NVD",
"id": "CVE-2013-2139"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-62141"
},
{
"date": "2015-04-13T22:20:00",
"db": "BID",
"id": "60323"
},
{
"date": "2015-08-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005852"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-056"
},
{
"date": "2018-10-30T16:27:34.687000",
"db": "NVD",
"id": "CVE-2013-2139"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "129219"
},
{
"db": "PACKETSTORM",
"id": "124742"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-056"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SRTP of Libsrtp of srtp.c Vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005852"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-056"
}
],
"trust": 0.6
}
}
var-202101-0565
Vulnerability from variot
There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. binutils There is a vulnerability in the use of uninitialized resources.Information is obtained and denial of service (DoS) It may be put into a state. GNU Binutils (GNU Binary Utilities or binutils) is a set of programming language tool programs developed by the GNU community. The program is primarily designed to handle object files in various formats and provides linkers, assemblers, and other tools for object files and archives. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-24
https://security.gentoo.org/
Severity: Normal Title: Binutils: Multiple vulnerabilities Date: July 10, 2021 Bugs: #678806, #761957, #764170 ID: 202107-24
Synopsis
Multiple vulnerabilities have been found in Binutils, the worst of which could result in a Denial of Service condition.
Background
The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 sys-devel/binutils < 2.35.2 >= 2.35.2
Description
Multiple vulnerabilities have been discovered in Binutils. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Binutils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.35.2"
References
[ 1 ] CVE-2019-9070 https://nvd.nist.gov/vuln/detail/CVE-2019-9070 [ 2 ] CVE-2019-9071 https://nvd.nist.gov/vuln/detail/CVE-2019-9071 [ 3 ] CVE-2019-9072 https://nvd.nist.gov/vuln/detail/CVE-2019-9072 [ 4 ] CVE-2019-9073 https://nvd.nist.gov/vuln/detail/CVE-2019-9073 [ 5 ] CVE-2019-9074 https://nvd.nist.gov/vuln/detail/CVE-2019-9074 [ 6 ] CVE-2019-9075 https://nvd.nist.gov/vuln/detail/CVE-2019-9075 [ 7 ] CVE-2019-9076 https://nvd.nist.gov/vuln/detail/CVE-2019-9076 [ 8 ] CVE-2019-9077 https://nvd.nist.gov/vuln/detail/CVE-2019-9077 [ 9 ] CVE-2020-19599 https://nvd.nist.gov/vuln/detail/CVE-2020-19599 [ 10 ] CVE-2020-35448 https://nvd.nist.gov/vuln/detail/CVE-2020-35448 [ 11 ] CVE-2020-35493 https://nvd.nist.gov/vuln/detail/CVE-2020-35493 [ 12 ] CVE-2020-35494 https://nvd.nist.gov/vuln/detail/CVE-2020-35494 [ 13 ] CVE-2020-35495 https://nvd.nist.gov/vuln/detail/CVE-2020-35495 [ 14 ] CVE-2020-35496 https://nvd.nist.gov/vuln/detail/CVE-2020-35496 [ 15 ] CVE-2020-35507 https://nvd.nist.gov/vuln/detail/CVE-2020-35507
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202107-24
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0565",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "binutils",
"scope": "lt",
"trust": 1.0,
"vendor": "gnu",
"version": "2.34"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "hci compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire \\\u0026 hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "brocade fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "solidfire\\, enterprise sds \\\u0026 hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ontap select deploy utility",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "hci management node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "binutils",
"scope": null,
"trust": 0.8,
"vendor": "gnu",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "hci compute node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015128"
},
{
"db": "NVD",
"id": "CVE-2020-35494"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "163455"
}
],
"trust": 0.1
},
"cve": "CVE-2020-35494",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-35494",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-377690",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2020-35494",
"impactScore": 4.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-35494",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-35494",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-35494",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-080",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-377690",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-35494",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377690"
},
{
"db": "VULMON",
"id": "CVE-2020-35494"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015128"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-080"
},
{
"db": "NVD",
"id": "CVE-2020-35494"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There\u0027s a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. binutils There is a vulnerability in the use of uninitialized resources.Information is obtained and denial of service (DoS) It may be put into a state. GNU Binutils (GNU Binary Utilities or binutils) is a set of programming language tool programs developed by the GNU community. The program is primarily designed to handle object files in various formats and provides linkers, assemblers, and other tools for object files and archives. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202107-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Binutils: Multiple vulnerabilities\n Date: July 10, 2021\n Bugs: #678806, #761957, #764170\n ID: 202107-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Binutils, the worst of\nwhich could result in a Denial of Service condition. \n\nBackground\n==========\n\nThe GNU Binutils are a collection of tools to create, modify and\nanalyse binary files. Many of the files use BFD, the Binary File\nDescriptor library, to do low-level manipulation. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 sys-devel/binutils \u003c 2.35.2 \u003e= 2.35.2 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Binutils. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Binutils users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=sys-devel/binutils-2.35.2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-9070\n https://nvd.nist.gov/vuln/detail/CVE-2019-9070\n[ 2 ] CVE-2019-9071\n https://nvd.nist.gov/vuln/detail/CVE-2019-9071\n[ 3 ] CVE-2019-9072\n https://nvd.nist.gov/vuln/detail/CVE-2019-9072\n[ 4 ] CVE-2019-9073\n https://nvd.nist.gov/vuln/detail/CVE-2019-9073\n[ 5 ] CVE-2019-9074\n https://nvd.nist.gov/vuln/detail/CVE-2019-9074\n[ 6 ] CVE-2019-9075\n https://nvd.nist.gov/vuln/detail/CVE-2019-9075\n[ 7 ] CVE-2019-9076\n https://nvd.nist.gov/vuln/detail/CVE-2019-9076\n[ 8 ] CVE-2019-9077\n https://nvd.nist.gov/vuln/detail/CVE-2019-9077\n[ 9 ] CVE-2020-19599\n https://nvd.nist.gov/vuln/detail/CVE-2020-19599\n[ 10 ] CVE-2020-35448\n https://nvd.nist.gov/vuln/detail/CVE-2020-35448\n[ 11 ] CVE-2020-35493\n https://nvd.nist.gov/vuln/detail/CVE-2020-35493\n[ 12 ] CVE-2020-35494\n https://nvd.nist.gov/vuln/detail/CVE-2020-35494\n[ 13 ] CVE-2020-35495\n https://nvd.nist.gov/vuln/detail/CVE-2020-35495\n[ 14 ] CVE-2020-35496\n https://nvd.nist.gov/vuln/detail/CVE-2020-35496\n[ 15 ] CVE-2020-35507\n https://nvd.nist.gov/vuln/detail/CVE-2020-35507\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202107-24\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35494"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015128"
},
{
"db": "VULHUB",
"id": "VHN-377690"
},
{
"db": "VULMON",
"id": "CVE-2020-35494"
},
{
"db": "PACKETSTORM",
"id": "163455"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35494",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "163455",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015128",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202101-080",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-377690",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-35494",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377690"
},
{
"db": "VULMON",
"id": "CVE-2020-35494"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015128"
},
{
"db": "PACKETSTORM",
"id": "163455"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-080"
},
{
"db": "NVD",
"id": "CVE-2020-35494"
}
]
},
"id": "VAR-202101-0565",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-377690"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:32:43.108000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NTAP-20210212-0007",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"title": "GNU Binutils Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138341"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-35494"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015128"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-080"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-908",
"trust": 1.1
},
{
"problemtype": "Use of uninitialized resources (CWE-908) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377690"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015128"
},
{
"db": "NVD",
"id": "CVE-2020-35494"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911439"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202107-24"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35494"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4kok3qwsvoujwj54hvgifwnlwq5zy4s6/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4kok3qwsvoujwj54hvgifwnlwq5zy4s6/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnu-binutils-affect-ibm-netezza-analytics/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnu-binutils-affect-ibm-netezza-analytics-for-nps/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163455/gentoo-linux-security-advisory-202107-24.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/binutils-information-disclosure-via-tic4x-print-cond-34253"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnu-binutils-affect-ibm-netezza-performance-server/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/908.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2020-35494"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35495"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-19599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9071"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9077"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35493"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9073"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9072"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35448"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35507"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35496"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9076"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9075"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377690"
},
{
"db": "VULMON",
"id": "CVE-2020-35494"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015128"
},
{
"db": "PACKETSTORM",
"id": "163455"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-080"
},
{
"db": "NVD",
"id": "CVE-2020-35494"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-377690"
},
{
"db": "VULMON",
"id": "CVE-2020-35494"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015128"
},
{
"db": "PACKETSTORM",
"id": "163455"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-080"
},
{
"db": "NVD",
"id": "CVE-2020-35494"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-04T00:00:00",
"db": "VULHUB",
"id": "VHN-377690"
},
{
"date": "2021-01-04T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35494"
},
{
"date": "2021-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015128"
},
{
"date": "2021-07-11T12:01:11",
"db": "PACKETSTORM",
"id": "163455"
},
{
"date": "2021-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-080"
},
{
"date": "2021-01-04T15:15:13.200000",
"db": "NVD",
"id": "CVE-2020-35494"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-377690"
},
{
"date": "2022-09-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35494"
},
{
"date": "2021-09-10T07:59:00",
"db": "JVNDB",
"id": "JVNDB-2020-015128"
},
{
"date": "2022-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-080"
},
{
"date": "2024-11-21T05:27:25.210000",
"db": "NVD",
"id": "CVE-2020-35494"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-080"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "binutils\u00a0 Vulnerability in using uninitialized resources in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015128"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-080"
}
],
"trust": 0.6
}
}
var-202206-1426
Vulnerability from variot
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7
macOS Big Sur 11.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213443.
AppleMobileFileIntegrity Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. Entry added October 27, 2022
ATS Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t) Entry added October 27, 2022
ATS Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
Calendar Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher Entry added October 27, 2022
Contacts Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved checks. CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security
GarageBand Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: A configuration issue was addressed with additional restrictions. CVE-2022-32877: Wojciech Reguła (@_r3ggi) of SecuRing Entry added October 27, 2022
ImageIO Available for: macOS Big Sur Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622 Entry added October 27, 2022
Image Processing Available for: macOS Big Sur Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added October 27, 2022
iMovie Available for: macOS Big Sur Impact: A user may be able to view sensitive user information Description: This issue was addressed by enabling hardened runtime. CVE-2022-32896: Wojciech Reguła (@_r3ggi)
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab Entry added October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero Entry updated October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32894: an anonymous researcher
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: The issue was addressed with improved bounds checks. CVE-2022-32917: an anonymous researcher
Maps Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com Entry updated October 27, 2022
MediaLibrary Available for: macOS Big Sur Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
ncurses Available for: macOS Big Sur Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537 Entry added October 27, 2022
PackageKit Available for: macOS Big Sur Impact: An app may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-32900: Mickey Jin (@patch1t)
Sandbox Available for: macOS Big Sur Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022
Security Available for: macOS Big Sur Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de) Entry added October 27, 2022
Sidecar Available for: macOS Big Sur Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital Entry added October 27, 2022
SMB Available for: macOS Big Sur Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger Entry added October 27, 2022
Vim Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 Entry added October 27, 2022
Weather Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher Entry added October 27, 2022
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer) Entry added October 27, 2022
Additional recognition
Identity Services We would like to acknowledge Joshua Jones for their assistance.
macOS Big Sur 11.7 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpYACgkQ4RjMIDke NxnDzw/7BbMWXxZ6uPMWb3LMFZlymEZMCtL5S27GA8HXiz7SU6c2wPrF1ofp8Bbz pYGy4OrK17rAb/qHIig03TVE6EJl4ScZHv7STn1gQ5ciKqud6jL16mm2BjRCm2T4 ZQtTzrQrSRHJbBSUSsnZxi5Wp9wjIA6w8JVvMqdBrnpu3yWt8Jo0tW0d/nO1EK3I QlfDgOaiZrdHN2m/Y+kjWOhRqDLe2QWObQh95Gyybi3++ctTr58PBLBYLhWgLMoV AMj69PLudFI8cEeqhDlfVK7ept2O+WLkYeI/Px5nG7YHhndr9fiR55Rz5m2Hl44k rnxDKs9hVQLwSHAo9uJ1DBUteEzgdUJWiwGxP4InnCmhlXpJl7AkVsr7bq5iaDcT o32wNfv1BEzBBvINNfw1PZ+JwNmEwugSj1UX54GFOj3B9WjGguIi0dMqOc0j6GKm xnIwzPIlHhHb/1D17kl/kTQH602w/Mf5OIlSfL/mk0CKjwR+0QvQF5HXhULJHbqJ Kpx8C1JfhnyWqBoCuh+URCKlZJ4T3P6IUgoRzuX4Jk3TDABCP5jgEZOzj76JPE1y IVt8ULLARjjUdEOzC8dZkaeGUOAerzfxIU8QJwmrnHQI3vQX7JR9MbK1S+PRJsGy 1h69HcdL2HGpjPyDf9uI2nMOntOUrTz/PqjQUzmfllq3B42RPZs= =euaC -----END PGP SIGNATURE-----
. ========================================================================== Ubuntu Security Notice USN-5723-1 November 14, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim could be made to crash when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-1674)
It was discovered that there existed a NULL pointer dereference in Vim. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-1725)
It was discovered that there existed a buffer over-read in Vim when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2124)
It was discovered that there existed a heap buffer overflow in Vim when auto-indenting lisp. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2125)
It was discovered that there existed an out of bounds read in Vim when performing spelling suggestions. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2126)
It was discovered that Vim accessed invalid memory when executing specially crafted command line expressions. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2175)
It was discovered that there existed an out-of-bounds read in Vim when auto-indenting lisp. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2183)
It was discovered that Vim accessed invalid memory when terminal size changed. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2206)
It was discovered that there existed a stack buffer overflow in Vim's spelldump. An attacker could possibly use this to crash Vim and cause denial of service. (CVE-2022-2304)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm13 vim-athena 2:7.4.1689-3ubuntu1.5+esm13 vim-athena-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gnome 2:7.4.1689-3ubuntu1.5+esm13 vim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk3 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-nox 2:7.4.1689-3ubuntu1.5+esm13 vim-nox-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-tiny 2:7.4.1689-3ubuntu1.5+esm13
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5723-1 CVE-2022-1674, CVE-2022-1725, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1426",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.5123"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011657"
},
{
"db": "NVD",
"id": "CVE-2022-2126"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-2126",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-2126",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-426195",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-2126",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-2126",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2126",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-2126",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2126",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-1994",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-426195",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-2126",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426195"
},
{
"db": "VULMON",
"id": "CVE-2022-2126"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011657"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1994"
},
{
"db": "NVD",
"id": "CVE-2022-2126"
},
{
"db": "NVD",
"id": "CVE-2022-2126"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. This\nissue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,\nand Ubuntu 22.04 LTS. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04\nLTS. This\nissue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,\nand Ubuntu 22.10. This\nissue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7\n\nmacOS Big Sur 11.7 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213443. \n\nAppleMobileFileIntegrity\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \nEntry added October 27, 2022\n\nATS\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\nEntry added October 27, 2022\n\nATS\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nCalendar\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\nEntry added October 27, 2022\n\nContacts\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved checks. \nCVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security\n\nGarageBand\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: A configuration issue was addressed with additional\nrestrictions. \nCVE-2022-32877: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nEntry added October 27, 2022\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\nEntry added October 27, 2022\n\nImage Processing\nAvailable for: macOS Big Sur\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\nEntry added October 27, 2022\n\niMovie\nAvailable for: macOS Big Sur\nImpact: A user may be able to view sensitive user information\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2022-32896: Wojciech Regu\u0142a (@_r3ggi)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\nEntry added October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\nEntry updated October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32894: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32917: an anonymous researcher\n\nMaps\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\nEntry updated October 27, 2022\n\nMediaLibrary\nAvailable for: macOS Big Sur\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nncurses\nAvailable for: macOS Big Sur\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\nEntry added October 27, 2022\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: An app may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32900: Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nSecurity\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\nEntry added October 27, 2022\n\nSidecar\nAvailable for: macOS Big Sur\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\nEntry added October 27, 2022\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\nEntry added October 27, 2022\n\nVim\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: This issue was addressed with improved checks. \nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\nEntry added October 27, 2022\n\nWeather\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\nEntry added October 27, 2022\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\nEntry added October 27, 2022\n\nAdditional recognition\n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nmacOS Big Sur 11.7 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpYACgkQ4RjMIDke\nNxnDzw/7BbMWXxZ6uPMWb3LMFZlymEZMCtL5S27GA8HXiz7SU6c2wPrF1ofp8Bbz\npYGy4OrK17rAb/qHIig03TVE6EJl4ScZHv7STn1gQ5ciKqud6jL16mm2BjRCm2T4\nZQtTzrQrSRHJbBSUSsnZxi5Wp9wjIA6w8JVvMqdBrnpu3yWt8Jo0tW0d/nO1EK3I\nQlfDgOaiZrdHN2m/Y+kjWOhRqDLe2QWObQh95Gyybi3++ctTr58PBLBYLhWgLMoV\nAMj69PLudFI8cEeqhDlfVK7ept2O+WLkYeI/Px5nG7YHhndr9fiR55Rz5m2Hl44k\nrnxDKs9hVQLwSHAo9uJ1DBUteEzgdUJWiwGxP4InnCmhlXpJl7AkVsr7bq5iaDcT\no32wNfv1BEzBBvINNfw1PZ+JwNmEwugSj1UX54GFOj3B9WjGguIi0dMqOc0j6GKm\nxnIwzPIlHhHb/1D17kl/kTQH602w/Mf5OIlSfL/mk0CKjwR+0QvQF5HXhULJHbqJ\nKpx8C1JfhnyWqBoCuh+URCKlZJ4T3P6IUgoRzuX4Jk3TDABCP5jgEZOzj76JPE1y\nIVt8ULLARjjUdEOzC8dZkaeGUOAerzfxIU8QJwmrnHQI3vQX7JR9MbK1S+PRJsGy\n1h69HcdL2HGpjPyDf9uI2nMOntOUrTz/PqjQUzmfllq3B42RPZs=\n=euaC\n-----END PGP SIGNATURE-----\n\n\n. ==========================================================================\nUbuntu Security Notice USN-5723-1\nNovember 14, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim could be made to crash when searching specially\ncrafted patterns. An attacker could possibly use this to crash Vim and\ncause denial of service. (CVE-2022-1674)\n\nIt was discovered that there existed a NULL pointer dereference in Vim. An\nattacker could possibly use this to crash Vim and cause denial of service. \n(CVE-2022-1725)\n\nIt was discovered that there existed a buffer over-read in Vim when\nsearching specially crafted patterns. An attacker could possibly use this\nto crash Vim and cause denial of service. (CVE-2022-2124)\n\nIt was discovered that there existed a heap buffer overflow in Vim when\nauto-indenting lisp. An attacker could possibly use this to crash Vim and\ncause denial of service. (CVE-2022-2125)\n\nIt was discovered that there existed an out of bounds read in Vim when\nperforming spelling suggestions. An attacker could possibly use this to\ncrash Vim and cause denial of service. (CVE-2022-2126)\n\nIt was discovered that Vim accessed invalid memory when executing specially\ncrafted command line expressions. An attacker could possibly use this to\ncrash Vim, access or modify memory, or execute arbitrary commands. \n(CVE-2022-2175)\n\nIt was discovered that there existed an out-of-bounds read in Vim when\nauto-indenting lisp. An attacker could possibly use this to crash Vim,\naccess or modify memory, or execute arbitrary commands. (CVE-2022-2183)\n\n\nIt was discovered that Vim accessed invalid memory when terminal size\nchanged. An attacker could possibly use this to crash Vim, access or modify\nmemory, or execute arbitrary commands. (CVE-2022-2206)\n\nIt was discovered that there existed a stack buffer overflow in Vim\u0027s\nspelldump. An attacker could possibly use this to crash Vim and cause\ndenial of service. (CVE-2022-2304)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\nvim 2:7.4.1689-3ubuntu1.5+esm13\nvim-athena 2:7.4.1689-3ubuntu1.5+esm13\nvim-athena-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gnome 2:7.4.1689-3ubuntu1.5+esm13\nvim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk3 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-nox 2:7.4.1689-3ubuntu1.5+esm13\nvim-nox-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-tiny 2:7.4.1689-3ubuntu1.5+esm13\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\nhttps://ubuntu.com/security/notices/USN-5723-1\nCVE-2022-1674, CVE-2022-1725, CVE-2022-2124, CVE-2022-2125,\nCVE-2022-2126, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\nCVE-2022-2304\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2126"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011657"
},
{
"db": "VULHUB",
"id": "VHN-426195"
},
{
"db": "VULMON",
"id": "CVE-2022-2126"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169832"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-426195",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426195"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2126",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "169585",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169832",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011657",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1994",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3012",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5872",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426195",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2126",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171681",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426195"
},
{
"db": "VULMON",
"id": "CVE-2022-2126"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011657"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1994"
},
{
"db": "NVD",
"id": "CVE-2022-2126"
}
]
},
"id": "VAR-202206-1426",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426195"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:39:57.299000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=197751"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-2126"
},
{
"title": "Ubuntu Security Notice: USN-5723-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5723-1"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11dbcf77118f7ec64d0ef6c1e3c087e3"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-116",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-116"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2126"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011657"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1994"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426195"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011657"
},
{
"db": "NVD",
"id": "CVE-2022-2126"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213443"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213444"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/43"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/45"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/u743fmjgfq35gbpcq6owmvzejpdfvewm/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gfd2a4ylbr7oirhtl7ck6ynmeiq264cn/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gfd2a4ylbr7oirhtl7ck6ynmeiq264cn/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/u743fmjgfq35gbpcq6owmvzejpdfvewm/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-2126"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169585/apple-security-advisory-2022-10-27-9.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169832/ubuntu-security-notice-usn-5723-1.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2126/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5872"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3012"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-out-of-bounds-memory-reading-via-suggest-trie-walk-38629"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5723-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2581"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5995-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32864"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32854"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32881"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213443."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426195"
},
{
"db": "VULMON",
"id": "CVE-2022-2126"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011657"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1994"
},
{
"db": "NVD",
"id": "CVE-2022-2126"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426195"
},
{
"db": "VULMON",
"id": "CVE-2022-2126"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011657"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1994"
},
{
"db": "NVD",
"id": "CVE-2022-2126"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-19T00:00:00",
"db": "VULHUB",
"id": "VHN-426195"
},
{
"date": "2022-06-19T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2126"
},
{
"date": "2023-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011657"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-04-04T12:59:12",
"db": "PACKETSTORM",
"id": "171681"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-10-31T14:50:18",
"db": "PACKETSTORM",
"id": "169585"
},
{
"date": "2022-11-15T16:38:43",
"db": "PACKETSTORM",
"id": "169832"
},
{
"date": "2022-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1994"
},
{
"date": "2022-06-19T13:15:07.887000",
"db": "NVD",
"id": "CVE-2022-2126"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-426195"
},
{
"date": "2022-10-31T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2126"
},
{
"date": "2023-08-23T07:41:00",
"db": "JVNDB",
"id": "JVNDB-2022-011657"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1994"
},
{
"date": "2024-11-21T07:00:22.050000",
"db": "NVD",
"id": "CVE-2022-2126"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1994"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011657"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1994"
}
],
"trust": 0.6
}
}
var-202101-0564
Vulnerability from variot
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. binutils There are input validation vulnerabilities, heap-based buffer overflow vulnerabilities, and out-of-bounds read vulnerabilities.Service operation interruption (DoS) It may be in a state. GNU Binutils (GNU Binary Utilities or binutils) is a set of programming language tool programs developed by the GNU community. The program is primarily designed to handle object files in various formats and provides linkers, assemblers, and other tools for object files and archives. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-24
https://security.gentoo.org/
Severity: Normal Title: Binutils: Multiple vulnerabilities Date: July 10, 2021 Bugs: #678806, #761957, #764170 ID: 202107-24
Synopsis
Multiple vulnerabilities have been found in Binutils, the worst of which could result in a Denial of Service condition.
Background
The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 sys-devel/binutils < 2.35.2 >= 2.35.2
Description
Multiple vulnerabilities have been discovered in Binutils. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Binutils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.35.2"
References
[ 1 ] CVE-2019-9070 https://nvd.nist.gov/vuln/detail/CVE-2019-9070 [ 2 ] CVE-2019-9071 https://nvd.nist.gov/vuln/detail/CVE-2019-9071 [ 3 ] CVE-2019-9072 https://nvd.nist.gov/vuln/detail/CVE-2019-9072 [ 4 ] CVE-2019-9073 https://nvd.nist.gov/vuln/detail/CVE-2019-9073 [ 5 ] CVE-2019-9074 https://nvd.nist.gov/vuln/detail/CVE-2019-9074 [ 6 ] CVE-2019-9075 https://nvd.nist.gov/vuln/detail/CVE-2019-9075 [ 7 ] CVE-2019-9076 https://nvd.nist.gov/vuln/detail/CVE-2019-9076 [ 8 ] CVE-2019-9077 https://nvd.nist.gov/vuln/detail/CVE-2019-9077 [ 9 ] CVE-2020-19599 https://nvd.nist.gov/vuln/detail/CVE-2020-19599 [ 10 ] CVE-2020-35448 https://nvd.nist.gov/vuln/detail/CVE-2020-35448 [ 11 ] CVE-2020-35493 https://nvd.nist.gov/vuln/detail/CVE-2020-35493 [ 12 ] CVE-2020-35494 https://nvd.nist.gov/vuln/detail/CVE-2020-35494 [ 13 ] CVE-2020-35495 https://nvd.nist.gov/vuln/detail/CVE-2020-35495 [ 14 ] CVE-2020-35496 https://nvd.nist.gov/vuln/detail/CVE-2020-35496 [ 15 ] CVE-2020-35507 https://nvd.nist.gov/vuln/detail/CVE-2020-35507
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202107-24
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0564",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "binutils",
"scope": "lt",
"trust": 1.0,
"vendor": "gnu",
"version": "2.34"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "hci compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire \\\u0026 hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "brocade fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "solidfire\\, enterprise sds \\\u0026 hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "hci compute node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "ontap select deploy administration utility",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "hci management node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "binutils",
"scope": null,
"trust": 0.8,
"vendor": "gnu",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017191"
},
{
"db": "NVD",
"id": "CVE-2020-35493"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "163455"
}
],
"trust": 0.1
},
"cve": "CVE-2020-35493",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-35493",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-377689",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2020-35493",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-35493",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-35493",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-35493",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-099",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-377689",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-35493",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377689"
},
{
"db": "VULMON",
"id": "CVE-2020-35493"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017191"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-099"
},
{
"db": "NVD",
"id": "CVE-2020-35493"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -\u003e out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. binutils There are input validation vulnerabilities, heap-based buffer overflow vulnerabilities, and out-of-bounds read vulnerabilities.Service operation interruption (DoS) It may be in a state. GNU Binutils (GNU Binary Utilities or binutils) is a set of programming language tool programs developed by the GNU community. The program is primarily designed to handle object files in various formats and provides linkers, assemblers, and other tools for object files and archives. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202107-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Binutils: Multiple vulnerabilities\n Date: July 10, 2021\n Bugs: #678806, #761957, #764170\n ID: 202107-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Binutils, the worst of\nwhich could result in a Denial of Service condition. \n\nBackground\n==========\n\nThe GNU Binutils are a collection of tools to create, modify and\nanalyse binary files. Many of the files use BFD, the Binary File\nDescriptor library, to do low-level manipulation. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 sys-devel/binutils \u003c 2.35.2 \u003e= 2.35.2 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Binutils. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Binutils users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=sys-devel/binutils-2.35.2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-9070\n https://nvd.nist.gov/vuln/detail/CVE-2019-9070\n[ 2 ] CVE-2019-9071\n https://nvd.nist.gov/vuln/detail/CVE-2019-9071\n[ 3 ] CVE-2019-9072\n https://nvd.nist.gov/vuln/detail/CVE-2019-9072\n[ 4 ] CVE-2019-9073\n https://nvd.nist.gov/vuln/detail/CVE-2019-9073\n[ 5 ] CVE-2019-9074\n https://nvd.nist.gov/vuln/detail/CVE-2019-9074\n[ 6 ] CVE-2019-9075\n https://nvd.nist.gov/vuln/detail/CVE-2019-9075\n[ 7 ] CVE-2019-9076\n https://nvd.nist.gov/vuln/detail/CVE-2019-9076\n[ 8 ] CVE-2019-9077\n https://nvd.nist.gov/vuln/detail/CVE-2019-9077\n[ 9 ] CVE-2020-19599\n https://nvd.nist.gov/vuln/detail/CVE-2020-19599\n[ 10 ] CVE-2020-35448\n https://nvd.nist.gov/vuln/detail/CVE-2020-35448\n[ 11 ] CVE-2020-35493\n https://nvd.nist.gov/vuln/detail/CVE-2020-35493\n[ 12 ] CVE-2020-35494\n https://nvd.nist.gov/vuln/detail/CVE-2020-35494\n[ 13 ] CVE-2020-35495\n https://nvd.nist.gov/vuln/detail/CVE-2020-35495\n[ 14 ] CVE-2020-35496\n https://nvd.nist.gov/vuln/detail/CVE-2020-35496\n[ 15 ] CVE-2020-35507\n https://nvd.nist.gov/vuln/detail/CVE-2020-35507\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202107-24\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35493"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017191"
},
{
"db": "VULHUB",
"id": "VHN-377689"
},
{
"db": "VULMON",
"id": "CVE-2020-35493"
},
{
"db": "PACKETSTORM",
"id": "163455"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35493",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "163455",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017191",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202101-099",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.3660",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-377689",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-35493",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377689"
},
{
"db": "VULMON",
"id": "CVE-2020-35493"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017191"
},
{
"db": "PACKETSTORM",
"id": "163455"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-099"
},
{
"db": "NVD",
"id": "CVE-2020-35493"
}
]
},
"id": "VAR-202101-0564",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-377689"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:25:44.833000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug\u00a025307 NetAppNetApp\u00a0Advisory",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"title": "GNU binutils Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138354"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-35493"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017191"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-099"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "Heap-based buffer overflow (CWE-122) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds read (CWE-125) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate input confirmation (CWE-20) [ others ]",
"trust": 0.8
},
{
"problemtype": "CWE-122",
"trust": 0.1
},
{
"problemtype": "CWE-125",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377689"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017191"
},
{
"db": "NVD",
"id": "CVE-2020-35493"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911437"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202107-24"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35493"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4kok3qwsvoujwj54hvgifwnlwq5zy4s6/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4kok3qwsvoujwj54hvgifwnlwq5zy4s6/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnu-binutils-affect-ibm-netezza-analytics/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3660"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/binutils-buffer-overflow-via-bfd-pef-parse-function-stub-34252"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnu-binutils-affect-ibm-netezza-analytics-for-nps/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163455/gentoo-linux-security-advisory-202107-24.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnu-binutils-affect-ibm-netezza-performance-server/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2020-35493"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35495"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-19599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9071"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9077"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9073"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9072"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35448"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35507"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35496"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9076"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9075"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35494"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377689"
},
{
"db": "VULMON",
"id": "CVE-2020-35493"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017191"
},
{
"db": "PACKETSTORM",
"id": "163455"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-099"
},
{
"db": "NVD",
"id": "CVE-2020-35493"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-377689"
},
{
"db": "VULMON",
"id": "CVE-2020-35493"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017191"
},
{
"db": "PACKETSTORM",
"id": "163455"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-099"
},
{
"db": "NVD",
"id": "CVE-2020-35493"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-04T00:00:00",
"db": "VULHUB",
"id": "VHN-377689"
},
{
"date": "2021-01-04T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35493"
},
{
"date": "2022-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-017191"
},
{
"date": "2021-07-11T12:01:11",
"db": "PACKETSTORM",
"id": "163455"
},
{
"date": "2021-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-099"
},
{
"date": "2021-01-04T15:15:12.777000",
"db": "NVD",
"id": "CVE-2020-35493"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-377689"
},
{
"date": "2022-09-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35493"
},
{
"date": "2022-06-29T05:11:00",
"db": "JVNDB",
"id": "JVNDB-2020-017191"
},
{
"date": "2022-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-099"
},
{
"date": "2024-11-21T05:27:24.997000",
"db": "NVD",
"id": "CVE-2020-35493"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-099"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "binutils\u00a0 Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017191"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-099"
}
],
"trust": 0.6
}
}
var-202012-1529
Vulnerability from variot
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. There is a security vulnerability in FasterXML Jackson Databind, which can be exploited by an attacker to transmit malicious XML data to FasterXML Jackson Databind to read files, scan sites, or trigger a denial of service. Description:
Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business.
Security Fix(es):
-
xmlgraphics-commons: SSRF due to improper input validation by the XMPParser (CVE-2020-11988)
-
xstream: allow a remote attacker to cause DoS only by manipulating the processed input stream (CVE-2021-21341)
-
xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21351)
-
xstream: arbitrary file deletion on the local host via crafted input stream (CVE-2021-21343)
-
xstream: arbitrary file deletion on the local host when unmarshalling (CVE-2020-26259)
-
xstream: ReDoS vulnerability (CVE-2021-21348)
-
xstream: Server-Side Forgery Request vulnerability can be activated when unmarshalling (CVE-2020-26258)
-
xstream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host (CVE-2021-21349)
-
xstream: SSRF via crafted input stream (CVE-2021-21342)
-
jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)
-
xstream: allow a remote attacker to execute arbitrary code only by manipulating the processed input stream (CVE-2021-21350)
-
xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21346)
-
xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21347)
-
xstream: allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream (CVE-2021-21345)
-
xstream: arbitrary code execution via crafted input stream (CVE-2021-21344)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. Bugs fixed (https://bugzilla.redhat.com/):
1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) 1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling 1908837 - CVE-2020-26259 XStream: arbitrary file deletion on the local host when unmarshalling 1933816 - CVE-2020-11988 xmlgraphics-commons: SSRF due to improper input validation by the XMPParser 1942539 - CVE-2021-21341 XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream 1942545 - CVE-2021-21342 XStream: SSRF via crafted input stream 1942550 - CVE-2021-21343 XStream: arbitrary file deletion on the local host via crafted input stream 1942554 - CVE-2021-21344 XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet 1942558 - CVE-2021-21345 XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry 1942578 - CVE-2021-21346 XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue 1942629 - CVE-2021-21347 XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator 1942633 - CVE-2021-21348 XStream: ReDoS vulnerability 1942635 - CVE-2021-21349 XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host 1942637 - CVE-2021-21350 XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader 1942642 - CVE-2021-21351 XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream
- You must be logged in to download the update. Solution:
Before applying this update, ensure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-20029 - GSS Upgrade Artemis from 2.9.0.redhat-00011 to 2.9.0.redhat-00016 JBEAP-20089 - [GSS] (7.3.z) Upgrade undertow from 2.0.31.SP1-redhat-00001 to 2.0.32.SP1-redhat JBEAP-20119 - GSS Upgrade JBoss Remoting from 5.0.18.Final-redhat-00001 to 5.0.19.Final-redhat-00001 JBEAP-20161 - GSS Upgrade XNIO from 3.7.9.Final to 3.7.11.Final JBEAP-20221 - Tracker bug for the EAP 7.3.4 release for RHEL-6 JBEAP-20239 - GSS Upgrade Hibernate Validator from 6.0.20.Final to 6.0.21.Final JBEAP-20246 - GSS Upgrade JBoss Marshalling from 2.0.9.Final to 2.0.10.Final JBEAP-20285 - GSS Upgrade HAL from 3.2.10.Final-redhat-00001 to 3.2.11.Final JBEAP-20300 - (7.3.z) Upgrade jasypt from 1.9.3-redhat-00001 to 1.9.3-redhat-00002 JBEAP-20325 - (7.3.z) Upgrade WildFly Arquillian to 3.0.1.Final for the ts.bootable profile JBEAP-20364 - (7.3.z) Upgrade com.github.fge.msg-simple to 1.1.0.redhat-00007 and com.github.fge.btf to 1.2.0.redhat-00007 JBEAP-20368 - (7.3.z) Upgrade Bootable JAR Maven plugin to 2.0.1.Final
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-maven35-jackson-databind security update Advisory ID: RHSA-2020:4312-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2020:4312 Issue date: 2020-10-22 CVE Names: CVE-2020-25649 ==================================================================== 1. Summary:
An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch
- Description:
The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.
Security Fix(es):
- jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-maven35-jackson-databind-2.7.6-2.12.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-maven35-jackson-databind-2.7.6-2.12.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-maven35-jackson-databind-2.7.6-2.12.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-maven35-jackson-databind-2.7.6-2.12.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-maven35-jackson-databind-2.7.6-2.12.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-25649 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX5G3l9zjgjWX9erEAQgNJw//V6i0MaE6kJf78AmcwlVreSW1RPxOKN/E x/K1urqgA74g4anadf8MRodiyk+JgL5Uujh1rGNFzMksL+U8F2XE3C5eZZu+L4lC wC+JVh1xKWRSmgVZab6GtQdUL7NvbBu4zl6lVqfdhgV7/24JJVfpvQ+s7X1m0yko vL83uZ5YVlvP7bdk4B+MF8CtyjmxOI3DhaJk0L88uTvNIVSSBCKLihQfmT5g7hB0 VnlYW1ThsnaGOvYSK1mhaWUQv3fw+xIIJ1e6xSlyVAANNI1cRuOS6502fzsn+s89 HOLUq47hPM+2YQBnj6nZi5KfaA7J+fDQfp0rsMrGzDI92nvG1FO+PhLHU/VdOESL Rwpy/dCG/Sx1499a0Tziwf1H5Dadfwpu2dIp7yNmPxHtPXUuwNJDoo9zWOggvZoR 97Syo6dfh2YxFsbshHEiFNH8siFNBsmU5dcDXD/asMNigoiIAW508ojfHhfr5yLc r42xHhBPmxnot65DNeQrwjUmibLCef3J3en0uV/OEyTgoaxlqt1Zf1uWUQ6aQxR/ Enklt1rKx8398R8UB61gRTYftaNX6md3zgWz844meG+cakEA1obWrO2Fau/67lNe NqGuFRDGGidSCL2v/WU/49AA7FReEm7wKuR/u0zbH50I4ihH7uR9DkrGvWD4soAe /o4+qVFSE74=ygzN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:1427
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at
https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
- Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html
- Description:
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.
This release of Red Hat Data Grid 7.3.8 serves as a replacement for Red Hat Data Grid 7.3.7 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Solution:
To install this update, do the following:
- Download the Data Grid 7.3.8 server patch from the customer portal. See the download link in the References section. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. Install the Data Grid 7.3.8 server patch. Refer to the 7.3 Release Notes for patching instructions. Restart Data Grid to ensure the changes take effect. Description:
The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer (REST) Application Programming Interface (API).
Bug Fix(es):
-
Red Hat Virtualization Manager now requires Ansible 2.9.15. (BZ#1901946)
-
Bugs fixed (https://bugzilla.redhat.com/):
1627997 - [RFE] Allow SPM switching if all tasks have finished via REST-API 1702237 - [RFE] add API for listing disksnapshots under disk resource 1796231 - VM disk remains in locked state if image transfer (image download) timesout due to inactivity. 1868114 - RHV-M UI/Webadmin: The "Disk Snapshots" tab reflects incorrect "Creation Date" information. 1875951 - Disk hot-unplug fails on engine side with NPE in setDiskVmElements after unplugging from the VM. 1879655 - [RFE] Implement searching VM's with partial name or case sensitive vm names in VM Portal. 1880015 - oVirt metrics example Kibana dashboards are broken in Kibana 7.x 1881115 - RHEL VM icons squashed, please adhere to brand rules 1881357 - German language greeting page says Red Hat® 1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) 1893035 - rhv-log-collector-analyzer: check for double quotes in IPTablesConfigSiteCustom 1894298 - ModuleNotFoundError: No module named 'ovirt_engine' raised when starting ovirt-engine-dwhd.py in dev env 1901946 - [RFE] Bump ovirt-engine version lock to the newest Ansible version 1903385 - RFE: rhv-image-discrepancies should report if the truesize from VDSM has different size in images in the engine. 1903595 - [PPC] Can't add PPC host to Engine
6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1529",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "insurance rules palette",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.1"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.10.5.1"
},
{
"model": "iotdb",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "0.12.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.7"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.6"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "agile product lifecycle management integration pack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.6"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "coherence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "coherence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "blockchain platform",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.6.7.4"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.10.0"
},
{
"model": "commerce platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "service level manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.2"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.0"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.0.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.0.1"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"model": "oncommand api services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3"
},
{
"model": "banking apis",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"model": "health sciences empirica signal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "health sciences empirica signal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.3"
},
{
"model": "insurance policy administration",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "banking apis",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.10"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.6.0"
},
{
"model": "banking treasury management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"model": "commerce platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.10.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.8.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "insurance policy administration",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.2.0"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.4.0"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.5.0"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "banking apis",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1"
},
{
"model": "communications convergent charging controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.5.0"
},
{
"model": "insurance rules palette",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.11"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0.23.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.6.0"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "goldengate application adapters",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0.0.0"
},
{
"model": "quarkus",
"scope": "lte",
"trust": 1.0,
"vendor": "quarkus",
"version": "1.6.1"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1"
},
{
"model": "hitachi ops center analyzer viewpoint",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "service level manager",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "oncommand workflow automation",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "oncommand api services",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "quarkus",
"scope": null,
"trust": 0.8,
"vendor": "quarkus",
"version": null
},
{
"model": "jackson-databind",
"scope": null,
"trust": 0.8,
"vendor": "fasterxml",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014030"
},
{
"db": "NVD",
"id": "CVE-2020-25649"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163201"
},
{
"db": "PACKETSTORM",
"id": "163205"
},
{
"db": "PACKETSTORM",
"id": "159759"
},
{
"db": "PACKETSTORM",
"id": "160554"
},
{
"db": "PACKETSTORM",
"id": "160347"
},
{
"db": "PACKETSTORM",
"id": "159680"
},
{
"db": "PACKETSTORM",
"id": "162478"
},
{
"db": "PACKETSTORM",
"id": "160489"
},
{
"db": "PACKETSTORM",
"id": "161261"
}
],
"trust": 0.9
},
"cve": "CVE-2020-25649",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-25649",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-179648",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-25649",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-25649",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-25649",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-25649",
"trust": 0.8,
"value": "High"
},
{
"author": "VULHUB",
"id": "VHN-179648",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-179648"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014030"
},
{
"db": "NVD",
"id": "CVE-2020-25649"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. There is a security vulnerability in FasterXML Jackson Databind, which can be exploited by an attacker to transmit malicious XML data to FasterXML Jackson Databind to read files, scan sites, or trigger a denial of service. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nSecurity Fix(es):\n\n* xmlgraphics-commons: SSRF due to improper input validation by the\nXMPParser (CVE-2020-11988)\n\n* xstream: allow a remote attacker to cause DoS only by manipulating the\nprocessed input stream (CVE-2021-21341)\n\n* xstream: allow a remote attacker to load and execute arbitrary code from\na remote host only by manipulating the processed input stream\n(CVE-2021-21351)\n\n* xstream: arbitrary file deletion on the local host via crafted input\nstream (CVE-2021-21343)\n\n* xstream: arbitrary file deletion on the local host when unmarshalling\n(CVE-2020-26259)\n\n* xstream: ReDoS vulnerability (CVE-2021-21348)\n\n* xstream: Server-Side Forgery Request vulnerability can be activated when\nunmarshalling (CVE-2020-26258)\n\n* xstream: SSRF can be activated unmarshalling with XStream to access data\nstreams from an arbitrary URL referencing a resource in an intranet or the\nlocal host (CVE-2021-21349)\n\n* xstream: SSRF via crafted input stream (CVE-2021-21342)\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is\nvulnerable to XML external entity (XXE) (CVE-2020-25649)\n\n* xstream: allow a remote attacker to execute arbitrary code only by\nmanipulating the processed input stream (CVE-2021-21350)\n\n* xstream: allow a remote attacker to load and execute arbitrary code from\na remote host only by manipulating the processed input stream\n(CVE-2021-21346)\n\n* xstream: allow a remote attacker to load and execute arbitrary code from\na remote host only by manipulating the processed input stream\n(CVE-2021-21347)\n\n* xstream: allow a remote attacker who has sufficient rights to execute\ncommands of the host only by manipulating the processed input stream\n(CVE-2021-21345)\n\n* xstream: arbitrary code execution via crafted input stream\n(CVE-2021-21344)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. Bugs fixed (https://bugzilla.redhat.com/):\n\n1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)\n1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling\n1908837 - CVE-2020-26259 XStream: arbitrary file deletion on the local host when unmarshalling\n1933816 - CVE-2020-11988 xmlgraphics-commons: SSRF due to improper input validation by the XMPParser\n1942539 - CVE-2021-21341 XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream\n1942545 - CVE-2021-21342 XStream: SSRF via crafted input stream\n1942550 - CVE-2021-21343 XStream: arbitrary file deletion on the local host via crafted input stream\n1942554 - CVE-2021-21344 XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet\n1942558 - CVE-2021-21345 XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry\n1942578 - CVE-2021-21346 XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue\n1942629 - CVE-2021-21347 XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator\n1942633 - CVE-2021-21348 XStream: ReDoS vulnerability\n1942635 - CVE-2021-21349 XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host\n1942637 - CVE-2021-21350 XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader\n1942642 - CVE-2021-21351 XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream\n\n5. You must be logged in to download the update. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-20029 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00011 to 2.9.0.redhat-00016\nJBEAP-20089 - [GSS] (7.3.z) Upgrade undertow from 2.0.31.SP1-redhat-00001 to 2.0.32.SP1-redhat\nJBEAP-20119 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.18.Final-redhat-00001 to 5.0.19.Final-redhat-00001\nJBEAP-20161 - [GSS](7.3.z) Upgrade XNIO from 3.7.9.Final to 3.7.11.Final\nJBEAP-20221 - Tracker bug for the EAP 7.3.4 release for RHEL-6\nJBEAP-20239 - [GSS](7.3.z) Upgrade Hibernate Validator from 6.0.20.Final to 6.0.21.Final\nJBEAP-20246 - [GSS](7.3.z) Upgrade JBoss Marshalling from 2.0.9.Final to 2.0.10.Final\nJBEAP-20285 - [GSS](7.3.z) Upgrade HAL from 3.2.10.Final-redhat-00001 to 3.2.11.Final\nJBEAP-20300 - (7.3.z) Upgrade jasypt from 1.9.3-redhat-00001 to 1.9.3-redhat-00002\nJBEAP-20325 - (7.3.z) Upgrade WildFly Arquillian to 3.0.1.Final for the ts.bootable profile\nJBEAP-20364 - (7.3.z) Upgrade com.github.fge.msg-simple to 1.1.0.redhat-00007 and com.github.fge.btf to 1.2.0.redhat-00007\nJBEAP-20368 - (7.3.z) Upgrade Bootable JAR Maven plugin to 2.0.1.Final\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-maven35-jackson-databind security update\nAdvisory ID: RHSA-2020:4312-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4312\nIssue date: 2020-10-22\nCVE Names: CVE-2020-25649\n====================================================================\n1. Summary:\n\nAn update for rh-maven35-jackson-databind is now available for Red Hat\nSoftware Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch\n\n3. Description:\n\nThe jackson-databind package provides general data-binding functionality\nfor Jackson, which works on top of Jackson core streaming API. \n\nSecurity Fix(es):\n\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is\nvulnerable to XML external entity (XXE) (CVE-2020-25649)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.12.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.12.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.12.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.12.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.12.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.12.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.12.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-25649\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX5G3l9zjgjWX9erEAQgNJw//V6i0MaE6kJf78AmcwlVreSW1RPxOKN/E\nx/K1urqgA74g4anadf8MRodiyk+JgL5Uujh1rGNFzMksL+U8F2XE3C5eZZu+L4lC\nwC+JVh1xKWRSmgVZab6GtQdUL7NvbBu4zl6lVqfdhgV7/24JJVfpvQ+s7X1m0yko\nvL83uZ5YVlvP7bdk4B+MF8CtyjmxOI3DhaJk0L88uTvNIVSSBCKLihQfmT5g7hB0\nVnlYW1ThsnaGOvYSK1mhaWUQv3fw+xIIJ1e6xSlyVAANNI1cRuOS6502fzsn+s89\nHOLUq47hPM+2YQBnj6nZi5KfaA7J+fDQfp0rsMrGzDI92nvG1FO+PhLHU/VdOESL\nRwpy/dCG/Sx1499a0Tziwf1H5Dadfwpu2dIp7yNmPxHtPXUuwNJDoo9zWOggvZoR\n97Syo6dfh2YxFsbshHEiFNH8siFNBsmU5dcDXD/asMNigoiIAW508ojfHhfr5yLc\nr42xHhBPmxnot65DNeQrwjUmibLCef3J3en0uV/OEyTgoaxlqt1Zf1uWUQ6aQxR/\nEnklt1rKx8398R8UB61gRTYftaNX6md3zgWz844meG+cakEA1obWrO2Fau/67lNe\nNqGuFRDGGidSCL2v/WU/49AA7FReEm7wKuR/u0zbH50I4ihH7uR9DkrGvWD4soAe\n/o4+qVFSE74=ygzN\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1427\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\n\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n3. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. \n\nThis release of Red Hat Data Grid 7.3.8 serves as a replacement for Red Hat\nData Grid 7.3.7 and includes bug fixes and enhancements, which are\ndescribed in the Release Notes, linked to in the References section of this\nerratum. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.8 server patch from the customer portal. See\nthe download link in the References section. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. Install the Data Grid 7.3.8 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. Restart Data Grid to ensure the changes take effect. Description:\n\nThe ovirt-engine package provides the Red Hat Virtualization Manager, a\ncentralized management platform that allows system administrators to view\nand manage virtual machines. The Manager provides a comprehensive range of\nfeatures including search capabilities, resource management, live\nmigrations, and virtual infrastructure provisioning. \n\nThe Manager is a JBoss Application Server application that provides several\ninterfaces through which the virtual environment can be accessed and\ninteracted with, including an Administration Portal, a VM Portal, and a\nRepresentational State Transfer (REST) Application Programming Interface\n(API). \n\nBug Fix(es):\n\n* Red Hat Virtualization Manager now requires Ansible 2.9.15. (BZ#1901946)\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1627997 - [RFE] Allow SPM switching if all tasks have finished via REST-API\n1702237 - [RFE] add API for listing disksnapshots under disk resource\n1796231 - VM disk remains in locked state if image transfer (image download) timesout due to inactivity. \n1868114 - RHV-M UI/Webadmin: The \"Disk Snapshots\" tab reflects incorrect \"Creation Date\" information. \n1875951 - Disk hot-unplug fails on engine side with NPE in setDiskVmElements after unplugging from the VM. \n1879655 - [RFE] Implement searching VM\u0027s with partial name or case sensitive vm names in VM Portal. \n1880015 - oVirt metrics example Kibana dashboards are broken in Kibana 7.x\n1881115 - RHEL VM icons squashed, please adhere to brand rules\n1881357 - German language greeting page says Red Hat\u00c2\u00ae\n1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)\n1893035 - rhv-log-collector-analyzer: check for double quotes in IPTablesConfigSiteCustom\n1894298 - ModuleNotFoundError: No module named \u0027ovirt_engine\u0027 raised when starting ovirt-engine-dwhd.py in dev env\n1901946 - [RFE] Bump ovirt-engine version lock to the newest Ansible version\n1903385 - RFE: rhv-image-discrepancies should report if the truesize from VDSM has different size in images in the engine. \n1903595 - [PPC] Can\u0027t add PPC host to Engine\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25649"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014030"
},
{
"db": "VULHUB",
"id": "VHN-179648"
},
{
"db": "PACKETSTORM",
"id": "163201"
},
{
"db": "PACKETSTORM",
"id": "163205"
},
{
"db": "PACKETSTORM",
"id": "159759"
},
{
"db": "PACKETSTORM",
"id": "160554"
},
{
"db": "PACKETSTORM",
"id": "160347"
},
{
"db": "PACKETSTORM",
"id": "159680"
},
{
"db": "PACKETSTORM",
"id": "162478"
},
{
"db": "PACKETSTORM",
"id": "160489"
},
{
"db": "PACKETSTORM",
"id": "161261"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25649",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014030",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163205",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "160347",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162478",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "160489",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163201",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "160554",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159759",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159680",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161261",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "160349",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160346",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159973",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162696",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160348",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159767",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162240",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161766",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160535",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202010-622",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-179648",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-179648"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014030"
},
{
"db": "PACKETSTORM",
"id": "163201"
},
{
"db": "PACKETSTORM",
"id": "163205"
},
{
"db": "PACKETSTORM",
"id": "159759"
},
{
"db": "PACKETSTORM",
"id": "160554"
},
{
"db": "PACKETSTORM",
"id": "160347"
},
{
"db": "PACKETSTORM",
"id": "159680"
},
{
"db": "PACKETSTORM",
"id": "162478"
},
{
"db": "PACKETSTORM",
"id": "160489"
},
{
"db": "PACKETSTORM",
"id": "161261"
},
{
"db": "NVD",
"id": "CVE-2020-25649"
}
]
},
"id": "VAR-202012-1529",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-179648"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T21:28:54.682000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2021-111",
"trust": 0.8,
"url": "https://github.com/FasterXML/jackson-databind/issues/2589"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014030"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-611",
"trust": 1.1
},
{
"problemtype": "XML Improper restrictions on external entity references (CWE-611) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-179648"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014030"
},
{
"db": "NVD",
"id": "CVE-2020-25649"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25649"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210108-0007/"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
},
{
"trust": 1.1,
"url": "https://github.com/fasterxml/jackson-databind/issues/2589"
},
{
"trust": 1.1,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3creviews.iotdb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3creviews.iotdb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3creviews.iotdb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3cuser.spark.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3cnotifications.iotdb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3ccommits.iotdb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6x2ut4x6m7dlqyboohmxbwgyj65rl2ct/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3cusers.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cusers.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3cusers.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cusers.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3ccommits.turbine.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3cdev.knox.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3ccommits.karaf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3cdev.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cdev.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3cdev.knox.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3ccommits.tomee.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080@%3cusers.kafka.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2020-25649"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21350"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21341"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21347"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21349"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21341"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21342"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21351"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26259"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21342"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21344"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21348"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21348"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21344"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21349"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11988"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11988"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21350"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21346"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21347"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21345"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21343"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21346"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21351"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26259"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25638"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25638"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25644"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25644"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6x2ut4x6m7dlqyboohmxbwgyj65rl2ct/"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83@%3ccommits.servicecomb.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1@%3cdev.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07@%3ccommits.iotdb.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8@%3cnotifications.iotdb.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60@%3creviews.iotdb.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042@%3creviews.iotdb.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb@%3creviews.iotdb.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cdev.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304@%3cusers.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cusers.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cusers.kafka.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22@%3ccommits.karaf.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb@%3cdev.knox.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61@%3cdev.knox.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3@%3cuser.spark.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a@%3ccommits.tomee.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386@%3ccommits.turbine.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2475"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2476"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4402"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.7/html/release_notes_for_thorntail_2.7/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14299"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14299"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14338"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xcatrhoar.thorntail\u0026version=2.7.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14340"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14340"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5340"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4312"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:1427"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2163"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1429"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27365"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3447"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27365"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27364"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-2163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5410"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=securitypatches\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0381"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-179648"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014030"
},
{
"db": "PACKETSTORM",
"id": "163201"
},
{
"db": "PACKETSTORM",
"id": "163205"
},
{
"db": "PACKETSTORM",
"id": "159759"
},
{
"db": "PACKETSTORM",
"id": "160554"
},
{
"db": "PACKETSTORM",
"id": "160347"
},
{
"db": "PACKETSTORM",
"id": "159680"
},
{
"db": "PACKETSTORM",
"id": "162478"
},
{
"db": "PACKETSTORM",
"id": "160489"
},
{
"db": "PACKETSTORM",
"id": "161261"
},
{
"db": "NVD",
"id": "CVE-2020-25649"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-179648"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014030"
},
{
"db": "PACKETSTORM",
"id": "163201"
},
{
"db": "PACKETSTORM",
"id": "163205"
},
{
"db": "PACKETSTORM",
"id": "159759"
},
{
"db": "PACKETSTORM",
"id": "160554"
},
{
"db": "PACKETSTORM",
"id": "160347"
},
{
"db": "PACKETSTORM",
"id": "159680"
},
{
"db": "PACKETSTORM",
"id": "162478"
},
{
"db": "PACKETSTORM",
"id": "160489"
},
{
"db": "PACKETSTORM",
"id": "161261"
},
{
"db": "NVD",
"id": "CVE-2020-25649"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-179648"
},
{
"date": "2021-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014030"
},
{
"date": "2021-06-17T18:16:15",
"db": "PACKETSTORM",
"id": "163201"
},
{
"date": "2021-06-17T18:23:27",
"db": "PACKETSTORM",
"id": "163205"
},
{
"date": "2020-10-29T14:19:38",
"db": "PACKETSTORM",
"id": "159759"
},
{
"date": "2020-12-16T18:10:10",
"db": "PACKETSTORM",
"id": "160554"
},
{
"date": "2020-12-03T20:27:20",
"db": "PACKETSTORM",
"id": "160347"
},
{
"date": "2020-10-22T17:19:48",
"db": "PACKETSTORM",
"id": "159680"
},
{
"date": "2021-05-06T01:15:29",
"db": "PACKETSTORM",
"id": "162478"
},
{
"date": "2020-12-14T18:06:53",
"db": "PACKETSTORM",
"id": "160489"
},
{
"date": "2021-02-02T16:13:56",
"db": "PACKETSTORM",
"id": "161261"
},
{
"date": "2020-12-03T17:15:12.503000",
"db": "NVD",
"id": "CVE-2020-25649"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-02T00:00:00",
"db": "VULHUB",
"id": "VHN-179648"
},
{
"date": "2021-07-20T04:50:00",
"db": "JVNDB",
"id": "JVNDB-2020-014030"
},
{
"date": "2024-11-21T05:18:20.343000",
"db": "NVD",
"id": "CVE-2020-25649"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "160554"
},
{
"db": "PACKETSTORM",
"id": "160347"
}
],
"trust": 0.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FasterXML\u00a0Jackson\u00a0Databind\u00a0 In \u00a0XML\u00a0 External entity vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014030"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "163201"
},
{
"db": "PACKETSTORM",
"id": "163205"
}
],
"trust": 0.2
}
}
var-202207-0381
Vulnerability from variot
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. Node.js Foundation of Node.js For products from other vendors, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Node.js July 7th 2022 Security Releases: DNS rebinding in --inspect via invalid IP addresses. When an invalid IPv4 address is provided (for instance 10.0.2.555 is provided), browsers (such as Firefox) will make DNS requests to the DNS server, providing a vector for an attacker-controlled DNS server or a MITM who can spoof DNS responses to perform a rebinding attack and hence connect to the WebSocket debugger, allowing for arbitrary code execution. This is a bypass of CVE-2021-22884. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security and bug fix update Advisory ID: RHSA-2022:6389-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2022:6389 Issue date: 2022-09-08 CVE Names: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-33987 ==================================================================== 1. Summary:
An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
- Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs14-nodejs (14.20.0).
Security Fix(es):
-
nodejs: DNS rebinding in --inspect via invalid IP addresses (CVE-2022-32212)
-
nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding (CVE-2022-32213)
-
nodejs: HTTP request smuggling due to improper delimiting of header fields (CVE-2022-32214)
-
nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (CVE-2022-32215)
-
got: missing verification of requested URLs allows redirects to UNIX sockets (CVE-2022-33987)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
rh-nodejs14-nodejs: rebase to latest upstream release (BZ#2106673)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2102001 - CVE-2022-33987 got: missing verification of requested URLs allows redirects to UNIX sockets 2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses 2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding 2105428 - CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields 2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding 2106673 - rh-nodejs14-nodejs: rebase to latest upstream release [rhscl-3.8.z]
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nodejs14-nodejs-14.20.0-2.el7.src.rpm rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm
noarch: rh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm
ppc64le: rh-nodejs14-nodejs-14.20.0-2.el7.ppc64le.rpm rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.ppc64le.rpm rh-nodejs14-nodejs-devel-14.20.0-2.el7.ppc64le.rpm rh-nodejs14-npm-6.14.17-14.20.0.2.el7.ppc64le.rpm
s390x: rh-nodejs14-nodejs-14.20.0-2.el7.s390x.rpm rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.s390x.rpm rh-nodejs14-nodejs-devel-14.20.0-2.el7.s390x.rpm rh-nodejs14-npm-6.14.17-14.20.0.2.el7.s390x.rpm
x86_64: rh-nodejs14-nodejs-14.20.0-2.el7.x86_64.rpm rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.x86_64.rpm rh-nodejs14-nodejs-devel-14.20.0-2.el7.x86_64.rpm rh-nodejs14-npm-6.14.17-14.20.0.2.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nodejs14-nodejs-14.20.0-2.el7.src.rpm rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm
noarch: rh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm
x86_64: rh-nodejs14-nodejs-14.20.0-2.el7.x86_64.rpm rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.x86_64.rpm rh-nodejs14-nodejs-devel-14.20.0-2.el7.x86_64.rpm rh-nodejs14-npm-6.14.17-14.20.0.2.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-32212 https://access.redhat.com/security/cve/CVE-2022-32213 https://access.redhat.com/security/cve/CVE-2022-32214 https://access.redhat.com/security/cve/CVE-2022-32215 https://access.redhat.com/security/cve/CVE-2022-33987 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYxnqU9zjgjWX9erEAQipBg/+NJmkBsKEPkFHZAiZhGKiwIkwaFcHK+e/ ODClFTTT9SkkMBheuc9HQDmwukaVlLMvbOJSVL/6NvuLQvOcQHtprOAJXr3I6KQm VScJRQny4et+D/N3bJJiuhqe9YY9Bh+EP7omS4aq2UuphEhkuTSQ0V2+Fa4O8wdZ bAhUhU660Q6aGzNGvcyz8vi7ohmOFZS94/x2Lr6cBG8LF0dmr/pIw+uPlO36ghXF IPEM3VcGisTGQRg2Xy5yqeouK1S+YAcZ1f0QUOePP+WRhIecfmG3cj6oYTRnrOyq +62525BHDNjIz55z6H32dKBIy+r+HT7WaOGgPwvH+ugmlH6NyKHjSyy+IJoglkfM 4+QA0zun7WhLet5y4jmsWCpT3mOCWj7h+iW6IqTlfcad3wCQ6OnySRq67W3GDq+M 3kdUdBoyfLm1vzLceEF4AK8qChj7rVl8x0b4v8OfRGv6ZEIe+BfJYNzI9HeuIE91 BYtLGe18vMs5mcWxcYMWlfAgzVSGTaqaaBie9qPtAThs00lJd9oRf/Mfga42/6vI nBLHwE3NyPyKfaLvcyLa/oPwGnOhKyPtD8HeN2MORm6RUeUClaq9s+ihDIPvbyLX bcKKdjGoJDWyJy2yU2GkVwrbF6gcKgdvo2uFckOpouKQ4P9KEooI/15fLy8NPIZz hGdWoRKL34w\xcePC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 9) - aarch64, noarch, ppc64le, s390x, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5326-1 security@debian.org https://www.debian.org/security/ Aron Xu January 24, 2023 https://www.debian.org/security/faq
Package : nodejs CVE ID : CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 CVE-2022-43548
Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup.
For the stable distribution (bullseye), these problems have been fixed in version 12.22.12~dfsg-1~deb11u3.
We recommend that you upgrade your nodejs packages.
For the detailed security status of nodejs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nodejs
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPQNhIACgkQEMKTtsN8 TjaRmA/+KDFkQcd2sE/eAAx9cVikICNkfu7uIVKHpeDH9o5oq5M2nj4zHJCeAArp WblguyZwEtqzAOO2WesbrmwfXLmglhrNZwRMOrsbu63JxSnecp7qcMwR8A4JWdmd Txb4aZr6Prmwq6fT0G3K6oV8Hw+OeqYA/RZKenxtkBf/jdzVahGJHJ/NrFKKWVQW xbqHwCkP7uUlm+5UR5XzNrodTRCQYHJvUmDUrjEOjM6x+sqYirKWiERN0A14kVn9 0Ufrw6+Z2tKhdKFZfU1BtDthhlH/nybz0h3aHsk+E5/vx20WAURiCEDVi7nf8+Rf EtbCxaqV+/xVoPmXStHY/ogCo8CgRVsyYUIemgi4q5LwVx/Oqjm2CJ/xCwOKh0E2 idXLJfLSpxxBe598MUn9iKbnFFCN9DQZXf7BYs3djtn8ALFVBSHZSF1QXFoFQ86w Y9xGhBQzfEgCoEW7H4S30ZQ+Gz+ZnOMCSH+MKIMtSpqbc7wLtrKf839DO6Uux7B7 u0WR3lZlsihi92QKq9X/VRkyy8ZiA2TYy3IE+KDKlXDHKls9FR9BUClYe9L8RiRu boP8KPFUHUsSVaTzkufMStdKkcXCqgj/6KhJL6E9ZunTBpTmqx1Ty7/N2qktLFnH ujrffzV3rCE6eIg7ps8OdZbjCfqUqmQk9/pV6ZDjymqjZ1LKZDs\xfeRn -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-6491-1 November 21, 2023
nodejs vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in Node.js.
Software Description: - nodejs: An open-source, cross-platform JavaScript runtime environment.
Details:
Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2022-32212)
Zeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-32213, CVE-2022-32214, CVE-2022-32215)
It was discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-35256)
It was discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-43548)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: libnode-dev 12.22.9~dfsg-1ubuntu3.2 libnode72 12.22.9~dfsg-1ubuntu3.2 nodejs 12.22.9~dfsg-1ubuntu3.2 nodejs-doc 12.22.9~dfsg-1ubuntu3.2
Ubuntu 20.04 LTS: libnode-dev 10.19.0~dfsg-3ubuntu1.3 libnode64 10.19.0~dfsg-3ubuntu1.3 nodejs 10.19.0~dfsg-3ubuntu1.3 nodejs-doc 10.19.0~dfsg-3ubuntu1.3
Ubuntu 18.04 LTS (Available with Ubuntu Pro): nodejs 8.10.0~dfsg-2ubuntu0.4+esm4 nodejs-dev 8.10.0~dfsg-2ubuntu0.4+esm4 nodejs-doc 8.10.0~dfsg-2ubuntu0.4+esm4
In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202405-29
https://security.gentoo.org/
Severity: Low Title: Node.js: Multiple Vulnerabilities Date: May 08, 2024 Bugs: #772422, #781704, #800986, #805053, #807775, #811273, #817938, #831037, #835615, #857111, #865627, #872692, #879617, #918086, #918614 ID: 202405-29
Synopsis
Multiple vulnerabilities have been discovered in Node.js.
Background
Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine.
Affected packages
Package Vulnerable Unaffected
net-libs/nodejs < 16.20.2 >= 16.20.2
Description
Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Node.js 20 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/nodejs-20.5.1"
All Node.js 18 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/nodejs-18.17.1"
All Node.js 16 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/nodejs-16.20.2"
References
[ 1 ] CVE-2020-7774 https://nvd.nist.gov/vuln/detail/CVE-2020-7774 [ 2 ] CVE-2021-3672 https://nvd.nist.gov/vuln/detail/CVE-2021-3672 [ 3 ] CVE-2021-22883 https://nvd.nist.gov/vuln/detail/CVE-2021-22883 [ 4 ] CVE-2021-22884 https://nvd.nist.gov/vuln/detail/CVE-2021-22884 [ 5 ] CVE-2021-22918 https://nvd.nist.gov/vuln/detail/CVE-2021-22918 [ 6 ] CVE-2021-22930 https://nvd.nist.gov/vuln/detail/CVE-2021-22930 [ 7 ] CVE-2021-22931 https://nvd.nist.gov/vuln/detail/CVE-2021-22931 [ 8 ] CVE-2021-22939 https://nvd.nist.gov/vuln/detail/CVE-2021-22939 [ 9 ] CVE-2021-22940 https://nvd.nist.gov/vuln/detail/CVE-2021-22940 [ 10 ] CVE-2021-22959 https://nvd.nist.gov/vuln/detail/CVE-2021-22959 [ 11 ] CVE-2021-22960 https://nvd.nist.gov/vuln/detail/CVE-2021-22960 [ 12 ] CVE-2021-37701 https://nvd.nist.gov/vuln/detail/CVE-2021-37701 [ 13 ] CVE-2021-37712 https://nvd.nist.gov/vuln/detail/CVE-2021-37712 [ 14 ] CVE-2021-39134 https://nvd.nist.gov/vuln/detail/CVE-2021-39134 [ 15 ] CVE-2021-39135 https://nvd.nist.gov/vuln/detail/CVE-2021-39135 [ 16 ] CVE-2021-44531 https://nvd.nist.gov/vuln/detail/CVE-2021-44531 [ 17 ] CVE-2021-44532 https://nvd.nist.gov/vuln/detail/CVE-2021-44532 [ 18 ] CVE-2021-44533 https://nvd.nist.gov/vuln/detail/CVE-2021-44533 [ 19 ] CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778 [ 20 ] CVE-2022-3602 https://nvd.nist.gov/vuln/detail/CVE-2022-3602 [ 21 ] CVE-2022-3786 https://nvd.nist.gov/vuln/detail/CVE-2022-3786 [ 22 ] CVE-2022-21824 https://nvd.nist.gov/vuln/detail/CVE-2022-21824 [ 23 ] CVE-2022-32212 https://nvd.nist.gov/vuln/detail/CVE-2022-32212 [ 24 ] CVE-2022-32213 https://nvd.nist.gov/vuln/detail/CVE-2022-32213 [ 25 ] CVE-2022-32214 https://nvd.nist.gov/vuln/detail/CVE-2022-32214 [ 26 ] CVE-2022-32215 https://nvd.nist.gov/vuln/detail/CVE-2022-32215 [ 27 ] CVE-2022-32222 https://nvd.nist.gov/vuln/detail/CVE-2022-32222 [ 28 ] CVE-2022-35255 https://nvd.nist.gov/vuln/detail/CVE-2022-35255 [ 29 ] CVE-2022-35256 https://nvd.nist.gov/vuln/detail/CVE-2022-35256 [ 30 ] CVE-2022-35948 https://nvd.nist.gov/vuln/detail/CVE-2022-35948 [ 31 ] CVE-2022-35949 https://nvd.nist.gov/vuln/detail/CVE-2022-35949 [ 32 ] CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 [ 33 ] CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 [ 34 ] CVE-2023-30582 https://nvd.nist.gov/vuln/detail/CVE-2023-30582 [ 35 ] CVE-2023-30583 https://nvd.nist.gov/vuln/detail/CVE-2023-30583 [ 36 ] CVE-2023-30584 https://nvd.nist.gov/vuln/detail/CVE-2023-30584 [ 37 ] CVE-2023-30586 https://nvd.nist.gov/vuln/detail/CVE-2023-30586 [ 38 ] CVE-2023-30587 https://nvd.nist.gov/vuln/detail/CVE-2023-30587 [ 39 ] CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 [ 40 ] CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 [ 41 ] CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 [ 42 ] CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 [ 43 ] CVE-2023-32003 https://nvd.nist.gov/vuln/detail/CVE-2023-32003 [ 44 ] CVE-2023-32004 https://nvd.nist.gov/vuln/detail/CVE-2023-32004 [ 45 ] CVE-2023-32005 https://nvd.nist.gov/vuln/detail/CVE-2023-32005 [ 46 ] CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 [ 47 ] CVE-2023-32558 https://nvd.nist.gov/vuln/detail/CVE-2023-32558 [ 48 ] CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202405-29
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0381",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "16.17.1"
},
{
"model": "sinec ins",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "sinec ins",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "16.0.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.20.1"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "18.0.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "18.5.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.15.0"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "16.12.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.14.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.0.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "16.13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "sinec ins",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "node.js",
"scope": null,
"trust": 0.8,
"vendor": "node js",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013369"
},
{
"db": "NVD",
"id": "CVE-2022-32212"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168305"
},
{
"db": "PACKETSTORM",
"id": "169410"
},
{
"db": "PACKETSTORM",
"id": "168442"
},
{
"db": "PACKETSTORM",
"id": "168358"
},
{
"db": "PACKETSTORM",
"id": "168359"
}
],
"trust": 0.5
},
"cve": "CVE-2022-32212",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-32212",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-32212",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-32212",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-32212",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-684",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013369"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-684"
},
{
"db": "NVD",
"id": "CVE-2022-32212"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A OS Command Injection vulnerability exists in Node.js versions \u003c14.20.0, \u003c16.20.0, \u003c18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. Node.js Foundation of Node.js For products from other vendors, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Node.js July 7th 2022 Security Releases: DNS rebinding in --inspect via invalid IP addresses. When an invalid IPv4 address is provided (for instance 10.0.2.555 is provided), browsers (such as Firefox) will make DNS requests to the DNS server, providing a vector for an attacker-controlled DNS server or a MITM who can spoof DNS responses to perform a rebinding attack and hence connect to the WebSocket debugger, allowing for arbitrary code execution. This is a bypass of CVE-2021-22884. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security and bug fix update\nAdvisory ID: RHSA-2022:6389-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6389\nIssue date: 2022-09-08\nCVE Names: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214\n CVE-2022-32215 CVE-2022-33987\n====================================================================\n1. Summary:\n\nAn update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now\navailable for Red Hat Software Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs14-nodejs (14.20.0). \n\nSecurity Fix(es):\n\n* nodejs: DNS rebinding in --inspect via invalid IP addresses\n(CVE-2022-32212)\n\n* nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding\n(CVE-2022-32213)\n\n* nodejs: HTTP request smuggling due to improper delimiting of header\nfields (CVE-2022-32214)\n\n* nodejs: HTTP request smuggling due to incorrect parsing of multi-line\nTransfer-Encoding (CVE-2022-32215)\n\n* got: missing verification of requested URLs allows redirects to UNIX\nsockets (CVE-2022-33987)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* rh-nodejs14-nodejs: rebase to latest upstream release (BZ#2106673)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2102001 - CVE-2022-33987 got: missing verification of requested URLs allows redirects to UNIX sockets\n2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses\n2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding\n2105428 - CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields\n2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding\n2106673 - rh-nodejs14-nodejs: rebase to latest upstream release [rhscl-3.8.z]\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nodejs14-nodejs-14.20.0-2.el7.src.rpm\nrh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm\n\nnoarch:\nrh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm\nrh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm\n\nppc64le:\nrh-nodejs14-nodejs-14.20.0-2.el7.ppc64le.rpm\nrh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.ppc64le.rpm\nrh-nodejs14-nodejs-devel-14.20.0-2.el7.ppc64le.rpm\nrh-nodejs14-npm-6.14.17-14.20.0.2.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs14-nodejs-14.20.0-2.el7.s390x.rpm\nrh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.s390x.rpm\nrh-nodejs14-nodejs-devel-14.20.0-2.el7.s390x.rpm\nrh-nodejs14-npm-6.14.17-14.20.0.2.el7.s390x.rpm\n\nx86_64:\nrh-nodejs14-nodejs-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-nodejs-devel-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-npm-6.14.17-14.20.0.2.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nodejs14-nodejs-14.20.0-2.el7.src.rpm\nrh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm\n\nnoarch:\nrh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm\nrh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm\n\nx86_64:\nrh-nodejs14-nodejs-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-nodejs-devel-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-npm-6.14.17-14.20.0.2.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-32212\nhttps://access.redhat.com/security/cve/CVE-2022-32213\nhttps://access.redhat.com/security/cve/CVE-2022-32214\nhttps://access.redhat.com/security/cve/CVE-2022-32215\nhttps://access.redhat.com/security/cve/CVE-2022-33987\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYxnqU9zjgjWX9erEAQipBg/+NJmkBsKEPkFHZAiZhGKiwIkwaFcHK+e/\nODClFTTT9SkkMBheuc9HQDmwukaVlLMvbOJSVL/6NvuLQvOcQHtprOAJXr3I6KQm\nVScJRQny4et+D/N3bJJiuhqe9YY9Bh+EP7omS4aq2UuphEhkuTSQ0V2+Fa4O8wdZ\nbAhUhU660Q6aGzNGvcyz8vi7ohmOFZS94/x2Lr6cBG8LF0dmr/pIw+uPlO36ghXF\nIPEM3VcGisTGQRg2Xy5yqeouK1S+YAcZ1f0QUOePP+WRhIecfmG3cj6oYTRnrOyq\n+62525BHDNjIz55z6H32dKBIy+r+HT7WaOGgPwvH+ugmlH6NyKHjSyy+IJoglkfM\n4+QA0zun7WhLet5y4jmsWCpT3mOCWj7h+iW6IqTlfcad3wCQ6OnySRq67W3GDq+M\n3kdUdBoyfLm1vzLceEF4AK8qChj7rVl8x0b4v8OfRGv6ZEIe+BfJYNzI9HeuIE91\nBYtLGe18vMs5mcWxcYMWlfAgzVSGTaqaaBie9qPtAThs00lJd9oRf/Mfga42/6vI\nnBLHwE3NyPyKfaLvcyLa/oPwGnOhKyPtD8HeN2MORm6RUeUClaq9s+ihDIPvbyLX\nbcKKdjGoJDWyJy2yU2GkVwrbF6gcKgdvo2uFckOpouKQ4P9KEooI/15fLy8NPIZz\nhGdWoRKL34w\\xcePC\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 9) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5326-1 security@debian.org\nhttps://www.debian.org/security/ Aron Xu\nJanuary 24, 2023 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nodejs\nCVE ID : CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215\n CVE-2022-35255 CVE-2022-35256 CVE-2022-43548\n\nMultiple vulnerabilities were discovered in Node.js, which could result\nin HTTP request smuggling, bypass of host IP address validation and weak\nrandomness setup. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 12.22.12~dfsg-1~deb11u3. \n\nWe recommend that you upgrade your nodejs packages. \n\nFor the detailed security status of nodejs please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nodejs\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPQNhIACgkQEMKTtsN8\nTjaRmA/+KDFkQcd2sE/eAAx9cVikICNkfu7uIVKHpeDH9o5oq5M2nj4zHJCeAArp\nWblguyZwEtqzAOO2WesbrmwfXLmglhrNZwRMOrsbu63JxSnecp7qcMwR8A4JWdmd\nTxb4aZr6Prmwq6fT0G3K6oV8Hw+OeqYA/RZKenxtkBf/jdzVahGJHJ/NrFKKWVQW\nxbqHwCkP7uUlm+5UR5XzNrodTRCQYHJvUmDUrjEOjM6x+sqYirKWiERN0A14kVn9\n0Ufrw6+Z2tKhdKFZfU1BtDthhlH/nybz0h3aHsk+E5/vx20WAURiCEDVi7nf8+Rf\nEtbCxaqV+/xVoPmXStHY/ogCo8CgRVsyYUIemgi4q5LwVx/Oqjm2CJ/xCwOKh0E2\nidXLJfLSpxxBe598MUn9iKbnFFCN9DQZXf7BYs3djtn8ALFVBSHZSF1QXFoFQ86w\nY9xGhBQzfEgCoEW7H4S30ZQ+Gz+ZnOMCSH+MKIMtSpqbc7wLtrKf839DO6Uux7B7\nu0WR3lZlsihi92QKq9X/VRkyy8ZiA2TYy3IE+KDKlXDHKls9FR9BUClYe9L8RiRu\nboP8KPFUHUsSVaTzkufMStdKkcXCqgj/6KhJL6E9ZunTBpTmqx1Ty7/N2qktLFnH\nujrffzV3rCE6eIg7ps8OdZbjCfqUqmQk9/pV6ZDjymqjZ1LKZDs\\xfeRn\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-6491-1\nNovember 21, 2023\n\nnodejs vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in Node.js. \n\nSoftware Description:\n- nodejs: An open-source, cross-platform JavaScript runtime environment. \n\nDetails:\n\nAxel Chong discovered that Node.js incorrectly handled certain inputs. If a\nuser or an automated system were tricked into opening a specially crafted\ninput file, a remote attacker could possibly use this issue to execute\narbitrary code. (CVE-2022-32212)\n\nZeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a\nuser or an automated system were tricked into opening a specially crafted\ninput file, a remote attacker could possibly use this issue to execute\narbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-32213,\nCVE-2022-32214, CVE-2022-32215)\n\nIt was discovered that Node.js incorrectly handled certain inputs. If a user\nor an automated system were tricked into opening a specially crafted input\nfile, a remote attacker could possibly use this issue to execute arbitrary\ncode. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-35256)\n\nIt was discovered that Node.js incorrectly handled certain inputs. If a user\nor an automated system were tricked into opening a specially crafted input\nfile, a remote attacker could possibly use this issue to execute arbitrary\ncode. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-43548)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n libnode-dev 12.22.9~dfsg-1ubuntu3.2\n libnode72 12.22.9~dfsg-1ubuntu3.2\n nodejs 12.22.9~dfsg-1ubuntu3.2\n nodejs-doc 12.22.9~dfsg-1ubuntu3.2\n\nUbuntu 20.04 LTS:\n libnode-dev 10.19.0~dfsg-3ubuntu1.3\n libnode64 10.19.0~dfsg-3ubuntu1.3\n nodejs 10.19.0~dfsg-3ubuntu1.3\n nodejs-doc 10.19.0~dfsg-3ubuntu1.3\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n nodejs 8.10.0~dfsg-2ubuntu0.4+esm4\n nodejs-dev 8.10.0~dfsg-2ubuntu0.4+esm4\n nodejs-doc 8.10.0~dfsg-2ubuntu0.4+esm4\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202405-29\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Node.js: Multiple Vulnerabilities\n Date: May 08, 2024\n Bugs: #772422, #781704, #800986, #805053, #807775, #811273, #817938, #831037, #835615, #857111, #865627, #872692, #879617, #918086, #918614\n ID: 202405-29\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Node.js. \n\nBackground\n=========\nNode.js is a JavaScript runtime built on Chrome\u2019s V8 JavaScript engine. \n\nAffected packages\n================\nPackage Vulnerable Unaffected\n--------------- ------------ ------------\nnet-libs/nodejs \u003c 16.20.2 \u003e= 16.20.2\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Node.js. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Node.js 20 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/nodejs-20.5.1\"\n\nAll Node.js 18 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/nodejs-18.17.1\"\n\nAll Node.js 16 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/nodejs-16.20.2\"\n\nReferences\n=========\n[ 1 ] CVE-2020-7774\n https://nvd.nist.gov/vuln/detail/CVE-2020-7774\n[ 2 ] CVE-2021-3672\n https://nvd.nist.gov/vuln/detail/CVE-2021-3672\n[ 3 ] CVE-2021-22883\n https://nvd.nist.gov/vuln/detail/CVE-2021-22883\n[ 4 ] CVE-2021-22884\n https://nvd.nist.gov/vuln/detail/CVE-2021-22884\n[ 5 ] CVE-2021-22918\n https://nvd.nist.gov/vuln/detail/CVE-2021-22918\n[ 6 ] CVE-2021-22930\n https://nvd.nist.gov/vuln/detail/CVE-2021-22930\n[ 7 ] CVE-2021-22931\n https://nvd.nist.gov/vuln/detail/CVE-2021-22931\n[ 8 ] CVE-2021-22939\n https://nvd.nist.gov/vuln/detail/CVE-2021-22939\n[ 9 ] CVE-2021-22940\n https://nvd.nist.gov/vuln/detail/CVE-2021-22940\n[ 10 ] CVE-2021-22959\n https://nvd.nist.gov/vuln/detail/CVE-2021-22959\n[ 11 ] CVE-2021-22960\n https://nvd.nist.gov/vuln/detail/CVE-2021-22960\n[ 12 ] CVE-2021-37701\n https://nvd.nist.gov/vuln/detail/CVE-2021-37701\n[ 13 ] CVE-2021-37712\n https://nvd.nist.gov/vuln/detail/CVE-2021-37712\n[ 14 ] CVE-2021-39134\n https://nvd.nist.gov/vuln/detail/CVE-2021-39134\n[ 15 ] CVE-2021-39135\n https://nvd.nist.gov/vuln/detail/CVE-2021-39135\n[ 16 ] CVE-2021-44531\n https://nvd.nist.gov/vuln/detail/CVE-2021-44531\n[ 17 ] CVE-2021-44532\n https://nvd.nist.gov/vuln/detail/CVE-2021-44532\n[ 18 ] CVE-2021-44533\n https://nvd.nist.gov/vuln/detail/CVE-2021-44533\n[ 19 ] CVE-2022-0778\n https://nvd.nist.gov/vuln/detail/CVE-2022-0778\n[ 20 ] CVE-2022-3602\n https://nvd.nist.gov/vuln/detail/CVE-2022-3602\n[ 21 ] CVE-2022-3786\n https://nvd.nist.gov/vuln/detail/CVE-2022-3786\n[ 22 ] CVE-2022-21824\n https://nvd.nist.gov/vuln/detail/CVE-2022-21824\n[ 23 ] CVE-2022-32212\n https://nvd.nist.gov/vuln/detail/CVE-2022-32212\n[ 24 ] CVE-2022-32213\n https://nvd.nist.gov/vuln/detail/CVE-2022-32213\n[ 25 ] CVE-2022-32214\n https://nvd.nist.gov/vuln/detail/CVE-2022-32214\n[ 26 ] CVE-2022-32215\n https://nvd.nist.gov/vuln/detail/CVE-2022-32215\n[ 27 ] CVE-2022-32222\n https://nvd.nist.gov/vuln/detail/CVE-2022-32222\n[ 28 ] CVE-2022-35255\n https://nvd.nist.gov/vuln/detail/CVE-2022-35255\n[ 29 ] CVE-2022-35256\n https://nvd.nist.gov/vuln/detail/CVE-2022-35256\n[ 30 ] CVE-2022-35948\n https://nvd.nist.gov/vuln/detail/CVE-2022-35948\n[ 31 ] CVE-2022-35949\n https://nvd.nist.gov/vuln/detail/CVE-2022-35949\n[ 32 ] CVE-2022-43548\n https://nvd.nist.gov/vuln/detail/CVE-2022-43548\n[ 33 ] CVE-2023-30581\n https://nvd.nist.gov/vuln/detail/CVE-2023-30581\n[ 34 ] CVE-2023-30582\n https://nvd.nist.gov/vuln/detail/CVE-2023-30582\n[ 35 ] CVE-2023-30583\n https://nvd.nist.gov/vuln/detail/CVE-2023-30583\n[ 36 ] CVE-2023-30584\n https://nvd.nist.gov/vuln/detail/CVE-2023-30584\n[ 37 ] CVE-2023-30586\n https://nvd.nist.gov/vuln/detail/CVE-2023-30586\n[ 38 ] CVE-2023-30587\n https://nvd.nist.gov/vuln/detail/CVE-2023-30587\n[ 39 ] CVE-2023-30588\n https://nvd.nist.gov/vuln/detail/CVE-2023-30588\n[ 40 ] CVE-2023-30589\n https://nvd.nist.gov/vuln/detail/CVE-2023-30589\n[ 41 ] CVE-2023-30590\n https://nvd.nist.gov/vuln/detail/CVE-2023-30590\n[ 42 ] CVE-2023-32002\n https://nvd.nist.gov/vuln/detail/CVE-2023-32002\n[ 43 ] CVE-2023-32003\n https://nvd.nist.gov/vuln/detail/CVE-2023-32003\n[ 44 ] CVE-2023-32004\n https://nvd.nist.gov/vuln/detail/CVE-2023-32004\n[ 45 ] CVE-2023-32005\n https://nvd.nist.gov/vuln/detail/CVE-2023-32005\n[ 46 ] CVE-2023-32006\n https://nvd.nist.gov/vuln/detail/CVE-2023-32006\n[ 47 ] CVE-2023-32558\n https://nvd.nist.gov/vuln/detail/CVE-2023-32558\n[ 48 ] CVE-2023-32559\n https://nvd.nist.gov/vuln/detail/CVE-2023-32559\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202405-29\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2024 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32212"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013369"
},
{
"db": "VULMON",
"id": "CVE-2022-32212"
},
{
"db": "PACKETSTORM",
"id": "168305"
},
{
"db": "PACKETSTORM",
"id": "169410"
},
{
"db": "PACKETSTORM",
"id": "168442"
},
{
"db": "PACKETSTORM",
"id": "168358"
},
{
"db": "PACKETSTORM",
"id": "170727"
},
{
"db": "PACKETSTORM",
"id": "175817"
},
{
"db": "PACKETSTORM",
"id": "178512"
},
{
"db": "PACKETSTORM",
"id": "168359"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-32212",
"trust": 4.1
},
{
"db": "HACKERONE",
"id": "1632921",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013369",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168305",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169410",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168442",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168358",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "170727",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022072639",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071338",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072522",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071612",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071827",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3586",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3488",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3487",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0997",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3505",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4101",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4681",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3673",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4136",
"trust": 0.6
},
{
"db": "SIEMENS",
"id": "SSA-332410",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202207-684",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-32212",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175817",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "178512",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168359",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32212"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013369"
},
{
"db": "PACKETSTORM",
"id": "168305"
},
{
"db": "PACKETSTORM",
"id": "169410"
},
{
"db": "PACKETSTORM",
"id": "168442"
},
{
"db": "PACKETSTORM",
"id": "168358"
},
{
"db": "PACKETSTORM",
"id": "170727"
},
{
"db": "PACKETSTORM",
"id": "175817"
},
{
"db": "PACKETSTORM",
"id": "178512"
},
{
"db": "PACKETSTORM",
"id": "168359"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-684"
},
{
"db": "NVD",
"id": "CVE-2022-32212"
}
]
},
"id": "VAR-202207-0381",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.20766129
},
"last_update_date": "2024-11-29T22:27:49.386000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013369"
},
{
"db": "NVD",
"id": "CVE-2022-32212"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://hackerone.com/reports/1632921"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32212"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32212"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32215"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32214"
},
{
"trust": 0.7,
"url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32213"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7160"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vmqk5l5sbyd47qqz67lemhnq662gh3oy/"
},
{
"trust": 0.6,
"url": "https://www.debian.org/security/2023/dsa-5326"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2icg6csib3guwh5dusqevx53mojw7lyk/"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"trust": 0.6,
"url": "https://security.netapp.com/advisory/ntap-20220915-0001/"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-22884"
},
{
"trust": 0.6,
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qcnn3yg2bcls4zekj3clsut6as7axth3/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170727/debian-security-advisory-5326-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3505"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168305/red-hat-security-advisory-2022-6389-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072522"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168442/red-hat-security-advisory-2022-6595-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168358/red-hat-security-advisory-2022-6449-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0997"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4681"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072639"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4101"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3673"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4136"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3487"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071827"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3586"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3488"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-32212/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071612"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169410/red-hat-security-advisory-2022-6985-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071338"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-32214"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-32213"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33987"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-32215"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-33987"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35256"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43548"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3807"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3807"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35255"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6389"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6985"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29244"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29244"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28469"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7788"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6449"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nodejs"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nodejs/12.22.9~dfsg-1ubuntu3.2"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6491-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nodejs/10.19.0~dfsg-3ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30587"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32006"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22931"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22939"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32558"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30588"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3672"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35949"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22959"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202405-29"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32004"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30584"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7774"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30589"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32003"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22883"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35948"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44533"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30582"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3602"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30590"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30586"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22940"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32559"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30581"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30583"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44531"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37701"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6448"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32212"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013369"
},
{
"db": "PACKETSTORM",
"id": "168305"
},
{
"db": "PACKETSTORM",
"id": "169410"
},
{
"db": "PACKETSTORM",
"id": "168442"
},
{
"db": "PACKETSTORM",
"id": "168358"
},
{
"db": "PACKETSTORM",
"id": "170727"
},
{
"db": "PACKETSTORM",
"id": "175817"
},
{
"db": "PACKETSTORM",
"id": "178512"
},
{
"db": "PACKETSTORM",
"id": "168359"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-684"
},
{
"db": "NVD",
"id": "CVE-2022-32212"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-32212"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013369"
},
{
"db": "PACKETSTORM",
"id": "168305"
},
{
"db": "PACKETSTORM",
"id": "169410"
},
{
"db": "PACKETSTORM",
"id": "168442"
},
{
"db": "PACKETSTORM",
"id": "168358"
},
{
"db": "PACKETSTORM",
"id": "170727"
},
{
"db": "PACKETSTORM",
"id": "175817"
},
{
"db": "PACKETSTORM",
"id": "178512"
},
{
"db": "PACKETSTORM",
"id": "168359"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-684"
},
{
"db": "NVD",
"id": "CVE-2022-32212"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013369"
},
{
"date": "2022-09-08T14:41:32",
"db": "PACKETSTORM",
"id": "168305"
},
{
"date": "2022-10-18T22:30:49",
"db": "PACKETSTORM",
"id": "169410"
},
{
"date": "2022-09-21T13:47:04",
"db": "PACKETSTORM",
"id": "168442"
},
{
"date": "2022-09-13T15:43:41",
"db": "PACKETSTORM",
"id": "168358"
},
{
"date": "2023-01-25T16:09:12",
"db": "PACKETSTORM",
"id": "170727"
},
{
"date": "2023-11-21T16:00:44",
"db": "PACKETSTORM",
"id": "175817"
},
{
"date": "2024-05-09T15:46:44",
"db": "PACKETSTORM",
"id": "178512"
},
{
"date": "2022-09-13T15:43:55",
"db": "PACKETSTORM",
"id": "168359"
},
{
"date": "2022-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-684"
},
{
"date": "2022-07-14T15:15:08.237000",
"db": "NVD",
"id": "CVE-2022-32212"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-07T08:25:00",
"db": "JVNDB",
"id": "JVNDB-2022-013369"
},
{
"date": "2023-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-684"
},
{
"date": "2023-02-23T20:15:12.057000",
"db": "NVD",
"id": "CVE-2022-32212"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "175817"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-684"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Node.js\u00a0Foundation\u00a0 of \u00a0Node.js\u00a0 in products from other multiple vendors \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013369"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-684"
}
],
"trust": 0.6
}
}
var-202205-0524
Vulnerability from variot
Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Unfortunately that update failed to include binary packages for some architectures. This update fixes that regression.
We apologize for the inconvenience. This issue affected only Ubuntu 22.04 LTS. ========================================================================== Ubuntu Security Notice USN-5460-1 June 06, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0943)
It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1616)
It was discovered that Vim was not properly processing latin1 data when issuing Ex commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1619)
It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers, which could cause a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-1620)
It was discovered that Vim was not properly processing invalid bytes when performing spell check operations, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1621)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm6
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5460-1 CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0524",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4899"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "hci management node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "solidfire",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010570"
},
{
"db": "NVD",
"id": "CVE-2022-1619"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 0.3
},
"cve": "CVE-2022-1619",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1619",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-419732",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1619",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1619",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-1619",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1619",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1619",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-1619",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2618",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-419732",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1619",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419732"
},
{
"db": "VULMON",
"id": "CVE-2022-1619"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010570"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2618"
},
{
"db": "NVD",
"id": "CVE-2022-1619"
},
{
"db": "NVD",
"id": "CVE-2022-1619"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Unfortunately that update failed\nto include binary packages for some architectures. This update fixes that\nregression. \n\nWe apologize for the inconvenience. This issue affected only Ubuntu 22.04 LTS. ==========================================================================\nUbuntu Security Notice USN-5460-1\nJune 06, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. \nAn attacker could possibly use this issue to perform illegal memory\naccess and expose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks\nfor column numbers when replacing tabs with spaces or spaces with\ntabs, which could cause a heap buffer overflow. An attacker could\npossibly use this issue to cause a denial of service or execute\narbitrary code. (CVE-2022-0572)\n\nIt was discovered that Vim was not properly performing validation of\ndata that contained special multi-byte characters, which could cause\nan out-of-bounds read. An attacker could possibly use this issue to\ncause a denial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to\ndefine indentation in a file, which could cause a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial\nof service. (CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds\nread. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2022-0729)\n\nIt was discovered that Vim was not properly performing bounds checks\nwhen executing spell suggestion commands, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-0943)\n\nIt was discovered that Vim was incorrectly performing bounds checks\nwhen processing invalid commands with composing characters in Ex\nmode, which could cause a buffer overflow. An attacker could possibly\nuse this issue to cause a denial of service or execute arbitrary\ncode. (CVE-2022-1616)\n\nIt was discovered that Vim was not properly processing latin1 data\nwhen issuing Ex commands, which could cause a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-1619)\n\nIt was discovered that Vim was not properly performing memory\nmanagement when dealing with invalid regular expression patterns in\nbuffers, which could cause a NULL pointer dereference. An attacker\ncould possibly use this issue to cause a denial of service. \n(CVE-2022-1620)\n\nIt was discovered that Vim was not properly processing invalid bytes\nwhen performing spell check operations, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-1621)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n vim 2:7.4.1689-3ubuntu1.5+esm6\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5460-1\n CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714,\n CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619,\n CVE-2022-1620, CVE-2022-1621\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1619"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010570"
},
{
"db": "VULHUB",
"id": "VHN-419732"
},
{
"db": "VULMON",
"id": "CVE-2022-1619"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1619",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "168420",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168395",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167419",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010570",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4617",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4641",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2405",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6148",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050910",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060635",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2618",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-419732",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1619",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419732"
},
{
"db": "VULMON",
"id": "CVE-2022-1619"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010570"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2618"
},
{
"db": "NVD",
"id": "CVE-2022-1619"
}
]
},
"id": "VAR-202205-0524",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-419732"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:15:54.055000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=193101"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1619"
},
{
"title": "Ubuntu Security Notice: USN-5613-2: Vim regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5613-2"
},
{
"title": "Ubuntu Security Notice: USN-5613-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5613-1"
},
{
"title": "Ubuntu Security Notice: USN-5460-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5460-1"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11dbcf77118f7ec64d0ef6c1e3c087e3"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1619"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010570"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2618"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419732"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010570"
},
{
"db": "NVD",
"id": "CVE-2022-1619"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20220930-0007/"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jun33257rum4rs2i4gzetkfsaxpetatg/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/a6by5p7erzs7kxsbcgfcoxlmlgwuujih/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hip7kg7tvs5yf3qreay2gogut3yubzai/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hip7kg7tvs5yf3qreay2gogut3yubzai/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/a6by5p7erzs7kxsbcgfcoxlmlgwuujih/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jun33257rum4rs2i4gzetkfsaxpetatg/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-1619"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1619/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050910"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2405"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4617"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167419/ubuntu-security-notice-usn-5460-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060635"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2791"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6148"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-cmdline-erase-chars-38310"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4641"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168395/ubuntu-security-notice-usn-5613-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168420/ubuntu-security-notice-usn-5613-2.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5613-2"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5613-1"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.8"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.9"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1989973"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5460-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419732"
},
{
"db": "VULMON",
"id": "CVE-2022-1619"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010570"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2618"
},
{
"db": "NVD",
"id": "CVE-2022-1619"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-419732"
},
{
"db": "VULMON",
"id": "CVE-2022-1619"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010570"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2618"
},
{
"db": "NVD",
"id": "CVE-2022-1619"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-419732"
},
{
"date": "2022-05-08T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1619"
},
{
"date": "2023-08-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010570"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-09-15T14:21:20",
"db": "PACKETSTORM",
"id": "168395"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-09-19T18:26:16",
"db": "PACKETSTORM",
"id": "168420"
},
{
"date": "2022-06-07T15:13:22",
"db": "PACKETSTORM",
"id": "167419"
},
{
"date": "2022-05-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2618"
},
{
"date": "2022-05-08T10:15:07.940000",
"db": "NVD",
"id": "CVE-2022-1619"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-02T00:00:00",
"db": "VULHUB",
"id": "VHN-419732"
},
{
"date": "2022-09-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1619"
},
{
"date": "2023-08-16T01:08:00",
"db": "JVNDB",
"id": "JVNDB-2022-010570"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2618"
},
{
"date": "2024-11-21T06:41:06.413000",
"db": "NVD",
"id": "CVE-2022-1619"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2618"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010570"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2618"
}
],
"trust": 0.6
}
}
var-202106-1921
Vulnerability from variot
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. nginx The resolver contains a vulnerability in determining boundary conditions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. Affected products and versions are as follows: nginx: 0.6.18, 0.6.19 0.6.20, 0.6.21, 0.6.22 0.6.23, 0.6.24, 0.6.25, 0.6.26, 0.6.27, 0.6. A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network malicious user to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in certain circumstances. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-23017). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4921-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 28, 2021 https://www.debian.org/security/faq
Package : nginx CVE ID : CVE-2021-23017 Debian Bug : 989095
Luis Merino, Markus Vervier and Eric Sesterhenn discovered an off-by-one in Nginx, a high-performance web and reverse proxy server, which could result in denial of service and potentially the execution of arbitrary code.
For the stable distribution (buster), this problem has been fixed in version 1.14.2-2+deb10u4.
For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCw3CMACgkQEMKTtsN8 TjYgGA/9FlgRs/kkpLxlnM5ymYDA+WAmc44BiKLajlItjdw54nifSb7WJQifSjND wWz6/1Qc2R84mgovtdReIcgEQDDmm8iCpslsWt4r/iWT5m/tlZhkLhBN1AyhW8VS u1Goqt+hFkz0fZMzv1vf9MwRkUma8SjxNcQdjs4fHzyZAfo+QoV4Ir0I7DIMKkZk N5teHqHIMaDasRZFQSpL8NuZC+JN5EEpB764mV+O/YqVrWeE9QUAnL0FgjcQUnmh iQ5AmMJRtAnQXXu9Qkpx9WtDemHLFHC9JsWEKE3TJAegA4ZhfOo5MZcjesn6EoqV 8rXAAupWzO5/wTxMeulqz4HTLeYPs+jTSONHwT1oG9kgY59jVcNVjg2DcGbG3/17 ueZdGTy70pgLSL6IKILNBgqHh0AqSyyuZmocy07DNGay+HzwuFSBq4RCCved+EPW 4CMtIPSujjPzQqvg15gFNKt/7T2ZfKFR7zVfm0itI6KTjyAhmFhaNYNwWEifX68u 8akhscDlUxmDQG1kbQ2u/IZqWeKG/TpbqaaTrTl6U+Gl1hmRO06Y4AckW1Xwm2r4 CFSO9uHeNte5Vsw+4NlDntzRZOOfJ6qW8x0XF5Vgn7R9mfYPlvIWJgptsgrrijnf lhCPw5JMpzQ4afWlRUvQiaf0lOIySKIfv05wHPtIablmgjIGny4= =qxQw -----END PGP SIGNATURE----- .
Security fixes:
-
nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017)
-
redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626)
-
redis: Integer overflow issue with Streams (CVE-2021-32627)
-
redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628)
-
redis: Integer overflow issue with intsets (CVE-2021-32687)
-
redis: Integer overflow issue with strings (CVE-2021-41099)
-
redis: Out of bounds read in lua debugger protocol parser (CVE-2021-32672)
-
redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675)
-
helm: information disclosure vulnerability (CVE-2021-32690)
Bug fixes:
-
KUBE-API: Support move agent to different cluster in the same namespace (BZ# 1977358)
-
Add columns to the Agent CRD list (BZ# 1977398)
-
ClusterDeployment controller watches all Secrets from all namespaces (BZ# 1986081)
-
RHACM 2.3.3 images (BZ# 1999365)
-
Workaround for Network Manager not supporting nmconnections priority (BZ# 2001294)
-
create cluster page empty in Safary Browser (BZ# 2002280)
-
Compliance state doesn't get updated after fixing the issue causing initially the policy not being able to update the managed object (BZ# 2002667)
-
Overview page displays VMware based managed cluster as other (BZ# 2004188)
-
Bugs fixed (https://bugzilla.redhat.com/):
1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1977358 - [4.8.0] KUBE-API: Support move agent to different cluster in the same namespace 1977398 - [4.8.0] [master] Add columns to the Agent CRD list 1978144 - CVE-2021-32690 helm: information disclosure vulnerability 1986081 - [4.8.0] ClusterDeployment controller watches all Secrets from all namespaces 1999365 - RHACM 2.3.3 images 2001294 - [4.8.0] Workaround for Network Manager not supporting nmconnections priority 2002280 - create cluster page empty in Safary Browser 2002667 - Compliance state doesn't get updated after fixing the issue causing initially the policy not being able to update the managed object 2004188 - Overview page displays VMware based managed cluster as other 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings
- ========================================================================= Ubuntu Security Notice USN-4967-2 May 27, 2021
nginx vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
nginx could be made to crash or run programs if it received specially crafted network traffic.
Software Description: - nginx: small, powerful, scalable web/proxy server
Details:
USN-4967-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.
Original advisory details:
Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: nginx 1.10.3-0ubuntu0.16.04.5+esm1 nginx-common 1.10.3-0ubuntu0.16.04.5+esm1 nginx-core 1.10.3-0ubuntu0.16.04.5+esm1 nginx-extras 1.10.3-0ubuntu0.16.04.5+esm1 nginx-full 1.10.3-0ubuntu0.16.04.5+esm1 nginx-light 1.10.3-0ubuntu0.16.04.5+esm1
Ubuntu 14.04 ESM: nginx 1.4.6-1ubuntu3.9+esm2 nginx-common 1.4.6-1ubuntu3.9+esm2 nginx-core 1.4.6-1ubuntu3.9+esm2 nginx-extras 1.4.6-1ubuntu3.9+esm2 nginx-full 1.4.6-1ubuntu3.9+esm2 nginx-light 1.4.6-1ubuntu3.9+esm2
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-nginx116-nginx security update Advisory ID: RHSA-2021:2278-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:2278 Issue date: 2021-06-07 CVE Names: CVE-2021-23017 ==================================================================== 1. Summary:
An update for rh-nginx116-nginx is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
- nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The rh-nginx116-nginx service must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nginx116-nginx-1.16.1-6.el7.src.rpm
ppc64le: rh-nginx116-nginx-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-debuginfo-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-mail-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-stream-1.16.1-6.el7.ppc64le.rpm
s390x: rh-nginx116-nginx-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-debuginfo-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-mail-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-stream-1.16.1-6.el7.s390x.rpm
x86_64: rh-nginx116-nginx-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-debuginfo-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-mail-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-stream-1.16.1-6.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-nginx116-nginx-1.16.1-6.el7.src.rpm
ppc64le: rh-nginx116-nginx-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-debuginfo-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-mail-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-stream-1.16.1-6.el7.ppc64le.rpm
s390x: rh-nginx116-nginx-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-debuginfo-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-mail-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-stream-1.16.1-6.el7.s390x.rpm
x86_64: rh-nginx116-nginx-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-debuginfo-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-mail-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-stream-1.16.1-6.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nginx116-nginx-1.16.1-6.el7.src.rpm
x86_64: rh-nginx116-nginx-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-debuginfo-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-mail-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-stream-1.16.1-6.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-23017 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYL5eOtzjgjWX9erEAQgQEQ//T7Jz+AN/TKTzw7RA57QI4rVdLkv2hJHC 1cW6/iFbgfYF10HldhRJKBkGpBTPzb4yzt3y4oRDa35GTLw6zXZquosSaC9RXLq+ RKxU93XKaw1K/qAYqq3q9ZemMpL+ce3mXeaEoK8oQQtbdbYO53eqCQBRIdR0ucFE WFJBFrpVXKKKSb6qbvDUWJCIQLlF9YBPjt3RpgSwPXVOu/74Oe6/AutYmpjgKyt1 BIsZ7V2SliQNIBtgmAHq+dzBIuPpPCRtS6zCML/eIs3ZIUU80jbX9guyb1euN2L/ FlrAFUvSpp0Z72LM33qle6D0Zbe6yCxOxi5QjEIUcP735Z8hYxNWs8H+5HDGq3gl pKLGWLUJG0N0kfoK6RHKuDzPuNmAGm5KwNYu0xO+mdMbgj+rzr4lhe5Dz3+qh7o0 DiImaFoHvbilJvUbjUmvTvwL4DMZvk2oKUI6MDxlNp/TyDdwMraZDVhyOpc0frGU hHlLMr4k+gvTQnjlaf+cilYPHfTTRL7/kdPpjWLCcdZ0v68FC5MHcG/pqpRQUFKO xCNEMLixyH/gY8Ymm+047U2i2TITRb1X5rI+nWHBuEWexgie7cNSzfB++WJYIC07 R2tSuGLQP/eZQpSoHZavZ3KJVMKOsH/foI1DYbFn7gyqtP8wqQAhI4klXFYGeXqa O23scR4nPsc\xdc6n -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8.2) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.1.11 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes.
Container updates:
-
RHACM 2.1.11 images (BZ# 1999375)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
The following packages have been upgraded to a later upstream version: nginx (1.20.1)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1921",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.20.1"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4"
},
{
"model": "goldengate",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.4.0.0.0"
},
{
"model": "communications fraud monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"model": "enterprise telephony fraud monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4"
},
{
"model": "communications fraud monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "enterprise telephony fraud monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.3.0"
},
{
"model": "enterprise telephony fraud monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "enterprise telephony fraud monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "communications control plane monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "communications control plane monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4"
},
{
"model": "communications control plane monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "openresty",
"scope": "lt",
"trust": 1.0,
"vendor": "openresty",
"version": "1.19.3.2"
},
{
"model": "blockchain platform",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "communications control plane monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.6.18"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "enterprise session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "oracle communications operations monitor",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "oracle enterprise telephony fraud monitor",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications control plane monitor",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "nginx",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "ontap select deploy administration utility",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "openresty",
"scope": null,
"trust": 0.8,
"vendor": "openresty",
"version": null
},
{
"model": "oracle communications fraud monitor",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007625"
},
{
"db": "NVD",
"id": "CVE-2021-23017"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "164523"
},
{
"db": "PACKETSTORM",
"id": "164562"
},
{
"db": "PACKETSTORM",
"id": "163003"
},
{
"db": "PACKETSTORM",
"id": "163013"
},
{
"db": "PACKETSTORM",
"id": "164282"
},
{
"db": "PACKETSTORM",
"id": "164948"
},
{
"db": "PACKETSTORM",
"id": "165782"
}
],
"trust": 0.7
},
"cve": "CVE-2021-23017",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-23017",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-381503",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2021-23017",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 9.4,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-23017",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-23017",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-23017",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1581",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-381503",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-23017",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381503"
},
{
"db": "VULMON",
"id": "CVE-2021-23017"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007625"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1581"
},
{
"db": "NVD",
"id": "CVE-2021-23017"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. nginx The resolver contains a vulnerability in determining boundary conditions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. Affected products and versions are as follows: nginx: 0.6.18, 0.6.19 0.6.20, 0.6.21, 0.6.22 0.6.23, 0.6.24, 0.6.25, 0.6.26, 0.6.27, 0.6. A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network malicious user to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in certain circumstances. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-23017). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4921-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMay 28, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nginx\nCVE ID : CVE-2021-23017\nDebian Bug : 989095\n\nLuis Merino, Markus Vervier and Eric Sesterhenn discovered an off-by-one\nin Nginx, a high-performance web and reverse proxy server, which could\nresult in denial of service and potentially the execution of arbitrary\ncode. \n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.14.2-2+deb10u4. \n\nFor the detailed security status of nginx please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nginx\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCw3CMACgkQEMKTtsN8\nTjYgGA/9FlgRs/kkpLxlnM5ymYDA+WAmc44BiKLajlItjdw54nifSb7WJQifSjND\nwWz6/1Qc2R84mgovtdReIcgEQDDmm8iCpslsWt4r/iWT5m/tlZhkLhBN1AyhW8VS\nu1Goqt+hFkz0fZMzv1vf9MwRkUma8SjxNcQdjs4fHzyZAfo+QoV4Ir0I7DIMKkZk\nN5teHqHIMaDasRZFQSpL8NuZC+JN5EEpB764mV+O/YqVrWeE9QUAnL0FgjcQUnmh\niQ5AmMJRtAnQXXu9Qkpx9WtDemHLFHC9JsWEKE3TJAegA4ZhfOo5MZcjesn6EoqV\n8rXAAupWzO5/wTxMeulqz4HTLeYPs+jTSONHwT1oG9kgY59jVcNVjg2DcGbG3/17\nueZdGTy70pgLSL6IKILNBgqHh0AqSyyuZmocy07DNGay+HzwuFSBq4RCCved+EPW\n4CMtIPSujjPzQqvg15gFNKt/7T2ZfKFR7zVfm0itI6KTjyAhmFhaNYNwWEifX68u\n8akhscDlUxmDQG1kbQ2u/IZqWeKG/TpbqaaTrTl6U+Gl1hmRO06Y4AckW1Xwm2r4\nCFSO9uHeNte5Vsw+4NlDntzRZOOfJ6qW8x0XF5Vgn7R9mfYPlvIWJgptsgrrijnf\nlhCPw5JMpzQ4afWlRUvQiaf0lOIySKIfv05wHPtIablmgjIGny4=\n=qxQw\n-----END PGP SIGNATURE-----\n. \n\nSecurity fixes: \n\n* nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a\npointer to a root domain name (CVE-2021-23017)\n\n* redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626)\n\n* redis: Integer overflow issue with Streams (CVE-2021-32627)\n\n* redis: Integer overflow bug in the ziplist data structure\n(CVE-2021-32628)\n\n* redis: Integer overflow issue with intsets (CVE-2021-32687)\n\n* redis: Integer overflow issue with strings (CVE-2021-41099)\n\n* redis: Out of bounds read in lua debugger protocol parser\n(CVE-2021-32672)\n\n* redis: Denial of service via Redis Standard Protocol (RESP) request\n(CVE-2021-32675)\n\n* helm: information disclosure vulnerability (CVE-2021-32690)\n\nBug fixes:\n\n* KUBE-API: Support move agent to different cluster in the same namespace\n(BZ# 1977358)\n\n* Add columns to the Agent CRD list (BZ# 1977398)\n\n* ClusterDeployment controller watches all Secrets from all namespaces (BZ#\n1986081)\n\n* RHACM 2.3.3 images (BZ# 1999365)\n\n* Workaround for Network Manager not supporting nmconnections priority (BZ#\n2001294)\n\n* create cluster page empty in Safary Browser (BZ# 2002280)\n\n* Compliance state doesn\u0027t get updated after fixing the issue causing\ninitially the policy not being able to update the managed object (BZ#\n2002667)\n\n* Overview page displays VMware based managed cluster as other (BZ#\n2004188)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name\n1977358 - [4.8.0] KUBE-API: Support move agent to different cluster in the same namespace\n1977398 - [4.8.0] [master] Add columns to the Agent CRD list\n1978144 - CVE-2021-32690 helm: information disclosure vulnerability\n1986081 - [4.8.0] ClusterDeployment controller watches all Secrets from all namespaces\n1999365 - RHACM 2.3.3 images\n2001294 - [4.8.0] Workaround for Network Manager not supporting nmconnections priority\n2002280 - create cluster page empty in Safary Browser\n2002667 - Compliance state doesn\u0027t get updated after fixing the issue causing initially the policy not being able to update the managed object\n2004188 - Overview page displays VMware based managed cluster as other\n2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets\n2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request\n2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser\n2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure\n2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams\n2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack\n2011020 - CVE-2021-41099 redis: Integer overflow issue with strings\n\n5. =========================================================================\nUbuntu Security Notice USN-4967-2\nMay 27, 2021\n\nnginx vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nnginx could be made to crash or run programs if it received specially\ncrafted network traffic. \n\nSoftware Description:\n- nginx: small, powerful, scalable web/proxy server\n\nDetails:\n\nUSN-4967-1 fixed a vulnerability in nginx. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. \n\nOriginal advisory details:\n\n Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx\n incorrectly handled responses to the DNS resolver. A remote attacker could\n use this issue to cause nginx to crash, resulting in a denial of service,\n or possibly execute arbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n nginx 1.10.3-0ubuntu0.16.04.5+esm1\n nginx-common 1.10.3-0ubuntu0.16.04.5+esm1\n nginx-core 1.10.3-0ubuntu0.16.04.5+esm1\n nginx-extras 1.10.3-0ubuntu0.16.04.5+esm1\n nginx-full 1.10.3-0ubuntu0.16.04.5+esm1\n nginx-light 1.10.3-0ubuntu0.16.04.5+esm1\n\nUbuntu 14.04 ESM:\n nginx 1.4.6-1ubuntu3.9+esm2\n nginx-common 1.4.6-1ubuntu3.9+esm2\n nginx-core 1.4.6-1ubuntu3.9+esm2\n nginx-extras 1.4.6-1ubuntu3.9+esm2\n nginx-full 1.4.6-1ubuntu3.9+esm2\n nginx-light 1.4.6-1ubuntu3.9+esm2\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-nginx116-nginx security update\nAdvisory ID: RHSA-2021:2278-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2278\nIssue date: 2021-06-07\nCVE Names: CVE-2021-23017\n====================================================================\n1. Summary:\n\nAn update for rh-nginx116-nginx is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nnginx is a web and proxy server supporting HTTP and other protocols, with a\nfocus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a\npointer to a root domain name (CVE-2021-23017)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe rh-nginx116-nginx service must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nginx116-nginx-1.16.1-6.el7.src.rpm\n\nppc64le:\nrh-nginx116-nginx-1.16.1-6.el7.ppc64le.rpm\nrh-nginx116-nginx-debuginfo-1.16.1-6.el7.ppc64le.rpm\nrh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.ppc64le.rpm\nrh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.ppc64le.rpm\nrh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.ppc64le.rpm\nrh-nginx116-nginx-mod-mail-1.16.1-6.el7.ppc64le.rpm\nrh-nginx116-nginx-mod-stream-1.16.1-6.el7.ppc64le.rpm\n\ns390x:\nrh-nginx116-nginx-1.16.1-6.el7.s390x.rpm\nrh-nginx116-nginx-debuginfo-1.16.1-6.el7.s390x.rpm\nrh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.s390x.rpm\nrh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.s390x.rpm\nrh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.s390x.rpm\nrh-nginx116-nginx-mod-mail-1.16.1-6.el7.s390x.rpm\nrh-nginx116-nginx-mod-stream-1.16.1-6.el7.s390x.rpm\n\nx86_64:\nrh-nginx116-nginx-1.16.1-6.el7.x86_64.rpm\nrh-nginx116-nginx-debuginfo-1.16.1-6.el7.x86_64.rpm\nrh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.x86_64.rpm\nrh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.x86_64.rpm\nrh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.x86_64.rpm\nrh-nginx116-nginx-mod-mail-1.16.1-6.el7.x86_64.rpm\nrh-nginx116-nginx-mod-stream-1.16.1-6.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nginx116-nginx-1.16.1-6.el7.src.rpm\n\nppc64le:\nrh-nginx116-nginx-1.16.1-6.el7.ppc64le.rpm\nrh-nginx116-nginx-debuginfo-1.16.1-6.el7.ppc64le.rpm\nrh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.ppc64le.rpm\nrh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.ppc64le.rpm\nrh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.ppc64le.rpm\nrh-nginx116-nginx-mod-mail-1.16.1-6.el7.ppc64le.rpm\nrh-nginx116-nginx-mod-stream-1.16.1-6.el7.ppc64le.rpm\n\ns390x:\nrh-nginx116-nginx-1.16.1-6.el7.s390x.rpm\nrh-nginx116-nginx-debuginfo-1.16.1-6.el7.s390x.rpm\nrh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.s390x.rpm\nrh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.s390x.rpm\nrh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.s390x.rpm\nrh-nginx116-nginx-mod-mail-1.16.1-6.el7.s390x.rpm\nrh-nginx116-nginx-mod-stream-1.16.1-6.el7.s390x.rpm\n\nx86_64:\nrh-nginx116-nginx-1.16.1-6.el7.x86_64.rpm\nrh-nginx116-nginx-debuginfo-1.16.1-6.el7.x86_64.rpm\nrh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.x86_64.rpm\nrh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.x86_64.rpm\nrh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.x86_64.rpm\nrh-nginx116-nginx-mod-mail-1.16.1-6.el7.x86_64.rpm\nrh-nginx116-nginx-mod-stream-1.16.1-6.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nginx116-nginx-1.16.1-6.el7.src.rpm\n\nx86_64:\nrh-nginx116-nginx-1.16.1-6.el7.x86_64.rpm\nrh-nginx116-nginx-debuginfo-1.16.1-6.el7.x86_64.rpm\nrh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.x86_64.rpm\nrh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.x86_64.rpm\nrh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.x86_64.rpm\nrh-nginx116-nginx-mod-mail-1.16.1-6.el7.x86_64.rpm\nrh-nginx116-nginx-mod-stream-1.16.1-6.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-23017\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYL5eOtzjgjWX9erEAQgQEQ//T7Jz+AN/TKTzw7RA57QI4rVdLkv2hJHC\n1cW6/iFbgfYF10HldhRJKBkGpBTPzb4yzt3y4oRDa35GTLw6zXZquosSaC9RXLq+\nRKxU93XKaw1K/qAYqq3q9ZemMpL+ce3mXeaEoK8oQQtbdbYO53eqCQBRIdR0ucFE\nWFJBFrpVXKKKSb6qbvDUWJCIQLlF9YBPjt3RpgSwPXVOu/74Oe6/AutYmpjgKyt1\nBIsZ7V2SliQNIBtgmAHq+dzBIuPpPCRtS6zCML/eIs3ZIUU80jbX9guyb1euN2L/\nFlrAFUvSpp0Z72LM33qle6D0Zbe6yCxOxi5QjEIUcP735Z8hYxNWs8H+5HDGq3gl\npKLGWLUJG0N0kfoK6RHKuDzPuNmAGm5KwNYu0xO+mdMbgj+rzr4lhe5Dz3+qh7o0\nDiImaFoHvbilJvUbjUmvTvwL4DMZvk2oKUI6MDxlNp/TyDdwMraZDVhyOpc0frGU\nhHlLMr4k+gvTQnjlaf+cilYPHfTTRL7/kdPpjWLCcdZ0v68FC5MHcG/pqpRQUFKO\nxCNEMLixyH/gY8Ymm+047U2i2TITRb1X5rI+nWHBuEWexgie7cNSzfB++WJYIC07\nR2tSuGLQP/eZQpSoHZavZ3KJVMKOsH/foI1DYbFn7gyqtP8wqQAhI4klXFYGeXqa\nO23scR4nPsc\\xdc6n\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.11 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains updates to one or more container images for Red Hat\nAdvanced Cluster Management for Kubernetes. \n\nContainer updates:\n\n* RHACM 2.1.11 images (BZ# 1999375)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThe following packages have been upgraded to a later upstream version:\nnginx (1.20.1)",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-23017"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007625"
},
{
"db": "VULHUB",
"id": "VHN-381503"
},
{
"db": "VULMON",
"id": "CVE-2021-23017"
},
{
"db": "PACKETSTORM",
"id": "169062"
},
{
"db": "PACKETSTORM",
"id": "164523"
},
{
"db": "PACKETSTORM",
"id": "164562"
},
{
"db": "PACKETSTORM",
"id": "162851"
},
{
"db": "PACKETSTORM",
"id": "163003"
},
{
"db": "PACKETSTORM",
"id": "163013"
},
{
"db": "PACKETSTORM",
"id": "164282"
},
{
"db": "PACKETSTORM",
"id": "164948"
},
{
"db": "PACKETSTORM",
"id": "165782"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-381503",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381503"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-23017",
"trust": 4.3
},
{
"db": "PACKETSTORM",
"id": "167720",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "163013",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165782",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162851",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163003",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "164948",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007625",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162830",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162835",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "50973",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164523",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164562",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164282",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021052543",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041931",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092811",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071833",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052901",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060212",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021100722",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012302",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052713",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060719",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060948",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021061520",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012747",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062209",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3878",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1850",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3485",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1936",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1802",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3211",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3430",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1861",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1817",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2027",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1973",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022070032",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1581",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162992",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162986",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162819",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-381503",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-23017",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169062",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381503"
},
{
"db": "VULMON",
"id": "CVE-2021-23017"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007625"
},
{
"db": "PACKETSTORM",
"id": "169062"
},
{
"db": "PACKETSTORM",
"id": "164523"
},
{
"db": "PACKETSTORM",
"id": "164562"
},
{
"db": "PACKETSTORM",
"id": "162851"
},
{
"db": "PACKETSTORM",
"id": "163003"
},
{
"db": "PACKETSTORM",
"id": "163013"
},
{
"db": "PACKETSTORM",
"id": "164282"
},
{
"db": "PACKETSTORM",
"id": "164948"
},
{
"db": "PACKETSTORM",
"id": "165782"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1581"
},
{
"db": "NVD",
"id": "CVE-2021-23017"
}
]
},
"id": "VAR-202106-1921",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-381503"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T20:34:32.717000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0October\u00a02021 Oracle\u00a0Critical\u00a0Patch\u00a0Update",
"trust": 0.8,
"url": "https://support.f5.com/csp/article/K12331123"
},
{
"title": "Nginx Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154683"
},
{
"title": "Red Hat: Important: nginx:1.20 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220323 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: CVE-2021-23017: DNS Resolver off-by-one heap write vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=0339ada74619d10f752ff8ffaeb08207"
},
{
"title": "Debian Security Advisories: DSA-4921-1 nginx -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d6e7f162f0da2ae62b9b588e4f3e995a"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1507",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1507"
},
{
"title": "Red Hat: CVE-2021-23017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-23017"
},
{
"title": "Amazon Linux 2: ALASNGINX1-2023-003",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALASNGINX1-2023-003"
},
{
"title": "Arch Linux Advisories: [ASA-202106-36] nginx: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202106-36"
},
{
"title": "Arch Linux Advisories: [ASA-202106-48] nginx-mainline: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202106-48"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-23017 log"
},
{
"title": "Ingress NGINX Controller",
"trust": 0.1,
"url": "https://github.com/Logeswark/helmpackage "
},
{
"title": "Ingress NGINX Controller",
"trust": 0.1,
"url": "https://github.com/carayev/kubernetes-nginx-ingress "
},
{
"title": "Ingress NGINX Controller",
"trust": 0.1,
"url": "https://github.com/Hopecount123/ingress-controller-update "
},
{
"title": "Ingress NGINX Controller",
"trust": 0.1,
"url": "https://github.com/Aswinisurya99/ingress-ngininx "
},
{
"title": "Ingress NGINX Controller",
"trust": 0.1,
"url": "https://github.com/StuartDickenson/ingress-nginx "
},
{
"title": "Ingress NGINX Controller",
"trust": 0.1,
"url": "https://github.com/rohankumardubey/ingress-nginx "
},
{
"title": "Ingress NGINX Controller",
"trust": 0.1,
"url": "https://github.com/ryanarabety/ingress-nginx-Kubernetes "
},
{
"title": "Ingress NGINX Controller",
"trust": 0.1,
"url": "https://github.com/doudou147/ingress-nginx "
},
{
"title": "Ingress NGINX Controller",
"trust": 0.1,
"url": "https://github.com/kartikeyaexpd/ingress-nginx "
},
{
"title": "Ingress NGINX Controller",
"trust": 0.1,
"url": "https://github.com/shaundaley39/ingress-nginx "
},
{
"title": "Ingress NGINX Controller",
"trust": 0.1,
"url": "https://github.com/shoebece/nginx-ingress "
},
{
"title": "Ingress NGINX Controller",
"trust": 0.1,
"url": "https://github.com/adityamillind98/ngins "
},
{
"title": "Ingress NGINX Controller",
"trust": 0.1,
"url": "https://github.com/maksonlee/ingress-nginx "
},
{
"title": "Ingress NGINX Controller",
"trust": 0.1,
"url": "https://github.com/caojian12345/ingress-nginx "
},
{
"title": "Ingress NGINX Controller",
"trust": 0.1,
"url": "https://github.com/msyhu/ingress-nginx "
},
{
"title": "Ingress NGINX Controller",
"trust": 0.1,
"url": "https://github.com/gmk-git/Kubernetes-Ingress "
},
{
"title": "CVE-2021-23017",
"trust": 0.1,
"url": "https://github.com/ShivamDey/CVE-2021-23017 "
},
{
"title": "Ingress NGINX Controller",
"trust": 0.1,
"url": "https://github.com/MrE-Fog/ingress-nginxx "
},
{
"title": "Ingress NGINX Controller",
"trust": 0.1,
"url": "https://github.com/luyuehm/ingress-nginx "
},
{
"title": "Ingress NGINX Controller",
"trust": 0.1,
"url": "https://github.com/lemonhope-mz/replica_kubernetes-nginx "
},
{
"title": "CVE-2021-23017-PoC",
"trust": 0.1,
"url": "https://github.com/M507/CVE-2021-23017-PoC "
},
{
"title": "CVE-2021-23017-PoC",
"trust": 0.1,
"url": "https://github.com/lakshit1212/CVE-2021-23017-PoC "
},
{
"title": "Ingress NGINX Controller",
"trust": 0.1,
"url": "https://github.com/zlz4642/ingress-nginx "
},
{
"title": "https://github.com/M507/M507",
"trust": 0.1,
"url": "https://github.com/M507/M507 "
},
{
"title": "Polysphere Temp Blog",
"trust": 0.1,
"url": "https://github.com/eggkingo/polyblog "
},
{
"title": "DC:4 Vulnhub Walkthrough",
"trust": 0.1,
"url": "https://github.com/vshaliii/DC-4-Vulnhub-Walkthrough "
},
{
"title": "https://github.com/teresaweber685/book_list",
"trust": 0.1,
"url": "https://github.com/teresaweber685/book_list "
},
{
"title": "Mode Switching Framework",
"trust": 0.1,
"url": "https://github.com/rmtec/modeswitcher "
},
{
"title": "https://github.com/bollwarm/SecToolSet",
"trust": 0.1,
"url": "https://github.com/bollwarm/SecToolSet "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/soosmile/POC "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/manas3c/CVE-POC "
},
{
"title": "Github CVE Monitor",
"trust": 0.1,
"url": "https://github.com/khulnasoft-lab/awesome-security "
},
{
"title": "Github CVE Monitor",
"trust": 0.1,
"url": "https://github.com/khulnasoft-labs/awesome-security "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2022/07/15/cisa_critical_juniper_bugs/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-23017"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007625"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1581"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-193",
"trust": 1.1
},
{
"problemtype": "Boundary condition judgment (CWE-193) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381503"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007625"
},
{
"db": "NVD",
"id": "CVE-2021-23017"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/167720/nginx-1.20.0-denial-of-service.html"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210708-0006/"
},
{
"trust": 1.8,
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23017"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k12331123%2c"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba%40%3cnotifications.apisix.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3cnotifications.apisix.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c%40%3cnotifications.apisix.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f%40%3cnotifications.apisix.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31%40%3cnotifications.apisix.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gnkop2jr5l7kciztjrzdcupjtuonmc5i/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7sfvyhc7oxteo4smbwxdvk6e5imeymee/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7sfvyhc7oxteo4smbwxdvk6e5imeymee/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gnkop2jr5l7kciztjrzdcupjtuonmc5i/"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba@%3cnotifications.apisix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009@%3cnotifications.apisix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f@%3cnotifications.apisix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c@%3cnotifications.apisix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31@%3cnotifications.apisix.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-23017"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k12331123"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052713"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163003/red-hat-security-advisory-2021-2278-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/nginx-buffer-overflow-via-dns-server-response-35526"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164282/red-hat-security-advisory-2021-3653-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6492205"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041931"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1802"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-f5-nginx-controller-affect-ibm-cloud-pak-for-automation/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162851/ubuntu-security-notice-usn-4967-2.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060719"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3211"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164523/red-hat-security-advisory-2021-3873-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021100722"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3430"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022070032"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2027"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1850"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6483657"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162835/gentoo-linux-security-advisory-202105-38.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052901"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071833"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052543"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060948"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1817"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3878"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062209"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1973"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1936"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/50973"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164948/red-hat-security-advisory-2021-4618-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012302"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163013/red-hat-security-advisory-2021-2290-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092811"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3485"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021061520"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1861"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525030"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012747"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162830/nginx-1.20.0-dns-resolver-off-by-one-heap-write.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164562/red-hat-security-advisory-2021-3925-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165782/red-hat-security-advisory-2022-0323-02.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060212"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-36222"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-22922"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-22924"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36222"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-22923"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-32626"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-32687"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32626"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32675"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3653"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37750"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-32675"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-41099"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3653"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32627"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32687"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32628"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32672"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-32627"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-32672"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-32628"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2022:0323"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41099"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3656"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3656"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32690"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-32690"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k12331123,"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/193.html"
},
{
"trust": 0.1,
"url": "https://github.com/logeswark/helmpackage"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/gmk-git/kubernetes-ingress"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/2021/dsa-4921"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2021-1507.html"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nginx"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25648"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25741"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25648"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3925"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37576"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25741"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37576"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4967-2"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4967-1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2278"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2290"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3653"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32399"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29650"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27777"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32399"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29650"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22555"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22555"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3711"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3733"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36385"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32804"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36385"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32804"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0512"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3711"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-381503"
},
{
"db": "VULMON",
"id": "CVE-2021-23017"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007625"
},
{
"db": "PACKETSTORM",
"id": "169062"
},
{
"db": "PACKETSTORM",
"id": "164523"
},
{
"db": "PACKETSTORM",
"id": "164562"
},
{
"db": "PACKETSTORM",
"id": "162851"
},
{
"db": "PACKETSTORM",
"id": "163003"
},
{
"db": "PACKETSTORM",
"id": "163013"
},
{
"db": "PACKETSTORM",
"id": "164282"
},
{
"db": "PACKETSTORM",
"id": "164948"
},
{
"db": "PACKETSTORM",
"id": "165782"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1581"
},
{
"db": "NVD",
"id": "CVE-2021-23017"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-381503"
},
{
"db": "VULMON",
"id": "CVE-2021-23017"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007625"
},
{
"db": "PACKETSTORM",
"id": "169062"
},
{
"db": "PACKETSTORM",
"id": "164523"
},
{
"db": "PACKETSTORM",
"id": "164562"
},
{
"db": "PACKETSTORM",
"id": "162851"
},
{
"db": "PACKETSTORM",
"id": "163003"
},
{
"db": "PACKETSTORM",
"id": "163013"
},
{
"db": "PACKETSTORM",
"id": "164282"
},
{
"db": "PACKETSTORM",
"id": "164948"
},
{
"db": "PACKETSTORM",
"id": "165782"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1581"
},
{
"db": "NVD",
"id": "CVE-2021-23017"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-01T00:00:00",
"db": "VULHUB",
"id": "VHN-381503"
},
{
"date": "2021-06-01T00:00:00",
"db": "VULMON",
"id": "CVE-2021-23017"
},
{
"date": "2022-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007625"
},
{
"date": "2021-05-28T19:12:00",
"db": "PACKETSTORM",
"id": "169062"
},
{
"date": "2021-10-15T15:06:44",
"db": "PACKETSTORM",
"id": "164523"
},
{
"date": "2021-10-20T15:45:47",
"db": "PACKETSTORM",
"id": "164562"
},
{
"date": "2021-05-28T14:11:38",
"db": "PACKETSTORM",
"id": "162851"
},
{
"date": "2021-06-07T20:59:09",
"db": "PACKETSTORM",
"id": "163003"
},
{
"date": "2021-06-08T14:13:55",
"db": "PACKETSTORM",
"id": "163013"
},
{
"date": "2021-09-24T15:49:04",
"db": "PACKETSTORM",
"id": "164282"
},
{
"date": "2021-11-12T17:01:04",
"db": "PACKETSTORM",
"id": "164948"
},
{
"date": "2022-01-31T16:24:54",
"db": "PACKETSTORM",
"id": "165782"
},
{
"date": "2021-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1581"
},
{
"date": "2021-06-01T13:15:07.853000",
"db": "NVD",
"id": "CVE-2021-23017"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-14T00:00:00",
"db": "VULHUB",
"id": "VHN-381503"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-23017"
},
{
"date": "2022-02-18T01:21:00",
"db": "JVNDB",
"id": "JVNDB-2021-007625"
},
{
"date": "2022-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1581"
},
{
"date": "2023-11-07T03:30:29.880000",
"db": "NVD",
"id": "CVE-2021-23017"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "162851"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1581"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "nginx\u00a0 Vulnerability in determining boundary conditions in resolver",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007625"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1581"
}
],
"trust": 0.6
}
}
var-202109-1805
Vulnerability from variot
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. The server is fast, reliable and extensible through a simple API. No detailed vulnerability details are currently provided. 7) - noarch, x86_64
Bug Fix(es):
- proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)
Additional changes:
- To fix CVE-2022-29404, the default value for the "LimitRequestBody" directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB.
On systems where the value of "LimitRequestBody" is not explicitly specified in an httpd configuration file, updating the httpd package sets "LimitRequestBody" to the default value of 1 GiB. As a consequence, if the total size of the HTTP request body exceeds this 1 GiB default limit, httpd returns the 413 Request Entity Too Large error code.
If the new default allowed size of an HTTP request message body is insufficient for your use case, update your httpd configuration files within the respective context (server, per-directory, per-file, or per-location) and set your preferred limit in bytes. For example, to set a new 2 GiB limit, use:
LimitRequestBody 2147483648
Systems already configured to use any explicit value for the "LimitRequestBody" directive are unaffected by this change.
For the oldstable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u6.
For the stable distribution (bullseye), these problems have been fixed in version 2.4.51-1~deb11u1.
We recommend that you upgrade your apache2 packages.
For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8 TjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou D4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ M277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q 4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG 5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh jhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ THik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV TWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY Y4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa 7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO A4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0= =/At6 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: httpd security update Advisory ID: RHSA-2022:0143-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0143 Issue date: 2022-01-17 CVE Names: CVE-2021-26691 CVE-2021-34798 CVE-2021-39275 CVE-2021-44790 ==================================================================== 1. Summary:
An update for httpd is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Security Fix(es):
-
httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)
-
httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)
-
httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)
-
httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests 2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content
- Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
ppc64: httpd-2.4.6-97.el7_9.4.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64.rpm mod_session-2.4.6-97.el7_9.4.ppc64.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64.rpm
ppc64le: httpd-2.4.6-97.el7_9.4.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm mod_session-2.4.6-97.el7_9.4.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm
s390x: httpd-2.4.6-97.el7_9.4.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm httpd-devel-2.4.6-97.el7_9.4.s390x.rpm httpd-tools-2.4.6-97.el7_9.4.s390x.rpm mod_session-2.4.6-97.el7_9.4.s390x.rpm mod_ssl-2.4.6-97.el7_9.4.s390x.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm
ppc64le: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm
s390x: httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm mod_ldap-2.4.6-97.el7_9.4.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm
x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-26691 https://access.redhat.com/security/cve/CVE-2021-34798 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-44790 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYeVdC9zjgjWX9erEAQgzNw/8CjsxUvDW64dwvpcYH/OWJhKqvD53sX+w ivf4+hhCsEVLvrjD0eTNkbeza+dcZqoR5swL0IjAGXKJ/0q/oh4/yxq2ydgvEYsY rAjts0tnynoswBaFo6eaBlcNxQroGID0uqgXkUFt37m4eetACuOSVRcZ7/sNsqBS iQF4l16vjNvKeOdKY8nSNe77Dt1/Lj41NoL6XbAZPuvaiLBqqGOY9xYfZSSmFHFq H4dB8cfMC4cWysFtnzffJ+dJdzcWNOxklwLlZe72JoAJYP59da2YuIoE2LsQRGPC Occ84zH/UZx4JWJhF7FEEALC/tizfFqu9qWr1OIDmSVTEAZ+6IZ/mDeF83+0Mrc4 AiV3oiJi7Fx4XTDUL8fim+FORaSI2IR7LK1Zjau1qCN04ayyFXwJdK/fwgIWJHon gYhyUsAj7F7At9m8cCVRP5K4jjmr0qrmsF1M1B6xqMLWlYNcWu3obJS/FbiSdwQJ 7jFdBagThGOzIle0eGk0iMZ+vRJSuaSMZ7GDA14o46KB+EkvYLe+wi6jBQXJeD6Q Oueenu2JiMvB8+dJNYrn9uQY+8WHyCVV1HMMmVo9LajA1FJRXgMIQN5ZmDMoDW73 qFV+VCOHtKPI2hC8ngZYy2RyEUhK4t3f7xmJgtoJ4/DuaGsRWL7xZPL7gLHxWnS4 5VjPyLrWg5U=TyMo -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Gentoo Linux Security Advisory GLSA 202208-20
https://security.gentoo.org/
Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20
Synopsis
Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Apache HTTPD users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"
All Apache HTTPD tools users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"
References
[ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-20
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5090-3 September 28, 2021
apache2 regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
USN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.
Original advisory details:
James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798) Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: apache2 2.4.46-4ubuntu1.3 apache2-bin 2.4.46-4ubuntu1.3
Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.6 apache2-bin 2.4.41-4ubuntu3.6
Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.18 apache2-bin 2.4.29-1ubuntu4.18
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1805",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "sinema remote connect server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.48"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "ruggedcom nms",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinec nms",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.5.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "tenable.sc",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.19.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "brocade fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "http server",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "http server",
"scope": "lte",
"trust": 0.6,
"vendor": "apache",
"version": "\u003c=2.4.48"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002671"
},
{
"db": "NVD",
"id": "CVE-2021-34798"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
}
],
"trust": 0.6
},
"cve": "CVE-2021-34798",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-34798",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-03223",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-395042",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-34798",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-34798",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-34798",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-34798",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-03223",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-1109",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-395042",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-34798",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "VULHUB",
"id": "VHN-395042"
},
{
"db": "VULMON",
"id": "CVE-2021-34798"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002671"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
},
{
"db": "NVD",
"id": "CVE-2021-34798"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. The server is fast, reliable and extensible through a simple API. No detailed vulnerability details are currently provided. 7) - noarch, x86_64\n\n3. \n\nBug Fix(es):\n\n* proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)\n\nAdditional changes:\n\n* To fix CVE-2022-29404, the default value for the \"LimitRequestBody\"\ndirective in the Apache HTTP Server has been changed from 0 (unlimited) to\n1 GiB. \n\nOn systems where the value of \"LimitRequestBody\" is not explicitly\nspecified in an httpd configuration file, updating the httpd package sets\n\"LimitRequestBody\" to the default value of 1 GiB. As a consequence, if the\ntotal size of the HTTP request body exceeds this 1 GiB default limit, httpd\nreturns the 413 Request Entity Too Large error code. \n\nIf the new default allowed size of an HTTP request message body is\ninsufficient for your use case, update your httpd configuration files\nwithin the respective context (server, per-directory, per-file, or\nper-location) and set your preferred limit in bytes. For example, to set a\nnew 2 GiB limit, use:\n\nLimitRequestBody 2147483648\n\nSystems already configured to use any explicit value for the\n\"LimitRequestBody\" directive are unaffected by this change. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.4.38-3+deb10u6. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.4.51-1~deb11u1. \n\nWe recommend that you upgrade your apache2 packages. \n\nFor the detailed security status of apache2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8\nTjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou\nD4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ\nM277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q\n4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG\n5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh\njhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ\nTHik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV\nTWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY\nY4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa\n7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO\nA4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0=\n=/At6\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: httpd security update\nAdvisory ID: RHSA-2022:0143-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0143\nIssue date: 2022-01-17\nCVE Names: CVE-2021-26691 CVE-2021-34798 CVE-2021-39275\n CVE-2021-44790\n====================================================================\n1. Summary:\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. \n\nSecurity Fix(es):\n\n* httpd: mod_lua: Possible buffer overflow when parsing multipart content\n(CVE-2021-44790)\n\n* httpd: mod_session: Heap overflow via a crafted SessionHeader value\n(CVE-2021-26691)\n\n* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n(CVE-2021-39275)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value\n2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests\n2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nppc64:\nhttpd-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.ppc64.rpm\nmod_session-2.4.6-97.el7_9.4.ppc64.rpm\nmod_ssl-2.4.6-97.el7_9.4.ppc64.rpm\n\nppc64le:\nhttpd-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_session-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm\n\ns390x:\nhttpd-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-devel-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-tools-2.4.6-97.el7_9.4.s390x.rpm\nmod_session-2.4.6-97.el7_9.4.s390x.rpm\nmod_ssl-2.4.6-97.el7_9.4.s390x.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm\nmod_ldap-2.4.6-97.el7_9.4.ppc64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm\n\nppc64le:\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm\n\ns390x:\nhttpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm\nmod_ldap-2.4.6-97.el7_9.4.s390x.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-26691\nhttps://access.redhat.com/security/cve/CVE-2021-34798\nhttps://access.redhat.com/security/cve/CVE-2021-39275\nhttps://access.redhat.com/security/cve/CVE-2021-44790\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYeVdC9zjgjWX9erEAQgzNw/8CjsxUvDW64dwvpcYH/OWJhKqvD53sX+w\nivf4+hhCsEVLvrjD0eTNkbeza+dcZqoR5swL0IjAGXKJ/0q/oh4/yxq2ydgvEYsY\nrAjts0tnynoswBaFo6eaBlcNxQroGID0uqgXkUFt37m4eetACuOSVRcZ7/sNsqBS\niQF4l16vjNvKeOdKY8nSNe77Dt1/Lj41NoL6XbAZPuvaiLBqqGOY9xYfZSSmFHFq\nH4dB8cfMC4cWysFtnzffJ+dJdzcWNOxklwLlZe72JoAJYP59da2YuIoE2LsQRGPC\nOcc84zH/UZx4JWJhF7FEEALC/tizfFqu9qWr1OIDmSVTEAZ+6IZ/mDeF83+0Mrc4\nAiV3oiJi7Fx4XTDUL8fim+FORaSI2IR7LK1Zjau1qCN04ayyFXwJdK/fwgIWJHon\ngYhyUsAj7F7At9m8cCVRP5K4jjmr0qrmsF1M1B6xqMLWlYNcWu3obJS/FbiSdwQJ\n7jFdBagThGOzIle0eGk0iMZ+vRJSuaSMZ7GDA14o46KB+EkvYLe+wi6jBQXJeD6Q\nOueenu2JiMvB8+dJNYrn9uQY+8WHyCVV1HMMmVo9LajA1FJRXgMIQN5ZmDMoDW73\nqFV+VCOHtKPI2hC8ngZYy2RyEUhK4t3f7xmJgtoJ4/DuaGsRWL7xZPL7gLHxWnS4\n5VjPyLrWg5U=TyMo\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Apache HTTPD: Multiple Vulnerabilities\n Date: August 14, 2022\n Bugs: #813429, #816399, #816864, #829722, #835131, #850622\n ID: 202208-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Apache Webserver, the\nworst of which could result in remote code execution. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache HTTPD users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.54\"\n\nAll Apache HTTPD tools users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-admin/apache-tools-2.4.54\"\n\nReferences\n=========\n[ 1 ] CVE-2021-33193\n https://nvd.nist.gov/vuln/detail/CVE-2021-33193\n[ 2 ] CVE-2021-34798\n https://nvd.nist.gov/vuln/detail/CVE-2021-34798\n[ 3 ] CVE-2021-36160\n https://nvd.nist.gov/vuln/detail/CVE-2021-36160\n[ 4 ] CVE-2021-39275\n https://nvd.nist.gov/vuln/detail/CVE-2021-39275\n[ 5 ] CVE-2021-40438\n https://nvd.nist.gov/vuln/detail/CVE-2021-40438\n[ 6 ] CVE-2021-41524\n https://nvd.nist.gov/vuln/detail/CVE-2021-41524\n[ 7 ] CVE-2021-41773\n https://nvd.nist.gov/vuln/detail/CVE-2021-41773\n[ 8 ] CVE-2021-42013\n https://nvd.nist.gov/vuln/detail/CVE-2021-42013\n[ 9 ] CVE-2021-44224\n https://nvd.nist.gov/vuln/detail/CVE-2021-44224\n[ 10 ] CVE-2021-44790\n https://nvd.nist.gov/vuln/detail/CVE-2021-44790\n[ 11 ] CVE-2022-22719\n https://nvd.nist.gov/vuln/detail/CVE-2022-22719\n[ 12 ] CVE-2022-22720\n https://nvd.nist.gov/vuln/detail/CVE-2022-22720\n[ 13 ] CVE-2022-22721\n https://nvd.nist.gov/vuln/detail/CVE-2022-22721\n[ 14 ] CVE-2022-23943\n https://nvd.nist.gov/vuln/detail/CVE-2022-23943\n[ 15 ] CVE-2022-26377\n https://nvd.nist.gov/vuln/detail/CVE-2022-26377\n[ 16 ] CVE-2022-28614\n https://nvd.nist.gov/vuln/detail/CVE-2022-28614\n[ 17 ] CVE-2022-28615\n https://nvd.nist.gov/vuln/detail/CVE-2022-28615\n[ 18 ] CVE-2022-29404\n https://nvd.nist.gov/vuln/detail/CVE-2022-29404\n[ 19 ] CVE-2022-30522\n https://nvd.nist.gov/vuln/detail/CVE-2022-30522\n[ 20 ] CVE-2022-30556\n https://nvd.nist.gov/vuln/detail/CVE-2022-30556\n[ 21 ] CVE-2022-31813\n https://nvd.nist.gov/vuln/detail/CVE-2022-31813\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-20\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-5090-3\nSeptember 28, 2021\n\napache2 regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nUSN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream\nfixes introduced a regression in UDS URIs. This update fixes the problem. \n\nOriginal advisory details:\n\n James Kettle discovered that the Apache HTTP Server HTTP/2 module\n incorrectly handled certain crafted methods. A remote attacker could\n possibly use this issue to perform request splitting or cache poisoning\n attacks. A remote attacker could possibly use this issue to\n cause the server to crash, resulting in a denial of service. \n (CVE-2021-34798)\n Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly\n handled certain request uri-paths. A remote attacker could possibly use\n this issue to cause the server to crash, resulting in a denial of service. \n This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote\n attacker could use this issue to cause the server to crash, resulting in a\n denial of service, or possibly execute arbitrary code. (CVE-2021-39275)\n It was discovered that the Apache mod_proxy module incorrectly handled\n certain request uri-paths. A remote attacker could possibly use this issue\n to cause the server to forward requests to arbitrary origin servers. \n (CVE-2021-40438)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n apache2 2.4.46-4ubuntu1.3\n apache2-bin 2.4.46-4ubuntu1.3\n\nUbuntu 20.04 LTS:\n apache2 2.4.41-4ubuntu3.6\n apache2-bin 2.4.41-4ubuntu3.6\n\nUbuntu 18.04 LTS:\n apache2 2.4.29-1ubuntu4.18\n apache2-bin 2.4.29-1ubuntu4.18\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34798"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002671"
},
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "VULHUB",
"id": "VHN-395042"
},
{
"db": "VULMON",
"id": "CVE-2021-34798"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169132"
},
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "166321"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "PACKETSTORM",
"id": "164318"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-34798",
"trust": 4.0
},
{
"db": "TENABLE",
"id": "TNS-2021-17",
"trust": 1.8
},
{
"db": "MCAFEE",
"id": "SB10379",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-685781",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "165587",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166321",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168072",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168565",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002671",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-03223",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1109",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-167-06",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164329",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164318",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022012040",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101308",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022030119",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092301",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051316",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031528",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011749",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021091707",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101513",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101922",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101005",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060624",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101101",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042112",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021112902",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3229",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3405",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3341",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.7",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3148",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3591",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0850",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3482",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2978",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.5",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2352",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0217",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3357",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3250",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3387",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-132-02",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-395042",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-34798",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169132",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164305",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "VULHUB",
"id": "VHN-395042"
},
{
"db": "VULMON",
"id": "CVE-2021-34798"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002671"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169132"
},
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "166321"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
},
{
"db": "NVD",
"id": "CVE-2021-34798"
}
]
},
"id": "VAR-202109-1805",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "VULHUB",
"id": "VHN-395042"
}
],
"trust": 1.3031922749999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
}
]
},
"last_update_date": "2024-11-29T22:33:38.638000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2021-e3f6dd670d",
"trust": 0.8,
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"title": "Patch for Apache HTTP Server Code Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/313156"
},
{
"title": "Apache HTTP Server Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=171210"
},
{
"title": "Red Hat: Moderate: httpd:2.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220891 - Security Advisory"
},
{
"title": "Red Hat: CVE-2021-34798",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-34798"
},
{
"title": "Debian Security Advisories: DSA-4982-1 apache2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=93a29f7ecf9a6aaba79d3b3320aa4b85"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-34798 log"
},
{
"title": "Red Hat: Moderate: httpd24-httpd security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226753 - Security Advisory"
},
{
"title": "Tenable Security Advisories: [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1: Patch 202110.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-17"
},
{
"title": "Brocade Security Advisories: CVE-2021-34798. NULL pointer dereference in httpd core.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=2142ed2ad0c6564b6dfdd2779d3117ce"
},
{
"title": "Brocade Security Advisories: Access Denied",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=3499da969fe529a2e6d5812690c8f102"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1543",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1543"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1716",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1716"
},
{
"title": "Cisco: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
},
{
"title": "PROJET TUTEURE",
"trust": 0.1,
"url": "https://github.com/PierreChrd/py-projet-tut "
},
{
"title": "Tier 0\nTier 1\nTier 2",
"trust": 0.1,
"url": "https://github.com/Totes5706/TotesHTB "
},
{
"title": "Requirements\nvulnsearch-cve\nUsage\nvulnsearch\nUsage\nTest Sample",
"trust": 0.1,
"url": "https://github.com/kasem545/vulnsearch "
},
{
"title": "Skynet",
"trust": 0.1,
"url": "https://github.com/bioly230/THM_Skynet "
},
{
"title": "Shodan Search Script",
"trust": 0.1,
"url": "https://github.com/firatesatoglu/shodanSearch "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "VULMON",
"id": "CVE-2021-34798"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002671"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395042"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002671"
},
{
"db": "NVD",
"id": "CVE-2021-34798"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
},
{
"trust": 1.8,
"url": "https://www.tenable.com/security/tns-2021-17"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2021/dsa-4982"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
},
{
"trust": 1.7,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10379"
},
{
"trust": 1.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-2.4.49-vwl69swq"
},
{
"trust": 1.2,
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2021-34798"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
},
{
"trust": 0.6,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-34798"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "http://"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers."
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051316"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022030119"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031528"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3229"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3405"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165587/red-hat-security-advisory-2022-0143-03.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166321/red-hat-security-advisory-2022-0891-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021112902"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060624"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101513"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3357"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2352"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0217"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3250"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3591"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.7"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164318/ubuntu-security-notice-usn-5090-3.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0850"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520016"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-06"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168565/red-hat-security-advisory-2022-6753-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2978"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.3"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.2"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.5"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012040"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011749"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-132-02"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042112"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092301"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3387"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3341"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101922"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164329/ubuntu-security-notice-usn-5090-4.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101308"
},
{
"trust": 0.6,
"url": "httpd-2.4.49-vwl69swq"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3148"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021091707"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101101"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-http-server-four-vulnerabilities-36444"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3482"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101005"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40438"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-39275"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5090-1"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2022:0891"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29404"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30556"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10379"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-06"
},
{
"trust": 0.1,
"url": "https://github.com/totes5706/toteshtb"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/6975397"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30556"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36160"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28614"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6753"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30522"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33193"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26377"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/apache2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0143"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41773"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.17"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/xxxxxx"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5090-4"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5090-3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1945311"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.18"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "VULHUB",
"id": "VHN-395042"
},
{
"db": "VULMON",
"id": "CVE-2021-34798"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002671"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169132"
},
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "166321"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
},
{
"db": "NVD",
"id": "CVE-2021-34798"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "VULHUB",
"id": "VHN-395042"
},
{
"db": "VULMON",
"id": "CVE-2021-34798"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002671"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169132"
},
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "166321"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
},
{
"db": "NVD",
"id": "CVE-2021-34798"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"date": "2021-09-16T00:00:00",
"db": "VULHUB",
"id": "VHN-395042"
},
{
"date": "2021-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34798"
},
{
"date": "2021-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002671"
},
{
"date": "2022-09-30T14:51:18",
"db": "PACKETSTORM",
"id": "168565"
},
{
"date": "2021-10-28T19:12:00",
"db": "PACKETSTORM",
"id": "169132"
},
{
"date": "2022-01-17T16:53:40",
"db": "PACKETSTORM",
"id": "165587"
},
{
"date": "2022-03-15T15:50:26",
"db": "PACKETSTORM",
"id": "166321"
},
{
"date": "2022-08-15T16:02:48",
"db": "PACKETSTORM",
"id": "168072"
},
{
"date": "2021-09-28T15:06:35",
"db": "PACKETSTORM",
"id": "164305"
},
{
"date": "2021-09-29T14:50:01",
"db": "PACKETSTORM",
"id": "164329"
},
{
"date": "2021-09-28T15:23:06",
"db": "PACKETSTORM",
"id": "164318"
},
{
"date": "2021-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1109"
},
{
"date": "2021-09-16T15:15:07.267000",
"db": "NVD",
"id": "CVE-2021-34798"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"date": "2022-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-395042"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34798"
},
{
"date": "2021-09-29T06:16:00",
"db": "JVNDB",
"id": "JVNDB-2021-002671"
},
{
"date": "2023-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1109"
},
{
"date": "2023-11-07T03:36:26.910000",
"db": "NVD",
"id": "CVE-2021-34798"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache\u00a0HTTP\u00a0Server\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002671"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
}
],
"trust": 0.6
}
}
var-202110-1670
Vulnerability from variot
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility. strongSwan Exists in an integer overflow vulnerability.Denial of service (DoS) It may be put into a state. ========================================================================== Ubuntu Security Notice USN-5111-1 October 19, 2021
strongswan vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in strongSwan.
Software Description: - strongswan: IPsec VPN solution
Details:
It was discovered that strongSwan incorrectly handled certain RSASSA-PSS signatures. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2021-41990)
It was discovered that strongSwan incorrectly handled replacing certificates in the cache. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-41991)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: libstrongswan 5.9.1-1ubuntu3.1 strongswan 5.9.1-1ubuntu3.1
Ubuntu 21.04: libstrongswan 5.9.1-1ubuntu1.2 strongswan 5.9.1-1ubuntu1.2
Ubuntu 20.04 LTS: libstrongswan 5.8.2-1ubuntu3.3 strongswan 5.8.2-1ubuntu3.3
Ubuntu 18.04 LTS: libstrongswan 5.6.2-1ubuntu2.7 strongswan 5.6.2-1ubuntu2.7
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5111-1 CVE-2021-41990, CVE-2021-41991
Package Information: https://launchpad.net/ubuntu/+source/strongswan/5.9.1-1ubuntu3.1 https://launchpad.net/ubuntu/+source/strongswan/5.9.1-1ubuntu1.2 https://launchpad.net/ubuntu/+source/strongswan/5.8.2-1ubuntu3.3 https://launchpad.net/ubuntu/+source/strongswan/5.6.2-1ubuntu2.7 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4989-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez October 18, 2021 https://www.debian.org/security/faq
Package : strongswan CVE ID : CVE-2021-41990 CVE-2021-41991
Researchers at the United States of America National Security Agency (NSA) identified two denial of services vulnerability in strongSwan, an IKE/IPsec suite.
CVE-2021-41990
RSASSA-PSS signatures whose parameters define a very high salt length can
trigger an integer overflow that can lead to a segmentation fault.
Generating a signature that bypasses the padding check to trigger the crash
requires access to the private key that signed the certificate. However,
the certificate does not have to be trusted. Because the gmp and the
openssl plugins both check if a parsed certificate is self-signed (and the
signature is valid), this can e.g. be triggered by an unrelated
self-signed CA certificate sent by an initiator. Depending on the generated random value, this could
lead to an integer overflow that results in a double-dereference and a call
using out-of-bounds memory that most likely leads to a segmentation fault.
Remote code execution can't be ruled out completely, but attackers have no
control over the dereferenced memory, so it seems unlikely at this point.
For the oldstable distribution (buster), these problems have been fixed in version 5.7.2-1+deb10u1.
For the stable distribution (bullseye), these problems have been fixed in version 5.9.1-1+deb11u1.
We recommend that you upgrade your strongswan packages.
For the detailed security status of strongswan please refer to its security tracker page at: https://security-tracker.debian.org/tracker/strongswan
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmFtyAUACgkQ3rYcyPpX RFudiwf+NNcRRRJychLI5ycMKVxkr2tEAJDeVZjv966YBM1tXnCtROydXf5Zip2M dn/EYO71uuT5FKhs8tJyx5iv2bFcrvyqQQo6DFQvXZHR0+9U+MHcR9qB7JJDM4nK +JXOEmAv3akCFhiP6jMx5B6jRWR1e4MOwxmgrgGu/nwy2cYBQPI43qPTrXi3Fcnv eSgeyLqyZNLmaGmj8jQfTnc8bdVF5xAs6mHhVqNJxQCdouG9b4/S6AxJsl3IMxyF WZhtCNUvhHH8wz0lZVElR3Qs6fUu0phKdlT9kBv/o6fP3ceiYOCEh8SqBgYU3hQL xyB0uP4EcSR70TvKZMB2jV/tGG1A8w== =/Xvi -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202405-08
https://security.gentoo.org/
Severity: Normal Title: strongSwan: Multiple Vulnerabilities Date: May 04, 2024 Bugs: #818841, #832460, #878887, #899964 ID: 202405-08
Synopsis
Multiple vulnerabilities have been discovered in strongSwan, the worst of which could possibly lead to remote code execution.
Background
strongSwan is an IPSec implementation for Linux.
Affected packages
Package Vulnerable Unaffected
net-vpn/strongswan < 5.9.10 >= 5.9.10
Description
Multiple vulnerabilities have been discovered in strongSwan. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All strongSwan users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-vpn/strongswan-5.9.10"
References
[ 1 ] CVE-2021-41991 https://nvd.nist.gov/vuln/detail/CVE-2021-41991 [ 2 ] CVE-2021-45079 https://nvd.nist.gov/vuln/detail/CVE-2021-45079 [ 3 ] CVE-2022-40617 https://nvd.nist.gov/vuln/detail/CVE-2022-40617 [ 4 ] CVE-2023-26463 https://nvd.nist.gov/vuln/detail/CVE-2023-26463
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202405-08
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-1670",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siplus net cp 1543-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "siplus s7-1200 cp 1243-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "scalance sc636-2c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "scalance sc622-2c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "strongswan",
"scope": "lt",
"trust": 1.0,
"vendor": "strongswan",
"version": "5.9.4"
},
{
"model": "simatic net cp 1243-8 irc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "siplus et 200sp cp 1542sp-1 irc tx rail",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "simatic net cp1243-7 lte eu",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1243-7 lte\\/us",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1543sp-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "scalance sc642-2c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "siplus et 200sp cp 1543sp-1 isec tx rail",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1542sp-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1542sp-1 irc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "cp 1543-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "simatic cp 1242-7 gprs v2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "simatic net cp 1545-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "siplus s7-1200 cp 1243-1 rail",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "sinema remote connect server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "simatic cp 1243-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "scalance sc632-2c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "scalance sc646-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3"
},
{
"model": "siplus et 200sp cp 1543sp-1 isec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "strongswan",
"scope": "gte",
"trust": 1.0,
"vendor": "strongswan",
"version": "4.2.10"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "strongswan",
"scope": null,
"trust": 0.8,
"vendor": "strongswan",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007493"
},
{
"db": "NVD",
"id": "CVE-2021-41991"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "164558"
},
{
"db": "PACKETSTORM",
"id": "164554"
}
],
"trust": 0.2
},
"cve": "CVE-2021-41991",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-41991",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-403107",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-41991",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-41991",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-41991",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-41991",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-1214",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-403107",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-41991",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-403107"
},
{
"db": "VULMON",
"id": "CVE-2021-41991"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007493"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1214"
},
{
"db": "NVD",
"id": "CVE-2021-41991"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility. strongSwan Exists in an integer overflow vulnerability.Denial of service (DoS) It may be put into a state. ==========================================================================\nUbuntu Security Notice USN-5111-1\nOctober 19, 2021\n\nstrongswan vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in strongSwan. \n\nSoftware Description:\n- strongswan: IPsec VPN solution\n\nDetails:\n\nIt was discovered that strongSwan incorrectly handled certain RSASSA-PSS\nsignatures. A remote attacker could use this issue to cause strongSwan to\ncrash, resulting in a denial of service. (CVE-2021-41990)\n\nIt was discovered that strongSwan incorrectly handled replacing\ncertificates in the cache. A remote attacker could use this issue to cause\nstrongSwan to crash, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2021-41991)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n libstrongswan 5.9.1-1ubuntu3.1\n strongswan 5.9.1-1ubuntu3.1\n\nUbuntu 21.04:\n libstrongswan 5.9.1-1ubuntu1.2\n strongswan 5.9.1-1ubuntu1.2\n\nUbuntu 20.04 LTS:\n libstrongswan 5.8.2-1ubuntu3.3\n strongswan 5.8.2-1ubuntu3.3\n\nUbuntu 18.04 LTS:\n libstrongswan 5.6.2-1ubuntu2.7\n strongswan 5.6.2-1ubuntu2.7\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5111-1\n CVE-2021-41990, CVE-2021-41991\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/strongswan/5.9.1-1ubuntu3.1\n https://launchpad.net/ubuntu/+source/strongswan/5.9.1-1ubuntu1.2\n https://launchpad.net/ubuntu/+source/strongswan/5.8.2-1ubuntu3.3\n https://launchpad.net/ubuntu/+source/strongswan/5.6.2-1ubuntu2.7\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4989-1 security@debian.org\nhttps://www.debian.org/security/ Yves-Alexis Perez\nOctober 18, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : strongswan\nCVE ID : CVE-2021-41990 CVE-2021-41991\n\nResearchers at the United States of America National Security Agency (NSA)\nidentified two denial of services vulnerability in strongSwan, an IKE/IPsec\nsuite. \n\nCVE-2021-41990\n\n RSASSA-PSS signatures whose parameters define a very high salt length can\n trigger an integer overflow that can lead to a segmentation fault. \n Generating a signature that bypasses the padding check to trigger the crash\n requires access to the private key that signed the certificate. However,\n the certificate does not have to be trusted. Because the gmp and the\n openssl plugins both check if a parsed certificate is self-signed (and the\n signature is valid), this can e.g. be triggered by an unrelated\n self-signed CA certificate sent by an initiator. Depending on the generated random value, this could\n lead to an integer overflow that results in a double-dereference and a call\n using out-of-bounds memory that most likely leads to a segmentation fault. \n Remote code execution can\u0027t be ruled out completely, but attackers have no\n control over the dereferenced memory, so it seems unlikely at this point. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 5.7.2-1+deb10u1. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 5.9.1-1+deb11u1. \n\nWe recommend that you upgrade your strongswan packages. \n\nFor the detailed security status of strongswan please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/strongswan\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmFtyAUACgkQ3rYcyPpX\nRFudiwf+NNcRRRJychLI5ycMKVxkr2tEAJDeVZjv966YBM1tXnCtROydXf5Zip2M\ndn/EYO71uuT5FKhs8tJyx5iv2bFcrvyqQQo6DFQvXZHR0+9U+MHcR9qB7JJDM4nK\n+JXOEmAv3akCFhiP6jMx5B6jRWR1e4MOwxmgrgGu/nwy2cYBQPI43qPTrXi3Fcnv\neSgeyLqyZNLmaGmj8jQfTnc8bdVF5xAs6mHhVqNJxQCdouG9b4/S6AxJsl3IMxyF\nWZhtCNUvhHH8wz0lZVElR3Qs6fUu0phKdlT9kBv/o6fP3ceiYOCEh8SqBgYU3hQL\nxyB0uP4EcSR70TvKZMB2jV/tGG1A8w==\n=/Xvi\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202405-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: strongSwan: Multiple Vulnerabilities\n Date: May 04, 2024\n Bugs: #818841, #832460, #878887, #899964\n ID: 202405-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in strongSwan, the worst\nof which could possibly lead to remote code execution. \n\nBackground\n=========\nstrongSwan is an IPSec implementation for Linux. \n\nAffected packages\n================\nPackage Vulnerable Unaffected\n------------------ ------------ ------------\nnet-vpn/strongswan \u003c 5.9.10 \u003e= 5.9.10\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in strongSwan. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll strongSwan users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-vpn/strongswan-5.9.10\"\n\nReferences\n=========\n[ 1 ] CVE-2021-41991\n https://nvd.nist.gov/vuln/detail/CVE-2021-41991\n[ 2 ] CVE-2021-45079\n https://nvd.nist.gov/vuln/detail/CVE-2021-45079\n[ 3 ] CVE-2022-40617\n https://nvd.nist.gov/vuln/detail/CVE-2022-40617\n[ 4 ] CVE-2023-26463\n https://nvd.nist.gov/vuln/detail/CVE-2023-26463\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202405-08\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2024 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-41991"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007493"
},
{
"db": "VULHUB",
"id": "VHN-403107"
},
{
"db": "VULMON",
"id": "CVE-2021-41991"
},
{
"db": "PACKETSTORM",
"id": "164558"
},
{
"db": "PACKETSTORM",
"id": "164554"
},
{
"db": "PACKETSTORM",
"id": "169143"
},
{
"db": "PACKETSTORM",
"id": "178454"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-41991",
"trust": 3.8
},
{
"db": "SIEMENS",
"id": "SSA-539476",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU98748974",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007493",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "164558",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164554",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021101947",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3463",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3488",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1214",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-403107",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-41991",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169143",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "178454",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-403107"
},
{
"db": "VULMON",
"id": "CVE-2021-41991"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007493"
},
{
"db": "PACKETSTORM",
"id": "164558"
},
{
"db": "PACKETSTORM",
"id": "164554"
},
{
"db": "PACKETSTORM",
"id": "169143"
},
{
"db": "PACKETSTORM",
"id": "178454"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1214"
},
{
"db": "NVD",
"id": "CVE-2021-41991"
}
]
},
"id": "VAR-202110-1670",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-403107"
}
],
"trust": 0.7521640566666667
},
"last_update_date": "2024-11-23T20:22:32.248000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "strongSwan\u00a0Vulnerability\u00a0(CVE-2021-41991)",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html"
},
{
"title": "strongSwan Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166640"
},
{
"title": "Debian Security Advisories: DSA-4989-1 strongswan -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=35fdad388753f5d88f528a33acdb09b3"
},
{
"title": "Red Hat: CVE-2021-41991",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-41991"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-41991 log"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-41991"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007493"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1214"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.1
},
{
"problemtype": "Integer overflow or wraparound (CWE-190) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-403107"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007493"
},
{
"db": "NVD",
"id": "CVE-2021-41991"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.debian.org/security/2021/dsa-4989"
},
{
"trust": 1.8,
"url": "https://github.com/strongswan/strongswan/releases/tag/5.9.4"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00014.html"
},
{
"trust": 1.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41991"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf"
},
{
"trust": 1.1,
"url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-%28cve-2021-41991%29.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wqsq3bec22nf4ncdzvct4p3q2ziajxgj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y3tq32jljobjdb2ejksx2pbpb5nfg2d4/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5fjsatd2r2xhtg4p63gcmq2n7ewkmme5/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98748974/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5fjsatd2r2xhtg4p63gcmq2n7ewkmme5/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y3tq32jljobjdb2ejksx2pbpb5nfg2d4/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wqsq3bec22nf4ncdzvct4p3q2ziajxgj/"
},
{
"trust": 0.7,
"url": "https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-41991"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/strongswan-integer-overflow-via-in-memory-certificate-cache-36667"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3463"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164558/ubuntu-security-notice-usn-5111-2.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101947"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164554/ubuntu-security-notice-usn-5111-1.html"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5111-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41990"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5111-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/strongswan/5.9.1-1ubuntu3.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/strongswan/5.8.2-1ubuntu3.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/strongswan/5.9.1-1ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/strongswan/5.6.2-1ubuntu2.7"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/strongswan"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45079"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202405-08"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-26463"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-403107"
},
{
"db": "VULMON",
"id": "CVE-2021-41991"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007493"
},
{
"db": "PACKETSTORM",
"id": "164558"
},
{
"db": "PACKETSTORM",
"id": "164554"
},
{
"db": "PACKETSTORM",
"id": "169143"
},
{
"db": "PACKETSTORM",
"id": "178454"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1214"
},
{
"db": "NVD",
"id": "CVE-2021-41991"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-403107"
},
{
"db": "VULMON",
"id": "CVE-2021-41991"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007493"
},
{
"db": "PACKETSTORM",
"id": "164558"
},
{
"db": "PACKETSTORM",
"id": "164554"
},
{
"db": "PACKETSTORM",
"id": "169143"
},
{
"db": "PACKETSTORM",
"id": "178454"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1214"
},
{
"db": "NVD",
"id": "CVE-2021-41991"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-403107"
},
{
"date": "2021-10-18T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41991"
},
{
"date": "2022-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007493"
},
{
"date": "2021-10-20T15:43:57",
"db": "PACKETSTORM",
"id": "164558"
},
{
"date": "2021-10-19T15:31:42",
"db": "PACKETSTORM",
"id": "164554"
},
{
"date": "2021-10-28T19:12:00",
"db": "PACKETSTORM",
"id": "169143"
},
{
"date": "2024-05-06T13:54:27",
"db": "PACKETSTORM",
"id": "178454"
},
{
"date": "2021-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1214"
},
{
"date": "2021-10-18T14:15:10.333000",
"db": "NVD",
"id": "CVE-2021-41991"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-12T00:00:00",
"db": "VULHUB",
"id": "VHN-403107"
},
{
"date": "2021-10-21T00:00:00",
"db": "VULMON",
"id": "CVE-2021-41991"
},
{
"date": "2022-02-15T00:53:00",
"db": "JVNDB",
"id": "JVNDB-2021-007493"
},
{
"date": "2022-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1214"
},
{
"date": "2024-11-21T06:27:02.090000",
"db": "NVD",
"id": "CVE-2021-41991"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "164558"
},
{
"db": "PACKETSTORM",
"id": "164554"
},
{
"db": "PACKETSTORM",
"id": "178454"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1214"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "strongSwan\u00a0 Integer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007493"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1214"
}
],
"trust": 0.6
}
}
var-202105-1451
Vulnerability from variot
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. Linux Kernel Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Arch Linux is an application system of Arch open source. A lightweight and flexible Linux® distribution that tries to keep it simple. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Bug Fix(es):
- Rebase package(s) to version: 1.2.23
Highlights, important fixes, or notable enhancements:
-
imgbase should not copy the selinux binary policy file (BZ# 1979624) (BZ#1989397)
-
RHV-H has been rebased on Red Hat Enterprise Linux 8.4 Batch #2. (BZ#1975177)
-
8) - x86_64
-
Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Bug Fix(es):
-
kernel-rt: update RT source tree to the RHEL-8.4.z source tree (BZ#1985050)
-
kernel-rt: Merge mm/memcg: Fix kmem_cache_alloc() performance regression (BZ#1987102)
-
8.1) - ppc64le, x86_64
-
Description:
This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.1.12 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.1/html/release_notes/
Security fixes:
-
redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626)
-
redis: Integer overflow issue with Streams (CVE-2021-32627)
-
redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628)
-
redis: Integer overflow issue with intsets (CVE-2021-32687)
-
redis: Integer overflow issue with strings (CVE-2021-41099)
-
redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675)
-
redis: Out of bounds read in lua debugger protocol parser (CVE-2021-32672)
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Container updates:
-
RHACM 2.1.12 images (BZ# 2007489)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. To apply this upgrade, you must upgrade your OpenShift Container Platform version to 4.6, or later. Bugs fixed (https://bugzilla.redhat.com/):
2007489 - RHACM 2.1.12 images 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings
Bug Fix(es):
-
[CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap [7.9.z] (BZ#1975161)
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2021:3363-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3363 Issue date: 2021-08-31 CVE Names: CVE-2021-3609 CVE-2021-22543 CVE-2021-22555 CVE-2021-32399 ==================================================================== 1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat CodeReady Linux Builder EUS (v. 8.2) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
-
kernel: race condition in net/can/bcm.c leads to local privilege escalation (CVE-2021-3609)
-
kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543)
-
kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555)
-
kernel: race condition for removal of the HCI controller (CVE-2021-32399)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
[Regression] RHEL8.2 - ISST-LTE:pVM:diapvmlp83:sum:memory DLPAR fails to add memory on multiple trials[mm/memory_hotplug.c:1163] (mm-) (BZ#1930169)
-
Every server is displaying the same power levels for all of our i40e 25G interfaces. 10G interfaces seem to be correct. Ethtool version is 5.0 (BZ#1967100)
-
s390/uv: Fix handling of length extensions (BZ#1975657)
-
RHEL 8.3 using FCOE via a FastLinQ QL45000 card will not manually scan in LUN from Target_id's over 8 (BZ#1976265)
-
Backport "tick/nohz: Conditionally restart tick on idle exit" to RHEL 8.5 (BZ#1978711)
-
rhel8.3: phase 2 netfilter backports from upstream (BZ#1980323)
-
xfrm: backports from upstream (BZ#1981841)
Enhancement(s):
-
[8.2.z] Incorrect parsing of ACPI HMAT table reports incorrect kernel WARNING taint (BZ#1943702)
-
Only selected patches from [IBM 8.4 FEAT] ibmvnic: Backport FW950 and assorted bug fixes (BZ#1980795)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1965461 - CVE-2021-22543 kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks 1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller 1971651 - CVE-2021-3609 kernel: race condition in net/can/bcm.c leads to local privilege escalation 1980101 - CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c
- Package List:
Red Hat Enterprise Linux BaseOS EUS (v. 8.2):
Source: kernel-4.18.0-193.64.1.el8_2.src.rpm
aarch64: bpftool-4.18.0-193.64.1.el8_2.aarch64.rpm bpftool-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-core-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-cross-headers-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-debug-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-debug-core-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-debug-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-debug-devel-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-debug-modules-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-debug-modules-extra-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-devel-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-headers-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-modules-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-modules-extra-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-tools-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-tools-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-tools-libs-4.18.0-193.64.1.el8_2.aarch64.rpm perf-4.18.0-193.64.1.el8_2.aarch64.rpm perf-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm python3-perf-4.18.0-193.64.1.el8_2.aarch64.rpm python3-perf-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm
noarch: kernel-abi-whitelists-4.18.0-193.64.1.el8_2.noarch.rpm kernel-doc-4.18.0-193.64.1.el8_2.noarch.rpm
ppc64le: bpftool-4.18.0-193.64.1.el8_2.ppc64le.rpm bpftool-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-core-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-cross-headers-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-debug-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-debug-core-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-debug-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-debug-devel-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-debug-modules-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-debug-modules-extra-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-devel-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-headers-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-modules-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-modules-extra-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-tools-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-tools-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-tools-libs-4.18.0-193.64.1.el8_2.ppc64le.rpm perf-4.18.0-193.64.1.el8_2.ppc64le.rpm perf-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm python3-perf-4.18.0-193.64.1.el8_2.ppc64le.rpm python3-perf-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm
s390x: bpftool-4.18.0-193.64.1.el8_2.s390x.rpm bpftool-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm kernel-4.18.0-193.64.1.el8_2.s390x.rpm kernel-core-4.18.0-193.64.1.el8_2.s390x.rpm kernel-cross-headers-4.18.0-193.64.1.el8_2.s390x.rpm kernel-debug-4.18.0-193.64.1.el8_2.s390x.rpm kernel-debug-core-4.18.0-193.64.1.el8_2.s390x.rpm kernel-debug-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm kernel-debug-devel-4.18.0-193.64.1.el8_2.s390x.rpm kernel-debug-modules-4.18.0-193.64.1.el8_2.s390x.rpm kernel-debug-modules-extra-4.18.0-193.64.1.el8_2.s390x.rpm kernel-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-193.64.1.el8_2.s390x.rpm kernel-devel-4.18.0-193.64.1.el8_2.s390x.rpm kernel-headers-4.18.0-193.64.1.el8_2.s390x.rpm kernel-modules-4.18.0-193.64.1.el8_2.s390x.rpm kernel-modules-extra-4.18.0-193.64.1.el8_2.s390x.rpm kernel-tools-4.18.0-193.64.1.el8_2.s390x.rpm kernel-tools-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm kernel-zfcpdump-4.18.0-193.64.1.el8_2.s390x.rpm kernel-zfcpdump-core-4.18.0-193.64.1.el8_2.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm kernel-zfcpdump-devel-4.18.0-193.64.1.el8_2.s390x.rpm kernel-zfcpdump-modules-4.18.0-193.64.1.el8_2.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-193.64.1.el8_2.s390x.rpm perf-4.18.0-193.64.1.el8_2.s390x.rpm perf-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm python3-perf-4.18.0-193.64.1.el8_2.s390x.rpm python3-perf-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm
x86_64: bpftool-4.18.0-193.64.1.el8_2.x86_64.rpm bpftool-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-core-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-cross-headers-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-debug-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-debug-core-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-debug-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-debug-devel-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-debug-modules-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-debug-modules-extra-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-devel-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-headers-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-modules-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-modules-extra-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-tools-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-tools-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-tools-libs-4.18.0-193.64.1.el8_2.x86_64.rpm perf-4.18.0-193.64.1.el8_2.x86_64.rpm perf-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm python3-perf-4.18.0-193.64.1.el8_2.x86_64.rpm python3-perf-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm
Red Hat CodeReady Linux Builder EUS (v. 8.2):
aarch64: bpftool-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-debug-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-tools-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-tools-libs-devel-4.18.0-193.64.1.el8_2.aarch64.rpm perf-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm python3-perf-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm
ppc64le: bpftool-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-debug-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-tools-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-tools-libs-devel-4.18.0-193.64.1.el8_2.ppc64le.rpm perf-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm python3-perf-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm
x86_64: bpftool-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-debug-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-tools-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-tools-libs-devel-4.18.0-193.64.1.el8_2.x86_64.rpm perf-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm python3-perf-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-3609 https://access.redhat.com/security/cve/CVE-2021-22543 https://access.redhat.com/security/cve/CVE-2021-22555 https://access.redhat.com/security/cve/CVE-2021-32399 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYS31B9zjgjWX9erEAQgW+g/+J99Y+Y7e8ycInntMh7wHvU3/48D0LHEh HZo1cy4MY9GvBX5ijfFZKvQR2TLGZR0fa5driCzQ/4WW2RwUjRExpIdOLPEKqKwd iaYXAM7LJctQX3V3lW3f+fwLxz04lxOCzXdmbBgQIsVVX4nflCEF6htIIINW5Kp8 49i1h7ca0dMRwAh9OTPw59Z0WrVB7C+jkr9kUr+rYuJz389PCPvfpzkksRHZ3wEf veunhvMhPSbambyqnFbBfpxQ5523qx0nXaHQ24WYg3DkRaWhw/1jwSqUxIQPaxJR sYv9jQ1hwW8JNg4TxuCrEK4PPgRaMK2NXMmqAXY7dHQudTOIwxy4zzxH7ptYkylL I/NJ+sD3WbN1LmnT+fU/zy/etPyRtHIucdvpnzYIV7NUgg7h9E10e+yg5d4MIe1/ FN/oyEiScNHMxqlHrWeVIq9LXabf8IhZFwYJyJLagCIYAMIlN6LFfAwUFoK+0Fjj azg7GWirLC31paNlLmEJPiVYT13TqINkntt7oXcvJeV0KPT+w6MtCkUQuiPW/ZNP RWMQd2vvqYGLjL4Osw74uzdP1potEZFupUoxMUJpmc1gXMxAPr4HwdgpUbwsggaX p+COJJlj0rXgKbRyBpjpJ5px+s92zYQ/6yOGOQO7Q4txXgYQb3TO7fzzoVAs7JfX SscZLhxIDUg=PDEr -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-1451",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "solidfire baseboard management controller",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "eq",
"trust": 1.0,
"vendor": "linux",
"version": "2021-05-18"
},
{
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": null,
"trust": 0.8,
"vendor": "linux",
"version": null
},
{
"model": "solidfire baseboard management controller",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "baseboard management controller",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007425"
},
{
"db": "NVD",
"id": "CVE-2021-22543"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "164562"
},
{
"db": "PACKETSTORM",
"id": "163926"
},
{
"db": "PACKETSTORM",
"id": "163770"
},
{
"db": "PACKETSTORM",
"id": "163972"
},
{
"db": "PACKETSTORM",
"id": "163861"
},
{
"db": "PACKETSTORM",
"id": "164583"
},
{
"db": "PACKETSTORM",
"id": "164412"
},
{
"db": "PACKETSTORM",
"id": "163995"
}
],
"trust": 0.8
},
"cve": "CVE-2021-22543",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22543",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-380980",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-22543",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22543",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22543",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-22543",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-1684",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-380980",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-22543",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380980"
},
{
"db": "VULMON",
"id": "CVE-2021-22543"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007425"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1684"
},
{
"db": "NVD",
"id": "CVE-2021-22543"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. Linux Kernel Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Arch Linux is an application system of Arch open source. A lightweight and flexible Linux\u00ae distribution that tries to keep it simple. \nThese packages include redhat-release-virtualization-host, ovirt-node, and\nrhev-hypervisor. RHVH features a Cockpit user interface for\nmonitoring the host\u0027s resources and performing administrative tasks. \n\nBug Fix(es):\n\n* Rebase package(s) to version: 1.2.23\n\nHighlights, important fixes, or notable enhancements: \n\n* imgbase should not copy the selinux binary policy file (BZ# 1979624)\n(BZ#1989397)\n\n* RHV-H has been rebased on Red Hat Enterprise Linux 8.4 Batch #2. \n(BZ#1975177)\n\n4. 8) - x86_64\n\n3. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. \n\nBug Fix(es):\n\n* kernel-rt: update RT source tree to the RHEL-8.4.z source tree\n(BZ#1985050)\n\n* kernel-rt: Merge mm/memcg: Fix kmem_cache_alloc() performance regression\n(BZ#1987102)\n\n4. 8.1) - ppc64le, x86_64\n\n3. Description:\n\nThis is a kernel live patch module which is automatically loaded by the RPM\npost-install script to modify the code of a running kernel. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.12 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following Release Notes\ndocumentation, which will be updated shortly for this release, for\nadditional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.1/html/release_notes/\n\nSecurity fixes:\n\n* redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626)\n\n* redis: Integer overflow issue with Streams (CVE-2021-32627)\n\n* redis: Integer overflow bug in the ziplist data structure\n(CVE-2021-32628)\n\n* redis: Integer overflow issue with intsets (CVE-2021-32687)\n\n* redis: Integer overflow issue with strings (CVE-2021-41099)\n\n* redis: Denial of service via Redis Standard Protocol (RESP) request\n(CVE-2021-32675)\n\n* redis: Out of bounds read in lua debugger protocol parser\n(CVE-2021-32672)\n\nFor more details about the security issues, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nContainer updates:\n\n* RHACM 2.1.12 images (BZ# 2007489)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. To apply this upgrade,\nyou \nmust upgrade your OpenShift Container Platform version to 4.6, or later. Bugs fixed (https://bugzilla.redhat.com/):\n\n2007489 - RHACM 2.1.12 images\n2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets\n2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request\n2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser\n2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure\n2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams\n2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack\n2011020 - CVE-2021-41099 redis: Integer overflow issue with strings\n\n5. \n\nBug Fix(es):\n\n* [CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap\n[7.9.z] (BZ#1975161)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: kernel security, bug fix, and enhancement update\nAdvisory ID: RHSA-2021:3363-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:3363\nIssue date: 2021-08-31\nCVE Names: CVE-2021-3609 CVE-2021-22543 CVE-2021-22555\n CVE-2021-32399\n====================================================================\n1. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 8.2\nExtended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat CodeReady Linux Builder EUS (v. 8.2) - aarch64, ppc64le, x86_64\nRed Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system. \n\nSecurity Fix(es):\n\n* kernel: race condition in net/can/bcm.c leads to local privilege\nescalation (CVE-2021-3609)\n\n* kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO\nchecks (CVE-2021-22543)\n\n* kernel: out-of-bounds write in xt_compat_target_from_user() in\nnet/netfilter/x_tables.c (CVE-2021-22555)\n\n* kernel: race condition for removal of the HCI controller (CVE-2021-32399)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* [Regression] RHEL8.2 - ISST-LTE:pVM:diapvmlp83:sum:memory DLPAR fails to\nadd memory on multiple trials[mm/memory_hotplug.c:1163] (mm-) (BZ#1930169)\n\n* Every server is displaying the same power levels for all of our i40e 25G\ninterfaces. 10G interfaces seem to be correct. Ethtool version is 5.0\n(BZ#1967100)\n\n* s390/uv: Fix handling of length extensions (BZ#1975657)\n\n* RHEL 8.3 using FCOE via a FastLinQ QL45000 card will not manually scan in\nLUN from Target_id\u0027s over 8 (BZ#1976265)\n\n* Backport \"tick/nohz: Conditionally restart tick on idle exit\" to RHEL 8.5\n(BZ#1978711)\n\n* rhel8.3: phase 2 netfilter backports from upstream (BZ#1980323)\n\n* xfrm: backports from upstream (BZ#1981841)\n\nEnhancement(s):\n\n* [8.2.z] Incorrect parsing of ACPI HMAT table reports incorrect kernel\nWARNING taint (BZ#1943702)\n\n* Only selected patches from [IBM 8.4 FEAT] ibmvnic: Backport FW950 and\nassorted bug fixes (BZ#1980795)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1965461 - CVE-2021-22543 kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks\n1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller\n1971651 - CVE-2021-3609 kernel: race condition in net/can/bcm.c leads to local privilege escalation\n1980101 - CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS EUS (v. 8.2):\n\nSource:\nkernel-4.18.0-193.64.1.el8_2.src.rpm\n\naarch64:\nbpftool-4.18.0-193.64.1.el8_2.aarch64.rpm\nbpftool-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-core-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-cross-headers-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-debug-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-debug-core-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-debug-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-debug-devel-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-debug-modules-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-debug-modules-extra-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-debuginfo-common-aarch64-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-devel-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-headers-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-modules-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-modules-extra-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-tools-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-tools-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-tools-libs-4.18.0-193.64.1.el8_2.aarch64.rpm\nperf-4.18.0-193.64.1.el8_2.aarch64.rpm\nperf-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm\npython3-perf-4.18.0-193.64.1.el8_2.aarch64.rpm\npython3-perf-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm\n\nnoarch:\nkernel-abi-whitelists-4.18.0-193.64.1.el8_2.noarch.rpm\nkernel-doc-4.18.0-193.64.1.el8_2.noarch.rpm\n\nppc64le:\nbpftool-4.18.0-193.64.1.el8_2.ppc64le.rpm\nbpftool-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-core-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-cross-headers-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-debug-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-debug-core-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-debug-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-debug-devel-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-debug-modules-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-debug-modules-extra-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-devel-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-headers-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-modules-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-modules-extra-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-tools-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-tools-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-tools-libs-4.18.0-193.64.1.el8_2.ppc64le.rpm\nperf-4.18.0-193.64.1.el8_2.ppc64le.rpm\nperf-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm\npython3-perf-4.18.0-193.64.1.el8_2.ppc64le.rpm\npython3-perf-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm\n\ns390x:\nbpftool-4.18.0-193.64.1.el8_2.s390x.rpm\nbpftool-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-core-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-cross-headers-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-debug-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-debug-core-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-debug-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-debug-devel-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-debug-modules-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-debug-modules-extra-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-debuginfo-common-s390x-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-devel-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-headers-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-modules-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-modules-extra-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-tools-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-tools-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-zfcpdump-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-zfcpdump-core-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-zfcpdump-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-zfcpdump-devel-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-zfcpdump-modules-4.18.0-193.64.1.el8_2.s390x.rpm\nkernel-zfcpdump-modules-extra-4.18.0-193.64.1.el8_2.s390x.rpm\nperf-4.18.0-193.64.1.el8_2.s390x.rpm\nperf-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm\npython3-perf-4.18.0-193.64.1.el8_2.s390x.rpm\npython3-perf-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm\n\nx86_64:\nbpftool-4.18.0-193.64.1.el8_2.x86_64.rpm\nbpftool-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-core-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-cross-headers-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-debug-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-debug-core-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-debug-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-debug-devel-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-debug-modules-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-debug-modules-extra-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-debuginfo-common-x86_64-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-devel-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-headers-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-modules-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-modules-extra-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-tools-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-tools-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-tools-libs-4.18.0-193.64.1.el8_2.x86_64.rpm\nperf-4.18.0-193.64.1.el8_2.x86_64.rpm\nperf-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm\npython3-perf-4.18.0-193.64.1.el8_2.x86_64.rpm\npython3-perf-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm\n\nRed Hat CodeReady Linux Builder EUS (v. 8.2):\n\naarch64:\nbpftool-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-debug-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-debuginfo-common-aarch64-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-tools-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm\nkernel-tools-libs-devel-4.18.0-193.64.1.el8_2.aarch64.rpm\nperf-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm\npython3-perf-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm\n\nppc64le:\nbpftool-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-debug-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-debuginfo-common-ppc64le-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-tools-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm\nkernel-tools-libs-devel-4.18.0-193.64.1.el8_2.ppc64le.rpm\nperf-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm\npython3-perf-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm\n\nx86_64:\nbpftool-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-debug-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-debuginfo-common-x86_64-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-tools-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm\nkernel-tools-libs-devel-4.18.0-193.64.1.el8_2.x86_64.rpm\nperf-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm\npython3-perf-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3609\nhttps://access.redhat.com/security/cve/CVE-2021-22543\nhttps://access.redhat.com/security/cve/CVE-2021-22555\nhttps://access.redhat.com/security/cve/CVE-2021-32399\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYS31B9zjgjWX9erEAQgW+g/+J99Y+Y7e8ycInntMh7wHvU3/48D0LHEh\nHZo1cy4MY9GvBX5ijfFZKvQR2TLGZR0fa5driCzQ/4WW2RwUjRExpIdOLPEKqKwd\niaYXAM7LJctQX3V3lW3f+fwLxz04lxOCzXdmbBgQIsVVX4nflCEF6htIIINW5Kp8\n49i1h7ca0dMRwAh9OTPw59Z0WrVB7C+jkr9kUr+rYuJz389PCPvfpzkksRHZ3wEf\nveunhvMhPSbambyqnFbBfpxQ5523qx0nXaHQ24WYg3DkRaWhw/1jwSqUxIQPaxJR\nsYv9jQ1hwW8JNg4TxuCrEK4PPgRaMK2NXMmqAXY7dHQudTOIwxy4zzxH7ptYkylL\nI/NJ+sD3WbN1LmnT+fU/zy/etPyRtHIucdvpnzYIV7NUgg7h9E10e+yg5d4MIe1/\nFN/oyEiScNHMxqlHrWeVIq9LXabf8IhZFwYJyJLagCIYAMIlN6LFfAwUFoK+0Fjj\nazg7GWirLC31paNlLmEJPiVYT13TqINkntt7oXcvJeV0KPT+w6MtCkUQuiPW/ZNP\nRWMQd2vvqYGLjL4Osw74uzdP1potEZFupUoxMUJpmc1gXMxAPr4HwdgpUbwsggaX\np+COJJlj0rXgKbRyBpjpJ5px+s92zYQ/6yOGOQO7Q4txXgYQb3TO7fzzoVAs7JfX\nSscZLhxIDUg=PDEr\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22543"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007425"
},
{
"db": "VULHUB",
"id": "VHN-380980"
},
{
"db": "VULMON",
"id": "CVE-2021-22543"
},
{
"db": "PACKETSTORM",
"id": "164562"
},
{
"db": "PACKETSTORM",
"id": "163926"
},
{
"db": "PACKETSTORM",
"id": "163770"
},
{
"db": "PACKETSTORM",
"id": "163972"
},
{
"db": "PACKETSTORM",
"id": "163861"
},
{
"db": "PACKETSTORM",
"id": "164583"
},
{
"db": "PACKETSTORM",
"id": "164412"
},
{
"db": "PACKETSTORM",
"id": "163995"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22543",
"trust": 4.2
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/06/26/1",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "164583",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007425",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "164589",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164666",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167858",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164562",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163995",
"trust": 0.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/05/26/3",
"trust": 0.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/05/26/4",
"trust": 0.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/05/26/5",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3485",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3324",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3034",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3626",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2959",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3372",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2764",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3536",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3173",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3554",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4163",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3249",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3389",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3015",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2899",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4156",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2691",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3137",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4282",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3456",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4089",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3499",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2789",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164331",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163865",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164098",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164076",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164223",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164431",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164186",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164028",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164484",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164237",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163767",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164477",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021082206",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021083123",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021111726",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072069",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021102111",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021090126",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101336",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022020931",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021100618",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1684",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164652",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-380980",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-22543",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163926",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163770",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163972",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163861",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164412",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380980"
},
{
"db": "VULMON",
"id": "CVE-2021-22543"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007425"
},
{
"db": "PACKETSTORM",
"id": "164562"
},
{
"db": "PACKETSTORM",
"id": "163926"
},
{
"db": "PACKETSTORM",
"id": "163770"
},
{
"db": "PACKETSTORM",
"id": "163972"
},
{
"db": "PACKETSTORM",
"id": "163861"
},
{
"db": "PACKETSTORM",
"id": "164583"
},
{
"db": "PACKETSTORM",
"id": "164412"
},
{
"db": "PACKETSTORM",
"id": "163995"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1684"
},
{
"db": "NVD",
"id": "CVE-2021-22543"
}
]
},
"id": "VAR-202105-1451",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-380980"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T22:04:34.245000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Linux\u00a0Kernel\u00a0Archives NetAppNetApp\u00a0Advisory",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"title": "Red Hat: Important: kernel security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225640 - Security Advisory"
},
{
"title": "Red Hat: CVE-2021-22543",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-22543"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1699",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1699"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-22543 log"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1539",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1539"
},
{
"title": "Amazon Linux 2: ALAS2KERNEL-5.4-2022-004",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2KERNEL-5.4-2022-004"
},
{
"title": "Amazon Linux 2: ALAS2KERNEL-5.10-2022-002",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2KERNEL-5.10-2022-002"
},
{
"title": "CVE-2021-22543",
"trust": 0.1,
"url": "https://github.com/JamesGeeee/CVE-2021-22543 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22543"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007425"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
},
{
"problemtype": "Buffer error (CWE-119) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380980"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007425"
},
{
"db": "NVD",
"id": "CVE-2021-22543"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22543"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210708-0002/"
},
{
"trust": 1.8,
"url": "https://github.com/google/security-research/security/advisories/ghsa-7wq5-phmq-m584"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2021/06/26/1"
},
{
"trust": 1.5,
"url": "https://access.redhat.com/security/cve/cve-2021-22543"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4g5ybuvephzyxmkngbz3s6infcteel4e/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/roqixqb7zawi3ksgshr6h5rduwzi775s/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/roqixqb7zawi3ksgshr6h5rduwzi775s/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4g5ybuvephzyxmkngbz3s6infcteel4e/"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22555"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-22555"
},
{
"trust": 0.6,
"url": "http://www.openwall.com/lists/oss-security/2021/05/26/5"
},
{
"trust": 0.6,
"url": "http://www.openwall.com/lists/oss-security/2021/05/26/3"
},
{
"trust": 0.6,
"url": "http://www.openwall.com/lists/oss-security/2021/05/26/4"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2899"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3034"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021090126"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4089"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3554"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4282"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4163"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021083123"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164431/ubuntu-security-notice-usn-5106-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2789"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021111726"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164484/red-hat-security-advisory-2021-3802-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3485"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164098/ubuntu-security-notice-usn-5070-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164186/ubuntu-security-notice-usn-5071-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3324"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164589/ubuntu-security-notice-usn-5120-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164562/red-hat-security-advisory-2021-3925-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167858/red-hat-security-advisory-2022-5640-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164331/ubuntu-security-notice-usn-5094-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021082206"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022020931"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3249"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2959"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164666/red-hat-security-advisory-2021-4000-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164028/red-hat-security-advisory-2021-3262-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2764"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3137"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3456"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3015"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3499"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3372"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3173"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163995/red-hat-security-advisory-2021-3363-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101336"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164223/red-hat-security-advisory-2021-3598-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072069"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163767/red-hat-security-advisory-2021-3044-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3626"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164583/red-hat-security-advisory-2021-3949-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3536"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/linux-kernel-memory-corruption-via-dev-kvm-35543"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164076/red-hat-security-advisory-2021-3454-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164477/red-hat-security-advisory-2021-3814-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2691"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164237/ubuntu-security-notice-usn-5071-3.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3389"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4156"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021100618"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021102111"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163865/red-hat-security-advisory-2021-3173-01.html"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3609"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3609"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32399"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-32399"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37576"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-37576"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36222"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-32626"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-32687"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32626"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41099"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32675"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3656"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3653"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3656"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22922"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22924"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-32675"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-4658"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-41099"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3653"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32627"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32687"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32628"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32672"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-32627"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-32672"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22923"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-32628"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5640"
},
{
"trust": 0.1,
"url": "https://github.com/jamesgeeee/cve-2021-22543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25648"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25741"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23017"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25648"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21671"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3925"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32690"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21671"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32690"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23017"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25741"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3621"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3088"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3380"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3181"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3949"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3725"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3363"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380980"
},
{
"db": "VULMON",
"id": "CVE-2021-22543"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007425"
},
{
"db": "PACKETSTORM",
"id": "164562"
},
{
"db": "PACKETSTORM",
"id": "163926"
},
{
"db": "PACKETSTORM",
"id": "163770"
},
{
"db": "PACKETSTORM",
"id": "163972"
},
{
"db": "PACKETSTORM",
"id": "163861"
},
{
"db": "PACKETSTORM",
"id": "164583"
},
{
"db": "PACKETSTORM",
"id": "164412"
},
{
"db": "PACKETSTORM",
"id": "163995"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1684"
},
{
"db": "NVD",
"id": "CVE-2021-22543"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-380980"
},
{
"db": "VULMON",
"id": "CVE-2021-22543"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007425"
},
{
"db": "PACKETSTORM",
"id": "164562"
},
{
"db": "PACKETSTORM",
"id": "163926"
},
{
"db": "PACKETSTORM",
"id": "163770"
},
{
"db": "PACKETSTORM",
"id": "163972"
},
{
"db": "PACKETSTORM",
"id": "163861"
},
{
"db": "PACKETSTORM",
"id": "164583"
},
{
"db": "PACKETSTORM",
"id": "164412"
},
{
"db": "PACKETSTORM",
"id": "163995"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-1684"
},
{
"db": "NVD",
"id": "CVE-2021-22543"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-26T00:00:00",
"db": "VULHUB",
"id": "VHN-380980"
},
{
"date": "2021-05-26T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22543"
},
{
"date": "2022-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007425"
},
{
"date": "2021-10-20T15:45:47",
"db": "PACKETSTORM",
"id": "164562"
},
{
"date": "2021-08-28T13:22:22",
"db": "PACKETSTORM",
"id": "163926"
},
{
"date": "2021-08-10T14:49:29",
"db": "PACKETSTORM",
"id": "163770"
},
{
"date": "2021-08-31T15:58:41",
"db": "PACKETSTORM",
"id": "163972"
},
{
"date": "2021-08-17T15:14:36",
"db": "PACKETSTORM",
"id": "163861"
},
{
"date": "2021-10-21T15:31:47",
"db": "PACKETSTORM",
"id": "164583"
},
{
"date": "2021-10-05T15:00:09",
"db": "PACKETSTORM",
"id": "164412"
},
{
"date": "2021-08-31T16:27:27",
"db": "PACKETSTORM",
"id": "163995"
},
{
"date": "2021-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1684"
},
{
"date": "2021-05-26T11:15:08.623000",
"db": "NVD",
"id": "CVE-2021-22543"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-380980"
},
{
"date": "2022-04-01T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22543"
},
{
"date": "2022-02-10T08:59:00",
"db": "JVNDB",
"id": "JVNDB-2021-007425"
},
{
"date": "2022-07-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-1684"
},
{
"date": "2024-05-29T20:15:09.870000",
"db": "NVD",
"id": "CVE-2021-22543"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1684"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux\u00a0Kernel\u00a0 Buffer Error Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007425"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-1684"
}
],
"trust": 0.6
}
}
var-202010-1571
Vulnerability from variot
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. PHP Contains a cryptographic vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in PHP versions 7.2.0, 7.3.0 and 7.4.0 due to the fact that the 'mbfl_filt_conv_big5_wchar' function does not check bounds properly. A remote attacker could exploit this vulnerability with specially crafted parameters to execute arbitrary code on the system or cause an application to crash. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: rh-php73-php security, bug fix, and enhancement update Advisory ID: RHSA-2021:2992-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:2992 Issue date: 2021-08-03 CVE Names: CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 CVE-2020-7071 CVE-2021-21702 CVE-2021-21705 ==================================================================== 1. Summary:
An update for rh-php73-php is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
The following packages have been upgraded to a later upstream version: rh-php73-php (7.3.29). (BZ#1977764)
Security Fix(es):
-
php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV (CVE-2020-7069)
-
php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo (CVE-2020-7071)
-
php: SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705)
-
php: Use of freed hash key in the phar_parse_zipfile function (CVE-2020-7068)
-
php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server (CVE-2020-7070)
-
php: NULL pointer dereference in SoapClient (CVE-2021-21702)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1868109 - CVE-2020-7068 php: Use of freed hash key in the phar_parse_zipfile function 1885735 - CVE-2020-7069 php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV 1885738 - CVE-2020-7070 php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server 1913846 - CVE-2020-7071 php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo 1925272 - CVE-2021-21702 php: NULL pointer dereference in SoapClient 1977764 - PDO ODBC truncates BLOB records at every 256th byte [rhscl-3.7.z] 1978755 - CVE-2021-21705 php: SSRF bypass in FILTER_VALIDATE_URL
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-php73-php-7.3.29-1.el7.src.rpm
ppc64le: rh-php73-php-7.3.29-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.29-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.29-1.el7.ppc64le.rpm rh-php73-php-common-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.29-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.29-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.29-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.29-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.29-1.el7.ppc64le.rpm rh-php73-php-json-7.3.29-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.29-1.el7.ppc64le.rpm rh-php73-php-process-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.29-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.29-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.29-1.el7.ppc64le.rpm
s390x: rh-php73-php-7.3.29-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.29-1.el7.s390x.rpm rh-php73-php-cli-7.3.29-1.el7.s390x.rpm rh-php73-php-common-7.3.29-1.el7.s390x.rpm rh-php73-php-dba-7.3.29-1.el7.s390x.rpm rh-php73-php-dbg-7.3.29-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.29-1.el7.s390x.rpm rh-php73-php-devel-7.3.29-1.el7.s390x.rpm rh-php73-php-embedded-7.3.29-1.el7.s390x.rpm rh-php73-php-enchant-7.3.29-1.el7.s390x.rpm rh-php73-php-fpm-7.3.29-1.el7.s390x.rpm rh-php73-php-gd-7.3.29-1.el7.s390x.rpm rh-php73-php-gmp-7.3.29-1.el7.s390x.rpm rh-php73-php-intl-7.3.29-1.el7.s390x.rpm rh-php73-php-json-7.3.29-1.el7.s390x.rpm rh-php73-php-ldap-7.3.29-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.29-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.s390x.rpm rh-php73-php-odbc-7.3.29-1.el7.s390x.rpm rh-php73-php-opcache-7.3.29-1.el7.s390x.rpm rh-php73-php-pdo-7.3.29-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.29-1.el7.s390x.rpm rh-php73-php-process-7.3.29-1.el7.s390x.rpm rh-php73-php-pspell-7.3.29-1.el7.s390x.rpm rh-php73-php-recode-7.3.29-1.el7.s390x.rpm rh-php73-php-snmp-7.3.29-1.el7.s390x.rpm rh-php73-php-soap-7.3.29-1.el7.s390x.rpm rh-php73-php-xml-7.3.29-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.s390x.rpm rh-php73-php-zip-7.3.29-1.el7.s390x.rpm
x86_64: rh-php73-php-7.3.29-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm rh-php73-php-cli-7.3.29-1.el7.x86_64.rpm rh-php73-php-common-7.3.29-1.el7.x86_64.rpm rh-php73-php-dba-7.3.29-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm rh-php73-php-devel-7.3.29-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm rh-php73-php-gd-7.3.29-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-intl-7.3.29-1.el7.x86_64.rpm rh-php73-php-json-7.3.29-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm rh-php73-php-process-7.3.29-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm rh-php73-php-recode-7.3.29-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-soap-7.3.29-1.el7.x86_64.rpm rh-php73-php-xml-7.3.29-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm rh-php73-php-zip-7.3.29-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-php73-php-7.3.29-1.el7.src.rpm
ppc64le: rh-php73-php-7.3.29-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.29-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.29-1.el7.ppc64le.rpm rh-php73-php-common-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.29-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.29-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.29-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.29-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.29-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.29-1.el7.ppc64le.rpm rh-php73-php-json-7.3.29-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.29-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.29-1.el7.ppc64le.rpm rh-php73-php-process-7.3.29-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.29-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.29-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.29-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.29-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.29-1.el7.ppc64le.rpm
s390x: rh-php73-php-7.3.29-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.29-1.el7.s390x.rpm rh-php73-php-cli-7.3.29-1.el7.s390x.rpm rh-php73-php-common-7.3.29-1.el7.s390x.rpm rh-php73-php-dba-7.3.29-1.el7.s390x.rpm rh-php73-php-dbg-7.3.29-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.29-1.el7.s390x.rpm rh-php73-php-devel-7.3.29-1.el7.s390x.rpm rh-php73-php-embedded-7.3.29-1.el7.s390x.rpm rh-php73-php-enchant-7.3.29-1.el7.s390x.rpm rh-php73-php-fpm-7.3.29-1.el7.s390x.rpm rh-php73-php-gd-7.3.29-1.el7.s390x.rpm rh-php73-php-gmp-7.3.29-1.el7.s390x.rpm rh-php73-php-intl-7.3.29-1.el7.s390x.rpm rh-php73-php-json-7.3.29-1.el7.s390x.rpm rh-php73-php-ldap-7.3.29-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.29-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.s390x.rpm rh-php73-php-odbc-7.3.29-1.el7.s390x.rpm rh-php73-php-opcache-7.3.29-1.el7.s390x.rpm rh-php73-php-pdo-7.3.29-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.29-1.el7.s390x.rpm rh-php73-php-process-7.3.29-1.el7.s390x.rpm rh-php73-php-pspell-7.3.29-1.el7.s390x.rpm rh-php73-php-recode-7.3.29-1.el7.s390x.rpm rh-php73-php-snmp-7.3.29-1.el7.s390x.rpm rh-php73-php-soap-7.3.29-1.el7.s390x.rpm rh-php73-php-xml-7.3.29-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.s390x.rpm rh-php73-php-zip-7.3.29-1.el7.s390x.rpm
x86_64: rh-php73-php-7.3.29-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm rh-php73-php-cli-7.3.29-1.el7.x86_64.rpm rh-php73-php-common-7.3.29-1.el7.x86_64.rpm rh-php73-php-dba-7.3.29-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm rh-php73-php-devel-7.3.29-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm rh-php73-php-gd-7.3.29-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-intl-7.3.29-1.el7.x86_64.rpm rh-php73-php-json-7.3.29-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm rh-php73-php-process-7.3.29-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm rh-php73-php-recode-7.3.29-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-soap-7.3.29-1.el7.x86_64.rpm rh-php73-php-xml-7.3.29-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm rh-php73-php-zip-7.3.29-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-php73-php-7.3.29-1.el7.src.rpm
x86_64: rh-php73-php-7.3.29-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm rh-php73-php-cli-7.3.29-1.el7.x86_64.rpm rh-php73-php-common-7.3.29-1.el7.x86_64.rpm rh-php73-php-dba-7.3.29-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm rh-php73-php-devel-7.3.29-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm rh-php73-php-gd-7.3.29-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-intl-7.3.29-1.el7.x86_64.rpm rh-php73-php-json-7.3.29-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm rh-php73-php-process-7.3.29-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm rh-php73-php-recode-7.3.29-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm rh-php73-php-soap-7.3.29-1.el7.x86_64.rpm rh-php73-php-xml-7.3.29-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm rh-php73-php-zip-7.3.29-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-7068 https://access.redhat.com/security/cve/CVE-2020-7069 https://access.redhat.com/security/cve/CVE-2020-7070 https://access.redhat.com/security/cve/CVE-2020-7071 https://access.redhat.com/security/cve/CVE-2021-21702 https://access.redhat.com/security/cve/CVE-2021-21705 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYQkJj9zjgjWX9erEAQgi0w/9HBV5SuB3M7vK1ssSWffk2HuyWHLVm+wV Wy96rIvzD1KrNeLTn3HAByHCIgHew6KD1mnoEawc5DItVY6oRlfW8ldX2P8fsk0C 2xzmNy8jAzA0BjYZeYXfMQROpqiqCQVkPhAfeeWaVxn6jRH28oSwmF2U60HOoqLW tWsNmX+kyzWdUhvDSJ2Z/pmftpvWgR8m2hbQDiNF6j7VTUcBB5Ft1CZ5AH5TFkO2 T/35iXqS3imgf6MVfS4fIZHmK7j59B93xv4XCLbsoFJ+YLrzESu1xouZOsU0REdw AGHnGQX/37DcBm3qdMH3DE0aBltk2AgzKdhwxG+gAREVVA2seeJSS9u6N368FSIW 4Q1mLY0bQtdXc9XjmbTnA5sorQoeMdoM8P5DRxvGPG7armFisdhqqNuymcVTmwvz obgIIpuhM1ZOWrMZ5MyWTMKM1/5YdZk1F5wUgto1/DdTfeBOy/grNR1FKSiFcWYH x85ziJdRZK4nQmTeMIXLQvv9ZsDS4k1eRfil9Sq7WQdPjlm1mwYyhdAay/dNSdtd WCruH54kv/dZlv52jZqC1Fr7IzQY48Y2pvknRmCJgitHum6WaKkjaQC+iKR/N0wq ZzINH2j1osQ381u+uJc4wYPHIFw/oWOosDWiuUYX+4oO7+0lAuEYQltmN5qF3z25 OwqKXJAGJYo=waMi -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202012-16
https://security.gentoo.org/
Severity: Low Title: PHP: Multiple vulnerabilities Date: December 23, 2020 Bugs: #711140, #745993, #756775 ID: 202012-16
Synopsis
Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition.
Background
PHP is an open source general-purpose scripting language that is especially suited for web development.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-lang/php < 8.0.0 >= 7.2.34-r1:7.2 >= 7.3.25:7.3 >= 7.4.13:7.4
Description
Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers and change log referenced below for details.
Impact
An attacker could cause a Denial of Service condition or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All PHP 7.2.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.2.34-r1:7.2"
All PHP 7.3.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.3.25:7.3"
All PHP 7.4.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-7.4.13:7.4"
References
[ 1 ] CVE-2020-7069 https://nvd.nist.gov/vuln/detail/CVE-2020-7069 [ 2 ] CVE-2020-7070 https://nvd.nist.gov/vuln/detail/CVE-2020-7070 [ 3 ] PHP 7.4.13 Change Log https://www.php.net/ChangeLog-7.php#7.4.13
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202012-16
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-4583-2 October 27, 2020
php7.4 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
Summary:
Several security issues were fixed in PHP. This update provides the corresponding update for Ubuntu 20.10.
Original advisory details:
It was discovered that PHP incorrectly handled certain encrypt ciphers. (CVE-2020-7069)
It was discorevered that PHP incorrectly handled certain HTTP cookies. An attacker could possibly use this issue to forge cookie which is supposed to be secure. (CVE-2020-7070)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: libapache2-mod-php7.4 7.4.9-1ubuntu1.1 php7.4-cgi 7.4.9-1ubuntu1.1 php7.4-cli 7.4.9-1ubuntu1.1 php7.4-curl 7.4.9-1ubuntu1.1 php7.4-fpm 7.4.9-1ubuntu1.1
In general, a standard system update will make all the necessary changes.
For the stable distribution (buster), these problems have been fixed in version 7.3.27-1~deb10u1.
We recommend that you upgrade your php7.3 packages.
For the detailed security status of php7.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.3
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmAtkVwACgkQEMKTtsN8 TjZ41g//e8PiVKbNVmYAbvssLu1ftKMLRmKkzQZZo4EK8GK50i25SKxlEVgGqFef PCbr7AaD3eGrTOTzIE5wqJclhhx664DAWeM68rEJKfn0w5EYznCi/h/vyBiEW4eH DAkBHcckCOMwsXgdvfQk/HAtqA1xoPmC8DZnbpgkd7feXT9/b/YYvv2dQxTMCaT3 AWaX4DBFOQVuk2yyLW9uCNC/cZBkeD3sTZFllV2SsXVr9NKMz3zxMsQAv1UlCTdl 8o8UM7d+zU3a5U5Ua1ENa2QR+RK0jhdRGgkJaXHZbdgZ+uV9rmt/PsV6NFzDseRv /lv44YF+Qs1a5u8SIUORB6BVMhCWECXgXBEQHXsoN+63xc8UcOIpI5tQHq+D4/MY YDyzC9W+fCred/NjVbaPUce6kxoz7k79/dfYbiE/sXj3pvoXqLRj9biRYUM2+/En vzstFBnZqwMv04zSzx+JALpFhkBv5ddg5R03B10o/FxndSJak1dGTUKOsa6M31qR 0pEeKmMizGq7Ws1QmqEvWfbR/uXEd43sEoaC0+OVB6XntUISRmUAj5hkFt/Yy3bd 622nZfXyhdepoPCXTEaDearJd2qdL8wcREG4f+42PMwhjTys/Iw0eVR5LGdKnlmX lbkT1Q1MX3XNbAQTIQpYX0TJJ9oCFU8Wq9HLlV2Eatqb2Hw7AEQ= =9Q7e -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-1571",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "php",
"scope": "lt",
"trust": 1.0,
"vendor": "php",
"version": "7.2.34"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "7.4.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.2"
},
{
"model": "php",
"scope": "lt",
"trust": 1.0,
"vendor": "php",
"version": "7.3.23"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "php",
"scope": "lt",
"trust": 1.0,
"vendor": "php",
"version": "7.4.11"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "20.04"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "7.2.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "tenable.sc",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "5.19.0"
},
{
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "7.3.0"
},
{
"model": "php",
"scope": null,
"trust": 0.8,
"vendor": "the php group",
"version": null
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "clustered data ontap",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "leap",
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012092"
},
{
"db": "NVD",
"id": "CVE-2020-7069"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "160708"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-435"
}
],
"trust": 0.7
},
"cve": "CVE-2020-7069",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-7069",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-185194",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2020-7069",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security@php.net",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-7069",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-7069",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-7069",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security@php.net",
"id": "CVE-2020-7069",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-7069",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-435",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-185194",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-7069",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-185194"
},
{
"db": "VULMON",
"id": "CVE-2020-7069"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012092"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-435"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2020-7069"
},
{
"db": "NVD",
"id": "CVE-2020-7069"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. PHP Contains a cryptographic vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A buffer error vulnerability exists in PHP versions 7.2.0, 7.3.0 and 7.4.0 due to the fact that the \u0027mbfl_filt_conv_big5_wchar\u0027 function does not check bounds properly. A remote attacker could exploit this vulnerability with specially crafted parameters to execute arbitrary code on the system or cause an application to crash. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: rh-php73-php security, bug fix, and enhancement update\nAdvisory ID: RHSA-2021:2992-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2992\nIssue date: 2021-08-03\nCVE Names: CVE-2020-7068 CVE-2020-7069 CVE-2020-7070\n CVE-2020-7071 CVE-2021-21702 CVE-2021-21705\n====================================================================\n1. Summary:\n\nAn update for rh-php73-php is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nThe following packages have been upgraded to a later upstream version:\nrh-php73-php (7.3.29). (BZ#1977764)\n\nSecurity Fix(es):\n\n* php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV\n(CVE-2020-7069)\n\n* php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo\n(CVE-2020-7071)\n\n* php: SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705)\n\n* php: Use of freed hash key in the phar_parse_zipfile function\n(CVE-2020-7068)\n\n* php: URL decoding of cookie names can lead to different interpretation of\ncookies between browser and server (CVE-2020-7070)\n\n* php: NULL pointer dereference in SoapClient (CVE-2021-21702)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1868109 - CVE-2020-7068 php: Use of freed hash key in the phar_parse_zipfile function\n1885735 - CVE-2020-7069 php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV\n1885738 - CVE-2020-7070 php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server\n1913846 - CVE-2020-7071 php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo\n1925272 - CVE-2021-21702 php: NULL pointer dereference in SoapClient\n1977764 - PDO ODBC truncates BLOB records at every 256th byte [rhscl-3.7.z]\n1978755 - CVE-2021-21705 php: SSRF bypass in FILTER_VALIDATE_URL\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php73-php-7.3.29-1.el7.src.rpm\n\nppc64le:\nrh-php73-php-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-cli-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-common-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-dba-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-dbg-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-devel-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-embedded-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-enchant-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-fpm-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-gd-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-gmp-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-intl-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-json-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-ldap-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-odbc-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-opcache-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pdo-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-process-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pspell-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-recode-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-snmp-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-soap-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-xml-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-zip-7.3.29-1.el7.ppc64le.rpm\n\ns390x:\nrh-php73-php-7.3.29-1.el7.s390x.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.s390x.rpm\nrh-php73-php-cli-7.3.29-1.el7.s390x.rpm\nrh-php73-php-common-7.3.29-1.el7.s390x.rpm\nrh-php73-php-dba-7.3.29-1.el7.s390x.rpm\nrh-php73-php-dbg-7.3.29-1.el7.s390x.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.s390x.rpm\nrh-php73-php-devel-7.3.29-1.el7.s390x.rpm\nrh-php73-php-embedded-7.3.29-1.el7.s390x.rpm\nrh-php73-php-enchant-7.3.29-1.el7.s390x.rpm\nrh-php73-php-fpm-7.3.29-1.el7.s390x.rpm\nrh-php73-php-gd-7.3.29-1.el7.s390x.rpm\nrh-php73-php-gmp-7.3.29-1.el7.s390x.rpm\nrh-php73-php-intl-7.3.29-1.el7.s390x.rpm\nrh-php73-php-json-7.3.29-1.el7.s390x.rpm\nrh-php73-php-ldap-7.3.29-1.el7.s390x.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.s390x.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.s390x.rpm\nrh-php73-php-odbc-7.3.29-1.el7.s390x.rpm\nrh-php73-php-opcache-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pdo-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.s390x.rpm\nrh-php73-php-process-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pspell-7.3.29-1.el7.s390x.rpm\nrh-php73-php-recode-7.3.29-1.el7.s390x.rpm\nrh-php73-php-snmp-7.3.29-1.el7.s390x.rpm\nrh-php73-php-soap-7.3.29-1.el7.s390x.rpm\nrh-php73-php-xml-7.3.29-1.el7.s390x.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.s390x.rpm\nrh-php73-php-zip-7.3.29-1.el7.s390x.rpm\n\nx86_64:\nrh-php73-php-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.29-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-php73-php-7.3.29-1.el7.src.rpm\n\nppc64le:\nrh-php73-php-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-cli-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-common-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-dba-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-dbg-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-devel-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-embedded-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-enchant-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-fpm-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-gd-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-gmp-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-intl-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-json-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-ldap-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-odbc-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-opcache-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pdo-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-process-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-pspell-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-recode-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-snmp-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-soap-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-xml-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.ppc64le.rpm\nrh-php73-php-zip-7.3.29-1.el7.ppc64le.rpm\n\ns390x:\nrh-php73-php-7.3.29-1.el7.s390x.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.s390x.rpm\nrh-php73-php-cli-7.3.29-1.el7.s390x.rpm\nrh-php73-php-common-7.3.29-1.el7.s390x.rpm\nrh-php73-php-dba-7.3.29-1.el7.s390x.rpm\nrh-php73-php-dbg-7.3.29-1.el7.s390x.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.s390x.rpm\nrh-php73-php-devel-7.3.29-1.el7.s390x.rpm\nrh-php73-php-embedded-7.3.29-1.el7.s390x.rpm\nrh-php73-php-enchant-7.3.29-1.el7.s390x.rpm\nrh-php73-php-fpm-7.3.29-1.el7.s390x.rpm\nrh-php73-php-gd-7.3.29-1.el7.s390x.rpm\nrh-php73-php-gmp-7.3.29-1.el7.s390x.rpm\nrh-php73-php-intl-7.3.29-1.el7.s390x.rpm\nrh-php73-php-json-7.3.29-1.el7.s390x.rpm\nrh-php73-php-ldap-7.3.29-1.el7.s390x.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.s390x.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.s390x.rpm\nrh-php73-php-odbc-7.3.29-1.el7.s390x.rpm\nrh-php73-php-opcache-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pdo-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.s390x.rpm\nrh-php73-php-process-7.3.29-1.el7.s390x.rpm\nrh-php73-php-pspell-7.3.29-1.el7.s390x.rpm\nrh-php73-php-recode-7.3.29-1.el7.s390x.rpm\nrh-php73-php-snmp-7.3.29-1.el7.s390x.rpm\nrh-php73-php-soap-7.3.29-1.el7.s390x.rpm\nrh-php73-php-xml-7.3.29-1.el7.s390x.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.s390x.rpm\nrh-php73-php-zip-7.3.29-1.el7.s390x.rpm\n\nx86_64:\nrh-php73-php-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.29-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php73-php-7.3.29-1.el7.src.rpm\n\nx86_64:\nrh-php73-php-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.29-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.29-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-7068\nhttps://access.redhat.com/security/cve/CVE-2020-7069\nhttps://access.redhat.com/security/cve/CVE-2020-7070\nhttps://access.redhat.com/security/cve/CVE-2020-7071\nhttps://access.redhat.com/security/cve/CVE-2021-21702\nhttps://access.redhat.com/security/cve/CVE-2021-21705\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYQkJj9zjgjWX9erEAQgi0w/9HBV5SuB3M7vK1ssSWffk2HuyWHLVm+wV\nWy96rIvzD1KrNeLTn3HAByHCIgHew6KD1mnoEawc5DItVY6oRlfW8ldX2P8fsk0C\n2xzmNy8jAzA0BjYZeYXfMQROpqiqCQVkPhAfeeWaVxn6jRH28oSwmF2U60HOoqLW\ntWsNmX+kyzWdUhvDSJ2Z/pmftpvWgR8m2hbQDiNF6j7VTUcBB5Ft1CZ5AH5TFkO2\nT/35iXqS3imgf6MVfS4fIZHmK7j59B93xv4XCLbsoFJ+YLrzESu1xouZOsU0REdw\nAGHnGQX/37DcBm3qdMH3DE0aBltk2AgzKdhwxG+gAREVVA2seeJSS9u6N368FSIW\n4Q1mLY0bQtdXc9XjmbTnA5sorQoeMdoM8P5DRxvGPG7armFisdhqqNuymcVTmwvz\nobgIIpuhM1ZOWrMZ5MyWTMKM1/5YdZk1F5wUgto1/DdTfeBOy/grNR1FKSiFcWYH\nx85ziJdRZK4nQmTeMIXLQvv9ZsDS4k1eRfil9Sq7WQdPjlm1mwYyhdAay/dNSdtd\nWCruH54kv/dZlv52jZqC1Fr7IzQY48Y2pvknRmCJgitHum6WaKkjaQC+iKR/N0wq\nZzINH2j1osQ381u+uJc4wYPHIFw/oWOosDWiuUYX+4oO7+0lAuEYQltmN5qF3z25\nOwqKXJAGJYo=waMi\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. This issue only affected Ubuntu 18.04 LTS and\nUbuntu 20.04 LTS. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202012-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: PHP: Multiple vulnerabilities\n Date: December 23, 2020\n Bugs: #711140, #745993, #756775\n ID: 202012-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in PHP, the worst of which\ncould result in a Denial of Service condition. \n\nBackground\n==========\n\nPHP is an open source general-purpose scripting language that is\nespecially suited for web development. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-lang/php \u003c 8.0.0 \u003e= 7.2.34-r1:7.2\n \u003e= 7.3.25:7.3\n \u003e= 7.4.13:7.4\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in PHP. Please review the\nCVE identifiers and change log referenced below for details. \n\nImpact\n======\n\nAn attacker could cause a Denial of Service condition or obtain\nsensitive information. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP 7.2.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-7.2.34-r1:7.2\"\n\nAll PHP 7.3.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-7.3.25:7.3\"\n\nAll PHP 7.4.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-lang/php-7.4.13:7.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-7069\n https://nvd.nist.gov/vuln/detail/CVE-2020-7069\n[ 2 ] CVE-2020-7070\n https://nvd.nist.gov/vuln/detail/CVE-2020-7070\n[ 3 ] PHP 7.4.13 Change Log\n https://www.php.net/ChangeLog-7.php#7.4.13\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202012-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. =========================================================================\nUbuntu Security Notice USN-4583-2\nOctober 27, 2020\n\nphp7.4 vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n\nSummary:\n\nSeveral security issues were fixed in PHP. This update provides\nthe corresponding update for Ubuntu 20.10. \n\nOriginal advisory details:\n\n It was discovered that PHP incorrectly handled certain encrypt ciphers. (CVE-2020-7069)\n\n It was discorevered that PHP incorrectly handled certain HTTP cookies. \n An attacker could possibly use this issue to forge cookie which is supposed to\n be secure. (CVE-2020-7070)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n libapache2-mod-php7.4 7.4.9-1ubuntu1.1\n php7.4-cgi 7.4.9-1ubuntu1.1\n php7.4-cli 7.4.9-1ubuntu1.1\n php7.4-curl 7.4.9-1ubuntu1.1\n php7.4-fpm 7.4.9-1ubuntu1.1\n\nIn general, a standard system update will make all the necessary changes. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.3.27-1~deb10u1. \n\nWe recommend that you upgrade your php7.3 packages. \n\nFor the detailed security status of php7.3 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/php7.3\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmAtkVwACgkQEMKTtsN8\nTjZ41g//e8PiVKbNVmYAbvssLu1ftKMLRmKkzQZZo4EK8GK50i25SKxlEVgGqFef\nPCbr7AaD3eGrTOTzIE5wqJclhhx664DAWeM68rEJKfn0w5EYznCi/h/vyBiEW4eH\nDAkBHcckCOMwsXgdvfQk/HAtqA1xoPmC8DZnbpgkd7feXT9/b/YYvv2dQxTMCaT3\nAWaX4DBFOQVuk2yyLW9uCNC/cZBkeD3sTZFllV2SsXVr9NKMz3zxMsQAv1UlCTdl\n8o8UM7d+zU3a5U5Ua1ENa2QR+RK0jhdRGgkJaXHZbdgZ+uV9rmt/PsV6NFzDseRv\n/lv44YF+Qs1a5u8SIUORB6BVMhCWECXgXBEQHXsoN+63xc8UcOIpI5tQHq+D4/MY\nYDyzC9W+fCred/NjVbaPUce6kxoz7k79/dfYbiE/sXj3pvoXqLRj9biRYUM2+/En\nvzstFBnZqwMv04zSzx+JALpFhkBv5ddg5R03B10o/FxndSJak1dGTUKOsa6M31qR\n0pEeKmMizGq7Ws1QmqEvWfbR/uXEd43sEoaC0+OVB6XntUISRmUAj5hkFt/Yy3bd\n622nZfXyhdepoPCXTEaDearJd2qdL8wcREG4f+42PMwhjTys/Iw0eVR5LGdKnlmX\nlbkT1Q1MX3XNbAQTIQpYX0TJJ9oCFU8Wq9HLlV2Eatqb2Hw7AEQ=\n=9Q7e\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7069"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012092"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-185194"
},
{
"db": "VULMON",
"id": "CVE-2020-7069"
},
{
"db": "PACKETSTORM",
"id": "164839"
},
{
"db": "PACKETSTORM",
"id": "163727"
},
{
"db": "PACKETSTORM",
"id": "159564"
},
{
"db": "PACKETSTORM",
"id": "160708"
},
{
"db": "PACKETSTORM",
"id": "159722"
},
{
"db": "PACKETSTORM",
"id": "168990"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7069",
"trust": 3.2
},
{
"db": "TENABLE",
"id": "TNS-2021-14",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "159722",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "160708",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "164839",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159564",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012092",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202005-435",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163727",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021080321",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072292",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3787",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2608",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0606",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6055",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3671",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3541",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2515",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3581",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-33149",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-185194",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-7069",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168990",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-185194"
},
{
"db": "VULMON",
"id": "CVE-2020-7069"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012092"
},
{
"db": "PACKETSTORM",
"id": "164839"
},
{
"db": "PACKETSTORM",
"id": "163727"
},
{
"db": "PACKETSTORM",
"id": "159564"
},
{
"db": "PACKETSTORM",
"id": "160708"
},
{
"db": "PACKETSTORM",
"id": "159722"
},
{
"db": "PACKETSTORM",
"id": "168990"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-435"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2020-7069"
}
]
},
"id": "VAR-202010-1571",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-185194"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:19:07.142000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "openSUSE\u00a0Leap\u00a015.2 The\u00a0PHP\u00a0GroupPHP\u00a0Bugs",
"trust": 0.8,
"url": "https://usn.ubuntu.com/4583-1/"
},
{
"title": "PHP Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=118684"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1440",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1440"
},
{
"title": "Debian Security Advisories: DSA-4856-1 php7.3 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=02a4cb271948bb2c8ad70e07948c2253"
},
{
"title": "Tenable Security Advisories: [R1] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-14"
},
{
"title": "OpenSSL-CVE-lib",
"trust": 0.1,
"url": "https://github.com/chnzzh/OpenSSL-CVE-lib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-7069"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012092"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-435"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.1
},
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Inadequate encryption strength (CWE-326) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-185194"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012092"
},
{
"db": "NVD",
"id": "CVE-2020-7069"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7069"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202012-16"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20201016-0001/"
},
{
"trust": 1.8,
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2021/dsa-4856"
},
{
"trust": 1.8,
"url": "https://bugs.php.net/bug.php?id=79601"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/4583-1/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rru57n3osyzpomfwprdnvh7emyotsz66/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7evdn7d3ib4eai4d3zom2ojkq5sd7k4e/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/p2j3zzdhcsx65t5qwv4ahbn7mojxbekg/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rru57n3osyzpomfwprdnvh7emyotsz66/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7evdn7d3ib4eai4d3zom2ojkq5sd7k4e/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/p2j3zzdhcsx65t5qwv4ahbn7mojxbekg/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7070"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0606"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2608"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/php-information-disclosure-via-aes-ccm-encryption-33466"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164839/red-hat-security-advisory-2021-4213-03.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072292"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159564/ubuntu-security-notice-usn-4583-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2515"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163727/red-hat-security-advisory-2021-2992-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/php-buffer-overflow-via-mbfl-filt-conv-big5-wchar-32228"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160708/gentoo-linux-security-advisory-202012-16.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159722/ubuntu-security-notice-usn-4583-2.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-php-cve-2020-7069-cve-2020-7059-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3787"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-vulnerabilities-in-php-cve-2020-7069-cve-2020-7059/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6055"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3671/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021080321"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3581/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3541/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7068"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21702"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7071"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-7070"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-7069"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21702"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-7071"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-7068"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/4583-1"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/326.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2020-1440.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4213"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2992"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21705"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.16"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.4"
},
{
"trust": 0.1,
"url": "https://www.php.net/changelog-7.php#7.4.13"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php7.4/7.4.9-1ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4583-2"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/php7.3"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-185194"
},
{
"db": "VULMON",
"id": "CVE-2020-7069"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012092"
},
{
"db": "PACKETSTORM",
"id": "164839"
},
{
"db": "PACKETSTORM",
"id": "163727"
},
{
"db": "PACKETSTORM",
"id": "159564"
},
{
"db": "PACKETSTORM",
"id": "160708"
},
{
"db": "PACKETSTORM",
"id": "159722"
},
{
"db": "PACKETSTORM",
"id": "168990"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-435"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2020-7069"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-185194"
},
{
"db": "VULMON",
"id": "CVE-2020-7069"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012092"
},
{
"db": "PACKETSTORM",
"id": "164839"
},
{
"db": "PACKETSTORM",
"id": "163727"
},
{
"db": "PACKETSTORM",
"id": "159564"
},
{
"db": "PACKETSTORM",
"id": "160708"
},
{
"db": "PACKETSTORM",
"id": "159722"
},
{
"db": "PACKETSTORM",
"id": "168990"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-435"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2020-7069"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-185194"
},
{
"date": "2020-10-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-7069"
},
{
"date": "2021-04-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012092"
},
{
"date": "2021-11-10T17:05:06",
"db": "PACKETSTORM",
"id": "164839"
},
{
"date": "2021-08-03T14:47:43",
"db": "PACKETSTORM",
"id": "163727"
},
{
"date": "2020-10-14T20:14:14",
"db": "PACKETSTORM",
"id": "159564"
},
{
"date": "2020-12-24T17:17:47",
"db": "PACKETSTORM",
"id": "160708"
},
{
"date": "2020-10-27T14:12:34",
"db": "PACKETSTORM",
"id": "159722"
},
{
"date": "2021-02-28T20:12:00",
"db": "PACKETSTORM",
"id": "168990"
},
{
"date": "2020-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-435"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2020-10-02T15:15:12.670000",
"db": "NVD",
"id": "CVE-2020-7069"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-02T00:00:00",
"db": "VULHUB",
"id": "VHN-185194"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-7069"
},
{
"date": "2021-04-23T08:59:00",
"db": "JVNDB",
"id": "JVNDB-2020-012092"
},
{
"date": "2022-11-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-435"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2024-11-21T05:36:36.820000",
"db": "NVD",
"id": "CVE-2020-7069"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-435"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP\u00a0 Vulnerability in cryptography",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012092"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-435"
}
],
"trust": 0.6
}
}
var-202205-1370
Vulnerability from variot
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Google Chrome Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
For the stable distribution (bullseye), these problems have been fixed in version 103.0.5060.114-1~deb11u1.
We recommend that you upgrade your chromium packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-07-20-2 macOS Monterey 12.5
macOS Monterey 12.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213345.
APFS Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03)
AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32810: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32840: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2022-32845: Mohamed Ghannam (@_simo36)
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: This issue was addressed with improved checks. CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security
Audio Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher
Audio Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32825: John Aakerblom (@jaakerblom)
Automation Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved checks. CVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Calendar Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: The issue was addressed with improved handling of caches. CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security
CoreMedia Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)
CoreText Available for: macOS Monterey Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg)
File System Events Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant
GPU Drivers Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: Multiple out-of-bounds write issues were addressed with improved bounds checking. CVE-2022-32793: an anonymous researcher
GPU Drivers Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-32821: John Aakerblom (@jaakerblom)
iCloud Photo Library Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones
ICU Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-32841: hjy79425575 ImageIO Available for: macOS Monterey Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)
Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2022-32811: ABC Research s.r.o
Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.
Kernel Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32813: Xinru Chi of Pangu Lab CVE-2022-32815: Xinru Chi of Pangu Lab
Kernel Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32817: Xinru Chi of Pangu Lab
Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32829: an anonymous researcher
Liblouis Available for: macOS Monterey Impact: An app may cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)
libxml2 Available for: macOS Monterey Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823
Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: An issue in the handling of environment variables was addressed with improved validation. CVE-2022-32786: Mickey Jin (@patch1t)
PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2022-32800: Mickey Jin (@patch1t)
PluginKit Available for: macOS Monterey Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro
PS Normalizer Available for: macOS Monterey Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz
SMB Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: A user in a privileged network position may be able to leak sensitive information Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)
Software Update Available for: macOS Monterey Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin)
Spindump Available for: macOS Monterey Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed with improved file handling. CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Spotlight Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: This issue was addressed with improved checks. CVE-2022-32801: Joshua Mason (@josh@jhu.edu)
subversion Available for: macOS Monterey Impact: Multiple issues in subversion Description: Multiple issues were addressed by updating subversion. CVE-2021-28544: Evgeny Kotkov, visualsvn.com CVE-2022-24070: Evgeny Kotkov, visualsvn.com CVE-2022-29046: Evgeny Kotkov, visualsvn.com CVE-2022-29048: Evgeny Kotkov, visualsvn.com
TCC Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An access issue was addressed with improvements to the sandbox. CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
WebKit Available for: macOS Monterey Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 239316 CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. WebKit Bugzilla: 240720 CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative
WebRTC Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 242339 CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team
Wi-Fi Available for: macOS Monterey Impact: An app may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks. CVE-2022-32837: Wang Yu of Cyberserval
Wi-Fi Available for: macOS Monterey Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval
Windows Server Available for: macOS Monterey Impact: An app may be able to capture a user’s screen Description: A logic issue was addressed with improved checks. CVE-2022-32848: Jeremy Legendre of MacEnhance
Additional recognition
802.1X We would like to acknowledge Shin Sun of National Taiwan University for their assistance.
AppleMobileFileIntegrity We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
Calendar We would like to acknowledge Joshua Jones for their assistance.
configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
DiskArbitration We would like to acknowledge Mike Cush for their assistance.
macOS Monterey 12.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p rhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b /Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh 6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn Er5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa mcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9 V1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr pfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD TY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q WqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV fz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n DJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg= =ibIr -----END PGP SIGNATURE-----
.
Background
QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. CVE-2022-32832: Tommy Muir (@Muirey03)
AppleAVD Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote user may be able to cause kernel code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2022-32821: John Aakerblom (@jaakerblom)
Home Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 15.6 and iPadOS 15.6". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-35
https://security.gentoo.org/
Severity: High Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #858104, #859442, #863512, #865501, #864723 ID: 202208-35
Synopsis
Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution.
Background
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
Google Chrome is one fast, simple, and secure browser for all your devices.
Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 104.0.5112.101 >= 104.0.5112.101 2 www-client/chromium-bin < 104.0.5112.101 >= 104.0.5112.101 3 www-client/google-chrome < 104.0.5112.101 >= 104.0.5112.101 4 www-client/microsoft-edge < 104.0.1293.63 >= 104.0.1293.63
Description
Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Chromium users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-104.0.5112.101"
All Chromium binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-104.0.5112.101"
All Google Chrome users should upgrade to tha latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/google-chrome-104.0.5112.101"
All Microsoft Edge users should upgrade to tha latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-104.0.1293.63"
References
[ 1 ] CVE-2022-2163 https://nvd.nist.gov/vuln/detail/CVE-2022-2163 [ 2 ] CVE-2022-2294 https://nvd.nist.gov/vuln/detail/CVE-2022-2294 [ 3 ] CVE-2022-2295 https://nvd.nist.gov/vuln/detail/CVE-2022-2295 [ 4 ] CVE-2022-2296 https://nvd.nist.gov/vuln/detail/CVE-2022-2296 [ 5 ] CVE-2022-2477 https://nvd.nist.gov/vuln/detail/CVE-2022-2477 [ 6 ] CVE-2022-2478 https://nvd.nist.gov/vuln/detail/CVE-2022-2478 [ 7 ] CVE-2022-2479 https://nvd.nist.gov/vuln/detail/CVE-2022-2479 [ 8 ] CVE-2022-2480 https://nvd.nist.gov/vuln/detail/CVE-2022-2480 [ 9 ] CVE-2022-2481 https://nvd.nist.gov/vuln/detail/CVE-2022-2481 [ 10 ] CVE-2022-2603 https://nvd.nist.gov/vuln/detail/CVE-2022-2603 [ 11 ] CVE-2022-2604 https://nvd.nist.gov/vuln/detail/CVE-2022-2604 [ 12 ] CVE-2022-2605 https://nvd.nist.gov/vuln/detail/CVE-2022-2605 [ 13 ] CVE-2022-2606 https://nvd.nist.gov/vuln/detail/CVE-2022-2606 [ 14 ] CVE-2022-2607 https://nvd.nist.gov/vuln/detail/CVE-2022-2607 [ 15 ] CVE-2022-2608 https://nvd.nist.gov/vuln/detail/CVE-2022-2608 [ 16 ] CVE-2022-2609 https://nvd.nist.gov/vuln/detail/CVE-2022-2609 [ 17 ] CVE-2022-2610 https://nvd.nist.gov/vuln/detail/CVE-2022-2610 [ 18 ] CVE-2022-2611 https://nvd.nist.gov/vuln/detail/CVE-2022-2611 [ 19 ] CVE-2022-2612 https://nvd.nist.gov/vuln/detail/CVE-2022-2612 [ 20 ] CVE-2022-2613 https://nvd.nist.gov/vuln/detail/CVE-2022-2613 [ 21 ] CVE-2022-2614 https://nvd.nist.gov/vuln/detail/CVE-2022-2614 [ 22 ] CVE-2022-2615 https://nvd.nist.gov/vuln/detail/CVE-2022-2615 [ 23 ] CVE-2022-2616 https://nvd.nist.gov/vuln/detail/CVE-2022-2616 [ 24 ] CVE-2022-2617 https://nvd.nist.gov/vuln/detail/CVE-2022-2617 [ 25 ] CVE-2022-2618 https://nvd.nist.gov/vuln/detail/CVE-2022-2618 [ 26 ] CVE-2022-2619 https://nvd.nist.gov/vuln/detail/CVE-2022-2619 [ 27 ] CVE-2022-2620 https://nvd.nist.gov/vuln/detail/CVE-2022-2620 [ 28 ] CVE-2022-2621 https://nvd.nist.gov/vuln/detail/CVE-2022-2621 [ 29 ] CVE-2022-2622 https://nvd.nist.gov/vuln/detail/CVE-2022-2622 [ 30 ] CVE-2022-2623 https://nvd.nist.gov/vuln/detail/CVE-2022-2623 [ 31 ] CVE-2022-2624 https://nvd.nist.gov/vuln/detail/CVE-2022-2624 [ 32 ] CVE-2022-2852 https://nvd.nist.gov/vuln/detail/CVE-2022-2852 [ 33 ] CVE-2022-2853 https://nvd.nist.gov/vuln/detail/CVE-2022-2853 [ 34 ] CVE-2022-2854 https://nvd.nist.gov/vuln/detail/CVE-2022-2854 [ 35 ] CVE-2022-2855 https://nvd.nist.gov/vuln/detail/CVE-2022-2855 [ 36 ] CVE-2022-2856 https://nvd.nist.gov/vuln/detail/CVE-2022-2856 [ 37 ] CVE-2022-2857 https://nvd.nist.gov/vuln/detail/CVE-2022-2857 [ 38 ] CVE-2022-2858 https://nvd.nist.gov/vuln/detail/CVE-2022-2858 [ 39 ] CVE-2022-2859 https://nvd.nist.gov/vuln/detail/CVE-2022-2859 [ 40 ] CVE-2022-2860 https://nvd.nist.gov/vuln/detail/CVE-2022-2860 [ 41 ] CVE-2022-2861 https://nvd.nist.gov/vuln/detail/CVE-2022-2861 [ 42 ] CVE-2022-33636 https://nvd.nist.gov/vuln/detail/CVE-2022-33636 [ 43 ] CVE-2022-33649 https://nvd.nist.gov/vuln/detail/CVE-2022-33649 [ 44 ] CVE-2022-35796 https://nvd.nist.gov/vuln/detail/CVE-2022-35796
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-35
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 .
Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-1370",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "chrome",
"scope": "lt",
"trust": 1.0,
"vendor": "google",
"version": "103.0.5060.114"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.6"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.6"
},
{
"model": "wpe webkit",
"scope": "lt",
"trust": 1.0,
"vendor": "wpewebkit",
"version": "2.36.5"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "8.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "webkitgtk",
"scope": "lt",
"trust": 1.0,
"vendor": "webkitgtk",
"version": "2.36.5"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.6"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.5"
},
{
"model": "webrtc",
"scope": "eq",
"trust": 1.0,
"vendor": "webrtc",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.8"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "extra packages for enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "8.0"
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "webrtc",
"scope": null,
"trust": 0.8,
"vendor": "the webrtc",
"version": null
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "extra packages for enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "webkitgtk",
"scope": null,
"trust": 0.8,
"vendor": "the webkitgtk team",
"version": null
},
{
"model": "webkit",
"scope": null,
"trust": 0.8,
"vendor": "the wpe team",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"db": "NVD",
"id": "CVE-2022-2294"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "167792"
}
],
"trust": 0.3
},
"cve": "CVE-2022-2294",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2294",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2294",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2294",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2294",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-345",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-345"
},
{
"db": "NVD",
"id": "CVE-2022-2294"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Google Chrome Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 103.0.5060.114-1~deb11u1. \n\nWe recommend that you upgrade your chromium packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-07-20-2 macOS Monterey 12.5\n\nmacOS Monterey 12.5 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213345. \n\nAPFS\nAvailable for: macOS Monterey\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32832: Tommy Muir (@Muirey03)\n\nAppleMobileFileIntegrity\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32810: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32840: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to break out of its sandbox\nDescription: This issue was addressed with improved checks. \nCVE-2022-32845: Mohamed Ghannam (@_simo36)\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu\nSecurity, Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security\nCVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security\nCVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security\n\nAudio\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-32820: an anonymous researcher\n\nAudio\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32825: John Aakerblom (@jaakerblom)\n\nAutomation\nAvailable for: macOS Monterey\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nCalendar\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security\n\nCoreMedia\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom\n(@jaakerblom)\n\nCoreText\nAvailable for: macOS Monterey\nImpact: A remote user may cause an unexpected app termination or\narbitrary code execution\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\nFile System Events\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32819: Joshua Mason of Mandiant\n\nGPU Drivers\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: Multiple out-of-bounds write issues were addressed with\nimproved bounds checking. \nCVE-2022-32793: an anonymous researcher\n\nGPU Drivers\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\niCloud Photo Library\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2022-32849: Joshua Jones\n\nICU\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may result in\ndisclosure of process memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32841: hjy79425575\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing an image may lead to a denial-of-service\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-32785: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2022-32811: ABC Research s.r.o\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. \n\nKernel\nAvailable for: macOS Monterey\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32813: Xinru Chi of Pangu Lab\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32817: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32829: an anonymous researcher\n\nLiblouis\nAvailable for: macOS Monterey\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: This issue was addressed with improved checks. \nCVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China\n(nipc.org.cn)\n\nlibxml2\nAvailable for: macOS Monterey\nImpact: An app may be able to leak sensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-32823\n\nMulti-Touch\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\nMulti-Touch\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: An issue in the handling of environment variables was\naddressed with improved validation. \nCVE-2022-32786: Mickey Jin (@patch1t)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed with improved checks. \nCVE-2022-32800: Mickey Jin (@patch1t)\n\nPluginKit\nAvailable for: macOS Monterey\nImpact: An app may be able to read arbitrary files\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro\n\nPS Normalizer\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted Postscript file may result\nin unexpected app termination or disclosure of process memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32843: Kai Lu of Zscaler\u0027s ThreatLabz\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A user in a privileged network position may be able to leak\nsensitive information\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)\n\nSoftware Update\nAvailable for: macOS Monterey\nImpact: A user in a privileged network position can track a user\u2019s\nactivity\nDescription: This issue was addressed by using HTTPS when sending\ninformation over the network. \nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\nSpindump\nAvailable for: macOS Monterey\nImpact: An app may be able to overwrite arbitrary files\nDescription: This issue was addressed with improved file handling. \nCVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nSpotlight\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32801: Joshua Mason (@josh@jhu.edu)\n\nsubversion\nAvailable for: macOS Monterey\nImpact: Multiple issues in subversion\nDescription: Multiple issues were addressed by updating subversion. \nCVE-2021-28544: Evgeny Kotkov, visualsvn.com\nCVE-2022-24070: Evgeny Kotkov, visualsvn.com\nCVE-2022-29046: Evgeny Kotkov, visualsvn.com\nCVE-2022-29048: Evgeny Kotkov, visualsvn.com\n\nTCC\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: An access issue was addressed with improvements to the\nsandbox. \nCVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Visiting a website that frames malicious content may lead to\nUI spoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 239316\nCVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nWebKit Bugzilla: 240720\nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero\nDay Initiative\n\nWebRTC\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. \nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 242339\nCVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: An app may be able to cause unexpected system termination or\nwrite kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32837: Wang Yu of Cyberserval\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A remote user may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32847: Wang Yu of Cyberserval\n\nWindows Server\nAvailable for: macOS Monterey\nImpact: An app may be able to capture a user\u2019s screen\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32848: Jeremy Legendre of MacEnhance\n\nAdditional recognition\n\n802.1X\nWe would like to acknowledge Shin Sun of National Taiwan University\nfor their assistance. \n\nAppleMobileFileIntegrity\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a\n(@_r3ggi) of SecuRing for their assistance. \n\nCalendar\nWe would like to acknowledge Joshua Jones for their assistance. \n\nconfigd\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a\n(@_r3ggi) of SecuRing for their assistance. \n\nDiskArbitration\nWe would like to acknowledge Mike Cush for their assistance. \n\nmacOS Monterey 12.5 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p\nrhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b\n/Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh\n6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn\nEr5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa\nmcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9\nV1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr\npfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD\nTY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q\nWqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV\nfz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n\nDJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg=\n=ibIr\n-----END PGP SIGNATURE-----\n\n\n\n. \n\nBackground\n=========\nQtWebEngine is a library for rendering dynamic web content in Qt5 and\nQt6 C++ and QML applications. \nCVE-2022-32832: Tommy Muir (@Muirey03)\n\nAppleAVD\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A remote user may be able to cause kernel code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\nHome\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/ iTunes and Software Update on the\ndevice will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it is downloaded and the option\nto be installed is presented to the user when the iOS device is\ndocked. We recommend applying the update immediately if possible. \nSelecting Don\u0027t Install will present the option the next time you\nconnect your iOS device. The automatic update process may take up to\na week depending on the day that iTunes or the device checks for\nupdates. You may manually obtain the update via the Check for Updates\nbutton within iTunes, or the Software Update on your device. To\ncheck that the iPhone, iPod touch, or iPad has been updated: *\nNavigate to Settings * Select General * Select About. The version\nafter applying this update will be \"iOS 15.6 and iPadOS 15.6\". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-35\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #858104, #859442, #863512, #865501, #864723\n ID: 202208-35\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in Chromium and its\nderivatives, the worst of which could result in remote code execution. \n\nBackground\n=========\nChromium is an open-source browser project that aims to build a safer,\nfaster, and more stable way for all users to experience the web. \n\nGoogle Chrome is one fast, simple, and secure browser for all your\ndevices. \n\nMicrosoft Edge is a browser that combines a minimal design with\nsophisticated technology to make the web faster, safer, and easier. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-client/chromium \u003c 104.0.5112.101 \u003e= 104.0.5112.101\n 2 www-client/chromium-bin \u003c 104.0.5112.101 \u003e= 104.0.5112.101\n 3 www-client/google-chrome \u003c 104.0.5112.101 \u003e= 104.0.5112.101\n 4 www-client/microsoft-edge \u003c 104.0.1293.63 \u003e= 104.0.1293.63\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Chromium and its\nderivatives. Please review the CVE identifiers referenced below for\ndetails. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Chromium users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/chromium-104.0.5112.101\"\n\nAll Chromium binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/chromium-bin-104.0.5112.101\"\n\nAll Google Chrome users should upgrade to tha latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/google-chrome-104.0.5112.101\"\n\nAll Microsoft Edge users should upgrade to tha latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/microsoft-edge-104.0.1293.63\"\n\nReferences\n=========\n[ 1 ] CVE-2022-2163\n https://nvd.nist.gov/vuln/detail/CVE-2022-2163\n[ 2 ] CVE-2022-2294\n https://nvd.nist.gov/vuln/detail/CVE-2022-2294\n[ 3 ] CVE-2022-2295\n https://nvd.nist.gov/vuln/detail/CVE-2022-2295\n[ 4 ] CVE-2022-2296\n https://nvd.nist.gov/vuln/detail/CVE-2022-2296\n[ 5 ] CVE-2022-2477\n https://nvd.nist.gov/vuln/detail/CVE-2022-2477\n[ 6 ] CVE-2022-2478\n https://nvd.nist.gov/vuln/detail/CVE-2022-2478\n[ 7 ] CVE-2022-2479\n https://nvd.nist.gov/vuln/detail/CVE-2022-2479\n[ 8 ] CVE-2022-2480\n https://nvd.nist.gov/vuln/detail/CVE-2022-2480\n[ 9 ] CVE-2022-2481\n https://nvd.nist.gov/vuln/detail/CVE-2022-2481\n[ 10 ] CVE-2022-2603\n https://nvd.nist.gov/vuln/detail/CVE-2022-2603\n[ 11 ] CVE-2022-2604\n https://nvd.nist.gov/vuln/detail/CVE-2022-2604\n[ 12 ] CVE-2022-2605\n https://nvd.nist.gov/vuln/detail/CVE-2022-2605\n[ 13 ] CVE-2022-2606\n https://nvd.nist.gov/vuln/detail/CVE-2022-2606\n[ 14 ] CVE-2022-2607\n https://nvd.nist.gov/vuln/detail/CVE-2022-2607\n[ 15 ] CVE-2022-2608\n https://nvd.nist.gov/vuln/detail/CVE-2022-2608\n[ 16 ] CVE-2022-2609\n https://nvd.nist.gov/vuln/detail/CVE-2022-2609\n[ 17 ] CVE-2022-2610\n https://nvd.nist.gov/vuln/detail/CVE-2022-2610\n[ 18 ] CVE-2022-2611\n https://nvd.nist.gov/vuln/detail/CVE-2022-2611\n[ 19 ] CVE-2022-2612\n https://nvd.nist.gov/vuln/detail/CVE-2022-2612\n[ 20 ] CVE-2022-2613\n https://nvd.nist.gov/vuln/detail/CVE-2022-2613\n[ 21 ] CVE-2022-2614\n https://nvd.nist.gov/vuln/detail/CVE-2022-2614\n[ 22 ] CVE-2022-2615\n https://nvd.nist.gov/vuln/detail/CVE-2022-2615\n[ 23 ] CVE-2022-2616\n https://nvd.nist.gov/vuln/detail/CVE-2022-2616\n[ 24 ] CVE-2022-2617\n https://nvd.nist.gov/vuln/detail/CVE-2022-2617\n[ 25 ] CVE-2022-2618\n https://nvd.nist.gov/vuln/detail/CVE-2022-2618\n[ 26 ] CVE-2022-2619\n https://nvd.nist.gov/vuln/detail/CVE-2022-2619\n[ 27 ] CVE-2022-2620\n https://nvd.nist.gov/vuln/detail/CVE-2022-2620\n[ 28 ] CVE-2022-2621\n https://nvd.nist.gov/vuln/detail/CVE-2022-2621\n[ 29 ] CVE-2022-2622\n https://nvd.nist.gov/vuln/detail/CVE-2022-2622\n[ 30 ] CVE-2022-2623\n https://nvd.nist.gov/vuln/detail/CVE-2022-2623\n[ 31 ] CVE-2022-2624\n https://nvd.nist.gov/vuln/detail/CVE-2022-2624\n[ 32 ] CVE-2022-2852\n https://nvd.nist.gov/vuln/detail/CVE-2022-2852\n[ 33 ] CVE-2022-2853\n https://nvd.nist.gov/vuln/detail/CVE-2022-2853\n[ 34 ] CVE-2022-2854\n https://nvd.nist.gov/vuln/detail/CVE-2022-2854\n[ 35 ] CVE-2022-2855\n https://nvd.nist.gov/vuln/detail/CVE-2022-2855\n[ 36 ] CVE-2022-2856\n https://nvd.nist.gov/vuln/detail/CVE-2022-2856\n[ 37 ] CVE-2022-2857\n https://nvd.nist.gov/vuln/detail/CVE-2022-2857\n[ 38 ] CVE-2022-2858\n https://nvd.nist.gov/vuln/detail/CVE-2022-2858\n[ 39 ] CVE-2022-2859\n https://nvd.nist.gov/vuln/detail/CVE-2022-2859\n[ 40 ] CVE-2022-2860\n https://nvd.nist.gov/vuln/detail/CVE-2022-2860\n[ 41 ] CVE-2022-2861\n https://nvd.nist.gov/vuln/detail/CVE-2022-2861\n[ 42 ] CVE-2022-33636\n https://nvd.nist.gov/vuln/detail/CVE-2022-33636\n[ 43 ] CVE-2022-33649\n https://nvd.nist.gov/vuln/detail/CVE-2022-33649\n[ 44 ] CVE-2022-35796\n https://nvd.nist.gov/vuln/detail/CVE-2022-35796\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-35\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n\nBackground\n=========\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from hybrid\nHTML/CSS applications to full-fledged web browsers",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2294"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"db": "VULHUB",
"id": "VHN-427072"
},
{
"db": "PACKETSTORM",
"id": "169355"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "PACKETSTORM",
"id": "175908"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "168126"
},
{
"db": "PACKETSTORM",
"id": "167792"
},
{
"db": "PACKETSTORM",
"id": "168226"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-427072",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427072"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2294",
"trust": 4.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/07/28/2",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "168126",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168226",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167792",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016029",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168089",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202207-345",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.3553",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4061",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3389",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3254",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070442",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071215",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072104",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070614",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071824",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167786",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167787",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2022-49948",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-427072",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2294",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169355",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175908",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427072"
},
{
"db": "VULMON",
"id": "CVE-2022-2294"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"db": "PACKETSTORM",
"id": "169355"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "PACKETSTORM",
"id": "175908"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "168126"
},
{
"db": "PACKETSTORM",
"id": "167792"
},
{
"db": "PACKETSTORM",
"id": "168226"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-345"
},
{
"db": "NVD",
"id": "CVE-2022-2294"
}
]
},
"id": "VAR-202205-1370",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-427072"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T21:55:41.806000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/"
},
{
"title": "Google Chrome Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=202541"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ExpLangcn/FuYao-Go "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2294"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-345"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427072"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"db": "NVD",
"id": "CVE-2022-2294"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-35"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-39"
},
{
"trust": 1.7,
"url": "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html"
},
{
"trust": 1.7,
"url": "https://crbug.com/1341043"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2022/07/28/2"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2294"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5bqrtr4siunihllpwtgysdnqk7dycrsb/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/h2c4xojviildxtosmwjxhsqnexfwsod7/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5bqrtr4siunihllpwtgysdnqk7dycrsb/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/h2c4xojviildxtosmwjxhsqnexfwsod7/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070442"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072104"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/chrome-multiple-vulnerabilities-38727"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168126/gentoo-linux-security-advisory-202208-35.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168226/gentoo-linux-security-advisory-202208-39.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213346"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkit-buffer-overflow-via-webrtc-38874"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4061"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167792/apple-security-advisory-2022-07-20-7.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168089/ubuntu-security-notice-usn-5568-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070614"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071824"
},
{
"trust": 0.6,
"url": "https://chromereleases.googleblog.com/2022/07/chrome-for-android-update.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3254"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-2294"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3553"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2294/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3389"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071215"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32792"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.3,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.3,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.3,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32784"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2296"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2295"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32793"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26981"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/chromium"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24070"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213345."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29046"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29048"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32789"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3079"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2940"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2939"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5996"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2932"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-44708"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5486"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3201"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0138"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4174"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4077"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4191"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5482"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4764"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2941"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5853"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4437"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-21796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5485"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41115"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2724"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5857"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2929"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4073"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5480"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5856"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4071"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5481"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2937"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4179"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4076"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-6112"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4181"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5859"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4176"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5855"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4188"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3214"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4440"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0130"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5473"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4186"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4763"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4194"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4185"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0132"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4075"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4078"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2931"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5476"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5477"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5474"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5850"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5479"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3217"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4189"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5997"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5487"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4439"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2933"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0133"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5484"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0139"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-44688"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0131"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2936"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5852"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3215"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5475"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-21775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4072"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0140"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2938"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32810"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32813"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213346."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26768"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32815"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2608"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33636"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2624"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2623"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2856"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2857"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2853"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2481"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2604"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2479"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2855"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33649"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2860"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2480"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2859"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2852"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2477"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2606"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2861"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2605"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2163"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2607"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2620"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213341."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22677"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30293"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2022-0008.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30294"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22590"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26717"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2022-0002.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22592"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32893"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2022-0003.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2022-0007.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427072"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"db": "PACKETSTORM",
"id": "169355"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "PACKETSTORM",
"id": "175908"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "168126"
},
{
"db": "PACKETSTORM",
"id": "167792"
},
{
"db": "PACKETSTORM",
"id": "168226"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-345"
},
{
"db": "NVD",
"id": "CVE-2022-2294"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-427072"
},
{
"db": "VULMON",
"id": "CVE-2022-2294"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"db": "PACKETSTORM",
"id": "169355"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "PACKETSTORM",
"id": "175908"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "168126"
},
{
"db": "PACKETSTORM",
"id": "167792"
},
{
"db": "PACKETSTORM",
"id": "168226"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-345"
},
{
"db": "NVD",
"id": "CVE-2022-2294"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-427072"
},
{
"date": "2023-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"date": "2022-07-28T19:12:00",
"db": "PACKETSTORM",
"id": "169355"
},
{
"date": "2022-07-22T16:22:49",
"db": "PACKETSTORM",
"id": "167787"
},
{
"date": "2023-11-25T17:01:13",
"db": "PACKETSTORM",
"id": "175908"
},
{
"date": "2022-07-22T16:22:17",
"db": "PACKETSTORM",
"id": "167786"
},
{
"date": "2022-08-22T16:02:18",
"db": "PACKETSTORM",
"id": "168126"
},
{
"date": "2022-07-22T16:25:07",
"db": "PACKETSTORM",
"id": "167792"
},
{
"date": "2022-09-01T16:33:44",
"db": "PACKETSTORM",
"id": "168226"
},
{
"date": "2022-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-345"
},
{
"date": "2022-07-28T02:15:07.797000",
"db": "NVD",
"id": "CVE-2022-2294"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-427072"
},
{
"date": "2023-09-29T09:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"date": "2022-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-345"
},
{
"date": "2024-06-28T14:08:30.807000",
"db": "NVD",
"id": "CVE-2022-2294"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "175908"
},
{
"db": "PACKETSTORM",
"id": "168126"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-345"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Google\u00a0Chrome\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-345"
}
],
"trust": 0.6
}
}
var-202202-0047
Vulnerability from variot
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. vim/vim Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5460-1 June 06, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0943)
It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1616)
It was discovered that Vim was not properly processing latin1 data when issuing Ex commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1619)
It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers, which could cause a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-1620)
It was discovered that Vim was not properly processing invalid bytes when performing spell check operations, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1621)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm6
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5460-1 CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0047",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lte",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4436"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006016"
},
{
"db": "NVD",
"id": "CVE-2022-0714"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
}
],
"trust": 0.1
},
"cve": "CVE-2022-0714",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0714",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-415705",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0714",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2022-0714",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-0714",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0714",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0714",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-0714",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1737",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-415705",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0714",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415705"
},
{
"db": "VULMON",
"id": "CVE-2022-0714"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006016"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1737"
},
{
"db": "NVD",
"id": "CVE-2022-0714"
},
{
"db": "NVD",
"id": "CVE-2022-0714"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. vim/vim Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-5460-1\nJune 06, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. \nAn attacker could possibly use this issue to perform illegal memory\naccess and expose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks\nfor column numbers when replacing tabs with spaces or spaces with\ntabs, which could cause a heap buffer overflow. An attacker could\npossibly use this issue to cause a denial of service or execute\narbitrary code. (CVE-2022-0572)\n\nIt was discovered that Vim was not properly performing validation of\ndata that contained special multi-byte characters, which could cause\nan out-of-bounds read. An attacker could possibly use this issue to\ncause a denial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to\ndefine indentation in a file, which could cause a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial\nof service. (CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds\nread. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2022-0729)\n\nIt was discovered that Vim was not properly performing bounds checks\nwhen executing spell suggestion commands, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-0943)\n\nIt was discovered that Vim was incorrectly performing bounds checks\nwhen processing invalid commands with composing characters in Ex\nmode, which could cause a buffer overflow. An attacker could possibly\nuse this issue to cause a denial of service or execute arbitrary\ncode. (CVE-2022-1616)\n\nIt was discovered that Vim was not properly processing latin1 data\nwhen issuing Ex commands, which could cause a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-1619)\n\nIt was discovered that Vim was not properly performing memory\nmanagement when dealing with invalid regular expression patterns in\nbuffers, which could cause a NULL pointer dereference. An attacker\ncould possibly use this issue to cause a denial of service. \n(CVE-2022-1620)\n\nIt was discovered that Vim was not properly processing invalid bytes\nwhen performing spell check operations, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-1621)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n vim 2:7.4.1689-3ubuntu1.5+esm6\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5460-1\n CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714,\n CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619,\n CVE-2022-1620, CVE-2022-1621\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0714"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006016"
},
{
"db": "VULHUB",
"id": "VHN-415705"
},
{
"db": "VULMON",
"id": "CVE-2022-0714"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0714",
"trust": 3.6
},
{
"db": "PACKETSTORM",
"id": "167419",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006016",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.2791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1056",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060635",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1737",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-415705",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0714",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415705"
},
{
"db": "VULMON",
"id": "CVE-2022-0714"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006016"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1737"
},
{
"db": "NVD",
"id": "CVE-2022-0714"
}
]
},
"id": "VAR-202202-0047",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415705"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:29:35.109000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0714"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1579",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1579"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-077",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-077"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0714"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006016"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415705"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006016"
},
{
"db": "NVD",
"id": "CVE-2022-0714"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/db70e8db-f309-4f3c-986c-e69d2415c3b3"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/4e889f98e95ac05d7c8bd3ee933ab4d47820fdfa"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hbuyqbz6gwawjrwp7aodj4khw5bckdvp/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hbuyqbz6gwawjrwp7aodj4khw5bckdvp/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-0714"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-0714/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1056"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-change-indent-37649"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2791"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167419/ubuntu-security-notice-usn-5460-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060635"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1579.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5460-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415705"
},
{
"db": "VULMON",
"id": "CVE-2022-0714"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006016"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1737"
},
{
"db": "NVD",
"id": "CVE-2022-0714"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415705"
},
{
"db": "VULMON",
"id": "CVE-2022-0714"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006016"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1737"
},
{
"db": "NVD",
"id": "CVE-2022-0714"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-22T00:00:00",
"db": "VULHUB",
"id": "VHN-415705"
},
{
"date": "2022-02-22T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0714"
},
{
"date": "2023-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006016"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-06-07T15:13:22",
"db": "PACKETSTORM",
"id": "167419"
},
{
"date": "2022-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1737"
},
{
"date": "2022-02-22T20:15:07.630000",
"db": "NVD",
"id": "CVE-2022-0714"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-02T00:00:00",
"db": "VULHUB",
"id": "VHN-415705"
},
{
"date": "2022-03-29T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0714"
},
{
"date": "2023-06-26T02:40:00",
"db": "JVNDB",
"id": "JVNDB-2022-006016"
},
{
"date": "2022-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1737"
},
{
"date": "2024-11-21T06:39:14.720000",
"db": "NVD",
"id": "CVE-2022-0714"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1737"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006016"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1737"
}
],
"trust": 0.6
}
}
var-202108-1138
Vulnerability from variot
A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. apple's Safari Race condition vulnerabilities exist in products from multiple vendors.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. (CVE-2020-27918) "Clear History and Website Data" did not clear the history. A user may be unable to fully delete browsing history. (CVE-2020-29623) This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1789) A port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. (CVE-2021-1799) This issue was addressed with improved iframe sandbox enforcement. (CVE-2021-1820) An input validation issue was addressed with improved input validation. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870) A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775) A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779) An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. The victim needs to visit a malicious web site to trigger the vulnerability. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30734) Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30799) A use-after-free flaw was found in WebKitGTK. (CVE-2021-30809) A confusion type flaw was found in WebKitGTK. (CVE-2021-30818) An out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30887) An information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888) A buffer overflow flaw was found in WebKitGTK. (CVE-2021-30984) ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912) BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762) A segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-26719) In WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. (CVE-2022-30293) An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792) Multiple out-of-bounds write issues were addressed with improved bounds checking. An app may be able to disclose kernel memory. Visiting a website that frames malicious content may lead to UI spoofing. (CVE-2022-32885) An out-of-bounds write issue was addressed with improved bounds checking. (CVE-2022-32888) A correctness issue in the JIT was addressed with improved checks. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-46699) A memory corruption issue was addressed with improved input validation. (CVE-2022-46700) A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529) A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358) A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360) A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361) A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362) A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363) The vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932) The vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954) An out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373) N/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-12-15-6 watchOS 8.3
watchOS 8.3 addresses the following issues. CVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab
CFNetwork Proxies Available for: Apple Watch Series 3 and later Impact: User traffic might unexpectedly be leaked to a proxy server despite PAC configurations Description: A logic issue was addressed with improved state management. CVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab
CoreAudio Available for: Apple Watch Series 3 and later Impact: Playing a malicious audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab
Crash Reporter Available for: Apple Watch Series 3 and later Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30916: Zweig of Kunlun Lab
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30937: Sergei Glazunov of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30927: Xinru Chi of Pangu Lab CVE-2021-30980: Xinru Chi of Pangu Lab
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30949: Ian Beer of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2021-30955: Zweig of Kunlun Lab
Preferences Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to elevate privileges Description: A race condition was addressed with improved state handling. CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions. CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved restrictions. CVE-2021-30946: @gorelics
Sandbox Available for: Apple Watch Series 3 and later Impact: An application may be able to access a user's files Description: An access issue was addressed with additional sandbox restrictions. CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security
TCC Available for: Apple Watch Series 3 and later Impact: A local user may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30767: @gorelics
TCC Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass Privacy preferences Description: An inherited permissions issue was addressed with additional restrictions. CVE-2021-30954: Kunlun Lab
Additional recognition
Bluetooth We would like to acknowledge Haram Park, Korea University for their assistance.
ColorSync We would like to acknowledge Mateusz Jurczyk of Google Project Zero for their assistance.
Contacts We would like to acknowledge Minchan Park (03stin) for their assistance.
Kernel We would like to acknowledge Amit Klein of Bar-Ilan University's Center for Research in Applied Cryptography and Cyber Security for their assistance.
WebKit We would like to acknowledge Peter Snyder of Brave and Soroush Karami for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p rhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn wkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1 eG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh TL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj t1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+ wlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz xnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS rwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj FPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj zn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI 1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+ -----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202202-01
https://security.gentoo.org/
Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
[ 1 ] CVE-2021-30848 https://nvd.nist.gov/vuln/detail/CVE-2021-30848 [ 2 ] CVE-2021-30888 https://nvd.nist.gov/vuln/detail/CVE-2021-30888 [ 3 ] CVE-2021-30682 https://nvd.nist.gov/vuln/detail/CVE-2021-30682 [ 4 ] CVE-2021-30889 https://nvd.nist.gov/vuln/detail/CVE-2021-30889 [ 5 ] CVE-2021-30666 https://nvd.nist.gov/vuln/detail/CVE-2021-30666 [ 6 ] CVE-2021-30665 https://nvd.nist.gov/vuln/detail/CVE-2021-30665 [ 7 ] CVE-2021-30890 https://nvd.nist.gov/vuln/detail/CVE-2021-30890 [ 8 ] CVE-2021-30661 https://nvd.nist.gov/vuln/detail/CVE-2021-30661 [ 9 ] WSA-2021-0005 https://webkitgtk.org/security/WSA-2021-0005.html [ 10 ] CVE-2021-30761 https://nvd.nist.gov/vuln/detail/CVE-2021-30761 [ 11 ] CVE-2021-30897 https://nvd.nist.gov/vuln/detail/CVE-2021-30897 [ 12 ] CVE-2021-30823 https://nvd.nist.gov/vuln/detail/CVE-2021-30823 [ 13 ] CVE-2021-30734 https://nvd.nist.gov/vuln/detail/CVE-2021-30734 [ 14 ] CVE-2021-30934 https://nvd.nist.gov/vuln/detail/CVE-2021-30934 [ 15 ] CVE-2021-1871 https://nvd.nist.gov/vuln/detail/CVE-2021-1871 [ 16 ] CVE-2021-30762 https://nvd.nist.gov/vuln/detail/CVE-2021-30762 [ 17 ] WSA-2021-0006 https://webkitgtk.org/security/WSA-2021-0006.html [ 18 ] CVE-2021-30797 https://nvd.nist.gov/vuln/detail/CVE-2021-30797 [ 19 ] CVE-2021-30936 https://nvd.nist.gov/vuln/detail/CVE-2021-30936 [ 20 ] CVE-2021-30663 https://nvd.nist.gov/vuln/detail/CVE-2021-30663 [ 21 ] CVE-2021-1825 https://nvd.nist.gov/vuln/detail/CVE-2021-1825 [ 22 ] CVE-2021-30951 https://nvd.nist.gov/vuln/detail/CVE-2021-30951 [ 23 ] CVE-2021-30952 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 [ 24 ] CVE-2021-1788 https://nvd.nist.gov/vuln/detail/CVE-2021-1788 [ 25 ] CVE-2021-1820 https://nvd.nist.gov/vuln/detail/CVE-2021-1820 [ 26 ] CVE-2021-30953 https://nvd.nist.gov/vuln/detail/CVE-2021-30953 [ 27 ] CVE-2021-30749 https://nvd.nist.gov/vuln/detail/CVE-2021-30749 [ 28 ] CVE-2021-30849 https://nvd.nist.gov/vuln/detail/CVE-2021-30849 [ 29 ] CVE-2021-1826 https://nvd.nist.gov/vuln/detail/CVE-2021-1826 [ 30 ] CVE-2021-30836 https://nvd.nist.gov/vuln/detail/CVE-2021-30836 [ 31 ] CVE-2021-30954 https://nvd.nist.gov/vuln/detail/CVE-2021-30954 [ 32 ] CVE-2021-30984 https://nvd.nist.gov/vuln/detail/CVE-2021-30984 [ 33 ] CVE-2021-30851 https://nvd.nist.gov/vuln/detail/CVE-2021-30851 [ 34 ] CVE-2021-30758 https://nvd.nist.gov/vuln/detail/CVE-2021-30758 [ 35 ] CVE-2021-42762 https://nvd.nist.gov/vuln/detail/CVE-2021-42762 [ 36 ] CVE-2021-1844 https://nvd.nist.gov/vuln/detail/CVE-2021-1844 [ 37 ] CVE-2021-30689 https://nvd.nist.gov/vuln/detail/CVE-2021-30689 [ 38 ] CVE-2021-45482 https://nvd.nist.gov/vuln/detail/CVE-2021-45482 [ 39 ] CVE-2021-30858 https://nvd.nist.gov/vuln/detail/CVE-2021-30858 [ 40 ] CVE-2021-21779 https://nvd.nist.gov/vuln/detail/CVE-2021-21779 [ 41 ] WSA-2021-0004 https://webkitgtk.org/security/WSA-2021-0004.html [ 42 ] CVE-2021-30846 https://nvd.nist.gov/vuln/detail/CVE-2021-30846 [ 43 ] CVE-2021-30744 https://nvd.nist.gov/vuln/detail/CVE-2021-30744 [ 44 ] CVE-2021-30809 https://nvd.nist.gov/vuln/detail/CVE-2021-30809 [ 45 ] CVE-2021-30884 https://nvd.nist.gov/vuln/detail/CVE-2021-30884 [ 46 ] CVE-2021-30720 https://nvd.nist.gov/vuln/detail/CVE-2021-30720 [ 47 ] CVE-2021-30799 https://nvd.nist.gov/vuln/detail/CVE-2021-30799 [ 48 ] CVE-2021-30795 https://nvd.nist.gov/vuln/detail/CVE-2021-30795 [ 49 ] CVE-2021-1817 https://nvd.nist.gov/vuln/detail/CVE-2021-1817 [ 50 ] CVE-2021-21775 https://nvd.nist.gov/vuln/detail/CVE-2021-21775 [ 51 ] CVE-2021-30887 https://nvd.nist.gov/vuln/detail/CVE-2021-30887 [ 52 ] CVE-2021-21806 https://nvd.nist.gov/vuln/detail/CVE-2021-21806 [ 53 ] CVE-2021-30818 https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update Advisory ID: RHSA-2022:1777-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1777 Issue date: 2022-05-10 CVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 =====================================================================
- Summary:
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: webkit2gtk3-2.34.6-1.el8.src.rpm
aarch64: webkit2gtk3-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm
ppc64le: webkit2gtk3-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm
s390x: webkit2gtk3-2.34.6-1.el8.s390x.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm
x86_64: webkit2gtk3-2.34.6-1.el8.i686.rpm webkit2gtk3-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm webkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-30809 https://access.redhat.com/security/cve/CVE-2021-30818 https://access.redhat.com/security/cve/CVE-2021-30823 https://access.redhat.com/security/cve/CVE-2021-30836 https://access.redhat.com/security/cve/CVE-2021-30846 https://access.redhat.com/security/cve/CVE-2021-30848 https://access.redhat.com/security/cve/CVE-2021-30849 https://access.redhat.com/security/cve/CVE-2021-30851 https://access.redhat.com/security/cve/CVE-2021-30884 https://access.redhat.com/security/cve/CVE-2021-30887 https://access.redhat.com/security/cve/CVE-2021-30888 https://access.redhat.com/security/cve/CVE-2021-30889 https://access.redhat.com/security/cve/CVE-2021-30890 https://access.redhat.com/security/cve/CVE-2021-30897 https://access.redhat.com/security/cve/CVE-2021-30934 https://access.redhat.com/security/cve/CVE-2021-30936 https://access.redhat.com/security/cve/CVE-2021-30951 https://access.redhat.com/security/cve/CVE-2021-30952 https://access.redhat.com/security/cve/CVE-2021-30953 https://access.redhat.com/security/cve/CVE-2021-30954 https://access.redhat.com/security/cve/CVE-2021-30984 https://access.redhat.com/security/cve/CVE-2021-45481 https://access.redhat.com/security/cve/CVE-2021-45482 https://access.redhat.com/security/cve/CVE-2021-45483 https://access.redhat.com/security/cve/CVE-2022-22589 https://access.redhat.com/security/cve/CVE-2022-22590 https://access.redhat.com/security/cve/CVE-2022-22592 https://access.redhat.com/security/cve/CVE-2022-22594 https://access.redhat.com/security/cve/CVE-2022-22620 https://access.redhat.com/security/cve/CVE-2022-22637 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
For the oldstable distribution (buster), these problems have been fixed in version 2.34.4-1~deb10u1.
For the stable distribution (bullseye), these problems have been fixed in version 2.34.4-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1138",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.1"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "8.3"
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "8.3"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "tvos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021213"
},
{
"db": "NVD",
"id": "CVE-2021-30984"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
}
],
"trust": 0.3
},
"cve": "CVE-2021-30984",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2021-30984",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-390717",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2021-30984",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-30984",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-30984",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-30984",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-2102",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-390717",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-30984",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390717"
},
{
"db": "VULMON",
"id": "CVE-2021-30984"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021213"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2102"
},
{
"db": "NVD",
"id": "CVE-2021-30984"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. apple\u0027s Safari Race condition vulnerabilities exist in products from multiple vendors.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. (CVE-2020-27918)\n\"Clear History and Website Data\" did not clear the history. A user may be unable to fully delete browsing history. (CVE-2020-29623)\nThis issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1789)\nA port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. (CVE-2021-1799)\nThis issue was addressed with improved iframe sandbox enforcement. (CVE-2021-1820)\nAn input validation issue was addressed with improved input validation. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870)\nA use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\nA use-after-free vulnerability exists in the way Webkit\u0027s GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779)\nAn exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. The victim needs to visit a malicious web site to trigger the vulnerability. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30734)\nDescription: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30799)\nA use-after-free flaw was found in WebKitGTK. (CVE-2021-30809)\nA confusion type flaw was found in WebKitGTK. (CVE-2021-30818)\nAn out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30887)\nAn information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888)\nA buffer overflow flaw was found in WebKitGTK. (CVE-2021-30984)\n** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912)\nBubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762)\nA segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-26719)\nIn WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. (CVE-2022-30293)\nAn out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)\nMultiple out-of-bounds write issues were addressed with improved bounds checking. An app may be able to disclose kernel memory. Visiting a website that frames malicious content may lead to UI spoofing. (CVE-2022-32885)\nAn out-of-bounds write issue was addressed with improved bounds checking. (CVE-2022-32888)\nA correctness issue in the JIT was addressed with improved checks. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-46699)\nA memory corruption issue was addressed with improved input validation. (CVE-2022-46700)\nA flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529)\nA use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358)\nA use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360)\nA use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361)\nA use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362)\nA use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363)\nThe vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932)\nThe vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954)\nAn out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373)\nN/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-12-15-6 watchOS 8.3\n\nwatchOS 8.3 addresses the following issues. \nCVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab\n\nCFNetwork Proxies\nAvailable for: Apple Watch Series 3 and later\nImpact: User traffic might unexpectedly be leaked to a proxy server\ndespite PAC configurations\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: Apple Watch Series 3 and later\nImpact: Playing a malicious audio file may lead to arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab\n\nCrash Reporter\nAvailable for: Apple Watch Series 3 and later\nImpact: A local attacker may be able to elevate their privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year\nLab, Mickey Jin (@patch1t) of Trend Micro\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30916: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2021-30937: Sergei Glazunov of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30927: Xinru Chi of Pangu Lab\nCVE-2021-30980: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30949: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30955: Zweig of Kunlun Lab\n\nPreferences\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A validation issue related to hard link behavior was\naddressed with improved sandbox restrictions. \nCVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30946: @gorelics\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to access a user\u0027s files\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30767: @gorelics\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: An inherited permissions issue was addressed with\nadditional restrictions. \nCVE-2021-30954: Kunlun Lab\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Haram Park, Korea University for their\nassistance. \n\nColorSync\nWe would like to acknowledge Mateusz Jurczyk of Google Project Zero\nfor their assistance. \n\nContacts\nWe would like to acknowledge Minchan Park (03stin) for their\nassistance. \n\nKernel\nWe would like to acknowledge Amit Klein of Bar-Ilan University\u0027s\nCenter for Research in Applied Cryptography and Cyber Security for\ntheir assistance. \n\nWebKit\nWe would like to acknowledge Peter Snyder of Brave and Soroush Karami\nfor their assistance. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p\nrhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn\nwkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1\neG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh\nTL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj\nt1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+\nwlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz\nxnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS\nrwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj\nFPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj\nzn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI\n1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+\n-----END PGP SIGNATURE-----\n\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202202-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: February 01, 2022\n Bugs: #779175, #801400, #813489, #819522, #820434, #829723,\n #831739\n ID: 202202-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.34.4 \u003e= 2.34.4\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in WebkitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.34.4\"\n\nReferences\n=========\n[ 1 ] CVE-2021-30848\n https://nvd.nist.gov/vuln/detail/CVE-2021-30848\n[ 2 ] CVE-2021-30888\n https://nvd.nist.gov/vuln/detail/CVE-2021-30888\n[ 3 ] CVE-2021-30682\n https://nvd.nist.gov/vuln/detail/CVE-2021-30682\n[ 4 ] CVE-2021-30889\n https://nvd.nist.gov/vuln/detail/CVE-2021-30889\n[ 5 ] CVE-2021-30666\n https://nvd.nist.gov/vuln/detail/CVE-2021-30666\n[ 6 ] CVE-2021-30665\n https://nvd.nist.gov/vuln/detail/CVE-2021-30665\n[ 7 ] CVE-2021-30890\n https://nvd.nist.gov/vuln/detail/CVE-2021-30890\n[ 8 ] CVE-2021-30661\n https://nvd.nist.gov/vuln/detail/CVE-2021-30661\n[ 9 ] WSA-2021-0005\n https://webkitgtk.org/security/WSA-2021-0005.html\n[ 10 ] CVE-2021-30761\n https://nvd.nist.gov/vuln/detail/CVE-2021-30761\n[ 11 ] CVE-2021-30897\n https://nvd.nist.gov/vuln/detail/CVE-2021-30897\n[ 12 ] CVE-2021-30823\n https://nvd.nist.gov/vuln/detail/CVE-2021-30823\n[ 13 ] CVE-2021-30734\n https://nvd.nist.gov/vuln/detail/CVE-2021-30734\n[ 14 ] CVE-2021-30934\n https://nvd.nist.gov/vuln/detail/CVE-2021-30934\n[ 15 ] CVE-2021-1871\n https://nvd.nist.gov/vuln/detail/CVE-2021-1871\n[ 16 ] CVE-2021-30762\n https://nvd.nist.gov/vuln/detail/CVE-2021-30762\n[ 17 ] WSA-2021-0006\n https://webkitgtk.org/security/WSA-2021-0006.html\n[ 18 ] CVE-2021-30797\n https://nvd.nist.gov/vuln/detail/CVE-2021-30797\n[ 19 ] CVE-2021-30936\n https://nvd.nist.gov/vuln/detail/CVE-2021-30936\n[ 20 ] CVE-2021-30663\n https://nvd.nist.gov/vuln/detail/CVE-2021-30663\n[ 21 ] CVE-2021-1825\n https://nvd.nist.gov/vuln/detail/CVE-2021-1825\n[ 22 ] CVE-2021-30951\n https://nvd.nist.gov/vuln/detail/CVE-2021-30951\n[ 23 ] CVE-2021-30952\n https://nvd.nist.gov/vuln/detail/CVE-2021-30952\n[ 24 ] CVE-2021-1788\n https://nvd.nist.gov/vuln/detail/CVE-2021-1788\n[ 25 ] CVE-2021-1820\n https://nvd.nist.gov/vuln/detail/CVE-2021-1820\n[ 26 ] CVE-2021-30953\n https://nvd.nist.gov/vuln/detail/CVE-2021-30953\n[ 27 ] CVE-2021-30749\n https://nvd.nist.gov/vuln/detail/CVE-2021-30749\n[ 28 ] CVE-2021-30849\n https://nvd.nist.gov/vuln/detail/CVE-2021-30849\n[ 29 ] CVE-2021-1826\n https://nvd.nist.gov/vuln/detail/CVE-2021-1826\n[ 30 ] CVE-2021-30836\n https://nvd.nist.gov/vuln/detail/CVE-2021-30836\n[ 31 ] CVE-2021-30954\n https://nvd.nist.gov/vuln/detail/CVE-2021-30954\n[ 32 ] CVE-2021-30984\n https://nvd.nist.gov/vuln/detail/CVE-2021-30984\n[ 33 ] CVE-2021-30851\n https://nvd.nist.gov/vuln/detail/CVE-2021-30851\n[ 34 ] CVE-2021-30758\n https://nvd.nist.gov/vuln/detail/CVE-2021-30758\n[ 35 ] CVE-2021-42762\n https://nvd.nist.gov/vuln/detail/CVE-2021-42762\n[ 36 ] CVE-2021-1844\n https://nvd.nist.gov/vuln/detail/CVE-2021-1844\n[ 37 ] CVE-2021-30689\n https://nvd.nist.gov/vuln/detail/CVE-2021-30689\n[ 38 ] CVE-2021-45482\n https://nvd.nist.gov/vuln/detail/CVE-2021-45482\n[ 39 ] CVE-2021-30858\n https://nvd.nist.gov/vuln/detail/CVE-2021-30858\n[ 40 ] CVE-2021-21779\n https://nvd.nist.gov/vuln/detail/CVE-2021-21779\n[ 41 ] WSA-2021-0004\n https://webkitgtk.org/security/WSA-2021-0004.html\n[ 42 ] CVE-2021-30846\n https://nvd.nist.gov/vuln/detail/CVE-2021-30846\n[ 43 ] CVE-2021-30744\n https://nvd.nist.gov/vuln/detail/CVE-2021-30744\n[ 44 ] CVE-2021-30809\n https://nvd.nist.gov/vuln/detail/CVE-2021-30809\n[ 45 ] CVE-2021-30884\n https://nvd.nist.gov/vuln/detail/CVE-2021-30884\n[ 46 ] CVE-2021-30720\n https://nvd.nist.gov/vuln/detail/CVE-2021-30720\n[ 47 ] CVE-2021-30799\n https://nvd.nist.gov/vuln/detail/CVE-2021-30799\n[ 48 ] CVE-2021-30795\n https://nvd.nist.gov/vuln/detail/CVE-2021-30795\n[ 49 ] CVE-2021-1817\n https://nvd.nist.gov/vuln/detail/CVE-2021-1817\n[ 50 ] CVE-2021-21775\n https://nvd.nist.gov/vuln/detail/CVE-2021-21775\n[ 51 ] CVE-2021-30887\n https://nvd.nist.gov/vuln/detail/CVE-2021-30887\n[ 52 ] CVE-2021-21806\n https://nvd.nist.gov/vuln/detail/CVE-2021-21806\n[ 53 ] CVE-2021-30818\n https://nvd.nist.gov/vuln/detail/CVE-2021-30818\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202202-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2022:1777-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1777\nIssue date: 2022-05-10\nCVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 \n CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 \n CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 \n CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 \n CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 \n CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 \n CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 \n CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 \n CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 \n CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 \n=====================================================================\n\n1. Summary:\n\nAn update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nWebKitGTK is the port of the portable web rendering engine WebKit to the\nGTK platform. \n\nThe following packages have been upgraded to a later upstream version:\nwebkit2gtk3 (2.34.6). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.6 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nwebkit2gtk3-2.34.6-1.el8.src.rpm\n\naarch64:\nwebkit2gtk3-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\n\nppc64le:\nwebkit2gtk3-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\n\ns390x:\nwebkit2gtk3-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm\n\nx86_64:\nwebkit2gtk3-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-30809\nhttps://access.redhat.com/security/cve/CVE-2021-30818\nhttps://access.redhat.com/security/cve/CVE-2021-30823\nhttps://access.redhat.com/security/cve/CVE-2021-30836\nhttps://access.redhat.com/security/cve/CVE-2021-30846\nhttps://access.redhat.com/security/cve/CVE-2021-30848\nhttps://access.redhat.com/security/cve/CVE-2021-30849\nhttps://access.redhat.com/security/cve/CVE-2021-30851\nhttps://access.redhat.com/security/cve/CVE-2021-30884\nhttps://access.redhat.com/security/cve/CVE-2021-30887\nhttps://access.redhat.com/security/cve/CVE-2021-30888\nhttps://access.redhat.com/security/cve/CVE-2021-30889\nhttps://access.redhat.com/security/cve/CVE-2021-30890\nhttps://access.redhat.com/security/cve/CVE-2021-30897\nhttps://access.redhat.com/security/cve/CVE-2021-30934\nhttps://access.redhat.com/security/cve/CVE-2021-30936\nhttps://access.redhat.com/security/cve/CVE-2021-30951\nhttps://access.redhat.com/security/cve/CVE-2021-30952\nhttps://access.redhat.com/security/cve/CVE-2021-30953\nhttps://access.redhat.com/security/cve/CVE-2021-30954\nhttps://access.redhat.com/security/cve/CVE-2021-30984\nhttps://access.redhat.com/security/cve/CVE-2021-45481\nhttps://access.redhat.com/security/cve/CVE-2021-45482\nhttps://access.redhat.com/security/cve/CVE-2021-45483\nhttps://access.redhat.com/security/cve/CVE-2022-22589\nhttps://access.redhat.com/security/cve/CVE-2022-22590\nhttps://access.redhat.com/security/cve/CVE-2022-22592\nhttps://access.redhat.com/security/cve/CVE-2022-22594\nhttps://access.redhat.com/security/cve/CVE-2022-22620\nhttps://access.redhat.com/security/cve/CVE-2022-22637\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.34.4-1~deb10u1. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.34.4-1~deb11u1. \n\nWe recommend that you upgrade your webkit2gtk packages",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-30984"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021213"
},
{
"db": "VULHUB",
"id": "VHN-390717"
},
{
"db": "VULMON",
"id": "CVE-2021-30984"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "169195"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-30984",
"trust": 4.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/21/2",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "167037",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165360",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021213",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022012631",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121510",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121434",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051140",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012301",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0371",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0899",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4260",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0405",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2102",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "165359",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165358",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-390717",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-30984",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165794",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169186",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169195",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390717"
},
{
"db": "VULMON",
"id": "CVE-2021-30984"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021213"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2102"
},
{
"db": "NVD",
"id": "CVE-2021-30984"
}
]
},
"id": "VAR-202108-1138",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-390717"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:09:10.926000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212980 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://www.debian.org/security/2022/dsa-5060"
},
{
"title": "Apple iOS and iPadOS Repair measures for the competition condition problem loophole",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175826"
},
{
"title": "Red Hat: CVE-2021-30984",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-30984"
},
{
"title": "Debian Security Advisories: DSA-5060-1 webkit2gtk -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=743b4956bba0b69beefec691bcb80a4f"
},
{
"title": "Debian Security Advisories: DSA-5061-1 wpewebkit -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=de655d6c12336519b9a7054c0eb4670d"
},
{
"title": "Amazon Linux 2: ALAS2-2023-2088",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-2088"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-30984"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021213"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2102"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 1.1
},
{
"problemtype": "Race condition (CWE-362) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390717"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021213"
},
{
"db": "NVD",
"id": "CVE-2021-30984"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.openwall.com/lists/oss-security/2022/01/21/2"
},
{
"trust": 2.4,
"url": "https://support.apple.com/en-us/ht212976"
},
{
"trust": 2.4,
"url": "https://support.apple.com/en-us/ht212982"
},
{
"trust": 1.9,
"url": "https://www.debian.org/security/2022/dsa-5060"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2022/dsa-5061"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212975"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212978"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212980"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30984"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-30984"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30936"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30953"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30952"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30951"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30954"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30934"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0371"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-37064"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167037/red-hat-security-advisory-2022-1777-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121510"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkitgtk-multiple-vulnerabilities-37345"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051140"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4260"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0405"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121434"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0899"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165360/apple-security-advisory-2021-12-15-7.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012301"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012631"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30966"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30926"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30957"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30958"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30960"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30916"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30945"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30939"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30955"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30937"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30980"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30949"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30947"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30887"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30884"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30890"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30818"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45482"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30809"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30889"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30823"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30888"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30836"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/362.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2023-2088.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30995"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212980."
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212975."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30767"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30964"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212982."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1820"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30762"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0005.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30758"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21779"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202202-01"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1871"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30795"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30661"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30666"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30689"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0004.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0006.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21806"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22592"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22637"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30809"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30846"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30890"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22620"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30887"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30952"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22590"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30936"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30848"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45483"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30849"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30836"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45481"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30818"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30951"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30954"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22590"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30884"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/webkit2gtk"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/wpewebkit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390717"
},
{
"db": "VULMON",
"id": "CVE-2021-30984"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021213"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2102"
},
{
"db": "NVD",
"id": "CVE-2021-30984"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-390717"
},
{
"db": "VULMON",
"id": "CVE-2021-30984"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021213"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2102"
},
{
"db": "NVD",
"id": "CVE-2021-30984"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-390717"
},
{
"date": "2021-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30984"
},
{
"date": "2024-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-021213"
},
{
"date": "2021-12-17T19:19:55",
"db": "PACKETSTORM",
"id": "165358"
},
{
"date": "2021-12-17T19:20:06",
"db": "PACKETSTORM",
"id": "165359"
},
{
"date": "2021-12-17T19:23:27",
"db": "PACKETSTORM",
"id": "165360"
},
{
"date": "2022-02-01T17:03:05",
"db": "PACKETSTORM",
"id": "165794"
},
{
"date": "2022-05-11T15:50:41",
"db": "PACKETSTORM",
"id": "167037"
},
{
"date": "2022-01-28T20:12:00",
"db": "PACKETSTORM",
"id": "169186"
},
{
"date": "2022-01-28T20:12:00",
"db": "PACKETSTORM",
"id": "169195"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2102"
},
{
"date": "2021-08-24T19:15:23.543000",
"db": "NVD",
"id": "CVE-2021-30984"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-19T00:00:00",
"db": "VULHUB",
"id": "VHN-390717"
},
{
"date": "2022-02-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30984"
},
{
"date": "2024-07-18T08:27:00",
"db": "JVNDB",
"id": "JVNDB-2021-021213"
},
{
"date": "2022-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2102"
},
{
"date": "2023-11-07T03:34:11.977000",
"db": "NVD",
"id": "CVE-2021-30984"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2102"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0Safari\u00a0 Vulnerabilities related to race conditions in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021213"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "competition condition problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2102"
}
],
"trust": 0.6
}
}
var-202205-0540
Vulnerability from variot
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution. vim/vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. There is a resource management error vulnerability in versions prior to Vim 8.2.4895. The vulnerability is caused by the confusion of the instruction responsible for releasing memory in the append_command program. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Unfortunately that update failed to include binary packages for some architectures. This update fixes that regression.
We apologize for the inconvenience. This issue affected only Ubuntu 22.04 LTS. ========================================================================== Ubuntu Security Notice USN-5460-1 June 06, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0943)
It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1616)
It was discovered that Vim was not properly processing latin1 data when issuing Ex commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1619)
It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers, which could cause a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-1620)
It was discovered that Vim was not properly processing invalid bytes when performing spell check operations, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1621)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm6
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5460-1 CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0540",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4895"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "macos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011440"
},
{
"db": "NVD",
"id": "CVE-2022-1616"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 0.3
},
"cve": "CVE-2022-1616",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1616",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-419729",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1616",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1616",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-1616",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1616",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1616",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-1616",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2613",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-419729",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1616",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419729"
},
{
"db": "VULMON",
"id": "CVE-2022-1616"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011440"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2613"
},
{
"db": "NVD",
"id": "CVE-2022-1616"
},
{
"db": "NVD",
"id": "CVE-2022-1616"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution. vim/vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. There is a resource management error vulnerability in versions prior to Vim 8.2.4895. The vulnerability is caused by the confusion of the instruction responsible for releasing memory in the append_command program. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Unfortunately that update failed\nto include binary packages for some architectures. This update fixes that\nregression. \n\nWe apologize for the inconvenience. This issue affected only Ubuntu 22.04 LTS. ==========================================================================\nUbuntu Security Notice USN-5460-1\nJune 06, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. \nAn attacker could possibly use this issue to perform illegal memory\naccess and expose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks\nfor column numbers when replacing tabs with spaces or spaces with\ntabs, which could cause a heap buffer overflow. An attacker could\npossibly use this issue to cause a denial of service or execute\narbitrary code. (CVE-2022-0572)\n\nIt was discovered that Vim was not properly performing validation of\ndata that contained special multi-byte characters, which could cause\nan out-of-bounds read. An attacker could possibly use this issue to\ncause a denial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to\ndefine indentation in a file, which could cause a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial\nof service. (CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds\nread. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2022-0729)\n\nIt was discovered that Vim was not properly performing bounds checks\nwhen executing spell suggestion commands, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-0943)\n\nIt was discovered that Vim was incorrectly performing bounds checks\nwhen processing invalid commands with composing characters in Ex\nmode, which could cause a buffer overflow. An attacker could possibly\nuse this issue to cause a denial of service or execute arbitrary\ncode. (CVE-2022-1616)\n\nIt was discovered that Vim was not properly processing latin1 data\nwhen issuing Ex commands, which could cause a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-1619)\n\nIt was discovered that Vim was not properly performing memory\nmanagement when dealing with invalid regular expression patterns in\nbuffers, which could cause a NULL pointer dereference. An attacker\ncould possibly use this issue to cause a denial of service. \n(CVE-2022-1620)\n\nIt was discovered that Vim was not properly processing invalid bytes\nwhen performing spell check operations, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-1621)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n vim 2:7.4.1689-3ubuntu1.5+esm6\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5460-1\n CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714,\n CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619,\n CVE-2022-1620, CVE-2022-1621\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1616"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011440"
},
{
"db": "VULHUB",
"id": "VHN-419729"
},
{
"db": "VULMON",
"id": "CVE-2022-1616"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1616",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "168420",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168395",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167419",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011440",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4617",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2405",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4641",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052018",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060635",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2613",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-36993",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-419729",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1616",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419729"
},
{
"db": "VULMON",
"id": "CVE-2022-1616"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011440"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2613"
},
{
"db": "NVD",
"id": "CVE-2022-1616"
}
]
},
"id": "VAR-202205-0540",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-419729"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:12:40.795000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"title": "Vim Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=191849"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1616"
},
{
"title": "Ubuntu Security Notice: USN-5613-2: Vim regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5613-2"
},
{
"title": "Ubuntu Security Notice: USN-5613-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5613-1"
},
{
"title": "Ubuntu Security Notice: USN-5460-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5460-1"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11dbcf77118f7ec64d0ef6c1e3c087e3"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1616"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011440"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2613"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419729"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011440"
},
{
"db": "NVD",
"id": "CVE-2022-1616"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jun33257rum4rs2i4gzetkfsaxpetatg/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/a6by5p7erzs7kxsbcgfcoxlmlgwuujih/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hip7kg7tvs5yf3qreay2gogut3yubzai/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hip7kg7tvs5yf3qreay2gogut3yubzai/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/a6by5p7erzs7kxsbcgfcoxlmlgwuujih/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jun33257rum4rs2i4gzetkfsaxpetatg/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-1616"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2405"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4617"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167419/ubuntu-security-notice-usn-5460-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060635"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-ex-docmd-c-38309"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2791"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4641"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1616/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168395/ubuntu-security-notice-usn-5613-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168420/ubuntu-security-notice-usn-5613-2.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052018"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5613-2"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5613-1"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.8"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.9"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1989973"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5460-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419729"
},
{
"db": "VULMON",
"id": "CVE-2022-1616"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011440"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2613"
},
{
"db": "NVD",
"id": "CVE-2022-1616"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-419729"
},
{
"db": "VULMON",
"id": "CVE-2022-1616"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011440"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2613"
},
{
"db": "NVD",
"id": "CVE-2022-1616"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-419729"
},
{
"date": "2022-05-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1616"
},
{
"date": "2023-08-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011440"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-09-15T14:21:20",
"db": "PACKETSTORM",
"id": "168395"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-09-19T18:26:16",
"db": "PACKETSTORM",
"id": "168420"
},
{
"date": "2022-06-07T15:13:22",
"db": "PACKETSTORM",
"id": "167419"
},
{
"date": "2022-05-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2613"
},
{
"date": "2022-05-07T19:15:07.447000",
"db": "NVD",
"id": "CVE-2022-1616"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-419729"
},
{
"date": "2022-09-09T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1616"
},
{
"date": "2023-08-22T05:58:00",
"db": "JVNDB",
"id": "JVNDB-2022-011440"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2613"
},
{
"date": "2024-11-21T06:41:05.867000",
"db": "NVD",
"id": "CVE-2022-1616"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2613"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Vulnerability in using free memory in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011440"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2613"
}
],
"trust": 0.6
}
}
var-202209-0761
Vulnerability from variot
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. apple's Safari Products from other vendors have out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. CVE-2022-32795: Narendra Bhati of Suma Soft Pvt. Ltd.
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 15.7 and iPadOS 15.7". WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab Entry added October 27, 2022
Safari 16 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-13 watchOS 9
watchOS 9 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213486. CVE-2022-42795: ryuzaki
AppleAVD Available for: Apple Watch Series 4 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research s.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee__)
Apple Neural Engine Available for: Apple Watch Series 4 and later Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: Apple Watch Series 4 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36) CVE-2022-32889: Mohamed Ghannam (@_simo36)
Contacts Available for: Apple Watch Series 4 and later Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved checks. CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security
Exchange Available for: Apple Watch Series 4 and later Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher
GPU Drivers Available for: Apple Watch Series 4 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32903: an anonymous researcher
ImageIO Available for: Apple Watch Series 4 and later Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622
Image Processing Available for: Apple Watch Series 4 and later Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: Apple Watch Series 4 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab
Kernel Available for: Apple Watch Series 4 and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab
Kernel Available for: Apple Watch Series 4 and later Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2022-32894: an anonymous researcher
Maps Available for: Apple Watch Series 4 and later Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com
MediaLibrary Available for: Apple Watch Series 4 and later Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
Notifications Available for: Apple Watch Series 4 and later Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer
Sandbox Available for: Apple Watch Series 4 and later Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security
Siri Available for: Apple Watch Series 4 and later Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)
SQLite Available for: Apple Watch Series 4 and later Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690
Watch app Available for: Apple Watch Series 4 and later Impact: An app may be able to read a persistent device identifier Description: This issue was addressed with improved entitlements. CVE-2022-32835: Guilherme Rambo of Best Buddy Apps (rambo.codes)
Weather Available for: Apple Watch Series 4 and later Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: Apple Watch Series 4 and later Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. Apple is aware of a report that this issue may have been actively exploited. WebKit Bugzilla: 243557 CVE-2022-32893: an anonymous researcher
Wi-Fi Available for: Apple Watch Series 4 and later Impact: An app may be able to cause unexpected system termination or write kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32925: Wang Yu of Cyberserval
Additional recognition
AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance.
FaceTime We would like to acknowledge an anonymous researcher for their assistance.
Kernel We would like to acknowledge an anonymous researcher for their assistance.
Mail We would like to acknowledge an anonymous researcher for their assistance.
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
UIKit We would like to acknowledge Aleczander Ewing for their assistance.
WebKit We would like to acknowledge an anonymous researcher for their assistance.
WebRTC We would like to acknowledge an anonymous researcher for their assistance.
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpMACgkQ4RjMIDke Nxmucg/+L8XHGSij8F6IoUuvCuJ3u1IUfHXE5LK0BafEddVzKS87fct6KP7L3kvE SfdJVCOrmfVImKn3etfpDgwgZoYqF8cxeb9PO7ObVT/15GBBfuAGc+rNZ3oAeWDJ iYFiiWZrDnj9gz6bo0jn4dN9q8/X9iIjUCujPdkrFzXqa+KkVub9wv6/jtJGQA3O YgDIaV0UvcJss0uhJR9GX+A3+4zeJgUiNq2a/1qf1nOFh/O59pbHNWYnHzB91/FE 8V+EJgfxaK/M3zDfonPI9SMa26lO+VJejOnco98of7Kk+yNoOy6xTIkBLLBURMqN Jxz0I3WNxjM5TQ61WzINvd198gqjyac2nVg1S4Gqkekk6VXwmQR5zaqQmzePQqp3 qw+qhICNqFSUJPyIDQwnuCaf1MlfEj57ustS5d8g5M1fNXBlnrtJVpI/CcPIAYvo 7pQZy/6QptmrPp6Lgv6k/Vtxi/H5s8/tHCnhtvczbdpH6lsPmCJlDSdzsK1L8krP 82WcjBulywZWfZ4IBNi52lD+EWlmzHomcYVGQcbd0/1FLE8h5meKCvYxM5ovfk1F PloJY8FQgJ3b+NcTQuTD4dZ7rc+Le5WqqD4EAgYbOKgAD6Fqy47eY8yNcYJw0qXP 5jll4mfHUJe7NHc9frZKrdpH0Cl8o9lRdRPpM+kLqteQlpNOjao= =Ty+V -----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Debian Security Advisory DSA-5240-1 security@debian.org https://www.debian.org/security/ Alberto Garcia September 28, 2022 https://www.debian.org/security/faq
Package : webkit2gtk CVE ID : CVE-2022-32886
The following vulnerabilities have been discovered in the WebKitGTK web engine:
CVE-2022-32886
P1umer, afang5472 and xmzyshypnc discovered that processing
maliciously crafted web content may lead to arbitrary code
execution
For the stable distribution (bullseye), this problem has been fixed in version 2.38.0-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: webkit2gtk3 security and bug fix update Advisory ID: RHSA-2023:2256-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2256 Issue date: 2023-05-09 CVE Names: CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 CVE-2022-42826 CVE-2022-42852 CVE-2022-42863 CVE-2022-42867 CVE-2022-46691 CVE-2022-46692 CVE-2022-46698 CVE-2022-46699 CVE-2022-46700 CVE-2023-23517 CVE-2023-23518 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363 ==================================================================== 1. Summary:
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64
- Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 9):
Source: webkit2gtk3-2.38.5-1.el9.src.rpm
aarch64: webkit2gtk3-2.38.5-1.el9.aarch64.rpm webkit2gtk3-debuginfo-2.38.5-1.el9.aarch64.rpm webkit2gtk3-debugsource-2.38.5-1.el9.aarch64.rpm webkit2gtk3-devel-2.38.5-1.el9.aarch64.rpm webkit2gtk3-devel-debuginfo-2.38.5-1.el9.aarch64.rpm webkit2gtk3-jsc-2.38.5-1.el9.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.aarch64.rpm webkit2gtk3-jsc-devel-2.38.5-1.el9.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.aarch64.rpm
ppc64le: webkit2gtk3-2.38.5-1.el9.ppc64le.rpm webkit2gtk3-debuginfo-2.38.5-1.el9.ppc64le.rpm webkit2gtk3-debugsource-2.38.5-1.el9.ppc64le.rpm webkit2gtk3-devel-2.38.5-1.el9.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.38.5-1.el9.ppc64le.rpm webkit2gtk3-jsc-2.38.5-1.el9.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.ppc64le.rpm webkit2gtk3-jsc-devel-2.38.5-1.el9.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.ppc64le.rpm
s390x: webkit2gtk3-2.38.5-1.el9.s390x.rpm webkit2gtk3-debuginfo-2.38.5-1.el9.s390x.rpm webkit2gtk3-debugsource-2.38.5-1.el9.s390x.rpm webkit2gtk3-devel-2.38.5-1.el9.s390x.rpm webkit2gtk3-devel-debuginfo-2.38.5-1.el9.s390x.rpm webkit2gtk3-jsc-2.38.5-1.el9.s390x.rpm webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.s390x.rpm webkit2gtk3-jsc-devel-2.38.5-1.el9.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.s390x.rpm
x86_64: webkit2gtk3-2.38.5-1.el9.i686.rpm webkit2gtk3-2.38.5-1.el9.x86_64.rpm webkit2gtk3-debuginfo-2.38.5-1.el9.i686.rpm webkit2gtk3-debuginfo-2.38.5-1.el9.x86_64.rpm webkit2gtk3-debugsource-2.38.5-1.el9.i686.rpm webkit2gtk3-debugsource-2.38.5-1.el9.x86_64.rpm webkit2gtk3-devel-2.38.5-1.el9.i686.rpm webkit2gtk3-devel-2.38.5-1.el9.x86_64.rpm webkit2gtk3-devel-debuginfo-2.38.5-1.el9.i686.rpm webkit2gtk3-devel-debuginfo-2.38.5-1.el9.x86_64.rpm webkit2gtk3-jsc-2.38.5-1.el9.i686.rpm webkit2gtk3-jsc-2.38.5-1.el9.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.i686.rpm webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.x86_64.rpm webkit2gtk3-jsc-devel-2.38.5-1.el9.i686.rpm webkit2gtk3-jsc-devel-2.38.5-1.el9.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-32886 https://access.redhat.com/security/cve/CVE-2022-32888 https://access.redhat.com/security/cve/CVE-2022-32923 https://access.redhat.com/security/cve/CVE-2022-42799 https://access.redhat.com/security/cve/CVE-2022-42823 https://access.redhat.com/security/cve/CVE-2022-42824 https://access.redhat.com/security/cve/CVE-2022-42826 https://access.redhat.com/security/cve/CVE-2022-42852 https://access.redhat.com/security/cve/CVE-2022-42863 https://access.redhat.com/security/cve/CVE-2022-42867 https://access.redhat.com/security/cve/CVE-2022-46691 https://access.redhat.com/security/cve/CVE-2022-46692 https://access.redhat.com/security/cve/CVE-2022-46698 https://access.redhat.com/security/cve/CVE-2022-46699 https://access.redhat.com/security/cve/CVE-2022-46700 https://access.redhat.com/security/cve/CVE-2023-23517 https://access.redhat.com/security/cve/CVE-2023-23518 https://access.redhat.com/security/cve/CVE-2023-25358 https://access.redhat.com/security/cve/CVE-2023-25360 https://access.redhat.com/security/cve/CVE-2023-25361 https://access.redhat.com/security/cve/CVE-2023-25362 https://access.redhat.com/security/cve/CVE-2023-25363 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-0761",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "16.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "ipados",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "15.7"
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018927"
},
{
"db": "NVD",
"id": "CVE-2022-32886"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "168342"
},
{
"db": "PACKETSTORM",
"id": "169602"
},
{
"db": "PACKETSTORM",
"id": "169598"
},
{
"db": "PACKETSTORM",
"id": "169589"
}
],
"trust": 0.4
},
"cve": "CVE-2022-32886",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-32886",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-32886",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-32886",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-32886",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-777",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018927"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-777"
},
{
"db": "NVD",
"id": "CVE-2022-32886"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. apple\u0027s Safari Products from other vendors have out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. \nCVE-2022-32795: Narendra Bhati of Suma Soft Pvt. Ltd. \n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/ iTunes and Software Update on the\ndevice will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it is downloaded and the option\nto be installed is presented to the user when the iOS device is\ndocked. We recommend applying the update immediately if possible. \nSelecting Don\u0027t Install will present the option the next time you\nconnect your iOS device. The automatic update process may take up to\na week depending on the day that iTunes or the device checks for\nupdates. You may manually obtain the update via the Check for Updates\nbutton within iTunes, or the Software Update on your device. To\ncheck that the iPhone, iPod touch, or iPad has been updated: *\nNavigate to Settings * Select General * Select About. The version\nafter applying this update will be \"iOS 15.7 and iPadOS 15.7\". \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\nEntry added October 27, 2022\n\nSafari 16 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-13 watchOS 9\n\nwatchOS 9 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213486. \nCVE-2022-42795: ryuzaki\n\nAppleAVD\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32907: Natalie Silvanovich of Google Project Zero, Antonio\nZekic (@antoniozekic) and John Aakerblom (@jaakerblom), ABC Research\ns.r.o, Yinyi Wu, Tommaso Bianco (@cutesmilee__)\n\nApple Neural Engine\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\nCVE-2022-32889: Mohamed Ghannam (@_simo36)\n\nContacts\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved checks. \nCVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security\n\nExchange\nAvailable for: Apple Watch Series 4 and later\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\n\nGPU Drivers\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32903: an anonymous researcher\n\nImageIO\nAvailable for: Apple Watch Series 4 and later\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\n\nImage Processing\nAvailable for: Apple Watch Series 4 and later\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Apple Watch Series 4 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nCVE-2022-32894: an anonymous researcher\n\nMaps\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\n\nMediaLibrary\nAvailable for: Apple Watch Series 4 and later\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nNotifications\nAvailable for: Apple Watch Series 4 and later\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\n\nSandbox\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSiri\nAvailable for: Apple Watch Series 4 and later\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)\n\nSQLite\nAvailable for: Apple Watch Series 4 and later\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\n\nWatch app\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to read a persistent device identifier\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-32835: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nWeather\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Apple Watch Series 4 and later\nImpact: Visiting a website that frames malicious content may lead to\nUI spoofing\nDescription: The issue was addressed with improved UI handling. Apple is aware of a report that this issue\nmay have been actively exploited. \nWebKit Bugzilla: 243557\nCVE-2022-32893: an anonymous researcher\n\nWi-Fi\nAvailable for: Apple Watch Series 4 and later\nImpact: An app may be able to cause unexpected system termination or\nwrite kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32925: Wang Yu of Cyberserval\n\nAdditional recognition\n\nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nKernel\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge Aleczander Ewing for their assistance. \n\nWebKit\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nInstructions on how to update your Apple Watch software are available\nat https://support.apple.com/kb/HT204641 To check the version on\nyour Apple Watch, open the Apple Watch app on your iPhone and select\n\"My Watch \u003e General \u003e About\". Alternatively, on your watch, select\n\"My Watch \u003e General \u003e About\". \nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpMACgkQ4RjMIDke\nNxmucg/+L8XHGSij8F6IoUuvCuJ3u1IUfHXE5LK0BafEddVzKS87fct6KP7L3kvE\nSfdJVCOrmfVImKn3etfpDgwgZoYqF8cxeb9PO7ObVT/15GBBfuAGc+rNZ3oAeWDJ\niYFiiWZrDnj9gz6bo0jn4dN9q8/X9iIjUCujPdkrFzXqa+KkVub9wv6/jtJGQA3O\nYgDIaV0UvcJss0uhJR9GX+A3+4zeJgUiNq2a/1qf1nOFh/O59pbHNWYnHzB91/FE\n8V+EJgfxaK/M3zDfonPI9SMa26lO+VJejOnco98of7Kk+yNoOy6xTIkBLLBURMqN\nJxz0I3WNxjM5TQ61WzINvd198gqjyac2nVg1S4Gqkekk6VXwmQR5zaqQmzePQqp3\nqw+qhICNqFSUJPyIDQwnuCaf1MlfEj57ustS5d8g5M1fNXBlnrtJVpI/CcPIAYvo\n7pQZy/6QptmrPp6Lgv6k/Vtxi/H5s8/tHCnhtvczbdpH6lsPmCJlDSdzsK1L8krP\n82WcjBulywZWfZ4IBNi52lD+EWlmzHomcYVGQcbd0/1FLE8h5meKCvYxM5ovfk1F\nPloJY8FQgJ3b+NcTQuTD4dZ7rc+Le5WqqD4EAgYbOKgAD6Fqy47eY8yNcYJw0qXP\n5jll4mfHUJe7NHc9frZKrdpH0Cl8o9lRdRPpM+kLqteQlpNOjao=\n=Ty+V\n-----END PGP SIGNATURE-----\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5240-1 security@debian.org\nhttps://www.debian.org/security/ Alberto Garcia\nSeptember 28, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : webkit2gtk\nCVE ID : CVE-2022-32886\n\nThe following vulnerabilities have been discovered in the WebKitGTK\nweb engine:\n\nCVE-2022-32886\n\n P1umer, afang5472 and xmzyshypnc discovered that processing\n maliciously crafted web content may lead to arbitrary code\n execution\n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 2.38.0-1~deb11u1. \n\nWe recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: webkit2gtk3 security and bug fix update\nAdvisory ID: RHSA-2023:2256-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:2256\nIssue date: 2023-05-09\nCVE Names: CVE-2022-32886 CVE-2022-32888 CVE-2022-32923\n CVE-2022-42799 CVE-2022-42823 CVE-2022-42824\n CVE-2022-42826 CVE-2022-42852 CVE-2022-42863\n CVE-2022-42867 CVE-2022-46691 CVE-2022-46692\n CVE-2022-46698 CVE-2022-46699 CVE-2022-46700\n CVE-2023-23517 CVE-2023-23518 CVE-2023-25358\n CVE-2023-25360 CVE-2023-25361 CVE-2023-25362\n CVE-2023-25363\n====================================================================\n1. Summary:\n\nAn update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nWebKitGTK is the port of the portable web rendering engine WebKit to the\nGTK platform. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 9.2 Release Notes linked from the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\nSource:\nwebkit2gtk3-2.38.5-1.el9.src.rpm\n\naarch64:\nwebkit2gtk3-2.38.5-1.el9.aarch64.rpm\nwebkit2gtk3-debuginfo-2.38.5-1.el9.aarch64.rpm\nwebkit2gtk3-debugsource-2.38.5-1.el9.aarch64.rpm\nwebkit2gtk3-devel-2.38.5-1.el9.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.38.5-1.el9.aarch64.rpm\nwebkit2gtk3-jsc-2.38.5-1.el9.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.38.5-1.el9.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.38.5-1.el9.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.aarch64.rpm\n\nppc64le:\nwebkit2gtk3-2.38.5-1.el9.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.38.5-1.el9.ppc64le.rpm\nwebkit2gtk3-debugsource-2.38.5-1.el9.ppc64le.rpm\nwebkit2gtk3-devel-2.38.5-1.el9.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.38.5-1.el9.ppc64le.rpm\nwebkit2gtk3-jsc-2.38.5-1.el9.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.38.5-1.el9.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.38.5-1.el9.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.ppc64le.rpm\n\ns390x:\nwebkit2gtk3-2.38.5-1.el9.s390x.rpm\nwebkit2gtk3-debuginfo-2.38.5-1.el9.s390x.rpm\nwebkit2gtk3-debugsource-2.38.5-1.el9.s390x.rpm\nwebkit2gtk3-devel-2.38.5-1.el9.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.38.5-1.el9.s390x.rpm\nwebkit2gtk3-jsc-2.38.5-1.el9.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.38.5-1.el9.s390x.rpm\nwebkit2gtk3-jsc-devel-2.38.5-1.el9.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.s390x.rpm\n\nx86_64:\nwebkit2gtk3-2.38.5-1.el9.i686.rpm\nwebkit2gtk3-2.38.5-1.el9.x86_64.rpm\nwebkit2gtk3-debuginfo-2.38.5-1.el9.i686.rpm\nwebkit2gtk3-debuginfo-2.38.5-1.el9.x86_64.rpm\nwebkit2gtk3-debugsource-2.38.5-1.el9.i686.rpm\nwebkit2gtk3-debugsource-2.38.5-1.el9.x86_64.rpm\nwebkit2gtk3-devel-2.38.5-1.el9.i686.rpm\nwebkit2gtk3-devel-2.38.5-1.el9.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.38.5-1.el9.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.38.5-1.el9.x86_64.rpm\nwebkit2gtk3-jsc-2.38.5-1.el9.i686.rpm\nwebkit2gtk3-jsc-2.38.5-1.el9.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.38.5-1.el9.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.38.5-1.el9.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.38.5-1.el9.i686.rpm\nwebkit2gtk3-jsc-devel-2.38.5-1.el9.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-32886\nhttps://access.redhat.com/security/cve/CVE-2022-32888\nhttps://access.redhat.com/security/cve/CVE-2022-32923\nhttps://access.redhat.com/security/cve/CVE-2022-42799\nhttps://access.redhat.com/security/cve/CVE-2022-42823\nhttps://access.redhat.com/security/cve/CVE-2022-42824\nhttps://access.redhat.com/security/cve/CVE-2022-42826\nhttps://access.redhat.com/security/cve/CVE-2022-42852\nhttps://access.redhat.com/security/cve/CVE-2022-42863\nhttps://access.redhat.com/security/cve/CVE-2022-42867\nhttps://access.redhat.com/security/cve/CVE-2022-46691\nhttps://access.redhat.com/security/cve/CVE-2022-46692\nhttps://access.redhat.com/security/cve/CVE-2022-46698\nhttps://access.redhat.com/security/cve/CVE-2022-46699\nhttps://access.redhat.com/security/cve/CVE-2022-46700\nhttps://access.redhat.com/security/cve/CVE-2023-23517\nhttps://access.redhat.com/security/cve/CVE-2023-23518\nhttps://access.redhat.com/security/cve/CVE-2023-25358\nhttps://access.redhat.com/security/cve/CVE-2023-25360\nhttps://access.redhat.com/security/cve/CVE-2023-25361\nhttps://access.redhat.com/security/cve/CVE-2023-25362\nhttps://access.redhat.com/security/cve/CVE-2023-25363\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32886"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018927"
},
{
"db": "VULHUB",
"id": "VHN-424975"
},
{
"db": "PACKETSTORM",
"id": "169341"
},
{
"db": "PACKETSTORM",
"id": "168342"
},
{
"db": "PACKETSTORM",
"id": "169602"
},
{
"db": "PACKETSTORM",
"id": "169598"
},
{
"db": "PACKETSTORM",
"id": "169589"
},
{
"db": "PACKETSTORM",
"id": "169241"
},
{
"db": "PACKETSTORM",
"id": "172241"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-424975",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424975"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-32886",
"trust": 4.0
},
{
"db": "PACKETSTORM",
"id": "169602",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018927",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168362",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168536",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.5462",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4527",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4758",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5473",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4855",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5005",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202209-777",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169589",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169598",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168342",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169560",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168341",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-424975",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169341",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169241",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172241",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424975"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018927"
},
{
"db": "PACKETSTORM",
"id": "169341"
},
{
"db": "PACKETSTORM",
"id": "168342"
},
{
"db": "PACKETSTORM",
"id": "169602"
},
{
"db": "PACKETSTORM",
"id": "169598"
},
{
"db": "PACKETSTORM",
"id": "169589"
},
{
"db": "PACKETSTORM",
"id": "169241"
},
{
"db": "PACKETSTORM",
"id": "172241"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-777"
},
{
"db": "NVD",
"id": "CVE-2022-32886"
}
]
},
"id": "VAR-202209-0761",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-424975"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T21:41:15.810000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213445 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00034.html"
},
{
"title": "Apple macOS Safari Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=208773"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018927"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-777"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424975"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018927"
},
{
"db": "NVD",
"id": "CVE-2022-32886"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/39"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 2.4,
"url": "https://security.gentoo.org/glsa/202305-32"
},
{
"trust": 2.3,
"url": "https://support.apple.com/en-us/ht213442"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2022/dsa-5240"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2022/dsa-5241"
},
{
"trust": 1.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kdv6olkdtl55nh4lnsmlq4d6llsx6ju2/"
},
{
"trust": 1.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74mxh2u5ga4cx3l3nlyp4tbo4o2vopbj/"
},
{
"trust": 1.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tdnt32wiarrd2anwkgcttiqxi6oii7hz/"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00034.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht213445"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht213446"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32886"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/kdv6olkdtl55nh4lnsmlq4d6llsx6ju2/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tdnt32wiarrd2anwkgcttiqxi6oii7hz/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/74mxh2u5ga4cx3l3nlyp4tbo4o2vopbj/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4527"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4758"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168362/apple-security-advisory-2022-09-12-5.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168536/ubuntu-security-notice-usn-5642-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169602/apple-security-advisory-2022-10-27-14.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5462"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5473"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-39249"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkitgtk-wpe-webkit-three-vulnerabilities-39368"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5005"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-32886/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4855"
},
{
"trust": 0.4,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.4,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32864"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32912"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32888"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32854"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32868"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32908"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32911"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32883"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32891"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32866"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32879"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32881"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/wpewebkit"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32917"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32795"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32872"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213445."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32892"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213442."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32875"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32858"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213486."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32835"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32870"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32907"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213487."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32903"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/webkit2gtk"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-23517"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-46691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-23518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-46692"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2256"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42824"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42863"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-46699"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42824"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-46698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-25363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42867"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32923"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42863"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32886"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-46691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-46692"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42867"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-46698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42799"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-46700"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42826"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-46699"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424975"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018927"
},
{
"db": "PACKETSTORM",
"id": "169341"
},
{
"db": "PACKETSTORM",
"id": "168342"
},
{
"db": "PACKETSTORM",
"id": "169602"
},
{
"db": "PACKETSTORM",
"id": "169598"
},
{
"db": "PACKETSTORM",
"id": "169589"
},
{
"db": "PACKETSTORM",
"id": "169241"
},
{
"db": "PACKETSTORM",
"id": "172241"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-777"
},
{
"db": "NVD",
"id": "CVE-2022-32886"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-424975"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018927"
},
{
"db": "PACKETSTORM",
"id": "169341"
},
{
"db": "PACKETSTORM",
"id": "168342"
},
{
"db": "PACKETSTORM",
"id": "169602"
},
{
"db": "PACKETSTORM",
"id": "169598"
},
{
"db": "PACKETSTORM",
"id": "169589"
},
{
"db": "PACKETSTORM",
"id": "169241"
},
{
"db": "PACKETSTORM",
"id": "172241"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-777"
},
{
"db": "NVD",
"id": "CVE-2022-32886"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-20T00:00:00",
"db": "VULHUB",
"id": "VHN-424975"
},
{
"date": "2023-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018927"
},
{
"date": "2022-09-28T19:12:00",
"db": "PACKETSTORM",
"id": "169341"
},
{
"date": "2022-09-13T15:27:13",
"db": "PACKETSTORM",
"id": "168342"
},
{
"date": "2022-10-31T15:01:45",
"db": "PACKETSTORM",
"id": "169602"
},
{
"date": "2022-10-31T14:56:26",
"db": "PACKETSTORM",
"id": "169598"
},
{
"date": "2022-10-31T14:51:24",
"db": "PACKETSTORM",
"id": "169589"
},
{
"date": "2022-09-28T19:12:00",
"db": "PACKETSTORM",
"id": "169241"
},
{
"date": "2023-05-09T15:24:16",
"db": "PACKETSTORM",
"id": "172241"
},
{
"date": "2022-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-777"
},
{
"date": "2022-09-20T21:15:11.037000",
"db": "NVD",
"id": "CVE-2022-32886"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-424975"
},
{
"date": "2023-10-24T01:26:00",
"db": "JVNDB",
"id": "JVNDB-2022-018927"
},
{
"date": "2023-05-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-777"
},
{
"date": "2023-05-30T06:15:19.837000",
"db": "NVD",
"id": "CVE-2022-32886"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-777"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0Safari\u00a0 Out-of-Bounds Write Vulnerability in Other Vendors\u0027 Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018927"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-777"
}
],
"trust": 0.6
}
}
var-202101-0222
Vulnerability from variot
A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. dnsmasq Contains a spoofing authentication evasion vulnerability.Information may be tampered with. Dnsmasq is a lightweight DNS forwarding and DHCP and TFTP server written in C language.
Dnsmasq has a security feature vulnerability. The vulnerability stems from not checking existing pending requests with the same name and forwarding a new request, allowing an attacker to perform a "birthday attack" scenario to forge a response and possibly destroy the DNS cache. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an malicious user to perform a DNS Cache Poisoning attack. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. (CVE-2020-25686).
For the stable distribution (buster), these problems have been fixed in version 2.80-1+deb10u1.
For the detailed security status of dnsmasq please refer to its security tracker page at: https://security-tracker.debian.org/tracker/dnsmasq
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmAZVA4ACgkQEL6Jg/PV nWQYKAgAgVwonRAgXSliaFh0n44OPOz9wf4KibG7otcnAx4V4XqFAeXsHd/hIX/K IC313F3I+8WzvjKBhvt2KnGG9SnoTnq4roBIa1nz//vNX0hyfDm5xPlxQOExzC+c YS8kGt++SvC2wgOsrZEjyk0ecKqDJmZSwW31zXG9/2kTzCbKjuDp+i4TTADqabPC AgbmEGVKBR2Fk7K9Prct27oWoj7LHMaH+Ttb8uQGnG7OgJs9KyRI+2qIu+VaRCGf yfRj+XayPYHV1Amf5dLIKcLMMp/FnkNFoO2YIAZkWVPjXD2uPKUykJJ1GRl8R+0q qtNhPTNNuD6WnYzC8yP0KIQ2tsbg9Q== =j5Ka -----END PGP SIGNATURE----- . Relevant releases/architectures:
RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - noarch, x86_64 Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch
- Description:
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Security Fix(es):
-
sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)
-
dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)
-
dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)
-
dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Previously, the Red Hat Virtualization Host (RHV-H) repository (rhvh-4-for-rhel-8-x86_64-rpms) did not include the libsmbclient package, which is a dependency for the sssd-ad package. Consequently, the sssd-ad package failed to install.
With this update, the libsmbclient is now in the RHV-H repository, and sssd-ad now installs on RHV-H. (BZ#1868967)
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/2974891
After installing this update, the smb service will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):
1850939 - Hosted engine deployment does not properly show iSCSI LUN errors 1868967 - sssd-ad installation fails on RHV-H 4.4 due to missing libsmbclient from samba package in rhvh-4-for-rhel-8-x86_64-rpms channel 1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker 1902315 - Rebase RHV-H 4.4 to RHV 4.4.4 1902646 - ssh connection fails due to overly permissive openssh.config file permissions 1909644 - HE deploy failed with "Failed to download metadata for repo 'rhel-8-for-x86_64-baseos-beta-rpms': Cannot download repomd.xml 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 1921553 - RHVH upgrade to the latest 4.4.4-1 build will fail due to FileNotFoundError 1923126 - Hosted Engine setup fails on storage selection - Retrieval of iSCSI targets failed. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
-
7.2) - x86_64
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.4.33 bug fix and security update Advisory ID: RHSA-2021:0281-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:0281 Issue date: 2021-02-03 CVE Names: CVE-2020-2304 CVE-2020-2305 CVE-2020-8559 CVE-2020-8564 CVE-2020-14382 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 CVE-2020-25694 CVE-2020-25696 CVE-2021-20182 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.4.33 is now available with updates to packages and images that fix several bugs and add enhancements.
This release also includes a security update for Red Hat OpenShift Container Platform 4.4.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
-
openshift: builder allows read and write of block devices (CVE-2021-20182)
-
kubernetes: Compromised node could escalate to cluster level privileges (CVE-2020-8559)
-
kubernetes: Docker config secrets leaked when file is malformed and loglevel >= 4 (CVE-2020-8564)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.4.33. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2021:0282
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel ease-notes.html
This update fixes the following bugs among others:
-
Previously, there were broken connections to the API server that caused nodes to remain in the NotReady state. Detecting a broken network connection could take up to 15 minutes, during which the platform would remain unavailable. This is now fixed by setting the TCP_USER_TIMEOUT socket option, which controls how long transmitted data can be unacknowledged before the connection is forcefully closed. (BZ#1907939)
-
Previously, the quota controllers only worked on resources retrieved from the discovery endpoint, which might contain only a fraction of all resources due to a network error. This is now fixed by having the quota controllers periodically resync when new resources are observed from the discovery endpoint. (BZ#1910096)
-
Previously, the kuryr-controller was comparing security groups related to network policies incorrectly. This caused security rules related to a network policy to be recreated on every minor update of that network policy. This bug has been fixed, allowing network policy updates that already have existing rules to be preserved; network policy additions or deletions are performed, if needed. (BZ#1910221)
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.4.33-x86_64
The image digest is sha256:a035dddd8a5e5c99484138951ef4aba021799b77eb9046f683a5466c23717738
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.4.33-s390x
The image digest is sha256:ecc1e5aaf8496dd60a7703562fd6c65541172a56ae9008fce6db5d55e43371dc
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.4.33-ppc64le
The image digest is sha256:567bf8031c80b08e3e56a57e1c8e5b0b01a2f922e01b36ee333f6ab5bff95495
All OpenShift Container Platform 4.4 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.4/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor.
- Solution:
For OpenShift Container Platform 4.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.4/updating/updating-cluster - -cli.html.
- Bugs fixed (https://bugzilla.redhat.com/):
1848516 - [4.4] Unresponsive OpenShift 4.4 cluster on Azure (UPI) 1851422 - CVE-2020-8559 kubernetes: compromised node could escalate to cluster level privileges 1886637 - CVE-2020-8564 kubernetes: Docker config secrets leaked when file is malformed and loglevel >= 4 1895332 - NP CRD unable to be patched because of missing sg rule ID 1897546 - Backup taken on one master cannot be restored on other masters 1900727 - Using shareProcessNamespace with default pod image leaves unreaped processes 1904413 - (release 4.4) Hostsubnet gatherer produces wrong output 1905891 - genericapiserver library must wait for server.Shutdown 1906484 - Etcd container leaves grep and lsof zombie processes 1907939 - Nodes goes into NotReady state (VMware) 1910096 - [release-4.4] The quota controllers should resync on new resources and make progress 1910221 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails 1915110 - CVE-2021-20182 openshift: builder allows read and write of block devices 1916952 - OperatorExited, Pending marketplace-operator-... pod for several weeks 1917416 - e2e: should be able to pull image from docker hub is failing permanently 1918609 - ARO/Azure: excessive pod memory allocation causes node lockup 1918974 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image
- References:
https://access.redhat.com/security/cve/CVE-2020-2304 https://access.redhat.com/security/cve/CVE-2020-2305 https://access.redhat.com/security/cve/CVE-2020-8559 https://access.redhat.com/security/cve/CVE-2020-8564 https://access.redhat.com/security/cve/CVE-2020-14382 https://access.redhat.com/security/cve/CVE-2020-25681 https://access.redhat.com/security/cve/CVE-2020-25682 https://access.redhat.com/security/cve/CVE-2020-25683 https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/cve/CVE-2020-25687 https://access.redhat.com/security/cve/CVE-2020-25694 https://access.redhat.com/security/cve/CVE-2020-25696 https://access.redhat.com/security/cve/CVE-2021-20182 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYBp6w9zjgjWX9erEAQg0JhAAhv2R8jAKUz7A/RTezDOJQiDcQ1do+jV2 PD59ab0pCrWCA70gAh7mdZnaniKQGeBL1qh/lOYV0GPOpsGZjTG9ylVOg2TOEnjD /WMOnHMehWoyZR6Ys0SNQFkdf0bkvLE33r5qEcd+l/cElaqxSH4b1gG2jU9FUOK8 fAG9tmWvfbSXgGcpND5guS/jVuL8dQOyC1ktQnXdfkMvZLDOlwBotGbxTi/adzUS 6YzikRCBzoZMZC13+ZtiznfIQeq8lKlZ3+0O2lXi5KTiSqby7HmIrawUwtiHUnzJ 9VUs8zIcA/ynr3h5POhvpg0XgioUsjJ+2U0r8EP+rYtJ4lcrT68vhAzkCysMg/y4 znQ+y5M4uoxXycB92kFrMA1og8jfJCuh5y50duo9OhOe2D75Em0XnhwGoEJrDe3z jefvSwBb9WNG+jagrX69aaBrq36qhfutaI0SU7FNhoHL4Ev50zByBXSFJzQR3b59 fh0YdzC1VTCE/LKBhELpuW7VOk4MDEs5AQAiIXv3QxKKmnyLJwnQUMwSdZiQef2X z5p8crPmGEwdZ10cDgmFH7mOb2F2utFy1FzuDh+h5lXhAmCfgggiHp5fADd43h47 EAtIwmu3VurOIkvMaqQTwL5SjVAajd26KVAa09Pb6TdWAhN/jFFRvjKJMm7523Mo mafFnOJZH7k= =9sMW -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Bug Fix(es):
- When performing an upgrade of the Red Hat Virtualization Host using the
command
yum update, the yum repository for RHV 4.3 EUS is unreachable
As a workaround, run the following command:
# yum update --releasever=7Server (BZ#1899378)
- ========================================================================== Ubuntu Security Notice USN-4698-1 January 19, 2021
dnsmasq vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Dnsmasq.
Software Description: - dnsmasq: Small caching DNS proxy and DHCP/TFTP server
Details:
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled memory when sorting RRsets. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-25681, CVE-2020-25687)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled extracting certain names. A remote attacker could use this issue to cause Dnsmasq to hang, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-25682, CVE-2020-25683)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly implemented address/port checks. (CVE-2020-25684)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly implemented query resource name checks. (CVE-2020-25685)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled multiple query requests for the same resource name. (CVE-2020-25686)
It was discovered that Dnsmasq incorrectly handled memory during DHCP response creation. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2019-14834)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: dnsmasq 2.82-1ubuntu1.1 dnsmasq-base 2.82-1ubuntu1.1 dnsmasq-utils 2.82-1ubuntu1.1
Ubuntu 20.04 LTS: dnsmasq 2.80-1.1ubuntu1.2 dnsmasq-base 2.80-1.1ubuntu1.2 dnsmasq-utils 2.80-1.1ubuntu1.2
Ubuntu 18.04 LTS: dnsmasq 2.79-1ubuntu0.2 dnsmasq-base 2.79-1ubuntu0.2 dnsmasq-utils 2.79-1ubuntu0.2
Ubuntu 16.04 LTS: dnsmasq 2.75-1ubuntu0.16.04.7 dnsmasq-base 2.75-1ubuntu0.16.04.7 dnsmasq-utils 2.75-1ubuntu0.16.04.7
After a standard system update you need to reboot your computer to make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0222",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "eos",
"scope": "lt",
"trust": 1.0,
"vendor": "arista",
"version": "4.24.5m"
},
{
"model": "eos",
"scope": "gte",
"trust": 1.0,
"vendor": "arista",
"version": "4.22"
},
{
"model": "eos",
"scope": "gte",
"trust": 1.0,
"vendor": "arista",
"version": "4.21"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "eos",
"scope": "lt",
"trust": 1.0,
"vendor": "arista",
"version": "4.23.7m"
},
{
"model": "eos",
"scope": "lt",
"trust": 1.0,
"vendor": "arista",
"version": "4.25.2f"
},
{
"model": "eos",
"scope": "gte",
"trust": 1.0,
"vendor": "arista",
"version": "4.23"
},
{
"model": "eos",
"scope": "lt",
"trust": 1.0,
"vendor": "arista",
"version": "4.22.9m"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "eos",
"scope": "gte",
"trust": 1.0,
"vendor": "arista",
"version": "4.24"
},
{
"model": "eos",
"scope": "lt",
"trust": 1.0,
"vendor": "arista",
"version": "4.21.14m"
},
{
"model": "eos",
"scope": "gte",
"trust": 1.0,
"vendor": "arista",
"version": "4.25"
},
{
"model": "dnsmasq",
"scope": "lt",
"trust": 1.0,
"vendor": "thekelleys",
"version": "2.83"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "dnsmasq",
"scope": null,
"trust": 0.8,
"vendor": "thekelleys",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.6,
"vendor": "dnsmasq",
"version": "2.83"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16429"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015596"
},
{
"db": "NVD",
"id": "CVE-2020-25686"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "161010"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1567"
}
],
"trust": 0.7
},
"cve": "CVE-2020-25686",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-25686",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-16429",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2020-25686",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.7,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-25686",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-25686",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2020-25686",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2021-16429",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-1567",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2020-25686",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16429"
},
{
"db": "VULMON",
"id": "CVE-2020-25686"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015596"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1567"
},
{
"db": "NVD",
"id": "CVE-2020-25686"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the \"Birthday Attacks\" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. dnsmasq Contains a spoofing authentication evasion vulnerability.Information may be tampered with. Dnsmasq is a lightweight DNS forwarding and DHCP and TFTP server written in C language. \n\r\n\r\nDnsmasq has a security feature vulnerability. The vulnerability stems from not checking existing pending requests with the same name and forwarding a new request, allowing an attacker to perform a \"birthday attack\" scenario to forge a response and possibly destroy the DNS cache. This issue contrasts with RFC5452, which specifies a query\u0027s attributes that all must be used to match a reply. This flaw allows an malicious user to perform a DNS Cache Poisoning attack. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. (CVE-2020-25686). \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.80-1+deb10u1. \n\nFor the detailed security status of dnsmasq please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/dnsmasq\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmAZVA4ACgkQEL6Jg/PV\nnWQYKAgAgVwonRAgXSliaFh0n44OPOz9wf4KibG7otcnAx4V4XqFAeXsHd/hIX/K\nIC313F3I+8WzvjKBhvt2KnGG9SnoTnq4roBIa1nz//vNX0hyfDm5xPlxQOExzC+c\nYS8kGt++SvC2wgOsrZEjyk0ecKqDJmZSwW31zXG9/2kTzCbKjuDp+i4TTADqabPC\nAgbmEGVKBR2Fk7K9Prct27oWoj7LHMaH+Ttb8uQGnG7OgJs9KyRI+2qIu+VaRCGf\nyfRj+XayPYHV1Amf5dLIKcLMMp/FnkNFoO2YIAZkWVPjXD2uPKUykJJ1GRl8R+0q\nqtNhPTNNuD6WnYzC8yP0KIQ2tsbg9Q==\n=j5Ka\n-----END PGP SIGNATURE-----\n. Relevant releases/architectures:\n\nRHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64\nRed Hat Virtualization 4 Hypervisor for RHEL 8 - noarch, x86_64\nRed Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch\n\n3. Description:\n\nThe redhat-virtualization-host packages provide the Red Hat Virtualization\nHost. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are\ninstalled using a special build of Red Hat Enterprise Linux with only the\npackages required to host virtual machines. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. \n\nSecurity Fix(es):\n\n* sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)\n\n* dnsmasq: loose address/port check in reply_query() makes forging replies\neasier for an off-path attacker (CVE-2020-25684)\n\n* dnsmasq: loose query name check in reply_query() makes forging replies\neasier for an off-path attacker (CVE-2020-25685)\n\n* dnsmasq: multiple queries forwarded for the same name makes forging\nreplies easier for an off-path attacker (CVE-2020-25686)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Previously, the Red Hat Virtualization Host (RHV-H) repository\n(rhvh-4-for-rhel-8-x86_64-rpms) did not include the libsmbclient package,\nwhich is a dependency for the sssd-ad package. Consequently, the sssd-ad\npackage failed to install. \n\nWith this update, the libsmbclient is now in the RHV-H repository, and\nsssd-ad now installs on RHV-H. (BZ#1868967)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\nAfter installing this update, the smb service will be restarted\nautomatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n1850939 - Hosted engine deployment does not properly show iSCSI LUN errors\n1868967 - sssd-ad installation fails on RHV-H 4.4 due to missing libsmbclient from samba package in rhvh-4-for-rhel-8-x86_64-rpms channel\n1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker\n1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker\n1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker\n1902315 - Rebase RHV-H 4.4 to RHV 4.4.4\n1902646 - ssh connection fails due to overly permissive openssh.config file permissions\n1909644 - HE deploy failed with \"Failed to download metadata for repo \u0027rhel-8-for-x86_64-baseos-beta-rpms\u0027: Cannot download repomd.xml\n1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing\n1921553 - RHVH upgrade to the latest 4.4.4-1 build will fail due to FileNotFoundError\n1923126 - Hosted Engine setup fails on storage selection - Retrieval of iSCSI targets failed. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. 7.2) - x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.4.33 bug fix and security update\nAdvisory ID: RHSA-2021:0281-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0281\nIssue date: 2021-02-03\nCVE Names: CVE-2020-2304 CVE-2020-2305 CVE-2020-8559 \n CVE-2020-8564 CVE-2020-14382 CVE-2020-25681 \n CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 \n CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 \n CVE-2020-25694 CVE-2020-25696 CVE-2021-20182 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.4.33 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nThis release also includes a security update for Red Hat OpenShift\nContainer Platform 4.4. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* openshift: builder allows read and write of block devices\n(CVE-2021-20182)\n\n* kubernetes: Compromised node could escalate to cluster level privileges\n(CVE-2020-8559)\n\n* kubernetes: Docker config secrets leaked when file is malformed and\nloglevel \u003e= 4 (CVE-2020-8564)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.4.33. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2021:0282\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel\nease-notes.html\n\nThis update fixes the following bugs among others:\n\n* Previously, there were broken connections to the API server that caused\nnodes to remain in the NotReady state. Detecting a broken network\nconnection could take up to 15 minutes, during which the platform would\nremain unavailable. This is now fixed by setting the TCP_USER_TIMEOUT\nsocket option, which controls how long transmitted data can be\nunacknowledged before the connection is forcefully closed. (BZ#1907939)\n\n* Previously, the quota controllers only worked on resources retrieved from\nthe discovery endpoint, which might contain only a fraction of all\nresources due to a network error. This is now fixed by having the quota\ncontrollers periodically resync when new resources are observed from the\ndiscovery endpoint. (BZ#1910096)\n\n* Previously, the kuryr-controller was comparing security groups related to\nnetwork policies incorrectly. This caused security rules related to a\nnetwork policy to be recreated on every minor update of that network\npolicy. This bug has been fixed, allowing network policy updates that\nalready have existing rules to be preserved; network policy additions or\ndeletions are performed, if needed. (BZ#1910221)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.4.33-x86_64\n\nThe image digest is\nsha256:a035dddd8a5e5c99484138951ef4aba021799b77eb9046f683a5466c23717738\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.4.33-s390x\n\nThe image digest is\nsha256:ecc1e5aaf8496dd60a7703562fd6c65541172a56ae9008fce6db5d55e43371dc\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.4.33-ppc64le\n\nThe image digest is\nsha256:567bf8031c80b08e3e56a57e1c8e5b0b01a2f922e01b36ee333f6ab5bff95495\n\nAll OpenShift Container Platform 4.4 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.4/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor. \n\n3. Solution:\n\nFor OpenShift Container Platform 4.4 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.4/updating/updating-cluster\n- -cli.html. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1848516 - [4.4] Unresponsive OpenShift 4.4 cluster on Azure (UPI)\n1851422 - CVE-2020-8559 kubernetes: compromised node could escalate to cluster level privileges\n1886637 - CVE-2020-8564 kubernetes: Docker config secrets leaked when file is malformed and loglevel \u003e= 4\n1895332 - NP CRD unable to be patched because of missing sg rule ID\n1897546 - Backup taken on one master cannot be restored on other masters\n1900727 - Using shareProcessNamespace with default pod image leaves unreaped processes\n1904413 - (release 4.4) Hostsubnet gatherer produces wrong output\n1905891 - genericapiserver library must wait for server.Shutdown\n1906484 - Etcd container leaves grep and lsof zombie processes\n1907939 - Nodes goes into NotReady state (VMware)\n1910096 - [release-4.4] The quota controllers should resync on new resources and make progress\n1910221 - kuryr tempest plugin test test_ipblock_network_policy_sg_rules fails\n1915110 - CVE-2021-20182 openshift: builder allows read and write of block devices\n1916952 - OperatorExited, Pending marketplace-operator-... pod for several weeks\n1917416 - e2e: should be able to pull image from docker hub is failing permanently\n1918609 - ARO/Azure: excessive pod memory allocation causes node lockup\n1918974 - [sig-devex][Feature:ImageEcosystem][Slow] openshift images should be SCL enabled returning s2i usage when running the image\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-2304\nhttps://access.redhat.com/security/cve/CVE-2020-2305\nhttps://access.redhat.com/security/cve/CVE-2020-8559\nhttps://access.redhat.com/security/cve/CVE-2020-8564\nhttps://access.redhat.com/security/cve/CVE-2020-14382\nhttps://access.redhat.com/security/cve/CVE-2020-25681\nhttps://access.redhat.com/security/cve/CVE-2020-25682\nhttps://access.redhat.com/security/cve/CVE-2020-25683\nhttps://access.redhat.com/security/cve/CVE-2020-25684\nhttps://access.redhat.com/security/cve/CVE-2020-25685\nhttps://access.redhat.com/security/cve/CVE-2020-25686\nhttps://access.redhat.com/security/cve/CVE-2020-25687\nhttps://access.redhat.com/security/cve/CVE-2020-25694\nhttps://access.redhat.com/security/cve/CVE-2020-25696\nhttps://access.redhat.com/security/cve/CVE-2021-20182\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYBp6w9zjgjWX9erEAQg0JhAAhv2R8jAKUz7A/RTezDOJQiDcQ1do+jV2\nPD59ab0pCrWCA70gAh7mdZnaniKQGeBL1qh/lOYV0GPOpsGZjTG9ylVOg2TOEnjD\n/WMOnHMehWoyZR6Ys0SNQFkdf0bkvLE33r5qEcd+l/cElaqxSH4b1gG2jU9FUOK8\nfAG9tmWvfbSXgGcpND5guS/jVuL8dQOyC1ktQnXdfkMvZLDOlwBotGbxTi/adzUS\n6YzikRCBzoZMZC13+ZtiznfIQeq8lKlZ3+0O2lXi5KTiSqby7HmIrawUwtiHUnzJ\n9VUs8zIcA/ynr3h5POhvpg0XgioUsjJ+2U0r8EP+rYtJ4lcrT68vhAzkCysMg/y4\nznQ+y5M4uoxXycB92kFrMA1og8jfJCuh5y50duo9OhOe2D75Em0XnhwGoEJrDe3z\njefvSwBb9WNG+jagrX69aaBrq36qhfutaI0SU7FNhoHL4Ev50zByBXSFJzQR3b59\nfh0YdzC1VTCE/LKBhELpuW7VOk4MDEs5AQAiIXv3QxKKmnyLJwnQUMwSdZiQef2X\nz5p8crPmGEwdZ10cDgmFH7mOb2F2utFy1FzuDh+h5lXhAmCfgggiHp5fADd43h47\nEAtIwmu3VurOIkvMaqQTwL5SjVAajd26KVAa09Pb6TdWAhN/jFFRvjKJMm7523Mo\nmafFnOJZH7k=\n=9sMW\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nBug Fix(es):\n\n* When performing an upgrade of the Red Hat Virtualization Host using the\ncommand `yum update`, the yum repository for RHV 4.3 EUS is unreachable\n\nAs a workaround, run the following command:\n`# yum update --releasever=7Server` (BZ#1899378)\n\n4. ==========================================================================\nUbuntu Security Notice USN-4698-1\nJanuary 19, 2021\n\ndnsmasq vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Dnsmasq. \n\nSoftware Description:\n- dnsmasq: Small caching DNS proxy and DHCP/TFTP server\n\nDetails:\n\nMoshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled\nmemory when sorting RRsets. A remote attacker could use this issue to cause\nDnsmasq to hang, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2020-25681, CVE-2020-25687)\n\nMoshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled\nextracting certain names. A remote attacker could use this issue to cause\nDnsmasq to hang, resulting in a denial of service, or possibly execute\narbitrary code. (CVE-2020-25682, CVE-2020-25683)\n\nMoshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly\nimplemented address/port checks. (CVE-2020-25684)\n\nMoshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly\nimplemented query resource name checks. (CVE-2020-25685)\n\nMoshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled\nmultiple query requests for the same resource name. (CVE-2020-25686)\n\nIt was discovered that Dnsmasq incorrectly handled memory during DHCP\nresponse creation. A remote attacker could possibly use this issue to\ncause Dnsmasq to consume resources, leading to a denial of service. This\nissue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04\nLTS. (CVE-2019-14834)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n dnsmasq 2.82-1ubuntu1.1\n dnsmasq-base 2.82-1ubuntu1.1\n dnsmasq-utils 2.82-1ubuntu1.1\n\nUbuntu 20.04 LTS:\n dnsmasq 2.80-1.1ubuntu1.2\n dnsmasq-base 2.80-1.1ubuntu1.2\n dnsmasq-utils 2.80-1.1ubuntu1.2\n\nUbuntu 18.04 LTS:\n dnsmasq 2.79-1ubuntu0.2\n dnsmasq-base 2.79-1ubuntu0.2\n dnsmasq-utils 2.79-1ubuntu0.2\n\nUbuntu 16.04 LTS:\n dnsmasq 2.75-1ubuntu0.16.04.7\n dnsmasq-base 2.75-1ubuntu0.16.04.7\n dnsmasq-utils 2.75-1ubuntu0.16.04.7\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25686"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015596"
},
{
"db": "CNVD",
"id": "CNVD-2021-16429"
},
{
"db": "VULMON",
"id": "CVE-2020-25686"
},
{
"db": "PACKETSTORM",
"id": "169002"
},
{
"db": "PACKETSTORM",
"id": "161281"
},
{
"db": "PACKETSTORM",
"id": "161100"
},
{
"db": "PACKETSTORM",
"id": "161269"
},
{
"db": "PACKETSTORM",
"id": "161272"
},
{
"db": "PACKETSTORM",
"id": "161010"
},
{
"db": "PACKETSTORM",
"id": "161101"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25686",
"trust": 3.8
},
{
"db": "JVN",
"id": "JVNVU90340376",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015596",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161281",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-16429",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161535",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161085",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021122911",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021070106",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0420",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0692",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0231",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0864",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0283",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1088",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0699",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-019-01",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1567",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-25686",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169002",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161100",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161269",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161272",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161010",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161101",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16429"
},
{
"db": "VULMON",
"id": "CVE-2020-25686"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015596"
},
{
"db": "PACKETSTORM",
"id": "169002"
},
{
"db": "PACKETSTORM",
"id": "161281"
},
{
"db": "PACKETSTORM",
"id": "161100"
},
{
"db": "PACKETSTORM",
"id": "161269"
},
{
"db": "PACKETSTORM",
"id": "161272"
},
{
"db": "PACKETSTORM",
"id": "161010"
},
{
"db": "PACKETSTORM",
"id": "161101"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1567"
},
{
"db": "NVD",
"id": "CVE-2020-25686"
}
]
},
"id": "VAR-202101-0222",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16429"
}
],
"trust": 0.85396827
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16429"
}
]
},
"last_update_date": "2024-11-29T20:00:21.342000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2021-84440e87ba thekelleysthekelleys",
"trust": 0.8,
"url": "https://www.debian.org/security/2021/dsa-4844"
},
{
"title": "Patch for Dnsmasq security feature issue vulnerability (CNVD-2021-16429)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/251941"
},
{
"title": "Dnsmasq Fixing measures for security feature vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139935"
},
{
"title": "Red Hat: Moderate: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210156 - Security Advisory"
},
{
"title": "Red Hat: Moderate: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210240 - Security Advisory"
},
{
"title": "Red Hat: Moderate: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210245 - Security Advisory"
},
{
"title": "Red Hat: Moderate: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210153 - Security Advisory"
},
{
"title": "Red Hat: Moderate: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210154 - Security Advisory"
},
{
"title": "Red Hat: Moderate: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210155 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Virtualization Host security bug fix and enhancement update [ovirt-4.4.4]",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210401 - Security Advisory"
},
{
"title": "Red Hat: Important: RHV-H security, bug fix, enhancement update (redhat-virtualization-host) 4.3.13",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210395 - Security Advisory"
},
{
"title": "Red Hat: Important: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210151 - Security Advisory"
},
{
"title": "Red Hat: Important: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210150 - Security Advisory"
},
{
"title": "Red Hat: Important: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210152 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-25686 log"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1587",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1587"
},
{
"title": "Debian Security Advisories: DSA-4844-1 dnsmasq -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6bdd82a7af8c0333eca753b3b7b02111"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.4.33 bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210281 - Security Advisory"
},
{
"title": "Cisco: Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-dnsmasq-dns-2021-c5mrdf3g"
},
{
"title": "dnspooq",
"trust": 0.1,
"url": "https://github.com/knqyf263/dnspooq "
},
{
"title": "multironic\nRequirements:\nInstall libvirt and prepare nodes\nhave to check why we need this\nTODO download ironic images later\nPull images\nTag images\nPush images\nrun httpd\nCheck that two vbmcs are running for the two nodes\nPlay with vbmc and ipmitools\nRun management cluster\nFirewall\nLaunch ironic\nrun capm3\nFirewall\nRef",
"trust": 0.1,
"url": "https://github.com/mboukhalfa/multironic "
},
{
"title": "Criminal IP NSE Script",
"trust": 0.1,
"url": "https://github.com/criminalip/CIP-NSE-Script "
},
{
"title": "Intro: What\u0027s pique or repique\n\n\nOverview",
"trust": 0.1,
"url": "https://github.com/AZ-X/pique "
},
{
"title": "https://github.com/klcheung99/CSCM28CW2",
"trust": 0.1,
"url": "https://github.com/klcheung99/CSCM28CW2 "
},
{
"title": "Kaosagnt\u0027s Ansible Everyday Utils",
"trust": 0.1,
"url": "https://github.com/kaosagnt/ansible-everyday "
},
{
"title": "F5\u306e\u8106\u5f31\u6027\u60c5\u5831",
"trust": 0.1,
"url": "https://github.com/DNTYO/F5_Vulnerability "
},
{
"title": "Vulnerability",
"trust": 0.1,
"url": "https://github.com/tzwlhack/Vulnerability "
},
{
"title": "TOP\nTable of Contents\nDonation",
"trust": 0.1,
"url": "https://github.com/JERRY123S/all-poc "
},
{
"title": "SecBooks\nSecBooks\u76ee\u5f55",
"trust": 0.1,
"url": "https://github.com/SexyBeast233/SecBooks "
},
{
"title": "Table of Contents",
"trust": 0.1,
"url": "https://github.com/CVEDB/top "
},
{
"title": "Table of Contents",
"trust": 0.1,
"url": "https://github.com/CVEDB/awesome-cve-repo "
},
{
"title": "TOP\nTable of Contents\nDonation",
"trust": 0.1,
"url": "https://github.com/hktalent/TOP "
},
{
"title": "TOP\nTable of Contents\nDonation",
"trust": 0.1,
"url": "https://github.com/cyberanand1337x/bug-bounty-2022 "
},
{
"title": "TOP\nTable of Contents\nDonation",
"trust": 0.1,
"url": "https://github.com/weeka10/-hktalent-TOP "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000S/PoC-in-GitHub "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2021/01/20/dns_cache_poisoning/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16429"
},
{
"db": "VULMON",
"id": "CVE-2020-25686"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015596"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1567"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-290",
"trust": 1.0
},
{
"problemtype": "CWE-358",
"trust": 1.0
},
{
"problemtype": "Avoid authentication by spoofing (CWE-290) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015596"
},
{
"db": "NVD",
"id": "CVE-2020-25686"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890125"
},
{
"trust": 2.3,
"url": "https://www.jsof-tech.com/disclosures/dnspooq/"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25686"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202101-17"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2021/dsa-4844"
},
{
"trust": 1.7,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wyw3ir6apuskoykl5ft3actihwhgqy32/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qgb7hl3owhtlepsmldgomxqkg3km2qme/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90340376/"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25684"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25685"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qgb7hl3owhtlepsmldgomxqkg3km2qme/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wyw3ir6apuskoykl5ft3actihwhgqy32/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161281/red-hat-security-advisory-2021-0401-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161535/ubuntu-security-notice-usn-4698-2.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161085/gentoo-linux-security-advisory-202101-17.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0699"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0864"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-notices/huawei-sn-20210120-01-dnspooq-cn"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0283/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0692"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1088"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0420"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021070106"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0231/"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-security-vulnerabilities-cve-2020-25684-cve-2020-25685-cve-2020-25686/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122911"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-25685"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-25686"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-25684"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-001"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25687"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25683"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25681"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25682"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-002"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3156"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3156"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/358.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0156"
},
{
"trust": 0.1,
"url": "https://github.com/knqyf263/dnspooq"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2020-25686"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2021-1587.html"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/dnsmasq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0401"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0240"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25696"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25694"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0281"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25694"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25682"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25687"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20182"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14382"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25681"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8559"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8559"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14382"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8564"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25683"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.4/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8564"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0282"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0395"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.75-1ubuntu0.16.04.7"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14834"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4698-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.79-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.82-1ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.80-1.1ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0245"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-16429"
},
{
"db": "VULMON",
"id": "CVE-2020-25686"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015596"
},
{
"db": "PACKETSTORM",
"id": "169002"
},
{
"db": "PACKETSTORM",
"id": "161281"
},
{
"db": "PACKETSTORM",
"id": "161100"
},
{
"db": "PACKETSTORM",
"id": "161269"
},
{
"db": "PACKETSTORM",
"id": "161272"
},
{
"db": "PACKETSTORM",
"id": "161010"
},
{
"db": "PACKETSTORM",
"id": "161101"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1567"
},
{
"db": "NVD",
"id": "CVE-2020-25686"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-16429"
},
{
"db": "VULMON",
"id": "CVE-2020-25686"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015596"
},
{
"db": "PACKETSTORM",
"id": "169002"
},
{
"db": "PACKETSTORM",
"id": "161281"
},
{
"db": "PACKETSTORM",
"id": "161100"
},
{
"db": "PACKETSTORM",
"id": "161269"
},
{
"db": "PACKETSTORM",
"id": "161272"
},
{
"db": "PACKETSTORM",
"id": "161010"
},
{
"db": "PACKETSTORM",
"id": "161101"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1567"
},
{
"db": "NVD",
"id": "CVE-2020-25686"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-16429"
},
{
"date": "2021-01-20T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25686"
},
{
"date": "2021-10-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015596"
},
{
"date": "2021-02-28T20:12:00",
"db": "PACKETSTORM",
"id": "169002"
},
{
"date": "2021-02-03T16:36:53",
"db": "PACKETSTORM",
"id": "161281"
},
{
"date": "2021-01-25T17:28:49",
"db": "PACKETSTORM",
"id": "161100"
},
{
"date": "2021-02-03T16:14:39",
"db": "PACKETSTORM",
"id": "161269"
},
{
"date": "2021-02-03T16:22:29",
"db": "PACKETSTORM",
"id": "161272"
},
{
"date": "2021-01-19T14:43:50",
"db": "PACKETSTORM",
"id": "161010"
},
{
"date": "2021-01-25T17:28:57",
"db": "PACKETSTORM",
"id": "161101"
},
{
"date": "2021-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1567"
},
{
"date": "2021-01-20T17:15:13",
"db": "NVD",
"id": "CVE-2020-25686"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-16429"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25686"
},
{
"date": "2021-10-06T03:28:00",
"db": "JVNDB",
"id": "JVNDB-2020-015596"
},
{
"date": "2022-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1567"
},
{
"date": "2024-11-21T05:18:28.027000",
"db": "NVD",
"id": "CVE-2020-25686"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "161010"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1567"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "dnsmasq\u00a0 Spoofing Authentication Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015596"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-1567"
}
],
"trust": 0.6
}
}
var-202110-1577
Vulnerability from variot
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user. PHP Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. A security issue was found in PHP prior to 8.0.12 and 7.4.25 in the PHP-FPM component. An out-of-bounds read/write in the root FPM at arbitrary locations using pointers located in the SHM can lead to a privilege escalation from www-data to root. ========================================================================= Ubuntu Security Notice USN-5125-1 October 27, 2021
php5, php7.0, php7.2, php7.4, php8.0 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
PHP-PFM in PHP could be made to run program as an administrator if it received specially crafted input. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: php8.0-fpm 8.0.8-1ubuntu0.1
Ubuntu 21.04: php7.4-fpm 7.4.16-1ubuntu2.2
Ubuntu 20.04 LTS: php7.4-fpm 7.4.3-4ubuntu2.7
Ubuntu 18.04 LTS: php7.2-fpm 7.2.24-0ubuntu0.18.04.10
Ubuntu 16.04 ESM: php7.0-fpm 7.0.33-0ubuntu0.16.04.16+esm2
Ubuntu 14.04 ESM: php5-fpm 5.5.9+dfsg-1ubuntu4.29+esm15
In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-20
https://security.gentoo.org/
Severity: High Title: PHP: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #799776, #810526, #819510, #833585, #850772, #857054 ID: 202209-20
Synopsis
Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation.
Background
PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-lang/php < 7.4.30:7.4 >= 7.4.30:7.4 < 8.0.23:8.0 >= 8.0.23:8.0 < 8.1.8:8.1 >= 8.1.8:8.1
Description
Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All PHP 7.4 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">\xdev-lang/php-7.4.30:7.4"
All PHP 8.0 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">\xdev-lang/php-8.0.23:8.0"
All PHP 8.1 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">\xdev-lang/php-8.1.8:8.1"
References
[ 1 ] CVE-2021-21703 https://nvd.nist.gov/vuln/detail/CVE-2021-21703 [ 2 ] CVE-2021-21704 https://nvd.nist.gov/vuln/detail/CVE-2021-21704 [ 3 ] CVE-2021-21705 https://nvd.nist.gov/vuln/detail/CVE-2021-21705 [ 4 ] CVE-2021-21708 https://nvd.nist.gov/vuln/detail/CVE-2021-21708 [ 5 ] CVE-2022-31625 https://nvd.nist.gov/vuln/detail/CVE-2022-31625 [ 6 ] CVE-2022-31626 https://nvd.nist.gov/vuln/detail/CVE-2022-31626 [ 7 ] CVE-2022-31627 https://nvd.nist.gov/vuln/detail/CVE-2022-31627
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202209-20
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-php73-php security and bug fix update Advisory ID: RHSA-2022:5491-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2022:5491 Issue date: 2022-07-04 CVE Names: CVE-2021-21703 CVE-2021-21707 CVE-2022-31625 CVE-2022-31626 ==================================================================== 1. Summary:
An update for rh-php73-php is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Security Fix(es):
-
php: password of excessive length triggers buffer overflow leading to RCE (CVE-2022-31626)
-
php: Local privilege escalation via PHP-FPM (CVE-2021-21703)
-
php: special character breaks path in xml parsing (CVE-2021-21707)
-
php: uninitialized array in pg_query_params() leading to RCE (CVE-2022-31625)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
rh-php73: rebase to 7.3.33 (BZ#2100753)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
2016535 - CVE-2021-21703 php: Local privilege escalation via PHP-FPM 2026045 - CVE-2021-21707 php: special character breaks path in xml parsing 2098521 - CVE-2022-31625 php: uninitialized array in pg_query_params() leading to RCE 2098523 - CVE-2022-31626 php: password of excessive length triggers buffer overflow leading to RCE 2100753 - rh-php73: rebase to 7.3.33 [rhscl-3.8.z]
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-php73-php-7.3.33-1.el7.src.rpm
ppc64le: rh-php73-php-7.3.33-1.el7.ppc64le.rpm rh-php73-php-bcmath-7.3.33-1.el7.ppc64le.rpm rh-php73-php-cli-7.3.33-1.el7.ppc64le.rpm rh-php73-php-common-7.3.33-1.el7.ppc64le.rpm rh-php73-php-dba-7.3.33-1.el7.ppc64le.rpm rh-php73-php-dbg-7.3.33-1.el7.ppc64le.rpm rh-php73-php-debuginfo-7.3.33-1.el7.ppc64le.rpm rh-php73-php-devel-7.3.33-1.el7.ppc64le.rpm rh-php73-php-embedded-7.3.33-1.el7.ppc64le.rpm rh-php73-php-enchant-7.3.33-1.el7.ppc64le.rpm rh-php73-php-fpm-7.3.33-1.el7.ppc64le.rpm rh-php73-php-gd-7.3.33-1.el7.ppc64le.rpm rh-php73-php-gmp-7.3.33-1.el7.ppc64le.rpm rh-php73-php-intl-7.3.33-1.el7.ppc64le.rpm rh-php73-php-json-7.3.33-1.el7.ppc64le.rpm rh-php73-php-ldap-7.3.33-1.el7.ppc64le.rpm rh-php73-php-mbstring-7.3.33-1.el7.ppc64le.rpm rh-php73-php-mysqlnd-7.3.33-1.el7.ppc64le.rpm rh-php73-php-odbc-7.3.33-1.el7.ppc64le.rpm rh-php73-php-opcache-7.3.33-1.el7.ppc64le.rpm rh-php73-php-pdo-7.3.33-1.el7.ppc64le.rpm rh-php73-php-pgsql-7.3.33-1.el7.ppc64le.rpm rh-php73-php-process-7.3.33-1.el7.ppc64le.rpm rh-php73-php-pspell-7.3.33-1.el7.ppc64le.rpm rh-php73-php-recode-7.3.33-1.el7.ppc64le.rpm rh-php73-php-snmp-7.3.33-1.el7.ppc64le.rpm rh-php73-php-soap-7.3.33-1.el7.ppc64le.rpm rh-php73-php-xml-7.3.33-1.el7.ppc64le.rpm rh-php73-php-xmlrpc-7.3.33-1.el7.ppc64le.rpm rh-php73-php-zip-7.3.33-1.el7.ppc64le.rpm
s390x: rh-php73-php-7.3.33-1.el7.s390x.rpm rh-php73-php-bcmath-7.3.33-1.el7.s390x.rpm rh-php73-php-cli-7.3.33-1.el7.s390x.rpm rh-php73-php-common-7.3.33-1.el7.s390x.rpm rh-php73-php-dba-7.3.33-1.el7.s390x.rpm rh-php73-php-dbg-7.3.33-1.el7.s390x.rpm rh-php73-php-debuginfo-7.3.33-1.el7.s390x.rpm rh-php73-php-devel-7.3.33-1.el7.s390x.rpm rh-php73-php-embedded-7.3.33-1.el7.s390x.rpm rh-php73-php-enchant-7.3.33-1.el7.s390x.rpm rh-php73-php-fpm-7.3.33-1.el7.s390x.rpm rh-php73-php-gd-7.3.33-1.el7.s390x.rpm rh-php73-php-gmp-7.3.33-1.el7.s390x.rpm rh-php73-php-intl-7.3.33-1.el7.s390x.rpm rh-php73-php-json-7.3.33-1.el7.s390x.rpm rh-php73-php-ldap-7.3.33-1.el7.s390x.rpm rh-php73-php-mbstring-7.3.33-1.el7.s390x.rpm rh-php73-php-mysqlnd-7.3.33-1.el7.s390x.rpm rh-php73-php-odbc-7.3.33-1.el7.s390x.rpm rh-php73-php-opcache-7.3.33-1.el7.s390x.rpm rh-php73-php-pdo-7.3.33-1.el7.s390x.rpm rh-php73-php-pgsql-7.3.33-1.el7.s390x.rpm rh-php73-php-process-7.3.33-1.el7.s390x.rpm rh-php73-php-pspell-7.3.33-1.el7.s390x.rpm rh-php73-php-recode-7.3.33-1.el7.s390x.rpm rh-php73-php-snmp-7.3.33-1.el7.s390x.rpm rh-php73-php-soap-7.3.33-1.el7.s390x.rpm rh-php73-php-xml-7.3.33-1.el7.s390x.rpm rh-php73-php-xmlrpc-7.3.33-1.el7.s390x.rpm rh-php73-php-zip-7.3.33-1.el7.s390x.rpm
x86_64: rh-php73-php-7.3.33-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.33-1.el7.x86_64.rpm rh-php73-php-cli-7.3.33-1.el7.x86_64.rpm rh-php73-php-common-7.3.33-1.el7.x86_64.rpm rh-php73-php-dba-7.3.33-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.33-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.33-1.el7.x86_64.rpm rh-php73-php-devel-7.3.33-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.33-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.33-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.33-1.el7.x86_64.rpm rh-php73-php-gd-7.3.33-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.33-1.el7.x86_64.rpm rh-php73-php-intl-7.3.33-1.el7.x86_64.rpm rh-php73-php-json-7.3.33-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.33-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.33-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.33-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.33-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.33-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.33-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.33-1.el7.x86_64.rpm rh-php73-php-process-7.3.33-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.33-1.el7.x86_64.rpm rh-php73-php-recode-7.3.33-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.33-1.el7.x86_64.rpm rh-php73-php-soap-7.3.33-1.el7.x86_64.rpm rh-php73-php-xml-7.3.33-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.33-1.el7.x86_64.rpm rh-php73-php-zip-7.3.33-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-php73-php-7.3.33-1.el7.src.rpm
x86_64: rh-php73-php-7.3.33-1.el7.x86_64.rpm rh-php73-php-bcmath-7.3.33-1.el7.x86_64.rpm rh-php73-php-cli-7.3.33-1.el7.x86_64.rpm rh-php73-php-common-7.3.33-1.el7.x86_64.rpm rh-php73-php-dba-7.3.33-1.el7.x86_64.rpm rh-php73-php-dbg-7.3.33-1.el7.x86_64.rpm rh-php73-php-debuginfo-7.3.33-1.el7.x86_64.rpm rh-php73-php-devel-7.3.33-1.el7.x86_64.rpm rh-php73-php-embedded-7.3.33-1.el7.x86_64.rpm rh-php73-php-enchant-7.3.33-1.el7.x86_64.rpm rh-php73-php-fpm-7.3.33-1.el7.x86_64.rpm rh-php73-php-gd-7.3.33-1.el7.x86_64.rpm rh-php73-php-gmp-7.3.33-1.el7.x86_64.rpm rh-php73-php-intl-7.3.33-1.el7.x86_64.rpm rh-php73-php-json-7.3.33-1.el7.x86_64.rpm rh-php73-php-ldap-7.3.33-1.el7.x86_64.rpm rh-php73-php-mbstring-7.3.33-1.el7.x86_64.rpm rh-php73-php-mysqlnd-7.3.33-1.el7.x86_64.rpm rh-php73-php-odbc-7.3.33-1.el7.x86_64.rpm rh-php73-php-opcache-7.3.33-1.el7.x86_64.rpm rh-php73-php-pdo-7.3.33-1.el7.x86_64.rpm rh-php73-php-pgsql-7.3.33-1.el7.x86_64.rpm rh-php73-php-process-7.3.33-1.el7.x86_64.rpm rh-php73-php-pspell-7.3.33-1.el7.x86_64.rpm rh-php73-php-recode-7.3.33-1.el7.x86_64.rpm rh-php73-php-snmp-7.3.33-1.el7.x86_64.rpm rh-php73-php-soap-7.3.33-1.el7.x86_64.rpm rh-php73-php-xml-7.3.33-1.el7.x86_64.rpm rh-php73-php-xmlrpc-7.3.33-1.el7.x86_64.rpm rh-php73-php-zip-7.3.33-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-21703 https://access.redhat.com/security/cve/CVE-2021-21707 https://access.redhat.com/security/cve/CVE-2022-31625 https://access.redhat.com/security/cve/CVE-2022-31626 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYsLehtzjgjWX9erEAQiwyQ/+PV7nIzWZKjc+4JLfk/tF6u19j7lmxgo/ rXR/9UyeBFTas8Nd+19Q2xgJdEDheHED74zskj6lsMW8V8v7DEwP3QfbBrmsWAKl HMahWfYEh6ZhpNMAxR1bc+z243unsHXb94b2Ed7oTNFewRxdkga1K+uhhvewfYaw +yycxRapynaD0SUqtP6KDFirpX14iobazHynhVbiE1KMAv9pIkYlCLJmktnR18Pp 8UFEyGO05tovQqe38+9oVAFxnfq7f/NTmrIJAOuYcS5Lu0B9g4yMrWWiL4XjmL3U YWHhPm5dSRWXaKGF2JtCsQ7kShFcHj7pXnBQsoRT3GYimuYuZnR9fd3p6i1EUU6c 6oE8Uu5D2dH1iEdYtewohgTGYkUz/IBT+f0d9Z6k0aQdroOGgczjBm8nc7pV580G 3ksyFzk58rOyPDlslrF0OtN2Xdq3Vn2InS/EJeT6d1v0OMMn8Voezg7jE28jT/qx 5tDKv98T4qD+IiurXBr/PFEFkZxMzKFOo6MVtkIpLuJjPf2Guy/8vO6KjUiR0ANE GLtzbThZrV6js/vurZr0oc7h+UdgcgVm69XlcUVi7rHij7WC0UOlbF0pYM+b805c HU8AYV8+9FxSB88w49p2eg1iIn0CNfKi2YQL2Gyr4T9L09Eiuf/y/HrgwLg66t4X 4AC7K4v+QQw=KI2M -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce .
For the oldstable distribution (buster), this problem has been fixed in version 7.3.31-1~deb10u1.
We recommend that you upgrade your php7.3 packages.
For the detailed security status of php7.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.3
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmF3EohfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QTzBAAgt5HqxH7k7LMTK1tnwY2HXoNB9avYOwLrZbuox+D6hU9RO0en+3phMK1 2rwREhAwwvbt2SuqmGOnxnLHfpvuS31ufHmLaiGVsGPJL3qAy3t/w3DZ1euZf60A MLbHuLElmA6PuPnsnQbzNb28PfTFjkYt2u0nRSU4R1Te78mZg4tw/IlrCUAeHOUJ /7AuTpv7zTCP765YqEgqJfg5lL+NhsAxrZ//6Zx7hDvqb1VIc3vHKpC/DJWP56XS YVmGILhEZIY33ixGdQR6/uW0VrvW0AELzveVpiOZVZcGYJH2j2V2xW7cTcPZXiyO hBbnBDHPi+PyH8I461J9RLw/8dJpU6zn+I2w5RSmMhVk+swjkBTiBLbyeOfp5mBS 7wCPyEBUYGD6AiWG96qfpn2/ACHyY+ndrMWabtCfgRGkwcb2kqRhQ4Ai3nYSZm1l 3XDdNIg+Ywtf7NRwblBVlvJ4egy8tj0ERB9wigd2av1buHl6Ji6xRvePYHShm6xi C02qTL7cFfKmTxfk0HdwtUu0zYc9qKZb9VAcPwiwqTbgWXWbnTLivBoIJ1iubQsU kOpzH41nt7vlmaFb6Q5HCGNdrwIQ3CwavFdnIfF7YCV9tN7qJwI61KsBcGM6l5hW 1oCvUbEyeaaVNl2REsDNqtzJE154Prd//3pwShMNHlHcxwf+LV8= =1d/J -----END PGP SIGNATURE----- . 8) - aarch64, noarch, ppc64le, s390x, x86_64
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-1577",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "8.0.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0.2"
},
{
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "7.4.0"
},
{
"model": "php",
"scope": "lt",
"trust": 1.0,
"vendor": "php",
"version": "8.0.12"
},
{
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "7.3.0"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"model": "php",
"scope": "lt",
"trust": 1.0,
"vendor": "php",
"version": "7.4.25"
},
{
"model": "php",
"scope": "lte",
"trust": 1.0,
"vendor": "php",
"version": "7.3.31"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "clustered data ontap antivirus connector",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "oracle communications diameter signaling router",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "php",
"scope": null,
"trust": 0.8,
"vendor": "the php group",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014233"
},
{
"db": "NVD",
"id": "CVE-2021-21703"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "167696"
},
{
"db": "PACKETSTORM",
"id": "167076"
}
],
"trust": 0.2
},
"cve": "CVE-2021-21703",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2021-21703",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-380107",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2021-21703",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "security@php.net",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.1,
"id": "CVE-2021-21703",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-21703",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-21703",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@php.net",
"id": "CVE-2021-21703",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-21703",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202110-1514",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-380107",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-21703",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380107"
},
{
"db": "VULMON",
"id": "CVE-2021-21703"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014233"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1514"
},
{
"db": "NVD",
"id": "CVE-2021-21703"
},
{
"db": "NVD",
"id": "CVE-2021-21703"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user. PHP Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. A security issue was found in PHP prior to 8.0.12 and 7.4.25 in the PHP-FPM component. An out-of-bounds read/write in the root FPM at arbitrary locations using pointers located in the SHM can lead to a privilege escalation from www-data to root. =========================================================================\nUbuntu Security Notice USN-5125-1\nOctober 27, 2021\n\nphp5, php7.0, php7.2, php7.4, php8.0 vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nPHP-PFM in PHP could be made to run program as an administrator\nif it received specially crafted input. \nAn attacker could possibly use this issue to cause a crash or execute\narbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n php8.0-fpm 8.0.8-1ubuntu0.1\n\nUbuntu 21.04:\n php7.4-fpm 7.4.16-1ubuntu2.2\n\nUbuntu 20.04 LTS:\n php7.4-fpm 7.4.3-4ubuntu2.7\n\nUbuntu 18.04 LTS:\n php7.2-fpm 7.2.24-0ubuntu0.18.04.10\n\nUbuntu 16.04 ESM:\n php7.0-fpm 7.0.33-0ubuntu0.16.04.16+esm2\n\nUbuntu 14.04 ESM:\n php5-fpm 5.5.9+dfsg-1ubuntu4.29+esm15\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202209-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: PHP: Multiple Vulnerabilities\n Date: September 29, 2022\n Bugs: #799776, #810526, #819510, #833585, #850772, #857054\n ID: 202209-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in PHP, the worst of which\ncould result in local root privilege escalation. \n\nBackground\n=========\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-lang/php \u003c 7.4.30:7.4 \u003e= 7.4.30:7.4\n \u003c 8.0.23:8.0 \u003e= 8.0.23:8.0\n \u003c 8.1.8:8.1 \u003e= 8.1.8:8.1\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in PHP. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll PHP 7.4 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e\\xdev-lang/php-7.4.30:7.4\"\n\nAll PHP 8.0 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e\\xdev-lang/php-8.0.23:8.0\"\n\nAll PHP 8.1 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e\\xdev-lang/php-8.1.8:8.1\"\n\nReferences\n=========\n[ 1 ] CVE-2021-21703\n https://nvd.nist.gov/vuln/detail/CVE-2021-21703\n[ 2 ] CVE-2021-21704\n https://nvd.nist.gov/vuln/detail/CVE-2021-21704\n[ 3 ] CVE-2021-21705\n https://nvd.nist.gov/vuln/detail/CVE-2021-21705\n[ 4 ] CVE-2021-21708\n https://nvd.nist.gov/vuln/detail/CVE-2021-21708\n[ 5 ] CVE-2022-31625\n https://nvd.nist.gov/vuln/detail/CVE-2022-31625\n[ 6 ] CVE-2022-31626\n https://nvd.nist.gov/vuln/detail/CVE-2022-31626\n[ 7 ] CVE-2022-31627\n https://nvd.nist.gov/vuln/detail/CVE-2022-31627\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202209-20\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-php73-php security and bug fix update\nAdvisory ID: RHSA-2022:5491-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:5491\nIssue date: 2022-07-04\nCVE Names: CVE-2021-21703 CVE-2021-21707 CVE-2022-31625\n CVE-2022-31626\n====================================================================\n1. Summary:\n\nAn update for rh-php73-php is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nSecurity Fix(es):\n\n* php: password of excessive length triggers buffer overflow leading to RCE\n(CVE-2022-31626)\n\n* php: Local privilege escalation via PHP-FPM (CVE-2021-21703)\n\n* php: special character breaks path in xml parsing (CVE-2021-21707)\n\n* php: uninitialized array in pg_query_params() leading to RCE\n(CVE-2022-31625)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* rh-php73: rebase to 7.3.33 (BZ#2100753)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2016535 - CVE-2021-21703 php: Local privilege escalation via PHP-FPM\n2026045 - CVE-2021-21707 php: special character breaks path in xml parsing\n2098521 - CVE-2022-31625 php: uninitialized array in pg_query_params() leading to RCE\n2098523 - CVE-2022-31626 php: password of excessive length triggers buffer overflow leading to RCE\n2100753 - rh-php73: rebase to 7.3.33 [rhscl-3.8.z]\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-php73-php-7.3.33-1.el7.src.rpm\n\nppc64le:\nrh-php73-php-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-bcmath-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-cli-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-common-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-dba-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-dbg-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-debuginfo-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-devel-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-embedded-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-enchant-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-fpm-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-gd-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-gmp-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-intl-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-json-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-ldap-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-mbstring-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-mysqlnd-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-odbc-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-opcache-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-pdo-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-pgsql-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-process-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-pspell-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-recode-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-snmp-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-soap-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-xml-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-xmlrpc-7.3.33-1.el7.ppc64le.rpm\nrh-php73-php-zip-7.3.33-1.el7.ppc64le.rpm\n\ns390x:\nrh-php73-php-7.3.33-1.el7.s390x.rpm\nrh-php73-php-bcmath-7.3.33-1.el7.s390x.rpm\nrh-php73-php-cli-7.3.33-1.el7.s390x.rpm\nrh-php73-php-common-7.3.33-1.el7.s390x.rpm\nrh-php73-php-dba-7.3.33-1.el7.s390x.rpm\nrh-php73-php-dbg-7.3.33-1.el7.s390x.rpm\nrh-php73-php-debuginfo-7.3.33-1.el7.s390x.rpm\nrh-php73-php-devel-7.3.33-1.el7.s390x.rpm\nrh-php73-php-embedded-7.3.33-1.el7.s390x.rpm\nrh-php73-php-enchant-7.3.33-1.el7.s390x.rpm\nrh-php73-php-fpm-7.3.33-1.el7.s390x.rpm\nrh-php73-php-gd-7.3.33-1.el7.s390x.rpm\nrh-php73-php-gmp-7.3.33-1.el7.s390x.rpm\nrh-php73-php-intl-7.3.33-1.el7.s390x.rpm\nrh-php73-php-json-7.3.33-1.el7.s390x.rpm\nrh-php73-php-ldap-7.3.33-1.el7.s390x.rpm\nrh-php73-php-mbstring-7.3.33-1.el7.s390x.rpm\nrh-php73-php-mysqlnd-7.3.33-1.el7.s390x.rpm\nrh-php73-php-odbc-7.3.33-1.el7.s390x.rpm\nrh-php73-php-opcache-7.3.33-1.el7.s390x.rpm\nrh-php73-php-pdo-7.3.33-1.el7.s390x.rpm\nrh-php73-php-pgsql-7.3.33-1.el7.s390x.rpm\nrh-php73-php-process-7.3.33-1.el7.s390x.rpm\nrh-php73-php-pspell-7.3.33-1.el7.s390x.rpm\nrh-php73-php-recode-7.3.33-1.el7.s390x.rpm\nrh-php73-php-snmp-7.3.33-1.el7.s390x.rpm\nrh-php73-php-soap-7.3.33-1.el7.s390x.rpm\nrh-php73-php-xml-7.3.33-1.el7.s390x.rpm\nrh-php73-php-xmlrpc-7.3.33-1.el7.s390x.rpm\nrh-php73-php-zip-7.3.33-1.el7.s390x.rpm\n\nx86_64:\nrh-php73-php-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.33-1.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-php73-php-7.3.33-1.el7.src.rpm\n\nx86_64:\nrh-php73-php-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-bcmath-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-cli-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-common-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-dba-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-dbg-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-debuginfo-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-devel-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-embedded-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-enchant-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-fpm-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-gd-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-gmp-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-intl-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-json-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-ldap-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-mbstring-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-mysqlnd-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-odbc-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-opcache-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-pdo-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-pgsql-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-process-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-pspell-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-recode-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-snmp-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-soap-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-xml-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-xmlrpc-7.3.33-1.el7.x86_64.rpm\nrh-php73-php-zip-7.3.33-1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-21703\nhttps://access.redhat.com/security/cve/CVE-2021-21707\nhttps://access.redhat.com/security/cve/CVE-2022-31625\nhttps://access.redhat.com/security/cve/CVE-2022-31626\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYsLehtzjgjWX9erEAQiwyQ/+PV7nIzWZKjc+4JLfk/tF6u19j7lmxgo/\nrXR/9UyeBFTas8Nd+19Q2xgJdEDheHED74zskj6lsMW8V8v7DEwP3QfbBrmsWAKl\nHMahWfYEh6ZhpNMAxR1bc+z243unsHXb94b2Ed7oTNFewRxdkga1K+uhhvewfYaw\n+yycxRapynaD0SUqtP6KDFirpX14iobazHynhVbiE1KMAv9pIkYlCLJmktnR18Pp\n8UFEyGO05tovQqe38+9oVAFxnfq7f/NTmrIJAOuYcS5Lu0B9g4yMrWWiL4XjmL3U\nYWHhPm5dSRWXaKGF2JtCsQ7kShFcHj7pXnBQsoRT3GYimuYuZnR9fd3p6i1EUU6c\n6oE8Uu5D2dH1iEdYtewohgTGYkUz/IBT+f0d9Z6k0aQdroOGgczjBm8nc7pV580G\n3ksyFzk58rOyPDlslrF0OtN2Xdq3Vn2InS/EJeT6d1v0OMMn8Voezg7jE28jT/qx\n5tDKv98T4qD+IiurXBr/PFEFkZxMzKFOo6MVtkIpLuJjPf2Guy/8vO6KjUiR0ANE\nGLtzbThZrV6js/vurZr0oc7h+UdgcgVm69XlcUVi7rHij7WC0UOlbF0pYM+b805c\nHU8AYV8+9FxSB88w49p2eg1iIn0CNfKi2YQL2Gyr4T9L09Eiuf/y/HrgwLg66t4X\n4AC7K4v+QQw=KI2M\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 7.3.31-1~deb10u1. \n\nWe recommend that you upgrade your php7.3 packages. \n\nFor the detailed security status of php7.3 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/php7.3\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmF3EohfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0QTzBAAgt5HqxH7k7LMTK1tnwY2HXoNB9avYOwLrZbuox+D6hU9RO0en+3phMK1\n2rwREhAwwvbt2SuqmGOnxnLHfpvuS31ufHmLaiGVsGPJL3qAy3t/w3DZ1euZf60A\nMLbHuLElmA6PuPnsnQbzNb28PfTFjkYt2u0nRSU4R1Te78mZg4tw/IlrCUAeHOUJ\n/7AuTpv7zTCP765YqEgqJfg5lL+NhsAxrZ//6Zx7hDvqb1VIc3vHKpC/DJWP56XS\nYVmGILhEZIY33ixGdQR6/uW0VrvW0AELzveVpiOZVZcGYJH2j2V2xW7cTcPZXiyO\nhBbnBDHPi+PyH8I461J9RLw/8dJpU6zn+I2w5RSmMhVk+swjkBTiBLbyeOfp5mBS\n7wCPyEBUYGD6AiWG96qfpn2/ACHyY+ndrMWabtCfgRGkwcb2kqRhQ4Ai3nYSZm1l\n3XDdNIg+Ywtf7NRwblBVlvJ4egy8tj0ERB9wigd2av1buHl6Ji6xRvePYHShm6xi\nC02qTL7cFfKmTxfk0HdwtUu0zYc9qKZb9VAcPwiwqTbgWXWbnTLivBoIJ1iubQsU\nkOpzH41nt7vlmaFb6Q5HCGNdrwIQ3CwavFdnIfF7YCV9tN7qJwI61KsBcGM6l5hW\n1oCvUbEyeaaVNl2REsDNqtzJE154Prd//3pwShMNHlHcxwf+LV8=\n=1d/J\n-----END PGP SIGNATURE-----\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.6 Release Notes linked from the References section",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21703"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014233"
},
{
"db": "VULHUB",
"id": "VHN-380107"
},
{
"db": "VULMON",
"id": "CVE-2021-21703"
},
{
"db": "PACKETSTORM",
"id": "164698"
},
{
"db": "PACKETSTORM",
"id": "168579"
},
{
"db": "PACKETSTORM",
"id": "167696"
},
{
"db": "PACKETSTORM",
"id": "169134"
},
{
"db": "PACKETSTORM",
"id": "167076"
},
{
"db": "PACKETSTORM",
"id": "169145"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-21703",
"trust": 4.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/10/26/7",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "164698",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167696",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167076",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168579",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014233",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022051153",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012745",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021102719",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021102621",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070644",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4126",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3963",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3540",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6055",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0898",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3253",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3601",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1514",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-380107",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-21703",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169134",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169145",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380107"
},
{
"db": "VULMON",
"id": "CVE-2021-21703"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014233"
},
{
"db": "PACKETSTORM",
"id": "164698"
},
{
"db": "PACKETSTORM",
"id": "168579"
},
{
"db": "PACKETSTORM",
"id": "167696"
},
{
"db": "PACKETSTORM",
"id": "169134"
},
{
"db": "PACKETSTORM",
"id": "167076"
},
{
"db": "PACKETSTORM",
"id": "169145"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1514"
},
{
"db": "NVD",
"id": "CVE-2021-21703"
}
]
},
"id": "VAR-202110-1577",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-380107"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:36:48.800000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0April\u00a02022 Oracle\u00a0Critical\u00a0Patch\u00a0Update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html"
},
{
"title": "PHP Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=167359"
},
{
"title": "Debian CVElist Bug Report Logs: php: CVE-2021-21703",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=367f4c4a333e1f2558606fc0c7ade7c4"
},
{
"title": "Debian Security Advisories: DSA-4993-1 php7.3 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=3bb2d2714d0d0b836ca271ce2aa4d17c"
},
{
"title": "Debian Security Advisories: DSA-4992-1 php7.4 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a0d33242f30774b0a2380ec202d367da"
},
{
"title": "Red Hat: Important: rh-php73-php security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225491 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-21703 log"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2021-21703 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Henzau/WEB-NMAP "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-21703"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014233"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1514"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380107"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014233"
},
{
"db": "NVD",
"id": "CVE-2021-21703"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.openwall.com/lists/oss-security/2021/10/26/7"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21703"
},
{
"trust": 1.9,
"url": "https://www.debian.org/security/2021/dsa-4993"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202209-20"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20211118-0003/"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2021/dsa-4992"
},
{
"trust": 1.8,
"url": "https://bugs.php.net/bug.php?id=81026"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6pzvliczujmxogwouwsbaegivtf6y6v3/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jo5ra6yobgggklia6f6bqrzddecf5l3r/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pbm3kkb3ry2ypoknmc4hih7ih3t3wc74/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6pzvliczujmxogwouwsbaegivtf6y6v3/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/pbm3kkb3ry2ypoknmc4hih7ih3t3wc74/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jo5ra6yobgggklia6f6bqrzddecf5l3r/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-21703"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168579/gentoo-linux-security-advisory-202209-20.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164698/ubuntu-security-notice-usn-5125-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167696/red-hat-security-advisory-2022-5491-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167076/red-hat-security-advisory-2022-1935-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3601"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/php-read-write-access-via-fpm-36691"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3540"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4126"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3963"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012745"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021102719"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051153"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6055"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3253"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021102621"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0898"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070644"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31625"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31626"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21705"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-21703"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997003"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2021-21703"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5125-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php7.4/7.4.16-1ubuntu2.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.10"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/php8.0/8.0.8-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31627"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21704"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21708"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31626"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21707"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5491"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31625"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21707"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/php7.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/php7.4"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380107"
},
{
"db": "VULMON",
"id": "CVE-2021-21703"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014233"
},
{
"db": "PACKETSTORM",
"id": "164698"
},
{
"db": "PACKETSTORM",
"id": "168579"
},
{
"db": "PACKETSTORM",
"id": "167696"
},
{
"db": "PACKETSTORM",
"id": "169134"
},
{
"db": "PACKETSTORM",
"id": "167076"
},
{
"db": "PACKETSTORM",
"id": "169145"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1514"
},
{
"db": "NVD",
"id": "CVE-2021-21703"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-380107"
},
{
"db": "VULMON",
"id": "CVE-2021-21703"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014233"
},
{
"db": "PACKETSTORM",
"id": "164698"
},
{
"db": "PACKETSTORM",
"id": "168579"
},
{
"db": "PACKETSTORM",
"id": "167696"
},
{
"db": "PACKETSTORM",
"id": "169134"
},
{
"db": "PACKETSTORM",
"id": "167076"
},
{
"db": "PACKETSTORM",
"id": "169145"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1514"
},
{
"db": "NVD",
"id": "CVE-2021-21703"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-380107"
},
{
"date": "2021-10-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21703"
},
{
"date": "2022-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-014233"
},
{
"date": "2021-10-28T15:06:10",
"db": "PACKETSTORM",
"id": "164698"
},
{
"date": "2022-09-30T14:56:50",
"db": "PACKETSTORM",
"id": "168579"
},
{
"date": "2022-07-04T14:32:27",
"db": "PACKETSTORM",
"id": "167696"
},
{
"date": "2021-10-28T19:12:00",
"db": "PACKETSTORM",
"id": "169134"
},
{
"date": "2022-05-11T16:41:14",
"db": "PACKETSTORM",
"id": "167076"
},
{
"date": "2021-10-28T19:12:00",
"db": "PACKETSTORM",
"id": "169145"
},
{
"date": "2021-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1514"
},
{
"date": "2021-10-25T06:15:06.563000",
"db": "NVD",
"id": "CVE-2021-21703"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-29T00:00:00",
"db": "VULHUB",
"id": "VHN-380107"
},
{
"date": "2022-10-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21703"
},
{
"date": "2022-10-11T06:21:00",
"db": "JVNDB",
"id": "JVNDB-2021-014233"
},
{
"date": "2022-11-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202110-1514"
},
{
"date": "2023-11-07T03:30:04.983000",
"db": "NVD",
"id": "CVE-2021-21703"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "168579"
},
{
"db": "PACKETSTORM",
"id": "169134"
},
{
"db": "PACKETSTORM",
"id": "169145"
},
{
"db": "CNNVD",
"id": "CNNVD-202110-1514"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014233"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202110-1514"
}
],
"trust": 0.6
}
}
var-201607-0657
Vulnerability from variot
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle (MITM) attacks on internal subrequests or to direct the server to initiate connections to arbitrary hosts. This vulnerability "httpoxy" Is called a problem. PHP is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. There is a security vulnerability in PHP 7.0.8 and earlier versions, the vulnerability stems from the fact that the program does not resolve namespace conflicts in RFC 3875 mode. The program does not properly handle data from untrusted client applications in the HTTP_PROXY environment variable. A remote attacker uses the specially crafted Proxy header message in the HTTP request to exploit this vulnerability to implement a man-in-the-middle attack, directing the server to send a connection to any host.
References:
- CVE-2016-5385 - PHP, HTTPoxy
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: php55-php security update Advisory ID: RHSA-2016:1611-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1611.html Issue date: 2016-08-11 CVE Names: CVE-2016-5385 =====================================================================
- Summary:
An update for php55-php is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Security Fix(es):
- It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5385)
Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1353794 - CVE-2016-5385 PHP: sets environmental variable based on user supplied Proxy request header
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: php55-php-5.5.21-5.el6.src.rpm
x86_64: php55-php-5.5.21-5.el6.x86_64.rpm php55-php-bcmath-5.5.21-5.el6.x86_64.rpm php55-php-cli-5.5.21-5.el6.x86_64.rpm php55-php-common-5.5.21-5.el6.x86_64.rpm php55-php-dba-5.5.21-5.el6.x86_64.rpm php55-php-debuginfo-5.5.21-5.el6.x86_64.rpm php55-php-devel-5.5.21-5.el6.x86_64.rpm php55-php-enchant-5.5.21-5.el6.x86_64.rpm php55-php-fpm-5.5.21-5.el6.x86_64.rpm php55-php-gd-5.5.21-5.el6.x86_64.rpm php55-php-gmp-5.5.21-5.el6.x86_64.rpm php55-php-imap-5.5.21-5.el6.x86_64.rpm php55-php-intl-5.5.21-5.el6.x86_64.rpm php55-php-ldap-5.5.21-5.el6.x86_64.rpm php55-php-mbstring-5.5.21-5.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-5.el6.x86_64.rpm php55-php-odbc-5.5.21-5.el6.x86_64.rpm php55-php-opcache-5.5.21-5.el6.x86_64.rpm php55-php-pdo-5.5.21-5.el6.x86_64.rpm php55-php-pgsql-5.5.21-5.el6.x86_64.rpm php55-php-process-5.5.21-5.el6.x86_64.rpm php55-php-pspell-5.5.21-5.el6.x86_64.rpm php55-php-recode-5.5.21-5.el6.x86_64.rpm php55-php-snmp-5.5.21-5.el6.x86_64.rpm php55-php-soap-5.5.21-5.el6.x86_64.rpm php55-php-tidy-5.5.21-5.el6.x86_64.rpm php55-php-xml-5.5.21-5.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-5.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: php55-php-5.5.21-5.el6.src.rpm
x86_64: php55-php-5.5.21-5.el6.x86_64.rpm php55-php-bcmath-5.5.21-5.el6.x86_64.rpm php55-php-cli-5.5.21-5.el6.x86_64.rpm php55-php-common-5.5.21-5.el6.x86_64.rpm php55-php-dba-5.5.21-5.el6.x86_64.rpm php55-php-debuginfo-5.5.21-5.el6.x86_64.rpm php55-php-devel-5.5.21-5.el6.x86_64.rpm php55-php-enchant-5.5.21-5.el6.x86_64.rpm php55-php-fpm-5.5.21-5.el6.x86_64.rpm php55-php-gd-5.5.21-5.el6.x86_64.rpm php55-php-gmp-5.5.21-5.el6.x86_64.rpm php55-php-imap-5.5.21-5.el6.x86_64.rpm php55-php-intl-5.5.21-5.el6.x86_64.rpm php55-php-ldap-5.5.21-5.el6.x86_64.rpm php55-php-mbstring-5.5.21-5.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-5.el6.x86_64.rpm php55-php-odbc-5.5.21-5.el6.x86_64.rpm php55-php-opcache-5.5.21-5.el6.x86_64.rpm php55-php-pdo-5.5.21-5.el6.x86_64.rpm php55-php-pgsql-5.5.21-5.el6.x86_64.rpm php55-php-process-5.5.21-5.el6.x86_64.rpm php55-php-pspell-5.5.21-5.el6.x86_64.rpm php55-php-recode-5.5.21-5.el6.x86_64.rpm php55-php-snmp-5.5.21-5.el6.x86_64.rpm php55-php-soap-5.5.21-5.el6.x86_64.rpm php55-php-tidy-5.5.21-5.el6.x86_64.rpm php55-php-xml-5.5.21-5.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-5.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: php55-php-5.5.21-5.el6.src.rpm
x86_64: php55-php-5.5.21-5.el6.x86_64.rpm php55-php-bcmath-5.5.21-5.el6.x86_64.rpm php55-php-cli-5.5.21-5.el6.x86_64.rpm php55-php-common-5.5.21-5.el6.x86_64.rpm php55-php-dba-5.5.21-5.el6.x86_64.rpm php55-php-debuginfo-5.5.21-5.el6.x86_64.rpm php55-php-devel-5.5.21-5.el6.x86_64.rpm php55-php-enchant-5.5.21-5.el6.x86_64.rpm php55-php-fpm-5.5.21-5.el6.x86_64.rpm php55-php-gd-5.5.21-5.el6.x86_64.rpm php55-php-gmp-5.5.21-5.el6.x86_64.rpm php55-php-imap-5.5.21-5.el6.x86_64.rpm php55-php-intl-5.5.21-5.el6.x86_64.rpm php55-php-ldap-5.5.21-5.el6.x86_64.rpm php55-php-mbstring-5.5.21-5.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-5.el6.x86_64.rpm php55-php-odbc-5.5.21-5.el6.x86_64.rpm php55-php-opcache-5.5.21-5.el6.x86_64.rpm php55-php-pdo-5.5.21-5.el6.x86_64.rpm php55-php-pgsql-5.5.21-5.el6.x86_64.rpm php55-php-process-5.5.21-5.el6.x86_64.rpm php55-php-pspell-5.5.21-5.el6.x86_64.rpm php55-php-recode-5.5.21-5.el6.x86_64.rpm php55-php-snmp-5.5.21-5.el6.x86_64.rpm php55-php-soap-5.5.21-5.el6.x86_64.rpm php55-php-tidy-5.5.21-5.el6.x86_64.rpm php55-php-xml-5.5.21-5.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-5.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: php55-php-5.5.21-5.el6.src.rpm
x86_64: php55-php-5.5.21-5.el6.x86_64.rpm php55-php-bcmath-5.5.21-5.el6.x86_64.rpm php55-php-cli-5.5.21-5.el6.x86_64.rpm php55-php-common-5.5.21-5.el6.x86_64.rpm php55-php-dba-5.5.21-5.el6.x86_64.rpm php55-php-debuginfo-5.5.21-5.el6.x86_64.rpm php55-php-devel-5.5.21-5.el6.x86_64.rpm php55-php-enchant-5.5.21-5.el6.x86_64.rpm php55-php-fpm-5.5.21-5.el6.x86_64.rpm php55-php-gd-5.5.21-5.el6.x86_64.rpm php55-php-gmp-5.5.21-5.el6.x86_64.rpm php55-php-imap-5.5.21-5.el6.x86_64.rpm php55-php-intl-5.5.21-5.el6.x86_64.rpm php55-php-ldap-5.5.21-5.el6.x86_64.rpm php55-php-mbstring-5.5.21-5.el6.x86_64.rpm php55-php-mysqlnd-5.5.21-5.el6.x86_64.rpm php55-php-odbc-5.5.21-5.el6.x86_64.rpm php55-php-opcache-5.5.21-5.el6.x86_64.rpm php55-php-pdo-5.5.21-5.el6.x86_64.rpm php55-php-pgsql-5.5.21-5.el6.x86_64.rpm php55-php-process-5.5.21-5.el6.x86_64.rpm php55-php-pspell-5.5.21-5.el6.x86_64.rpm php55-php-recode-5.5.21-5.el6.x86_64.rpm php55-php-snmp-5.5.21-5.el6.x86_64.rpm php55-php-soap-5.5.21-5.el6.x86_64.rpm php55-php-tidy-5.5.21-5.el6.x86_64.rpm php55-php-xml-5.5.21-5.el6.x86_64.rpm php55-php-xmlrpc-5.5.21-5.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: php55-php-5.5.21-5.el7.src.rpm
x86_64: php55-php-5.5.21-5.el7.x86_64.rpm php55-php-bcmath-5.5.21-5.el7.x86_64.rpm php55-php-cli-5.5.21-5.el7.x86_64.rpm php55-php-common-5.5.21-5.el7.x86_64.rpm php55-php-dba-5.5.21-5.el7.x86_64.rpm php55-php-debuginfo-5.5.21-5.el7.x86_64.rpm php55-php-devel-5.5.21-5.el7.x86_64.rpm php55-php-enchant-5.5.21-5.el7.x86_64.rpm php55-php-fpm-5.5.21-5.el7.x86_64.rpm php55-php-gd-5.5.21-5.el7.x86_64.rpm php55-php-gmp-5.5.21-5.el7.x86_64.rpm php55-php-intl-5.5.21-5.el7.x86_64.rpm php55-php-ldap-5.5.21-5.el7.x86_64.rpm php55-php-mbstring-5.5.21-5.el7.x86_64.rpm php55-php-mysqlnd-5.5.21-5.el7.x86_64.rpm php55-php-odbc-5.5.21-5.el7.x86_64.rpm php55-php-opcache-5.5.21-5.el7.x86_64.rpm php55-php-pdo-5.5.21-5.el7.x86_64.rpm php55-php-pgsql-5.5.21-5.el7.x86_64.rpm php55-php-process-5.5.21-5.el7.x86_64.rpm php55-php-pspell-5.5.21-5.el7.x86_64.rpm php55-php-recode-5.5.21-5.el7.x86_64.rpm php55-php-snmp-5.5.21-5.el7.x86_64.rpm php55-php-soap-5.5.21-5.el7.x86_64.rpm php55-php-xml-5.5.21-5.el7.x86_64.rpm php55-php-xmlrpc-5.5.21-5.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: php55-php-5.5.21-5.el7.src.rpm
x86_64: php55-php-5.5.21-5.el7.x86_64.rpm php55-php-bcmath-5.5.21-5.el7.x86_64.rpm php55-php-cli-5.5.21-5.el7.x86_64.rpm php55-php-common-5.5.21-5.el7.x86_64.rpm php55-php-dba-5.5.21-5.el7.x86_64.rpm php55-php-debuginfo-5.5.21-5.el7.x86_64.rpm php55-php-devel-5.5.21-5.el7.x86_64.rpm php55-php-enchant-5.5.21-5.el7.x86_64.rpm php55-php-fpm-5.5.21-5.el7.x86_64.rpm php55-php-gd-5.5.21-5.el7.x86_64.rpm php55-php-gmp-5.5.21-5.el7.x86_64.rpm php55-php-intl-5.5.21-5.el7.x86_64.rpm php55-php-ldap-5.5.21-5.el7.x86_64.rpm php55-php-mbstring-5.5.21-5.el7.x86_64.rpm php55-php-mysqlnd-5.5.21-5.el7.x86_64.rpm php55-php-odbc-5.5.21-5.el7.x86_64.rpm php55-php-opcache-5.5.21-5.el7.x86_64.rpm php55-php-pdo-5.5.21-5.el7.x86_64.rpm php55-php-pgsql-5.5.21-5.el7.x86_64.rpm php55-php-process-5.5.21-5.el7.x86_64.rpm php55-php-pspell-5.5.21-5.el7.x86_64.rpm php55-php-recode-5.5.21-5.el7.x86_64.rpm php55-php-snmp-5.5.21-5.el7.x86_64.rpm php55-php-soap-5.5.21-5.el7.x86_64.rpm php55-php-xml-5.5.21-5.el7.x86_64.rpm php55-php-xmlrpc-5.5.21-5.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):
Source: php55-php-5.5.21-5.el7.src.rpm
x86_64: php55-php-5.5.21-5.el7.x86_64.rpm php55-php-bcmath-5.5.21-5.el7.x86_64.rpm php55-php-cli-5.5.21-5.el7.x86_64.rpm php55-php-common-5.5.21-5.el7.x86_64.rpm php55-php-dba-5.5.21-5.el7.x86_64.rpm php55-php-debuginfo-5.5.21-5.el7.x86_64.rpm php55-php-devel-5.5.21-5.el7.x86_64.rpm php55-php-enchant-5.5.21-5.el7.x86_64.rpm php55-php-fpm-5.5.21-5.el7.x86_64.rpm php55-php-gd-5.5.21-5.el7.x86_64.rpm php55-php-gmp-5.5.21-5.el7.x86_64.rpm php55-php-intl-5.5.21-5.el7.x86_64.rpm php55-php-ldap-5.5.21-5.el7.x86_64.rpm php55-php-mbstring-5.5.21-5.el7.x86_64.rpm php55-php-mysqlnd-5.5.21-5.el7.x86_64.rpm php55-php-odbc-5.5.21-5.el7.x86_64.rpm php55-php-opcache-5.5.21-5.el7.x86_64.rpm php55-php-pdo-5.5.21-5.el7.x86_64.rpm php55-php-pgsql-5.5.21-5.el7.x86_64.rpm php55-php-process-5.5.21-5.el7.x86_64.rpm php55-php-pspell-5.5.21-5.el7.x86_64.rpm php55-php-recode-5.5.21-5.el7.x86_64.rpm php55-php-snmp-5.5.21-5.el7.x86_64.rpm php55-php-soap-5.5.21-5.el7.x86_64.rpm php55-php-xml-5.5.21-5.el7.x86_64.rpm php55-php-xmlrpc-5.5.21-5.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: php55-php-5.5.21-5.el7.src.rpm
x86_64: php55-php-5.5.21-5.el7.x86_64.rpm php55-php-bcmath-5.5.21-5.el7.x86_64.rpm php55-php-cli-5.5.21-5.el7.x86_64.rpm php55-php-common-5.5.21-5.el7.x86_64.rpm php55-php-dba-5.5.21-5.el7.x86_64.rpm php55-php-debuginfo-5.5.21-5.el7.x86_64.rpm php55-php-devel-5.5.21-5.el7.x86_64.rpm php55-php-enchant-5.5.21-5.el7.x86_64.rpm php55-php-fpm-5.5.21-5.el7.x86_64.rpm php55-php-gd-5.5.21-5.el7.x86_64.rpm php55-php-gmp-5.5.21-5.el7.x86_64.rpm php55-php-intl-5.5.21-5.el7.x86_64.rpm php55-php-ldap-5.5.21-5.el7.x86_64.rpm php55-php-mbstring-5.5.21-5.el7.x86_64.rpm php55-php-mysqlnd-5.5.21-5.el7.x86_64.rpm php55-php-odbc-5.5.21-5.el7.x86_64.rpm php55-php-opcache-5.5.21-5.el7.x86_64.rpm php55-php-pdo-5.5.21-5.el7.x86_64.rpm php55-php-pgsql-5.5.21-5.el7.x86_64.rpm php55-php-process-5.5.21-5.el7.x86_64.rpm php55-php-pspell-5.5.21-5.el7.x86_64.rpm php55-php-recode-5.5.21-5.el7.x86_64.rpm php55-php-snmp-5.5.21-5.el7.x86_64.rpm php55-php-soap-5.5.21-5.el7.x86_64.rpm php55-php-xml-5.5.21-5.el7.x86_64.rpm php55-php-xmlrpc-5.5.21-5.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-5385 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFXrPSuXlSAg2UNWIIRAmLnAKCBRe4E5DnZotwDu0Tb+ITqqiZ2nQCeI6jD V28z7ctkF+xOsCoI2ug8jtY= =n134 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php-5.6.24-i586-1_slack14.2.txz: Upgraded. For more information, see: http://php.net/ChangeLog-5.php#5.6.24 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6207 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.24-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.24-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.24-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.24-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.24-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.24-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.24-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.24-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: 712cc177c9ac10f3d58e871ff27260dc php-5.6.24-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 47f6ad4a81517f5b2959abc73475742b php-5.6.24-x86_64-1_slack14.0.txz
Slackware 14.1 package: aea6a8869946186781e55c5ecec952b0 php-5.6.24-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: ab16db742762605b9b219b37cdd7e8db php-5.6.24-x86_64-1_slack14.1.txz
Slackware 14.2 package: c88a731667e741443712267d9b30286a php-5.6.24-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: ed5b31c94e2fb91f0e6c40051f51da1c php-5.6.24-x86_64-1_slack14.2.txz
Slackware -current package: c25a85fece34101d35b8785022cef94d n/php-5.6.24-i586-1.txz
Slackware x86_64 -current package: 17f8886fc0901cea6d593170ea00fe7b n/php-5.6.24-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg php-5.6.24-i586-1_slack14.2.txz
Then, restart Apache httpd:
/etc/rc.d/rc.httpd stop
/etc/rc.d/rc.httpd start
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05320149 Version: 1
HPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-10-26 Last Updated: 2016-10-26
Potential Security Impact: Remote: Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified in HPE System Management Homepage (SMH) on Windows and Linux. The vulnerabilities could be remotely exploited using man-in-the-middle (MITM) attacks resulting in cross-site scripting (XSS), arbitrary code execution, Denial of Service (DoS), and/or unauthorized disclosure of information.
References:
- CVE-2016-2107 - OpenSSL, Unauthorized disclosure of information
- CVE-2016-2106 - OpenSSL, Denial of Service (DoS)
- CVE-2016-2109 - OpenSSL, Denial of Service (DoS)
- CVE-2016-2105 - OpenSSL, Denial of Service (DoS)
- CVE-2016-3739 - cURL and libcurl, Remote code execution
- CVE-2016-5388 - "HTTPoxy", Apache Tomcat
- CVE-2016-5387 - "HTTPoxy", Apache HTTP Server
- CVE-2016-5385 - "HTTPoxy", PHP
- CVE-2016-4543 - PHP, multiple impact
- CVE-2016-4071 - PHP, multiple impact
- CVE-2016-4072 - PHP, multiple impact
- CVE-2016-4542 - PHP, multiple impact
- CVE-2016-4541 - PHP, multiple impact
- CVE-2016-4540 - PHP, multiple impact
- CVE-2016-4539 - PHP, multiple impact
- CVE-2016-4538 - PHP, multiple impact
- CVE-2016-4537 - PHP, multiple impact
- CVE-2016-4343 - PHP, multiple impact
- CVE-2016-4342 - PHP, multiple impact
- CVE-2016-4070 - PHP, Denial of Service (DoS)
- CVE-2016-4393 - PSRT110263, XSS vulnerability
- CVE-2016-4394 - PSRT110263, HSTS vulnerability
- CVE-2016-4395 - ZDI-CAN-3722, PSRT110115, Buffer Overflow
- CVE-2016-4396 - ZDI-CAN-3730, PSRT110116, Buffer Overflow
- PSRT110145
- PSRT110263
- PSRT110115
- PSRT110116
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HPE System Management Homepage - all versions prior to v7.6
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2016-2105
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-2106
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-2107
5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVE-2016-2109
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVE-2016-3739
5.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
CVE-2016-4070
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2016-4071
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4072
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4342
8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C)
CVE-2016-4343
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2016-4393
4.2 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)
CVE-2016-4394
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)
CVE-2016-4395
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N)
CVE-2016-4396
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N)
CVE-2016-4537
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4538
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4539
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4540
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4541
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4542
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-4543
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2016-5385
8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVE-2016-5387
8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVE-2016-5388
8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
- Hewlett Packard Enterprise thanks Tenable Network Security for working with Trend Micro's Zero Day Initiative (ZDI) for reporting CVE-2016-4395 and CVE-2016-4396 to security-alert@hpe.com
RESOLUTION
HPE has made the following software updates available to resolve the vulnerabilities for the impacted versions of System Management Homepage (SMH).
Please download and install HPE System Management Homepage (SMH) v7.6.0 from the following locations:
HISTORY Version:1 (rev.1) - 26 October 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Background
PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-lang/php < 5.6.28 >= 5.6.28
Description
Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details.
Impact
An attacker can possibly execute arbitrary code or create a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All PHP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.28"
References
[ 1 ] CVE-2015-8865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8865 [ 2 ] CVE-2016-3074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3074 [ 3 ] CVE-2016-4071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4071 [ 4 ] CVE-2016-4072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4072 [ 5 ] CVE-2016-4073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4073 [ 6 ] CVE-2016-4537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4537 [ 7 ] CVE-2016-4538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4538 [ 8 ] CVE-2016-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4539 [ 9 ] CVE-2016-4540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4540 [ 10 ] CVE-2016-4541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4541 [ 11 ] CVE-2016-4542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4542 [ 12 ] CVE-2016-4543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4543 [ 13 ] CVE-2016-4544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4544 [ 14 ] CVE-2016-5385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5385 [ 15 ] CVE-2016-6289 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6289 [ 16 ] CVE-2016-6290 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6290 [ 17 ] CVE-2016-6291 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6291 [ 18 ] CVE-2016-6292 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6292 [ 19 ] CVE-2016-6294 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6294 [ 20 ] CVE-2016-6295 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6295 [ 21 ] CVE-2016-6296 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6296 [ 22 ] CVE-2016-6297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6297 [ 23 ] CVE-2016-7124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7124 [ 24 ] CVE-2016-7125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7125 [ 25 ] CVE-2016-7126 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7126 [ 26 ] CVE-2016-7127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7127 [ 27 ] CVE-2016-7128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7128 [ 28 ] CVE-2016-7129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7129 [ 29 ] CVE-2016-7130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7130 [ 30 ] CVE-2016-7131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7131 [ 31 ] CVE-2016-7132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7132 [ 32 ] CVE-2016-7133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7133 [ 33 ] CVE-2016-7134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7134 [ 34 ] CVE-2016-7411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7411 [ 35 ] CVE-2016-7412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7412 [ 36 ] CVE-2016-7413 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7413 [ 37 ] CVE-2016-7414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7414 [ 38 ] CVE-2016-7416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7416 [ 39 ] CVE-2016-7417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7417 [ 40 ] CVE-2016-7418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7418
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201611-22
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0657",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "storeever msl6480 tape library",
"scope": null,
"trust": 1.6,
"vendor": "hewlett packard",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "communications user data repository",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "5.6.0"
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "8.0.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.1"
},
{
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "7.0.0"
},
{
"model": "php",
"scope": "lte",
"trust": 1.0,
"vendor": "php",
"version": "7.0.8"
},
{
"model": "storeever msl6480 tape library",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "5.09"
},
{
"model": "php",
"scope": "lt",
"trust": 1.0,
"vendor": "php",
"version": "5.5.38"
},
{
"model": "php",
"scope": "lt",
"trust": 1.0,
"vendor": "php",
"version": "5.6.24"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "communications user data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.0"
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "8.1.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "23"
},
{
"model": "system management homepage",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "7.5.5.0"
},
{
"model": "communications user data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "php",
"scope": "gte",
"trust": 1.0,
"vendor": "php",
"version": "5.5.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "24"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache http server",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "go programming language",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "haproxy",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hhvm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "python",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the php group",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lighttpd",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "php",
"scope": "lte",
"trust": 0.8,
"vendor": "the php group",
"version": "7.0.8"
},
{
"model": "linux",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "system management homepage",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise edition v4.1 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard edition v4.1 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard-j edition v4.1 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "web edition v4.1 to v6.5"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "development environment v6.1 to v6.5"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise v8.2 to v9.4"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "express v8.2 to v9.4"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "foundation v8.2 to v8.5"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard v8.2 to v9.4"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard-j edition v7.1 to v8.1"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "web edition v7.1 to v8.1"
},
{
"model": "webotx developer",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "\"(with developers studio) v8.2 to v9.4\""
},
{
"model": "webotx developer",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v7.1 to v8.1"
},
{
"model": "webotx enterprise service bus",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6.4 to v9.3"
},
{
"model": "webotx portal",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.2 to v9.3"
},
{
"model": "webotx sip application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard edition v7.1 to v8.1"
},
{
"model": "storeever msl6480 tape library",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "storeever msl6480 tape library",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.90"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "tealeaf customer experience on cloud network capture add-on",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "16.1.01"
},
{
"model": "typo3",
"scope": "eq",
"trust": 0.3,
"vendor": "typo3",
"version": "8.1"
},
{
"model": "api connect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.3.0"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.0"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.6.1"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.6.8"
},
{
"model": "powerkvm",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.3-65.12"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.6.20"
},
{
"model": "powerkvm update",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.22"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "7.0.6"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.6.23"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.4"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.6.5"
},
{
"model": "php",
"scope": "ne",
"trust": 0.3,
"vendor": "php",
"version": "7.0.9"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "powerkvm build",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.13"
},
{
"model": "typo3",
"scope": "ne",
"trust": 0.3,
"vendor": "typo3",
"version": "8.2.1"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.6"
},
{
"model": "smartcloud entry appliance fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.24"
},
{
"model": "storeever msl6480 tape library",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.40"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.6.14"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.6"
},
{
"model": "drupal",
"scope": "eq",
"trust": 0.3,
"vendor": "drupal",
"version": "8.0.1"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.6.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "powerkvm sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"model": "powerkvm build",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.165.4"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.6.2"
},
{
"model": "powerkvm build",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.165.6"
},
{
"model": "drupal",
"scope": "eq",
"trust": 0.3,
"vendor": "drupal",
"version": "8.1.0"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.3-65"
},
{
"model": "smartcloud entry appliance fi",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.4"
},
{
"model": "typo3",
"scope": "eq",
"trust": 0.3,
"vendor": "typo3",
"version": "8.1.1"
},
{
"model": "powerkvm sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "7.0.5"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "7.0"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.6.13"
},
{
"model": "drupal",
"scope": "eq",
"trust": 0.3,
"vendor": "drupal",
"version": "8.1.5"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "7.0.1"
},
{
"model": "guzzle",
"scope": "ne",
"trust": 0.3,
"vendor": "guzzle",
"version": "6.2.1"
},
{
"model": "communications user data repository",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "powerkvm build",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.165.1"
},
{
"model": "smartcloud entry appliance fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.36"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "drupal",
"scope": "eq",
"trust": 0.3,
"vendor": "drupal",
"version": "8.1.4"
},
{
"model": "powerkvm build",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.157"
},
{
"model": "guzzle",
"scope": "eq",
"trust": 0.3,
"vendor": "guzzle",
"version": "5"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "7.0.8"
},
{
"model": "powerkvm update",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.21"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.6.7"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.6.21"
},
{
"model": "drupal",
"scope": "eq",
"trust": 0.3,
"vendor": "drupal",
"version": "8.1.3"
},
{
"model": "typo3",
"scope": "eq",
"trust": 0.3,
"vendor": "typo3",
"version": "8.0.1"
},
{
"model": "powerkvm build",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.12"
},
{
"model": "drupal",
"scope": "eq",
"trust": 0.3,
"vendor": "drupal",
"version": "8.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "powerkvm build",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.165.5"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1.0.2"
},
{
"model": "api connect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1.0"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "7.0.2"
},
{
"model": "drupal",
"scope": "eq",
"trust": 0.3,
"vendor": "drupal",
"version": "8.0.3"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.6.10"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.6.6"
},
{
"model": "drupal",
"scope": "eq",
"trust": 0.3,
"vendor": "drupal",
"version": "8.0.2"
},
{
"model": "api connect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2.0"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "7.0.3"
},
{
"model": "powerkvm sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "guzzle",
"scope": "eq",
"trust": 0.3,
"vendor": "guzzle",
"version": "6"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.0"
},
{
"model": "php",
"scope": "ne",
"trust": 0.3,
"vendor": "php",
"version": "5.6.24"
},
{
"model": "storeever msl6480 tape library",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "5.10"
},
{
"model": "smartcloud entry appliance fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.34"
},
{
"model": "typo3",
"scope": "eq",
"trust": 0.3,
"vendor": "typo3",
"version": "8.0.0"
},
{
"model": "drupal",
"scope": "ne",
"trust": 0.3,
"vendor": "drupal",
"version": "8.1.7"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.6.9"
},
{
"model": "4.0.0-rc2",
"scope": null,
"trust": 0.3,
"vendor": "guzzle",
"version": null
},
{
"model": "smartcloud entry appliance fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.26"
},
{
"model": "powerkvm build",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.165.7"
},
{
"model": "drupal",
"scope": "eq",
"trust": 0.3,
"vendor": "drupal",
"version": "8.0.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.6.19"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.6.3"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "smartcloud entry appliance fi",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.4.0.4"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "storeever msl6480 tape library",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.10"
},
{
"model": "typo3",
"scope": "eq",
"trust": 0.3,
"vendor": "typo3",
"version": "8.2"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "7.0.4"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.6.11"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "smartcloud entry appliance fp",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.0.4"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.6.18"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.6.17"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.6.22"
},
{
"model": "api connect",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.0.1"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "7.0.7"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "communications user data repository",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "smartcloud entry appliance fi",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3.0.4"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.3-65.11"
},
{
"model": "php",
"scope": "eq",
"trust": 0.3,
"vendor": "php",
"version": "5.6.12"
},
{
"model": "guzzle",
"scope": "eq",
"trust": 0.3,
"vendor": "guzzle",
"version": "5.3"
},
{
"model": "drupal",
"scope": "eq",
"trust": 0.3,
"vendor": "drupal",
"version": "8.1.6"
},
{
"model": "communications user data repository",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0"
},
{
"model": "powerkvm build",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.158"
},
{
"model": "powerkvm",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1.3-65.10"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#797896"
},
{
"db": "BID",
"id": "91821"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003800"
},
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:php:php",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:hp:storeever_msl6480_tape_library",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hp:storeever_msl6480_tape_library_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:system_management_homepage",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_enterprise_service_bus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_portal",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_sip_application_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003800"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Geary (VendHQ)",
"sources": [
{
"db": "BID",
"id": "91821"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5385",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2016-5385",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-94204",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2016-5385",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-5385",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5385",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5385",
"trust": 0.8,
"value": "High"
},
{
"author": "VULHUB",
"id": "VHN-94204",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-5385",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94204"
},
{
"db": "VULMON",
"id": "CVE-2016-5385"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003800"
},
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv(\u0027HTTP_PROXY\u0027) call or (2) a CGI configuration of PHP, aka an \"httpoxy\" issue. Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle (MITM) attacks on internal subrequests or to direct the server to initiate connections to arbitrary hosts. This vulnerability \"httpoxy\" Is called a problem. PHP is prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. There is a security vulnerability in PHP 7.0.8 and earlier versions, the vulnerability stems from the fact that the program does not resolve namespace conflicts in RFC 3875 mode. The program does not properly handle data from untrusted client applications in the HTTP_PROXY environment variable. A remote attacker uses the specially crafted Proxy header message in the HTTP request to exploit this vulnerability to implement a man-in-the-middle attack, directing the server to send a connection to any host. \n\nReferences:\n\n - CVE-2016-5385 - PHP, HTTPoxy\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: php55-php security update\nAdvisory ID: RHSA-2016:1611-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-1611.html\nIssue date: 2016-08-11\nCVE Names: CVE-2016-5385 \n=====================================================================\n\n1. Summary:\n\nAn update for php55-php is now available for Red Hat Software Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nPHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Server. \n\nSecurity Fix(es):\n\n* It was discovered that PHP did not properly protect against the\nHTTP_PROXY variable name clash. A remote attacker could possibly use this\nflaw to redirect HTTP requests performed by a PHP script to an\nattacker-controlled proxy via a malicious HTTP request. (CVE-2016-5385)\n\nRed Hat would like to thank Scott Geary (VendHQ) for reporting this issue. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon must be restarted\nfor the update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1353794 - CVE-2016-5385 PHP: sets environmental variable based on user supplied Proxy request header\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nphp55-php-5.5.21-5.el6.src.rpm\n\nx86_64:\nphp55-php-5.5.21-5.el6.x86_64.rpm\nphp55-php-bcmath-5.5.21-5.el6.x86_64.rpm\nphp55-php-cli-5.5.21-5.el6.x86_64.rpm\nphp55-php-common-5.5.21-5.el6.x86_64.rpm\nphp55-php-dba-5.5.21-5.el6.x86_64.rpm\nphp55-php-debuginfo-5.5.21-5.el6.x86_64.rpm\nphp55-php-devel-5.5.21-5.el6.x86_64.rpm\nphp55-php-enchant-5.5.21-5.el6.x86_64.rpm\nphp55-php-fpm-5.5.21-5.el6.x86_64.rpm\nphp55-php-gd-5.5.21-5.el6.x86_64.rpm\nphp55-php-gmp-5.5.21-5.el6.x86_64.rpm\nphp55-php-imap-5.5.21-5.el6.x86_64.rpm\nphp55-php-intl-5.5.21-5.el6.x86_64.rpm\nphp55-php-ldap-5.5.21-5.el6.x86_64.rpm\nphp55-php-mbstring-5.5.21-5.el6.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-5.el6.x86_64.rpm\nphp55-php-odbc-5.5.21-5.el6.x86_64.rpm\nphp55-php-opcache-5.5.21-5.el6.x86_64.rpm\nphp55-php-pdo-5.5.21-5.el6.x86_64.rpm\nphp55-php-pgsql-5.5.21-5.el6.x86_64.rpm\nphp55-php-process-5.5.21-5.el6.x86_64.rpm\nphp55-php-pspell-5.5.21-5.el6.x86_64.rpm\nphp55-php-recode-5.5.21-5.el6.x86_64.rpm\nphp55-php-snmp-5.5.21-5.el6.x86_64.rpm\nphp55-php-soap-5.5.21-5.el6.x86_64.rpm\nphp55-php-tidy-5.5.21-5.el6.x86_64.rpm\nphp55-php-xml-5.5.21-5.el6.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-5.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nphp55-php-5.5.21-5.el6.src.rpm\n\nx86_64:\nphp55-php-5.5.21-5.el6.x86_64.rpm\nphp55-php-bcmath-5.5.21-5.el6.x86_64.rpm\nphp55-php-cli-5.5.21-5.el6.x86_64.rpm\nphp55-php-common-5.5.21-5.el6.x86_64.rpm\nphp55-php-dba-5.5.21-5.el6.x86_64.rpm\nphp55-php-debuginfo-5.5.21-5.el6.x86_64.rpm\nphp55-php-devel-5.5.21-5.el6.x86_64.rpm\nphp55-php-enchant-5.5.21-5.el6.x86_64.rpm\nphp55-php-fpm-5.5.21-5.el6.x86_64.rpm\nphp55-php-gd-5.5.21-5.el6.x86_64.rpm\nphp55-php-gmp-5.5.21-5.el6.x86_64.rpm\nphp55-php-imap-5.5.21-5.el6.x86_64.rpm\nphp55-php-intl-5.5.21-5.el6.x86_64.rpm\nphp55-php-ldap-5.5.21-5.el6.x86_64.rpm\nphp55-php-mbstring-5.5.21-5.el6.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-5.el6.x86_64.rpm\nphp55-php-odbc-5.5.21-5.el6.x86_64.rpm\nphp55-php-opcache-5.5.21-5.el6.x86_64.rpm\nphp55-php-pdo-5.5.21-5.el6.x86_64.rpm\nphp55-php-pgsql-5.5.21-5.el6.x86_64.rpm\nphp55-php-process-5.5.21-5.el6.x86_64.rpm\nphp55-php-pspell-5.5.21-5.el6.x86_64.rpm\nphp55-php-recode-5.5.21-5.el6.x86_64.rpm\nphp55-php-snmp-5.5.21-5.el6.x86_64.rpm\nphp55-php-soap-5.5.21-5.el6.x86_64.rpm\nphp55-php-tidy-5.5.21-5.el6.x86_64.rpm\nphp55-php-xml-5.5.21-5.el6.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-5.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nphp55-php-5.5.21-5.el6.src.rpm\n\nx86_64:\nphp55-php-5.5.21-5.el6.x86_64.rpm\nphp55-php-bcmath-5.5.21-5.el6.x86_64.rpm\nphp55-php-cli-5.5.21-5.el6.x86_64.rpm\nphp55-php-common-5.5.21-5.el6.x86_64.rpm\nphp55-php-dba-5.5.21-5.el6.x86_64.rpm\nphp55-php-debuginfo-5.5.21-5.el6.x86_64.rpm\nphp55-php-devel-5.5.21-5.el6.x86_64.rpm\nphp55-php-enchant-5.5.21-5.el6.x86_64.rpm\nphp55-php-fpm-5.5.21-5.el6.x86_64.rpm\nphp55-php-gd-5.5.21-5.el6.x86_64.rpm\nphp55-php-gmp-5.5.21-5.el6.x86_64.rpm\nphp55-php-imap-5.5.21-5.el6.x86_64.rpm\nphp55-php-intl-5.5.21-5.el6.x86_64.rpm\nphp55-php-ldap-5.5.21-5.el6.x86_64.rpm\nphp55-php-mbstring-5.5.21-5.el6.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-5.el6.x86_64.rpm\nphp55-php-odbc-5.5.21-5.el6.x86_64.rpm\nphp55-php-opcache-5.5.21-5.el6.x86_64.rpm\nphp55-php-pdo-5.5.21-5.el6.x86_64.rpm\nphp55-php-pgsql-5.5.21-5.el6.x86_64.rpm\nphp55-php-process-5.5.21-5.el6.x86_64.rpm\nphp55-php-pspell-5.5.21-5.el6.x86_64.rpm\nphp55-php-recode-5.5.21-5.el6.x86_64.rpm\nphp55-php-snmp-5.5.21-5.el6.x86_64.rpm\nphp55-php-soap-5.5.21-5.el6.x86_64.rpm\nphp55-php-tidy-5.5.21-5.el6.x86_64.rpm\nphp55-php-xml-5.5.21-5.el6.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-5.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nphp55-php-5.5.21-5.el6.src.rpm\n\nx86_64:\nphp55-php-5.5.21-5.el6.x86_64.rpm\nphp55-php-bcmath-5.5.21-5.el6.x86_64.rpm\nphp55-php-cli-5.5.21-5.el6.x86_64.rpm\nphp55-php-common-5.5.21-5.el6.x86_64.rpm\nphp55-php-dba-5.5.21-5.el6.x86_64.rpm\nphp55-php-debuginfo-5.5.21-5.el6.x86_64.rpm\nphp55-php-devel-5.5.21-5.el6.x86_64.rpm\nphp55-php-enchant-5.5.21-5.el6.x86_64.rpm\nphp55-php-fpm-5.5.21-5.el6.x86_64.rpm\nphp55-php-gd-5.5.21-5.el6.x86_64.rpm\nphp55-php-gmp-5.5.21-5.el6.x86_64.rpm\nphp55-php-imap-5.5.21-5.el6.x86_64.rpm\nphp55-php-intl-5.5.21-5.el6.x86_64.rpm\nphp55-php-ldap-5.5.21-5.el6.x86_64.rpm\nphp55-php-mbstring-5.5.21-5.el6.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-5.el6.x86_64.rpm\nphp55-php-odbc-5.5.21-5.el6.x86_64.rpm\nphp55-php-opcache-5.5.21-5.el6.x86_64.rpm\nphp55-php-pdo-5.5.21-5.el6.x86_64.rpm\nphp55-php-pgsql-5.5.21-5.el6.x86_64.rpm\nphp55-php-process-5.5.21-5.el6.x86_64.rpm\nphp55-php-pspell-5.5.21-5.el6.x86_64.rpm\nphp55-php-recode-5.5.21-5.el6.x86_64.rpm\nphp55-php-snmp-5.5.21-5.el6.x86_64.rpm\nphp55-php-soap-5.5.21-5.el6.x86_64.rpm\nphp55-php-tidy-5.5.21-5.el6.x86_64.rpm\nphp55-php-xml-5.5.21-5.el6.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-5.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nphp55-php-5.5.21-5.el7.src.rpm\n\nx86_64:\nphp55-php-5.5.21-5.el7.x86_64.rpm\nphp55-php-bcmath-5.5.21-5.el7.x86_64.rpm\nphp55-php-cli-5.5.21-5.el7.x86_64.rpm\nphp55-php-common-5.5.21-5.el7.x86_64.rpm\nphp55-php-dba-5.5.21-5.el7.x86_64.rpm\nphp55-php-debuginfo-5.5.21-5.el7.x86_64.rpm\nphp55-php-devel-5.5.21-5.el7.x86_64.rpm\nphp55-php-enchant-5.5.21-5.el7.x86_64.rpm\nphp55-php-fpm-5.5.21-5.el7.x86_64.rpm\nphp55-php-gd-5.5.21-5.el7.x86_64.rpm\nphp55-php-gmp-5.5.21-5.el7.x86_64.rpm\nphp55-php-intl-5.5.21-5.el7.x86_64.rpm\nphp55-php-ldap-5.5.21-5.el7.x86_64.rpm\nphp55-php-mbstring-5.5.21-5.el7.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-5.el7.x86_64.rpm\nphp55-php-odbc-5.5.21-5.el7.x86_64.rpm\nphp55-php-opcache-5.5.21-5.el7.x86_64.rpm\nphp55-php-pdo-5.5.21-5.el7.x86_64.rpm\nphp55-php-pgsql-5.5.21-5.el7.x86_64.rpm\nphp55-php-process-5.5.21-5.el7.x86_64.rpm\nphp55-php-pspell-5.5.21-5.el7.x86_64.rpm\nphp55-php-recode-5.5.21-5.el7.x86_64.rpm\nphp55-php-snmp-5.5.21-5.el7.x86_64.rpm\nphp55-php-soap-5.5.21-5.el7.x86_64.rpm\nphp55-php-xml-5.5.21-5.el7.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-5.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nphp55-php-5.5.21-5.el7.src.rpm\n\nx86_64:\nphp55-php-5.5.21-5.el7.x86_64.rpm\nphp55-php-bcmath-5.5.21-5.el7.x86_64.rpm\nphp55-php-cli-5.5.21-5.el7.x86_64.rpm\nphp55-php-common-5.5.21-5.el7.x86_64.rpm\nphp55-php-dba-5.5.21-5.el7.x86_64.rpm\nphp55-php-debuginfo-5.5.21-5.el7.x86_64.rpm\nphp55-php-devel-5.5.21-5.el7.x86_64.rpm\nphp55-php-enchant-5.5.21-5.el7.x86_64.rpm\nphp55-php-fpm-5.5.21-5.el7.x86_64.rpm\nphp55-php-gd-5.5.21-5.el7.x86_64.rpm\nphp55-php-gmp-5.5.21-5.el7.x86_64.rpm\nphp55-php-intl-5.5.21-5.el7.x86_64.rpm\nphp55-php-ldap-5.5.21-5.el7.x86_64.rpm\nphp55-php-mbstring-5.5.21-5.el7.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-5.el7.x86_64.rpm\nphp55-php-odbc-5.5.21-5.el7.x86_64.rpm\nphp55-php-opcache-5.5.21-5.el7.x86_64.rpm\nphp55-php-pdo-5.5.21-5.el7.x86_64.rpm\nphp55-php-pgsql-5.5.21-5.el7.x86_64.rpm\nphp55-php-process-5.5.21-5.el7.x86_64.rpm\nphp55-php-pspell-5.5.21-5.el7.x86_64.rpm\nphp55-php-recode-5.5.21-5.el7.x86_64.rpm\nphp55-php-snmp-5.5.21-5.el7.x86_64.rpm\nphp55-php-soap-5.5.21-5.el7.x86_64.rpm\nphp55-php-xml-5.5.21-5.el7.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-5.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2):\n\nSource:\nphp55-php-5.5.21-5.el7.src.rpm\n\nx86_64:\nphp55-php-5.5.21-5.el7.x86_64.rpm\nphp55-php-bcmath-5.5.21-5.el7.x86_64.rpm\nphp55-php-cli-5.5.21-5.el7.x86_64.rpm\nphp55-php-common-5.5.21-5.el7.x86_64.rpm\nphp55-php-dba-5.5.21-5.el7.x86_64.rpm\nphp55-php-debuginfo-5.5.21-5.el7.x86_64.rpm\nphp55-php-devel-5.5.21-5.el7.x86_64.rpm\nphp55-php-enchant-5.5.21-5.el7.x86_64.rpm\nphp55-php-fpm-5.5.21-5.el7.x86_64.rpm\nphp55-php-gd-5.5.21-5.el7.x86_64.rpm\nphp55-php-gmp-5.5.21-5.el7.x86_64.rpm\nphp55-php-intl-5.5.21-5.el7.x86_64.rpm\nphp55-php-ldap-5.5.21-5.el7.x86_64.rpm\nphp55-php-mbstring-5.5.21-5.el7.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-5.el7.x86_64.rpm\nphp55-php-odbc-5.5.21-5.el7.x86_64.rpm\nphp55-php-opcache-5.5.21-5.el7.x86_64.rpm\nphp55-php-pdo-5.5.21-5.el7.x86_64.rpm\nphp55-php-pgsql-5.5.21-5.el7.x86_64.rpm\nphp55-php-process-5.5.21-5.el7.x86_64.rpm\nphp55-php-pspell-5.5.21-5.el7.x86_64.rpm\nphp55-php-recode-5.5.21-5.el7.x86_64.rpm\nphp55-php-snmp-5.5.21-5.el7.x86_64.rpm\nphp55-php-soap-5.5.21-5.el7.x86_64.rpm\nphp55-php-xml-5.5.21-5.el7.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-5.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nphp55-php-5.5.21-5.el7.src.rpm\n\nx86_64:\nphp55-php-5.5.21-5.el7.x86_64.rpm\nphp55-php-bcmath-5.5.21-5.el7.x86_64.rpm\nphp55-php-cli-5.5.21-5.el7.x86_64.rpm\nphp55-php-common-5.5.21-5.el7.x86_64.rpm\nphp55-php-dba-5.5.21-5.el7.x86_64.rpm\nphp55-php-debuginfo-5.5.21-5.el7.x86_64.rpm\nphp55-php-devel-5.5.21-5.el7.x86_64.rpm\nphp55-php-enchant-5.5.21-5.el7.x86_64.rpm\nphp55-php-fpm-5.5.21-5.el7.x86_64.rpm\nphp55-php-gd-5.5.21-5.el7.x86_64.rpm\nphp55-php-gmp-5.5.21-5.el7.x86_64.rpm\nphp55-php-intl-5.5.21-5.el7.x86_64.rpm\nphp55-php-ldap-5.5.21-5.el7.x86_64.rpm\nphp55-php-mbstring-5.5.21-5.el7.x86_64.rpm\nphp55-php-mysqlnd-5.5.21-5.el7.x86_64.rpm\nphp55-php-odbc-5.5.21-5.el7.x86_64.rpm\nphp55-php-opcache-5.5.21-5.el7.x86_64.rpm\nphp55-php-pdo-5.5.21-5.el7.x86_64.rpm\nphp55-php-pgsql-5.5.21-5.el7.x86_64.rpm\nphp55-php-process-5.5.21-5.el7.x86_64.rpm\nphp55-php-pspell-5.5.21-5.el7.x86_64.rpm\nphp55-php-recode-5.5.21-5.el7.x86_64.rpm\nphp55-php-snmp-5.5.21-5.el7.x86_64.rpm\nphp55-php-soap-5.5.21-5.el7.x86_64.rpm\nphp55-php-xml-5.5.21-5.el7.x86_64.rpm\nphp55-php-xmlrpc-5.5.21-5.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-5385\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFXrPSuXlSAg2UNWIIRAmLnAKCBRe4E5DnZotwDu0Tb+ITqqiZ2nQCeI6jD\nV28z7ctkF+xOsCoI2ug8jtY=\n=n134\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/php-5.6.24-i586-1_slack14.2.txz: Upgraded. \n For more information, see:\n http://php.net/ChangeLog-5.php#5.6.24\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6207\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.24-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.24-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.24-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.24-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.24-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.24-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.24-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.24-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n712cc177c9ac10f3d58e871ff27260dc php-5.6.24-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n47f6ad4a81517f5b2959abc73475742b php-5.6.24-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\naea6a8869946186781e55c5ecec952b0 php-5.6.24-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nab16db742762605b9b219b37cdd7e8db php-5.6.24-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nc88a731667e741443712267d9b30286a php-5.6.24-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\ned5b31c94e2fb91f0e6c40051f51da1c php-5.6.24-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nc25a85fece34101d35b8785022cef94d n/php-5.6.24-i586-1.txz\n\nSlackware x86_64 -current package:\n17f8886fc0901cea6d593170ea00fe7b n/php-5.6.24-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg php-5.6.24-i586-1_slack14.2.txz\n\nThen, restart Apache httpd:\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05320149\nVersion: 1\n\nHPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary\nCode Execution, Cross-Site Scripting (XSS), Denial of Service (DoS),\nUnauthorized Disclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-10-26\nLast Updated: 2016-10-26\n\nPotential Security Impact: Remote: Arbitrary Code Execution, Cross-Site\nScripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of\nInformation\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nMultiple potential security vulnerabilities have been identified in HPE\nSystem Management Homepage (SMH) on Windows and Linux. The vulnerabilities\ncould be remotely exploited using man-in-the-middle (MITM) attacks resulting\nin cross-site scripting (XSS), arbitrary code execution, Denial of Service\n(DoS), and/or unauthorized disclosure of information. \n\nReferences:\n\n - CVE-2016-2107 - OpenSSL, Unauthorized disclosure of information\n - CVE-2016-2106 - OpenSSL, Denial of Service (DoS)\n - CVE-2016-2109 - OpenSSL, Denial of Service (DoS)\n - CVE-2016-2105 - OpenSSL, Denial of Service (DoS)\n - CVE-2016-3739 - cURL and libcurl, Remote code execution\n - CVE-2016-5388 - \"HTTPoxy\", Apache Tomcat\n - CVE-2016-5387 - \"HTTPoxy\", Apache HTTP Server\n - CVE-2016-5385 - \"HTTPoxy\", PHP \n - CVE-2016-4543 - PHP, multiple impact\n - CVE-2016-4071 - PHP, multiple impact\n - CVE-2016-4072 - PHP, multiple impact\n - CVE-2016-4542 - PHP, multiple impact\n - CVE-2016-4541 - PHP, multiple impact\n - CVE-2016-4540 - PHP, multiple impact\n - CVE-2016-4539 - PHP, multiple impact\n - CVE-2016-4538 - PHP, multiple impact\n - CVE-2016-4537 - PHP, multiple impact\n - CVE-2016-4343 - PHP, multiple impact\n - CVE-2016-4342 - PHP, multiple impact\n - CVE-2016-4070 - PHP, Denial of Service (DoS)\n - CVE-2016-4393 - PSRT110263, XSS vulnerability\n - CVE-2016-4394 - PSRT110263, HSTS vulnerability\n - CVE-2016-4395 - ZDI-CAN-3722, PSRT110115, Buffer Overflow\n - CVE-2016-4396 - ZDI-CAN-3730, PSRT110116, Buffer Overflow\n - PSRT110145\n - PSRT110263\n - PSRT110115\n - PSRT110116\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HPE System Management Homepage - all versions prior to v7.6\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2016-2105\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-2106\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-2107\n 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\n 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)\n\n CVE-2016-2109\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)\n\n CVE-2016-3739\n 5.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N\n 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)\n\n CVE-2016-4070\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\n 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n CVE-2016-4071\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4072\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4342\n 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n 8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C)\n\n CVE-2016-4343\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4393\n 4.2 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N\n 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)\n\n CVE-2016-4394\n 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)\n\n CVE-2016-4395\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\n 7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N)\n\n CVE-2016-4396\n 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\n 7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N)\n\n CVE-2016-4537\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4538\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4539\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4540\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4541\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4542\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-4543\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n CVE-2016-5385\n 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)\n\n CVE-2016-5387\n 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)\n\n CVE-2016-5388\n 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\n* Hewlett Packard Enterprise thanks Tenable Network Security for working with\nTrend Micro\u0027s Zero Day Initiative (ZDI) for reporting CVE-2016-4395 and\nCVE-2016-4396 to security-alert@hpe.com\n\nRESOLUTION\n\nHPE has made the following software updates available to resolve the\nvulnerabilities for the impacted versions of System Management Homepage\n(SMH). \n\nPlease download and install HPE System Management Homepage (SMH) v7.6.0 from\nthe following locations: \n\n* \u003chttps://www.hpe.com/us/en/product-catalog/detail/pip.344313.html\u003e\n\nHISTORY\nVersion:1 (rev.1) - 26 October 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\nBackground\n==========\n\nPHP is a widely-used general-purpose scripting language that is\nespecially suited for Web development and can be embedded into HTML. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-lang/php \u003c 5.6.28 \u003e= 5.6.28\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in PHP. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n======\n\nAn attacker can possibly execute arbitrary code or create a Denial of\nService condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll PHP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev=lang/php-5.6.28\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-8865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8865\n[ 2 ] CVE-2016-3074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3074\n[ 3 ] CVE-2016-4071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4071\n[ 4 ] CVE-2016-4072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4072\n[ 5 ] CVE-2016-4073\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4073\n[ 6 ] CVE-2016-4537\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4537\n[ 7 ] CVE-2016-4538\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4538\n[ 8 ] CVE-2016-4539\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4539\n[ 9 ] CVE-2016-4540\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4540\n[ 10 ] CVE-2016-4541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4541\n[ 11 ] CVE-2016-4542\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4542\n[ 12 ] CVE-2016-4543\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4543\n[ 13 ] CVE-2016-4544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4544\n[ 14 ] CVE-2016-5385\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5385\n[ 15 ] CVE-2016-6289\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6289\n[ 16 ] CVE-2016-6290\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6290\n[ 17 ] CVE-2016-6291\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6291\n[ 18 ] CVE-2016-6292\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6292\n[ 19 ] CVE-2016-6294\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6294\n[ 20 ] CVE-2016-6295\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6295\n[ 21 ] CVE-2016-6296\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6296\n[ 22 ] CVE-2016-6297\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6297\n[ 23 ] CVE-2016-7124\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7124\n[ 24 ] CVE-2016-7125\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7125\n[ 25 ] CVE-2016-7126\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7126\n[ 26 ] CVE-2016-7127\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7127\n[ 27 ] CVE-2016-7128\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7128\n[ 28 ] CVE-2016-7129\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7129\n[ 29 ] CVE-2016-7130\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7130\n[ 30 ] CVE-2016-7131\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7131\n[ 31 ] CVE-2016-7132\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7132\n[ 32 ] CVE-2016-7133\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7133\n[ 33 ] CVE-2016-7134\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7134\n[ 34 ] CVE-2016-7411\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7411\n[ 35 ] CVE-2016-7412\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7412\n[ 36 ] CVE-2016-7413\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7413\n[ 37 ] CVE-2016-7414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7414\n[ 38 ] CVE-2016-7416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7416\n[ 39 ] CVE-2016-7417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7417\n[ 40 ] CVE-2016-7418\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7418\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201611-22\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5385"
},
{
"db": "CERT/CC",
"id": "VU#797896"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003800"
},
{
"db": "BID",
"id": "91821"
},
{
"db": "VULHUB",
"id": "VHN-94204"
},
{
"db": "VULMON",
"id": "CVE-2016-5385"
},
{
"db": "PACKETSTORM",
"id": "139744"
},
{
"db": "PACKETSTORM",
"id": "138297"
},
{
"db": "PACKETSTORM",
"id": "138014"
},
{
"db": "PACKETSTORM",
"id": "138298"
},
{
"db": "PACKETSTORM",
"id": "139379"
},
{
"db": "PACKETSTORM",
"id": "139968"
}
],
"trust": 3.33
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-94204",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94204"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#797896",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2016-5385",
"trust": 2.9
},
{
"db": "BID",
"id": "91821",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1036335",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU91485132",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003800",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "138298",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "139744",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "138297",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "138014",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "138295",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143933",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138299",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138296",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138070",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201607-538",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-94204",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5385",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139379",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139968",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#797896"
},
{
"db": "VULHUB",
"id": "VHN-94204"
},
{
"db": "VULMON",
"id": "CVE-2016-5385"
},
{
"db": "BID",
"id": "91821"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003800"
},
{
"db": "PACKETSTORM",
"id": "139744"
},
{
"db": "PACKETSTORM",
"id": "138297"
},
{
"db": "PACKETSTORM",
"id": "138014"
},
{
"db": "PACKETSTORM",
"id": "138298"
},
{
"db": "PACKETSTORM",
"id": "139379"
},
{
"db": "PACKETSTORM",
"id": "139968"
},
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"id": "VAR-201607-0657",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94204"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T21:03:07.837000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2016-4e7db3d437",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KZOIUYZDBWNDDHC6XTOLZYRMRXZWTJCP/"
},
{
"title": "FEDORA-2016-8eb11666aa",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RMYXAVNYL2MOBJTFATE73TOVOEZYC5R/"
},
{
"title": "FEDORA-2016-9c8cf5912c",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXFEIMZPSVGZQQAYIQ7U7DFVX3IBSDLF/"
},
{
"title": "HPSBMU03653",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05320149"
},
{
"title": "HPSBST03671",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05333297"
},
{
"title": "NV16-020",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv16-020.html"
},
{
"title": "Oracle Linux Bulletin - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"title": "Bug 1353794",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794"
},
{
"title": "RHSA-2016:1609",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2016-1609.html"
},
{
"title": "RHSA-2016:1610",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2016-1610.html"
},
{
"title": "RHSA-2016:1611",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2016-1611.html"
},
{
"title": "RHSA-2016:1612",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2016-1612.html"
},
{
"title": "RHSA-2016:1613",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2016-1613.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://php.net/"
},
{
"title": "TLSA-2016-19",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2016/TLSA-2016-19j.html"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2016/07/18/httpoxy_hole/"
},
{
"title": "Amazon Linux AMI: ALAS-2016-728",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-728"
},
{
"title": "Ubuntu Security Notice: php5, php7.0 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3045-1"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a22ad41e97bbfc5abb0bb927bf43089c"
},
{
"title": "Forcepoint Security Advisories: HTTPoxy CGI HTTP_PROXY Variable Multiple Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=47734ce563632c9864b0b698ae37ddf9"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=0bd8c924b56aac98dda0f5b45f425f38"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
},
{
"title": "bach",
"trust": 0.1,
"url": "https://github.com/sonatype-nexus-community/bach "
},
{
"title": "bach",
"trust": 0.1,
"url": "https://github.com/OSSIndex/bach "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2016-5385 "
},
{
"title": "jbot",
"trust": 0.1,
"url": "https://github.com/jschauma/jbot "
},
{
"title": "CVE-2016-5385",
"trust": 0.1,
"url": "https://github.com/AIPOCAI/CVE-2016-5385 "
},
{
"title": "nginx-proxy",
"trust": 0.1,
"url": "https://github.com/chaplean/nginx-proxy "
},
{
"title": "nginx-proxy2",
"trust": 0.1,
"url": "https://github.com/corzel/nginx-proxy2 "
},
{
"title": "Test",
"trust": 0.1,
"url": "https://github.com/Abhinav4git/Test "
},
{
"title": "nginx-proxy",
"trust": 0.1,
"url": "https://github.com/jwilder/nginx-proxy "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/GloveofGames/hehe "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/jquepi/nginx-proxy-2 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/lemonhope-mz/replica_nginx-proxy "
},
{
"title": "reto-ejercicio1",
"trust": 0.1,
"url": "https://github.com/QuirianCordova/reto-ejercicio1 "
},
{
"title": "nginx",
"trust": 0.1,
"url": "https://github.com/ratika-web/nginx "
},
{
"title": "docker-nginx-proxy",
"trust": 0.1,
"url": "https://github.com/CodeKoalas/docker-nginx-proxy "
},
{
"title": "jwilder-nginx-proxy",
"trust": 0.1,
"url": "https://github.com/linguamerica/jwilder-nginx-proxy "
},
{
"title": "nginx-proxy",
"trust": 0.1,
"url": "https://github.com/abhi1693/nginx-proxy "
},
{
"title": "DockerProject",
"trust": 0.1,
"url": "https://github.com/antoinechab/DockerProject "
},
{
"title": "plonevhost",
"trust": 0.1,
"url": "https://github.com/alteroo/plonevhost "
},
{
"title": "nginx-proxy-docker-image-builder",
"trust": 0.1,
"url": "https://github.com/expoli/nginx-proxy-docker-image-builder "
},
{
"title": "reto-ejercicio3",
"trust": 0.1,
"url": "https://github.com/QuirianCordova/reto-ejercicio3 "
},
{
"title": "nginx",
"trust": 0.1,
"url": "https://github.com/isaiahweeks/nginx "
},
{
"title": "docker-dev-tools-proxy",
"trust": 0.1,
"url": "https://github.com/antimatter-studios/docker-dev-tools-proxy "
},
{
"title": "nginx-proxy",
"trust": 0.1,
"url": "https://github.com/nginx-proxy/nginx-proxy "
},
{
"title": "nginx-proxy",
"trust": 0.1,
"url": "https://github.com/bfirestone/nginx-proxy "
},
{
"title": "nginx-oidc-proxy",
"trust": 0.1,
"url": "https://github.com/garnser/nginx-oidc-proxy "
},
{
"title": "nginx-proxy",
"trust": 0.1,
"url": "https://github.com/VitasL/nginx-proxy "
},
{
"title": "nginx-proxy-docker-image-builder",
"trust": 0.1,
"url": "https://github.com/expoli/nginx-proxy-docker-image "
},
{
"title": "docker-proxy",
"trust": 0.1,
"url": "https://github.com/antimatter-studios/docker-proxy "
},
{
"title": "nginx-proxy",
"trust": 0.1,
"url": "https://github.com/junkl-solbox/nginx-proxy "
},
{
"title": "nginxProxy",
"trust": 0.1,
"url": "https://github.com/moewsystem/nginxProxy "
},
{
"title": "kube-active-proxy",
"trust": 0.1,
"url": "https://github.com/adi90x/kube-active-proxy "
},
{
"title": "nginx-proxy",
"trust": 0.1,
"url": "https://github.com/antimatter-studios/nginx-proxy "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/6d617274696e73/nginx-waf-proxy "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/mikediamanto/nginx-proxy "
},
{
"title": "rancher-active-proxy",
"trust": 0.1,
"url": "https://github.com/adi90x/rancher-active-proxy "
},
{
"title": "algm-php-vulnerability-checker",
"trust": 0.1,
"url": "https://github.com/timclifford/algm-php-vulnerability-checker "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/t0m4too/t0m4to "
},
{
"title": "github_aquasecurity_trivy",
"trust": 0.1,
"url": "https://github.com/back8/github_aquasecurity_trivy "
},
{
"title": "TrivyWeb",
"trust": 0.1,
"url": "https://github.com/KorayAgaya/TrivyWeb "
},
{
"title": "Vulnerability-Scanner-for-Containers",
"trust": 0.1,
"url": "https://github.com/t31m0/Vulnerability-Scanner-for-Containers "
},
{
"title": "security",
"trust": 0.1,
"url": "https://github.com/umahari/security "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Mohzeela/external-secret "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/simiyo/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/aquasecurity/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/knqyf263/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/siddharthraopotukuchi/trivy "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/cgi-script-vulnerability-httpoxy-allows-man-in-the-middle-attacks/119345/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-5385"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003800"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94204"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003800"
},
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/797896"
},
{
"trust": 2.0,
"url": "https://httpoxy.org/"
},
{
"trust": 1.6,
"url": "https://www.apache.org/security/asf-httpoxy-response.txt"
},
{
"trust": 1.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.5,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"trust": 1.5,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353794"
},
{
"trust": 1.5,
"url": "https://www.drupal.org/sa-core-2016-003"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1611.html"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1612.html"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036335"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91821"
},
{
"trust": 1.2,
"url": "http://www.debian.org/security/2016/dsa-3631"
},
{
"trust": 1.2,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kzoiuyzdbwnddhc6xtolzyrmrxzwtjcp/"
},
{
"trust": 1.2,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7rmyxavnyl2mobjtfate73tovoezyc5r/"
},
{
"trust": 1.2,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gxfeimzpsvgzqqayiq7u7dfvx3ibsdlf/"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1609.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1610.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-1613.html"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"trust": 1.2,
"url": "https://github.com/guzzle/guzzle/releases/tag/6.2.1"
},
{
"trust": 1.2,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05320149"
},
{
"trust": 1.2,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05333297"
},
{
"trust": 1.2,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03770en_us"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5385"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc3875"
},
{
"trust": 0.8,
"url": "https://httpoxy.org"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/807.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/454.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu91485132"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5385"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5385"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05320149"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05333297"
},
{
"trust": 0.3,
"url": "https://github.com/friendsofphp/security-advisories/commit/7ed8f8e3a87f7be13dd70cccd54f8701be1be6e0"
},
{
"trust": 0.3,
"url": "http://www.php.net/"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024261"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024735"
},
{
"trust": 0.3,
"url": "https://www.oracle.com/technetwork/topics/security/bulletinjul2017-3814622.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21993929"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21994534"
},
{
"trust": 0.3,
"url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-019/"
},
{
"trust": 0.2,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.2,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.2,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-5385"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4537"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4542"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4538"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4072"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4071"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4543"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4541"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4539"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4540"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03770en_us"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/601.html"
},
{
"trust": 0.1,
"url": "https://github.com/sonatype-nexus-community/bach"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/swd/public/readindex?sp4ts.oid=5385625\u0026swlan"
},
{
"trust": 0.1,
"url": "http://php.net/changelog-5.php#5.6.24"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6207"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5387"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4396"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4395"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4070"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/us/en/product-catalog/detail/pip.344313.html\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4394"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4342"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6297"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7131"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3074"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4542"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7124"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7124"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7125"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7129"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4538"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7132"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8865"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6292"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7416"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6289"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8865"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6289"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7128"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4073"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6295"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6296"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5385"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4539"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4072"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6290"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7134"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7411"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4537"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7413"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4541"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7130"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6292"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6290"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7414"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6291"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7127"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6294"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7126"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4071"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7133"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6295"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6291"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4073"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6294"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7125"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4543"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7129"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7412"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6296"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7418"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-7127"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-3074"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#797896"
},
{
"db": "VULHUB",
"id": "VHN-94204"
},
{
"db": "VULMON",
"id": "CVE-2016-5385"
},
{
"db": "BID",
"id": "91821"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003800"
},
{
"db": "PACKETSTORM",
"id": "139744"
},
{
"db": "PACKETSTORM",
"id": "138297"
},
{
"db": "PACKETSTORM",
"id": "138014"
},
{
"db": "PACKETSTORM",
"id": "138298"
},
{
"db": "PACKETSTORM",
"id": "139379"
},
{
"db": "PACKETSTORM",
"id": "139968"
},
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#797896"
},
{
"db": "VULHUB",
"id": "VHN-94204"
},
{
"db": "VULMON",
"id": "CVE-2016-5385"
},
{
"db": "BID",
"id": "91821"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003800"
},
{
"db": "PACKETSTORM",
"id": "139744"
},
{
"db": "PACKETSTORM",
"id": "138297"
},
{
"db": "PACKETSTORM",
"id": "138014"
},
{
"db": "PACKETSTORM",
"id": "138298"
},
{
"db": "PACKETSTORM",
"id": "139379"
},
{
"db": "PACKETSTORM",
"id": "139968"
},
{
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-18T00:00:00",
"db": "CERT/CC",
"id": "VU#797896"
},
{
"date": "2016-07-19T00:00:00",
"db": "VULHUB",
"id": "VHN-94204"
},
{
"date": "2016-07-19T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5385"
},
{
"date": "2016-07-18T00:00:00",
"db": "BID",
"id": "91821"
},
{
"date": "2016-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003800"
},
{
"date": "2016-11-16T00:48:12",
"db": "PACKETSTORM",
"id": "139744"
},
{
"date": "2016-08-12T18:03:14",
"db": "PACKETSTORM",
"id": "138297"
},
{
"date": "2016-07-22T22:42:48",
"db": "PACKETSTORM",
"id": "138014"
},
{
"date": "2016-08-12T18:03:22",
"db": "PACKETSTORM",
"id": "138298"
},
{
"date": "2016-10-27T19:22:00",
"db": "PACKETSTORM",
"id": "139379"
},
{
"date": "2016-12-01T16:38:01",
"db": "PACKETSTORM",
"id": "139968"
},
{
"date": "2016-07-19T02:00:17.773000",
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-19T00:00:00",
"db": "CERT/CC",
"id": "VU#797896"
},
{
"date": "2023-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-94204"
},
{
"date": "2023-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5385"
},
{
"date": "2018-01-18T09:00:00",
"db": "BID",
"id": "91821"
},
{
"date": "2016-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003800"
},
{
"date": "2024-11-21T02:54:12.637000",
"db": "NVD",
"id": "CVE-2016-5385"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91821"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables",
"sources": [
{
"db": "CERT/CC",
"id": "VU#797896"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "91821"
}
],
"trust": 0.3
}
}
var-202108-1269
Vulnerability from variot
A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. apple's Safari Products from multiple vendors, such as Microsoft, have vulnerabilities related to type mix-up.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. (CVE-2020-27918) "Clear History and Website Data" did not clear the history. A user may be unable to fully delete browsing history. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1789) A port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870) A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775) A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779) An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. The victim needs to visit a malicious web site to trigger the vulnerability. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30799) A use-after-free flaw was found in WebKitGTK. (CVE-2021-30809) A confusion type flaw was found in WebKitGTK. (CVE-2021-30818) An out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30887) An information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888) A buffer overflow flaw was found in WebKitGTK. (CVE-2021-30952) An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30984) ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912) BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762) A segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-26719) In WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. (CVE-2022-32792) Multiple out-of-bounds write issues were addressed with improved bounds checking. An app may be able to disclose kernel memory. Visiting a website that frames malicious content may lead to UI spoofing. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-46700) A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529) A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358) A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360) A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361) A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362) A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363) The vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932) The vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954) An out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373) N/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-12-15-6 watchOS 8.3
watchOS 8.3 addresses the following issues. CVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab
CFNetwork Proxies Available for: Apple Watch Series 3 and later Impact: User traffic might unexpectedly be leaked to a proxy server despite PAC configurations Description: A logic issue was addressed with improved state management. CVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab
CoreAudio Available for: Apple Watch Series 3 and later Impact: Playing a malicious audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab
Crash Reporter Available for: Apple Watch Series 3 and later Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30916: Zweig of Kunlun Lab
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30937: Sergei Glazunov of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30927: Xinru Chi of Pangu Lab CVE-2021-30980: Xinru Chi of Pangu Lab
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30949: Ian Beer of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2021-30955: Zweig of Kunlun Lab
Preferences Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to elevate privileges Description: A race condition was addressed with improved state handling. CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions. CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved restrictions. CVE-2021-30946: @gorelics
Sandbox Available for: Apple Watch Series 3 and later Impact: An application may be able to access a user's files Description: An access issue was addressed with additional sandbox restrictions. CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security
TCC Available for: Apple Watch Series 3 and later Impact: A local user may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30767: @gorelics
TCC Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass Privacy preferences Description: An inherited permissions issue was addressed with additional restrictions. CVE-2021-30954: Kunlun Lab
Additional recognition
Bluetooth We would like to acknowledge Haram Park, Korea University for their assistance.
ColorSync We would like to acknowledge Mateusz Jurczyk of Google Project Zero for their assistance.
Contacts We would like to acknowledge Minchan Park (03stin) for their assistance.
Kernel We would like to acknowledge Amit Klein of Bar-Ilan University's Center for Research in Applied Cryptography and Cyber Security for their assistance.
WebKit We would like to acknowledge Peter Snyder of Brave and Soroush Karami for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p rhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn wkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1 eG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh TL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj t1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+ wlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz xnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS rwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj FPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj zn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI 1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+ -----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202202-01
https://security.gentoo.org/
Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
[ 1 ] CVE-2021-30848 https://nvd.nist.gov/vuln/detail/CVE-2021-30848 [ 2 ] CVE-2021-30888 https://nvd.nist.gov/vuln/detail/CVE-2021-30888 [ 3 ] CVE-2021-30682 https://nvd.nist.gov/vuln/detail/CVE-2021-30682 [ 4 ] CVE-2021-30889 https://nvd.nist.gov/vuln/detail/CVE-2021-30889 [ 5 ] CVE-2021-30666 https://nvd.nist.gov/vuln/detail/CVE-2021-30666 [ 6 ] CVE-2021-30665 https://nvd.nist.gov/vuln/detail/CVE-2021-30665 [ 7 ] CVE-2021-30890 https://nvd.nist.gov/vuln/detail/CVE-2021-30890 [ 8 ] CVE-2021-30661 https://nvd.nist.gov/vuln/detail/CVE-2021-30661 [ 9 ] WSA-2021-0005 https://webkitgtk.org/security/WSA-2021-0005.html [ 10 ] CVE-2021-30761 https://nvd.nist.gov/vuln/detail/CVE-2021-30761 [ 11 ] CVE-2021-30897 https://nvd.nist.gov/vuln/detail/CVE-2021-30897 [ 12 ] CVE-2021-30823 https://nvd.nist.gov/vuln/detail/CVE-2021-30823 [ 13 ] CVE-2021-30734 https://nvd.nist.gov/vuln/detail/CVE-2021-30734 [ 14 ] CVE-2021-30934 https://nvd.nist.gov/vuln/detail/CVE-2021-30934 [ 15 ] CVE-2021-1871 https://nvd.nist.gov/vuln/detail/CVE-2021-1871 [ 16 ] CVE-2021-30762 https://nvd.nist.gov/vuln/detail/CVE-2021-30762 [ 17 ] WSA-2021-0006 https://webkitgtk.org/security/WSA-2021-0006.html [ 18 ] CVE-2021-30797 https://nvd.nist.gov/vuln/detail/CVE-2021-30797 [ 19 ] CVE-2021-30936 https://nvd.nist.gov/vuln/detail/CVE-2021-30936 [ 20 ] CVE-2021-30663 https://nvd.nist.gov/vuln/detail/CVE-2021-30663 [ 21 ] CVE-2021-1825 https://nvd.nist.gov/vuln/detail/CVE-2021-1825 [ 22 ] CVE-2021-30951 https://nvd.nist.gov/vuln/detail/CVE-2021-30951 [ 23 ] CVE-2021-30952 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 [ 24 ] CVE-2021-1788 https://nvd.nist.gov/vuln/detail/CVE-2021-1788 [ 25 ] CVE-2021-1820 https://nvd.nist.gov/vuln/detail/CVE-2021-1820 [ 26 ] CVE-2021-30953 https://nvd.nist.gov/vuln/detail/CVE-2021-30953 [ 27 ] CVE-2021-30749 https://nvd.nist.gov/vuln/detail/CVE-2021-30749 [ 28 ] CVE-2021-30849 https://nvd.nist.gov/vuln/detail/CVE-2021-30849 [ 29 ] CVE-2021-1826 https://nvd.nist.gov/vuln/detail/CVE-2021-1826 [ 30 ] CVE-2021-30836 https://nvd.nist.gov/vuln/detail/CVE-2021-30836 [ 31 ] CVE-2021-30954 https://nvd.nist.gov/vuln/detail/CVE-2021-30954 [ 32 ] CVE-2021-30984 https://nvd.nist.gov/vuln/detail/CVE-2021-30984 [ 33 ] CVE-2021-30851 https://nvd.nist.gov/vuln/detail/CVE-2021-30851 [ 34 ] CVE-2021-30758 https://nvd.nist.gov/vuln/detail/CVE-2021-30758 [ 35 ] CVE-2021-42762 https://nvd.nist.gov/vuln/detail/CVE-2021-42762 [ 36 ] CVE-2021-1844 https://nvd.nist.gov/vuln/detail/CVE-2021-1844 [ 37 ] CVE-2021-30689 https://nvd.nist.gov/vuln/detail/CVE-2021-30689 [ 38 ] CVE-2021-45482 https://nvd.nist.gov/vuln/detail/CVE-2021-45482 [ 39 ] CVE-2021-30858 https://nvd.nist.gov/vuln/detail/CVE-2021-30858 [ 40 ] CVE-2021-21779 https://nvd.nist.gov/vuln/detail/CVE-2021-21779 [ 41 ] WSA-2021-0004 https://webkitgtk.org/security/WSA-2021-0004.html [ 42 ] CVE-2021-30846 https://nvd.nist.gov/vuln/detail/CVE-2021-30846 [ 43 ] CVE-2021-30744 https://nvd.nist.gov/vuln/detail/CVE-2021-30744 [ 44 ] CVE-2021-30809 https://nvd.nist.gov/vuln/detail/CVE-2021-30809 [ 45 ] CVE-2021-30884 https://nvd.nist.gov/vuln/detail/CVE-2021-30884 [ 46 ] CVE-2021-30720 https://nvd.nist.gov/vuln/detail/CVE-2021-30720 [ 47 ] CVE-2021-30799 https://nvd.nist.gov/vuln/detail/CVE-2021-30799 [ 48 ] CVE-2021-30795 https://nvd.nist.gov/vuln/detail/CVE-2021-30795 [ 49 ] CVE-2021-1817 https://nvd.nist.gov/vuln/detail/CVE-2021-1817 [ 50 ] CVE-2021-21775 https://nvd.nist.gov/vuln/detail/CVE-2021-21775 [ 51 ] CVE-2021-30887 https://nvd.nist.gov/vuln/detail/CVE-2021-30887 [ 52 ] CVE-2021-21806 https://nvd.nist.gov/vuln/detail/CVE-2021-21806 [ 53 ] CVE-2021-30818 https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update Advisory ID: RHSA-2022:1777-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1777 Issue date: 2022-05-10 CVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 =====================================================================
- Summary:
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: webkit2gtk3-2.34.6-1.el8.src.rpm
aarch64: webkit2gtk3-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm
ppc64le: webkit2gtk3-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm
s390x: webkit2gtk3-2.34.6-1.el8.s390x.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm
x86_64: webkit2gtk3-2.34.6-1.el8.i686.rpm webkit2gtk3-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm webkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-30809 https://access.redhat.com/security/cve/CVE-2021-30818 https://access.redhat.com/security/cve/CVE-2021-30823 https://access.redhat.com/security/cve/CVE-2021-30836 https://access.redhat.com/security/cve/CVE-2021-30846 https://access.redhat.com/security/cve/CVE-2021-30848 https://access.redhat.com/security/cve/CVE-2021-30849 https://access.redhat.com/security/cve/CVE-2021-30851 https://access.redhat.com/security/cve/CVE-2021-30884 https://access.redhat.com/security/cve/CVE-2021-30887 https://access.redhat.com/security/cve/CVE-2021-30888 https://access.redhat.com/security/cve/CVE-2021-30889 https://access.redhat.com/security/cve/CVE-2021-30890 https://access.redhat.com/security/cve/CVE-2021-30897 https://access.redhat.com/security/cve/CVE-2021-30934 https://access.redhat.com/security/cve/CVE-2021-30936 https://access.redhat.com/security/cve/CVE-2021-30951 https://access.redhat.com/security/cve/CVE-2021-30952 https://access.redhat.com/security/cve/CVE-2021-30953 https://access.redhat.com/security/cve/CVE-2021-30954 https://access.redhat.com/security/cve/CVE-2021-30984 https://access.redhat.com/security/cve/CVE-2021-45481 https://access.redhat.com/security/cve/CVE-2021-45482 https://access.redhat.com/security/cve/CVE-2021-45483 https://access.redhat.com/security/cve/CVE-2022-22589 https://access.redhat.com/security/cve/CVE-2022-22590 https://access.redhat.com/security/cve/CVE-2022-22592 https://access.redhat.com/security/cve/CVE-2022-22594 https://access.redhat.com/security/cve/CVE-2022-22620 https://access.redhat.com/security/cve/CVE-2022-22637 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
For the oldstable distribution (buster), these problems have been fixed in version 2.34.4-1~deb10u1.
For the stable distribution (bullseye), these problems have been fixed in version 2.34.4-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1269",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.1"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "8.3"
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "8.3"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "tvos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021208"
},
{
"db": "NVD",
"id": "CVE-2021-30954"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
}
],
"trust": 0.3
},
"cve": "CVE-2021-30954",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-30954",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-390687",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-30954",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-30954",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-30954",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-30954",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-2055",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-390687",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-30954",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390687"
},
{
"db": "VULMON",
"id": "CVE-2021-30954"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021208"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2055"
},
{
"db": "NVD",
"id": "CVE-2021-30954"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. apple\u0027s Safari Products from multiple vendors, such as Microsoft, have vulnerabilities related to type mix-up.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. (CVE-2020-27918)\n\"Clear History and Website Data\" did not clear the history. A user may be unable to fully delete browsing history. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1789)\nA port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870)\nA use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\nA use-after-free vulnerability exists in the way Webkit\u0027s GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779)\nAn exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. The victim needs to visit a malicious web site to trigger the vulnerability. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30799)\nA use-after-free flaw was found in WebKitGTK. (CVE-2021-30809)\nA confusion type flaw was found in WebKitGTK. (CVE-2021-30818)\nAn out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30887)\nAn information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888)\nA buffer overflow flaw was found in WebKitGTK. (CVE-2021-30952)\nAn out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30984)\n** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912)\nBubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762)\nA segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-26719)\nIn WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. (CVE-2022-32792)\nMultiple out-of-bounds write issues were addressed with improved bounds checking. An app may be able to disclose kernel memory. Visiting a website that frames malicious content may lead to UI spoofing. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-46700)\nA flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529)\nA use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358)\nA use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360)\nA use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361)\nA use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362)\nA use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363)\nThe vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932)\nThe vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954)\nAn out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373)\nN/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-12-15-6 watchOS 8.3\n\nwatchOS 8.3 addresses the following issues. \nCVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab\n\nCFNetwork Proxies\nAvailable for: Apple Watch Series 3 and later\nImpact: User traffic might unexpectedly be leaked to a proxy server\ndespite PAC configurations\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: Apple Watch Series 3 and later\nImpact: Playing a malicious audio file may lead to arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab\n\nCrash Reporter\nAvailable for: Apple Watch Series 3 and later\nImpact: A local attacker may be able to elevate their privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year\nLab, Mickey Jin (@patch1t) of Trend Micro\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30916: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2021-30937: Sergei Glazunov of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30927: Xinru Chi of Pangu Lab\nCVE-2021-30980: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30949: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30955: Zweig of Kunlun Lab\n\nPreferences\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A validation issue related to hard link behavior was\naddressed with improved sandbox restrictions. \nCVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30946: @gorelics\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to access a user\u0027s files\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30767: @gorelics\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: An inherited permissions issue was addressed with\nadditional restrictions. \nCVE-2021-30954: Kunlun Lab\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Haram Park, Korea University for their\nassistance. \n\nColorSync\nWe would like to acknowledge Mateusz Jurczyk of Google Project Zero\nfor their assistance. \n\nContacts\nWe would like to acknowledge Minchan Park (03stin) for their\nassistance. \n\nKernel\nWe would like to acknowledge Amit Klein of Bar-Ilan University\u0027s\nCenter for Research in Applied Cryptography and Cyber Security for\ntheir assistance. \n\nWebKit\nWe would like to acknowledge Peter Snyder of Brave and Soroush Karami\nfor their assistance. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p\nrhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn\nwkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1\neG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh\nTL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj\nt1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+\nwlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz\nxnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS\nrwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj\nFPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj\nzn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI\n1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+\n-----END PGP SIGNATURE-----\n\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202202-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: February 01, 2022\n Bugs: #779175, #801400, #813489, #819522, #820434, #829723,\n #831739\n ID: 202202-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.34.4 \u003e= 2.34.4\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in WebkitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.34.4\"\n\nReferences\n=========\n[ 1 ] CVE-2021-30848\n https://nvd.nist.gov/vuln/detail/CVE-2021-30848\n[ 2 ] CVE-2021-30888\n https://nvd.nist.gov/vuln/detail/CVE-2021-30888\n[ 3 ] CVE-2021-30682\n https://nvd.nist.gov/vuln/detail/CVE-2021-30682\n[ 4 ] CVE-2021-30889\n https://nvd.nist.gov/vuln/detail/CVE-2021-30889\n[ 5 ] CVE-2021-30666\n https://nvd.nist.gov/vuln/detail/CVE-2021-30666\n[ 6 ] CVE-2021-30665\n https://nvd.nist.gov/vuln/detail/CVE-2021-30665\n[ 7 ] CVE-2021-30890\n https://nvd.nist.gov/vuln/detail/CVE-2021-30890\n[ 8 ] CVE-2021-30661\n https://nvd.nist.gov/vuln/detail/CVE-2021-30661\n[ 9 ] WSA-2021-0005\n https://webkitgtk.org/security/WSA-2021-0005.html\n[ 10 ] CVE-2021-30761\n https://nvd.nist.gov/vuln/detail/CVE-2021-30761\n[ 11 ] CVE-2021-30897\n https://nvd.nist.gov/vuln/detail/CVE-2021-30897\n[ 12 ] CVE-2021-30823\n https://nvd.nist.gov/vuln/detail/CVE-2021-30823\n[ 13 ] CVE-2021-30734\n https://nvd.nist.gov/vuln/detail/CVE-2021-30734\n[ 14 ] CVE-2021-30934\n https://nvd.nist.gov/vuln/detail/CVE-2021-30934\n[ 15 ] CVE-2021-1871\n https://nvd.nist.gov/vuln/detail/CVE-2021-1871\n[ 16 ] CVE-2021-30762\n https://nvd.nist.gov/vuln/detail/CVE-2021-30762\n[ 17 ] WSA-2021-0006\n https://webkitgtk.org/security/WSA-2021-0006.html\n[ 18 ] CVE-2021-30797\n https://nvd.nist.gov/vuln/detail/CVE-2021-30797\n[ 19 ] CVE-2021-30936\n https://nvd.nist.gov/vuln/detail/CVE-2021-30936\n[ 20 ] CVE-2021-30663\n https://nvd.nist.gov/vuln/detail/CVE-2021-30663\n[ 21 ] CVE-2021-1825\n https://nvd.nist.gov/vuln/detail/CVE-2021-1825\n[ 22 ] CVE-2021-30951\n https://nvd.nist.gov/vuln/detail/CVE-2021-30951\n[ 23 ] CVE-2021-30952\n https://nvd.nist.gov/vuln/detail/CVE-2021-30952\n[ 24 ] CVE-2021-1788\n https://nvd.nist.gov/vuln/detail/CVE-2021-1788\n[ 25 ] CVE-2021-1820\n https://nvd.nist.gov/vuln/detail/CVE-2021-1820\n[ 26 ] CVE-2021-30953\n https://nvd.nist.gov/vuln/detail/CVE-2021-30953\n[ 27 ] CVE-2021-30749\n https://nvd.nist.gov/vuln/detail/CVE-2021-30749\n[ 28 ] CVE-2021-30849\n https://nvd.nist.gov/vuln/detail/CVE-2021-30849\n[ 29 ] CVE-2021-1826\n https://nvd.nist.gov/vuln/detail/CVE-2021-1826\n[ 30 ] CVE-2021-30836\n https://nvd.nist.gov/vuln/detail/CVE-2021-30836\n[ 31 ] CVE-2021-30954\n https://nvd.nist.gov/vuln/detail/CVE-2021-30954\n[ 32 ] CVE-2021-30984\n https://nvd.nist.gov/vuln/detail/CVE-2021-30984\n[ 33 ] CVE-2021-30851\n https://nvd.nist.gov/vuln/detail/CVE-2021-30851\n[ 34 ] CVE-2021-30758\n https://nvd.nist.gov/vuln/detail/CVE-2021-30758\n[ 35 ] CVE-2021-42762\n https://nvd.nist.gov/vuln/detail/CVE-2021-42762\n[ 36 ] CVE-2021-1844\n https://nvd.nist.gov/vuln/detail/CVE-2021-1844\n[ 37 ] CVE-2021-30689\n https://nvd.nist.gov/vuln/detail/CVE-2021-30689\n[ 38 ] CVE-2021-45482\n https://nvd.nist.gov/vuln/detail/CVE-2021-45482\n[ 39 ] CVE-2021-30858\n https://nvd.nist.gov/vuln/detail/CVE-2021-30858\n[ 40 ] CVE-2021-21779\n https://nvd.nist.gov/vuln/detail/CVE-2021-21779\n[ 41 ] WSA-2021-0004\n https://webkitgtk.org/security/WSA-2021-0004.html\n[ 42 ] CVE-2021-30846\n https://nvd.nist.gov/vuln/detail/CVE-2021-30846\n[ 43 ] CVE-2021-30744\n https://nvd.nist.gov/vuln/detail/CVE-2021-30744\n[ 44 ] CVE-2021-30809\n https://nvd.nist.gov/vuln/detail/CVE-2021-30809\n[ 45 ] CVE-2021-30884\n https://nvd.nist.gov/vuln/detail/CVE-2021-30884\n[ 46 ] CVE-2021-30720\n https://nvd.nist.gov/vuln/detail/CVE-2021-30720\n[ 47 ] CVE-2021-30799\n https://nvd.nist.gov/vuln/detail/CVE-2021-30799\n[ 48 ] CVE-2021-30795\n https://nvd.nist.gov/vuln/detail/CVE-2021-30795\n[ 49 ] CVE-2021-1817\n https://nvd.nist.gov/vuln/detail/CVE-2021-1817\n[ 50 ] CVE-2021-21775\n https://nvd.nist.gov/vuln/detail/CVE-2021-21775\n[ 51 ] CVE-2021-30887\n https://nvd.nist.gov/vuln/detail/CVE-2021-30887\n[ 52 ] CVE-2021-21806\n https://nvd.nist.gov/vuln/detail/CVE-2021-21806\n[ 53 ] CVE-2021-30818\n https://nvd.nist.gov/vuln/detail/CVE-2021-30818\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202202-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2022:1777-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1777\nIssue date: 2022-05-10\nCVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 \n CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 \n CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 \n CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 \n CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 \n CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 \n CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 \n CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 \n CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 \n CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 \n=====================================================================\n\n1. Summary:\n\nAn update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nWebKitGTK is the port of the portable web rendering engine WebKit to the\nGTK platform. \n\nThe following packages have been upgraded to a later upstream version:\nwebkit2gtk3 (2.34.6). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.6 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nwebkit2gtk3-2.34.6-1.el8.src.rpm\n\naarch64:\nwebkit2gtk3-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\n\nppc64le:\nwebkit2gtk3-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\n\ns390x:\nwebkit2gtk3-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm\n\nx86_64:\nwebkit2gtk3-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-30809\nhttps://access.redhat.com/security/cve/CVE-2021-30818\nhttps://access.redhat.com/security/cve/CVE-2021-30823\nhttps://access.redhat.com/security/cve/CVE-2021-30836\nhttps://access.redhat.com/security/cve/CVE-2021-30846\nhttps://access.redhat.com/security/cve/CVE-2021-30848\nhttps://access.redhat.com/security/cve/CVE-2021-30849\nhttps://access.redhat.com/security/cve/CVE-2021-30851\nhttps://access.redhat.com/security/cve/CVE-2021-30884\nhttps://access.redhat.com/security/cve/CVE-2021-30887\nhttps://access.redhat.com/security/cve/CVE-2021-30888\nhttps://access.redhat.com/security/cve/CVE-2021-30889\nhttps://access.redhat.com/security/cve/CVE-2021-30890\nhttps://access.redhat.com/security/cve/CVE-2021-30897\nhttps://access.redhat.com/security/cve/CVE-2021-30934\nhttps://access.redhat.com/security/cve/CVE-2021-30936\nhttps://access.redhat.com/security/cve/CVE-2021-30951\nhttps://access.redhat.com/security/cve/CVE-2021-30952\nhttps://access.redhat.com/security/cve/CVE-2021-30953\nhttps://access.redhat.com/security/cve/CVE-2021-30954\nhttps://access.redhat.com/security/cve/CVE-2021-30984\nhttps://access.redhat.com/security/cve/CVE-2021-45481\nhttps://access.redhat.com/security/cve/CVE-2021-45482\nhttps://access.redhat.com/security/cve/CVE-2021-45483\nhttps://access.redhat.com/security/cve/CVE-2022-22589\nhttps://access.redhat.com/security/cve/CVE-2022-22590\nhttps://access.redhat.com/security/cve/CVE-2022-22592\nhttps://access.redhat.com/security/cve/CVE-2022-22594\nhttps://access.redhat.com/security/cve/CVE-2022-22620\nhttps://access.redhat.com/security/cve/CVE-2022-22637\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.34.4-1~deb10u1. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.34.4-1~deb11u1. \n\nWe recommend that you upgrade your webkit2gtk packages",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-30954"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021208"
},
{
"db": "VULHUB",
"id": "VHN-390687"
},
{
"db": "VULMON",
"id": "CVE-2021-30954"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "169195"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-30954",
"trust": 4.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/21/2",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "167037",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165360",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021208",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022012631",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121510",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121434",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051140",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012301",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0371",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0899",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4260",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0405",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2055",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "165359",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165358",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-390687",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-30954",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165794",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169186",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169195",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390687"
},
{
"db": "VULMON",
"id": "CVE-2021-30954"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021208"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2055"
},
{
"db": "NVD",
"id": "CVE-2021-30954"
}
]
},
"id": "VAR-202108-1269",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-390687"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:05:15.250000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212980 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://www.debian.org/security/2022/dsa-5060"
},
{
"title": "Apple tvOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175815"
},
{
"title": "Red Hat: CVE-2021-30954",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-30954"
},
{
"title": "Debian Security Advisories: DSA-5060-1 webkit2gtk -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=743b4956bba0b69beefec691bcb80a4f"
},
{
"title": "Debian Security Advisories: DSA-5061-1 wpewebkit -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=de655d6c12336519b9a7054c0eb4670d"
},
{
"title": "Amazon Linux 2: ALAS2-2023-2088",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-2088"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-30954"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021208"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2055"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-843",
"trust": 1.1
},
{
"problemtype": "Mistake of type (CWE-843) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390687"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021208"
},
{
"db": "NVD",
"id": "CVE-2021-30954"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.openwall.com/lists/oss-security/2022/01/21/2"
},
{
"trust": 2.4,
"url": "https://support.apple.com/en-us/ht212976"
},
{
"trust": 2.4,
"url": "https://support.apple.com/en-us/ht212982"
},
{
"trust": 1.9,
"url": "https://www.debian.org/security/2022/dsa-5060"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2022/dsa-5061"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212975"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212978"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212980"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30954"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-30954"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30936"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30984"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30953"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30952"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30951"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30934"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0371"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-37064"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167037/red-hat-security-advisory-2022-1777-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121510"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkitgtk-multiple-vulnerabilities-37345"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051140"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4260"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0405"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121434"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0899"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165360/apple-security-advisory-2021-12-15-7.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012301"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012631"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30966"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30926"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30957"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30958"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30960"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30916"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30945"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30939"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30955"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30937"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30980"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30949"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30947"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30887"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30884"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30890"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30818"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45482"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30809"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30889"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30823"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30888"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30836"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/843.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2023-2088.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30995"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212980."
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212975."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30767"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30964"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212982."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1820"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30762"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0005.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30758"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21779"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202202-01"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1871"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30795"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30661"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30666"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30689"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0004.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0006.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21806"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22592"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22637"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30809"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30846"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30890"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22620"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30887"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30952"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22590"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30936"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30848"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45483"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30849"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30836"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45481"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30818"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30951"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22590"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30884"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/webkit2gtk"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/wpewebkit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390687"
},
{
"db": "VULMON",
"id": "CVE-2021-30954"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021208"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2055"
},
{
"db": "NVD",
"id": "CVE-2021-30954"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-390687"
},
{
"db": "VULMON",
"id": "CVE-2021-30954"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021208"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2055"
},
{
"db": "NVD",
"id": "CVE-2021-30954"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-390687"
},
{
"date": "2021-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30954"
},
{
"date": "2024-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-021208"
},
{
"date": "2021-12-17T19:19:55",
"db": "PACKETSTORM",
"id": "165358"
},
{
"date": "2021-12-17T19:20:06",
"db": "PACKETSTORM",
"id": "165359"
},
{
"date": "2021-12-17T19:23:27",
"db": "PACKETSTORM",
"id": "165360"
},
{
"date": "2022-02-01T17:03:05",
"db": "PACKETSTORM",
"id": "165794"
},
{
"date": "2022-05-11T15:50:41",
"db": "PACKETSTORM",
"id": "167037"
},
{
"date": "2022-01-28T20:12:00",
"db": "PACKETSTORM",
"id": "169186"
},
{
"date": "2022-01-28T20:12:00",
"db": "PACKETSTORM",
"id": "169195"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2055"
},
{
"date": "2021-08-24T19:15:21.860000",
"db": "NVD",
"id": "CVE-2021-30954"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-25T00:00:00",
"db": "VULHUB",
"id": "VHN-390687"
},
{
"date": "2022-02-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30954"
},
{
"date": "2024-07-18T08:13:00",
"db": "JVNDB",
"id": "JVNDB-2021-021208"
},
{
"date": "2022-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2055"
},
{
"date": "2023-11-07T03:34:02",
"db": "NVD",
"id": "CVE-2021-30954"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2055"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0Safari\u00a0 Vulnerability related to type mix-up in products from multiple vendors, such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021208"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2055"
}
],
"trust": 0.6
}
}
var-202112-1995
Vulnerability from variot
vim is vulnerable to Use After Free. vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. There is a resource management error vulnerability in Vim, and no detailed vulnerability details are provided at present. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3927) A flaw was found in vim. A possible stack-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3928) A flaw was found in vim. A possible heap use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3968) A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3973) A flaw was found in vim. A possible use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3974) A flaw was found in vim. A possible heap-based buffer overflow allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is confidentiality, integrity, and system availability. (CVE-2021-3984) A flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is system availability. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4136) A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4166) A flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4173) A flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. A specially crafted file could be used to, when opened in vim, disclose some of the process's internal memory. (CVE-2021-4193) References to CVE-2021-4192 and CVE-2021-4193 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory's initial release on 2022-01-18. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-03-14-4 macOS Monterey 12.3
macOS Monterey 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213183.
Accelerate Framework Available for: macOS Monterey Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22669: an anonymous researcher
AppKit Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team
AppleGraphicsControl Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.79.1. CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 CVE-2022-22623
FaceTime Available for: macOS Monterey Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks. CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google
Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab
IOGPUFamily Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher
Kernel Available for: macOS Monterey Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders
Kernel Available for: macOS Monterey Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn
libarchive Available for: macOS Monterey Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation. CVE-2021-36976
Login Window Available for: macOS Monterey Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher
LoginWindow Available for: macOS Monterey Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-22657: Brandon Perry of Atredis Partners
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22664: Brandon Perry of Atredis Partners
NSSpellChecker Available for: macOS Monterey Impact: A malicious application may be able to access information about a user's contacts Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2022-22644: an anonymous researcher
PackageKit Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t)
Preferences Available for: macOS Monterey Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
QuickTime Player Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing
Safari Downloads Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
Sandbox Available for: macOS Monterey Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran
Siri Available for: macOS Monterey Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)
SMB Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22651: Felix Poulin-Belanger
SoftwareUpdate Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22639: Mickey Jin (@patch1t)
System Preferences Available for: macOS Monterey Impact: An app may be able to spoof system notifications and UI Description: This issue was addressed with a new entitlement. CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)
UIKit Available for: macOS Monterey Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt
Vim Available for: macOS Monterey Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158
VoiceOver Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2021-30918: an anonymous researcher
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: macOS Monterey Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google
Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2022-22668: MrPhil17
xar Available for: macOS Monterey Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2022-22582: Richard Warren of NCC Group
Additional recognition
AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance.
Bluetooth We would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance.
Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance.
Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.
Local Authentication We would like to acknowledge an anonymous researcher for their assistance.
Notes We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance.
Password Manager We would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance.
Siri We would like to acknowledge an anonymous researcher for their assistance.
syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.
TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.
WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.
macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM 0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/ KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI= =RiA+ -----END PGP SIGNATURE-----
. Apple is aware of a report that this issue may have been actively exploited. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-1995",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.6"
},
{
"model": "vim",
"scope": "lte",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.3912"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017429"
},
{
"db": "NVD",
"id": "CVE-2021-4187"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167789"
}
],
"trust": 0.3
},
"cve": "CVE-2021-4187",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-4187",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-409887",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-4187",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.3,
"id": "CVE-2021-4187",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-4187",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-4187",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2021-4187",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-4187",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2749",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-409887",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-4187",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-409887"
},
{
"db": "VULMON",
"id": "CVE-2021-4187"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017429"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2749"
},
{
"db": "NVD",
"id": "CVE-2021-4187"
},
{
"db": "NVD",
"id": "CVE-2021-4187"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim is vulnerable to Use After Free. vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. There is a resource management error vulnerability in Vim, and no detailed vulnerability details are provided at present. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3927)\nA flaw was found in vim. A possible stack-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3928)\nA flaw was found in vim. A possible heap use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3968)\nA flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3973)\nA flaw was found in vim. A possible use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3974)\nA flaw was found in vim. A possible heap-based buffer overflow allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is confidentiality, integrity, and system availability. (CVE-2021-3984)\nA flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is system availability. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4136)\nA flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4166)\nA flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4173)\nA flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. A specially crafted file could be used to, when opened in vim, disclose some of the process\u0027s internal memory. (CVE-2021-4193)\nReferences to CVE-2021-4192 and CVE-2021-4193 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory\u0027s initial release on 2022-01-18. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-4 macOS Monterey 12.3\n\nmacOS Monterey 12.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213183. \n\nAccelerate Framework\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-22633: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22669: an anonymous researcher\n\nAppKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22631: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: An application may be able to read restricted memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-22648: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\nBOM\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.79.1. \nCVE-2021-22946\nCVE-2021-22947\nCVE-2021-22945\nCVE-2022-22623\n\nFaceTime\nAvailable for: macOS Monterey\nImpact: A user may send audio and video in a FaceTime call without\nknowing that they have done so\nDescription: This issue was addressed with improved checks. \nCVE-2022-22643: Sonali Luthar of the University of Virginia, Michael\nLiao of the University of Illinois at Urbana-Champaign, Rohan Pahwa\nof Rutgers University, and Bao Nguyen of the University of Florida\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22611: Xingyu Jin of Google\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-22612: Xingyu Jin of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba\nSecurity Pandora Lab\n\nIOGPUFamily\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22641: Mohamed Ghannam (@_simo36)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22613: Alex, an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22614: an anonymous researcher\nCVE-2022-22615: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22632: Keegan Saunders\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-22638: derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22640: sqrtpwn\n\nlibarchive\nAvailable for: macOS Monterey\nImpact: Multiple issues in libarchive\nDescription: Multiple memory corruption issues existed in libarchive. \nThese issues were addressed with improved input validation. \nCVE-2021-36976\n\nLogin Window\nAvailable for: macOS Monterey\nImpact: A person with access to a Mac may be able to bypass Login\nWindow\nDescription: This issue was addressed with improved checks. \nCVE-2022-22647: an anonymous researcher\n\nLoginWindow\nAvailable for: macOS Monterey\nImpact: A local attacker may be able to view the previous logged in\nuser\u2019s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2022-22656\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-22657: Brandon Perry of Atredis Partners\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22664: Brandon Perry of Atredis Partners\n\nNSSpellChecker\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access information\nabout a user\u0027s contacts\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed with improved state management. \nCVE-2022-22644: an anonymous researcher\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22617: Mickey Jin (@patch1t)\n\nPreferences\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to read other\napplications\u0027 settings\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nQuickTime Player\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-22650: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nSafari Downloads\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: The issue was addressed with improved permissions logic. \nCVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,\nKhiem Tran\n\nSiri\nAvailable for: macOS Monterey\nImpact: A person with physical access to a device may be able to use\nSiri to obtain some location information from the lock screen\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,\nMcCombs School of Business (linkedin.com/andrew-goldberg/)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22651: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22639: Mickey Jin (@patch1t)\n\nSystem Preferences\nAvailable for: macOS Monterey\nImpact: An app may be able to spoof system notifications and UI\nDescription: This issue was addressed with a new entitlement. \nCVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nUIKit\nAvailable for: macOS Monterey\nImpact: A person with physical access to an iOS device may be able to\nsee sensitive information via keyboard suggestions\nDescription: This issue was addressed with improved checks. \nCVE-2022-22621: Joey Hewitt\n\nVim\nAvailable for: macOS Monterey\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\nCVE-2022-0156\nCVE-2022-0158\n\nVoiceOver\nAvailable for: macOS Monterey\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2021-30918: an anonymous researcher\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cookie management issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232748\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232812\nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 233172\nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\nWebKit Bugzilla: 234147\nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 234966\nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro\nZero Day Initiative\n\nWebKit\nAvailable for: macOS Monterey\nImpact: A malicious website may cause unexpected cross-origin\nbehavior\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 235294\nCVE-2022-22637: Tom McKee of Google\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-22668: MrPhil17\n\nxar\nAvailable for: macOS Monterey\nImpact: A local user may be able to write arbitrary files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2022-22582: Richard Warren of NCC Group\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Omar Espino (omespino.com), Ron Masas of\nBreakPoint.sh for their assistance. \n\nBluetooth\nWe would like to acknowledge an anonymous researcher, chenyuwang\n(@mzzzz__) of Tencent Security Xuanwu Lab for their assistance. \n\nFace Gallery\nWe would like to acknowledge Tian Zhang (@KhaosT) for their\nassistance. \n\nIntel Graphics Driver\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi\nWu (@3ndy1) for their assistance. \n\nLocal Authentication\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNotes\nWe would like to acknowledge Nathaniel Ekoniak of Ennate Technologies\nfor their assistance. \n\nPassword Manager\nWe would like to acknowledge Maximilian Golla (@m33x) of Max Planck\nInstitute for Security and Privacy (MPI-SP) for their assistance. \n\nSiri\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nsyslog\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for\ntheir assistance. \n\nTCC\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their\nassistance. \n\nWebKit\nWe would like to acknowledge Abdullah Md Shaleh for their assistance. \n\nWebKit Storage\nWe would like to acknowledge Martin Bajanik of FingerprintJS for\ntheir assistance. \n\nmacOS Monterey 12.3 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p\nrhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd\nLrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC\njfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM\n0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL\nosOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa\nrizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/\nKZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB\nL1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi\nkwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ\nJSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo\nGXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI=\n=RiA+\n-----END PGP SIGNATURE-----\n\n\n. Apple is aware of a report that this issue may\nhave been actively exploited. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-4187"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017429"
},
{
"db": "VULHUB",
"id": "VHN-409887"
},
{
"db": "VULMON",
"id": "CVE-2021-4187"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-409887",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-409887"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-4187",
"trust": 3.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/15/1",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "167188",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166319",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167789",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017429",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022051702",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031433",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072103",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2412",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3561",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2749",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-05063",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-409887",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-4187",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-409887"
},
{
"db": "VULMON",
"id": "CVE-2021-4187"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017429"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2749"
},
{
"db": "NVD",
"id": "CVE-2021-4187"
}
]
},
"id": "VAR-202112-1995",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-409887"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:05:14.313000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213343",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/"
},
{
"title": "Vim Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177153"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1557",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1557"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1743",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1743"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-014",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-014"
},
{
"title": "Apple: macOS Monterey 12.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f1105c4a20da11497b610b14a1668180"
},
{
"title": "Apple: Security Update 2022-005 Catalina",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=b71ee1a3b689c178ee5a5bc823295063"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-4187"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017429"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2749"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-409887"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017429"
},
{
"db": "NVD",
"id": "CVE-2021-4187"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2022/mar/29"
},
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2022/may/35"
},
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2022/jul/14"
},
{
"trust": 2.6,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 2.6,
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213183"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213256"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213343"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441"
},
{
"trust": 1.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ey2vfbu3yggwi5bw4xkt3f37mygequd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ey2vfbu3yggwi5bw4xkt3f37mygequd/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072103"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051702"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167789/apple-security-advisory-2022-07-20-4.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213183"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-4187"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213343"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213256"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166319/apple-security-advisory-2022-03-14-4.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167188/apple-security-advisory-2022-05-16-3.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3561"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-reuse-after-free-via-split-argument-list-37185"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031433"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2412"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.3,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1557.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22582"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213183."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22674"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213256."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0530"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26697"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213343."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26704"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-409887"
},
{
"db": "VULMON",
"id": "CVE-2021-4187"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017429"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2749"
},
{
"db": "NVD",
"id": "CVE-2021-4187"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-409887"
},
{
"db": "VULMON",
"id": "CVE-2021-4187"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017429"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2749"
},
{
"db": "NVD",
"id": "CVE-2021-4187"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-29T00:00:00",
"db": "VULHUB",
"id": "VHN-409887"
},
{
"date": "2021-12-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-4187"
},
{
"date": "2023-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-017429"
},
{
"date": "2022-03-15T15:49:02",
"db": "PACKETSTORM",
"id": "166319"
},
{
"date": "2022-05-17T16:59:42",
"db": "PACKETSTORM",
"id": "167188"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-07-22T16:23:52",
"db": "PACKETSTORM",
"id": "167789"
},
{
"date": "2021-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2749"
},
{
"date": "2021-12-29T17:15:07.630000",
"db": "NVD",
"id": "CVE-2021-4187"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-02T00:00:00",
"db": "VULHUB",
"id": "VHN-409887"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULMON",
"id": "CVE-2021-4187"
},
{
"date": "2023-01-18T03:13:00",
"db": "JVNDB",
"id": "JVNDB-2021-017429"
},
{
"date": "2022-08-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2749"
},
{
"date": "2024-11-21T06:37:06.110000",
"db": "NVD",
"id": "CVE-2021-4187"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2749"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim\u00a0 Vulnerability in using free memory in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017429"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2749"
}
],
"trust": 0.6
}
}
var-202205-0219
Vulnerability from variot
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. ClamAV Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. There is a resource management error vulnerability in Clam AntiVirus, which can be used by attackers to implement denial of service attacks. ========================================================================== Ubuntu Security Notice USN-5423-2 May 17, 2022
clamav vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in ClamAV.
Software Description: - clamav: Anti-virus utility for Unix
Details:
USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.
Original advisory details:
Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20770)
Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20771)
Michał Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service. (CVE-2022-20785)
Michał Dardas discovered that ClamAV incorrectly handled loading the signature database. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-20792)
Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly handled the scan verdict cache check. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.(CVE-2022-20796)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1
Ubuntu 14.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5423-2 https://ubuntu.com/security/notices/USN-5423-1 CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792, CVE-2022-20796 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-01
https://security.gentoo.org/
Severity: Normal Title: ClamAV: Multiple Vulnerabilities Date: October 01, 2023 Bugs: #831083, #842813, #894672 ID: 202310-01
Synopsis
Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.
Background
ClamAV is a GPL virus scanner.
Affected packages
Package Vulnerable Unaffected
app-antivirus/clamav < 0.103.7 >= 0.103.7
Description
Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All ClamAV users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.103.7"
References
[ 1 ] CVE-2022-20698 https://nvd.nist.gov/vuln/detail/CVE-2022-20698 [ 2 ] CVE-2022-20770 https://nvd.nist.gov/vuln/detail/CVE-2022-20770 [ 3 ] CVE-2022-20771 https://nvd.nist.gov/vuln/detail/CVE-2022-20771 [ 4 ] CVE-2022-20785 https://nvd.nist.gov/vuln/detail/CVE-2022-20785 [ 5 ] CVE-2022-20792 https://nvd.nist.gov/vuln/detail/CVE-2022-20792 [ 6 ] CVE-2022-20796 https://nvd.nist.gov/vuln/detail/CVE-2022-20796 [ 7 ] CVE-2022-20803 https://nvd.nist.gov/vuln/detail/CVE-2022-20803 [ 8 ] CVE-2023-20032 https://nvd.nist.gov/vuln/detail/CVE-2023-20032 [ 9 ] CVE-2023-20052 https://nvd.nist.gov/vuln/detail/CVE-2023-20052
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202310-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0219",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clamav",
"scope": "gte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.0"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.18.2"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.17.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "clamav",
"scope": "lte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "clamav",
"scope": "lte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.103.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "secure endpoint",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.18.0"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.16.3"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "cisco secure endpoint",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "clamav",
"scope": null,
"trust": 0.8,
"vendor": "clamav",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
}
],
"trust": 0.2
},
"cve": "CVE-2022-20770",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-20770",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-405323",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-20770",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-20770",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-20770",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-20770",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2022-20770",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-20770",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2065",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-405323",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-20770",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405323"
},
{
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2065"
},
{
"db": "NVD",
"id": "CVE-2022-20770"
},
{
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. ClamAV Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. There is a resource management error vulnerability in Clam AntiVirus, which can be used by attackers to implement denial of service attacks. ==========================================================================\nUbuntu Security Notice USN-5423-2\nMay 17, 2022\n\nclamav vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in ClamAV. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nUSN-5423-1 fixed several vulnerabilities in ClamAV. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. \n\n\nOriginal advisory details:\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing CHM files. \n A remote attacker could possibly use this issue to cause ClamAV to stop\n responding, resulting in a denial of service. (CVE-2022-20770)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing TIFF\n files. A remote attacker could possibly use this issue to cause ClamAV to\n stop responding, resulting in a denial of service. (CVE-2022-20771)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing HTML\n files. A remote attacker could possibly use this issue to cause ClamAV to\n consume resources, resulting in a denial of service. (CVE-2022-20785)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled loading the\n signature database. A remote attacker could possibly use this issue to\n cause ClamAV to crash, resulting in a denial of service, or possibly\n execute arbitrary code. (CVE-2022-20792)\n\n Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly\n handled the scan verdict cache check. A remote attacker could possibly use\n this issue to cause ClamAV to crash, resulting in a denial of service, or\n possibly execute arbitrary code.(CVE-2022-20796)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1\n\nUbuntu 14.04 ESM:\n clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. In general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5423-2\n https://ubuntu.com/security/notices/USN-5423-1\n CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792,\n CVE-2022-20796\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202310-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: ClamAV: Multiple Vulnerabilities\n Date: October 01, 2023\n Bugs: #831083, #842813, #894672\n ID: 202310-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in ClamAV, the worst of\nwhich could result in remote code execution. \n\nBackground\n==========\n\nClamAV is a GPL virus scanner. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n-------------------- ------------ ------------\napp-antivirus/clamav \u003c 0.103.7 \u003e= 0.103.7\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in ClamAV. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll ClamAV users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-antivirus/clamav-0.103.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-20698\n https://nvd.nist.gov/vuln/detail/CVE-2022-20698\n[ 2 ] CVE-2022-20770\n https://nvd.nist.gov/vuln/detail/CVE-2022-20770\n[ 3 ] CVE-2022-20771\n https://nvd.nist.gov/vuln/detail/CVE-2022-20771\n[ 4 ] CVE-2022-20785\n https://nvd.nist.gov/vuln/detail/CVE-2022-20785\n[ 5 ] CVE-2022-20792\n https://nvd.nist.gov/vuln/detail/CVE-2022-20792\n[ 6 ] CVE-2022-20796\n https://nvd.nist.gov/vuln/detail/CVE-2022-20796\n[ 7 ] CVE-2022-20803\n https://nvd.nist.gov/vuln/detail/CVE-2022-20803\n[ 8 ] CVE-2023-20032\n https://nvd.nist.gov/vuln/detail/CVE-2023-20032\n[ 9 ] CVE-2023-20052\n https://nvd.nist.gov/vuln/detail/CVE-2023-20052\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202310-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-20770"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "VULHUB",
"id": "VHN-405323"
},
{
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-20770",
"trust": 3.7
},
{
"db": "PACKETSTORM",
"id": "167199",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167211",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010587",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.2431",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2362",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2784",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051836",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051732",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050437",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2065",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-64261",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-405323",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-20770",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174873",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405323"
},
{
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2065"
},
{
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"id": "VAR-202205-0219",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-405323"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:58:17.387000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2022-0ac71a8f3a Cisco Systems Cisco\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.clamav.net/"
},
{
"title": "ClamAV Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=191379"
},
{
"title": "Cisco: ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-clamav-dos-prVGcHLd"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2022-20770"
},
{
"title": "Ubuntu Security Notice: USN-5423-1: ClamAV vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5423-1"
},
{
"title": "Ubuntu Security Notice: USN-5423-2: ClamAV vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5423-2"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1621",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1621"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-090",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-090"
},
{
"title": "Amazon Linux 2022: ALAS-2022-229",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS-2022-229"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2065"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-dos-prvgchld"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202310-01"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20770"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050437"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/clamav-multiple-vulnerabilities-38245"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051836"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-20770/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2362"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167199/ubuntu-security-notice-usn-5423-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2431"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167211/ubuntu-security-notice-usn-5423-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2784"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051732"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5423-1"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20771"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20796"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20792"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20785"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-dos-prvgchld"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5423-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.22.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.21.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20052"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20803"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20698"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405323"
},
{
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2065"
},
{
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-405323"
},
{
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2065"
},
{
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-405323"
},
{
"date": "2022-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"date": "2023-08-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"date": "2022-05-18T16:36:26",
"db": "PACKETSTORM",
"id": "167211"
},
{
"date": "2022-05-17T17:12:26",
"db": "PACKETSTORM",
"id": "167199"
},
{
"date": "2023-10-02T15:09:41",
"db": "PACKETSTORM",
"id": "174873"
},
{
"date": "2022-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2065"
},
{
"date": "2022-05-04T17:15:08.377000",
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-405323"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"date": "2023-08-16T04:43:00",
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"date": "2022-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2065"
},
{
"date": "2024-11-21T06:43:31.263000",
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2065"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ClamAV\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2065"
}
],
"trust": 0.6
}
}
var-202206-0761
Vulnerability from variot
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7
macOS Big Sur 11.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213443.
AppleMobileFileIntegrity Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. Entry added October 27, 2022
ATS Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t) Entry added October 27, 2022
ATS Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
Calendar Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher Entry added October 27, 2022
Contacts Available for: macOS Big Sur Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved checks. CVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security
GarageBand Available for: macOS Big Sur Impact: An app may be able to access user-sensitive data Description: A configuration issue was addressed with additional restrictions. CVE-2022-32877: Wojciech Reguła (@_r3ggi) of SecuRing Entry added October 27, 2022
ImageIO Available for: macOS Big Sur Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622 Entry added October 27, 2022
Image Processing Available for: macOS Big Sur Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added October 27, 2022
iMovie Available for: macOS Big Sur Impact: A user may be able to view sensitive user information Description: This issue was addressed by enabling hardened runtime. CVE-2022-32896: Wojciech Reguła (@_r3ggi)
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab Entry added October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero Entry updated October 27, 2022
Kernel Available for: macOS Big Sur Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32894: an anonymous researcher
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: The issue was addressed with improved bounds checks. CVE-2022-32917: an anonymous researcher
Maps Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com Entry updated October 27, 2022
MediaLibrary Available for: macOS Big Sur Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
ncurses Available for: macOS Big Sur Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537 Entry added October 27, 2022
PackageKit Available for: macOS Big Sur Impact: An app may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-32900: Mickey Jin (@patch1t)
Sandbox Available for: macOS Big Sur Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022
Security Available for: macOS Big Sur Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de) Entry added October 27, 2022
Sidecar Available for: macOS Big Sur Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital Entry added October 27, 2022
SMB Available for: macOS Big Sur Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger Entry added October 27, 2022
Vim Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 Entry added October 27, 2022
Weather Available for: macOS Big Sur Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher Entry added October 27, 2022
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer) Entry added October 27, 2022
Additional recognition
Identity Services We would like to acknowledge Joshua Jones for their assistance.
macOS Big Sur 11.7 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpYACgkQ4RjMIDke NxnDzw/7BbMWXxZ6uPMWb3LMFZlymEZMCtL5S27GA8HXiz7SU6c2wPrF1ofp8Bbz pYGy4OrK17rAb/qHIig03TVE6EJl4ScZHv7STn1gQ5ciKqud6jL16mm2BjRCm2T4 ZQtTzrQrSRHJbBSUSsnZxi5Wp9wjIA6w8JVvMqdBrnpu3yWt8Jo0tW0d/nO1EK3I QlfDgOaiZrdHN2m/Y+kjWOhRqDLe2QWObQh95Gyybi3++ctTr58PBLBYLhWgLMoV AMj69PLudFI8cEeqhDlfVK7ept2O+WLkYeI/Px5nG7YHhndr9fiR55Rz5m2Hl44k rnxDKs9hVQLwSHAo9uJ1DBUteEzgdUJWiwGxP4InnCmhlXpJl7AkVsr7bq5iaDcT o32wNfv1BEzBBvINNfw1PZ+JwNmEwugSj1UX54GFOj3B9WjGguIi0dMqOc0j6GKm xnIwzPIlHhHb/1D17kl/kTQH602w/Mf5OIlSfL/mk0CKjwR+0QvQF5HXhULJHbqJ Kpx8C1JfhnyWqBoCuh+URCKlZJ4T3P6IUgoRzuX4Jk3TDABCP5jgEZOzj76JPE1y IVt8ULLARjjUdEOzC8dZkaeGUOAerzfxIU8QJwmrnHQI3vQX7JR9MbK1S+PRJsGy 1h69HcdL2HGpjPyDf9uI2nMOntOUrTz/PqjQUzmfllq3B42RPZs= =euaC -----END PGP SIGNATURE-----
. ========================================================================== Ubuntu Security Notice USN-6557-1 December 14, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1725)
It was discovered that Vim could be made to recurse infinitely. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1771)
It was discovered that Vim could be made to write out of bounds with a put command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1886)
It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1897, CVE-2022-2000)
It was discovered that Vim did not properly manage memory in the spell command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2042)
It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-46246, CVE-2023-48231)
It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-48232)
It was discovered that Vim contained multiple arithmetic overflows. An attacker could possibly use these issues to cause a denial of service. (CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237)
It was discovered that Vim did not properly manage memory in the substitute command. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-48706)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.10: vim 2:9.0.1672-1ubuntu2.2 vim-athena 2:9.0.1672-1ubuntu2.2 vim-gtk3 2:9.0.1672-1ubuntu2.2 vim-nox 2:9.0.1672-1ubuntu2.2 vim-tiny 2:9.0.1672-1ubuntu2.2 xxd 2:9.0.1672-1ubuntu2.2
Ubuntu 23.04: vim 2:9.0.1000-4ubuntu3.3 vim-athena 2:9.0.1000-4ubuntu3.3 vim-gtk3 2:9.0.1000-4ubuntu3.3 vim-nox 2:9.0.1000-4ubuntu3.3 vim-tiny 2:9.0.1000-4ubuntu3.3 xxd 2:9.0.1000-4ubuntu3.3
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.15 vim-athena 2:8.2.3995-1ubuntu2.15 vim-gtk 2:8.2.3995-1ubuntu2.15 vim-gtk3 2:8.2.3995-1ubuntu2.15 vim-nox 2:8.2.3995-1ubuntu2.15 vim-tiny 2:8.2.3995-1ubuntu2.15 xxd 2:8.2.3995-1ubuntu2.15
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.21 vim-athena 2:8.1.2269-1ubuntu5.21 vim-gtk 2:8.1.2269-1ubuntu5.21 vim-gtk3 2:8.1.2269-1ubuntu5.21 vim-nox 2:8.1.2269-1ubuntu5.21 vim-tiny 2:8.1.2269-1ubuntu5.21 xxd 2:8.1.2269-1ubuntu5.21
Ubuntu 18.04 LTS (Available with Ubuntu Pro): vim 2:8.0.1453-1ubuntu1.13+esm7 vim-athena 2:8.0.1453-1ubuntu1.13+esm7 vim-gtk 2:8.0.1453-1ubuntu1.13+esm7 vim-gtk3 2:8.0.1453-1ubuntu1.13+esm7 vim-nox 2:8.0.1453-1ubuntu1.13+esm7 vim-tiny 2:8.0.1453-1ubuntu1.13+esm7 xxd 2:8.0.1453-1ubuntu1.13+esm7
Ubuntu 16.04 LTS (Available with Ubuntu Pro): vim 2:7.4.1689-3ubuntu1.5+esm22 vim-athena 2:7.4.1689-3ubuntu1.5+esm22 vim-gtk 2:7.4.1689-3ubuntu1.5+esm22 vim-gtk3 2:7.4.1689-3ubuntu1.5+esm22 vim-nox 2:7.4.1689-3ubuntu1.5+esm22 vim-tiny 2:7.4.1689-3ubuntu1.5+esm22
Ubuntu 14.04 LTS (Available with Ubuntu Pro): vim 2:7.4.052-1ubuntu3.1+esm15 vim-athena 2:7.4.052-1ubuntu3.1+esm15 vim-gtk 2:7.4.052-1ubuntu3.1+esm15 vim-nox 2:7.4.052-1ubuntu3.1+esm15 vim-tiny 2:7.4.052-1ubuntu3.1+esm15
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-0761",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.7"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.5063"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011269"
},
{
"db": "NVD",
"id": "CVE-2022-2000"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "167749"
},
{
"db": "PACKETSTORM",
"id": "176249"
}
],
"trust": 0.2
},
"cve": "CVE-2022-2000",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-2000",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-424304",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-2000",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-2000",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2000",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-2000",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2000",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-947",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-424304",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-2000",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424304"
},
{
"db": "VULMON",
"id": "CVE-2022-2000"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011269"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-947"
},
{
"db": "NVD",
"id": "CVE-2022-2000"
},
{
"db": "NVD",
"id": "CVE-2022-2000"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7\n\nmacOS Big Sur 11.7 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213443. \n\nAppleMobileFileIntegrity\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \nEntry added October 27, 2022\n\nATS\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\nEntry added October 27, 2022\n\nATS\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nCalendar\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\nEntry added October 27, 2022\n\nContacts\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved checks. \nCVE-2022-32854: Holger Fuhrmannek of Deutsche Telekom Security\n\nGarageBand\nAvailable for: macOS Big Sur\nImpact: An app may be able to access user-sensitive data\nDescription: A configuration issue was addressed with additional\nrestrictions. \nCVE-2022-32877: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nEntry added October 27, 2022\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\nEntry added October 27, 2022\n\nImage Processing\nAvailable for: macOS Big Sur\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\nEntry added October 27, 2022\n\niMovie\nAvailable for: macOS Big Sur\nImpact: A user may be able to view sensitive user information\nDescription: This issue was addressed by enabling hardened runtime. \nCVE-2022-32896: Wojciech Regu\u0142a (@_r3ggi)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\nEntry added October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\nEntry updated October 27, 2022\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32894: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32917: an anonymous researcher\n\nMaps\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\nEntry updated October 27, 2022\n\nMediaLibrary\nAvailable for: macOS Big Sur\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nncurses\nAvailable for: macOS Big Sur\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\nEntry added October 27, 2022\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: An app may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32900: Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 27, 2022\n\nSecurity\nAvailable for: macOS Big Sur\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\nEntry added October 27, 2022\n\nSidecar\nAvailable for: macOS Big Sur\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\nEntry added October 27, 2022\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\nEntry added October 27, 2022\n\nVim\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: This issue was addressed with improved checks. \nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\nEntry added October 27, 2022\n\nWeather\nAvailable for: macOS Big Sur\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\nEntry added October 27, 2022\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\nEntry added October 27, 2022\n\nAdditional recognition\n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nmacOS Big Sur 11.7 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpYACgkQ4RjMIDke\nNxnDzw/7BbMWXxZ6uPMWb3LMFZlymEZMCtL5S27GA8HXiz7SU6c2wPrF1ofp8Bbz\npYGy4OrK17rAb/qHIig03TVE6EJl4ScZHv7STn1gQ5ciKqud6jL16mm2BjRCm2T4\nZQtTzrQrSRHJbBSUSsnZxi5Wp9wjIA6w8JVvMqdBrnpu3yWt8Jo0tW0d/nO1EK3I\nQlfDgOaiZrdHN2m/Y+kjWOhRqDLe2QWObQh95Gyybi3++ctTr58PBLBYLhWgLMoV\nAMj69PLudFI8cEeqhDlfVK7ept2O+WLkYeI/Px5nG7YHhndr9fiR55Rz5m2Hl44k\nrnxDKs9hVQLwSHAo9uJ1DBUteEzgdUJWiwGxP4InnCmhlXpJl7AkVsr7bq5iaDcT\no32wNfv1BEzBBvINNfw1PZ+JwNmEwugSj1UX54GFOj3B9WjGguIi0dMqOc0j6GKm\nxnIwzPIlHhHb/1D17kl/kTQH602w/Mf5OIlSfL/mk0CKjwR+0QvQF5HXhULJHbqJ\nKpx8C1JfhnyWqBoCuh+URCKlZJ4T3P6IUgoRzuX4Jk3TDABCP5jgEZOzj76JPE1y\nIVt8ULLARjjUdEOzC8dZkaeGUOAerzfxIU8QJwmrnHQI3vQX7JR9MbK1S+PRJsGy\n1h69HcdL2HGpjPyDf9uI2nMOntOUrTz/PqjQUzmfllq3B42RPZs=\n=euaC\n-----END PGP SIGNATURE-----\n\n\n. ==========================================================================\nUbuntu Security Notice USN-6557-1\nDecember 14, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 23.10\n- Ubuntu 23.04\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 14.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim could be made to dereference invalid memory. An\nattacker could possibly use this issue to cause a denial of service. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04\nLTS. (CVE-2022-1725)\n\nIt was discovered that Vim could be made to recurse infinitely. An\nattacker could possibly use this issue to cause a denial of service. This\nissue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,\nUbuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1771)\n\nIt was discovered that Vim could be made to write out of bounds with a put\ncommand. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. This issue only affected Ubuntu 22.04\nLTS. (CVE-2022-1886)\n\nIt was discovered that Vim could be made to write out of bounds. An\nattacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu\n18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1897,\nCVE-2022-2000)\n\nIt was discovered that Vim did not properly manage memory in the spell\ncommand. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. This issue only affected Ubuntu 22.04\nLTS. (CVE-2022-2042)\n\nIt was discovered that Vim did not properly manage memory. An attacker\ncould possibly use this issue to cause a denial of service or execute\narbitrary code. (CVE-2023-46246, CVE-2023-48231)\n\nIt was discovered that Vim could be made to divide by zero. An attacker\ncould possibly use this issue to cause a denial of service. This issue\nonly affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-48232)\n\nIt was discovered that Vim contained multiple arithmetic overflows. An\nattacker could possibly use these issues to cause a denial of service. \n(CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236,\nCVE-2023-48237)\n\nIt was discovered that Vim did not properly manage memory in the\nsubstitute command. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. This issue only affected\nUbuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-48706)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 23.10:\n vim 2:9.0.1672-1ubuntu2.2\n vim-athena 2:9.0.1672-1ubuntu2.2\n vim-gtk3 2:9.0.1672-1ubuntu2.2\n vim-nox 2:9.0.1672-1ubuntu2.2\n vim-tiny 2:9.0.1672-1ubuntu2.2\n xxd 2:9.0.1672-1ubuntu2.2\n\nUbuntu 23.04:\n vim 2:9.0.1000-4ubuntu3.3\n vim-athena 2:9.0.1000-4ubuntu3.3\n vim-gtk3 2:9.0.1000-4ubuntu3.3\n vim-nox 2:9.0.1000-4ubuntu3.3\n vim-tiny 2:9.0.1000-4ubuntu3.3\n xxd 2:9.0.1000-4ubuntu3.3\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.15\n vim-athena 2:8.2.3995-1ubuntu2.15\n vim-gtk 2:8.2.3995-1ubuntu2.15\n vim-gtk3 2:8.2.3995-1ubuntu2.15\n vim-nox 2:8.2.3995-1ubuntu2.15\n vim-tiny 2:8.2.3995-1ubuntu2.15\n xxd 2:8.2.3995-1ubuntu2.15\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.21\n vim-athena 2:8.1.2269-1ubuntu5.21\n vim-gtk 2:8.1.2269-1ubuntu5.21\n vim-gtk3 2:8.1.2269-1ubuntu5.21\n vim-nox 2:8.1.2269-1ubuntu5.21\n vim-tiny 2:8.1.2269-1ubuntu5.21\n xxd 2:8.1.2269-1ubuntu5.21\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n vim 2:8.0.1453-1ubuntu1.13+esm7\n vim-athena 2:8.0.1453-1ubuntu1.13+esm7\n vim-gtk 2:8.0.1453-1ubuntu1.13+esm7\n vim-gtk3 2:8.0.1453-1ubuntu1.13+esm7\n vim-nox 2:8.0.1453-1ubuntu1.13+esm7\n vim-tiny 2:8.0.1453-1ubuntu1.13+esm7\n xxd 2:8.0.1453-1ubuntu1.13+esm7\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n vim 2:7.4.1689-3ubuntu1.5+esm22\n vim-athena 2:7.4.1689-3ubuntu1.5+esm22\n vim-gtk 2:7.4.1689-3ubuntu1.5+esm22\n vim-gtk3 2:7.4.1689-3ubuntu1.5+esm22\n vim-nox 2:7.4.1689-3ubuntu1.5+esm22\n vim-tiny 2:7.4.1689-3ubuntu1.5+esm22\n\nUbuntu 14.04 LTS (Available with Ubuntu Pro):\n vim 2:7.4.052-1ubuntu3.1+esm15\n vim-athena 2:7.4.052-1ubuntu3.1+esm15\n vim-gtk 2:7.4.052-1ubuntu3.1+esm15\n vim-nox 2:7.4.052-1ubuntu3.1+esm15\n vim-tiny 2:7.4.052-1ubuntu3.1+esm15\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2000"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011269"
},
{
"db": "VULHUB",
"id": "VHN-424304"
},
{
"db": "VULMON",
"id": "CVE-2022-2000"
},
{
"db": "PACKETSTORM",
"id": "167749"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "176249"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-424304",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424304"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2000",
"trust": 4.0
},
{
"db": "PACKETSTORM",
"id": "169585",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167749",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011269",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202206-947",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.3431",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6148",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071351",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169576",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-424304",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2000",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "176249",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424304"
},
{
"db": "VULMON",
"id": "CVE-2022-2000"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011269"
},
{
"db": "PACKETSTORM",
"id": "167749"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "176249"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-947"
},
{
"db": "NVD",
"id": "CVE-2022-2000"
}
]
},
"id": "VAR-202206-0761",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-424304"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:47:11.521000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213444 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=196479"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-2000"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11dbcf77118f7ec64d0ef6c1e3c087e3"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-116",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-116"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2000"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011269"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-947"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424304"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011269"
},
{
"db": "NVD",
"id": "CVE-2022-2000"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213443"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213444"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/43"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/45"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4jjnus4aevysejmck6jzb57qhd5v2g4o/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4jjnus4aevysejmck6jzb57qhd5v2g4o/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167749/ubuntu-security-notice-usn-5516-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169585/apple-security-advisory-2022-10-27-9.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-parse-cmd-address-38615"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071351"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2000/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6148"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3431"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1622"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015984"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1628.html"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5516-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32881"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213443."
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213444."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:9.0.1672-1ubuntu2.2"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6557-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-48237"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.21"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.15"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-48706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-48236"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-48232"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:9.0.1000-4ubuntu3.3"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424304"
},
{
"db": "VULMON",
"id": "CVE-2022-2000"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011269"
},
{
"db": "PACKETSTORM",
"id": "167749"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "176249"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-947"
},
{
"db": "NVD",
"id": "CVE-2022-2000"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-424304"
},
{
"db": "VULMON",
"id": "CVE-2022-2000"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011269"
},
{
"db": "PACKETSTORM",
"id": "167749"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169585"
},
{
"db": "PACKETSTORM",
"id": "169576"
},
{
"db": "PACKETSTORM",
"id": "176249"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-947"
},
{
"db": "NVD",
"id": "CVE-2022-2000"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-424304"
},
{
"date": "2022-06-09T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2000"
},
{
"date": "2023-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011269"
},
{
"date": "2022-07-14T14:34:34",
"db": "PACKETSTORM",
"id": "167749"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-10-31T14:50:18",
"db": "PACKETSTORM",
"id": "169585"
},
{
"date": "2022-10-31T14:42:57",
"db": "PACKETSTORM",
"id": "169576"
},
{
"date": "2023-12-15T15:15:14",
"db": "PACKETSTORM",
"id": "176249"
},
{
"date": "2022-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-947"
},
{
"date": "2022-06-09T16:15:08.513000",
"db": "NVD",
"id": "CVE-2022-2000"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-424304"
},
{
"date": "2022-08-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2000"
},
{
"date": "2023-08-21T07:52:00",
"db": "JVNDB",
"id": "JVNDB-2022-011269"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-947"
},
{
"date": "2024-11-21T07:00:08.973000",
"db": "NVD",
"id": "CVE-2022-2000"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-947"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011269"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-947"
}
],
"trust": 0.6
}
}
var-202205-1003
Vulnerability from variot
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. vim/vim for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5723-1 November 14, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim could be made to crash when searching specially crafted patterns. (CVE-2022-1725)
It was discovered that there existed a buffer over-read in Vim when searching specially crafted patterns. (CVE-2022-2124)
It was discovered that there existed a heap buffer overflow in Vim when auto-indenting lisp. (CVE-2022-2125)
It was discovered that there existed an out of bounds read in Vim when performing spelling suggestions. (CVE-2022-2126)
It was discovered that Vim accessed invalid memory when executing specially crafted command line expressions. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2175)
It was discovered that there existed an out-of-bounds read in Vim when auto-indenting lisp. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2183)
It was discovered that Vim accessed invalid memory when terminal size changed. An attacker could possibly use this to crash Vim, access or modify memory, or execute arbitrary commands. (CVE-2022-2206)
It was discovered that there existed a stack buffer overflow in Vim's spelldump. (CVE-2022-2304)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm13 vim-athena 2:7.4.1689-3ubuntu1.5+esm13 vim-athena-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gnome 2:7.4.1689-3ubuntu1.5+esm13 vim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk3 2:7.4.1689-3ubuntu1.5+esm13 vim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-nox 2:7.4.1689-3ubuntu1.5+esm13 vim-nox-py2 2:7.4.1689-3ubuntu1.5+esm13 vim-tiny 2:7.4.1689-3ubuntu1.5+esm13
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5723-1 CVE-2022-1674, CVE-2022-1725, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-1003",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4938"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010571"
},
{
"db": "NVD",
"id": "CVE-2022-1674"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-1674",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1674",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-419787",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1674",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1674",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-1674",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1674",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1674",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-1674",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-3071",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-419787",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1674",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419787"
},
{
"db": "VULMON",
"id": "CVE-2022-1674"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010571"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3071"
},
{
"db": "NVD",
"id": "CVE-2022-1674"
},
{
"db": "NVD",
"id": "CVE-2022-1674"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. vim/vim for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-5723-1\nNovember 14, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim could be made to crash when searching specially\ncrafted patterns. \n(CVE-2022-1725)\n\nIt was discovered that there existed a buffer over-read in Vim when\nsearching specially crafted patterns. (CVE-2022-2124)\n\nIt was discovered that there existed a heap buffer overflow in Vim when\nauto-indenting lisp. (CVE-2022-2125)\n\nIt was discovered that there existed an out of bounds read in Vim when\nperforming spelling suggestions. (CVE-2022-2126)\n\nIt was discovered that Vim accessed invalid memory when executing specially\ncrafted command line expressions. An attacker could possibly use this to\ncrash Vim, access or modify memory, or execute arbitrary commands. \n(CVE-2022-2175)\n\nIt was discovered that there existed an out-of-bounds read in Vim when\nauto-indenting lisp. An attacker could possibly use this to crash Vim,\naccess or modify memory, or execute arbitrary commands. (CVE-2022-2183)\n\n\nIt was discovered that Vim accessed invalid memory when terminal size\nchanged. An attacker could possibly use this to crash Vim, access or modify\nmemory, or execute arbitrary commands. (CVE-2022-2206)\n\nIt was discovered that there existed a stack buffer overflow in Vim\u0027s\nspelldump. (CVE-2022-2304)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\nvim 2:7.4.1689-3ubuntu1.5+esm13\nvim-athena 2:7.4.1689-3ubuntu1.5+esm13\nvim-athena-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gnome 2:7.4.1689-3ubuntu1.5+esm13\nvim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk3 2:7.4.1689-3ubuntu1.5+esm13\nvim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-nox 2:7.4.1689-3ubuntu1.5+esm13\nvim-nox-py2 2:7.4.1689-3ubuntu1.5+esm13\nvim-tiny 2:7.4.1689-3ubuntu1.5+esm13\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\nhttps://ubuntu.com/security/notices/USN-5723-1\nCVE-2022-1674, CVE-2022-1725, CVE-2022-2124, CVE-2022-2125,\nCVE-2022-2126, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\nCVE-2022-2304\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1674"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010571"
},
{
"db": "VULHUB",
"id": "VHN-419787"
},
{
"db": "VULMON",
"id": "CVE-2022-1674"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169832"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1674",
"trust": 3.7
},
{
"db": "PACKETSTORM",
"id": "169832",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010571",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.5872",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052017",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3071",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-419787",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1674",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419787"
},
{
"db": "VULMON",
"id": "CVE-2022-1674"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010571"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3071"
},
{
"db": "NVD",
"id": "CVE-2022-1674"
}
]
},
"id": "VAR-202205-1003",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-419787"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:21:59.529000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "crash\u00a0when\u00a0matching\u00a0buffer\u00a0with\u00a0invalid\u00a0pattern Apple Apple\u00a0Security\u00a0Updates",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFAZTAT5CZC2R6KYDYA2HBAVEDSIX6MW/"
},
{
"title": "Vim Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=193802"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1674"
},
{
"title": "Ubuntu Security Notice: USN-5723-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5723-1"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1674"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010571"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3071"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419787"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010571"
},
{
"db": "NVD",
"id": "CVE-2022-1674"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/odxvyzc5z4xrrzk7ck6b6iuryvyha25u/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfaztat5czc2r6kydya2hbavedsix6mw/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/iupolex5gxc733hl4efymhfu7nisjjzg/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/iupolex5gxc733hl4efymhfu7nisjjzg/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bfaztat5czc2r6kydya2hbavedsix6mw/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/odxvyzc5z4xrrzk7ck6b6iuryvyha25u/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-1674"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169832/ubuntu-security-notice-usn-5723-1.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1674/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-null-pointer-dereference-via-vim-regexec-string-38405"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5872"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052017"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5723-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419787"
},
{
"db": "VULMON",
"id": "CVE-2022-1674"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010571"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3071"
},
{
"db": "NVD",
"id": "CVE-2022-1674"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-419787"
},
{
"db": "VULMON",
"id": "CVE-2022-1674"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010571"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "PACKETSTORM",
"id": "169832"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3071"
},
{
"db": "NVD",
"id": "CVE-2022-1674"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-419787"
},
{
"date": "2022-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1674"
},
{
"date": "2023-08-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010571"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-11-15T16:38:43",
"db": "PACKETSTORM",
"id": "169832"
},
{
"date": "2022-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3071"
},
{
"date": "2022-05-12T11:15:07.363000",
"db": "NVD",
"id": "CVE-2022-1674"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-02T00:00:00",
"db": "VULHUB",
"id": "VHN-419787"
},
{
"date": "2022-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1674"
},
{
"date": "2023-08-16T01:11:00",
"db": "JVNDB",
"id": "JVNDB-2022-010571"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3071"
},
{
"date": "2024-11-21T06:41:13.813000",
"db": "NVD",
"id": "CVE-2022-1674"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3071"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010571"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3071"
}
],
"trust": 0.6
}
}
var-202109-1803
Vulnerability from variot
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. The server is fast, reliable and extensible through a simple API. An attacker could exploit this vulnerability to write malicious content and execute it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: httpd security update Advisory ID: RHSA-2022:0143-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0143 Issue date: 2022-01-17 CVE Names: CVE-2021-26691 CVE-2021-34798 CVE-2021-39275 CVE-2021-44790 ==================================================================== 1. Summary:
An update for httpd is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Security Fix(es):
-
httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)
-
httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)
-
httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)
-
httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests 2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content
- Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
ppc64: httpd-2.4.6-97.el7_9.4.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64.rpm mod_session-2.4.6-97.el7_9.4.ppc64.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64.rpm
ppc64le: httpd-2.4.6-97.el7_9.4.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm mod_session-2.4.6-97.el7_9.4.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm
s390x: httpd-2.4.6-97.el7_9.4.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm httpd-devel-2.4.6-97.el7_9.4.s390x.rpm httpd-tools-2.4.6-97.el7_9.4.s390x.rpm mod_session-2.4.6-97.el7_9.4.s390x.rpm mod_ssl-2.4.6-97.el7_9.4.s390x.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm
ppc64le: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm
s390x: httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm mod_ldap-2.4.6-97.el7_9.4.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm
x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-26691 https://access.redhat.com/security/cve/CVE-2021-34798 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-44790 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYeVdC9zjgjWX9erEAQgzNw/8CjsxUvDW64dwvpcYH/OWJhKqvD53sX+w ivf4+hhCsEVLvrjD0eTNkbeza+dcZqoR5swL0IjAGXKJ/0q/oh4/yxq2ydgvEYsY rAjts0tnynoswBaFo6eaBlcNxQroGID0uqgXkUFt37m4eetACuOSVRcZ7/sNsqBS iQF4l16vjNvKeOdKY8nSNe77Dt1/Lj41NoL6XbAZPuvaiLBqqGOY9xYfZSSmFHFq H4dB8cfMC4cWysFtnzffJ+dJdzcWNOxklwLlZe72JoAJYP59da2YuIoE2LsQRGPC Occ84zH/UZx4JWJhF7FEEALC/tizfFqu9qWr1OIDmSVTEAZ+6IZ/mDeF83+0Mrc4 AiV3oiJi7Fx4XTDUL8fim+FORaSI2IR7LK1Zjau1qCN04ayyFXwJdK/fwgIWJHon gYhyUsAj7F7At9m8cCVRP5K4jjmr0qrmsF1M1B6xqMLWlYNcWu3obJS/FbiSdwQJ 7jFdBagThGOzIle0eGk0iMZ+vRJSuaSMZ7GDA14o46KB+EkvYLe+wi6jBQXJeD6Q Oueenu2JiMvB8+dJNYrn9uQY+8WHyCVV1HMMmVo9LajA1FJRXgMIQN5ZmDMoDW73 qFV+VCOHtKPI2hC8ngZYy2RyEUhK4t3f7xmJgtoJ4/DuaGsRWL7xZPL7gLHxWnS4 5VjPyLrWg5U=TyMo -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64
- This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20
https://security.gentoo.org/
Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20
Synopsis
Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Apache HTTPD users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"
All Apache HTTPD tools users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"
References
[ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-20
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5090-3 September 28, 2021
apache2 regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
USN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.
Original advisory details:
James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798) Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: apache2 2.4.46-4ubuntu1.3 apache2-bin 2.4.46-4ubuntu1.3
Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.6 apache2-bin 2.4.41-4ubuntu3.6
Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.18 apache2-bin 2.4.29-1ubuntu4.18
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1803",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ucosminexus service platform",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus primary server base",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "sinec nms",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.48"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ucosminexus developer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi web server - custom edition",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "http server",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "ucosminexus application server-r",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "storagegrid",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "hitachi web server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "cosminexus http server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "clustered data ontap",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "http server",
"scope": "lte",
"trust": 0.6,
"vendor": "apache",
"version": "\u003c=2.4.48"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03225"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008414"
},
{
"db": "NVD",
"id": "CVE-2021-39275"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1098"
}
],
"trust": 0.6
},
"cve": "CVE-2021-39275",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-39275",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-03225",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-400791",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-39275",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-39275",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-39275",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-39275",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2022-03225",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-1098",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-400791",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-39275",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03225"
},
{
"db": "VULHUB",
"id": "VHN-400791"
},
{
"db": "VULMON",
"id": "CVE-2021-39275"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008414"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1098"
},
{
"db": "NVD",
"id": "CVE-2021-39275"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. The server is fast, reliable and extensible through a simple API. An attacker could exploit this vulnerability to write malicious content and execute it. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: httpd security update\nAdvisory ID: RHSA-2022:0143-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0143\nIssue date: 2022-01-17\nCVE Names: CVE-2021-26691 CVE-2021-34798 CVE-2021-39275\n CVE-2021-44790\n====================================================================\n1. Summary:\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. \n\nSecurity Fix(es):\n\n* httpd: mod_lua: Possible buffer overflow when parsing multipart content\n(CVE-2021-44790)\n\n* httpd: mod_session: Heap overflow via a crafted SessionHeader value\n(CVE-2021-26691)\n\n* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n(CVE-2021-39275)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value\n2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests\n2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nppc64:\nhttpd-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.ppc64.rpm\nmod_session-2.4.6-97.el7_9.4.ppc64.rpm\nmod_ssl-2.4.6-97.el7_9.4.ppc64.rpm\n\nppc64le:\nhttpd-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_session-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm\n\ns390x:\nhttpd-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-devel-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-tools-2.4.6-97.el7_9.4.s390x.rpm\nmod_session-2.4.6-97.el7_9.4.s390x.rpm\nmod_ssl-2.4.6-97.el7_9.4.s390x.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm\nmod_ldap-2.4.6-97.el7_9.4.ppc64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm\n\nppc64le:\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm\n\ns390x:\nhttpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm\nmod_ldap-2.4.6-97.el7_9.4.s390x.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-26691\nhttps://access.redhat.com/security/cve/CVE-2021-34798\nhttps://access.redhat.com/security/cve/CVE-2021-39275\nhttps://access.redhat.com/security/cve/CVE-2021-44790\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYeVdC9zjgjWX9erEAQgzNw/8CjsxUvDW64dwvpcYH/OWJhKqvD53sX+w\nivf4+hhCsEVLvrjD0eTNkbeza+dcZqoR5swL0IjAGXKJ/0q/oh4/yxq2ydgvEYsY\nrAjts0tnynoswBaFo6eaBlcNxQroGID0uqgXkUFt37m4eetACuOSVRcZ7/sNsqBS\niQF4l16vjNvKeOdKY8nSNe77Dt1/Lj41NoL6XbAZPuvaiLBqqGOY9xYfZSSmFHFq\nH4dB8cfMC4cWysFtnzffJ+dJdzcWNOxklwLlZe72JoAJYP59da2YuIoE2LsQRGPC\nOcc84zH/UZx4JWJhF7FEEALC/tizfFqu9qWr1OIDmSVTEAZ+6IZ/mDeF83+0Mrc4\nAiV3oiJi7Fx4XTDUL8fim+FORaSI2IR7LK1Zjau1qCN04ayyFXwJdK/fwgIWJHon\ngYhyUsAj7F7At9m8cCVRP5K4jjmr0qrmsF1M1B6xqMLWlYNcWu3obJS/FbiSdwQJ\n7jFdBagThGOzIle0eGk0iMZ+vRJSuaSMZ7GDA14o46KB+EkvYLe+wi6jBQXJeD6Q\nOueenu2JiMvB8+dJNYrn9uQY+8WHyCVV1HMMmVo9LajA1FJRXgMIQN5ZmDMoDW73\nqFV+VCOHtKPI2hC8ngZYy2RyEUhK4t3f7xmJgtoJ4/DuaGsRWL7xZPL7gLHxWnS4\n5VjPyLrWg5U=TyMo\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nserves as a replacement for Red Hat JBoss Core Services Apache HTTP Server\n2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are\ndocumented in the Release Notes document linked to in the References. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Apache HTTPD: Multiple Vulnerabilities\n Date: August 14, 2022\n Bugs: #813429, #816399, #816864, #829722, #835131, #850622\n ID: 202208-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Apache Webserver, the\nworst of which could result in remote code execution. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache HTTPD users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.54\"\n\nAll Apache HTTPD tools users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-admin/apache-tools-2.4.54\"\n\nReferences\n=========\n[ 1 ] CVE-2021-33193\n https://nvd.nist.gov/vuln/detail/CVE-2021-33193\n[ 2 ] CVE-2021-34798\n https://nvd.nist.gov/vuln/detail/CVE-2021-34798\n[ 3 ] CVE-2021-36160\n https://nvd.nist.gov/vuln/detail/CVE-2021-36160\n[ 4 ] CVE-2021-39275\n https://nvd.nist.gov/vuln/detail/CVE-2021-39275\n[ 5 ] CVE-2021-40438\n https://nvd.nist.gov/vuln/detail/CVE-2021-40438\n[ 6 ] CVE-2021-41524\n https://nvd.nist.gov/vuln/detail/CVE-2021-41524\n[ 7 ] CVE-2021-41773\n https://nvd.nist.gov/vuln/detail/CVE-2021-41773\n[ 8 ] CVE-2021-42013\n https://nvd.nist.gov/vuln/detail/CVE-2021-42013\n[ 9 ] CVE-2021-44224\n https://nvd.nist.gov/vuln/detail/CVE-2021-44224\n[ 10 ] CVE-2021-44790\n https://nvd.nist.gov/vuln/detail/CVE-2021-44790\n[ 11 ] CVE-2022-22719\n https://nvd.nist.gov/vuln/detail/CVE-2022-22719\n[ 12 ] CVE-2022-22720\n https://nvd.nist.gov/vuln/detail/CVE-2022-22720\n[ 13 ] CVE-2022-22721\n https://nvd.nist.gov/vuln/detail/CVE-2022-22721\n[ 14 ] CVE-2022-23943\n https://nvd.nist.gov/vuln/detail/CVE-2022-23943\n[ 15 ] CVE-2022-26377\n https://nvd.nist.gov/vuln/detail/CVE-2022-26377\n[ 16 ] CVE-2022-28614\n https://nvd.nist.gov/vuln/detail/CVE-2022-28614\n[ 17 ] CVE-2022-28615\n https://nvd.nist.gov/vuln/detail/CVE-2022-28615\n[ 18 ] CVE-2022-29404\n https://nvd.nist.gov/vuln/detail/CVE-2022-29404\n[ 19 ] CVE-2022-30522\n https://nvd.nist.gov/vuln/detail/CVE-2022-30522\n[ 20 ] CVE-2022-30556\n https://nvd.nist.gov/vuln/detail/CVE-2022-30556\n[ 21 ] CVE-2022-31813\n https://nvd.nist.gov/vuln/detail/CVE-2022-31813\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-20\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-5090-3\nSeptember 28, 2021\n\napache2 regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nUSN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream\nfixes introduced a regression in UDS URIs. This update fixes the problem. \n\nOriginal advisory details:\n\n James Kettle discovered that the Apache HTTP Server HTTP/2 module\n incorrectly handled certain crafted methods. A remote attacker could\n possibly use this issue to perform request splitting or cache poisoning\n attacks. A remote attacker could possibly use this issue to\n cause the server to crash, resulting in a denial of service. \n (CVE-2021-34798)\n Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly\n handled certain request uri-paths. A remote attacker could possibly use\n this issue to cause the server to crash, resulting in a denial of service. \n This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote\n attacker could use this issue to cause the server to crash, resulting in a\n denial of service, or possibly execute arbitrary code. (CVE-2021-39275)\n It was discovered that the Apache mod_proxy module incorrectly handled\n certain request uri-paths. A remote attacker could possibly use this issue\n to cause the server to forward requests to arbitrary origin servers. \n (CVE-2021-40438)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n apache2 2.4.46-4ubuntu1.3\n apache2-bin 2.4.46-4ubuntu1.3\n\nUbuntu 20.04 LTS:\n apache2 2.4.41-4ubuntu3.6\n apache2-bin 2.4.41-4ubuntu3.6\n\nUbuntu 18.04 LTS:\n apache2 2.4.29-1ubuntu4.18\n apache2-bin 2.4.29-1ubuntu4.18\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-39275"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008414"
},
{
"db": "CNVD",
"id": "CNVD-2022-03225"
},
{
"db": "VULHUB",
"id": "VHN-400791"
},
{
"db": "VULMON",
"id": "CVE-2021-39275"
},
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "166321"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "PACKETSTORM",
"id": "164318"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-39275",
"trust": 4.7
},
{
"db": "SIEMENS",
"id": "SSA-685781",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "166321",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165587",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168072",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169541",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008414",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-03225",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168565",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-167-06",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164329",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164318",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.3341",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3357",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3234",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3387",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0850",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3250",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3544",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.5",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3148",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.7",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3591",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0217",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2978",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042117",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092301",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011749",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101101",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060624",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031528",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032013",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022030119",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012038",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042295",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021091707",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010632",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101513",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021102602",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101005",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042538",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1098",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169540",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-400791",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-39275",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164307",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03225"
},
{
"db": "VULHUB",
"id": "VHN-400791"
},
{
"db": "VULMON",
"id": "CVE-2021-39275"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008414"
},
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "166321"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1098"
},
{
"db": "NVD",
"id": "CVE-2021-39275"
}
]
},
"id": "VAR-202109-1803",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03225"
},
{
"db": "VULHUB",
"id": "VHN-400791"
}
],
"trust": 1.2207219
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03225"
}
]
},
"last_update_date": "2024-11-29T21:59:29.877000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2022-111",
"trust": 0.8,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"title": "Patch for Apache HTTP Server ap_escape_quotes Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/313446"
},
{
"title": "Apache HTTP Server Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=164677"
},
{
"title": "Red Hat: Moderate: httpd:2.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220891 - Security Advisory"
},
{
"title": "Red Hat: CVE-2021-39275",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-39275"
},
{
"title": "Debian Security Advisories: DSA-4982-1 apache2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=93a29f7ecf9a6aaba79d3b3320aa4b85"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-39275 log"
},
{
"title": "Hitachi Security Advisories: Vulnerability in Cosminexus HTTP Server and Hitachi Web Server",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2022-111"
},
{
"title": "Red Hat: Moderate: httpd24-httpd security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226753 - Security Advisory"
},
{
"title": "Brocade Security Advisories: CVE-2021-39275. ap_escape_quotes buffer overflow",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=8a2abdf2d185adc365552c461d65931f"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1543",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1543"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227143 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227144 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1716",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1716"
},
{
"title": "Cisco: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
},
{
"title": "PROJET TUTEURE",
"trust": 0.1,
"url": "https://github.com/PierreChrd/py-projet-tut "
},
{
"title": "Tier 0\nTier 1\nTier 2",
"trust": 0.1,
"url": "https://github.com/Totes5706/TotesHTB "
},
{
"title": "Requirements\nvulnsearch-cve\nUsage\nvulnsearch\nUsage\nTest Sample",
"trust": 0.1,
"url": "https://github.com/kasem545/vulnsearch "
},
{
"title": "Skynet",
"trust": 0.1,
"url": "https://github.com/bioly230/THM_Skynet "
},
{
"title": "Shodan Search Script",
"trust": 0.1,
"url": "https://github.com/firatesatoglu/shodanSearch "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03225"
},
{
"db": "VULMON",
"id": "CVE-2021-39275"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008414"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1098"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-120",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-400791"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008414"
},
{
"db": "NVD",
"id": "CVE-2021-39275"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2021/dsa-4982"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
},
{
"trust": 1.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-2.4.49-vwl69swq"
},
{
"trust": 1.2,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2021-39275"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers."
},
{
"trust": 0.6,
"url": "httpd-2.4.49-vwl69swq"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers."
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers."
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022030119"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031528"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165587/red-hat-security-advisory-2022-0143-03.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166321/red-hat-security-advisory-2022-0891-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060624"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101513"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012038"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021102602"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042538"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169541/red-hat-security-advisory-2022-7143-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3357"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3234"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0217"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3250"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3591"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010632"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.7"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164318/ubuntu-security-notice-usn-5090-3.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0850"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520016"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-06"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168565/red-hat-security-advisory-2022-6753-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2978"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.3"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.2"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.5"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042295"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011749"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6493845"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092301"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042117"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3387"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3341"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164329/ubuntu-security-notice-usn-5090-4.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032013"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3148"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3544"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021091707"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101101"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-http-server-four-vulnerabilities-36444"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101005"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40438"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5090-1"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2022:0891"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-34798"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-06"
},
{
"trust": 0.1,
"url": "https://github.com/totes5706/toteshtb"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33193"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22822"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36160"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22826"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45960"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23990"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25315"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22825"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-46143"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29404"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41773"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30556"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5090-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/xxxxxx"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5090-4"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5090-3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1945311"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.18"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03225"
},
{
"db": "VULHUB",
"id": "VHN-400791"
},
{
"db": "VULMON",
"id": "CVE-2021-39275"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008414"
},
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "166321"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1098"
},
{
"db": "NVD",
"id": "CVE-2021-39275"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-03225"
},
{
"db": "VULHUB",
"id": "VHN-400791"
},
{
"db": "VULMON",
"id": "CVE-2021-39275"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008414"
},
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "166321"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1098"
},
{
"db": "NVD",
"id": "CVE-2021-39275"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-03225"
},
{
"date": "2021-09-16T00:00:00",
"db": "VULHUB",
"id": "VHN-400791"
},
{
"date": "2021-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2021-39275"
},
{
"date": "2022-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-008414"
},
{
"date": "2022-01-17T16:53:40",
"db": "PACKETSTORM",
"id": "165587"
},
{
"date": "2022-03-15T15:50:26",
"db": "PACKETSTORM",
"id": "166321"
},
{
"date": "2022-10-27T13:05:26",
"db": "PACKETSTORM",
"id": "169541"
},
{
"date": "2022-08-15T16:02:48",
"db": "PACKETSTORM",
"id": "168072"
},
{
"date": "2021-09-28T15:13:59",
"db": "PACKETSTORM",
"id": "164307"
},
{
"date": "2021-09-29T14:50:01",
"db": "PACKETSTORM",
"id": "164329"
},
{
"date": "2021-09-28T15:23:06",
"db": "PACKETSTORM",
"id": "164318"
},
{
"date": "2021-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1098"
},
{
"date": "2021-09-16T15:15:07.580000",
"db": "NVD",
"id": "CVE-2021-39275"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-03225"
},
{
"date": "2022-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-400791"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-39275"
},
{
"date": "2022-03-15T02:59:00",
"db": "JVNDB",
"id": "JVNDB-2021-008414"
},
{
"date": "2022-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1098"
},
{
"date": "2023-11-07T03:37:38.873000",
"db": "NVD",
"id": "CVE-2021-39275"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1098"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache\u00a0HTTP\u00a0Server\u00a0 of \u00a0ap_escape_quotes()\u00a0 Vulnerability written beyond the end of the buffer in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008414"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1098"
}
],
"trust": 0.6
}
}
var-202206-1962
Vulnerability from variot
A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on foo.example.com can set cookies that also would match for bar.example.com, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method. curl Exists in a vulnerability in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. ==========================================================================
Ubuntu Security Notice USN-5495-1
June 27, 2022
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Harry Sintonen discovered that curl incorrectly handled certain cookies. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)
Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-32206)
Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-diddle attack. (CVE-2022-32208)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.3 libcurl3-gnutls 7.81.0-1ubuntu1.3 libcurl3-nss 7.81.0-1ubuntu1.3 libcurl4 7.81.0-1ubuntu1.3
Ubuntu 21.10: curl 7.74.0-1.3ubuntu2.3 libcurl3-gnutls 7.74.0-1.3ubuntu2.3 libcurl3-nss 7.74.0-1.3ubuntu2.3 libcurl4 7.74.0-1.3ubuntu2.3
Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.12 libcurl3-gnutls 7.68.0-1ubuntu2.12 libcurl3-nss 7.68.0-1ubuntu2.12 libcurl4 7.68.0-1ubuntu2.12
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.19 libcurl3-gnutls 7.58.0-2ubuntu3.19 libcurl3-nss 7.58.0-2ubuntu3.19 libcurl4 7.58.0-2ubuntu3.19
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5495-1 CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208
Package Information: https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3 https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3 https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12 https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19 . These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack.
For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u2.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K i8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD waofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp rXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz Uao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE yIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab SPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF REStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R 1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt TV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38 EPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA= =3E71 -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202212-01
https://security.gentoo.org/
Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01
Synopsis
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.
Background
A command line tool and library for transferring data with URLs.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.86.0 >= 7.86.0
Description
Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All curl users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"
References
[ 1 ] CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922 [ 2 ] CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 [ 3 ] CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925 [ 4 ] CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926 [ 5 ] CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945 [ 6 ] CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946 [ 7 ] CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947 [ 8 ] CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 [ 9 ] CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 [ 10 ] CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775 [ 11 ] CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776 [ 12 ] CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779 [ 13 ] CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780 [ 14 ] CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781 [ 15 ] CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 [ 16 ] CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115 [ 17 ] CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205 [ 18 ] CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206 [ 19 ] CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207 [ 20 ] CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208 [ 21 ] CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 [ 22 ] CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 [ 23 ] CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260 [ 24 ] CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915 [ 25 ] CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202212-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1962",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scalance sc646-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "scalance sc636-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "element software",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "scalance sc642-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "curl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.71.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "curl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.84.0"
},
{
"model": "scalance sc622-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "scalance sc632-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "scalance sc626-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "hci management node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "scalance sc-622-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "element software",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "h300s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "curl",
"scope": null,
"trust": 0.8,
"vendor": "haxx",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015270"
},
{
"db": "NVD",
"id": "CVE-2022-32205"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "167607"
}
],
"trust": 0.1
},
"cve": "CVE-2022-32205",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-32205",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-424132",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2022-32205",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-32205",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-32205",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-32205",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2562",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-424132",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-32205",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424132"
},
{
"db": "VULMON",
"id": "CVE-2022-32205"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015270"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2562"
},
{
"db": "NVD",
"id": "CVE-2022-32205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl \u003c 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven\u0027t expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method. curl Exists in a vulnerability in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. ==========================================================================\nUbuntu Security Notice USN-5495-1\nJune 27, 2022\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nHarry Sintonen discovered that curl incorrectly handled certain cookies. \nAn attacker could possibly use this issue to cause a denial of service. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)\n\nHarry Sintonen discovered that curl incorrectly handled certain HTTP compressions. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-32206)\n\nHarry Sintonen incorrectly handled certain file permissions. \nAn attacker could possibly use this issue to expose sensitive information. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)\n\nHarry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. \nAn attacker could possibly use this to perform a machine-in-the-diddle attack. \n(CVE-2022-32208)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n curl 7.81.0-1ubuntu1.3\n libcurl3-gnutls 7.81.0-1ubuntu1.3\n libcurl3-nss 7.81.0-1ubuntu1.3\n libcurl4 7.81.0-1ubuntu1.3\n\nUbuntu 21.10:\n curl 7.74.0-1.3ubuntu2.3\n libcurl3-gnutls 7.74.0-1.3ubuntu2.3\n libcurl3-nss 7.74.0-1.3ubuntu2.3\n libcurl4 7.74.0-1.3ubuntu2.3\n\nUbuntu 20.04 LTS:\n curl 7.68.0-1ubuntu2.12\n libcurl3-gnutls 7.68.0-1ubuntu2.12\n libcurl3-nss 7.68.0-1ubuntu2.12\n libcurl4 7.68.0-1ubuntu2.12\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.19\n libcurl3-gnutls 7.58.0-2ubuntu3.19\n libcurl3-nss 7.58.0-2ubuntu3.19\n libcurl4 7.58.0-2ubuntu3.19\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5495-1\n CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3\n https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3\n https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12\n https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19\n. These flaws may allow remote attackers to obtain sensitive\ninformation, leak authentication or cookie header data or facilitate a\ndenial of service attack. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 7.74.0-1.3+deb11u2. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K\ni8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD\nwaofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp\nrXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz\nUao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE\nyIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab\nSPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF\nREStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R\n1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt\nTV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38\nEPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA=\n=3E71\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202212-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: curl: Multiple Vulnerabilities\n Date: December 19, 2022\n Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365\n ID: 202212-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in curl, the worst of which\ncould result in arbitrary code execution. \n\nBackground\n=========\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl \u003c 7.86.0 \u003e= 7.86.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in curl. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll curl users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.86.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-22922\n https://nvd.nist.gov/vuln/detail/CVE-2021-22922\n[ 2 ] CVE-2021-22923\n https://nvd.nist.gov/vuln/detail/CVE-2021-22923\n[ 3 ] CVE-2021-22925\n https://nvd.nist.gov/vuln/detail/CVE-2021-22925\n[ 4 ] CVE-2021-22926\n https://nvd.nist.gov/vuln/detail/CVE-2021-22926\n[ 5 ] CVE-2021-22945\n https://nvd.nist.gov/vuln/detail/CVE-2021-22945\n[ 6 ] CVE-2021-22946\n https://nvd.nist.gov/vuln/detail/CVE-2021-22946\n[ 7 ] CVE-2021-22947\n https://nvd.nist.gov/vuln/detail/CVE-2021-22947\n[ 8 ] CVE-2022-22576\n https://nvd.nist.gov/vuln/detail/CVE-2022-22576\n[ 9 ] CVE-2022-27774\n https://nvd.nist.gov/vuln/detail/CVE-2022-27774\n[ 10 ] CVE-2022-27775\n https://nvd.nist.gov/vuln/detail/CVE-2022-27775\n[ 11 ] CVE-2022-27776\n https://nvd.nist.gov/vuln/detail/CVE-2022-27776\n[ 12 ] CVE-2022-27779\n https://nvd.nist.gov/vuln/detail/CVE-2022-27779\n[ 13 ] CVE-2022-27780\n https://nvd.nist.gov/vuln/detail/CVE-2022-27780\n[ 14 ] CVE-2022-27781\n https://nvd.nist.gov/vuln/detail/CVE-2022-27781\n[ 15 ] CVE-2022-27782\n https://nvd.nist.gov/vuln/detail/CVE-2022-27782\n[ 16 ] CVE-2022-30115\n https://nvd.nist.gov/vuln/detail/CVE-2022-30115\n[ 17 ] CVE-2022-32205\n https://nvd.nist.gov/vuln/detail/CVE-2022-32205\n[ 18 ] CVE-2022-32206\n https://nvd.nist.gov/vuln/detail/CVE-2022-32206\n[ 19 ] CVE-2022-32207\n https://nvd.nist.gov/vuln/detail/CVE-2022-32207\n[ 20 ] CVE-2022-32208\n https://nvd.nist.gov/vuln/detail/CVE-2022-32208\n[ 21 ] CVE-2022-32221\n https://nvd.nist.gov/vuln/detail/CVE-2022-32221\n[ 22 ] CVE-2022-35252\n https://nvd.nist.gov/vuln/detail/CVE-2022-35252\n[ 23 ] CVE-2022-35260\n https://nvd.nist.gov/vuln/detail/CVE-2022-35260\n[ 24 ] CVE-2022-42915\n https://nvd.nist.gov/vuln/detail/CVE-2022-42915\n[ 25 ] CVE-2022-42916\n https://nvd.nist.gov/vuln/detail/CVE-2022-42916\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202212-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32205"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015270"
},
{
"db": "VULHUB",
"id": "VHN-424132"
},
{
"db": "VULMON",
"id": "CVE-2022-32205"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170303"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-32205",
"trust": 3.7
},
{
"db": "HACKERONE",
"id": "1569946",
"trust": 2.6
},
{
"db": "SIEMENS",
"id": "SSA-333517",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-22-349-18",
"trust": 0.9
},
{
"db": "PACKETSTORM",
"id": "167607",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91561630",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99464755",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99752892",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94715153",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-166-12",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-075-01",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-103-09",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015270",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169318",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.6333",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3732",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3117",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2163",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3143",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062927",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071142",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2562",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-424132",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-32205",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170303",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424132"
},
{
"db": "VULMON",
"id": "CVE-2022-32205"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015270"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170303"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2562"
},
{
"db": "NVD",
"id": "CVE-2022-32205"
}
]
},
"id": "VAR-202206-1962",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-424132"
}
],
"trust": 0.6566514
},
"last_update_date": "2024-08-14T12:33:12.095000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-333517",
"trust": 0.8,
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"title": "curl Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=198519"
},
{
"title": "Ubuntu Security Notice: USN-5495-1: curl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5495-1"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-32205"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2022-32205"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1875",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1875"
},
{
"title": "Debian Security Advisories: DSA-5197-1 curl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d9b734e3e9b6712333c95a6263dead82"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-206",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-206"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-145",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-145"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-32205 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/holmes-py/reports-summary "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32205"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015270"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2562"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.1
},
{
"problemtype": "Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424132"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015270"
},
{
"db": "NVD",
"id": "CVE-2022-32205"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://hackerone.com/reports/1569946"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91561630"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99752892"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94715153"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99464755"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-18"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-01"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-09"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-12"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167607/ubuntu-security-notice-usn-5495-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2163"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071142"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062927"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169318/debian-security-advisory-5197-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-32205/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6333"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/curl-denial-of-service-via-set-cookie-38670"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3117"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5495-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/770.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-32205"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-18"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30115"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35260"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22926"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27780"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35252"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42915"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424132"
},
{
"db": "VULMON",
"id": "CVE-2022-32205"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015270"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170303"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2562"
},
{
"db": "NVD",
"id": "CVE-2022-32205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-424132"
},
{
"db": "VULMON",
"id": "CVE-2022-32205"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015270"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170303"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2562"
},
{
"db": "NVD",
"id": "CVE-2022-32205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-424132"
},
{
"date": "2022-07-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-32205"
},
{
"date": "2023-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-015270"
},
{
"date": "2022-06-28T15:26:16",
"db": "PACKETSTORM",
"id": "167607"
},
{
"date": "2022-08-28T19:12:00",
"db": "PACKETSTORM",
"id": "169318"
},
{
"date": "2022-12-19T13:48:31",
"db": "PACKETSTORM",
"id": "170303"
},
{
"date": "2022-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2562"
},
{
"date": "2022-07-07T13:15:08.277000",
"db": "NVD",
"id": "CVE-2022-32205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-424132"
},
{
"date": "2023-01-05T00:00:00",
"db": "VULMON",
"id": "CVE-2022-32205"
},
{
"date": "2023-09-26T06:29:00",
"db": "JVNDB",
"id": "JVNDB-2022-015270"
},
{
"date": "2023-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2562"
},
{
"date": "2024-03-27T15:01:05.383000",
"db": "NVD",
"id": "CVE-2022-32205"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2562"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl\u00a0 Vulnerability in resource allocation without restrictions or throttling in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015270"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2562"
}
],
"trust": 0.6
}
}
var-202207-0588
Vulnerability from variot
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). llhttp of llhttp For products from other vendors, HTTP There is a vulnerability related to request smuggling.Information may be obtained and information may be tampered with. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security and bug fix update Advisory ID: RHSA-2022:6389-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2022:6389 Issue date: 2022-09-08 CVE Names: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-33987 ==================================================================== 1. Summary:
An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
- Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs14-nodejs (14.20.0).
Security Fix(es):
-
nodejs: DNS rebinding in --inspect via invalid IP addresses (CVE-2022-32212)
-
nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding (CVE-2022-32213)
-
nodejs: HTTP request smuggling due to improper delimiting of header fields (CVE-2022-32214)
-
nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (CVE-2022-32215)
-
got: missing verification of requested URLs allows redirects to UNIX sockets (CVE-2022-33987)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
rh-nodejs14-nodejs: rebase to latest upstream release (BZ#2106673)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2102001 - CVE-2022-33987 got: missing verification of requested URLs allows redirects to UNIX sockets 2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses 2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding 2105428 - CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields 2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding 2106673 - rh-nodejs14-nodejs: rebase to latest upstream release [rhscl-3.8.z]
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nodejs14-nodejs-14.20.0-2.el7.src.rpm rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm
noarch: rh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm
ppc64le: rh-nodejs14-nodejs-14.20.0-2.el7.ppc64le.rpm rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.ppc64le.rpm rh-nodejs14-nodejs-devel-14.20.0-2.el7.ppc64le.rpm rh-nodejs14-npm-6.14.17-14.20.0.2.el7.ppc64le.rpm
s390x: rh-nodejs14-nodejs-14.20.0-2.el7.s390x.rpm rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.s390x.rpm rh-nodejs14-nodejs-devel-14.20.0-2.el7.s390x.rpm rh-nodejs14-npm-6.14.17-14.20.0.2.el7.s390x.rpm
x86_64: rh-nodejs14-nodejs-14.20.0-2.el7.x86_64.rpm rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.x86_64.rpm rh-nodejs14-nodejs-devel-14.20.0-2.el7.x86_64.rpm rh-nodejs14-npm-6.14.17-14.20.0.2.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nodejs14-nodejs-14.20.0-2.el7.src.rpm rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm
noarch: rh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm
x86_64: rh-nodejs14-nodejs-14.20.0-2.el7.x86_64.rpm rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.x86_64.rpm rh-nodejs14-nodejs-devel-14.20.0-2.el7.x86_64.rpm rh-nodejs14-npm-6.14.17-14.20.0.2.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-32212 https://access.redhat.com/security/cve/CVE-2022-32213 https://access.redhat.com/security/cve/CVE-2022-32214 https://access.redhat.com/security/cve/CVE-2022-32215 https://access.redhat.com/security/cve/CVE-2022-33987 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYxnqU9zjgjWX9erEAQipBg/+NJmkBsKEPkFHZAiZhGKiwIkwaFcHK+e/ ODClFTTT9SkkMBheuc9HQDmwukaVlLMvbOJSVL/6NvuLQvOcQHtprOAJXr3I6KQm VScJRQny4et+D/N3bJJiuhqe9YY9Bh+EP7omS4aq2UuphEhkuTSQ0V2+Fa4O8wdZ bAhUhU660Q6aGzNGvcyz8vi7ohmOFZS94/x2Lr6cBG8LF0dmr/pIw+uPlO36ghXF IPEM3VcGisTGQRg2Xy5yqeouK1S+YAcZ1f0QUOePP+WRhIecfmG3cj6oYTRnrOyq +62525BHDNjIz55z6H32dKBIy+r+HT7WaOGgPwvH+ugmlH6NyKHjSyy+IJoglkfM 4+QA0zun7WhLet5y4jmsWCpT3mOCWj7h+iW6IqTlfcad3wCQ6OnySRq67W3GDq+M 3kdUdBoyfLm1vzLceEF4AK8qChj7rVl8x0b4v8OfRGv6ZEIe+BfJYNzI9HeuIE91 BYtLGe18vMs5mcWxcYMWlfAgzVSGTaqaaBie9qPtAThs00lJd9oRf/Mfga42/6vI nBLHwE3NyPyKfaLvcyLa/oPwGnOhKyPtD8HeN2MORm6RUeUClaq9s+ihDIPvbyLX bcKKdjGoJDWyJy2yU2GkVwrbF6gcKgdvo2uFckOpouKQ4P9KEooI/15fLy8NPIZz hGdWoRKL34w\xcePC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 9) - aarch64, noarch, ppc64le, s390x, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5326-1 security@debian.org https://www.debian.org/security/ Aron Xu January 24, 2023 https://www.debian.org/security/faq
Package : nodejs CVE ID : CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 CVE-2022-43548
Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup.
For the stable distribution (bullseye), these problems have been fixed in version 12.22.12~dfsg-1~deb11u3.
We recommend that you upgrade your nodejs packages.
For the detailed security status of nodejs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nodejs
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPQNhIACgkQEMKTtsN8 TjaRmA/+KDFkQcd2sE/eAAx9cVikICNkfu7uIVKHpeDH9o5oq5M2nj4zHJCeAArp WblguyZwEtqzAOO2WesbrmwfXLmglhrNZwRMOrsbu63JxSnecp7qcMwR8A4JWdmd Txb4aZr6Prmwq6fT0G3K6oV8Hw+OeqYA/RZKenxtkBf/jdzVahGJHJ/NrFKKWVQW xbqHwCkP7uUlm+5UR5XzNrodTRCQYHJvUmDUrjEOjM6x+sqYirKWiERN0A14kVn9 0Ufrw6+Z2tKhdKFZfU1BtDthhlH/nybz0h3aHsk+E5/vx20WAURiCEDVi7nf8+Rf EtbCxaqV+/xVoPmXStHY/ogCo8CgRVsyYUIemgi4q5LwVx/Oqjm2CJ/xCwOKh0E2 idXLJfLSpxxBe598MUn9iKbnFFCN9DQZXf7BYs3djtn8ALFVBSHZSF1QXFoFQ86w Y9xGhBQzfEgCoEW7H4S30ZQ+Gz+ZnOMCSH+MKIMtSpqbc7wLtrKf839DO6Uux7B7 u0WR3lZlsihi92QKq9X/VRkyy8ZiA2TYy3IE+KDKlXDHKls9FR9BUClYe9L8RiRu boP8KPFUHUsSVaTzkufMStdKkcXCqgj/6KhJL6E9ZunTBpTmqx1Ty7/N2qktLFnH ujrffzV3rCE6eIg7ps8OdZbjCfqUqmQk9/pV6ZDjymqjZ1LKZDs\xfeRn -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-6491-1 November 21, 2023
nodejs vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in Node.js.
Software Description: - nodejs: An open-source, cross-platform JavaScript runtime environment.
Details:
Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2022-32212)
Zeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-32213, CVE-2022-32214, CVE-2022-32215)
It was discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-35256)
It was discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-43548)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: libnode-dev 12.22.9~dfsg-1ubuntu3.2 libnode72 12.22.9~dfsg-1ubuntu3.2 nodejs 12.22.9~dfsg-1ubuntu3.2 nodejs-doc 12.22.9~dfsg-1ubuntu3.2
Ubuntu 20.04 LTS: libnode-dev 10.19.0~dfsg-3ubuntu1.3 libnode64 10.19.0~dfsg-3ubuntu1.3 nodejs 10.19.0~dfsg-3ubuntu1.3 nodejs-doc 10.19.0~dfsg-3ubuntu1.3
Ubuntu 18.04 LTS (Available with Ubuntu Pro): nodejs 8.10.0~dfsg-2ubuntu0.4+esm4 nodejs-dev 8.10.0~dfsg-2ubuntu0.4+esm4 nodejs-doc 8.10.0~dfsg-2ubuntu0.4+esm4
In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202405-29
https://security.gentoo.org/
Severity: Low Title: Node.js: Multiple Vulnerabilities Date: May 08, 2024 Bugs: #772422, #781704, #800986, #805053, #807775, #811273, #817938, #831037, #835615, #857111, #865627, #872692, #879617, #918086, #918614 ID: 202405-29
Synopsis
Multiple vulnerabilities have been discovered in Node.js.
Background
Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine.
Affected packages
Package Vulnerable Unaffected
net-libs/nodejs < 16.20.2 >= 16.20.2
Description
Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Node.js 20 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/nodejs-20.5.1"
All Node.js 18 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/nodejs-18.17.1"
All Node.js 16 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/nodejs-16.20.2"
References
[ 1 ] CVE-2020-7774 https://nvd.nist.gov/vuln/detail/CVE-2020-7774 [ 2 ] CVE-2021-3672 https://nvd.nist.gov/vuln/detail/CVE-2021-3672 [ 3 ] CVE-2021-22883 https://nvd.nist.gov/vuln/detail/CVE-2021-22883 [ 4 ] CVE-2021-22884 https://nvd.nist.gov/vuln/detail/CVE-2021-22884 [ 5 ] CVE-2021-22918 https://nvd.nist.gov/vuln/detail/CVE-2021-22918 [ 6 ] CVE-2021-22930 https://nvd.nist.gov/vuln/detail/CVE-2021-22930 [ 7 ] CVE-2021-22931 https://nvd.nist.gov/vuln/detail/CVE-2021-22931 [ 8 ] CVE-2021-22939 https://nvd.nist.gov/vuln/detail/CVE-2021-22939 [ 9 ] CVE-2021-22940 https://nvd.nist.gov/vuln/detail/CVE-2021-22940 [ 10 ] CVE-2021-22959 https://nvd.nist.gov/vuln/detail/CVE-2021-22959 [ 11 ] CVE-2021-22960 https://nvd.nist.gov/vuln/detail/CVE-2021-22960 [ 12 ] CVE-2021-37701 https://nvd.nist.gov/vuln/detail/CVE-2021-37701 [ 13 ] CVE-2021-37712 https://nvd.nist.gov/vuln/detail/CVE-2021-37712 [ 14 ] CVE-2021-39134 https://nvd.nist.gov/vuln/detail/CVE-2021-39134 [ 15 ] CVE-2021-39135 https://nvd.nist.gov/vuln/detail/CVE-2021-39135 [ 16 ] CVE-2021-44531 https://nvd.nist.gov/vuln/detail/CVE-2021-44531 [ 17 ] CVE-2021-44532 https://nvd.nist.gov/vuln/detail/CVE-2021-44532 [ 18 ] CVE-2021-44533 https://nvd.nist.gov/vuln/detail/CVE-2021-44533 [ 19 ] CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778 [ 20 ] CVE-2022-3602 https://nvd.nist.gov/vuln/detail/CVE-2022-3602 [ 21 ] CVE-2022-3786 https://nvd.nist.gov/vuln/detail/CVE-2022-3786 [ 22 ] CVE-2022-21824 https://nvd.nist.gov/vuln/detail/CVE-2022-21824 [ 23 ] CVE-2022-32212 https://nvd.nist.gov/vuln/detail/CVE-2022-32212 [ 24 ] CVE-2022-32213 https://nvd.nist.gov/vuln/detail/CVE-2022-32213 [ 25 ] CVE-2022-32214 https://nvd.nist.gov/vuln/detail/CVE-2022-32214 [ 26 ] CVE-2022-32215 https://nvd.nist.gov/vuln/detail/CVE-2022-32215 [ 27 ] CVE-2022-32222 https://nvd.nist.gov/vuln/detail/CVE-2022-32222 [ 28 ] CVE-2022-35255 https://nvd.nist.gov/vuln/detail/CVE-2022-35255 [ 29 ] CVE-2022-35256 https://nvd.nist.gov/vuln/detail/CVE-2022-35256 [ 30 ] CVE-2022-35948 https://nvd.nist.gov/vuln/detail/CVE-2022-35948 [ 31 ] CVE-2022-35949 https://nvd.nist.gov/vuln/detail/CVE-2022-35949 [ 32 ] CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 [ 33 ] CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 [ 34 ] CVE-2023-30582 https://nvd.nist.gov/vuln/detail/CVE-2023-30582 [ 35 ] CVE-2023-30583 https://nvd.nist.gov/vuln/detail/CVE-2023-30583 [ 36 ] CVE-2023-30584 https://nvd.nist.gov/vuln/detail/CVE-2023-30584 [ 37 ] CVE-2023-30586 https://nvd.nist.gov/vuln/detail/CVE-2023-30586 [ 38 ] CVE-2023-30587 https://nvd.nist.gov/vuln/detail/CVE-2023-30587 [ 39 ] CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 [ 40 ] CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 [ 41 ] CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 [ 42 ] CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 [ 43 ] CVE-2023-32003 https://nvd.nist.gov/vuln/detail/CVE-2023-32003 [ 44 ] CVE-2023-32004 https://nvd.nist.gov/vuln/detail/CVE-2023-32004 [ 45 ] CVE-2023-32005 https://nvd.nist.gov/vuln/detail/CVE-2023-32005 [ 46 ] CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 [ 47 ] CVE-2023-32558 https://nvd.nist.gov/vuln/detail/CVE-2023-32558 [ 48 ] CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202405-29
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0588",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sinec ins",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "llhttp",
"scope": "lt",
"trust": 1.0,
"vendor": "llhttp",
"version": "14.20.1"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.20.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "16.0.0"
},
{
"model": "llhttp",
"scope": "gte",
"trust": 1.0,
"vendor": "llhttp",
"version": "16.0.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "18.5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "16.16.0"
},
{
"model": "management center",
"scope": "lt",
"trust": 1.0,
"vendor": "stormshield",
"version": "3.3.2"
},
{
"model": "llhttp",
"scope": "lt",
"trust": 1.0,
"vendor": "llhttp",
"version": "16.17.1"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.14.0"
},
{
"model": "llhttp",
"scope": "lt",
"trust": 1.0,
"vendor": "llhttp",
"version": "18.9.1"
},
{
"model": "llhttp",
"scope": "gte",
"trust": 1.0,
"vendor": "llhttp",
"version": "14.0.0"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "16.12.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.0.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "16.13.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "18.0.0"
},
{
"model": "llhttp",
"scope": "gte",
"trust": 1.0,
"vendor": "llhttp",
"version": "18.0.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.15.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "sinec ins",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "management center",
"scope": null,
"trust": 0.8,
"vendor": "stormshield",
"version": null
},
{
"model": "node.js",
"scope": null,
"trust": 0.8,
"vendor": "node js",
"version": null
},
{
"model": "llhttp",
"scope": null,
"trust": 0.8,
"vendor": "llhttp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013243"
},
{
"db": "NVD",
"id": "CVE-2022-32215"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168305"
},
{
"db": "PACKETSTORM",
"id": "169410"
},
{
"db": "PACKETSTORM",
"id": "168442"
},
{
"db": "PACKETSTORM",
"id": "168358"
},
{
"db": "PACKETSTORM",
"id": "168359"
}
],
"trust": 0.5
},
"cve": "CVE-2022-32215",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2022-32215",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-32215",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-32215",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-32215",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-678",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013243"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-678"
},
{
"db": "NVD",
"id": "CVE-2022-32215"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The llhttp parser \u003cv14.20.1, \u003cv16.17.1 and \u003cv18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). llhttp of llhttp For products from other vendors, HTTP There is a vulnerability related to request smuggling.Information may be obtained and information may be tampered with. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security and bug fix update\nAdvisory ID: RHSA-2022:6389-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6389\nIssue date: 2022-09-08\nCVE Names: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214\n CVE-2022-32215 CVE-2022-33987\n====================================================================\n1. Summary:\n\nAn update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now\navailable for Red Hat Software Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs14-nodejs (14.20.0). \n\nSecurity Fix(es):\n\n* nodejs: DNS rebinding in --inspect via invalid IP addresses\n(CVE-2022-32212)\n\n* nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding\n(CVE-2022-32213)\n\n* nodejs: HTTP request smuggling due to improper delimiting of header\nfields (CVE-2022-32214)\n\n* nodejs: HTTP request smuggling due to incorrect parsing of multi-line\nTransfer-Encoding (CVE-2022-32215)\n\n* got: missing verification of requested URLs allows redirects to UNIX\nsockets (CVE-2022-33987)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* rh-nodejs14-nodejs: rebase to latest upstream release (BZ#2106673)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2102001 - CVE-2022-33987 got: missing verification of requested URLs allows redirects to UNIX sockets\n2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses\n2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding\n2105428 - CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields\n2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding\n2106673 - rh-nodejs14-nodejs: rebase to latest upstream release [rhscl-3.8.z]\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nodejs14-nodejs-14.20.0-2.el7.src.rpm\nrh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm\n\nnoarch:\nrh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm\nrh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm\n\nppc64le:\nrh-nodejs14-nodejs-14.20.0-2.el7.ppc64le.rpm\nrh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.ppc64le.rpm\nrh-nodejs14-nodejs-devel-14.20.0-2.el7.ppc64le.rpm\nrh-nodejs14-npm-6.14.17-14.20.0.2.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs14-nodejs-14.20.0-2.el7.s390x.rpm\nrh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.s390x.rpm\nrh-nodejs14-nodejs-devel-14.20.0-2.el7.s390x.rpm\nrh-nodejs14-npm-6.14.17-14.20.0.2.el7.s390x.rpm\n\nx86_64:\nrh-nodejs14-nodejs-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-nodejs-devel-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-npm-6.14.17-14.20.0.2.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nodejs14-nodejs-14.20.0-2.el7.src.rpm\nrh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm\n\nnoarch:\nrh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm\nrh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm\n\nx86_64:\nrh-nodejs14-nodejs-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-nodejs-devel-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-npm-6.14.17-14.20.0.2.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-32212\nhttps://access.redhat.com/security/cve/CVE-2022-32213\nhttps://access.redhat.com/security/cve/CVE-2022-32214\nhttps://access.redhat.com/security/cve/CVE-2022-32215\nhttps://access.redhat.com/security/cve/CVE-2022-33987\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYxnqU9zjgjWX9erEAQipBg/+NJmkBsKEPkFHZAiZhGKiwIkwaFcHK+e/\nODClFTTT9SkkMBheuc9HQDmwukaVlLMvbOJSVL/6NvuLQvOcQHtprOAJXr3I6KQm\nVScJRQny4et+D/N3bJJiuhqe9YY9Bh+EP7omS4aq2UuphEhkuTSQ0V2+Fa4O8wdZ\nbAhUhU660Q6aGzNGvcyz8vi7ohmOFZS94/x2Lr6cBG8LF0dmr/pIw+uPlO36ghXF\nIPEM3VcGisTGQRg2Xy5yqeouK1S+YAcZ1f0QUOePP+WRhIecfmG3cj6oYTRnrOyq\n+62525BHDNjIz55z6H32dKBIy+r+HT7WaOGgPwvH+ugmlH6NyKHjSyy+IJoglkfM\n4+QA0zun7WhLet5y4jmsWCpT3mOCWj7h+iW6IqTlfcad3wCQ6OnySRq67W3GDq+M\n3kdUdBoyfLm1vzLceEF4AK8qChj7rVl8x0b4v8OfRGv6ZEIe+BfJYNzI9HeuIE91\nBYtLGe18vMs5mcWxcYMWlfAgzVSGTaqaaBie9qPtAThs00lJd9oRf/Mfga42/6vI\nnBLHwE3NyPyKfaLvcyLa/oPwGnOhKyPtD8HeN2MORm6RUeUClaq9s+ihDIPvbyLX\nbcKKdjGoJDWyJy2yU2GkVwrbF6gcKgdvo2uFckOpouKQ4P9KEooI/15fLy8NPIZz\nhGdWoRKL34w\\xcePC\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 9) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5326-1 security@debian.org\nhttps://www.debian.org/security/ Aron Xu\nJanuary 24, 2023 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nodejs\nCVE ID : CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215\n CVE-2022-35255 CVE-2022-35256 CVE-2022-43548\n\nMultiple vulnerabilities were discovered in Node.js, which could result\nin HTTP request smuggling, bypass of host IP address validation and weak\nrandomness setup. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 12.22.12~dfsg-1~deb11u3. \n\nWe recommend that you upgrade your nodejs packages. \n\nFor the detailed security status of nodejs please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nodejs\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPQNhIACgkQEMKTtsN8\nTjaRmA/+KDFkQcd2sE/eAAx9cVikICNkfu7uIVKHpeDH9o5oq5M2nj4zHJCeAArp\nWblguyZwEtqzAOO2WesbrmwfXLmglhrNZwRMOrsbu63JxSnecp7qcMwR8A4JWdmd\nTxb4aZr6Prmwq6fT0G3K6oV8Hw+OeqYA/RZKenxtkBf/jdzVahGJHJ/NrFKKWVQW\nxbqHwCkP7uUlm+5UR5XzNrodTRCQYHJvUmDUrjEOjM6x+sqYirKWiERN0A14kVn9\n0Ufrw6+Z2tKhdKFZfU1BtDthhlH/nybz0h3aHsk+E5/vx20WAURiCEDVi7nf8+Rf\nEtbCxaqV+/xVoPmXStHY/ogCo8CgRVsyYUIemgi4q5LwVx/Oqjm2CJ/xCwOKh0E2\nidXLJfLSpxxBe598MUn9iKbnFFCN9DQZXf7BYs3djtn8ALFVBSHZSF1QXFoFQ86w\nY9xGhBQzfEgCoEW7H4S30ZQ+Gz+ZnOMCSH+MKIMtSpqbc7wLtrKf839DO6Uux7B7\nu0WR3lZlsihi92QKq9X/VRkyy8ZiA2TYy3IE+KDKlXDHKls9FR9BUClYe9L8RiRu\nboP8KPFUHUsSVaTzkufMStdKkcXCqgj/6KhJL6E9ZunTBpTmqx1Ty7/N2qktLFnH\nujrffzV3rCE6eIg7ps8OdZbjCfqUqmQk9/pV6ZDjymqjZ1LKZDs\\xfeRn\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-6491-1\nNovember 21, 2023\n\nnodejs vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in Node.js. \n\nSoftware Description:\n- nodejs: An open-source, cross-platform JavaScript runtime environment. \n\nDetails:\n\nAxel Chong discovered that Node.js incorrectly handled certain inputs. If a\nuser or an automated system were tricked into opening a specially crafted\ninput file, a remote attacker could possibly use this issue to execute\narbitrary code. (CVE-2022-32212)\n\nZeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a\nuser or an automated system were tricked into opening a specially crafted\ninput file, a remote attacker could possibly use this issue to execute\narbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-32213,\nCVE-2022-32214, CVE-2022-32215)\n\nIt was discovered that Node.js incorrectly handled certain inputs. If a user\nor an automated system were tricked into opening a specially crafted input\nfile, a remote attacker could possibly use this issue to execute arbitrary\ncode. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-35256)\n\nIt was discovered that Node.js incorrectly handled certain inputs. If a user\nor an automated system were tricked into opening a specially crafted input\nfile, a remote attacker could possibly use this issue to execute arbitrary\ncode. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-43548)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n libnode-dev 12.22.9~dfsg-1ubuntu3.2\n libnode72 12.22.9~dfsg-1ubuntu3.2\n nodejs 12.22.9~dfsg-1ubuntu3.2\n nodejs-doc 12.22.9~dfsg-1ubuntu3.2\n\nUbuntu 20.04 LTS:\n libnode-dev 10.19.0~dfsg-3ubuntu1.3\n libnode64 10.19.0~dfsg-3ubuntu1.3\n nodejs 10.19.0~dfsg-3ubuntu1.3\n nodejs-doc 10.19.0~dfsg-3ubuntu1.3\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n nodejs 8.10.0~dfsg-2ubuntu0.4+esm4\n nodejs-dev 8.10.0~dfsg-2ubuntu0.4+esm4\n nodejs-doc 8.10.0~dfsg-2ubuntu0.4+esm4\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202405-29\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Node.js: Multiple Vulnerabilities\n Date: May 08, 2024\n Bugs: #772422, #781704, #800986, #805053, #807775, #811273, #817938, #831037, #835615, #857111, #865627, #872692, #879617, #918086, #918614\n ID: 202405-29\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Node.js. \n\nBackground\n=========\nNode.js is a JavaScript runtime built on Chrome\u2019s V8 JavaScript engine. \n\nAffected packages\n================\nPackage Vulnerable Unaffected\n--------------- ------------ ------------\nnet-libs/nodejs \u003c 16.20.2 \u003e= 16.20.2\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Node.js. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Node.js 20 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/nodejs-20.5.1\"\n\nAll Node.js 18 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/nodejs-18.17.1\"\n\nAll Node.js 16 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/nodejs-16.20.2\"\n\nReferences\n=========\n[ 1 ] CVE-2020-7774\n https://nvd.nist.gov/vuln/detail/CVE-2020-7774\n[ 2 ] CVE-2021-3672\n https://nvd.nist.gov/vuln/detail/CVE-2021-3672\n[ 3 ] CVE-2021-22883\n https://nvd.nist.gov/vuln/detail/CVE-2021-22883\n[ 4 ] CVE-2021-22884\n https://nvd.nist.gov/vuln/detail/CVE-2021-22884\n[ 5 ] CVE-2021-22918\n https://nvd.nist.gov/vuln/detail/CVE-2021-22918\n[ 6 ] CVE-2021-22930\n https://nvd.nist.gov/vuln/detail/CVE-2021-22930\n[ 7 ] CVE-2021-22931\n https://nvd.nist.gov/vuln/detail/CVE-2021-22931\n[ 8 ] CVE-2021-22939\n https://nvd.nist.gov/vuln/detail/CVE-2021-22939\n[ 9 ] CVE-2021-22940\n https://nvd.nist.gov/vuln/detail/CVE-2021-22940\n[ 10 ] CVE-2021-22959\n https://nvd.nist.gov/vuln/detail/CVE-2021-22959\n[ 11 ] CVE-2021-22960\n https://nvd.nist.gov/vuln/detail/CVE-2021-22960\n[ 12 ] CVE-2021-37701\n https://nvd.nist.gov/vuln/detail/CVE-2021-37701\n[ 13 ] CVE-2021-37712\n https://nvd.nist.gov/vuln/detail/CVE-2021-37712\n[ 14 ] CVE-2021-39134\n https://nvd.nist.gov/vuln/detail/CVE-2021-39134\n[ 15 ] CVE-2021-39135\n https://nvd.nist.gov/vuln/detail/CVE-2021-39135\n[ 16 ] CVE-2021-44531\n https://nvd.nist.gov/vuln/detail/CVE-2021-44531\n[ 17 ] CVE-2021-44532\n https://nvd.nist.gov/vuln/detail/CVE-2021-44532\n[ 18 ] CVE-2021-44533\n https://nvd.nist.gov/vuln/detail/CVE-2021-44533\n[ 19 ] CVE-2022-0778\n https://nvd.nist.gov/vuln/detail/CVE-2022-0778\n[ 20 ] CVE-2022-3602\n https://nvd.nist.gov/vuln/detail/CVE-2022-3602\n[ 21 ] CVE-2022-3786\n https://nvd.nist.gov/vuln/detail/CVE-2022-3786\n[ 22 ] CVE-2022-21824\n https://nvd.nist.gov/vuln/detail/CVE-2022-21824\n[ 23 ] CVE-2022-32212\n https://nvd.nist.gov/vuln/detail/CVE-2022-32212\n[ 24 ] CVE-2022-32213\n https://nvd.nist.gov/vuln/detail/CVE-2022-32213\n[ 25 ] CVE-2022-32214\n https://nvd.nist.gov/vuln/detail/CVE-2022-32214\n[ 26 ] CVE-2022-32215\n https://nvd.nist.gov/vuln/detail/CVE-2022-32215\n[ 27 ] CVE-2022-32222\n https://nvd.nist.gov/vuln/detail/CVE-2022-32222\n[ 28 ] CVE-2022-35255\n https://nvd.nist.gov/vuln/detail/CVE-2022-35255\n[ 29 ] CVE-2022-35256\n https://nvd.nist.gov/vuln/detail/CVE-2022-35256\n[ 30 ] CVE-2022-35948\n https://nvd.nist.gov/vuln/detail/CVE-2022-35948\n[ 31 ] CVE-2022-35949\n https://nvd.nist.gov/vuln/detail/CVE-2022-35949\n[ 32 ] CVE-2022-43548\n https://nvd.nist.gov/vuln/detail/CVE-2022-43548\n[ 33 ] CVE-2023-30581\n https://nvd.nist.gov/vuln/detail/CVE-2023-30581\n[ 34 ] CVE-2023-30582\n https://nvd.nist.gov/vuln/detail/CVE-2023-30582\n[ 35 ] CVE-2023-30583\n https://nvd.nist.gov/vuln/detail/CVE-2023-30583\n[ 36 ] CVE-2023-30584\n https://nvd.nist.gov/vuln/detail/CVE-2023-30584\n[ 37 ] CVE-2023-30586\n https://nvd.nist.gov/vuln/detail/CVE-2023-30586\n[ 38 ] CVE-2023-30587\n https://nvd.nist.gov/vuln/detail/CVE-2023-30587\n[ 39 ] CVE-2023-30588\n https://nvd.nist.gov/vuln/detail/CVE-2023-30588\n[ 40 ] CVE-2023-30589\n https://nvd.nist.gov/vuln/detail/CVE-2023-30589\n[ 41 ] CVE-2023-30590\n https://nvd.nist.gov/vuln/detail/CVE-2023-30590\n[ 42 ] CVE-2023-32002\n https://nvd.nist.gov/vuln/detail/CVE-2023-32002\n[ 43 ] CVE-2023-32003\n https://nvd.nist.gov/vuln/detail/CVE-2023-32003\n[ 44 ] CVE-2023-32004\n https://nvd.nist.gov/vuln/detail/CVE-2023-32004\n[ 45 ] CVE-2023-32005\n https://nvd.nist.gov/vuln/detail/CVE-2023-32005\n[ 46 ] CVE-2023-32006\n https://nvd.nist.gov/vuln/detail/CVE-2023-32006\n[ 47 ] CVE-2023-32558\n https://nvd.nist.gov/vuln/detail/CVE-2023-32558\n[ 48 ] CVE-2023-32559\n https://nvd.nist.gov/vuln/detail/CVE-2023-32559\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202405-29\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2024 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32215"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013243"
},
{
"db": "VULMON",
"id": "CVE-2022-32215"
},
{
"db": "PACKETSTORM",
"id": "168305"
},
{
"db": "PACKETSTORM",
"id": "169410"
},
{
"db": "PACKETSTORM",
"id": "168442"
},
{
"db": "PACKETSTORM",
"id": "168358"
},
{
"db": "PACKETSTORM",
"id": "170727"
},
{
"db": "PACKETSTORM",
"id": "175817"
},
{
"db": "PACKETSTORM",
"id": "178512"
},
{
"db": "PACKETSTORM",
"id": "168359"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-32215",
"trust": 4.1
},
{
"db": "HACKERONE",
"id": "1501679",
"trust": 2.4
},
{
"db": "SIEMENS",
"id": "SSA-332410",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-23-017-03",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90782730",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013243",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168305",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169410",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168442",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168358",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "170727",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.3673",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3488",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3505",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3487",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4136",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4101",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3586",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4681",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071827",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071338",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072639",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072522",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071612",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202207-678",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-32215",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175817",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "178512",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168359",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32215"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013243"
},
{
"db": "PACKETSTORM",
"id": "168305"
},
{
"db": "PACKETSTORM",
"id": "169410"
},
{
"db": "PACKETSTORM",
"id": "168442"
},
{
"db": "PACKETSTORM",
"id": "168358"
},
{
"db": "PACKETSTORM",
"id": "170727"
},
{
"db": "PACKETSTORM",
"id": "175817"
},
{
"db": "PACKETSTORM",
"id": "178512"
},
{
"db": "PACKETSTORM",
"id": "168359"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-678"
},
{
"db": "NVD",
"id": "CVE-2022-32215"
}
]
},
"id": "VAR-202207-0588",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.20766129
},
"last_update_date": "2024-11-29T22:19:57.824000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-444",
"trust": 1.0
},
{
"problemtype": "HTTP Request Smuggling (CWE-444) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013243"
},
{
"db": "NVD",
"id": "CVE-2022-32215"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"
},
{
"trust": 2.4,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"trust": 2.4,
"url": "https://hackerone.com/reports/1501679"
},
{
"trust": 2.4,
"url": "https://www.debian.org/security/2023/dsa-5326"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32215"
},
{
"trust": 1.4,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2icg6csib3guwh5dusqevx53mojw7lyk/"
},
{
"trust": 1.4,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qcnn3yg2bcls4zekj3clsut6as7axth3/"
},
{
"trust": 1.4,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vmqk5l5sbyd47qqz67lemhnq662gh3oy/"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32215"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2icg6csib3guwh5dusqevx53mojw7lyk/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qcnn3yg2bcls4zekj3clsut6as7axth3/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vmqk5l5sbyd47qqz67lemhnq662gh3oy/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90782730/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-017-03"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32214"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32212"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32213"
},
{
"trust": 0.6,
"url": "https://security.netapp.com/advisory/ntap-20220915-0001/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170727/debian-security-advisory-5326-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3505"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168305/red-hat-security-advisory-2022-6389-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072522"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168442/red-hat-security-advisory-2022-6595-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168358/red-hat-security-advisory-2022-6449-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4681"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-32215/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072639"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4101"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3673"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4136"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3487"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071827"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3586"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3488"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071612"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169410/red-hat-security-advisory-2022-6985-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071338"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-32214"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-32213"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-32212"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33987"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-33987"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35256"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43548"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3807"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3807"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35255"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6389"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6985"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29244"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29244"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28469"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7788"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6449"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nodejs"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nodejs/12.22.9~dfsg-1ubuntu3.2"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6491-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nodejs/10.19.0~dfsg-3ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30587"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32006"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22931"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22939"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32558"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30588"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3672"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35949"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22959"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202405-29"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32004"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30584"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7774"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30589"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32003"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22883"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35948"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44533"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30582"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3602"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30590"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30586"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22940"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32559"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30581"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30583"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44531"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37701"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6448"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32215"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013243"
},
{
"db": "PACKETSTORM",
"id": "168305"
},
{
"db": "PACKETSTORM",
"id": "169410"
},
{
"db": "PACKETSTORM",
"id": "168442"
},
{
"db": "PACKETSTORM",
"id": "168358"
},
{
"db": "PACKETSTORM",
"id": "170727"
},
{
"db": "PACKETSTORM",
"id": "175817"
},
{
"db": "PACKETSTORM",
"id": "178512"
},
{
"db": "PACKETSTORM",
"id": "168359"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-678"
},
{
"db": "NVD",
"id": "CVE-2022-32215"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-32215"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013243"
},
{
"db": "PACKETSTORM",
"id": "168305"
},
{
"db": "PACKETSTORM",
"id": "169410"
},
{
"db": "PACKETSTORM",
"id": "168442"
},
{
"db": "PACKETSTORM",
"id": "168358"
},
{
"db": "PACKETSTORM",
"id": "170727"
},
{
"db": "PACKETSTORM",
"id": "175817"
},
{
"db": "PACKETSTORM",
"id": "178512"
},
{
"db": "PACKETSTORM",
"id": "168359"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-678"
},
{
"db": "NVD",
"id": "CVE-2022-32215"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013243"
},
{
"date": "2022-09-08T14:41:32",
"db": "PACKETSTORM",
"id": "168305"
},
{
"date": "2022-10-18T22:30:49",
"db": "PACKETSTORM",
"id": "169410"
},
{
"date": "2022-09-21T13:47:04",
"db": "PACKETSTORM",
"id": "168442"
},
{
"date": "2022-09-13T15:43:41",
"db": "PACKETSTORM",
"id": "168358"
},
{
"date": "2023-01-25T16:09:12",
"db": "PACKETSTORM",
"id": "170727"
},
{
"date": "2023-11-21T16:00:44",
"db": "PACKETSTORM",
"id": "175817"
},
{
"date": "2024-05-09T15:46:44",
"db": "PACKETSTORM",
"id": "178512"
},
{
"date": "2022-09-13T15:43:55",
"db": "PACKETSTORM",
"id": "168359"
},
{
"date": "2022-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-678"
},
{
"date": "2022-07-14T15:15:08.387000",
"db": "NVD",
"id": "CVE-2022-32215"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-06T08:23:00",
"db": "JVNDB",
"id": "JVNDB-2022-013243"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-678"
},
{
"date": "2023-11-07T03:47:46.577000",
"db": "NVD",
"id": "CVE-2022-32215"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "175817"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-678"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "llhttp\u00a0 of \u00a0llhttp\u00a0 in products from other multiple vendors \u00a0HTTP\u00a0 Request Smuggling Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013243"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "environmental issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-678"
}
],
"trust": 0.6
}
}
var-202205-0881
Vulnerability from variot
Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
- Solution:
For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
2042536 - OCP 4.10: nfd-topology-updater daemonset fails to get created on worker nodes - forbidden: unable to validate against any security context constraint
2042652 - Unable to deploy hw-event-proxy operator
2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
2047308 - Remove metrics and events for master port offsets
2055049 - No pre-caching for NFD images
2055436 - nfd-master tracking the wrong api group
2055439 - nfd-master tracking the wrong api group (operand)
2057569 - nfd-worker: drop 'custom-' prefix from matchFeatures custom rules
2058256 - LeaseDuration for NFD Operator seems to be rather small, causing Operator restarts when running etcd defrag
2062849 - hw event proxy is not binding on ipv6 local address
2066860 - Wrong spec in NFD documentation under operand
2066887 - Dependabot alert: Path traversal in github.com/valyala/fasthttp
2066889 - Dependabot alert: Path traversal in github.com/valyala/fasthttp
2067312 - PPT event source is lost when received by the consumer
2077243 - NFD os release label lost after upgrade to ocp 4.10.6
2087511 - NFD SkipRange is wrong causing OLM install problems
2089962 - Node feature Discovery operator installation failed.
2090774 - Add Readme to plugin directory
2091106 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3
2091142 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
- Summary:
The Migration Toolkit for Containers (MTC) 1.7.3 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Bug Fix(es):
-
Velero and Restic are using incorrect SCCs [OADP-BL] (BZ#2082216)
-
[MTC] Migrations gets stuck at StageBackup stage for indirect runs [OADP-BL] (BZ#2091965)
-
MTC: 1.7.1 on OCP 4.6: UI is stuck in "Discovering persistent volumes attached to source projects" step (BZ#2099856)
-
Correct DNS validation for destination namespace (BZ#2102231)
-
Deselecting all pvcs from UI still results in an attempted PVC transfer (BZ#2106073)
-
Bugs fixed (https://bugzilla.redhat.com/):
2076133 - CVE-2022-1365 cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar 2082216 - Velero and Restic are using incorrect SCCs [OADP-BL] 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 2091965 - [MTC] Migrations gets stuck at StageBackup stage for indirect runs [OADP-BL] 2099856 - MTC: 1.7.1 on OCP 4.6: UI is stuck in "Discovering persistent volumes attached to source projects" step 2102231 - Correct DNS validation for destination namespace 2106073 - Deselecting all pvcs from UI still results in an attempted PVC transfer
- JIRA issues fixed (https://issues.jboss.org/):
MIG-1155 - Update to newer ansible runner image for hooks MIG-1242 - Must set upper bound on OADP dep to prevent jump to 1.1 MIG-1254 - Investigate impact of deprecated Docker V2 Schema 1 for MTC on OCP3.11
- Description:
Release osp-director-operator images
Security Fix(es):
- go-getter: unsafe download (issue 1 of 3) [Important] (CVE-2022-30321)
- go-getter: unsafe download (issue 2 of 3) [Important] (CVE-2022-30322)
- go-getter: unsafe download (issue 3 of 3) [Important] (CVE-2022-30323)
- go-getter: command injection vulnerability [Important] (CVE-2022-26945)
- golang.org/x/crypto: empty plaintext packet causes panic [Moderate] (CVE-2021-43565)
-
containerd: insufficiently restricted permissions on container root and plugin directories [Moderate] (CVE-2021-41103)
-
Solution:
OSP 16.2 Release - OSP Director Operator Containers tech preview
- Bugs fixed (https://bugzilla.redhat.com/):
2011007 - CVE-2021-41103 containerd: insufficiently restricted permissions on container root and plugin directories 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3) 2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3) 2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3) 2092928 - CVE-2022-26945 go-getter: command injection vulnerability
- Bugs fixed (https://bugzilla.redhat.com/):
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
- JIRA issues fixed (https://issues.jboss.org/):
LOG-2536 - Setting up ODF S3 for loki
LOG-2640 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated.
LOG-2757 - [release-5.4] index rollover cronjob fails on openshift-logging operator
LOG-2762 - [release-5.4]Events and CLO csv are not collected after running oc adm must-gather --image=$downstream-clo-image
LOG-2780 - Loki cannot send logs after upgrade to 5.4.3 from 5.4.2 with 'http'
LOG-2781 - OpenShift Logging Dashboard for Elastic Shards shows "active_primary" instead of "active" shards.
LOG-2786 - [release-5.4] Token not added to Vector config when forwarding logs to Lokistack with Token+CA bundle.
LOG-2791 - [release-5.4] ElasticSearch operator does not respect referencePolicy when selecting oauth-proxy image
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
Vim (Vi IMproved) is an updated and improved version of the vi editor.
Security Fix(es):
-
vim: heap buffer overflow (CVE-2022-1621)
-
vim: buffer over-read (CVE-2022-1629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2083924 - CVE-2022-1621 vim: heap buffer overflow 2083931 - CVE-2022-1629 vim: buffer over-read
- Package List:
Red Hat Enterprise Linux AppStream (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: OpenShift Virtualization 4.11.0 Images security and bug fix update Advisory ID: RHSA-2022:6526-01 Product: cnv Advisory URL: https://access.redhat.com/errata/RHSA-2022:6526 Issue date: 2022-09-14 CVE Names: CVE-2018-25032 CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-13435 CVE-2020-14155 CVE-2020-17541 CVE-2020-24370 CVE-2020-35492 CVE-2021-3580 CVE-2021-3634 CVE-2021-3737 CVE-2021-4115 CVE-2021-4189 CVE-2021-20231 CVE-2021-20232 CVE-2021-23177 CVE-2021-25219 CVE-2021-31535 CVE-2021-31566 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-38185 CVE-2021-38561 CVE-2021-40528 CVE-2021-43527 CVE-2021-44716 CVE-2021-44717 CVE-2022-0778 CVE-2022-1271 CVE-2022-1292 CVE-2022-1621 CVE-2022-1629 CVE-2022-1798 CVE-2022-2068 CVE-2022-2097 CVE-2022-21698 CVE-2022-22576 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVE-2022-24407 CVE-2022-24675 CVE-2022-24921 CVE-2022-25313 CVE-2022-25314 CVE-2022-27191 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 CVE-2022-28327 CVE-2022-29824 ==================================================================== 1. Summary:
Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.11.0 images:
RHEL-8-CNV-4.11 ==============hostpath-provisioner-container-v4.11.0-21 kubevirt-tekton-tasks-operator-container-v4.11.0-29 kubevirt-template-validator-container-v4.11.0-17 bridge-marker-container-v4.11.0-26 hostpath-csi-driver-container-v4.11.0-21 cluster-network-addons-operator-container-v4.11.0-26 ovs-cni-marker-container-v4.11.0-26 virtio-win-container-v4.11.0-16 ovs-cni-plugin-container-v4.11.0-26 kubemacpool-container-v4.11.0-26 hostpath-provisioner-operator-container-v4.11.0-24 cnv-containernetworking-plugins-container-v4.11.0-26 kubevirt-ssp-operator-container-v4.11.0-54 virt-cdi-uploadserver-container-v4.11.0-59 virt-cdi-cloner-container-v4.11.0-59 virt-cdi-operator-container-v4.11.0-59 virt-cdi-importer-container-v4.11.0-59 virt-cdi-uploadproxy-container-v4.11.0-59 virt-cdi-controller-container-v4.11.0-59 virt-cdi-apiserver-container-v4.11.0-59 kubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7 kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7 kubevirt-tekton-tasks-copy-template-container-v4.11.0-7 checkup-framework-container-v4.11.0-67 kubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7 kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7 vm-network-latency-checkup-container-v4.11.0-67 kubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7 hyperconverged-cluster-webhook-container-v4.11.0-95 cnv-must-gather-container-v4.11.0-62 hyperconverged-cluster-operator-container-v4.11.0-95 kubevirt-console-plugin-container-v4.11.0-83 virt-controller-container-v4.11.0-105 virt-handler-container-v4.11.0-105 virt-operator-container-v4.11.0-105 virt-launcher-container-v4.11.0-105 virt-artifacts-server-container-v4.11.0-105 virt-api-container-v4.11.0-105 libguestfs-tools-container-v4.11.0-105 hco-bundle-registry-container-v4.11.0-587
Security Fix(es):
-
golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
-
kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
-
golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
-
golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
-
prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
-
golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
-
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
-
golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
-
golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
-
golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
-
golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
-
golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1937609 - VM cannot be restarted
1945593 - Live migration should be blocked for VMs with host devices
1968514 - [RFE] Add cancel migration action to virtctl
1993109 - CNV MacOS Client not signed
1994604 - [RFE] - Add a feature to virtctl to print out a message if virtctl is a different version than the server side
2001385 - no "name" label in virt-operator pod
2009793 - KBase to clarify nested support status is missing
2010318 - with sysprep config data as cfgmap volume and as cdrom disk a windows10 VMI fails to LiveMigrate
2025276 - No permissions when trying to clone to a different namespace (as Kubeadmin)
2025401 - [TEST ONLY] [CNV+OCS/ODF] Virtualization poison pill implemenation
2026357 - Migration in sequence can be reported as failed even when it succeeded
2029349 - cluster-network-addons-operator does not serve metrics through HTTPS
2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
2031857 - Add annotation for URL to download the image
2033077 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate
2035344 - kubemacpool-mac-controller-manager not ready
2036676 - NoReadyVirtController and NoReadyVirtOperator are never triggered
2039976 - Pod stuck in "Terminating" state when removing VM with kernel boot and container disks
2040766 - A crashed Windows VM cannot be restarted with virtctl or the UI
2041467 - [SSP] Support custom DataImportCron creating in custom namespaces
2042402 - LiveMigration with postcopy misbehave when failure occurs
2042809 - sysprep disk requires autounattend.xml if an unattend.xml exists
2045086 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate
2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
2047186 - When entering to a RH supported template, it changes the project (namespace) to ?OpenShift?
2051899 - 4.11.0 containers
2052094 - [rhel9-cnv] VM fails to start, virt-handler error msg: Couldn't configure ip nat rules
2052466 - Event does not include reason for inability to live migrate
2052689 - Overhead Memory consumption calculations are incorrect
2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements
2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
2056467 - virt-template-validator pods getting scheduled on the same node
2057157 - [4.10.0] HPP-CSI-PVC fails to bind PVC when node fqdn is long
2057310 - qemu-guest-agent does not report information due to selinux denials
2058149 - cluster-network-addons-operator deployment's MULTUS_IMAGE is pointing to brew image
2058925 - Must-gather: for vms with longer name, gather_vms_details fails to collect qemu, dump xml logs
2059121 - [CNV-4.11-rhel9] virt-handler pod CrashLoopBackOff state
2060485 - virtualMachine with duplicate interfaces name causes MACs to be rejected by Kubemacpool
2060585 - [SNO] Failed to find the virt-controller leader pod
2061208 - Cannot delete network Interface if VM has multiqueue for networking enabled.
2061723 - Prevent new DataImportCron to manage DataSource if multiple DataImportCron pointing to same DataSource
2063540 - [CNV-4.11] Authorization Failed When Cloning Source Namespace
2063792 - No DataImportCron for CentOS 7
2064034 - On an upgraded cluster NetworkAddonsConfig seems to be reconciling in a loop
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression
2064936 - Migration of vm from VMware reports pvc not large enough
2065014 - Feature Highlights in CNV 4.10 contains links to 4.7
2065019 - "Running VMs per template" in the new overview tab counts VMs that are not running
2066768 - [CNV-4.11-HCO] User Cannot List Resource "namespaces" in API group
2067246 - [CNV]: Unable to ssh to Virtual Machine post changing Flavor tiny to custom
2069287 - Two annotations for VM Template provider name
2069388 - [CNV-4.11] kubemacpool-mac-controller - TLS handshake error
2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass
2070864 - non-privileged user cannot see catalog tiles
2071488 - "Migrate Node to Node" is confusing.
2071549 - [rhel-9] unable to create a non-root virt-launcher based VM
2071611 - Metrics documentation generators are missing metrics/recording rules
2071921 - Kubevirt RPM is not being built
2073669 - [rhel-9] VM fails to start
2073679 - [rhel-8] VM fails to start: missing virt-launcher-monitor downstream
2073982 - [CNV-4.11-RHEL9] 'virtctl' binary fails with 'rc1' with 'virtctl version' command
2074337 - VM created from registry cannot be started
2075200 - VLAN filtering cannot be configured with Intel X710
2075409 - [CNV-4.11-rhel9] hco-operator and hco-webhook pods CrashLoopBackOff
2076292 - Upgrade from 4.10.1->4.11 using nightly channel, is not completing with error "could not complete the upgrade process. KubeVirt is not with the expected version. Check KubeVirt observed version in the status field of its CR"
2076379 - must-gather: ruletables and qemu logs collected as a part of gather_vm_details scripts are zero bytes file
2076790 - Alert SSPDown is constantly in Firing state
2076908 - clicking on a template in the Running VMs per Template card leads to 404
2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
2078700 - Windows template boot source should be blank
2078703 - [RFE] Please hide the user defined password when customizing cloud-init
2078709 - VM conditions column have wrong key/values
2078728 - Common template rootDisk is not named correctly
2079366 - rootdisk is not able to edit
2079674 - Configuring preferred node affinity in the console results in wrong yaml and unschedulable VM
2079783 - Actions are broken in topology view
2080132 - virt-launcher logs live migration in nanoseconds if the migration is stuck
2080155 - [RFE] Provide the progress of VM migration in the source virt launcher pod
2080547 - Metrics kubevirt_hco_out_of_band_modifications_count, does not reflect correct modification count when label is added to priorityclass/kubevirt-cluster-critical in a loop
2080833 - Missing cloud init script editor in the scripts tab
2080835 - SSH key is set using cloud init script instead of new api
2081182 - VM SSH command generated by UI points at api VIP
2081202 - cloud-init for Windows VM generated with corrupted "undefined" section
2081409 - when viewing a common template details page, user need to see the message "can't edit common template" on all tabs
2081671 - SSH service created outside the UI is not discoverable
2081831 - [RFE] Improve disk hotplug UX
2082008 - LiveMigration fails due to loss of connection to destination host
2082164 - Migration progress timeout expects absolute progress
2082912 - [CNV-4.11] HCO Being Unable to Reconcile State
2083093 - VM overview tab is crashed
2083097 - ?Mount Windows drivers disk? should not show when the template is not ?windows?
2083100 - Something keeps loading in the ?node selector? modal
2083101 - ?Restore default settings? never become available while editing CPU/Memory
2083135 - VM fails to schedule with vTPM in spec
2083256 - SSP Reconcile logging improvement when CR resources are changed
2083595 - [RFE] Disable VM descheduler if the VM is not live migratable
2084102 - [e2e] Many elements are lacking proper selector like 'data-test-id' or 'data-test'
2084122 - [4.11]Clone from filesystem to block on storage api with the same size fails
2084418 - ?Invalid SSH public key format? appears when drag ssh key file to ?Authorized SSH Key? field
2084431 - User credentials for ssh is not in correct format
2084476 - The Virtual Machine Authorized SSH Key is not shown in the scripts tab.
2084532 - Console is crashed while detaching disk
2084610 - Newly added Kubevirt-plugin pod is missing resources.requests values (cpu/memory)
2085320 - Tolerations rules is not adding correctly
2085322 - Not able to stop/restart VM if the VM is staying in "Starting"
2086272 - [dark mode] Titles in Overview tab not visible enough in dark mode
2086278 - Cloud init script edit add " hostname='' " when is should not be added
2086281 - [dark mode] Helper text in Scripts tab not visible enough on dark mode
2086286 - [dark mode] The contrast of the Labels and edit labels not look good in the dark mode
2086293 - [dark mode] Titles in Parameters tab not visible enough in dark mode
2086294 - [dark mode] Can't see the number inside the donut chart in VMs per template card
2086303 - non-priv user can't create VM when namespace is not selected
2086479 - some modals use ?Save? and some modals use ?Submit?
2086486 - cluster overview getting started card include old information
2086488 - Cannot cancel vm migration if the migration pod is not schedulable in the backend
2086769 - Missing vm.kubevirt.io/template.namespace label when creating VM with the wizard
2086803 - When clonnig a template we need to update vm labels and annotaions to match new template
2086825 - VM restore PVC uses exact source PVC request size
2086849 - Create from YAML example is not runnable
2087188 - When VM is stopped - adding disk failed to show
2087189 - When VM is stopped - adding disk failed to show
2087232 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed
2087546 - "Quick Starts" is missing in Getting started card
2087547 - Activity and Status card are missing in Virtualization Overview
2087559 - template in "VMs per template" should take user to vm list page
2087566 - Remove the ?auto upload? label from template in the catalog if the auto-upload boot source not exists
2087570 - Page title should be ?VirtualMachines? and not ?Virtual Machines?
2087577 - "VMs per template" load time is a bit long
2087578 - Terminology "VM" should be "Virtual Machine" in all places
2087582 - Remove VMI and MTV from the navigation
2087583 - [RFE] Show more info about boot source in template list
2087584 - Template provider should not be mandatory
2087587 - Improve the descriptive text in the kebab menu of template
2087589 - Red icons shows in storage disk source selection without a good reason
2087590 - [REF] "Upload a new file to a PVC" should not open the form in a new tab
2087593 - "Boot method" is not a good name in overview tab
2087603 - Align details card for single VM overview with the design doc
2087616 - align the utilization card of single VM overview with the design
2087701 - [RFE] Missing a link to VMI from running VM details page
2087717 - Message when editing template boot source is wrong
2088034 - Virtualization Overview crashes when a VirtualMachine has no labels
2088355 - disk modal shows all storage classes as default
2088361 - Attached disk keeps in loading status when add disk to a power off VM by non-privileged user
2088379 - Create VM from catalog does not respect the storageclass of the template's boot source
2088407 - Missing create button in the template list
2088471 - [HPP] hostpath-provisioner-csi does not comply with restricted security context
2088472 - Golden Images import cron jobs are not getting updated on upgrade to 4.11
2088477 - [4.11.z] VMSnapshot restore fails to provision volume with size mismatch error
2088849 - "dataimportcrontemplate.kubevirt.io/enable" field does not do any validation
2089078 - ConsolePlugin kubevirt-plugin is not getting reconciled by hco
2089271 - Virtualization appears twice in sidebar
2089327 - add network modal crash when no networks available
2089376 - Virtual Machine Template without dataVolumeTemplates gets blank page
2089477 - [RFE] Allow upload source when adding VM disk
2089700 - Drive column in Disks card of Overview page has duplicated values
2089745 - When removing all disks from customize wizard app crashes
2089789 - Add windows drivers disk is missing when template is not windows
2089825 - Top consumers card on Virtualization Overview page should keep display parameters as set by user
2089836 - Card titles on single VM Overview page does not have hyperlinks to relevant pages
2089840 - Cant create snapshot if VM is without disks
2089877 - Utilization card on single VM overview - timespan menu lacks 5min option
2089932 - Top consumers card on single VM overview - View by resource dropdown menu needs an update
2089942 - Utilization card on single VM overview - trend charts at the bottom should be linked to proper metrics
2089954 - Details card on single VM overview - VNC console has grey padding
2089963 - Details card on single VM overview - Operating system info is not available
2089967 - Network Interfaces card on single VM overview - name tooltip lacks info
2089970 - Network Interfaces card on single VM overview - IP tooltip
2089972 - Disks card on single VM overview -typo
2089979 - Single VM Details - CPU|Memory edit icon misplaced
2089982 - Single VM Details - SSH modal has redundant VM name
2090035 - Alert card is missing in single VM overview
2090036 - OS should be "Operating system" and host should be "hostname" in single vm overview
2090037 - Add template link in single vm overview details card
2090038 - The update field under the version in overview should be consistent with the operator page
2090042 - Move the edit button close to the text for "boot order" and "ssh access"
2090043 - "No resource selected" in vm boot order
2090046 - Hardware devices section In the VM details and Template details should be aligned with catalog page
2090048 - "Boot mode" should be editable while VM is running
2090054 - Services ?kubernetes" and "openshift" should not be listing in vm details
2090055 - Add link to vm template in vm details page
2090056 - "Something went wrong" shows on VM "Environment" tab
2090057 - "?" icon is too big in environment and disk tab
2090059 - Failed to add configmap in environment tab due to validate error
2090064 - Miss "remote desktop" in console dropdown list for windows VM
2090066 - [RFE] Improve guest login credentials
2090068 - Make the "name" and "Source" column wider in vm disk tab
2090131 - Key's value in "add affinity rule" modal is too small
2090350 - memory leak in virt-launcher process
2091003 - SSH service is not deleted along the VM
2091058 - After VM gets deleted, the user is redirected to a page with a different namespace
2091309 - While disabling a golden image via HCO, user should not be required to enter the whole spec.
2091406 - wrong template namespace label when creating a vm with wizard
2091754 - Scheduling and scripts tab should be editable while the VM is running
2091755 - Change bottom "Save" to "Apply" on cloud-init script form
2091756 - The root disk of cloned template should be editable
2091758 - "OS" should be "Operating system" in template filter
2091760 - The provider should be empty if it's not set during cloning
2091761 - Miss "Edit labels" and "Edit annotations" in template kebab button
2091762 - Move notification above the tabs in template details page
2091764 - Clone a template should lead to the template details
2091765 - "Edit bootsource" is keeping in load in template actions dropdown
2091766 - "Are you sure you want to leave this page?" pops up when click the "Templates" link
2091853 - On Snapshot tab of single VM "Restore" button should move to the kebab actions together with the Delete
2091863 - BootSource edit modal should list affected templates
2091868 - Catalog list view has two columns named "BootSource"
2091889 - Devices should be editable for customize template
2091897 - username is missing in the generated ssh command
2091904 - VM is not started if adding "Authorized SSH Key" during vm creation
2091911 - virt-launcher pod remains as NonRoot after LiveMigrating VM from NonRoot to Root
2091940 - SSH is not enabled in vm details after restart the VM
2091945 - delete a template should lead to templates list
2091946 - Add disk modal shows wrong units
2091982 - Got a lot of "Reconciler error" in cdi-deployment log after adding custom DataImportCron to hco
2092048 - When Boot from CD is checked in customized VM creation - Disk source should be Blank
2092052 - Virtualization should be omitted in Calatog breadcrumbs
2092071 - Getting started card in Virtualization overview can not be hidden.
2092079 - Error message stays even when problematic field is dismissed
2092158 - PrometheusRule kubevirt-hyperconverged-prometheus-rule is not getting reconciled by HCO
2092228 - Ensure Machine Type for new VMs is 8.6
2092230 - [RFE] Add indication/mark to deprecated template
2092306 - VM is stucking with WaitingForVolumeBinding if creating via "Boot from CD"
2092337 - os is empty in VM details page
2092359 - [e2e] data-test-id includes all pvc name
2092654 - [RFE] No obvious way to delete the ssh key from the VM
2092662 - No url example for rhel and windows template
2092663 - no hyperlink for URL example in disk source "url"
2092664 - no hyperlink to the cdi uploadproxy URL
2092781 - Details card should be removed for non admins.
2092783 - Top consumers' card should be removed for non admins.
2092787 - Operators links should be removed from Getting started card
2092789 - "Learn more about Operators" link should lead to the Red Hat documentation
2092951 - ?Edit BootSource? action should have more explicit information when disabled
2093282 - Remove links to 'all-namespaces/' for non-privileged user
2093691 - Creation flow drawer left padding is broken
2093713 - Required fields in creation flow should be highlighted if empty
2093715 - Optional parameters section in creation flow is missing bottom padding
2093716 - CPU|Memory modal button should say "Restore template settings?
2093772 - Add a service in environment it reminds a pending change in boot order
2093773 - Console crashed if adding a service without serial number
2093866 - Cannot create vm from the template vm-template-example
2093867 - OS for template 'vm-template-example' should matching the version of the image
2094202 - Cloud-init username field should have hint
2094207 - Cloud-init password field should have auto-generate option
2094208 - SSH key input is missing validation
2094217 - YAML view should reflect shanges in SSH form
2094222 - "?" icon should be placed after red asterisk in required fields
2094323 - Workload profile should be editable in template details page
2094405 - adding resource on enviornment isnt showing on disks list when vm is running
2094440 - Utilization pie charts figures are not based on current data
2094451 - PVC selection in VM creation flow does not work for non-priv user
2094453 - CD Source selection in VM creation flow is missing Upload option
2094465 - Typo in Source tooltip
2094471 - Node selector modal for non-privileged user
2094481 - Tolerations modal for non-privileged user
2094486 - Add affinity rule modal
2094491 - Affinity rules modal button
2094495 - Descheduler modal has same text in two lines
2094646 - [e2e] Elements on scheduling tab are missing proper data-test-id
2094665 - Dedicated Resources modal for non-privileged user
2094678 - Secrets and ConfigMaps can't be added to Windows VM
2094727 - Creation flow should have VM info in header row
2094807 - hardware devices dropdown has group title even with no devices in cluster
2094813 - Cloudinit password is seen in wizard
2094848 - Details card on Overview page - 'View details' link is missing
2095125 - OS is empty in the clone modal
2095129 - "undefined" appears in rootdisk line in clone modal
2095224 - affinity modal for non-privileged users
2095529 - VM migration cancelation in kebab action should have shorter name
2095530 - Column sizes in VM list view
2095532 - Node column in VM list view is visible to non-privileged user
2095537 - Utilization card information should display pie charts as current data and sparkline charts as overtime
2095570 - Details tab of VM should not have Node info for non-privileged user
2095573 - Disks created as environment or scripts should have proper label
2095953 - VNC console controls layout
2095955 - VNC console tabs
2096166 - Template "vm-template-example" is binding with namespace "default"
2096206 - Inconsistent capitalization in Template Actions
2096208 - Templates in the catalog list is not sorted
2096263 - Incorrectly displaying units for Disks size or Memory field in various places
2096333 - virtualization overview, related operators title is not aligned
2096492 - Cannot create vm from a cloned template if its boot source is edited
2096502 - "Restore template settings" should be removed from template CPU editor
2096510 - VM can be created without any disk
2096511 - Template shows "no Boot Source" and label "Source available" at the same time
2096620 - in templates list, edit boot reference kebab action opens a modal with different title
2096781 - Remove boot source provider while edit boot source reference
2096801 - vnc thumbnail in virtual machine overview should be active on page load
2096845 - Windows template's scripts tab is crashed
2097328 - virtctl guestfs shouldn't required uid = 0
2097370 - missing titles for optional parameters in wizard customization page
2097465 - Count is not updating for 'prometheusrule' component when metrics kubevirt_hco_out_of_band_modifications_count executed
2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP
2098134 - "Workload profile" column is not showing completely in template list
2098135 - Workload is not showing correct in catalog after change the template's workload
2098282 - Javascript error when changing boot source of custom template to be an uploaded file
2099443 - No "Quick create virtualmachine" button for template 'vm-template-example'
2099533 - ConsoleQuickStart for HCO CR's VM is missing
2099535 - The cdi-uploadproxy certificate url should be opened in a new tab
2099539 - No storage option for upload while editing a disk
2099566 - Cloudinit should be replaced by cloud-init in all places
2099608 - "DynamicB" shows in vm-example disk size
2099633 - Doc links needs to be updated
2099639 - Remove user line from the ssh command section
2099802 - Details card link shouldn't be hard-coded
2100054 - Windows VM with WSL2 guest fails to migrate
2100284 - Virtualization overview is crashed
2100415 - HCO is taking too much time for reconciling kubevirt-plugin deployment
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode
2101192 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP
2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page
2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user
2101485 - Cloudinit should be replaced by cloud-init in all places
2101628 - non-priv user cannot load dataSource while edit template's rootdisk
2101954 - [4.11]Smart clone and csi clone leaves tmp unbound PVC and ObjectTransfer
2102076 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page
2102116 - [e2e] elements on Template Scheduling tab are missing proper data-test-id
2102117 - [e2e] elements on VM Scripts tab are missing proper data-test-id
2102122 - non-priv user cannot load dataSource while edit template's rootdisk
2102124 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user
2102125 - vm clone modal is displaying DV size instead of PVC size
2102127 - Cannot add NIC to VM template as non-priv user
2102129 - All templates are labeling "source available" in template list page
2102131 - The number of hardware devices is not correct in vm overview tab
2102135 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode
2102143 - vm clone modal is displaying DV size instead of PVC size
2102256 - Add button moved to right
2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal
2102543 - Add button moved to right
2102544 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal
2102545 - VM filter has two "Other" checkboxes which are triggered together
2104617 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed
2106175 - All pages are crashed after visit Virtualization -> Overview
2106258 - All pages are crashed after visit Virtualization -> Overview
2110178 - [Docs] Text repetition in Virtual Disk Hot plug instructions
2111359 - kubevirt plugin console is crashed after creating a vm with 2 nics
2111562 - kubevirt plugin console crashed after visit vmi page
2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs
- References:
https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-17541 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-35492 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-4115 https://access.redhat.com/security/cve/CVE-2021-4189 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-25219 https://access.redhat.com/security/cve/CVE-2021-31535 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-38185 https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2021-43527 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1621 https://access.redhat.com/security/cve/CVE-2022-1629 https://access.redhat.com/security/cve/CVE-2022-1798 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-23772 https://access.redhat.com/security/cve/CVE-2022-23773 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/cve/CVE-2022-24675 https://access.redhat.com/security/cve/CVE-2022-24921 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-27191 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/cve/CVE-2022-28327 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYyJ8IdzjgjWX9erEAQh2Dw/+M+tknCYULLILonF1TEVyD12Yyo+Pabbt a4YQUX2aFlmhOOaVBRXwDMrIPJi/Mi52+Kh05PE4/q2RndH/UbY/SfmtV70UTgiO gb7r+w86fTMHc8h60G9rYfmuVvqgL1HWg7HImJHxtB5DHFcbwtUmB3/nJ5O2oiGn oQdcr2KWA0UjVqv13VffBdkYRbTREJdF/7+2eJDKvFjNiKZYxNw4tBYxgEGcasU/ W61U+E8VU9uRHwtQOUvsOM8ga+3m/qyV8eov4BjmoEUUJYJeqI7hDhn8/GBtMJgb zKL1F3+PgEVyxoZsIKT3YJTLKJd1JLdIEe05fInlcoDSnNU3WZQhNKDZzusW4Mkg B9mwZAhicKGlUNzpt3qp9clq9j/fH1IjS7PetaEBcpr9xeH8VglDLHmNqoMoNmO8 S74c2v3tl6/VnqsYo+jrLLQHbfwrbxCNi1ROpSzr2CD5E9wcyrRS9IBacZKEMYe1 810o/o7T64G9+7xy/5IkPb4lEb3fKC5huBhwZKTjJJQtl6ojLSLXECFR8+1wQTTi LD0EAKjZhVtaMDJVRCo4jL2e2cdfGHJkeIYRzcqo6EmuFzVZYUrPsqyXzERQ6+r9 ayXDJs6y+3BakK/TZi8H3jkE23POT8OqEOR34bGrcaW1BvAEG0GejXh4qEJmzhlg Jpmb+NWHfF0VHM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0881",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4925"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010778"
},
{
"db": "NVD",
"id": "CVE-2022-1629"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "167985"
},
{
"db": "PACKETSTORM",
"id": "168036"
},
{
"db": "PACKETSTORM",
"id": "167956"
},
{
"db": "PACKETSTORM",
"id": "167778"
},
{
"db": "PACKETSTORM",
"id": "167845"
},
{
"db": "PACKETSTORM",
"id": "167644"
},
{
"db": "PACKETSTORM",
"id": "168392"
}
],
"trust": 0.7
},
"cve": "CVE-2022-1629",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1629",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-419742",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1629",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1629",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-1629",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1629",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1629",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-1629",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2825",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-419742",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419742"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010778"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2825"
},
{
"db": "NVD",
"id": "CVE-2022-1629"
},
{
"db": "NVD",
"id": "CVE-2022-1629"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution. vim/vim Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2042536 - OCP 4.10: nfd-topology-updater daemonset fails to get created on worker nodes - forbidden: unable to validate against any security context constraint\n2042652 - Unable to deploy hw-event-proxy operator\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2047308 - Remove metrics and events for master port offsets\n2055049 - No pre-caching for NFD images\n2055436 - nfd-master tracking the wrong api group\n2055439 - nfd-master tracking the wrong api group (operand)\n2057569 - nfd-worker: drop \u0027custom-\u0027 prefix from matchFeatures custom rules\n2058256 - LeaseDuration for NFD Operator seems to be rather small, causing Operator restarts when running etcd defrag\n2062849 - hw event proxy is not binding on ipv6 local address\n2066860 - Wrong spec in NFD documentation under `operand`\n2066887 - Dependabot alert: Path traversal in github.com/valyala/fasthttp\n2066889 - Dependabot alert: Path traversal in github.com/valyala/fasthttp\n2067312 - PPT event source is lost when received by the consumer\n2077243 - NFD os release label lost after upgrade to ocp 4.10.6\n2087511 - NFD SkipRange is wrong causing OLM install problems\n2089962 - Node feature Discovery operator installation failed. \n2090774 - Add Readme to plugin directory\n2091106 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3\n2091142 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n\n5. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.7.3 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nBug Fix(es):\n\n* Velero and Restic are using incorrect SCCs [OADP-BL] (BZ#2082216)\n\n* [MTC] Migrations gets stuck at StageBackup stage for indirect runs\n[OADP-BL] (BZ#2091965)\n\n* MTC: 1.7.1 on OCP 4.6: UI is stuck in \"Discovering persistent volumes\nattached to source projects\" step (BZ#2099856)\n\n* Correct DNS validation for destination namespace (BZ#2102231)\n\n* Deselecting all pvcs from UI still results in an attempted PVC transfer\n(BZ#2106073)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2076133 - CVE-2022-1365 cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor\n2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode\n2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar\n2082216 - Velero and Restic are using incorrect SCCs [OADP-BL]\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2091965 - [MTC] Migrations gets stuck at StageBackup stage for indirect runs [OADP-BL]\n2099856 - MTC: 1.7.1 on OCP 4.6: UI is stuck in \"Discovering persistent volumes attached to source projects\" step\n2102231 - Correct DNS validation for destination namespace\n2106073 - Deselecting all pvcs from UI still results in an attempted PVC transfer\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nMIG-1155 - Update to newer ansible runner image for hooks\nMIG-1242 - Must set upper bound on OADP dep to prevent jump to 1.1\nMIG-1254 - Investigate impact of deprecated Docker V2 Schema 1 for MTC on OCP3.11\n\n6. Description:\n\nRelease osp-director-operator images\n\nSecurity Fix(es):\n\n* go-getter: unsafe download (issue 1 of 3) [Important] (CVE-2022-30321)\n* go-getter: unsafe download (issue 2 of 3) [Important] (CVE-2022-30322)\n* go-getter: unsafe download (issue 3 of 3) [Important] (CVE-2022-30323)\n* go-getter: command injection vulnerability [Important] (CVE-2022-26945)\n* golang.org/x/crypto: empty plaintext packet causes panic [Moderate]\n(CVE-2021-43565)\n* containerd: insufficiently restricted permissions on container root and\nplugin directories [Moderate] (CVE-2021-41103)\n\n3. Solution:\n\nOSP 16.2 Release - OSP Director Operator Containers tech preview\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2011007 - CVE-2021-41103 containerd: insufficiently restricted permissions on container root and plugin directories\n2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic\n2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3)\n2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3)\n2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3)\n2092928 - CVE-2022-26945 go-getter: command injection vulnerability\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2536 - Setting up ODF S3 for loki\nLOG-2640 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated. \nLOG-2757 - [release-5.4] index rollover cronjob fails on openshift-logging operator\nLOG-2762 - [release-5.4]Events and CLO csv are not collected after running `oc adm must-gather --image=$downstream-clo-image `\nLOG-2780 - Loki cannot send logs after upgrade to 5.4.3 from 5.4.2 with \u0027http\u0027\nLOG-2781 - OpenShift Logging Dashboard for Elastic Shards shows \"active_primary\" instead of \"active\" shards. \nLOG-2786 - [release-5.4] Token not added to Vector config when forwarding logs to Lokistack with Token+CA bundle. \nLOG-2791 - [release-5.4] ElasticSearch operator does not respect referencePolicy when selecting oauth-proxy image\n\n6. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nVim (Vi IMproved) is an updated and improved version of the vi editor. \n\nSecurity Fix(es):\n\n* vim: heap buffer overflow (CVE-2022-1621)\n\n* vim: buffer over-read (CVE-2022-1629)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2083924 - CVE-2022-1621 vim: heap buffer overflow\n2083931 - CVE-2022-1629 vim: buffer over-read\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: OpenShift Virtualization 4.11.0 Images security and bug fix update\nAdvisory ID: RHSA-2022:6526-01\nProduct: cnv\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6526\nIssue date: 2022-09-14\nCVE Names: CVE-2018-25032 CVE-2019-5827 CVE-2019-13750\n CVE-2019-13751 CVE-2019-17594 CVE-2019-17595\n CVE-2019-18218 CVE-2019-19603 CVE-2019-20838\n CVE-2020-13435 CVE-2020-14155 CVE-2020-17541\n CVE-2020-24370 CVE-2020-35492 CVE-2021-3580\n CVE-2021-3634 CVE-2021-3737 CVE-2021-4115\n CVE-2021-4189 CVE-2021-20231 CVE-2021-20232\n CVE-2021-23177 CVE-2021-25219 CVE-2021-31535\n CVE-2021-31566 CVE-2021-36084 CVE-2021-36085\n CVE-2021-36086 CVE-2021-36087 CVE-2021-38185\n CVE-2021-38561 CVE-2021-40528 CVE-2021-43527\n CVE-2021-44716 CVE-2021-44717 CVE-2022-0778\n CVE-2022-1271 CVE-2022-1292 CVE-2022-1621\n CVE-2022-1629 CVE-2022-1798 CVE-2022-2068\n CVE-2022-2097 CVE-2022-21698 CVE-2022-22576\n CVE-2022-23772 CVE-2022-23773 CVE-2022-23806\n CVE-2022-24407 CVE-2022-24675 CVE-2022-24921\n CVE-2022-25313 CVE-2022-25314 CVE-2022-27191\n CVE-2022-27774 CVE-2022-27776 CVE-2022-27782\n CVE-2022-28327 CVE-2022-29824\n====================================================================\n1. Summary:\n\nRed Hat OpenShift Virtualization release 4.11.0 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. \n\nThis advisory contains the following OpenShift Virtualization 4.11.0\nimages:\n\nRHEL-8-CNV-4.11\n==============hostpath-provisioner-container-v4.11.0-21\nkubevirt-tekton-tasks-operator-container-v4.11.0-29\nkubevirt-template-validator-container-v4.11.0-17\nbridge-marker-container-v4.11.0-26\nhostpath-csi-driver-container-v4.11.0-21\ncluster-network-addons-operator-container-v4.11.0-26\novs-cni-marker-container-v4.11.0-26\nvirtio-win-container-v4.11.0-16\novs-cni-plugin-container-v4.11.0-26\nkubemacpool-container-v4.11.0-26\nhostpath-provisioner-operator-container-v4.11.0-24\ncnv-containernetworking-plugins-container-v4.11.0-26\nkubevirt-ssp-operator-container-v4.11.0-54\nvirt-cdi-uploadserver-container-v4.11.0-59\nvirt-cdi-cloner-container-v4.11.0-59\nvirt-cdi-operator-container-v4.11.0-59\nvirt-cdi-importer-container-v4.11.0-59\nvirt-cdi-uploadproxy-container-v4.11.0-59\nvirt-cdi-controller-container-v4.11.0-59\nvirt-cdi-apiserver-container-v4.11.0-59\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.0-7\ncheckup-framework-container-v4.11.0-67\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7\nvm-network-latency-checkup-container-v4.11.0-67\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7\nhyperconverged-cluster-webhook-container-v4.11.0-95\ncnv-must-gather-container-v4.11.0-62\nhyperconverged-cluster-operator-container-v4.11.0-95\nkubevirt-console-plugin-container-v4.11.0-83\nvirt-controller-container-v4.11.0-105\nvirt-handler-container-v4.11.0-105\nvirt-operator-container-v4.11.0-105\nvirt-launcher-container-v4.11.0-105\nvirt-artifacts-server-container-v4.11.0-105\nvirt-api-container-v4.11.0-105\nlibguestfs-tools-container-v4.11.0-105\nhco-bundle-registry-container-v4.11.0-587\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n(CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* prometheus/client_golang: Denial of service using\nInstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled\noverflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect\naccess control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field\nelements (CVE-2022-23806)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: regexp: stack exhaustion via a deeply nested expression\n(CVE-2022-24921)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* golang: crypto/elliptic: panic caused by oversized scalar\n(CVE-2022-28327)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1937609 - VM cannot be restarted\n1945593 - Live migration should be blocked for VMs with host devices\n1968514 - [RFE] Add cancel migration action to virtctl\n1993109 - CNV MacOS Client not signed\n1994604 - [RFE] - Add a feature to virtctl to print out a message if virtctl is a different version than the server side\n2001385 - no \"name\" label in virt-operator pod\n2009793 - KBase to clarify nested support status is missing\n2010318 - with sysprep config data as cfgmap volume and as cdrom disk a windows10 VMI fails to LiveMigrate\n2025276 - No permissions when trying to clone to a different namespace (as Kubeadmin)\n2025401 - [TEST ONLY] [CNV+OCS/ODF] Virtualization poison pill implemenation\n2026357 - Migration in sequence can be reported as failed even when it succeeded\n2029349 - cluster-network-addons-operator does not serve metrics through HTTPS\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2031857 - Add annotation for URL to download the image\n2033077 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate\n2035344 - kubemacpool-mac-controller-manager not ready\n2036676 - NoReadyVirtController and NoReadyVirtOperator are never triggered\n2039976 - Pod stuck in \"Terminating\" state when removing VM with kernel boot and container disks\n2040766 - A crashed Windows VM cannot be restarted with virtctl or the UI\n2041467 - [SSP] Support custom DataImportCron creating in custom namespaces\n2042402 - LiveMigration with postcopy misbehave when failure occurs\n2042809 - sysprep disk requires autounattend.xml if an unattend.xml exists\n2045086 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2047186 - When entering to a RH supported template, it changes the project (namespace) to ?OpenShift?\n2051899 - 4.11.0 containers\n2052094 - [rhel9-cnv] VM fails to start, virt-handler error msg: Couldn\u0027t configure ip nat rules\n2052466 - Event does not include reason for inability to live migrate\n2052689 - Overhead Memory consumption calculations are incorrect\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2056467 - virt-template-validator pods getting scheduled on the same node\n2057157 - [4.10.0] HPP-CSI-PVC fails to bind PVC when node fqdn is long\n2057310 - qemu-guest-agent does not report information due to selinux denials\n2058149 - cluster-network-addons-operator deployment\u0027s MULTUS_IMAGE is pointing to brew image\n2058925 - Must-gather: for vms with longer name, gather_vms_details fails to collect qemu, dump xml logs\n2059121 - [CNV-4.11-rhel9] virt-handler pod CrashLoopBackOff state\n2060485 - virtualMachine with duplicate interfaces name causes MACs to be rejected by Kubemacpool\n2060585 - [SNO] Failed to find the virt-controller leader pod\n2061208 - Cannot delete network Interface if VM has multiqueue for networking enabled. \n2061723 - Prevent new DataImportCron to manage DataSource if multiple DataImportCron pointing to same DataSource\n2063540 - [CNV-4.11] Authorization Failed When Cloning Source Namespace\n2063792 - No DataImportCron for CentOS 7\n2064034 - On an upgraded cluster NetworkAddonsConfig seems to be reconciling in a loop\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression\n2064936 - Migration of vm from VMware reports pvc not large enough\n2065014 - Feature Highlights in CNV 4.10 contains links to 4.7\n2065019 - \"Running VMs per template\" in the new overview tab counts VMs that are not running\n2066768 - [CNV-4.11-HCO] User Cannot List Resource \"namespaces\" in API group\n2067246 - [CNV]: Unable to ssh to Virtual Machine post changing Flavor tiny to custom\n2069287 - Two annotations for VM Template provider name\n2069388 - [CNV-4.11] kubemacpool-mac-controller - TLS handshake error\n2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2070864 - non-privileged user cannot see catalog tiles\n2071488 - \"Migrate Node to Node\" is confusing. \n2071549 - [rhel-9] unable to create a non-root virt-launcher based VM\n2071611 - Metrics documentation generators are missing metrics/recording rules\n2071921 - Kubevirt RPM is not being built\n2073669 - [rhel-9] VM fails to start\n2073679 - [rhel-8] VM fails to start: missing virt-launcher-monitor downstream\n2073982 - [CNV-4.11-RHEL9] \u0027virtctl\u0027 binary fails with \u0027rc1\u0027 with \u0027virtctl version\u0027 command\n2074337 - VM created from registry cannot be started\n2075200 - VLAN filtering cannot be configured with Intel X710\n2075409 - [CNV-4.11-rhel9] hco-operator and hco-webhook pods CrashLoopBackOff\n2076292 - Upgrade from 4.10.1-\u003e4.11 using nightly channel, is not completing with error \"could not complete the upgrade process. KubeVirt is not with the expected version. Check KubeVirt observed version in the status field of its CR\"\n2076379 - must-gather: ruletables and qemu logs collected as a part of gather_vm_details scripts are zero bytes file\n2076790 - Alert SSPDown is constantly in Firing state\n2076908 - clicking on a template in the Running VMs per Template card leads to 404\n2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode\n2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar\n2078700 - Windows template boot source should be blank\n2078703 - [RFE] Please hide the user defined password when customizing cloud-init\n2078709 - VM conditions column have wrong key/values\n2078728 - Common template rootDisk is not named correctly\n2079366 - rootdisk is not able to edit\n2079674 - Configuring preferred node affinity in the console results in wrong yaml and unschedulable VM\n2079783 - Actions are broken in topology view\n2080132 - virt-launcher logs live migration in nanoseconds if the migration is stuck\n2080155 - [RFE] Provide the progress of VM migration in the source virt launcher pod\n2080547 - Metrics kubevirt_hco_out_of_band_modifications_count, does not reflect correct modification count when label is added to priorityclass/kubevirt-cluster-critical in a loop\n2080833 - Missing cloud init script editor in the scripts tab\n2080835 - SSH key is set using cloud init script instead of new api\n2081182 - VM SSH command generated by UI points at api VIP\n2081202 - cloud-init for Windows VM generated with corrupted \"undefined\" section\n2081409 - when viewing a common template details page, user need to see the message \"can\u0027t edit common template\" on all tabs\n2081671 - SSH service created outside the UI is not discoverable\n2081831 - [RFE] Improve disk hotplug UX\n2082008 - LiveMigration fails due to loss of connection to destination host\n2082164 - Migration progress timeout expects absolute progress\n2082912 - [CNV-4.11] HCO Being Unable to Reconcile State\n2083093 - VM overview tab is crashed\n2083097 - ?Mount Windows drivers disk? should not show when the template is not ?windows?\n2083100 - Something keeps loading in the ?node selector? modal\n2083101 - ?Restore default settings? never become available while editing CPU/Memory\n2083135 - VM fails to schedule with vTPM in spec\n2083256 - SSP Reconcile logging improvement when CR resources are changed\n2083595 - [RFE] Disable VM descheduler if the VM is not live migratable\n2084102 - [e2e] Many elements are lacking proper selector like \u0027data-test-id\u0027 or \u0027data-test\u0027\n2084122 - [4.11]Clone from filesystem to block on storage api with the same size fails\n2084418 - ?Invalid SSH public key format? appears when drag ssh key file to ?Authorized SSH Key? field\n2084431 - User credentials for ssh is not in correct format\n2084476 - The Virtual Machine Authorized SSH Key is not shown in the scripts tab. \n2084532 - Console is crashed while detaching disk\n2084610 - Newly added Kubevirt-plugin pod is missing resources.requests values (cpu/memory)\n2085320 - Tolerations rules is not adding correctly\n2085322 - Not able to stop/restart VM if the VM is staying in \"Starting\"\n2086272 - [dark mode] Titles in Overview tab not visible enough in dark mode\n2086278 - Cloud init script edit add \" hostname=\u0027\u0027 \" when is should not be added\n2086281 - [dark mode] Helper text in Scripts tab not visible enough on dark mode\n2086286 - [dark mode] The contrast of the Labels and edit labels not look good in the dark mode\n2086293 - [dark mode] Titles in Parameters tab not visible enough in dark mode\n2086294 - [dark mode] Can\u0027t see the number inside the donut chart in VMs per template card\n2086303 - non-priv user can\u0027t create VM when namespace is not selected\n2086479 - some modals use ?Save? and some modals use ?Submit?\n2086486 - cluster overview getting started card include old information\n2086488 - Cannot cancel vm migration if the migration pod is not schedulable in the backend\n2086769 - Missing vm.kubevirt.io/template.namespace label when creating VM with the wizard\n2086803 - When clonnig a template we need to update vm labels and annotaions to match new template\n2086825 - VM restore PVC uses exact source PVC request size\n2086849 - Create from YAML example is not runnable\n2087188 - When VM is stopped - adding disk failed to show\n2087189 - When VM is stopped - adding disk failed to show\n2087232 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed\n2087546 - \"Quick Starts\" is missing in Getting started card\n2087547 - Activity and Status card are missing in Virtualization Overview\n2087559 - template in \"VMs per template\" should take user to vm list page\n2087566 - Remove the ?auto upload? label from template in the catalog if the auto-upload boot source not exists\n2087570 - Page title should be ?VirtualMachines? and not ?Virtual Machines?\n2087577 - \"VMs per template\" load time is a bit long\n2087578 - Terminology \"VM\" should be \"Virtual Machine\" in all places\n2087582 - Remove VMI and MTV from the navigation\n2087583 - [RFE] Show more info about boot source in template list\n2087584 - Template provider should not be mandatory\n2087587 - Improve the descriptive text in the kebab menu of template\n2087589 - Red icons shows in storage disk source selection without a good reason\n2087590 - [REF] \"Upload a new file to a PVC\" should not open the form in a new tab\n2087593 - \"Boot method\" is not a good name in overview tab\n2087603 - Align details card for single VM overview with the design doc\n2087616 - align the utilization card of single VM overview with the design\n2087701 - [RFE] Missing a link to VMI from running VM details page\n2087717 - Message when editing template boot source is wrong\n2088034 - Virtualization Overview crashes when a VirtualMachine has no labels\n2088355 - disk modal shows all storage classes as default\n2088361 - Attached disk keeps in loading status when add disk to a power off VM by non-privileged user\n2088379 - Create VM from catalog does not respect the storageclass of the template\u0027s boot source\n2088407 - Missing create button in the template list\n2088471 - [HPP] hostpath-provisioner-csi does not comply with restricted security context\n2088472 - Golden Images import cron jobs are not getting updated on upgrade to 4.11\n2088477 - [4.11.z] VMSnapshot restore fails to provision volume with size mismatch error\n2088849 - \"dataimportcrontemplate.kubevirt.io/enable\" field does not do any validation\n2089078 - ConsolePlugin kubevirt-plugin is not getting reconciled by hco\n2089271 - Virtualization appears twice in sidebar\n2089327 - add network modal crash when no networks available\n2089376 - Virtual Machine Template without dataVolumeTemplates gets blank page\n2089477 - [RFE] Allow upload source when adding VM disk\n2089700 - Drive column in Disks card of Overview page has duplicated values\n2089745 - When removing all disks from customize wizard app crashes\n2089789 - Add windows drivers disk is missing when template is not windows\n2089825 - Top consumers card on Virtualization Overview page should keep display parameters as set by user\n2089836 - Card titles on single VM Overview page does not have hyperlinks to relevant pages\n2089840 - Cant create snapshot if VM is without disks\n2089877 - Utilization card on single VM overview - timespan menu lacks 5min option\n2089932 - Top consumers card on single VM overview - View by resource dropdown menu needs an update\n2089942 - Utilization card on single VM overview - trend charts at the bottom should be linked to proper metrics\n2089954 - Details card on single VM overview - VNC console has grey padding\n2089963 - Details card on single VM overview - Operating system info is not available\n2089967 - Network Interfaces card on single VM overview - name tooltip lacks info\n2089970 - Network Interfaces card on single VM overview - IP tooltip\n2089972 - Disks card on single VM overview -typo\n2089979 - Single VM Details - CPU|Memory edit icon misplaced\n2089982 - Single VM Details - SSH modal has redundant VM name\n2090035 - Alert card is missing in single VM overview\n2090036 - OS should be \"Operating system\" and host should be \"hostname\" in single vm overview\n2090037 - Add template link in single vm overview details card\n2090038 - The update field under the version in overview should be consistent with the operator page\n2090042 - Move the edit button close to the text for \"boot order\" and \"ssh access\"\n2090043 - \"No resource selected\" in vm boot order\n2090046 - Hardware devices section In the VM details and Template details should be aligned with catalog page\n2090048 - \"Boot mode\" should be editable while VM is running\n2090054 - Services ?kubernetes\" and \"openshift\" should not be listing in vm details\n2090055 - Add link to vm template in vm details page\n2090056 - \"Something went wrong\" shows on VM \"Environment\" tab\n2090057 - \"?\" icon is too big in environment and disk tab\n2090059 - Failed to add configmap in environment tab due to validate error\n2090064 - Miss \"remote desktop\" in console dropdown list for windows VM\n2090066 - [RFE] Improve guest login credentials\n2090068 - Make the \"name\" and \"Source\" column wider in vm disk tab\n2090131 - Key\u0027s value in \"add affinity rule\" modal is too small\n2090350 - memory leak in virt-launcher process\n2091003 - SSH service is not deleted along the VM\n2091058 - After VM gets deleted, the user is redirected to a page with a different namespace\n2091309 - While disabling a golden image via HCO, user should not be required to enter the whole spec. \n2091406 - wrong template namespace label when creating a vm with wizard\n2091754 - Scheduling and scripts tab should be editable while the VM is running\n2091755 - Change bottom \"Save\" to \"Apply\" on cloud-init script form\n2091756 - The root disk of cloned template should be editable\n2091758 - \"OS\" should be \"Operating system\" in template filter\n2091760 - The provider should be empty if it\u0027s not set during cloning\n2091761 - Miss \"Edit labels\" and \"Edit annotations\" in template kebab button\n2091762 - Move notification above the tabs in template details page\n2091764 - Clone a template should lead to the template details\n2091765 - \"Edit bootsource\" is keeping in load in template actions dropdown\n2091766 - \"Are you sure you want to leave this page?\" pops up when click the \"Templates\" link\n2091853 - On Snapshot tab of single VM \"Restore\" button should move to the kebab actions together with the Delete\n2091863 - BootSource edit modal should list affected templates\n2091868 - Catalog list view has two columns named \"BootSource\"\n2091889 - Devices should be editable for customize template\n2091897 - username is missing in the generated ssh command\n2091904 - VM is not started if adding \"Authorized SSH Key\" during vm creation\n2091911 - virt-launcher pod remains as NonRoot after LiveMigrating VM from NonRoot to Root\n2091940 - SSH is not enabled in vm details after restart the VM\n2091945 - delete a template should lead to templates list\n2091946 - Add disk modal shows wrong units\n2091982 - Got a lot of \"Reconciler error\" in cdi-deployment log after adding custom DataImportCron to hco\n2092048 - When Boot from CD is checked in customized VM creation - Disk source should be Blank\n2092052 - Virtualization should be omitted in Calatog breadcrumbs\n2092071 - Getting started card in Virtualization overview can not be hidden. \n2092079 - Error message stays even when problematic field is dismissed\n2092158 - PrometheusRule kubevirt-hyperconverged-prometheus-rule is not getting reconciled by HCO\n2092228 - Ensure Machine Type for new VMs is 8.6\n2092230 - [RFE] Add indication/mark to deprecated template\n2092306 - VM is stucking with WaitingForVolumeBinding if creating via \"Boot from CD\"\n2092337 - os is empty in VM details page\n2092359 - [e2e] data-test-id includes all pvc name\n2092654 - [RFE] No obvious way to delete the ssh key from the VM\n2092662 - No url example for rhel and windows template\n2092663 - no hyperlink for URL example in disk source \"url\"\n2092664 - no hyperlink to the cdi uploadproxy URL\n2092781 - Details card should be removed for non admins. \n2092783 - Top consumers\u0027 card should be removed for non admins. \n2092787 - Operators links should be removed from Getting started card\n2092789 - \"Learn more about Operators\" link should lead to the Red Hat documentation\n2092951 - ?Edit BootSource? action should have more explicit information when disabled\n2093282 - Remove links to \u0027all-namespaces/\u0027 for non-privileged user\n2093691 - Creation flow drawer left padding is broken\n2093713 - Required fields in creation flow should be highlighted if empty\n2093715 - Optional parameters section in creation flow is missing bottom padding\n2093716 - CPU|Memory modal button should say \"Restore template settings?\n2093772 - Add a service in environment it reminds a pending change in boot order\n2093773 - Console crashed if adding a service without serial number\n2093866 - Cannot create vm from the template `vm-template-example`\n2093867 - OS for template \u0027vm-template-example\u0027 should matching the version of the image\n2094202 - Cloud-init username field should have hint\n2094207 - Cloud-init password field should have auto-generate option\n2094208 - SSH key input is missing validation\n2094217 - YAML view should reflect shanges in SSH form\n2094222 - \"?\" icon should be placed after red asterisk in required fields\n2094323 - Workload profile should be editable in template details page\n2094405 - adding resource on enviornment isnt showing on disks list when vm is running\n2094440 - Utilization pie charts figures are not based on current data\n2094451 - PVC selection in VM creation flow does not work for non-priv user\n2094453 - CD Source selection in VM creation flow is missing Upload option\n2094465 - Typo in Source tooltip\n2094471 - Node selector modal for non-privileged user\n2094481 - Tolerations modal for non-privileged user\n2094486 - Add affinity rule modal\n2094491 - Affinity rules modal button\n2094495 - Descheduler modal has same text in two lines\n2094646 - [e2e] Elements on scheduling tab are missing proper data-test-id\n2094665 - Dedicated Resources modal for non-privileged user\n2094678 - Secrets and ConfigMaps can\u0027t be added to Windows VM\n2094727 - Creation flow should have VM info in header row\n2094807 - hardware devices dropdown has group title even with no devices in cluster\n2094813 - Cloudinit password is seen in wizard\n2094848 - Details card on Overview page - \u0027View details\u0027 link is missing\n2095125 - OS is empty in the clone modal\n2095129 - \"undefined\" appears in rootdisk line in clone modal\n2095224 - affinity modal for non-privileged users\n2095529 - VM migration cancelation in kebab action should have shorter name\n2095530 - Column sizes in VM list view\n2095532 - Node column in VM list view is visible to non-privileged user\n2095537 - Utilization card information should display pie charts as current data and sparkline charts as overtime\n2095570 - Details tab of VM should not have Node info for non-privileged user\n2095573 - Disks created as environment or scripts should have proper label\n2095953 - VNC console controls layout\n2095955 - VNC console tabs\n2096166 - Template \"vm-template-example\" is binding with namespace \"default\"\n2096206 - Inconsistent capitalization in Template Actions\n2096208 - Templates in the catalog list is not sorted\n2096263 - Incorrectly displaying units for Disks size or Memory field in various places\n2096333 - virtualization overview, related operators title is not aligned\n2096492 - Cannot create vm from a cloned template if its boot source is edited\n2096502 - \"Restore template settings\" should be removed from template CPU editor\n2096510 - VM can be created without any disk\n2096511 - Template shows \"no Boot Source\" and label \"Source available\" at the same time\n2096620 - in templates list, edit boot reference kebab action opens a modal with different title\n2096781 - Remove boot source provider while edit boot source reference\n2096801 - vnc thumbnail in virtual machine overview should be active on page load\n2096845 - Windows template\u0027s scripts tab is crashed\n2097328 - virtctl guestfs shouldn\u0027t required uid = 0\n2097370 - missing titles for optional parameters in wizard customization page\n2097465 - Count is not updating for \u0027prometheusrule\u0027 component when metrics kubevirt_hco_out_of_band_modifications_count executed\n2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2098134 - \"Workload profile\" column is not showing completely in template list\n2098135 - Workload is not showing correct in catalog after change the template\u0027s workload\n2098282 - Javascript error when changing boot source of custom template to be an uploaded file\n2099443 - No \"Quick create virtualmachine\" button for template \u0027vm-template-example\u0027\n2099533 - ConsoleQuickStart for HCO CR\u0027s VM is missing\n2099535 - The cdi-uploadproxy certificate url should be opened in a new tab\n2099539 - No storage option for upload while editing a disk\n2099566 - Cloudinit should be replaced by cloud-init in all places\n2099608 - \"DynamicB\" shows in vm-example disk size\n2099633 - Doc links needs to be updated\n2099639 - Remove user line from the ssh command section\n2099802 - Details card link shouldn\u0027t be hard-coded\n2100054 - Windows VM with WSL2 guest fails to migrate\n2100284 - Virtualization overview is crashed\n2100415 - HCO is taking too much time for reconciling kubevirt-plugin deployment\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2101192 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2101454 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2101485 - Cloudinit should be replaced by cloud-init in all places\n2101628 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2101954 - [4.11]Smart clone and csi clone leaves tmp unbound PVC and ObjectTransfer\n2102076 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2102116 - [e2e] elements on Template Scheduling tab are missing proper data-test-id\n2102117 - [e2e] elements on VM Scripts tab are missing proper data-test-id\n2102122 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2102124 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2102125 - vm clone modal is displaying DV size instead of PVC size\n2102127 - Cannot add NIC to VM template as non-priv user\n2102129 - All templates are labeling \"source available\" in template list page\n2102131 - The number of hardware devices is not correct in vm overview tab\n2102135 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2102143 - vm clone modal is displaying DV size instead of PVC size\n2102256 - Add button moved to right\n2102448 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102543 - Add button moved to right\n2102544 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102545 - VM filter has two \"Other\" checkboxes which are triggered together\n2104617 - Storage status report \"OpenShift Data Foundation is not available\" even the operator is installed\n2106175 - All pages are crashed after visit Virtualization -\u003e Overview\n2106258 - All pages are crashed after visit Virtualization -\u003e Overview\n2110178 - [Docs] Text repetition in Virtual Disk Hot plug instructions\n2111359 - kubevirt plugin console is crashed after creating a vm with 2 nics\n2111562 - kubevirt plugin console crashed after visit vmi page\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-25032\nhttps://access.redhat.com/security/cve/CVE-2019-5827\nhttps://access.redhat.com/security/cve/CVE-2019-13750\nhttps://access.redhat.com/security/cve/CVE-2019-13751\nhttps://access.redhat.com/security/cve/CVE-2019-17594\nhttps://access.redhat.com/security/cve/CVE-2019-17595\nhttps://access.redhat.com/security/cve/CVE-2019-18218\nhttps://access.redhat.com/security/cve/CVE-2019-19603\nhttps://access.redhat.com/security/cve/CVE-2019-20838\nhttps://access.redhat.com/security/cve/CVE-2020-13435\nhttps://access.redhat.com/security/cve/CVE-2020-14155\nhttps://access.redhat.com/security/cve/CVE-2020-17541\nhttps://access.redhat.com/security/cve/CVE-2020-24370\nhttps://access.redhat.com/security/cve/CVE-2020-35492\nhttps://access.redhat.com/security/cve/CVE-2021-3580\nhttps://access.redhat.com/security/cve/CVE-2021-3634\nhttps://access.redhat.com/security/cve/CVE-2021-3737\nhttps://access.redhat.com/security/cve/CVE-2021-4115\nhttps://access.redhat.com/security/cve/CVE-2021-4189\nhttps://access.redhat.com/security/cve/CVE-2021-20231\nhttps://access.redhat.com/security/cve/CVE-2021-20232\nhttps://access.redhat.com/security/cve/CVE-2021-23177\nhttps://access.redhat.com/security/cve/CVE-2021-25219\nhttps://access.redhat.com/security/cve/CVE-2021-31535\nhttps://access.redhat.com/security/cve/CVE-2021-31566\nhttps://access.redhat.com/security/cve/CVE-2021-36084\nhttps://access.redhat.com/security/cve/CVE-2021-36085\nhttps://access.redhat.com/security/cve/CVE-2021-36086\nhttps://access.redhat.com/security/cve/CVE-2021-36087\nhttps://access.redhat.com/security/cve/CVE-2021-38185\nhttps://access.redhat.com/security/cve/CVE-2021-38561\nhttps://access.redhat.com/security/cve/CVE-2021-40528\nhttps://access.redhat.com/security/cve/CVE-2021-43527\nhttps://access.redhat.com/security/cve/CVE-2021-44716\nhttps://access.redhat.com/security/cve/CVE-2021-44717\nhttps://access.redhat.com/security/cve/CVE-2022-0778\nhttps://access.redhat.com/security/cve/CVE-2022-1271\nhttps://access.redhat.com/security/cve/CVE-2022-1292\nhttps://access.redhat.com/security/cve/CVE-2022-1621\nhttps://access.redhat.com/security/cve/CVE-2022-1629\nhttps://access.redhat.com/security/cve/CVE-2022-1798\nhttps://access.redhat.com/security/cve/CVE-2022-2068\nhttps://access.redhat.com/security/cve/CVE-2022-2097\nhttps://access.redhat.com/security/cve/CVE-2022-21698\nhttps://access.redhat.com/security/cve/CVE-2022-22576\nhttps://access.redhat.com/security/cve/CVE-2022-23772\nhttps://access.redhat.com/security/cve/CVE-2022-23773\nhttps://access.redhat.com/security/cve/CVE-2022-23806\nhttps://access.redhat.com/security/cve/CVE-2022-24407\nhttps://access.redhat.com/security/cve/CVE-2022-24675\nhttps://access.redhat.com/security/cve/CVE-2022-24921\nhttps://access.redhat.com/security/cve/CVE-2022-25313\nhttps://access.redhat.com/security/cve/CVE-2022-25314\nhttps://access.redhat.com/security/cve/CVE-2022-27191\nhttps://access.redhat.com/security/cve/CVE-2022-27774\nhttps://access.redhat.com/security/cve/CVE-2022-27776\nhttps://access.redhat.com/security/cve/CVE-2022-27782\nhttps://access.redhat.com/security/cve/CVE-2022-28327\nhttps://access.redhat.com/security/cve/CVE-2022-29824\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYyJ8IdzjgjWX9erEAQh2Dw/+M+tknCYULLILonF1TEVyD12Yyo+Pabbt\na4YQUX2aFlmhOOaVBRXwDMrIPJi/Mi52+Kh05PE4/q2RndH/UbY/SfmtV70UTgiO\ngb7r+w86fTMHc8h60G9rYfmuVvqgL1HWg7HImJHxtB5DHFcbwtUmB3/nJ5O2oiGn\noQdcr2KWA0UjVqv13VffBdkYRbTREJdF/7+2eJDKvFjNiKZYxNw4tBYxgEGcasU/\nW61U+E8VU9uRHwtQOUvsOM8ga+3m/qyV8eov4BjmoEUUJYJeqI7hDhn8/GBtMJgb\nzKL1F3+PgEVyxoZsIKT3YJTLKJd1JLdIEe05fInlcoDSnNU3WZQhNKDZzusW4Mkg\nB9mwZAhicKGlUNzpt3qp9clq9j/fH1IjS7PetaEBcpr9xeH8VglDLHmNqoMoNmO8\nS74c2v3tl6/VnqsYo+jrLLQHbfwrbxCNi1ROpSzr2CD5E9wcyrRS9IBacZKEMYe1\n810o/o7T64G9+7xy/5IkPb4lEb3fKC5huBhwZKTjJJQtl6ojLSLXECFR8+1wQTTi\nLD0EAKjZhVtaMDJVRCo4jL2e2cdfGHJkeIYRzcqo6EmuFzVZYUrPsqyXzERQ6+r9\nayXDJs6y+3BakK/TZi8H3jkE23POT8OqEOR34bGrcaW1BvAEG0GejXh4qEJmzhlg\nJpmb+NWHfF0VHM\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010778"
},
{
"db": "VULHUB",
"id": "VHN-419742"
},
{
"db": "PACKETSTORM",
"id": "167985"
},
{
"db": "PACKETSTORM",
"id": "168036"
},
{
"db": "PACKETSTORM",
"id": "167956"
},
{
"db": "PACKETSTORM",
"id": "167778"
},
{
"db": "PACKETSTORM",
"id": "167845"
},
{
"db": "PACKETSTORM",
"id": "167644"
},
{
"db": "PACKETSTORM",
"id": "168392"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1629",
"trust": 4.0
},
{
"db": "PACKETSTORM",
"id": "167985",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167778",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010778",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167853",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167666",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022071342",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072631",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052017",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070109",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070642",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022063027",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072127",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072010",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4601",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3226",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3821",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3977",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3554",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3873",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3644",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2825",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167644",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167845",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167838",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167984",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-419742",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168036",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167956",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168392",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419742"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010778"
},
{
"db": "PACKETSTORM",
"id": "167985"
},
{
"db": "PACKETSTORM",
"id": "168036"
},
{
"db": "PACKETSTORM",
"id": "167956"
},
{
"db": "PACKETSTORM",
"id": "167778"
},
{
"db": "PACKETSTORM",
"id": "167845"
},
{
"db": "PACKETSTORM",
"id": "167644"
},
{
"db": "PACKETSTORM",
"id": "168392"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2825"
},
{
"db": "NVD",
"id": "CVE-2022-1629"
}
]
},
"id": "VAR-202205-0881",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-419742"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T21:27:25.754000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "trailing\u00a0backslash\u00a0may\u00a0cause\u00a0reading\u00a0past\u00a0end\u00a0of\u00a0line Apple Apple\u00a0Security\u00a0Updates",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=193121"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010778"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2825"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-126",
"trust": 1.1
},
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419742"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010778"
},
{
"db": "NVD",
"id": "CVE-2022-1629"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "https://huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52ee"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.7,
"url": "https://github.com/vim/vim/commit/53a70289c2712808e6d4e88927e03cac01b470dd"
},
{
"trust": 1.6,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hip7kg7tvs5yf3qreay2gogut3yubzai/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hip7kg7tvs5yf3qreay2gogut3yubzai/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-1621"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-1629"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-27782"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-27776"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-22576"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-27774"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-40528"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-29824"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072631"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3977"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072127"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070642"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220720108"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071342"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167666/red-hat-security-advisory-2022-5242-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167853/red-hat-security-advisory-2022-5531-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022063027"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070109"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-out-of-bounds-memory-reading-via-find-next-quote-38391"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3554"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3873"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052017"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167985/red-hat-security-advisory-2022-5909-01.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1629/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3226"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3644"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167778/red-hat-security-advisory-2022-5673-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3821"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4601"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-38561"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-28327"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-4189"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3634"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3737"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-25032"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-24675"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24921"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27191"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23772"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21698"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-25219"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23806"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23773"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28915"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28915"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27666"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-34169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21541"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21541"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5909"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20095"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29162"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1706"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18874"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28493"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18874"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1729"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5070"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28493"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29526"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1365"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41103"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4991"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26945"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30321"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3737"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3634"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/containers"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4189"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26945"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43565"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30322"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30323"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41103"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27666"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5556"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26691"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5319"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6526"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2097"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38185"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1798"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4115"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-419742"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010778"
},
{
"db": "PACKETSTORM",
"id": "167985"
},
{
"db": "PACKETSTORM",
"id": "168036"
},
{
"db": "PACKETSTORM",
"id": "167956"
},
{
"db": "PACKETSTORM",
"id": "167778"
},
{
"db": "PACKETSTORM",
"id": "167845"
},
{
"db": "PACKETSTORM",
"id": "167644"
},
{
"db": "PACKETSTORM",
"id": "168392"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2825"
},
{
"db": "NVD",
"id": "CVE-2022-1629"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-419742"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010778"
},
{
"db": "PACKETSTORM",
"id": "167985"
},
{
"db": "PACKETSTORM",
"id": "168036"
},
{
"db": "PACKETSTORM",
"id": "167956"
},
{
"db": "PACKETSTORM",
"id": "167778"
},
{
"db": "PACKETSTORM",
"id": "167845"
},
{
"db": "PACKETSTORM",
"id": "167644"
},
{
"db": "PACKETSTORM",
"id": "168392"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2825"
},
{
"db": "NVD",
"id": "CVE-2022-1629"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-10T00:00:00",
"db": "VULHUB",
"id": "VHN-419742"
},
{
"date": "2023-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010778"
},
{
"date": "2022-08-05T14:52:04",
"db": "PACKETSTORM",
"id": "167985"
},
{
"date": "2022-08-10T15:54:58",
"db": "PACKETSTORM",
"id": "168036"
},
{
"date": "2022-08-04T14:49:41",
"db": "PACKETSTORM",
"id": "167956"
},
{
"date": "2022-07-21T20:26:52",
"db": "PACKETSTORM",
"id": "167778"
},
{
"date": "2022-07-27T17:28:30",
"db": "PACKETSTORM",
"id": "167845"
},
{
"date": "2022-07-01T14:56:38",
"db": "PACKETSTORM",
"id": "167644"
},
{
"date": "2022-09-15T14:20:18",
"db": "PACKETSTORM",
"id": "168392"
},
{
"date": "2022-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2825"
},
{
"date": "2022-05-10T14:15:08.530000",
"db": "NVD",
"id": "CVE-2022-1629"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-419742"
},
{
"date": "2023-08-17T04:19:00",
"db": "JVNDB",
"id": "JVNDB-2022-010778"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2825"
},
{
"date": "2024-11-21T06:41:07.860000",
"db": "NVD",
"id": "CVE-2022-1629"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2825"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010778"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2825"
}
],
"trust": 0.6
}
}
var-202106-0521
Vulnerability from variot
curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. curl Exists in a flaw in resource initialization.Information may be obtained. This update provides
the corresponding updates for Ubuntu 16.04 ESM. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Low: Red Hat Advanced Cluster Management 2.2.10 security updates and bug fixes Advisory ID: RHSA-2021:5038-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2021:5038 Issue date: 2021-12-08 CVE Names: CVE-2018-20673 CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-12762 CVE-2020-13435 CVE-2020-14145 CVE-2020-14155 CVE-2020-16135 CVE-2020-24370 CVE-2020-36385 CVE-2021-3200 CVE-2021-3426 CVE-2021-3445 CVE-2021-3572 CVE-2021-3580 CVE-2021-3733 CVE-2021-3778 CVE-2021-3795 CVE-2021-3796 CVE-2021-3800 CVE-2021-20231 CVE-2021-20232 CVE-2021-20266 CVE-2021-20271 CVE-2021-20317 CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 CVE-2021-22946 CVE-2021-22947 CVE-2021-23440 CVE-2021-23840 CVE-2021-23841 CVE-2021-27645 CVE-2021-28153 CVE-2021-33560 CVE-2021-33574 CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 CVE-2021-35942 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-37750 CVE-2021-42574 CVE-2021-43267 CVE-2021-43527 =====================================================================
- Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.2.10 General Availability release images, which provide one or more container updates and bug fixes.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments.
Clusters and applications are all visible and managed from a single console — with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security fixes, bug fixes and container upgrades. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/
Security fixes:
-
CVE-2021-3795 semver-regex: inefficient regular expression complexity
-
CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747
Related bugs:
-
RHACM 2.2.10 images (Bugzilla #2013652)
-
Solution:
For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index
For details on how to apply this update, refer to:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing
- Bugs fixed (https://bugzilla.redhat.com/):
2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747 2006009 - CVE-2021-3795 semver-regex: inefficient regular expression complexity 2013652 - RHACM 2.2.10 images
- References:
https://access.redhat.com/security/cve/CVE-2018-20673 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14145 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-36385 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3426 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3572 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3733 https://access.redhat.com/security/cve/CVE-2021-3778 https://access.redhat.com/security/cve/CVE-2021-3795 https://access.redhat.com/security/cve/CVE-2021-3796 https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-20266 https://access.redhat.com/security/cve/CVE-2021-20271 https://access.redhat.com/security/cve/CVE-2021-20317 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22898 https://access.redhat.com/security/cve/CVE-2021-22925 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/cve/CVE-2021-23440 https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/cve/CVE-2021-27645 https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/cve/CVE-2021-33560 https://access.redhat.com/security/cve/CVE-2021-33574 https://access.redhat.com/security/cve/CVE-2021-33928 https://access.redhat.com/security/cve/CVE-2021-33929 https://access.redhat.com/security/cve/CVE-2021-33930 https://access.redhat.com/security/cve/CVE-2021-33938 https://access.redhat.com/security/cve/CVE-2021-35942 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-37750 https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/cve/CVE-2021-43267 https://access.redhat.com/security/cve/CVE-2021-43527 https://access.redhat.com/security/updates/classification/#low
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYbFj09zjgjWX9erEAQhkSBAAmumlh+3dgSyNVv2fYrNRs2rV8QdDzhNZ o49/4HwzzTYmoV5hiTCa3JfcyOPoa/vXqAsuSd2dlQEEdHgBbikagp7hcVE/8Yks Ta8Uq+uMNrpjIgFMKld+xJBcEoQUGflkPs/Y5vUbh4k8wRv3737DmLmJQR71teMf PAE8AcMB4VvfqqH3V8+g7CCWLLh3by49+p4PagPLflitPiAB6j8d9ibnd3oPYHY7 Mj0nx6Hp+xnEAcleIENYd169YgSL57SCXO10HuzOBoodF9qIiLLHktXod3JJ7JER vQapO7UZ7lXXXmyYE4Uu3QKtLjAPVkimr58ZPYMWqczyMMz9RykwnUFJ4ihRUaGh ngpuPDhIno1L3y/mWGy5uGmwFJGPDmcclOBwsuzaUev3CiUBnzXlGNkppG/AODKJ leynR6zgg+LzDo1YtJ2SGp8sGGqkrD18XzwmLWuofEZVxsAie7L5ZoApx8/y6MeT 9mnD5NUMgRUNSa9I37eVb1llMoSsFkXD4rzkLwxPxmi+JOver8m/Il048IVqTvCU /cCjr2VKhpBUhWjahr0N4ENijTeIibItY/dfnzOd+w588d9LhHt7wAnp3Fu8IC6T pAXwwSEDoxVo5NX4j1XAggxa8pnAMhyijq3Kqd6ifQnlEfeBiPxDDtUpQzaT3H7C i7tuw8Mn3KU= =VHYj -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):
2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files
- Description:
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Bugs fixed (https://bugzilla.redhat.com/):
1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1997017 - unprivileged client fails to get guest agent data 1998855 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed 2000251 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount 2001270 - [VMIO] [Warm from Vmware] Snapshot files are not deleted after Successful Import 2001281 - [VMIO] [Warm from VMware] Source VM should not be turned ON if vmio import is removed 2001901 - [4.8.3] NNCP creation failures after nmstate-handler pod deletion 2007336 - 4.8.3 containers 2007776 - Failed to Migrate Windows VM with CDROM (readonly) 2008511 - [CNV-4.8.3] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13 2012890 - With descheduler during multiple VMIs migrations, some VMs are restarted 2025475 - [4.8.3] Upgrade from 2.6 to 4.x versions failed due to vlan-filtering issues 2026881 - [4.8.3] vlan-filtering is getting applied on veth ports
- Summary:
An update is now available for OpenShift Logging 5.2. Description:
Openshift Logging Bug Fix Release (5.2.3)
Security Fix(es):
-
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)
-
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1857 - OpenShift Alerting Rules Style-Guide Compliance LOG-1904 - [release-5.2] Fix the Display of ClusterLogging type in OLM LOG-1916 - [release-5.2] Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server
- These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack.
For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u2.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K i8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD waofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp rXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz Uao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE yIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab SPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF REStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R 1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt TV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38 EPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA= =3E71 -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-5894-1 February 27, 2023
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in curl. This issue was only fixed in Ubuntu 14.04 ESM. (CVE-2021-22898, CVE-2021-22925)
It was discovered that curl incorrectly handled denials when using HTTP proxies. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-43552)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: curl 7.47.0-1ubuntu2.19+esm7 libcurl3 7.47.0-1ubuntu2.19+esm7 libcurl3-gnutls 7.47.0-1ubuntu2.19+esm7 libcurl3-nss 7.47.0-1ubuntu2.19+esm7
Ubuntu 14.04 ESM: curl 7.35.0-1ubuntu2.20+esm14 libcurl3 7.35.0-1ubuntu2.20+esm14 libcurl3-gnutls 7.35.0-1ubuntu2.20+esm14 libcurl3-nss 7.35.0-1ubuntu2.20+esm14
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-0521",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mysql server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.25"
},
{
"model": "curl",
"scope": "lte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.76.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "mysql server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.34"
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "essbase",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.4.047"
},
{
"model": "essbase",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.3"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "communications cloud native core service communication proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.11.0"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.1"
},
{
"model": "curl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.7"
},
{
"model": "essbase",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0"
},
{
"model": "oracle essbase server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "mysql",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "guacamole",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "curl",
"scope": null,
"trust": 0.8,
"vendor": "haxx",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008167"
},
{
"db": "NVD",
"id": "CVE-2021-22898"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "165209"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "165135"
},
{
"db": "PACKETSTORM",
"id": "165002"
},
{
"db": "PACKETSTORM",
"id": "165862"
}
],
"trust": 0.5
},
"cve": "CVE-2021-22898",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2021-22898",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.6,
"id": "CVE-2021-22898",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.1,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-22898",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22898",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2021-22898",
"trust": 0.8,
"value": "Low"
},
{
"author": "VULMON",
"id": "CVE-2021-22898",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22898"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008167"
},
{
"db": "NVD",
"id": "CVE-2021-22898"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. curl Exists in a flaw in resource initialization.Information may be obtained. This update provides\nthe corresponding updates for Ubuntu 16.04 ESM. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: Red Hat Advanced Cluster Management 2.2.10 security updates and bug fixes\nAdvisory ID: RHSA-2021:5038-01\nProduct: Red Hat ACM\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:5038\nIssue date: 2021-12-08\nCVE Names: CVE-2018-20673 CVE-2019-5827 CVE-2019-13750 \n CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 \n CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 \n CVE-2020-12762 CVE-2020-13435 CVE-2020-14145 \n CVE-2020-14155 CVE-2020-16135 CVE-2020-24370 \n CVE-2020-36385 CVE-2021-3200 CVE-2021-3426 \n CVE-2021-3445 CVE-2021-3572 CVE-2021-3580 \n CVE-2021-3733 CVE-2021-3778 CVE-2021-3795 \n CVE-2021-3796 CVE-2021-3800 CVE-2021-20231 \n CVE-2021-20232 CVE-2021-20266 CVE-2021-20271 \n CVE-2021-20317 CVE-2021-22876 CVE-2021-22898 \n CVE-2021-22925 CVE-2021-22946 CVE-2021-22947 \n CVE-2021-23440 CVE-2021-23840 CVE-2021-23841 \n CVE-2021-27645 CVE-2021-28153 CVE-2021-33560 \n CVE-2021-33574 CVE-2021-33928 CVE-2021-33929 \n CVE-2021-33930 CVE-2021-33938 CVE-2021-35942 \n CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 \n CVE-2021-36087 CVE-2021-37750 CVE-2021-42574 \n CVE-2021-43267 CVE-2021-43527 \n=====================================================================\n\n1. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.10 General\nAvailability release images, which provide one or more container updates\nand bug fixes. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score,\nwhich\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.10 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. \n\nClusters and applications are all visible and managed from a single console\n\u2014 with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which provide security fixes, bug fixes and\ncontainer upgrades. See the following Release Notes documentation, which\nwill be updated shortly for this release, for additional details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes: \n\n* CVE-2021-3795 semver-regex: inefficient regular expression complexity\n\n* CVE-2021-23440 nodejs-set-value: type confusion allows bypass of\nCVE-2019-10747\n\nRelated bugs: \n\n* RHACM 2.2.10 images (Bugzilla #2013652)\n\n3. Solution:\n\nFor Red Hat Advanced Cluster Management for Kubernetes, see the following\ndocumentation, which will be updated shortly for this release, for\nimportant instructions on how to upgrade your cluster and fully apply this\nasynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747\n2006009 - CVE-2021-3795 semver-regex: inefficient regular expression complexity\n2013652 - RHACM 2.2.10 images\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-20673\nhttps://access.redhat.com/security/cve/CVE-2019-5827\nhttps://access.redhat.com/security/cve/CVE-2019-13750\nhttps://access.redhat.com/security/cve/CVE-2019-13751\nhttps://access.redhat.com/security/cve/CVE-2019-17594\nhttps://access.redhat.com/security/cve/CVE-2019-17595\nhttps://access.redhat.com/security/cve/CVE-2019-18218\nhttps://access.redhat.com/security/cve/CVE-2019-19603\nhttps://access.redhat.com/security/cve/CVE-2019-20838\nhttps://access.redhat.com/security/cve/CVE-2020-12762\nhttps://access.redhat.com/security/cve/CVE-2020-13435\nhttps://access.redhat.com/security/cve/CVE-2020-14145\nhttps://access.redhat.com/security/cve/CVE-2020-14155\nhttps://access.redhat.com/security/cve/CVE-2020-16135\nhttps://access.redhat.com/security/cve/CVE-2020-24370\nhttps://access.redhat.com/security/cve/CVE-2020-36385\nhttps://access.redhat.com/security/cve/CVE-2021-3200\nhttps://access.redhat.com/security/cve/CVE-2021-3426\nhttps://access.redhat.com/security/cve/CVE-2021-3445\nhttps://access.redhat.com/security/cve/CVE-2021-3572\nhttps://access.redhat.com/security/cve/CVE-2021-3580\nhttps://access.redhat.com/security/cve/CVE-2021-3733\nhttps://access.redhat.com/security/cve/CVE-2021-3778\nhttps://access.redhat.com/security/cve/CVE-2021-3795\nhttps://access.redhat.com/security/cve/CVE-2021-3796\nhttps://access.redhat.com/security/cve/CVE-2021-3800\nhttps://access.redhat.com/security/cve/CVE-2021-20231\nhttps://access.redhat.com/security/cve/CVE-2021-20232\nhttps://access.redhat.com/security/cve/CVE-2021-20266\nhttps://access.redhat.com/security/cve/CVE-2021-20271\nhttps://access.redhat.com/security/cve/CVE-2021-20317\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22898\nhttps://access.redhat.com/security/cve/CVE-2021-22925\nhttps://access.redhat.com/security/cve/CVE-2021-22946\nhttps://access.redhat.com/security/cve/CVE-2021-22947\nhttps://access.redhat.com/security/cve/CVE-2021-23440\nhttps://access.redhat.com/security/cve/CVE-2021-23840\nhttps://access.redhat.com/security/cve/CVE-2021-23841\nhttps://access.redhat.com/security/cve/CVE-2021-27645\nhttps://access.redhat.com/security/cve/CVE-2021-28153\nhttps://access.redhat.com/security/cve/CVE-2021-33560\nhttps://access.redhat.com/security/cve/CVE-2021-33574\nhttps://access.redhat.com/security/cve/CVE-2021-33928\nhttps://access.redhat.com/security/cve/CVE-2021-33929\nhttps://access.redhat.com/security/cve/CVE-2021-33930\nhttps://access.redhat.com/security/cve/CVE-2021-33938\nhttps://access.redhat.com/security/cve/CVE-2021-35942\nhttps://access.redhat.com/security/cve/CVE-2021-36084\nhttps://access.redhat.com/security/cve/CVE-2021-36085\nhttps://access.redhat.com/security/cve/CVE-2021-36086\nhttps://access.redhat.com/security/cve/CVE-2021-36087\nhttps://access.redhat.com/security/cve/CVE-2021-37750\nhttps://access.redhat.com/security/cve/CVE-2021-42574\nhttps://access.redhat.com/security/cve/CVE-2021-43267\nhttps://access.redhat.com/security/cve/CVE-2021-43527\nhttps://access.redhat.com/security/updates/classification/#low\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYbFj09zjgjWX9erEAQhkSBAAmumlh+3dgSyNVv2fYrNRs2rV8QdDzhNZ\no49/4HwzzTYmoV5hiTCa3JfcyOPoa/vXqAsuSd2dlQEEdHgBbikagp7hcVE/8Yks\nTa8Uq+uMNrpjIgFMKld+xJBcEoQUGflkPs/Y5vUbh4k8wRv3737DmLmJQR71teMf\nPAE8AcMB4VvfqqH3V8+g7CCWLLh3by49+p4PagPLflitPiAB6j8d9ibnd3oPYHY7\nMj0nx6Hp+xnEAcleIENYd169YgSL57SCXO10HuzOBoodF9qIiLLHktXod3JJ7JER\nvQapO7UZ7lXXXmyYE4Uu3QKtLjAPVkimr58ZPYMWqczyMMz9RykwnUFJ4ihRUaGh\nngpuPDhIno1L3y/mWGy5uGmwFJGPDmcclOBwsuzaUev3CiUBnzXlGNkppG/AODKJ\nleynR6zgg+LzDo1YtJ2SGp8sGGqkrD18XzwmLWuofEZVxsAie7L5ZoApx8/y6MeT\n9mnD5NUMgRUNSa9I37eVb1llMoSsFkXD4rzkLwxPxmi+JOver8m/Il048IVqTvCU\n/cCjr2VKhpBUhWjahr0N4ENijTeIibItY/dfnzOd+w588d9LhHt7wAnp3Fu8IC6T\npAXwwSEDoxVo5NX4j1XAggxa8pnAMhyijq3Kqd6ifQnlEfeBiPxDDtUpQzaT3H7C\ni7tuw8Mn3KU=\n=VHYj\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files\n\n5. Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. Bugs fixed (https://bugzilla.redhat.com/):\n\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet\n1997017 - unprivileged client fails to get guest agent data\n1998855 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed\n2000251 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount\n2001270 - [VMIO] [Warm from Vmware] Snapshot files are not deleted after Successful Import\n2001281 - [VMIO] [Warm from VMware] Source VM should not be turned ON if vmio import is removed\n2001901 - [4.8.3] NNCP creation failures after nmstate-handler pod deletion\n2007336 - 4.8.3 containers\n2007776 - Failed to Migrate Windows VM with CDROM (readonly)\n2008511 - [CNV-4.8.3] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13\n2012890 - With descheduler during multiple VMIs migrations, some VMs are restarted\n2025475 - [4.8.3] Upgrade from 2.6 to 4.x versions failed due to vlan-filtering issues\n2026881 - [4.8.3] vlan-filtering is getting applied on veth ports\n\n5. Summary:\n\nAn update is now available for OpenShift Logging 5.2. Description:\n\nOpenshift Logging Bug Fix Release (5.2.3)\n\nSecurity Fix(es):\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with strict:true option (CVE-2021-23369)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile\ntemplates with compat:true option (CVE-2021-23383)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option\n1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1857 - OpenShift Alerting Rules Style-Guide Compliance\nLOG-1904 - [release-5.2] Fix the Display of ClusterLogging type in OLM\nLOG-1916 - [release-5.2] Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server\n\n6. These flaws may allow remote attackers to obtain sensitive\ninformation, leak authentication or cookie header data or facilitate a\ndenial of service attack. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 7.74.0-1.3+deb11u2. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K\ni8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD\nwaofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp\nrXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz\nUao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE\nyIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab\nSPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF\nREStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R\n1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt\nTV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38\nEPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA=\n=3E71\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-5894-1\nFebruary 27, 2023\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in curl. This issue was only fixed\nin Ubuntu 14.04 ESM. (CVE-2021-22898, CVE-2021-22925)\n\nIt was discovered that curl incorrectly handled denials when using HTTP\nproxies. A remote attacker could use this issue to cause curl to crash,\nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2022-43552)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n curl 7.47.0-1ubuntu2.19+esm7\n libcurl3 7.47.0-1ubuntu2.19+esm7\n libcurl3-gnutls 7.47.0-1ubuntu2.19+esm7\n libcurl3-nss 7.47.0-1ubuntu2.19+esm7\n\nUbuntu 14.04 ESM:\n curl 7.35.0-1ubuntu2.20+esm14\n libcurl3 7.35.0-1ubuntu2.20+esm14\n libcurl3-gnutls 7.35.0-1ubuntu2.20+esm14\n libcurl3-nss 7.35.0-1ubuntu2.20+esm14\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22898"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008167"
},
{
"db": "VULMON",
"id": "CVE-2021-22898"
},
{
"db": "PACKETSTORM",
"id": "165633"
},
{
"db": "PACKETSTORM",
"id": "165209"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "165135"
},
{
"db": "PACKETSTORM",
"id": "165002"
},
{
"db": "PACKETSTORM",
"id": "165862"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "171153"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22898",
"trust": 3.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/07/21/4",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.0
},
{
"db": "HACKERONE",
"id": "1176461",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008167",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2021-22898",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165633",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165209",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166051",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165135",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165002",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165862",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169318",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171153",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22898"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008167"
},
{
"db": "PACKETSTORM",
"id": "165633"
},
{
"db": "PACKETSTORM",
"id": "165209"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "165135"
},
{
"db": "PACKETSTORM",
"id": "165002"
},
{
"db": "PACKETSTORM",
"id": "165862"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "171153"
},
{
"db": "NVD",
"id": "CVE-2021-22898"
}
]
},
"id": "VAR-202106-0521",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.30092594
},
"last_update_date": "2024-11-23T21:31:38.879000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0January\u00a02022",
"trust": 0.8,
"url": "https://lists.apache.org/thread/ypcjpttlozwxngl5s2x4gco3hnbmx1t8"
},
{
"title": "Debian CVElist Bug Report Logs: curl: CVE-2021-22898: TELNET stack contents disclosure",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=06890b233289ebfb9c405fee6437c7b1"
},
{
"title": "Red Hat: CVE-2021-22898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-22898"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1509",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1509"
},
{
"title": "Arch Linux Advisories: [ASA-202106-9] lib32-libcurl-gnutls: information disclosure",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202106-9"
},
{
"title": "Arch Linux Advisories: [ASA-202106-8] libcurl-gnutls: information disclosure",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202106-8"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1653",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1653"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-22898 log"
},
{
"title": "Arch Linux Advisories: [ASA-202106-4] curl: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202106-4"
},
{
"title": "Arch Linux Advisories: [ASA-202106-7] lib32-libcurl-compat: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202106-7"
},
{
"title": "Arch Linux Advisories: [ASA-202106-5] lib32-curl: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202106-5"
},
{
"title": "Arch Linux Advisories: [ASA-202107-60] lib32-curl: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-60"
},
{
"title": "Arch Linux Advisories: [ASA-202107-61] libcurl-compat: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-61"
},
{
"title": "Arch Linux Advisories: [ASA-202106-6] libcurl-compat: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202106-6"
},
{
"title": "Arch Linux Advisories: [ASA-202107-64] lib32-libcurl-gnutls: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-64"
},
{
"title": "Arch Linux Advisories: [ASA-202107-62] lib32-libcurl-compat: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-62"
},
{
"title": "Arch Linux Advisories: [ASA-202107-63] libcurl-gnutls: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-63"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1700",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1700"
},
{
"title": "Arch Linux Advisories: [ASA-202107-59] curl: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202107-59"
},
{
"title": "Debian Security Advisories: DSA-5197-1 curl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d9b734e3e9b6712333c95a6263dead82"
},
{
"title": "Red Hat: Moderate: Release of OpenShift Serverless 1.20.0",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220434 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat OpenShift distributed tracing 2.1.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220318 - Security Advisory"
},
{
"title": "Red Hat: Important: Release of containers for OSP 16.2 director operator tech preview",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220842 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Gatekeeper Operator v0.2 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221081 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220580 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220856 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221396 - Security Advisory"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "CVE-2021-22898",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2021-22898 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2021-22898 "
},
{
"title": "trivy-operator",
"trust": 0.1,
"url": "https://github.com/devopstales/trivy-operator "
},
{
"title": "log4jnotes",
"trust": 0.1,
"url": "https://github.com/kenlavbah/log4jnotes "
},
{
"title": "myapp-container-jaxrs",
"trust": 0.1,
"url": "https://github.com/akiraabe/myapp-container-jaxrs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-22898"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008167"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "CWE-909",
"trust": 1.0
},
{
"problemtype": "Inadequate resource initialization (CWE-909) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008167"
},
{
"db": "NVD",
"id": "CVE-2021-22898"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2021/07/21/4"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.0,
"url": "https://curl.se/docs/cve-2021-22898.html"
},
{
"trust": 1.0,
"url": "https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde"
},
{
"trust": 1.0,
"url": "https://hackerone.com/reports/1176461"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3cissues.guacamole.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pooc3uv7v6l4cj5ka2ptwtnuv5y72t3q/"
},
{
"trust": 1.0,
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"trust": 1.0,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.0,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.0,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20266"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-20673"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27645"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36385"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-43267"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36385"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20317"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20317"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33574"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33560"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3200"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-29923"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5021-1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5021-2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5038"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23440"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-40346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-39241"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24348"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-34558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0512"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4914"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36222"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3656"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28950"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23369"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23383"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23369"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23383"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-39293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29923"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38297"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5894-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43552"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008167"
},
{
"db": "PACKETSTORM",
"id": "165633"
},
{
"db": "PACKETSTORM",
"id": "165209"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "165135"
},
{
"db": "PACKETSTORM",
"id": "165002"
},
{
"db": "PACKETSTORM",
"id": "165862"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "171153"
},
{
"db": "NVD",
"id": "CVE-2021-22898"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-22898"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008167"
},
{
"db": "PACKETSTORM",
"id": "165633"
},
{
"db": "PACKETSTORM",
"id": "165209"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "165135"
},
{
"db": "PACKETSTORM",
"id": "165002"
},
{
"db": "PACKETSTORM",
"id": "165862"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "171153"
},
{
"db": "NVD",
"id": "CVE-2021-22898"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22898"
},
{
"date": "2022-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-008167"
},
{
"date": "2022-01-20T17:49:14",
"db": "PACKETSTORM",
"id": "165633"
},
{
"date": "2021-12-09T14:50:37",
"db": "PACKETSTORM",
"id": "165209"
},
{
"date": "2022-02-18T16:37:39",
"db": "PACKETSTORM",
"id": "166051"
},
{
"date": "2021-12-03T16:41:45",
"db": "PACKETSTORM",
"id": "165135"
},
{
"date": "2021-11-17T15:25:40",
"db": "PACKETSTORM",
"id": "165002"
},
{
"date": "2022-02-04T17:26:39",
"db": "PACKETSTORM",
"id": "165862"
},
{
"date": "2022-08-28T19:12:00",
"db": "PACKETSTORM",
"id": "169318"
},
{
"date": "2023-02-28T16:45:47",
"db": "PACKETSTORM",
"id": "171153"
},
{
"date": "2021-06-11T16:15:11.043000",
"db": "NVD",
"id": "CVE-2021-22898"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22898"
},
{
"date": "2022-03-07T02:20:00",
"db": "JVNDB",
"id": "JVNDB-2021-008167"
},
{
"date": "2024-03-27T15:47:36.380000",
"db": "NVD",
"id": "CVE-2021-22898"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "165633"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "171153"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl\u00a0 Vulnerability in resource initialization deficiency in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008167"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bypass",
"sources": [
{
"db": "PACKETSTORM",
"id": "165209"
}
],
"trust": 0.1
}
}
var-202107-1672
Vulnerability from variot
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. F5 Networks of nginx Products from other vendors contain vulnerabilities related to certificate validation.Information may be obtained and information may be tampered with. (CVE-2020-11724). ========================================================================== Ubuntu Security Notice USN-5371-2 April 28, 2022
nginx vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
nginx could be made to redirect network traffic.
Software Description: - nginx: small, powerful, scalable web/proxy server
Details:
USN-5371-1 fixed several vulnerabilities in nginx. This update provides the fix for CVE-2021-3618 for Ubuntu 22.04 LTS.
Original advisory details:
It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-11724)
It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to disclose sensitive information. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-36309)
It was discovered that nginx mishandled the use of compatible certificates among multiple encryption protocols. (CVE-2021-3618)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: nginx-core 1.18.0-6ubuntu14.1 nginx-extras 1.18.0-6ubuntu14.1 nginx-light 1.18.0-6ubuntu14.1
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5371-2 https://ubuntu.com/security/notices/USN-5371-1 CVE-2021-3618
Package Information: https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-1672",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nginx",
"scope": "lt",
"trust": 1.0,
"vendor": "f5",
"version": "1.21.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "sendmail",
"scope": "lt",
"trust": 1.0,
"vendor": "sendmail",
"version": "8.17"
},
{
"model": "vsftpd",
"scope": "lt",
"trust": 1.0,
"vendor": "vsftpd",
"version": "3.0.4"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "vsftpd",
"scope": null,
"trust": 0.8,
"vendor": "vsftpd",
"version": null
},
{
"model": "nginx",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "sendmail",
"scope": null,
"trust": 0.8,
"vendor": "sendmail consortium",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019676"
},
{
"db": "NVD",
"id": "CVE-2021-3618"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "166709"
},
{
"db": "PACKETSTORM",
"id": "168672"
},
{
"db": "PACKETSTORM",
"id": "166888"
},
{
"db": "PACKETSTORM",
"id": "174729"
}
],
"trust": 0.4
},
"cve": "CVE-2021-3618",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-3618",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-395783",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2021-3618",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.4,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-3618",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-3618",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-3618",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-216",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-395783",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-3618",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395783"
},
{
"db": "VULMON",
"id": "CVE-2021-3618"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019676"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-216"
},
{
"db": "NVD",
"id": "CVE-2021-3618"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim\u0027s traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. F5 Networks of nginx Products from other vendors contain vulnerabilities related to certificate validation.Information may be obtained and information may be tampered with. (CVE-2020-11724). ==========================================================================\nUbuntu Security Notice USN-5371-2\nApril 28, 2022\n\nnginx vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n\nSummary:\n\nnginx could be made to redirect network traffic. \n\nSoftware Description:\n- nginx: small, powerful, scalable web/proxy server\n\nDetails:\n\nUSN-5371-1 fixed several vulnerabilities in nginx. \nThis update provides the fix for CVE-2021-3618 for Ubuntu 22.04 LTS. \n\nOriginal advisory details:\n\n It was discovered that nginx Lua module mishandled certain inputs. \n An attacker could possibly use this issue to perform an HTTP Request\n Smuggling attack. This issue only affects Ubuntu 18.04 LTS and\n Ubuntu 20.04 LTS. (CVE-2020-11724)\n\n It was discovered that nginx Lua module mishandled certain inputs. \n An attacker could possibly use this issue to disclose sensitive\n information. This issue only affects Ubuntu 18.04 LTS and\n Ubuntu 20.04 LTS. (CVE-2020-36309)\n\n It was discovered that nginx mishandled the use of\n compatible certificates among multiple encryption protocols. \n (CVE-2021-3618)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n nginx-core 1.18.0-6ubuntu14.1\n nginx-extras 1.18.0-6ubuntu14.1\n nginx-light 1.18.0-6ubuntu14.1\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5371-2\n https://ubuntu.com/security/notices/USN-5371-1\n CVE-2021-3618\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.1\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3618"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019676"
},
{
"db": "VULHUB",
"id": "VHN-395783"
},
{
"db": "VULMON",
"id": "CVE-2021-3618"
},
{
"db": "PACKETSTORM",
"id": "166709"
},
{
"db": "PACKETSTORM",
"id": "168672"
},
{
"db": "PACKETSTORM",
"id": "166888"
},
{
"db": "PACKETSTORM",
"id": "174729"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-3618",
"trust": 3.8
},
{
"db": "PACKETSTORM",
"id": "168672",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019676",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166709",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166888",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.6109",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1628",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6139",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042817",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010906",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041422",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202107-216",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-395783",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-3618",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174729",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395783"
},
{
"db": "VULMON",
"id": "CVE-2021-3618"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019676"
},
{
"db": "PACKETSTORM",
"id": "166709"
},
{
"db": "PACKETSTORM",
"id": "168672"
},
{
"db": "PACKETSTORM",
"id": "166888"
},
{
"db": "PACKETSTORM",
"id": "174729"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-216"
},
{
"db": "NVD",
"id": "CVE-2021-3618"
}
]
},
"id": "VAR-202107-1672",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-395783"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:00:55.051000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html"
},
{
"title": "nginx Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=155955"
},
{
"title": "Ubuntu Security Notice: USN-5371-3: nginx vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5371-3"
},
{
"title": "Debian CVElist Bug Report Logs: nginx: CVE-2021-3618",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ef1074892d0995f0a511641c443018df"
},
{
"title": "Ubuntu Security Notice: USN-5371-2: nginx vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5371-2"
},
{
"title": "Ubuntu Security Notice: USN-5371-1: nginx vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5371-1"
},
{
"title": "Amazon Linux 2: ALASNGINX1-2023-002",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALASNGINX1-2023-002"
},
{
"title": "Red Hat: CVE-2021-3618",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-3618"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-3618 log"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-172",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-172"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-132",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-132"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-171",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-171"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-136",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-136"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2021-3618 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-3618"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019676"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-216"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
},
{
"problemtype": "Illegal certificate verification (CWE-295) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395783"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019676"
},
{
"db": "NVD",
"id": "CVE-2021-3618"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://alpaca-attack.com/"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975623"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3618"
},
{
"trust": 0.6,
"url": "https://ubuntu.com/security/cve-2021-3618"
},
{
"trust": 0.6,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991329"
},
{
"trust": 0.6,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991328"
},
{
"trust": 0.6,
"url": "https://github.com/nginx/nginx/commit/173f16f736c10eae46cd15dd861b04b82d91a37a"
},
{
"trust": 0.6,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991331"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010906"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6489853"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041422"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/nginx-man-in-the-middle-via-the-tls-extension-alpn-35818"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168672/ubuntu-security-notice-usn-5371-3.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6514817"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-3618/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042817"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166709/ubuntu-security-notice-usn-5371-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1628"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6109"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166888/ubuntu-security-notice-usn-5371-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6139"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36309"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11724"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5371-1"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5371-3"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/295.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-3618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.18.0-0ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu11.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.10"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5371-2"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6379-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vsftpd/3.0.5-0ubuntu0.20.04.1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395783"
},
{
"db": "VULMON",
"id": "CVE-2021-3618"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019676"
},
{
"db": "PACKETSTORM",
"id": "166709"
},
{
"db": "PACKETSTORM",
"id": "168672"
},
{
"db": "PACKETSTORM",
"id": "166888"
},
{
"db": "PACKETSTORM",
"id": "174729"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-216"
},
{
"db": "NVD",
"id": "CVE-2021-3618"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-395783"
},
{
"db": "VULMON",
"id": "CVE-2021-3618"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-019676"
},
{
"db": "PACKETSTORM",
"id": "166709"
},
{
"db": "PACKETSTORM",
"id": "168672"
},
{
"db": "PACKETSTORM",
"id": "166888"
},
{
"db": "PACKETSTORM",
"id": "174729"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-216"
},
{
"db": "NVD",
"id": "CVE-2021-3618"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-395783"
},
{
"date": "2022-03-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-3618"
},
{
"date": "2023-08-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-019676"
},
{
"date": "2022-04-13T15:03:13",
"db": "PACKETSTORM",
"id": "166709"
},
{
"date": "2022-10-10T16:13:35",
"db": "PACKETSTORM",
"id": "168672"
},
{
"date": "2022-04-28T15:18:16",
"db": "PACKETSTORM",
"id": "166888"
},
{
"date": "2023-09-19T15:23:43",
"db": "PACKETSTORM",
"id": "174729"
},
{
"date": "2021-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-216"
},
{
"date": "2022-03-23T20:15:09.833000",
"db": "NVD",
"id": "CVE-2021-3618"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-395783"
},
{
"date": "2023-02-09T00:00:00",
"db": "VULMON",
"id": "CVE-2021-3618"
},
{
"date": "2023-08-10T07:42:00",
"db": "JVNDB",
"id": "JVNDB-2021-019676"
},
{
"date": "2023-05-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-216"
},
{
"date": "2024-11-21T06:21:59.713000",
"db": "NVD",
"id": "CVE-2021-3618"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "168672"
},
{
"db": "PACKETSTORM",
"id": "174729"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-216"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "F5\u00a0Networks\u00a0 of \u00a0nginx\u00a0 Vulnerability related to certificate verification in products of multiple vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-019676"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-216"
}
],
"trust": 0.6
}
}
var-202110-1622
Vulnerability from variot
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution. plural Apple The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15 and iPadOS 15. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8
watchOS 8 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212819.
Accessory Manager Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory consumption issue was addressed with improved memory handling. CVE-2021-30837: an anonymous researcher
AppleMobileFileIntegrity Available for: Apple Watch Series 3 and later Impact: A local attacker may be able to read sensitive information Description: This issue was addressed with improved checks. CVE-2021-30811: an anonymous researcher working with Compartir
bootp Available for: Apple Watch Series 3 and later Impact: A device may be passively tracked by its WiFi MAC address Description: A user privacy issue was addressed by removing the broadcast MAC address. CVE-2021-30866: Fabien Duchêne of UCLouvain (Belgium) Entry added October 25, 2021
CoreAudio Available for: Apple Watch Series 3 and later Impact: Processing a malicious audio file may result in unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30834: JunDong Xie of Ant Security Light-Year Lab Entry added October 25, 2021
FaceTime Available for: Apple Watch Series 3 and later Impact: An application with microphone permission may unexpectedly access microphone input during a FaceTime call Description: A logic issue was addressed with improved validation. CVE-2021-30882: Adam Bellard and Spencer Reitman of Airtime Entry added October 25, 2021
FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30831: Xingwei Lin of Ant Security Light-Year Lab Entry added October 25, 2021
FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30840: Xingwei Lin of Ant Security Light-Year Lab Entry added October 25, 2021
FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
Foundation Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2021-30852: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab Entry added October 25, 2021
ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2021-30835: Ye Zhang of Baidu Security CVE-2021-30847: Mike Zhang of Pangu Lab
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2021-30857: Zweig of Kunlun Lab
libexpat Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed by updating expat to version 2.4.1. CVE-2013-0340: an anonymous researcher
Preferences Available for: Apple Watch Series 3 and later Impact: An application may be able to access restricted files Description: A validation issue existed in the handling of symlinks. CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
Preferences Available for: Apple Watch Series 3 and later Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved state management. CVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 25, 2021
WebKit Available for: Apple Watch Series 3 and later Impact: Visiting a maliciously crafted website may reveal a user's browsing history Description: The issue was resolved with additional restrictions on CSS compositing. CVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research Entry added October 25, 2021
WebKit Available for: Apple Watch Series 3 and later Impact: An attacker in a privileged network position may be able to bypass HSTS Description: A logic issue was addressed with improved restrictions. CVE-2021-30823: David Gullasch of Recurity Labs Entry added October 25, 2021
WebKit Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30836: Peter Nguyen Vu Hoang of STAR Labs Entry added October 25, 2021
WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-30851: Samuel Groß of Google Project Zero
Wi-Fi Available for: Apple Watch Series 3 and later Impact: An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup Description: An authorization issue was addressed with improved state management. CVE-2021-30810: an anonymous researcher
Additional recognition
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
UIKit We would like to acknowledge an anonymous researcher for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4h0EACgkQeC9qKD1p rhjcPxAA0x7qg2GycQ0GJb8VqWSNGGbhKVkwocTvEtOKZmebfdCXWnJ6vycp731f Zz5AtfK1S/SIaQbLLTsZUwuVN9AweRvymsuK3EYCPBupi0hA7G0CQudQ9jFfa70+ cfqW2CLrkZB9FiD0Y6hLRaUR/WczdCeFnD87I4XziqM8JVfPi1YMZ3QndLFR+qoR DOH5cVZQg/EYNuynyIUtLpsbtLCzGiYdkuDb1xozgklY8SYLhOsGP4tbU7ACpbRs 7DEU1laGGByyGz8T3/Z9n7x1589lxDk7VSUPflnv0Fq6FYiahAvKOZQDsAjhs1sI YA4QvtjsEjRq/p/rnElrMYd91e/QuOtixFcYY360YP/FPhHGfBHS7dEko5q/6JwG mGrjm/rHMVfsqSzoLZShdDQrRKz76mW0F2bWWggQqka4GxHtDNGPpYYQJLndQqvu W0RxoYFNBFex39na/nqkVjJNAO1GRFoZy1B0PpjgKbwV3Wn4pGgHcj5ToC15oGUJ 078BFgQW4ucEj59d9hWg0di4JEgFFgph5KwO66BY0LUrHdHVpC5GGccxt1aDXC0j i2uJIlofj/mU1PUBZ0vZ1JP2tDGgEmcKzgStCtYS4ZqK01wA6kKWfF0jpsbFGnXe 57sksI5rtKpbiIiZ4/GRhIQTUNRgIOPoy9rUZnbAtWuUKXWZIrw= =mdve -----END PGP SIGNATURE-----
. CVE-2021-30851: Samuel Groß of Google Project Zero
Installation note:
This update may be obtained from the Mac App Store. Apple is aware of a report that this issue may have been actively exploited. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30846: Sergei Glazunov of Google Project Zero Entry added September 20, 2021
Additional recognition
CoreML We would like to acknowledge hjy79425575 working with Trend Micro Zero Day Initiative for their assistance. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. ========================================================================== Ubuntu Security Notice USN-5127-1 November 01, 2021
webkit2gtk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 21.04
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Software Description: - webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: libjavascriptcoregtk-4.0-18 2.34.1-0ubuntu0.21.10.1 libwebkit2gtk-4.0-37 2.34.1-0ubuntu0.21.10.1
Ubuntu 21.04: libjavascriptcoregtk-4.0-18 2.34.1-0ubuntu0.21.04.1 libwebkit2gtk-4.0-37 2.34.1-0ubuntu0.21.04.1
Ubuntu 20.04 LTS: libjavascriptcoregtk-4.0-18 2.34.1-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 2.34.1-0ubuntu0.20.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202202-01
https://security.gentoo.org/
Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
[ 1 ] CVE-2021-30848 https://nvd.nist.gov/vuln/detail/CVE-2021-30848 [ 2 ] CVE-2021-30888 https://nvd.nist.gov/vuln/detail/CVE-2021-30888 [ 3 ] CVE-2021-30682 https://nvd.nist.gov/vuln/detail/CVE-2021-30682 [ 4 ] CVE-2021-30889 https://nvd.nist.gov/vuln/detail/CVE-2021-30889 [ 5 ] CVE-2021-30666 https://nvd.nist.gov/vuln/detail/CVE-2021-30666 [ 6 ] CVE-2021-30665 https://nvd.nist.gov/vuln/detail/CVE-2021-30665 [ 7 ] CVE-2021-30890 https://nvd.nist.gov/vuln/detail/CVE-2021-30890 [ 8 ] CVE-2021-30661 https://nvd.nist.gov/vuln/detail/CVE-2021-30661 [ 9 ] WSA-2021-0005 https://webkitgtk.org/security/WSA-2021-0005.html [ 10 ] CVE-2021-30761 https://nvd.nist.gov/vuln/detail/CVE-2021-30761 [ 11 ] CVE-2021-30897 https://nvd.nist.gov/vuln/detail/CVE-2021-30897 [ 12 ] CVE-2021-30823 https://nvd.nist.gov/vuln/detail/CVE-2021-30823 [ 13 ] CVE-2021-30734 https://nvd.nist.gov/vuln/detail/CVE-2021-30734 [ 14 ] CVE-2021-30934 https://nvd.nist.gov/vuln/detail/CVE-2021-30934 [ 15 ] CVE-2021-1871 https://nvd.nist.gov/vuln/detail/CVE-2021-1871 [ 16 ] CVE-2021-30762 https://nvd.nist.gov/vuln/detail/CVE-2021-30762 [ 17 ] WSA-2021-0006 https://webkitgtk.org/security/WSA-2021-0006.html [ 18 ] CVE-2021-30797 https://nvd.nist.gov/vuln/detail/CVE-2021-30797 [ 19 ] CVE-2021-30936 https://nvd.nist.gov/vuln/detail/CVE-2021-30936 [ 20 ] CVE-2021-30663 https://nvd.nist.gov/vuln/detail/CVE-2021-30663 [ 21 ] CVE-2021-1825 https://nvd.nist.gov/vuln/detail/CVE-2021-1825 [ 22 ] CVE-2021-30951 https://nvd.nist.gov/vuln/detail/CVE-2021-30951 [ 23 ] CVE-2021-30952 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 [ 24 ] CVE-2021-1788 https://nvd.nist.gov/vuln/detail/CVE-2021-1788 [ 25 ] CVE-2021-1820 https://nvd.nist.gov/vuln/detail/CVE-2021-1820 [ 26 ] CVE-2021-30953 https://nvd.nist.gov/vuln/detail/CVE-2021-30953 [ 27 ] CVE-2021-30749 https://nvd.nist.gov/vuln/detail/CVE-2021-30749 [ 28 ] CVE-2021-30849 https://nvd.nist.gov/vuln/detail/CVE-2021-30849 [ 29 ] CVE-2021-1826 https://nvd.nist.gov/vuln/detail/CVE-2021-1826 [ 30 ] CVE-2021-30836 https://nvd.nist.gov/vuln/detail/CVE-2021-30836 [ 31 ] CVE-2021-30954 https://nvd.nist.gov/vuln/detail/CVE-2021-30954 [ 32 ] CVE-2021-30984 https://nvd.nist.gov/vuln/detail/CVE-2021-30984 [ 33 ] CVE-2021-30851 https://nvd.nist.gov/vuln/detail/CVE-2021-30851 [ 34 ] CVE-2021-30758 https://nvd.nist.gov/vuln/detail/CVE-2021-30758 [ 35 ] CVE-2021-42762 https://nvd.nist.gov/vuln/detail/CVE-2021-42762 [ 36 ] CVE-2021-1844 https://nvd.nist.gov/vuln/detail/CVE-2021-1844 [ 37 ] CVE-2021-30689 https://nvd.nist.gov/vuln/detail/CVE-2021-30689 [ 38 ] CVE-2021-45482 https://nvd.nist.gov/vuln/detail/CVE-2021-45482 [ 39 ] CVE-2021-30858 https://nvd.nist.gov/vuln/detail/CVE-2021-30858 [ 40 ] CVE-2021-21779 https://nvd.nist.gov/vuln/detail/CVE-2021-21779 [ 41 ] WSA-2021-0004 https://webkitgtk.org/security/WSA-2021-0004.html [ 42 ] CVE-2021-30846 https://nvd.nist.gov/vuln/detail/CVE-2021-30846 [ 43 ] CVE-2021-30744 https://nvd.nist.gov/vuln/detail/CVE-2021-30744 [ 44 ] CVE-2021-30809 https://nvd.nist.gov/vuln/detail/CVE-2021-30809 [ 45 ] CVE-2021-30884 https://nvd.nist.gov/vuln/detail/CVE-2021-30884 [ 46 ] CVE-2021-30720 https://nvd.nist.gov/vuln/detail/CVE-2021-30720 [ 47 ] CVE-2021-30799 https://nvd.nist.gov/vuln/detail/CVE-2021-30799 [ 48 ] CVE-2021-30795 https://nvd.nist.gov/vuln/detail/CVE-2021-30795 [ 49 ] CVE-2021-1817 https://nvd.nist.gov/vuln/detail/CVE-2021-1817 [ 50 ] CVE-2021-21775 https://nvd.nist.gov/vuln/detail/CVE-2021-21775 [ 51 ] CVE-2021-30887 https://nvd.nist.gov/vuln/detail/CVE-2021-30887 [ 52 ] CVE-2021-21806 https://nvd.nist.gov/vuln/detail/CVE-2021-21806 [ 53 ] CVE-2021-30818 https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202110-1622",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.0"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.8"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.0.1"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.8"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "tvos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "watchos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013862"
},
{
"db": "NVD",
"id": "CVE-2021-30846"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "164693"
},
{
"db": "PACKETSTORM",
"id": "164692"
},
{
"db": "PACKETSTORM",
"id": "164688"
},
{
"db": "PACKETSTORM",
"id": "164242"
},
{
"db": "PACKETSTORM",
"id": "164234"
}
],
"trust": 0.5
},
"cve": "CVE-2021-30846",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-30846",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-390579",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-30846",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-30846",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-30846",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-30846",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-1272",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-390579",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390579"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013862"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1272"
},
{
"db": "NVD",
"id": "CVE-2021-30846"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution. plural Apple The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15 and iPadOS 15. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-10-26-10 Additional information for\nAPPLE-SA-2021-09-20-2 watchOS 8\n\nwatchOS 8 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212819. \n\nAccessory Manager\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2021-30837: an anonymous researcher\n\nAppleMobileFileIntegrity\nAvailable for: Apple Watch Series 3 and later\nImpact: A local attacker may be able to read sensitive information\nDescription: This issue was addressed with improved checks. \nCVE-2021-30811: an anonymous researcher working with Compartir\n\nbootp\nAvailable for: Apple Watch Series 3 and later\nImpact: A device may be passively tracked by its WiFi MAC address\nDescription: A user privacy issue was addressed by removing the\nbroadcast MAC address. \nCVE-2021-30866: Fabien Duch\u00eane of UCLouvain (Belgium)\nEntry added October 25, 2021\n\nCoreAudio\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a malicious audio file may result in unexpected\napplication termination or arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30834: JunDong Xie of Ant Security Light-Year Lab\nEntry added October 25, 2021\n\nFaceTime\nAvailable for: Apple Watch Series 3 and later\nImpact: An application with microphone permission may unexpectedly\naccess microphone input during a FaceTime call\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30882: Adam Bellard and Spencer Reitman of Airtime\nEntry added October 25, 2021\n\nFontParser\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30831: Xingwei Lin of Ant Security Light-Year Lab\nEntry added October 25, 2021\n\nFontParser\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a maliciously crafted dfont file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30840: Xingwei Lin of Ant Security Light-Year Lab\nEntry added October 25, 2021\n\nFontParser\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a maliciously crafted dfont file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab\n\nFoundation\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2021-30852: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab\nEntry added October 25, 2021\n\nImageIO\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2021-30835: Ye Zhang of Baidu Security\nCVE-2021-30847: Mike Zhang of Pangu Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2021-30857: Zweig of Kunlun Lab\n\nlibexpat\nAvailable for: Apple Watch Series 3 and later\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed by updating expat to version\n2.4.1. \nCVE-2013-0340: an anonymous researcher\n\nPreferences\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to access restricted files\nDescription: A validation issue existed in the handling of symlinks. \nCVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nPreferences\nAvailable for: Apple Watch Series 3 and later\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed with improved checks. \nCVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added October 25, 2021\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Visiting a maliciously crafted website may reveal a user\u0027s\nbrowsing history\nDescription: The issue was resolved with additional restrictions on\nCSS compositing. \nCVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research\nEntry added October 25, 2021\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: An attacker in a privileged network position may be able to\nbypass HSTS\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30823: David Gullasch of Recurity Labs\nEntry added October 25, 2021\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a maliciously crafted audio file may disclose\nrestricted memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30836: Peter Nguyen Vu Hoang of STAR Labs\nEntry added October 25, 2021\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30851: Samuel Gro\u00df of Google Project Zero\n\nWi-Fi\nAvailable for: Apple Watch Series 3 and later\nImpact: An attacker in physical proximity may be able to force a user\nonto a malicious Wi-Fi network during device setup\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2021-30810: an anonymous researcher\n\nAdditional recognition\n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4h0EACgkQeC9qKD1p\nrhjcPxAA0x7qg2GycQ0GJb8VqWSNGGbhKVkwocTvEtOKZmebfdCXWnJ6vycp731f\nZz5AtfK1S/SIaQbLLTsZUwuVN9AweRvymsuK3EYCPBupi0hA7G0CQudQ9jFfa70+\ncfqW2CLrkZB9FiD0Y6hLRaUR/WczdCeFnD87I4XziqM8JVfPi1YMZ3QndLFR+qoR\nDOH5cVZQg/EYNuynyIUtLpsbtLCzGiYdkuDb1xozgklY8SYLhOsGP4tbU7ACpbRs\n7DEU1laGGByyGz8T3/Z9n7x1589lxDk7VSUPflnv0Fq6FYiahAvKOZQDsAjhs1sI\nYA4QvtjsEjRq/p/rnElrMYd91e/QuOtixFcYY360YP/FPhHGfBHS7dEko5q/6JwG\nmGrjm/rHMVfsqSzoLZShdDQrRKz76mW0F2bWWggQqka4GxHtDNGPpYYQJLndQqvu\nW0RxoYFNBFex39na/nqkVjJNAO1GRFoZy1B0PpjgKbwV3Wn4pGgHcj5ToC15oGUJ\n078BFgQW4ucEj59d9hWg0di4JEgFFgph5KwO66BY0LUrHdHVpC5GGccxt1aDXC0j\ni2uJIlofj/mU1PUBZ0vZ1JP2tDGgEmcKzgStCtYS4ZqK01wA6kKWfF0jpsbFGnXe\n57sksI5rtKpbiIiZ4/GRhIQTUNRgIOPoy9rUZnbAtWuUKXWZIrw=\n=mdve\n-----END PGP SIGNATURE-----\n\n\n. \nCVE-2021-30851: Samuel Gro\u00df of Google Project Zero\n\nInstallation note:\n\nThis update may be obtained from the Mac App Store. Apple is aware of a report that this issue may have\nbeen actively exploited. Apple is aware of a report that this issue\nmay have been actively exploited. \nCVE-2021-30846: Sergei Glazunov of Google Project Zero\nEntry added September 20, 2021\n\nAdditional recognition\n\nCoreML\nWe would like to acknowledge hjy79425575 working with Trend Micro\nZero Day Initiative for their assistance. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. ==========================================================================\nUbuntu Security Notice USN-5127-1\nNovember 01, 2021\n\nwebkit2gtk vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK. \n\nSoftware Description:\n- webkit2gtk: Web content engine library for GTK+\n\nDetails:\n\nA large number of security issues were discovered in the WebKitGTK Web and\nJavaScript engines. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n libjavascriptcoregtk-4.0-18 2.34.1-0ubuntu0.21.10.1\n libwebkit2gtk-4.0-37 2.34.1-0ubuntu0.21.10.1\n\nUbuntu 21.04:\n libjavascriptcoregtk-4.0-18 2.34.1-0ubuntu0.21.04.1\n libwebkit2gtk-4.0-37 2.34.1-0ubuntu0.21.04.1\n\nUbuntu 20.04 LTS:\n libjavascriptcoregtk-4.0-18 2.34.1-0ubuntu0.20.04.1\n libwebkit2gtk-4.0-37 2.34.1-0ubuntu0.20.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK, such as Epiphany, to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202202-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: February 01, 2022\n Bugs: #779175, #801400, #813489, #819522, #820434, #829723,\n #831739\n ID: 202202-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nBackground\n=========\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from hybrid\nHTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.34.4 \u003e= 2.34.4\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in WebkitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.34.4\"\n\nReferences\n=========\n[ 1 ] CVE-2021-30848\n https://nvd.nist.gov/vuln/detail/CVE-2021-30848\n[ 2 ] CVE-2021-30888\n https://nvd.nist.gov/vuln/detail/CVE-2021-30888\n[ 3 ] CVE-2021-30682\n https://nvd.nist.gov/vuln/detail/CVE-2021-30682\n[ 4 ] CVE-2021-30889\n https://nvd.nist.gov/vuln/detail/CVE-2021-30889\n[ 5 ] CVE-2021-30666\n https://nvd.nist.gov/vuln/detail/CVE-2021-30666\n[ 6 ] CVE-2021-30665\n https://nvd.nist.gov/vuln/detail/CVE-2021-30665\n[ 7 ] CVE-2021-30890\n https://nvd.nist.gov/vuln/detail/CVE-2021-30890\n[ 8 ] CVE-2021-30661\n https://nvd.nist.gov/vuln/detail/CVE-2021-30661\n[ 9 ] WSA-2021-0005\n https://webkitgtk.org/security/WSA-2021-0005.html\n[ 10 ] CVE-2021-30761\n https://nvd.nist.gov/vuln/detail/CVE-2021-30761\n[ 11 ] CVE-2021-30897\n https://nvd.nist.gov/vuln/detail/CVE-2021-30897\n[ 12 ] CVE-2021-30823\n https://nvd.nist.gov/vuln/detail/CVE-2021-30823\n[ 13 ] CVE-2021-30734\n https://nvd.nist.gov/vuln/detail/CVE-2021-30734\n[ 14 ] CVE-2021-30934\n https://nvd.nist.gov/vuln/detail/CVE-2021-30934\n[ 15 ] CVE-2021-1871\n https://nvd.nist.gov/vuln/detail/CVE-2021-1871\n[ 16 ] CVE-2021-30762\n https://nvd.nist.gov/vuln/detail/CVE-2021-30762\n[ 17 ] WSA-2021-0006\n https://webkitgtk.org/security/WSA-2021-0006.html\n[ 18 ] CVE-2021-30797\n https://nvd.nist.gov/vuln/detail/CVE-2021-30797\n[ 19 ] CVE-2021-30936\n https://nvd.nist.gov/vuln/detail/CVE-2021-30936\n[ 20 ] CVE-2021-30663\n https://nvd.nist.gov/vuln/detail/CVE-2021-30663\n[ 21 ] CVE-2021-1825\n https://nvd.nist.gov/vuln/detail/CVE-2021-1825\n[ 22 ] CVE-2021-30951\n https://nvd.nist.gov/vuln/detail/CVE-2021-30951\n[ 23 ] CVE-2021-30952\n https://nvd.nist.gov/vuln/detail/CVE-2021-30952\n[ 24 ] CVE-2021-1788\n https://nvd.nist.gov/vuln/detail/CVE-2021-1788\n[ 25 ] CVE-2021-1820\n https://nvd.nist.gov/vuln/detail/CVE-2021-1820\n[ 26 ] CVE-2021-30953\n https://nvd.nist.gov/vuln/detail/CVE-2021-30953\n[ 27 ] CVE-2021-30749\n https://nvd.nist.gov/vuln/detail/CVE-2021-30749\n[ 28 ] CVE-2021-30849\n https://nvd.nist.gov/vuln/detail/CVE-2021-30849\n[ 29 ] CVE-2021-1826\n https://nvd.nist.gov/vuln/detail/CVE-2021-1826\n[ 30 ] CVE-2021-30836\n https://nvd.nist.gov/vuln/detail/CVE-2021-30836\n[ 31 ] CVE-2021-30954\n https://nvd.nist.gov/vuln/detail/CVE-2021-30954\n[ 32 ] CVE-2021-30984\n https://nvd.nist.gov/vuln/detail/CVE-2021-30984\n[ 33 ] CVE-2021-30851\n https://nvd.nist.gov/vuln/detail/CVE-2021-30851\n[ 34 ] CVE-2021-30758\n https://nvd.nist.gov/vuln/detail/CVE-2021-30758\n[ 35 ] CVE-2021-42762\n https://nvd.nist.gov/vuln/detail/CVE-2021-42762\n[ 36 ] CVE-2021-1844\n https://nvd.nist.gov/vuln/detail/CVE-2021-1844\n[ 37 ] CVE-2021-30689\n https://nvd.nist.gov/vuln/detail/CVE-2021-30689\n[ 38 ] CVE-2021-45482\n https://nvd.nist.gov/vuln/detail/CVE-2021-45482\n[ 39 ] CVE-2021-30858\n https://nvd.nist.gov/vuln/detail/CVE-2021-30858\n[ 40 ] CVE-2021-21779\n https://nvd.nist.gov/vuln/detail/CVE-2021-21779\n[ 41 ] WSA-2021-0004\n https://webkitgtk.org/security/WSA-2021-0004.html\n[ 42 ] CVE-2021-30846\n https://nvd.nist.gov/vuln/detail/CVE-2021-30846\n[ 43 ] CVE-2021-30744\n https://nvd.nist.gov/vuln/detail/CVE-2021-30744\n[ 44 ] CVE-2021-30809\n https://nvd.nist.gov/vuln/detail/CVE-2021-30809\n[ 45 ] CVE-2021-30884\n https://nvd.nist.gov/vuln/detail/CVE-2021-30884\n[ 46 ] CVE-2021-30720\n https://nvd.nist.gov/vuln/detail/CVE-2021-30720\n[ 47 ] CVE-2021-30799\n https://nvd.nist.gov/vuln/detail/CVE-2021-30799\n[ 48 ] CVE-2021-30795\n https://nvd.nist.gov/vuln/detail/CVE-2021-30795\n[ 49 ] CVE-2021-1817\n https://nvd.nist.gov/vuln/detail/CVE-2021-1817\n[ 50 ] CVE-2021-21775\n https://nvd.nist.gov/vuln/detail/CVE-2021-21775\n[ 51 ] CVE-2021-30887\n https://nvd.nist.gov/vuln/detail/CVE-2021-30887\n[ 52 ] CVE-2021-21806\n https://nvd.nist.gov/vuln/detail/CVE-2021-21806\n[ 53 ] CVE-2021-30818\n https://nvd.nist.gov/vuln/detail/CVE-2021-30818\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202202-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-30846"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013862"
},
{
"db": "VULHUB",
"id": "VHN-390579"
},
{
"db": "VULMON",
"id": "CVE-2021-30846"
},
{
"db": "PACKETSTORM",
"id": "164693"
},
{
"db": "PACKETSTORM",
"id": "164692"
},
{
"db": "PACKETSTORM",
"id": "164688"
},
{
"db": "PACKETSTORM",
"id": "164242"
},
{
"db": "PACKETSTORM",
"id": "164234"
},
{
"db": "PACKETSTORM",
"id": "164736"
},
{
"db": "PACKETSTORM",
"id": "165794"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-390579",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390579"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-30846",
"trust": 4.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/10/27/4",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/10/27/2",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/10/26/9",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/10/27/1",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "164736",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "164692",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013862",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167037",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164242",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.4084",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3631",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3996",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3159.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3641",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0382",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3578",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164516",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092024",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051140",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021110113",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1272",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164693",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "164688",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "164689",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-390579",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-30846",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164234",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165794",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390579"
},
{
"db": "VULMON",
"id": "CVE-2021-30846"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013862"
},
{
"db": "PACKETSTORM",
"id": "164693"
},
{
"db": "PACKETSTORM",
"id": "164692"
},
{
"db": "PACKETSTORM",
"id": "164688"
},
{
"db": "PACKETSTORM",
"id": "164242"
},
{
"db": "PACKETSTORM",
"id": "164234"
},
{
"db": "PACKETSTORM",
"id": "164736"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1272"
},
{
"db": "NVD",
"id": "CVE-2021-30846"
}
]
},
"id": "VAR-202110-1622",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-390579"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T19:57:26.337000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212819 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://www.debian.org/security/2021/dsa-4995"
},
{
"title": "Multiple Apple Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166477"
},
{
"title": "Apple: iOS 15 and iPadOS 15",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f34e9bd3d1b055a84fc033981719f5fb"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-30846"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013862"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1272"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390579"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013862"
},
{
"db": "NVD",
"id": "CVE-2021-30846"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2021/oct/62"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2021/oct/63"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2021/oct/60"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2021/oct/61"
},
{
"trust": 2.3,
"url": "https://support.apple.com/en-us/ht212815"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht212869"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2021/dsa-4995"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2021/dsa-4996"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht212807"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht212814"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht212816"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht212819"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/h6mgxcx7p5ahwoq6irt477ukt7is4dad/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/on5sdvvpvpcagfpw2ghyatzvzylpw2l4/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/on5sdvvpvpcagfpw2ghyatzvzylpw2l4/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/h6mgxcx7p5ahwoq6irt477ukt7is4dad/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021110113"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164242/apple-security-advisory-2021-09-20-6.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3159.2"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0382"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-30846"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092024"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkitgtk-wpe-webkit-multiple-vulnerabilities-36750"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167037/red-hat-security-advisory-2022-1777-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164516/webkit-pointercapturecontroller-processpendingpointercapture-heap-use-after-free.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3996"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3578"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051140"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3631"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164736/ubuntu-security-notice-usn-5127-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3641"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4084"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164692/apple-security-advisory-2021-10-26-10.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-36461"
},
{
"trust": 0.5,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30851"
},
{
"trust": 0.5,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0340"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30841"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30843"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30818"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30809"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30857"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30823"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30842"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30854"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30837"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30810"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30847"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30836"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30835"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30855"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30852"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30808"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30884"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30834"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30831"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30866"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30814"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30840"
},
{
"trust": 0.2,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht212819."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30811"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/2021/sep/37"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht212814"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212815."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30850"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212816."
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30859"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212807."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30860"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.34.1-0ubuntu0.21.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.34.1-0ubuntu0.21.10.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5127-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.34.1-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1820"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30952"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30762"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0005.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30936"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30954"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30890"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30758"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21779"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202202-01"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45482"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1871"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30795"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30661"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30666"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30689"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30951"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0004.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30888"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0006.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21806"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390579"
},
{
"db": "VULMON",
"id": "CVE-2021-30846"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013862"
},
{
"db": "PACKETSTORM",
"id": "164693"
},
{
"db": "PACKETSTORM",
"id": "164692"
},
{
"db": "PACKETSTORM",
"id": "164688"
},
{
"db": "PACKETSTORM",
"id": "164242"
},
{
"db": "PACKETSTORM",
"id": "164234"
},
{
"db": "PACKETSTORM",
"id": "164736"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1272"
},
{
"db": "NVD",
"id": "CVE-2021-30846"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-390579"
},
{
"db": "VULMON",
"id": "CVE-2021-30846"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013862"
},
{
"db": "PACKETSTORM",
"id": "164693"
},
{
"db": "PACKETSTORM",
"id": "164692"
},
{
"db": "PACKETSTORM",
"id": "164688"
},
{
"db": "PACKETSTORM",
"id": "164242"
},
{
"db": "PACKETSTORM",
"id": "164234"
},
{
"db": "PACKETSTORM",
"id": "164736"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1272"
},
{
"db": "NVD",
"id": "CVE-2021-30846"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-390579"
},
{
"date": "2022-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-013862"
},
{
"date": "2021-10-28T14:58:57",
"db": "PACKETSTORM",
"id": "164693"
},
{
"date": "2021-10-28T14:58:43",
"db": "PACKETSTORM",
"id": "164692"
},
{
"date": "2021-10-28T14:55:07",
"db": "PACKETSTORM",
"id": "164688"
},
{
"date": "2021-09-22T16:30:10",
"db": "PACKETSTORM",
"id": "164242"
},
{
"date": "2021-09-22T16:22:32",
"db": "PACKETSTORM",
"id": "164234"
},
{
"date": "2021-11-02T15:22:56",
"db": "PACKETSTORM",
"id": "164736"
},
{
"date": "2022-02-01T17:03:05",
"db": "PACKETSTORM",
"id": "165794"
},
{
"date": "2021-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1272"
},
{
"date": "2021-10-19T14:15:09.617000",
"db": "NVD",
"id": "CVE-2021-30846"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-23T00:00:00",
"db": "VULHUB",
"id": "VHN-390579"
},
{
"date": "2022-09-29T02:23:00",
"db": "JVNDB",
"id": "JVNDB-2021-013862"
},
{
"date": "2022-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1272"
},
{
"date": "2023-11-07T03:33:31.383000",
"db": "NVD",
"id": "CVE-2021-30846"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1272"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Apple\u00a0 Out-of-bounds write vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013862"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1272"
}
],
"trust": 0.6
}
}
var-202202-0062
Vulnerability from variot
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion. zsh Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-5325-1 March 14, 2022
zsh vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Zsh.
Software Description: - zsh: shell with lots of features
Details:
Sam Foxman discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to regain dropped privileges. (CVE-2019-20044)
It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-45444)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: zsh 5.8-6ubuntu0.1 zsh-static 5.8-6ubuntu0.1
Ubuntu 20.04 LTS: zsh 5.8-3ubuntu1.1 zsh-static 5.8-3ubuntu1.1
Ubuntu 18.04 LTS: zsh 5.4.2-3ubuntu3.2 zsh-static 5.4.2-3ubuntu3.2
Ubuntu 16.04 ESM: zsh 5.1.1-1ubuntu2.3+esm1 zsh-static 5.1.1-1ubuntu2.3+esm1
In general, a standard system update will make all the necessary changes. Apple is aware of a report that this issue may have been actively exploited. This was addressed with improved input validation. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-05-16-2 macOS Monterey 12.4
macOS Monterey 12.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213257.
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26772: an anonymous researcher
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2022-26741: ABC Research s.r.o CVE-2022-26742: ABC Research s.r.o CVE-2022-26749: ABC Research s.r.o CVE-2022-26750: ABC Research s.r.o CVE-2022-26752: ABC Research s.r.o CVE-2022-26753: ABC Research s.r.o CVE-2022-26754: ABC Research s.r.o
apache Available for: macOS Monterey Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721
AppleGraphicsControl Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro
AVEVideoEncoder Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26736: an anonymous researcher CVE-2022-26737: an anonymous researcher CVE-2022-26738: an anonymous researcher CVE-2022-26739: an anonymous researcher CVE-2022-26740: an anonymous researcher
Contacts Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-26694: Wojciech Reguła (@_r3ggi) of SecuRing
CVMS Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori
DriverKit Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
ImageIO Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow issue was addressed with improved input validation. CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative
ImageIO Available for: macOS Monterey Impact: Photo location information may persist after it is removed with Preview Inspector Description: A logic issue was addressed with improved state management. CVE-2022-26725: Andrew Williams and Avi Drissman of Google
Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic)
Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative
Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc
IOKit Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
IOMobileFrameBuffer Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher
Kernel Available for: macOS Monterey Impact: An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26743: Jordy Zomer (@pwningsystems)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero
Kernel Available for: macOS Monterey Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A memory corruption issue was addressed with improved validation. CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: macOS Monterey Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with improved state handling. CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)
LaunchServices Available for: macOS Monterey Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e)
LaunchServices Available for: macOS Monterey Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with additional permissions checks. CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing
libresolv Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team CVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team
libresolv Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team
LibreSSL Available for: macOS Monterey Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778
libxml2 Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308
OpenSSL Available for: macOS Monterey Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778
PackageKit Available for: macOS Monterey Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed by removing the vulnerable code. CVE-2022-26712: Mickey Jin (@patch1t)
PackageKit Available for: macOS Monterey Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed with improved entitlements. CVE-2022-26727: Mickey Jin (@patch1t)
Preview Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-26693: Wojciech Reguła (@_r3ggi) of SecuRing
Printing Available for: macOS Monterey Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics
Safari Private Browsing Available for: macOS Monterey Impact: A malicious website may be able to track users in Safari private browsing mode Description: A logic issue was addressed with improved state management. CVE-2022-26731: an anonymous researcher
Security Available for: macOS Monterey Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
SMB Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB Available for: macOS Monterey Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26723: Felix Poulin-Belanger
SoftwareUpdate Available for: macOS Monterey Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t)
Spotlight Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. CVE-2022-26704: an anonymous researcher
TCC Available for: macOS Monterey Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher
Tcl Available for: macOS Monterey Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e)
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238178 CVE-2022-26700: ryuzaki
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 236950 CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 237475 CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 238171 CVE-2022-26717: Jeonghoon Shin of Theori
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238183 CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab WebKit Bugzilla: 238699 CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech
WebRTC Available for: macOS Monterey Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call Description: A logic issue in the handling of concurrent media was addressed with improved state handling. WebKit Bugzilla: 237524 CVE-2022-22677: an anonymous researcher
Wi-Fi Available for: macOS Monterey Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher
Wi-Fi Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval
Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26762: Wang Yu of Cyberserval
zip Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530
zlib Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy
zsh Available for: macOS Monterey Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444
Additional recognition
AppleMobileFileIntegrity We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
Bluetooth We would like to acknowledge Jann Horn of Project Zero for their assistance.
Calendar We would like to acknowledge Eugene Lim of Government Technology Agency of Singapore for their assistance.
FaceTime We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
FileVault We would like to acknowledge Benjamin Adolphi of Promon Germany GmbH for their assistance.
Login Window We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
Photo Booth We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
System Preferences We would like to acknowledge Mohammad Tausif Siddiqui (@toshsiddiqui), an anonymous researcher for their assistance.
WebKit We would like to acknowledge James Lee, an anonymous researcher for their assistance.
Wi-Fi We would like to acknowledge Dana Morrison for their assistance.
macOS Monterey 12.4 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p rhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg Ejpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI DyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma mH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+ rQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc 402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV J23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa 5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ opD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs Z5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f LHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4= =jaCZ -----END PGP SIGNATURE-----
. Summary:
An update for zsh is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - noarch Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more.
Security Fix(es):
- zsh: Prompt expansion vulnerability (CVE-2021-45444)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2054089 - CVE-2021-45444 zsh: Prompt expansion vulnerability
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
noarch: zsh-html-5.5.1-9.el8.noarch.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source: zsh-5.5.1-9.el8.src.rpm
aarch64: zsh-5.5.1-9.el8.aarch64.rpm zsh-debuginfo-5.5.1-9.el8.aarch64.rpm zsh-debugsource-5.5.1-9.el8.aarch64.rpm
ppc64le: zsh-5.5.1-9.el8.ppc64le.rpm zsh-debuginfo-5.5.1-9.el8.ppc64le.rpm zsh-debugsource-5.5.1-9.el8.ppc64le.rpm
s390x: zsh-5.5.1-9.el8.s390x.rpm zsh-debuginfo-5.5.1-9.el8.s390x.rpm zsh-debugsource-5.5.1-9.el8.s390x.rpm
x86_64: zsh-5.5.1-9.el8.x86_64.rpm zsh-debuginfo-5.5.1-9.el8.x86_64.rpm zsh-debugsource-5.5.1-9.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-45444 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. This would allow an attacker to execute arbitrary commands into a user's shell, for instance by tricking a vcs_info user into checking out a git branch with a specially crafted name.
For the oldstable distribution (buster), this problem has been fixed in version 5.7.1-1+deb10u1.
For the stable distribution (bullseye), this problem has been fixed in version 5.8-6+deb11u1.
We recommend that you upgrade your zsh packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202407-01
https://security.gentoo.org/
Severity: Normal Title: Zsh: Prompt Expansion Vulnerability Date: July 01, 2024 Bugs: #833252 ID: 202407-01
Synopsis
A vulnerability has been discovered in Zsh, which can lead to execution of arbitrary code.
Background
A shell designed for interactive use, although it is also a powerful scripting language.
Affected packages
Package Vulnerable Unaffected
app-shells/zsh < 5.8.1 >= 5.8.1
Description
Multiple vulnerabilities have been discovered in Zsh. Please review the CVE identifiers referenced below for details. VCS_Info to execute arbitrary shell commands without a user's knowledge.
Workaround
There is no known workaround at this time.
Resolution
All Zsh users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-shells/zsh-5.8.1"
References
[ 1 ] CVE-2021-45444 https://nvd.nist.gov/vuln/detail/CVE-2021-45444
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202407-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0062",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "zsh",
"scope": "lt",
"trust": 1.0,
"vendor": "zsh",
"version": "5.8.1"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "zsh",
"scope": null,
"trust": 0.8,
"vendor": "zsh",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005759"
},
{
"db": "NVD",
"id": "CVE-2021-45444"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167186"
},
{
"db": "PACKETSTORM",
"id": "167189"
}
],
"trust": 0.3
},
"cve": "CVE-2021-45444",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2021-45444",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-409075",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-45444",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-45444",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-45444",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-45444",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1108",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-409075",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-45444",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-409075"
},
{
"db": "VULMON",
"id": "CVE-2021-45444"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005759"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1108"
},
{
"db": "NVD",
"id": "CVE-2021-45444"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion. zsh Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ==========================================================================\nUbuntu Security Notice USN-5325-1\nMarch 14, 2022\n\nzsh vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Zsh. \n\nSoftware Description:\n- zsh: shell with lots of features\n\nDetails:\n\nSam Foxman discovered that Zsh incorrectly handled certain inputs. \nAn attacker could possibly use this issue to regain dropped privileges. \n(CVE-2019-20044)\n\nIt was discovered that Zsh incorrectly handled certain inputs. \nAn attacker could possibly use this issue to execute arbitrary code. \n(CVE-2021-45444)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n zsh 5.8-6ubuntu0.1\n zsh-static 5.8-6ubuntu0.1\n\nUbuntu 20.04 LTS:\n zsh 5.8-3ubuntu1.1\n zsh-static 5.8-3ubuntu1.1\n\nUbuntu 18.04 LTS:\n zsh 5.4.2-3ubuntu3.2\n zsh-static 5.4.2-3ubuntu3.2\n\nUbuntu 16.04 ESM:\n zsh 5.1.1-1ubuntu2.3+esm1\n zsh-static 5.1.1-1ubuntu2.3+esm1\n\nIn general, a standard system update will make all the necessary changes. Apple is aware of a report that this issue may\nhave been actively exploited. This was addressed with improved input\nvalidation. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-05-16-2 macOS Monterey 12.4\n\nmacOS Monterey 12.4 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213257. \n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26772: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2022-26741: ABC Research s.r.o\nCVE-2022-26742: ABC Research s.r.o\nCVE-2022-26749: ABC Research s.r.o\nCVE-2022-26750: ABC Research s.r.o\nCVE-2022-26752: ABC Research s.r.o\nCVE-2022-26753: ABC Research s.r.o\nCVE-2022-26754: ABC Research s.r.o\n\napache\nAvailable for: macOS Monterey\nImpact: Multiple issues in apache\nDescription: Multiple issues were addressed by updating apache to\nversion 2.4.53. \nCVE-2021-44224\nCVE-2021-44790\nCVE-2022-22719\nCVE-2022-22720\nCVE-2022-22721\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day\nInitiative\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26697: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-26698: Qi Sun of Trend Micro\n\nAVEVideoEncoder\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26736: an anonymous researcher\nCVE-2022-26737: an anonymous researcher\nCVE-2022-26738: an anonymous researcher\nCVE-2022-26739: an anonymous researcher\nCVE-2022-26740: an anonymous researcher\n\nContacts\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-26694: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nCVMS\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A memory initialization issue was addressed. \nCVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori\nCVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori\n\nDriverKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: An out-of-bounds access issue was addressed with\nimproved bounds checking. \nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\nImageIO\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow issue was addressed with improved\ninput validation. \nCVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend\nMicro Zero Day Initiative\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Photo location information may persist after it is removed\nwith Preview Inspector\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-26725: Andrew Williams and Avi Drissman of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26720: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26769: Antonio Zekic (@antoniozekic)\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26770: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro\nZero Day Initiative\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26756: Jack Dates of RET2 Systems, Inc\n\nIOKit\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab\n\nIOMobileFrameBuffer\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26768: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker that has already achieved code execution in macOS\nRecovery may be able to escalate to kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26743: Jordy Zomer (@pwningsystems)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs\n(@starlabs_sg)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-26757: Ned Williamson of Google Project Zero\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker that has already achieved kernel code execution\nmay be able to bypass kernel memory mitigations\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious attacker with arbitrary read and write capability\nmay be able to bypass Pointer Authentication\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)\n\nLaunchServices\nAvailable for: macOS Monterey\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions on third-party applications. \nCVE-2022-26706: Arsenii Kostromin (0x3c3e)\n\nLaunchServices\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-26767: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nlibresolv\nAvailable for: macOS Monterey\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)\nof the Google Security Team\nCVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team\n\nlibresolv\nAvailable for: macOS Monterey\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team\n\nLibreSSL\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2022-0778\n\nlibxml2\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-23308\n\nOpenSSL\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: This issue was addressed with improved checks. \nCVE-2022-0778\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26712: Mickey Jin (@patch1t)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-26727: Mickey Jin (@patch1t)\n\nPreview\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-26693: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nPrinting\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26746: @gorelics\n\nSafari Private Browsing\nAvailable for: macOS Monterey\nImpact: A malicious website may be able to track users in Safari\nprivate browsing mode\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-26731: an anonymous researcher\n\nSecurity\nAvailable for: macOS Monterey\nImpact: A malicious app may be able to bypass signature validation\nDescription: A certificate parsing issue was addressed with improved\nchecks. \nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26715: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSMB\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26718: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSMB\nAvailable for: macOS Monterey\nImpact: Mounting a maliciously crafted Samba network share may lead\nto arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26723: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access restricted\nfiles\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-26728: Mickey Jin (@patch1t)\n\nSpotlight\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: A validation issue existed in the handling of symlinks\nand was addressed with improved validation of symlinks. \nCVE-2022-26704: an anonymous researcher\n\nTCC\nAvailable for: macOS Monterey\nImpact: An app may be able to capture a user\u0027s screen\nDescription: This issue was addressed with improved checks. \nCVE-2022-26726: an anonymous researcher\n\nTcl\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: This issue was addressed with improved environment\nsanitization. \nCVE-2022-26755: Arsenii Kostromin (0x3c3e)\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 238178\nCVE-2022-26700: ryuzaki\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 236950\nCVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua\nwingtecher lab\nWebKit Bugzilla: 237475\nCVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua\nwingtecher lab\nWebKit Bugzilla: 238171\nCVE-2022-26717: Jeonghoon Shin of Theori\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 238183\nCVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab\nWebKit Bugzilla: 238699\nCVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech\n\nWebRTC\nAvailable for: macOS Monterey\nImpact: Video self-preview in a webRTC call may be interrupted if the\nuser answers a phone call\nDescription: A logic issue in the handling of concurrent media was\naddressed with improved state handling. \nWebKit Bugzilla: 237524\nCVE-2022-22677: an anonymous researcher\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may disclose restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26745: an anonymous researcher\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2022-26761: Wang Yu of Cyberserval\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2022-26762: Wang Yu of Cyberserval\n\nzip\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to a denial of\nservice\nDescription: A denial of service issue was addressed with improved\nstate handling. \nCVE-2022-0530\n\nzlib\nAvailable for: macOS Monterey\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-25032: Tavis Ormandy\n\nzsh\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: This issue was addressed by updating to zsh version\n5.8.1. \nCVE-2021-45444\n\nAdditional recognition\n\nAppleMobileFileIntegrity\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\nBluetooth\nWe would like to acknowledge Jann Horn of Project Zero for their\nassistance. \n\nCalendar\nWe would like to acknowledge Eugene Lim of Government Technology\nAgency of Singapore for their assistance. \n\nFaceTime\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\nFileVault\nWe would like to acknowledge Benjamin Adolphi of Promon Germany GmbH\nfor their assistance. \n\nLogin Window\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\nSystem Preferences\nWe would like to acknowledge Mohammad Tausif Siddiqui\n(@toshsiddiqui), an anonymous researcher for their assistance. \n\nWebKit\nWe would like to acknowledge James Lee, an anonymous researcher for\ntheir assistance. \n\nWi-Fi\nWe would like to acknowledge Dana Morrison for their assistance. \n\nmacOS Monterey 12.4 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p\nrhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg\nEjpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI\nDyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma\nmH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+\nrQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc\n402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV\nJ23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa\n5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ\nopD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs\nZ5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f\nLHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4=\n=jaCZ\n-----END PGP SIGNATURE-----\n\n\n. Summary:\n\nAn update for zsh is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - noarch\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe zsh shell is a command interpreter usable as an interactive login shell\nand as a shell script command processor. Zsh resembles the ksh shell (the\nKorn shell), but includes many enhancements. Zsh supports command-line\nediting, built-in spelling correction, programmable command completion,\nshell functions (with autoloading), a history mechanism, and more. \n\nSecurity Fix(es):\n\n* zsh: Prompt expansion vulnerability (CVE-2021-45444)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.6 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2054089 - CVE-2021-45444 zsh: Prompt expansion vulnerability\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nnoarch:\nzsh-html-5.5.1-9.el8.noarch.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nzsh-5.5.1-9.el8.src.rpm\n\naarch64:\nzsh-5.5.1-9.el8.aarch64.rpm\nzsh-debuginfo-5.5.1-9.el8.aarch64.rpm\nzsh-debugsource-5.5.1-9.el8.aarch64.rpm\n\nppc64le:\nzsh-5.5.1-9.el8.ppc64le.rpm\nzsh-debuginfo-5.5.1-9.el8.ppc64le.rpm\nzsh-debugsource-5.5.1-9.el8.ppc64le.rpm\n\ns390x:\nzsh-5.5.1-9.el8.s390x.rpm\nzsh-debuginfo-5.5.1-9.el8.s390x.rpm\nzsh-debugsource-5.5.1-9.el8.s390x.rpm\n\nx86_64:\nzsh-5.5.1-9.el8.x86_64.rpm\nzsh-debuginfo-5.5.1-9.el8.x86_64.rpm\nzsh-debugsource-5.5.1-9.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-45444\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. This would allow an\nattacker to execute arbitrary commands into a user\u0027s shell, for\ninstance by tricking a vcs_info user into checking out a git branch\nwith a specially crafted name. \n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 5.7.1-1+deb10u1. \n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 5.8-6+deb11u1. \n\nWe recommend that you upgrade your zsh packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202407-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Zsh: Prompt Expansion Vulnerability\n Date: July 01, 2024\n Bugs: #833252\n ID: 202407-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability has been discovered in Zsh, which can lead to execution\nof arbitrary code. \n\nBackground\n==========\n\nA shell designed for interactive use, although it is also a powerful\nscripting language. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n-------------- ------------ ------------\napp-shells/zsh \u003c 5.8.1 \u003e= 5.8.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Zsh. Please review the\nCVE identifiers referenced below for details. \nVCS_Info to execute arbitrary shell commands without a user\u0027s knowledge. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Zsh users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-shells/zsh-5.8.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2021-45444\n https://nvd.nist.gov/vuln/detail/CVE-2021-45444\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202407-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2024 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45444"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005759"
},
{
"db": "VULHUB",
"id": "VHN-409075"
},
{
"db": "VULMON",
"id": "CVE-2021-45444"
},
{
"db": "PACKETSTORM",
"id": "166306"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167186"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "167094"
},
{
"db": "PACKETSTORM",
"id": "169238"
},
{
"db": "PACKETSTORM",
"id": "179277"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-409075",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-409075"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-45444",
"trust": 4.1
},
{
"db": "PACKETSTORM",
"id": "166306",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167094",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167189",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005759",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.0681",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1072",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2411",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0717",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051165",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051703",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021702",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031621",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1108",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167186",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167188",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-409075",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-45444",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169238",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "179277",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-409075"
},
{
"db": "VULMON",
"id": "CVE-2021-45444"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005759"
},
{
"db": "PACKETSTORM",
"id": "166306"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167186"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "167094"
},
{
"db": "PACKETSTORM",
"id": "169238"
},
{
"db": "PACKETSTORM",
"id": "179277"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1108"
},
{
"db": "NVD",
"id": "CVE-2021-45444"
}
]
},
"id": "VAR-202202-0062",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-409075"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:47:52.821000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213256 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00020.html"
},
{
"title": "Zsh Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182545"
},
{
"title": "Ubuntu Security Notice: USN-5325-1: Zsh vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5325-1"
},
{
"title": "Debian Security Advisories: DSA-5078-1 zsh -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=f89e845aa4d22d94399dc0f12d04d8a6"
},
{
"title": "Red Hat: CVE-2021-45444",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-45444"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1757",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1757"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-034",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-034"
},
{
"title": "Apple: macOS Monterey 12.4",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=73857ee26a600b1527481f1deacc0619"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45444"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005759"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1108"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005759"
},
{
"db": "NVD",
"id": "CVE-2021-45444"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
},
{
"trust": 1.9,
"url": "https://www.debian.org/security/2022/dsa-5078"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213255"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213256"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213257"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/38"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/35"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/33"
},
{
"trust": 1.8,
"url": "https://vuln.ryotak.me/advisories/63"
},
{
"trust": 1.8,
"url": "https://zsh.sourceforge.io/releases.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00020.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bwf3exnbx5svfdbl4zfod4gjbwfukwn4/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2p3lpmgenehkdwfo4mwmzszl6g7y4cv7/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bwf3exnbx5svfdbl4zfod4gjbwfukwn4/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2p3lpmgenehkdwfo4mwmzszl6g7y4cv7/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-45444"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051703"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0681"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021702"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1072"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/zsh-code-execution-via-prompt-subst-expansion-37574"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213255"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167189/apple-security-advisory-2022-05-16-4.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0717"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166306/ubuntu-security-notice-usn-5325-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051165"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167094/red-hat-security-advisory-2022-2120-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2411"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031621"
},
{
"trust": 0.3,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0530"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26698"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26697"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5325-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22663"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22665"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26712"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26714"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26715"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20044"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/zsh/5.4.2-3ubuntu3.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/zsh/5.8-3ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/zsh/5.8-6ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213256."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26701"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26708"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22677"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213257."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26694"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26693"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26704"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26711"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213255."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26727"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26748"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26746"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2120"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/zsh"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202407-01"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-409075"
},
{
"db": "VULMON",
"id": "CVE-2021-45444"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005759"
},
{
"db": "PACKETSTORM",
"id": "166306"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167186"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "167094"
},
{
"db": "PACKETSTORM",
"id": "169238"
},
{
"db": "PACKETSTORM",
"id": "179277"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1108"
},
{
"db": "NVD",
"id": "CVE-2021-45444"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-409075"
},
{
"db": "VULMON",
"id": "CVE-2021-45444"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005759"
},
{
"db": "PACKETSTORM",
"id": "166306"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167186"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "167094"
},
{
"db": "PACKETSTORM",
"id": "169238"
},
{
"db": "PACKETSTORM",
"id": "179277"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1108"
},
{
"db": "NVD",
"id": "CVE-2021-45444"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-14T00:00:00",
"db": "VULHUB",
"id": "VHN-409075"
},
{
"date": "2022-02-14T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45444"
},
{
"date": "2023-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005759"
},
{
"date": "2022-03-14T19:00:12",
"db": "PACKETSTORM",
"id": "166306"
},
{
"date": "2022-05-17T16:59:42",
"db": "PACKETSTORM",
"id": "167188"
},
{
"date": "2022-05-17T16:58:15",
"db": "PACKETSTORM",
"id": "167186"
},
{
"date": "2022-05-17T16:59:55",
"db": "PACKETSTORM",
"id": "167189"
},
{
"date": "2022-05-11T16:52:46",
"db": "PACKETSTORM",
"id": "167094"
},
{
"date": "2022-02-28T20:12:00",
"db": "PACKETSTORM",
"id": "169238"
},
{
"date": "2024-07-01T14:49:01",
"db": "PACKETSTORM",
"id": "179277"
},
{
"date": "2022-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1108"
},
{
"date": "2022-02-14T12:15:15.750000",
"db": "NVD",
"id": "CVE-2021-45444"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-409075"
},
{
"date": "2022-05-17T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45444"
},
{
"date": "2023-06-12T06:01:00",
"db": "JVNDB",
"id": "JVNDB-2022-005759"
},
{
"date": "2022-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1108"
},
{
"date": "2024-11-21T06:32:13.110000",
"db": "NVD",
"id": "CVE-2021-45444"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1108"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "zsh\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005759"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1108"
}
],
"trust": 0.6
}
}
var-202106-1876
Vulnerability from variot
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow. Apache HTTP Server is an open source web server of the Apache Foundation. The server is fast, reliable and can be expanded through simple APIs. Attackers can use this vulnerability to trigger remote code execution or denial of service attacks. ========================================================================== Ubuntu Security Notice USN-4994-1 June 21, 2021
apache2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Apache HTTP Server.
Software Description: - apache2: Apache HTTP server
Details:
Marc Stern discovered that the Apache mod_proxy_http module incorrectly handled certain requests. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2020-13950)
Antonio Morales discovered that the Apache mod_auth_digest module incorrectly handled certain Digest nonces. (CVE-2020-35452)
Antonio Morales discovered that the Apache mod_session module incorrectly handled certain Cookie headers. (CVE-2021-26690)
Christophe Jaillet discovered that the Apache mod_session module incorrectly handled certain SessionHeader values. (CVE-2021-26691)
Christoph Anton Mitterer discovered that the new MergeSlashes configuration option resulted in unexpected behaviour in certain situations. (CVE-2021-30641)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: apache2 2.4.46-4ubuntu1.1 apache2-bin 2.4.46-4ubuntu1.1
Ubuntu 20.10: apache2 2.4.46-1ubuntu1.2 apache2-bin 2.4.46-1ubuntu1.2
Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.3 apache2-bin 2.4.41-4ubuntu3.3
Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.16 apache2-bin 2.4.29-1ubuntu4.16
In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-38
https://security.gentoo.org/
Severity: Low Title: Apache: Multiple vulnerabilities Date: July 17, 2021 Bugs: #795231 ID: 202107-38
Synopsis
Multiple vulnerabilities have been found in Apache, the worst of which could result in a Denial of Service condition.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/apache < 2.4.48 >= 2.4.48
Description
Multiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Apache users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.48"
References
[ 1 ] CVE-2019-17567 https://nvd.nist.gov/vuln/detail/CVE-2019-17567 [ 2 ] CVE-2020-13950 https://nvd.nist.gov/vuln/detail/CVE-2020-13950 [ 3 ] CVE-2020-35452 https://nvd.nist.gov/vuln/detail/CVE-2020-35452 [ 4 ] CVE-2021-26690 https://nvd.nist.gov/vuln/detail/CVE-2021-26690 [ 5 ] CVE-2021-26691 https://nvd.nist.gov/vuln/detail/CVE-2021-26691 [ 6 ] CVE-2021-30641 https://nvd.nist.gov/vuln/detail/CVE-2021-30641 [ 7 ] CVE-2021-31618 https://nvd.nist.gov/vuln/detail/CVE-2021-31618
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202107-38
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP10 security update Advisory ID: RHSA-2021:4613-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:4613 Issue date: 2021-11-10 CVE Names: CVE-2019-17567 CVE-2019-20838 CVE-2020-13950 CVE-2020-14155 CVE-2020-35452 CVE-2021-3712 CVE-2021-23840 CVE-2021-23841 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 =====================================================================
- Summary:
Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 zip release for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows is available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 Service Pack 10 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 9 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
- httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452)
- httpd: mod_session NULL pointer dereference in parser (CVE-2021-26690)
- httpd: Heap overflow in mod_session (CVE-2021-26691)
- httpd: mod_proxy_wstunnel tunneling of non Upgraded connection (CVE-2019-17567)
- httpd: MergeSlashes regression (CVE-2021-30641)
- httpd: mod_proxy NULL pointer dereference (CVE-2020-13950)
- jbcs-httpd24-openssl: openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)
- openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
- openssl: integer overflow in CipherUpdate (CVE-2021-23840)
- pcre: buffer over-read in JIT when UTF is disabled (CVE-2019-20838)
- pcre: integer overflow in libpcre (CVE-2020-14155)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
- Bugs fixed (https://bugzilla.redhat.com/):
1848436 - CVE-2020-14155 pcre: Integer overflow when parsing callout numeric arguments 1848444 - CVE-2019-20838 pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1966724 - CVE-2020-35452 httpd: Single zero byte stack overflow in mod_auth_digest 1966729 - CVE-2021-26690 httpd: mod_session: NULL pointer dereference when parsing Cookie header 1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value 1966738 - CVE-2020-13950 httpd: mod_proxy NULL pointer dereference 1966740 - CVE-2019-17567 httpd: mod_proxy_wstunnel tunneling of non Upgraded connection 1966743 - CVE-2021-30641 httpd: Unexpected URL matching with 'MergeSlashes OFF' 1995634 - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings
- References:
https://access.redhat.com/security/cve/CVE-2019-17567 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-13950 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-35452 https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/cve/CVE-2021-26690 https://access.redhat.com/security/cve/CVE-2021-26691 https://access.redhat.com/security/cve/CVE-2021-30641 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYYwp6tzjgjWX9erEAQiuXBAAqGRhaYNMW349nu//9/VgddwAWrILhsWM HVwFO+dFYzLft8tPDBBt6ibsTJXj/oNlIV0/THEOEVW6juFJH3SENUr6U9sc0LMg qzMiixqIfEGZl7rYSzVKlUnWwr4D4QQjOzQ95q/OQvz7RXpR40BdOx1F1C0fKs9T QyvpQB22hLBmEJqPRSAbRY3fM/aqApV3Y3woUpw/cSqsttaPB9UfdKfm6UBEAnLa 4mioFK/K/V6pjdKBjfHAIVTsdiqQmumF2m91MSzjicVdR5E8krzZot3c+h2h7mnU WPcSNLteylBQlIykK6btnirLZA6lXCv2YaJXDTI+YfJbI+Ywln/m/c+S6zk0cCoL dRS6vmmIXgYjMIEB2tix60OEXp6vIaEHAKqyOdIioMBT55X4o7kKOFH1AjZS8NiY OkKOiyvZ5JAKg1nRS82BeoA3l6HQAiwwP6kvDsyhbqWkYQEUZqK4dXFluP8B01NU vPvLNjZnGRpAKezHhMjOpaLFSvFPM9rU4trGCM5wkqFjcUksPvIKbf0JU99eKXje 1bMQveiB5gHk3/5zbXNfmdhdAYu9PRxk5rjL09oXjWd8rz/atGrZf/jb20vOPQ9S DW41MCGnMw5gZj+i/Z5mewGv0eUF7v9o0hEU0NQK7cc1EyiMf8mIyPeSbkTH55oT EuH/ObqPu58= =Q2rT -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For the stable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u5.
We recommend that you upgrade your apache2 packages.
For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDnMiAACgkQEMKTtsN8 TjbNqg/9Hrd2EqNC4ijkjHNI/B6K74GgElHVSNcF/vbOp0zmOHaRLaOr06rfXmz+ AYM9nJR4xNJQWaXKFXpCVNvmlaKKbgyiK1LFrslh4aOCVdaVxQIYlYEeOoHthc1K fZawY6qhGf4VrgSkTNhaKakNikpf4lqh7L14LUFSA0b9nRkAy7CtqGuOzgEaUR26 qRUjPewKCeE2QhMgA63ne+XxPUF4I2WYEV8SPdKRfPmMwFlUpwB8bvherjDV+53H ZRs81ZMHk05N1ESI2wYGSR/dh/xYqt/01cXJ636JR39AQR51beIVtxekzwTW/aPE mC2ZY7aH4rsLqcFe3bJcVPQjD0r/fHUVSex1Mnr7mETD5aHAohUfHLEEV1+qR8Cx gz8Z63k0KvmVNe7WetGzwsWnvOXnDdRr63qM0UqEkd3Tre0tLWXjmTUfdUcicAof NsXPtJT8eNwi+E9YmpY5IQRE88uQ2sk2NTGaQ4EetMpLqX5h7brF15OTVxqVbUPP sqAZpgz6lD2Y0P4tXGCYP3u+B48pcNqOS66JJNHO9gJgVu3O+MDQFss+Z5P5JKzI H/KJMv58eFlyP+SsGZbHcDuH/IN8ZMvJA4gsrtHDzRoowFBOS1zDXJjEYdAlzEyq B1SgwN1PXkxPDUAF2+z9dvAeEOrMUUhQhTOC4OnxFxPssSwHEps= =O0O+ -----END PGP SIGNATURE----- . 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
7
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1876",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "http server",
"scope": null,
"trust": 1.4,
"vendor": "apache",
"version": null
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.46"
},
{
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "zfs storage appliance kit",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "oracle enterprise manager ops center",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "instantis enterprisetrack",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-70102"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016879"
},
{
"db": "NVD",
"id": "CVE-2020-35452"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "164928"
},
{
"db": "PACKETSTORM",
"id": "164927"
},
{
"db": "PACKETSTORM",
"id": "167073"
}
],
"trust": 0.3
},
"cve": "CVE-2020-35452",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-35452",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2021-70102",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2020-35452",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-35452",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-35452",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-35452",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-70102",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-150",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-35452",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-70102"
},
{
"db": "VULMON",
"id": "CVE-2020-35452"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016879"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-150"
},
{
"db": "NVD",
"id": "CVE-2020-35452"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow. Apache HTTP Server is an open source web server of the Apache Foundation. The server is fast, reliable and can be expanded through simple APIs. Attackers can use this vulnerability to trigger remote code execution or denial of service attacks. ==========================================================================\nUbuntu Security Notice USN-4994-1\nJune 21, 2021\n\napache2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Apache HTTP Server. \n\nSoftware Description:\n- apache2: Apache HTTP server\n\nDetails:\n\nMarc Stern discovered that the Apache mod_proxy_http module incorrectly\nhandled certain requests. This issue only\naffected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2020-13950)\n\nAntonio Morales discovered that the Apache mod_auth_digest module\nincorrectly handled certain Digest nonces. \n(CVE-2020-35452)\n\nAntonio Morales discovered that the Apache mod_session module incorrectly\nhandled certain Cookie headers. \n(CVE-2021-26690)\n\nChristophe Jaillet discovered that the Apache mod_session module\nincorrectly handled certain SessionHeader values. (CVE-2021-26691)\n\nChristoph Anton Mitterer discovered that the new MergeSlashes configuration\noption resulted in unexpected behaviour in certain situations. \n(CVE-2021-30641)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n apache2 2.4.46-4ubuntu1.1\n apache2-bin 2.4.46-4ubuntu1.1\n\nUbuntu 20.10:\n apache2 2.4.46-1ubuntu1.2\n apache2-bin 2.4.46-1ubuntu1.2\n\nUbuntu 20.04 LTS:\n apache2 2.4.41-4ubuntu3.3\n apache2-bin 2.4.41-4ubuntu3.3\n\nUbuntu 18.04 LTS:\n apache2 2.4.29-1ubuntu4.16\n apache2-bin 2.4.29-1ubuntu4.16\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202107-38\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Apache: Multiple vulnerabilities\n Date: July 17, 2021\n Bugs: #795231\n ID: 202107-38\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Apache, the worst of which\ncould result in a Denial of Service condition. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/apache \u003c 2.4.48 \u003e= 2.4.48 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Apache. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.48\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-17567\n https://nvd.nist.gov/vuln/detail/CVE-2019-17567\n[ 2 ] CVE-2020-13950\n https://nvd.nist.gov/vuln/detail/CVE-2020-13950\n[ 3 ] CVE-2020-35452\n https://nvd.nist.gov/vuln/detail/CVE-2020-35452\n[ 4 ] CVE-2021-26690\n https://nvd.nist.gov/vuln/detail/CVE-2021-26690\n[ 5 ] CVE-2021-26691\n https://nvd.nist.gov/vuln/detail/CVE-2021-26691\n[ 6 ] CVE-2021-30641\n https://nvd.nist.gov/vuln/detail/CVE-2021-30641\n[ 7 ] CVE-2021-31618\n https://nvd.nist.gov/vuln/detail/CVE-2021-31618\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202107-38\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP10 security update\nAdvisory ID: RHSA-2021:4613-01\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:4613\nIssue date: 2021-11-10\nCVE Names: CVE-2019-17567 CVE-2019-20838 CVE-2020-13950 \n CVE-2020-14155 CVE-2020-35452 CVE-2021-3712 \n CVE-2021-23840 CVE-2021-23841 CVE-2021-26690 \n CVE-2021-26691 CVE-2021-30641 \n=====================================================================\n\n1. Summary:\n\nRed Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 zip\nrelease for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and\nMicrosoft Windows is available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 10\npackages that are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Apache\nHTTP Server 2.4.37 Service Pack 9 and includes bug fixes and enhancements. \nRefer to the Release Notes for information on the most significant bug\nfixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* httpd: Single zero byte stack overflow in mod_auth_digest\n(CVE-2020-35452)\n* httpd: mod_session NULL pointer dereference in parser (CVE-2021-26690)\n* httpd: Heap overflow in mod_session (CVE-2021-26691)\n* httpd: mod_proxy_wstunnel tunneling of non Upgraded connection\n(CVE-2019-17567)\n* httpd: MergeSlashes regression (CVE-2021-30641)\n* httpd: mod_proxy NULL pointer dereference (CVE-2020-13950)\n* jbcs-httpd24-openssl: openssl: NULL pointer dereference in\nX509_issuer_and_serial_hash() (CVE-2021-23841)\n* openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712)\n* openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n* pcre: buffer over-read in JIT when UTF is disabled (CVE-2019-20838)\n* pcre: integer overflow in libpcre (CVE-2020-14155)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1848436 - CVE-2020-14155 pcre: Integer overflow when parsing callout numeric arguments\n1848444 - CVE-2019-20838 pcre: Buffer over-read in JIT when UTF is disabled and \\X or \\R has fixed quantifier greater than 1\n1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate\n1966724 - CVE-2020-35452 httpd: Single zero byte stack overflow in mod_auth_digest\n1966729 - CVE-2021-26690 httpd: mod_session: NULL pointer dereference when parsing Cookie header\n1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value\n1966738 - CVE-2020-13950 httpd: mod_proxy NULL pointer dereference\n1966740 - CVE-2019-17567 httpd: mod_proxy_wstunnel tunneling of non Upgraded connection\n1966743 - CVE-2021-30641 httpd: Unexpected URL matching with \u0027MergeSlashes OFF\u0027\n1995634 - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-17567\nhttps://access.redhat.com/security/cve/CVE-2019-20838\nhttps://access.redhat.com/security/cve/CVE-2020-13950\nhttps://access.redhat.com/security/cve/CVE-2020-14155\nhttps://access.redhat.com/security/cve/CVE-2020-35452\nhttps://access.redhat.com/security/cve/CVE-2021-3712\nhttps://access.redhat.com/security/cve/CVE-2021-23840\nhttps://access.redhat.com/security/cve/CVE-2021-23841\nhttps://access.redhat.com/security/cve/CVE-2021-26690\nhttps://access.redhat.com/security/cve/CVE-2021-26691\nhttps://access.redhat.com/security/cve/CVE-2021-30641\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYYwp6tzjgjWX9erEAQiuXBAAqGRhaYNMW349nu//9/VgddwAWrILhsWM\nHVwFO+dFYzLft8tPDBBt6ibsTJXj/oNlIV0/THEOEVW6juFJH3SENUr6U9sc0LMg\nqzMiixqIfEGZl7rYSzVKlUnWwr4D4QQjOzQ95q/OQvz7RXpR40BdOx1F1C0fKs9T\nQyvpQB22hLBmEJqPRSAbRY3fM/aqApV3Y3woUpw/cSqsttaPB9UfdKfm6UBEAnLa\n4mioFK/K/V6pjdKBjfHAIVTsdiqQmumF2m91MSzjicVdR5E8krzZot3c+h2h7mnU\nWPcSNLteylBQlIykK6btnirLZA6lXCv2YaJXDTI+YfJbI+Ywln/m/c+S6zk0cCoL\ndRS6vmmIXgYjMIEB2tix60OEXp6vIaEHAKqyOdIioMBT55X4o7kKOFH1AjZS8NiY\nOkKOiyvZ5JAKg1nRS82BeoA3l6HQAiwwP6kvDsyhbqWkYQEUZqK4dXFluP8B01NU\nvPvLNjZnGRpAKezHhMjOpaLFSvFPM9rU4trGCM5wkqFjcUksPvIKbf0JU99eKXje\n1bMQveiB5gHk3/5zbXNfmdhdAYu9PRxk5rjL09oXjWd8rz/atGrZf/jb20vOPQ9S\nDW41MCGnMw5gZj+i/Z5mewGv0eUF7v9o0hEU0NQK7cc1EyiMf8mIyPeSbkTH55oT\nEuH/ObqPu58=\n=Q2rT\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.4.38-3+deb10u5. \n\nWe recommend that you upgrade your apache2 packages. \n\nFor the detailed security status of apache2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDnMiAACgkQEMKTtsN8\nTjbNqg/9Hrd2EqNC4ijkjHNI/B6K74GgElHVSNcF/vbOp0zmOHaRLaOr06rfXmz+\nAYM9nJR4xNJQWaXKFXpCVNvmlaKKbgyiK1LFrslh4aOCVdaVxQIYlYEeOoHthc1K\nfZawY6qhGf4VrgSkTNhaKakNikpf4lqh7L14LUFSA0b9nRkAy7CtqGuOzgEaUR26\nqRUjPewKCeE2QhMgA63ne+XxPUF4I2WYEV8SPdKRfPmMwFlUpwB8bvherjDV+53H\nZRs81ZMHk05N1ESI2wYGSR/dh/xYqt/01cXJ636JR39AQR51beIVtxekzwTW/aPE\nmC2ZY7aH4rsLqcFe3bJcVPQjD0r/fHUVSex1Mnr7mETD5aHAohUfHLEEV1+qR8Cx\ngz8Z63k0KvmVNe7WetGzwsWnvOXnDdRr63qM0UqEkd3Tre0tLWXjmTUfdUcicAof\nNsXPtJT8eNwi+E9YmpY5IQRE88uQ2sk2NTGaQ4EetMpLqX5h7brF15OTVxqVbUPP\nsqAZpgz6lD2Y0P4tXGCYP3u+B48pcNqOS66JJNHO9gJgVu3O+MDQFss+Z5P5JKzI\nH/KJMv58eFlyP+SsGZbHcDuH/IN8ZMvJA4gsrtHDzRoowFBOS1zDXJjEYdAlzEyq\nB1SgwN1PXkxPDUAF2+z9dvAeEOrMUUhQhTOC4OnxFxPssSwHEps=\n=O0O+\n-----END PGP SIGNATURE-----\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35452"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016879"
},
{
"db": "CNVD",
"id": "CNVD-2021-70102"
},
{
"db": "VULMON",
"id": "CVE-2020-35452"
},
{
"db": "PACKETSTORM",
"id": "163227"
},
{
"db": "PACKETSTORM",
"id": "163231"
},
{
"db": "PACKETSTORM",
"id": "163530"
},
{
"db": "PACKETSTORM",
"id": "164928"
},
{
"db": "PACKETSTORM",
"id": "164927"
},
{
"db": "PACKETSTORM",
"id": "169090"
},
{
"db": "PACKETSTORM",
"id": "167073"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35452",
"trust": 4.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/06/10/5",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU96037838",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016879",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163227",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163530",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164927",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167073",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-70102",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060713",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021111102",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071702",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060321",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071308",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071201",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051150",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2229",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3846",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2341",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2097",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2153",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2348",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202106-150",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-35452",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163231",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164928",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169090",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-70102"
},
{
"db": "VULMON",
"id": "CVE-2020-35452"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016879"
},
{
"db": "PACKETSTORM",
"id": "163227"
},
{
"db": "PACKETSTORM",
"id": "163231"
},
{
"db": "PACKETSTORM",
"id": "163530"
},
{
"db": "PACKETSTORM",
"id": "164928"
},
{
"db": "PACKETSTORM",
"id": "164927"
},
{
"db": "PACKETSTORM",
"id": "169090"
},
{
"db": "PACKETSTORM",
"id": "167073"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-150"
},
{
"db": "NVD",
"id": "CVE-2020-35452"
}
]
},
"id": "VAR-202106-1876",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-70102"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-70102"
}
]
},
"last_update_date": "2024-08-14T12:41:50.907000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0October\u00a02021",
"trust": 0.8,
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"title": "Patch for Apache HTTP Server stack overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/290416"
},
{
"title": "Apache HTTP Server Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155204"
},
{
"title": "Red Hat: Moderate: httpd:2.4 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221915 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-35452 log"
},
{
"title": "Debian Security Advisories: DSA-4937-1 apache2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=09601b67947dc3a4a0ebcea7ceece30e"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1514",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1514"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1674",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1674"
},
{
"title": "PROJET TUTEURE",
"trust": 0.1,
"url": "https://github.com/PierreChrd/py-projet-tut "
},
{
"title": "External Penetration Testing - Holo Corporate Network - TryHackMe - Holo Network",
"trust": 0.1,
"url": "https://github.com/austin-lai/External-Penetration-Testing-Holo-Corporate-Network-TryHackMe-Holo-Network "
},
{
"title": "Tier 0\nTier 1\nTier 2",
"trust": 0.1,
"url": "https://github.com/Totes5706/TotesHTB "
},
{
"title": "Skynet",
"trust": 0.1,
"url": "https://github.com/bioly230/THM_Skynet "
},
{
"title": "Shodan Search Script",
"trust": 0.1,
"url": "https://github.com/firatesatoglu/shodanSearch "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-70102"
},
{
"db": "VULMON",
"id": "CVE-2020-35452"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016879"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-150"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016879"
},
{
"db": "NVD",
"id": "CVE-2020-35452"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.openwall.com/lists/oss-security/2021/06/10/5"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202107-38"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210702-0001/"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2021/dsa-4937"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35452"
},
{
"trust": 1.2,
"url": "https://vigilance.fr/vulnerability/apache-http-server-multiple-vulnerabilities-35605"
},
{
"trust": 1.1,
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rccb1b8225583a48c6360edc7a93cc97ae8b0215791e455dc607e7602%40%3cannounce.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3cdev.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2020-35452"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96037838/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26690"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30641"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26691"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3ccvs."
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "http://"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3cdev."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rccb1b8225583a48c6360edc7a93cc97ae8b0215791e455dc607e7602@%3cannounce."
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164927/red-hat-security-advisory-2021-4614-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021111102"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163530/gentoo-linux-security-advisory-202107-38.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060713"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2229"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3846"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2348"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071201"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163227/ubuntu-security-notice-usn-4994-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2341"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2153"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071308"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2097"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071702"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051150"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060321"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167073/red-hat-security-advisory-2022-1915-01.html"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13950"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17567"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2022:1915"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-4994-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31618"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17567"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-26691"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-26690"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30641"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13950"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3712"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/austin-lai/external-penetration-testing-holo-corporate-network-tryhackme-holo-network"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2020-35452"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-1ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.16"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4994-2"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4613"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4614"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/apache2"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33193"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44224"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-70102"
},
{
"db": "VULMON",
"id": "CVE-2020-35452"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016879"
},
{
"db": "PACKETSTORM",
"id": "163227"
},
{
"db": "PACKETSTORM",
"id": "163231"
},
{
"db": "PACKETSTORM",
"id": "163530"
},
{
"db": "PACKETSTORM",
"id": "164928"
},
{
"db": "PACKETSTORM",
"id": "164927"
},
{
"db": "PACKETSTORM",
"id": "169090"
},
{
"db": "PACKETSTORM",
"id": "167073"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-150"
},
{
"db": "NVD",
"id": "CVE-2020-35452"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-70102"
},
{
"db": "VULMON",
"id": "CVE-2020-35452"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016879"
},
{
"db": "PACKETSTORM",
"id": "163227"
},
{
"db": "PACKETSTORM",
"id": "163231"
},
{
"db": "PACKETSTORM",
"id": "163530"
},
{
"db": "PACKETSTORM",
"id": "164928"
},
{
"db": "PACKETSTORM",
"id": "164927"
},
{
"db": "PACKETSTORM",
"id": "169090"
},
{
"db": "PACKETSTORM",
"id": "167073"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-150"
},
{
"db": "NVD",
"id": "CVE-2020-35452"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-70102"
},
{
"date": "2021-06-10T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35452"
},
{
"date": "2022-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-016879"
},
{
"date": "2021-06-21T19:22:22",
"db": "PACKETSTORM",
"id": "163227"
},
{
"date": "2021-06-22T19:17:24",
"db": "PACKETSTORM",
"id": "163231"
},
{
"date": "2021-07-17T10:11:11",
"db": "PACKETSTORM",
"id": "163530"
},
{
"date": "2021-11-11T14:53:24",
"db": "PACKETSTORM",
"id": "164928"
},
{
"date": "2021-11-11T14:53:11",
"db": "PACKETSTORM",
"id": "164927"
},
{
"date": "2021-07-28T19:12:00",
"db": "PACKETSTORM",
"id": "169090"
},
{
"date": "2022-05-11T16:37:39",
"db": "PACKETSTORM",
"id": "167073"
},
{
"date": "2021-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-150"
},
{
"date": "2021-06-10T07:15:07.493000",
"db": "NVD",
"id": "CVE-2020-35452"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-70102"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35452"
},
{
"date": "2022-02-25T02:36:00",
"db": "JVNDB",
"id": "JVNDB-2020-016879"
},
{
"date": "2022-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-150"
},
{
"date": "2023-11-07T03:21:54.650000",
"db": "NVD",
"id": "CVE-2020-35452"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "163227"
},
{
"db": "PACKETSTORM",
"id": "163231"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-150"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache\u00a0HTTP\u00a0Server\u00a0 of \u00a0mod_auth_digest\u00a0 Stack Overflow Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016879"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-150"
}
],
"trust": 0.6
}
}
var-202203-0665
Vulnerability from variot
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection. BIND , even after the client closes the connection. Bogus NS records supplied by the forwarders may be cached and used by name if it needs to recurse for any reason. This issue causes it to obtain and pass on potentially incorrect answers. This flaw allows a remote malicious user to manipulate cache results with incorrect records, leading to queries made to the wrong servers, possibly resulting in false information received on the client's end. This issue results in BIND consuming resources, leading to a denial of service. (CVE-2022-0396). ========================================================================== Ubuntu Security Notice USN-5332-1 March 17, 2022
bind9 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Bind.
Software Description: - bind9: Internet Domain Name Server
Details:
Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind incorrectly handled certain bogus NS records when using forwarders. A remote attacker could possibly use this issue to manipulate cache results. This issue only affected Ubuntu 21.10. (CVE-2022-0396)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: bind9 1:9.16.15-1ubuntu1.2
Ubuntu 20.04 LTS: bind9 1:9.16.1-0ubuntu2.10
Ubuntu 18.04 LTS: bind9 1:9.11.3+dfsg-1ubuntu1.17
In general, a standard system update will make all the necessary changes.
For the oldstable distribution (buster), this problem has been fixed in version 1:9.11.5.P4+dfsg-5.1+deb10u7.
For the stable distribution (bullseye), this problem has been fixed in version 1:9.16.27-1~deb11u1.
We recommend that you upgrade your bind9 packages.
For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmI010UACgkQEMKTtsN8 Tjbp3xAAil38qfAIdNkaIxY2bauvTyZDWzr6KUjph0vzmLEoAFQ3bysVSGlCnZk9 IgdyfPRWQ+Bjau1/dlhNYaTlnQajbeyvCXfJcjRRgtUDCp7abZcOcb1WDu8jWLGW iRtKsvKKrTKkIou5LgDlyqZyf6OzjgRdwtm86GDPQiCaSEpmbRt+APj5tkIA9R1G ELWuZsjbIraBU0TsNfOalgNpAWtSBayxKtWB69J8rxUV69JI194A4AJ0wm9SPpFV G/TzlyHp1dUZJRLNmZOZU/dq4pPsXzh9I4QCg1kJWsVHe2ycAJKho6hr5iy43fNl MuokfI9YnU6/9SjHrQAWp1X/6MYCR8NieJ933W89/Zb8eTjTZC8EQGo6fkA287G8 glQOrJHMQyV+b97lT67+ioTHNzTEBXTih7ZDeC1TlLqypCNYhRF/ll0Hx/oeiJFU rbjh2Og9huhD5JH8z8YAvY2g81e7KdPxazuKJnQpxGutqddCuwBvyI9fovYrah9W bYD6rskLZM2x90RI2LszHisl6FV5k37PaczamlRqGgbbMb9YlnDFjJUbM8rZZgD4 +8u/AkHq2+11pTtZ40NYt1gpdidmIC/gzzha2TfZCHMs44KPMMdH+Fid1Kc6/Cq8 QygtL4M387J9HXUrlN7NDUOrDVuVqfBG+ve3i9GCZzYjwtajTAQ= =6st2 -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-25
https://security.gentoo.org/
Severity: Low Title: ISC BIND: Multiple Vulnerabilities Date: October 31, 2022 Bugs: #820563, #835439, #872206 ID: 202210-25
Synopsis
Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/bind < 9.16.33 >= 9.16.33 2 net-dns/bind-tools < 9.16.33 >= 9.16.33
Description
Multiple vulnerabilities have been discovered in ISC BIND. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All ISC BIND users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-9.16.33"
All ISC BIND-tools users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-tools-9.16.33"
References
[ 1 ] CVE-2021-25219 https://nvd.nist.gov/vuln/detail/CVE-2021-25219 [ 2 ] CVE-2021-25220 https://nvd.nist.gov/vuln/detail/CVE-2021-25220 [ 3 ] CVE-2022-0396 https://nvd.nist.gov/vuln/detail/CVE-2022-0396 [ 4 ] CVE-2022-2795 https://nvd.nist.gov/vuln/detail/CVE-2022-2795 [ 5 ] CVE-2022-2881 https://nvd.nist.gov/vuln/detail/CVE-2022-2881 [ 6 ] CVE-2022-2906 https://nvd.nist.gov/vuln/detail/CVE-2022-2906 [ 7 ] CVE-2022-3080 https://nvd.nist.gov/vuln/detail/CVE-2022-3080 [ 8 ] CVE-2022-38177 https://nvd.nist.gov/vuln/detail/CVE-2022-38177 [ 9 ] CVE-2022-38178 https://nvd.nist.gov/vuln/detail/CVE-2022-38178
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202210-25
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: bind security update Advisory ID: RHSA-2022:8068-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8068 Issue date: 2022-11-15 CVE Names: CVE-2021-25220 CVE-2022-0396 ==================================================================== 1. Summary:
An update for bind is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
Security Fix(es):
-
bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220)
-
bind: DoS from specifically crafted TCP packets (CVE-2022-0396)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, the BIND daemon (named) will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
2064512 - CVE-2021-25220 bind: DNS forwarders - cache poisoning vulnerability 2064513 - CVE-2022-0396 bind: DoS from specifically crafted TCP packets 2104863 - bind-doc is not shipped to public
- Package List:
Red Hat Enterprise Linux AppStream (v. 9):
Source: bind-9.16.23-5.el9_1.src.rpm
aarch64: bind-9.16.23-5.el9_1.aarch64.rpm bind-chroot-9.16.23-5.el9_1.aarch64.rpm bind-debuginfo-9.16.23-5.el9_1.aarch64.rpm bind-debugsource-9.16.23-5.el9_1.aarch64.rpm bind-dnssec-utils-9.16.23-5.el9_1.aarch64.rpm bind-dnssec-utils-debuginfo-9.16.23-5.el9_1.aarch64.rpm bind-libs-9.16.23-5.el9_1.aarch64.rpm bind-libs-debuginfo-9.16.23-5.el9_1.aarch64.rpm bind-utils-9.16.23-5.el9_1.aarch64.rpm bind-utils-debuginfo-9.16.23-5.el9_1.aarch64.rpm
noarch: bind-dnssec-doc-9.16.23-5.el9_1.noarch.rpm bind-license-9.16.23-5.el9_1.noarch.rpm python3-bind-9.16.23-5.el9_1.noarch.rpm
ppc64le: bind-9.16.23-5.el9_1.ppc64le.rpm bind-chroot-9.16.23-5.el9_1.ppc64le.rpm bind-debuginfo-9.16.23-5.el9_1.ppc64le.rpm bind-debugsource-9.16.23-5.el9_1.ppc64le.rpm bind-dnssec-utils-9.16.23-5.el9_1.ppc64le.rpm bind-dnssec-utils-debuginfo-9.16.23-5.el9_1.ppc64le.rpm bind-libs-9.16.23-5.el9_1.ppc64le.rpm bind-libs-debuginfo-9.16.23-5.el9_1.ppc64le.rpm bind-utils-9.16.23-5.el9_1.ppc64le.rpm bind-utils-debuginfo-9.16.23-5.el9_1.ppc64le.rpm
s390x: bind-9.16.23-5.el9_1.s390x.rpm bind-chroot-9.16.23-5.el9_1.s390x.rpm bind-debuginfo-9.16.23-5.el9_1.s390x.rpm bind-debugsource-9.16.23-5.el9_1.s390x.rpm bind-dnssec-utils-9.16.23-5.el9_1.s390x.rpm bind-dnssec-utils-debuginfo-9.16.23-5.el9_1.s390x.rpm bind-libs-9.16.23-5.el9_1.s390x.rpm bind-libs-debuginfo-9.16.23-5.el9_1.s390x.rpm bind-utils-9.16.23-5.el9_1.s390x.rpm bind-utils-debuginfo-9.16.23-5.el9_1.s390x.rpm
x86_64: bind-9.16.23-5.el9_1.x86_64.rpm bind-chroot-9.16.23-5.el9_1.x86_64.rpm bind-debuginfo-9.16.23-5.el9_1.x86_64.rpm bind-debugsource-9.16.23-5.el9_1.x86_64.rpm bind-dnssec-utils-9.16.23-5.el9_1.x86_64.rpm bind-dnssec-utils-debuginfo-9.16.23-5.el9_1.x86_64.rpm bind-libs-9.16.23-5.el9_1.x86_64.rpm bind-libs-debuginfo-9.16.23-5.el9_1.x86_64.rpm bind-utils-9.16.23-5.el9_1.x86_64.rpm bind-utils-debuginfo-9.16.23-5.el9_1.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 9):
aarch64: bind-debuginfo-9.16.23-5.el9_1.aarch64.rpm bind-debugsource-9.16.23-5.el9_1.aarch64.rpm bind-devel-9.16.23-5.el9_1.aarch64.rpm bind-dnssec-utils-debuginfo-9.16.23-5.el9_1.aarch64.rpm bind-libs-debuginfo-9.16.23-5.el9_1.aarch64.rpm bind-utils-debuginfo-9.16.23-5.el9_1.aarch64.rpm
noarch: bind-doc-9.16.23-5.el9_1.noarch.rpm
ppc64le: bind-debuginfo-9.16.23-5.el9_1.ppc64le.rpm bind-debugsource-9.16.23-5.el9_1.ppc64le.rpm bind-devel-9.16.23-5.el9_1.ppc64le.rpm bind-dnssec-utils-debuginfo-9.16.23-5.el9_1.ppc64le.rpm bind-libs-debuginfo-9.16.23-5.el9_1.ppc64le.rpm bind-utils-debuginfo-9.16.23-5.el9_1.ppc64le.rpm
s390x: bind-debuginfo-9.16.23-5.el9_1.s390x.rpm bind-debugsource-9.16.23-5.el9_1.s390x.rpm bind-devel-9.16.23-5.el9_1.s390x.rpm bind-dnssec-utils-debuginfo-9.16.23-5.el9_1.s390x.rpm bind-libs-debuginfo-9.16.23-5.el9_1.s390x.rpm bind-utils-debuginfo-9.16.23-5.el9_1.s390x.rpm
x86_64: bind-debuginfo-9.16.23-5.el9_1.i686.rpm bind-debuginfo-9.16.23-5.el9_1.x86_64.rpm bind-debugsource-9.16.23-5.el9_1.i686.rpm bind-debugsource-9.16.23-5.el9_1.x86_64.rpm bind-devel-9.16.23-5.el9_1.i686.rpm bind-devel-9.16.23-5.el9_1.x86_64.rpm bind-dnssec-utils-debuginfo-9.16.23-5.el9_1.i686.rpm bind-dnssec-utils-debuginfo-9.16.23-5.el9_1.x86_64.rpm bind-libs-9.16.23-5.el9_1.i686.rpm bind-libs-debuginfo-9.16.23-5.el9_1.i686.rpm bind-libs-debuginfo-9.16.23-5.el9_1.x86_64.rpm bind-utils-debuginfo-9.16.23-5.el9_1.i686.rpm bind-utils-debuginfo-9.16.23-5.el9_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-25220 https://access.redhat.com/security/cve/CVE-2022-0396 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBY3PhLdzjgjWX9erEAQhVSw/9HlIwMZZuRgTsbY2yARvJ+sRk08hViRo6 ++sV0vMtt3ym5eQES1al4uwAFbVH3B+EZLVuox02PnKVvIM35QnzVFxSa24HToTp l3tl+c9QnDwx3VGceX9og5o/ezSKqT8UeMQF/gamcB5kwGbbeb+Gp7cpSyXsmjB1 h418DMq/BBE1kLx2MAmIAn/r8x8ISsRbk3j96VEtLrQDtbSKCrE7jmQMaGRB4NhK 4pcgEdcVC6mpBIBRSoLqSVvY9cEdbWqB2LBKArSic/GS2RFfXiSTbPP+kHhd8WHF 0pHQpQa2CXqWuoyrk4cmlvyqmp+C1oCuwsjUWm3dIouIpLU3P1PH3Xua+DMcHfNl z3wW5E8hihVQ7taw/c6jKMlIrPVzdNM7zfdqV4PBoMQ6y6nPDP23wNGIBMIArjO/ n841K1Lzp1vrChLKgtYOK4H/s6Fbtb/+fe6Q5wOVPPEeksfoKzjJjZj/J7J+RymH Bd6n+f9iMQzOkj9zb6cgrvt2aLcr29XHfcCRH81i/CEPAEFGT86qOXqIZO0+qV/u qhHDKy3rLqYsOR4BlwhFhovUGCt8rBJ8LOiZlUTxzNG4PNze4F1hG1d0qzYQv0Iw zfOrgT8NGDmGCt2nwtmy813NDmzVegwrS7w0ayLzpcwcJMVOoO0nKi5kzX1slEyu rbPwX0ROLTo=0klO -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0665",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "sinec ins",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.16.11"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "bind",
"scope": "lte",
"trust": 1.0,
"vendor": "isc",
"version": "9.18.0"
},
{
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "sinec ins",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.17.0"
},
{
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "bind",
"scope": "lt",
"trust": 1.0,
"vendor": "isc",
"version": "9.16.27"
},
{
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "bind",
"scope": null,
"trust": 0.8,
"vendor": "isc",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "esmpro/serveragent",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001799"
},
{
"db": "NVD",
"id": "CVE-2022-0396"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1543"
}
],
"trust": 0.6
},
"cve": "CVE-2022-0396",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0396",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-0396",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2022-001799",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0396",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security-officer@isc.org",
"id": "CVE-2022-0396",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-0396",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1543",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0396",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0396"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001799"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1543"
},
{
"db": "NVD",
"id": "CVE-2022-0396"
},
{
"db": "NVD",
"id": "CVE-2022-0396"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BIND 9.16.11 -\u003e 9.16.26, 9.17.0 -\u003e 9.18.0 and versions 9.16.11-S1 -\u003e 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection. BIND , even after the client closes the connection. Bogus NS records supplied by the forwarders may be cached and used by name if it needs to recurse for any reason. This issue causes it to obtain and pass on potentially incorrect answers. This flaw allows a remote malicious user to manipulate cache results with incorrect records, leading to queries made to the wrong servers, possibly resulting in false information received on the client\u0027s end. This issue results in BIND consuming resources, leading to a denial of service. (CVE-2022-0396). ==========================================================================\nUbuntu Security Notice USN-5332-1\nMarch 17, 2022\n\nbind9 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Bind. \n\nSoftware Description:\n- bind9: Internet Domain Name Server\n\nDetails:\n\nXiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind\nincorrectly handled certain bogus NS records when using forwarders. A\nremote attacker could possibly use this issue to manipulate cache results. This issue only affected\nUbuntu 21.10. (CVE-2022-0396)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n bind9 1:9.16.15-1ubuntu1.2\n\nUbuntu 20.04 LTS:\n bind9 1:9.16.1-0ubuntu2.10\n\nUbuntu 18.04 LTS:\n bind9 1:9.11.3+dfsg-1ubuntu1.17\n\nIn general, a standard system update will make all the necessary changes. \n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 1:9.11.5.P4+dfsg-5.1+deb10u7. \n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 1:9.16.27-1~deb11u1. \n\nWe recommend that you upgrade your bind9 packages. \n\nFor the detailed security status of bind9 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/bind9\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmI010UACgkQEMKTtsN8\nTjbp3xAAil38qfAIdNkaIxY2bauvTyZDWzr6KUjph0vzmLEoAFQ3bysVSGlCnZk9\nIgdyfPRWQ+Bjau1/dlhNYaTlnQajbeyvCXfJcjRRgtUDCp7abZcOcb1WDu8jWLGW\niRtKsvKKrTKkIou5LgDlyqZyf6OzjgRdwtm86GDPQiCaSEpmbRt+APj5tkIA9R1G\nELWuZsjbIraBU0TsNfOalgNpAWtSBayxKtWB69J8rxUV69JI194A4AJ0wm9SPpFV\nG/TzlyHp1dUZJRLNmZOZU/dq4pPsXzh9I4QCg1kJWsVHe2ycAJKho6hr5iy43fNl\nMuokfI9YnU6/9SjHrQAWp1X/6MYCR8NieJ933W89/Zb8eTjTZC8EQGo6fkA287G8\nglQOrJHMQyV+b97lT67+ioTHNzTEBXTih7ZDeC1TlLqypCNYhRF/ll0Hx/oeiJFU\nrbjh2Og9huhD5JH8z8YAvY2g81e7KdPxazuKJnQpxGutqddCuwBvyI9fovYrah9W\nbYD6rskLZM2x90RI2LszHisl6FV5k37PaczamlRqGgbbMb9YlnDFjJUbM8rZZgD4\n+8u/AkHq2+11pTtZ40NYt1gpdidmIC/gzzha2TfZCHMs44KPMMdH+Fid1Kc6/Cq8\nQygtL4M387J9HXUrlN7NDUOrDVuVqfBG+ve3i9GCZzYjwtajTAQ=\n=6st2\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202210-25\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: ISC BIND: Multiple Vulnerabilities\n Date: October 31, 2022\n Bugs: #820563, #835439, #872206\n ID: 202210-25\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in ISC BIND, the worst of\nwhich could result in denial of service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-dns/bind \u003c 9.16.33 \u003e= 9.16.33\n 2 net-dns/bind-tools \u003c 9.16.33 \u003e= 9.16.33\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in ISC BIND. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll ISC BIND users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-dns/bind-9.16.33\"\n\nAll ISC BIND-tools users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-dns/bind-tools-9.16.33\"\n\nReferences\n==========\n\n[ 1 ] CVE-2021-25219\n https://nvd.nist.gov/vuln/detail/CVE-2021-25219\n[ 2 ] CVE-2021-25220\n https://nvd.nist.gov/vuln/detail/CVE-2021-25220\n[ 3 ] CVE-2022-0396\n https://nvd.nist.gov/vuln/detail/CVE-2022-0396\n[ 4 ] CVE-2022-2795\n https://nvd.nist.gov/vuln/detail/CVE-2022-2795\n[ 5 ] CVE-2022-2881\n https://nvd.nist.gov/vuln/detail/CVE-2022-2881\n[ 6 ] CVE-2022-2906\n https://nvd.nist.gov/vuln/detail/CVE-2022-2906\n[ 7 ] CVE-2022-3080\n https://nvd.nist.gov/vuln/detail/CVE-2022-3080\n[ 8 ] CVE-2022-38177\n https://nvd.nist.gov/vuln/detail/CVE-2022-38177\n[ 9 ] CVE-2022-38178\n https://nvd.nist.gov/vuln/detail/CVE-2022-38178\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202210-25\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: bind security update\nAdvisory ID: RHSA-2022:8068-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:8068\nIssue date: 2022-11-15\nCVE Names: CVE-2021-25220 CVE-2022-0396\n====================================================================\n1. Summary:\n\nAn update for bind is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat CodeReady Linux Builder (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly. \n\nSecurity Fix(es):\n\n* bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220)\n\n* bind: DoS from specifically crafted TCP packets (CVE-2022-0396)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 9.1 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, the BIND daemon (named) will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2064512 - CVE-2021-25220 bind: DNS forwarders - cache poisoning vulnerability\n2064513 - CVE-2022-0396 bind: DoS from specifically crafted TCP packets\n2104863 - bind-doc is not shipped to public\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\nSource:\nbind-9.16.23-5.el9_1.src.rpm\n\naarch64:\nbind-9.16.23-5.el9_1.aarch64.rpm\nbind-chroot-9.16.23-5.el9_1.aarch64.rpm\nbind-debuginfo-9.16.23-5.el9_1.aarch64.rpm\nbind-debugsource-9.16.23-5.el9_1.aarch64.rpm\nbind-dnssec-utils-9.16.23-5.el9_1.aarch64.rpm\nbind-dnssec-utils-debuginfo-9.16.23-5.el9_1.aarch64.rpm\nbind-libs-9.16.23-5.el9_1.aarch64.rpm\nbind-libs-debuginfo-9.16.23-5.el9_1.aarch64.rpm\nbind-utils-9.16.23-5.el9_1.aarch64.rpm\nbind-utils-debuginfo-9.16.23-5.el9_1.aarch64.rpm\n\nnoarch:\nbind-dnssec-doc-9.16.23-5.el9_1.noarch.rpm\nbind-license-9.16.23-5.el9_1.noarch.rpm\npython3-bind-9.16.23-5.el9_1.noarch.rpm\n\nppc64le:\nbind-9.16.23-5.el9_1.ppc64le.rpm\nbind-chroot-9.16.23-5.el9_1.ppc64le.rpm\nbind-debuginfo-9.16.23-5.el9_1.ppc64le.rpm\nbind-debugsource-9.16.23-5.el9_1.ppc64le.rpm\nbind-dnssec-utils-9.16.23-5.el9_1.ppc64le.rpm\nbind-dnssec-utils-debuginfo-9.16.23-5.el9_1.ppc64le.rpm\nbind-libs-9.16.23-5.el9_1.ppc64le.rpm\nbind-libs-debuginfo-9.16.23-5.el9_1.ppc64le.rpm\nbind-utils-9.16.23-5.el9_1.ppc64le.rpm\nbind-utils-debuginfo-9.16.23-5.el9_1.ppc64le.rpm\n\ns390x:\nbind-9.16.23-5.el9_1.s390x.rpm\nbind-chroot-9.16.23-5.el9_1.s390x.rpm\nbind-debuginfo-9.16.23-5.el9_1.s390x.rpm\nbind-debugsource-9.16.23-5.el9_1.s390x.rpm\nbind-dnssec-utils-9.16.23-5.el9_1.s390x.rpm\nbind-dnssec-utils-debuginfo-9.16.23-5.el9_1.s390x.rpm\nbind-libs-9.16.23-5.el9_1.s390x.rpm\nbind-libs-debuginfo-9.16.23-5.el9_1.s390x.rpm\nbind-utils-9.16.23-5.el9_1.s390x.rpm\nbind-utils-debuginfo-9.16.23-5.el9_1.s390x.rpm\n\nx86_64:\nbind-9.16.23-5.el9_1.x86_64.rpm\nbind-chroot-9.16.23-5.el9_1.x86_64.rpm\nbind-debuginfo-9.16.23-5.el9_1.x86_64.rpm\nbind-debugsource-9.16.23-5.el9_1.x86_64.rpm\nbind-dnssec-utils-9.16.23-5.el9_1.x86_64.rpm\nbind-dnssec-utils-debuginfo-9.16.23-5.el9_1.x86_64.rpm\nbind-libs-9.16.23-5.el9_1.x86_64.rpm\nbind-libs-debuginfo-9.16.23-5.el9_1.x86_64.rpm\nbind-utils-9.16.23-5.el9_1.x86_64.rpm\nbind-utils-debuginfo-9.16.23-5.el9_1.x86_64.rpm\n\nRed Hat CodeReady Linux Builder (v. 9):\n\naarch64:\nbind-debuginfo-9.16.23-5.el9_1.aarch64.rpm\nbind-debugsource-9.16.23-5.el9_1.aarch64.rpm\nbind-devel-9.16.23-5.el9_1.aarch64.rpm\nbind-dnssec-utils-debuginfo-9.16.23-5.el9_1.aarch64.rpm\nbind-libs-debuginfo-9.16.23-5.el9_1.aarch64.rpm\nbind-utils-debuginfo-9.16.23-5.el9_1.aarch64.rpm\n\nnoarch:\nbind-doc-9.16.23-5.el9_1.noarch.rpm\n\nppc64le:\nbind-debuginfo-9.16.23-5.el9_1.ppc64le.rpm\nbind-debugsource-9.16.23-5.el9_1.ppc64le.rpm\nbind-devel-9.16.23-5.el9_1.ppc64le.rpm\nbind-dnssec-utils-debuginfo-9.16.23-5.el9_1.ppc64le.rpm\nbind-libs-debuginfo-9.16.23-5.el9_1.ppc64le.rpm\nbind-utils-debuginfo-9.16.23-5.el9_1.ppc64le.rpm\n\ns390x:\nbind-debuginfo-9.16.23-5.el9_1.s390x.rpm\nbind-debugsource-9.16.23-5.el9_1.s390x.rpm\nbind-devel-9.16.23-5.el9_1.s390x.rpm\nbind-dnssec-utils-debuginfo-9.16.23-5.el9_1.s390x.rpm\nbind-libs-debuginfo-9.16.23-5.el9_1.s390x.rpm\nbind-utils-debuginfo-9.16.23-5.el9_1.s390x.rpm\n\nx86_64:\nbind-debuginfo-9.16.23-5.el9_1.i686.rpm\nbind-debuginfo-9.16.23-5.el9_1.x86_64.rpm\nbind-debugsource-9.16.23-5.el9_1.i686.rpm\nbind-debugsource-9.16.23-5.el9_1.x86_64.rpm\nbind-devel-9.16.23-5.el9_1.i686.rpm\nbind-devel-9.16.23-5.el9_1.x86_64.rpm\nbind-dnssec-utils-debuginfo-9.16.23-5.el9_1.i686.rpm\nbind-dnssec-utils-debuginfo-9.16.23-5.el9_1.x86_64.rpm\nbind-libs-9.16.23-5.el9_1.i686.rpm\nbind-libs-debuginfo-9.16.23-5.el9_1.i686.rpm\nbind-libs-debuginfo-9.16.23-5.el9_1.x86_64.rpm\nbind-utils-debuginfo-9.16.23-5.el9_1.i686.rpm\nbind-utils-debuginfo-9.16.23-5.el9_1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-25220\nhttps://access.redhat.com/security/cve/CVE-2022-0396\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY3PhLdzjgjWX9erEAQhVSw/9HlIwMZZuRgTsbY2yARvJ+sRk08hViRo6\n++sV0vMtt3ym5eQES1al4uwAFbVH3B+EZLVuox02PnKVvIM35QnzVFxSa24HToTp\nl3tl+c9QnDwx3VGceX9og5o/ezSKqT8UeMQF/gamcB5kwGbbeb+Gp7cpSyXsmjB1\nh418DMq/BBE1kLx2MAmIAn/r8x8ISsRbk3j96VEtLrQDtbSKCrE7jmQMaGRB4NhK\n4pcgEdcVC6mpBIBRSoLqSVvY9cEdbWqB2LBKArSic/GS2RFfXiSTbPP+kHhd8WHF\n0pHQpQa2CXqWuoyrk4cmlvyqmp+C1oCuwsjUWm3dIouIpLU3P1PH3Xua+DMcHfNl\nz3wW5E8hihVQ7taw/c6jKMlIrPVzdNM7zfdqV4PBoMQ6y6nPDP23wNGIBMIArjO/\nn841K1Lzp1vrChLKgtYOK4H/s6Fbtb/+fe6Q5wOVPPEeksfoKzjJjZj/J7J+RymH\nBd6n+f9iMQzOkj9zb6cgrvt2aLcr29XHfcCRH81i/CEPAEFGT86qOXqIZO0+qV/u\nqhHDKy3rLqYsOR4BlwhFhovUGCt8rBJ8LOiZlUTxzNG4PNze4F1hG1d0qzYQv0Iw\nzfOrgT8NGDmGCt2nwtmy813NDmzVegwrS7w0ayLzpcwcJMVOoO0nKi5kzX1slEyu\nrbPwX0ROLTo=0klO\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0396"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001799"
},
{
"db": "VULMON",
"id": "CVE-2022-0396"
},
{
"db": "PACKETSTORM",
"id": "166354"
},
{
"db": "PACKETSTORM",
"id": "169261"
},
{
"db": "PACKETSTORM",
"id": "169773"
},
{
"db": "PACKETSTORM",
"id": "169587"
},
{
"db": "PACKETSTORM",
"id": "169894"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0396",
"trust": 3.8
},
{
"db": "SIEMENS",
"id": "SSA-637483",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-258-05",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU99475301",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98927070",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001799",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166354",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169773",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169587",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169894",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022031701",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031728",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041925",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032124",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4616",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1149",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1180",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5750",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1719",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1160",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1543",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-0396",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169261",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0396"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001799"
},
{
"db": "PACKETSTORM",
"id": "166354"
},
{
"db": "PACKETSTORM",
"id": "169261"
},
{
"db": "PACKETSTORM",
"id": "169773"
},
{
"db": "PACKETSTORM",
"id": "169587"
},
{
"db": "PACKETSTORM",
"id": "169894"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1543"
},
{
"db": "NVD",
"id": "CVE-2022-0396"
}
]
},
"id": "VAR-202203-0665",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.20766129
},
"last_update_date": "2024-11-23T19:37:55.535000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DoS\u00a0from\u00a0specifically\u00a0crafted\u00a0TCP\u00a0packets NEC NEC Product security information",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/"
},
{
"title": "ISC BIND Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=186055"
},
{
"title": "Ubuntu Security Notice: USN-5332-1: Bind vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5332-1"
},
{
"title": "Red Hat: Moderate: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20228068 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-5105-1 bind9 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=16d84b908a424f50b3236db9219500e3"
},
{
"title": "Arch Linux Advisories: [ASA-202204-5] bind: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202204-5"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2022-0396"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-166",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-166"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-138",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-138"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0396"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001799"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1543"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-404",
"trust": 1.0
},
{
"problemtype": "Improper shutdown and release of resources (CWE-404) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001799"
},
{
"db": "NVD",
"id": "CVE-2022-0396"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://kb.isc.org/v1/docs/cve-2022-0396"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202210-25"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0396"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nyd7us4hzrfugaj66zthfbyvp5n3oqby/"
},
{
"trust": 0.9,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-258-05"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98927070/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99475301/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-0396"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nyd7us4hzrfugaj66zthfbyvp5n3oqby/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-0396/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4616"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166354/ubuntu-security-notice-usn-5332-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169894/red-hat-security-advisory-2022-8068-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/isc-bind-denial-of-service-via-keep-response-order-tcp-connection-slots-37817"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031728"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1160"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169773/red-hat-security-advisory-2022-7643-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1180"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169587/gentoo-linux-security-advisory-202210-25.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041925"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1719"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-258-05"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5750"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031701"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032124"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1149"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25220"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5332-1"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-25220"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/404.html"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/2022/dsa-5105"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2022/alas-2022-166.html"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/bind9/1:9.16.1-0ubuntu2.10"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/bind9/1:9.16.15-1ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/bind9/1:9.11.3+dfsg-1ubuntu1.17"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/bind9"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2906"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2881"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2795"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25219"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3080"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38177"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8068"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0396"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001799"
},
{
"db": "PACKETSTORM",
"id": "166354"
},
{
"db": "PACKETSTORM",
"id": "169261"
},
{
"db": "PACKETSTORM",
"id": "169773"
},
{
"db": "PACKETSTORM",
"id": "169587"
},
{
"db": "PACKETSTORM",
"id": "169894"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1543"
},
{
"db": "NVD",
"id": "CVE-2022-0396"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-0396"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001799"
},
{
"db": "PACKETSTORM",
"id": "166354"
},
{
"db": "PACKETSTORM",
"id": "169261"
},
{
"db": "PACKETSTORM",
"id": "169773"
},
{
"db": "PACKETSTORM",
"id": "169587"
},
{
"db": "PACKETSTORM",
"id": "169894"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1543"
},
{
"db": "NVD",
"id": "CVE-2022-0396"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-23T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0396"
},
{
"date": "2022-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001799"
},
{
"date": "2022-03-17T15:54:20",
"db": "PACKETSTORM",
"id": "166354"
},
{
"date": "2022-03-28T19:12:00",
"db": "PACKETSTORM",
"id": "169261"
},
{
"date": "2022-11-08T13:49:24",
"db": "PACKETSTORM",
"id": "169773"
},
{
"date": "2022-10-31T14:50:53",
"db": "PACKETSTORM",
"id": "169587"
},
{
"date": "2022-11-16T16:09:16",
"db": "PACKETSTORM",
"id": "169894"
},
{
"date": "2022-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1543"
},
{
"date": "2022-03-23T11:15:08.380000",
"db": "NVD",
"id": "CVE-2022-0396"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0396"
},
{
"date": "2022-09-20T06:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-001799"
},
{
"date": "2022-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1543"
},
{
"date": "2024-11-21T06:38:32.280000",
"db": "NVD",
"id": "CVE-2022-0396"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "166354"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1543"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BIND\u00a0 connection indefinitely \u00a0CLOSE_WAIT\u00a0 Vulnerabilities that remain in status",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001799"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1543"
}
],
"trust": 0.6
}
}
var-202205-0220
Vulnerability from variot
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. ClamAV Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. ========================================================================== Ubuntu Security Notice USN-5423-2 May 17, 2022
clamav vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in ClamAV.
Software Description: - clamav: Anti-virus utility for Unix
Details:
USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.
Original advisory details:
Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20770)
Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20771)
Michał Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service. (CVE-2022-20785)
Michał Dardas discovered that ClamAV incorrectly handled loading the signature database. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-20792)
Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly handled the scan verdict cache check. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.(CVE-2022-20796)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1
Ubuntu 14.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5423-2 https://ubuntu.com/security/notices/USN-5423-1 CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792, CVE-2022-20796 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-01
https://security.gentoo.org/
Severity: Normal Title: ClamAV: Multiple Vulnerabilities Date: October 01, 2023 Bugs: #831083, #842813, #894672 ID: 202310-01
Synopsis
Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.
Background
ClamAV is a GPL virus scanner.
Affected packages
Package Vulnerable Unaffected
app-antivirus/clamav < 0.103.7 >= 0.103.7
Description
Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All ClamAV users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.103.7"
References
[ 1 ] CVE-2022-20698 https://nvd.nist.gov/vuln/detail/CVE-2022-20698 [ 2 ] CVE-2022-20770 https://nvd.nist.gov/vuln/detail/CVE-2022-20770 [ 3 ] CVE-2022-20771 https://nvd.nist.gov/vuln/detail/CVE-2022-20771 [ 4 ] CVE-2022-20785 https://nvd.nist.gov/vuln/detail/CVE-2022-20785 [ 5 ] CVE-2022-20792 https://nvd.nist.gov/vuln/detail/CVE-2022-20792 [ 6 ] CVE-2022-20796 https://nvd.nist.gov/vuln/detail/CVE-2022-20796 [ 7 ] CVE-2022-20803 https://nvd.nist.gov/vuln/detail/CVE-2022-20803 [ 8 ] CVE-2023-20032 https://nvd.nist.gov/vuln/detail/CVE-2023-20032 [ 9 ] CVE-2023-20052 https://nvd.nist.gov/vuln/detail/CVE-2023-20052
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202310-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0220",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clamav",
"scope": "lt",
"trust": 1.0,
"vendor": "clamav",
"version": "0.103.5"
},
{
"model": "clamav",
"scope": "gte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.0"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.18.2"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.17.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "clamav",
"scope": "lte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.103.5"
},
{
"model": "clamav",
"scope": "lt",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "secure endpoint",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.18.0"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.16.3"
},
{
"model": "cisco secure endpoint",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "clamav",
"scope": null,
"trust": 0.8,
"vendor": "clamav",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
}
],
"trust": 0.2
},
"cve": "CVE-2022-20785",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-20785",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-405338",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-20785",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-20785",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-20785",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2022-20785",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-20785",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2063",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-405338",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-20785",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405338"
},
{
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2063"
},
{
"db": "NVD",
"id": "CVE-2022-20785"
},
{
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. ClamAV Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. ==========================================================================\nUbuntu Security Notice USN-5423-2\nMay 17, 2022\n\nclamav vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in ClamAV. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nUSN-5423-1 fixed several vulnerabilities in ClamAV. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. \n\n\nOriginal advisory details:\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing CHM files. \n A remote attacker could possibly use this issue to cause ClamAV to stop\n responding, resulting in a denial of service. (CVE-2022-20770)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing TIFF\n files. A remote attacker could possibly use this issue to cause ClamAV to\n stop responding, resulting in a denial of service. (CVE-2022-20771)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing HTML\n files. A remote attacker could possibly use this issue to cause ClamAV to\n consume resources, resulting in a denial of service. (CVE-2022-20785)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled loading the\n signature database. A remote attacker could possibly use this issue to\n cause ClamAV to crash, resulting in a denial of service, or possibly\n execute arbitrary code. (CVE-2022-20792)\n\n Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly\n handled the scan verdict cache check. A remote attacker could possibly use\n this issue to cause ClamAV to crash, resulting in a denial of service, or\n possibly execute arbitrary code.(CVE-2022-20796)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1\n\nUbuntu 14.04 ESM:\n clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. In general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5423-2\n https://ubuntu.com/security/notices/USN-5423-1\n CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792,\n CVE-2022-20796\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202310-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: ClamAV: Multiple Vulnerabilities\n Date: October 01, 2023\n Bugs: #831083, #842813, #894672\n ID: 202310-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in ClamAV, the worst of\nwhich could result in remote code execution. \n\nBackground\n==========\n\nClamAV is a GPL virus scanner. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n-------------------- ------------ ------------\napp-antivirus/clamav \u003c 0.103.7 \u003e= 0.103.7\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in ClamAV. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll ClamAV users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-antivirus/clamav-0.103.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-20698\n https://nvd.nist.gov/vuln/detail/CVE-2022-20698\n[ 2 ] CVE-2022-20770\n https://nvd.nist.gov/vuln/detail/CVE-2022-20770\n[ 3 ] CVE-2022-20771\n https://nvd.nist.gov/vuln/detail/CVE-2022-20771\n[ 4 ] CVE-2022-20785\n https://nvd.nist.gov/vuln/detail/CVE-2022-20785\n[ 5 ] CVE-2022-20792\n https://nvd.nist.gov/vuln/detail/CVE-2022-20792\n[ 6 ] CVE-2022-20796\n https://nvd.nist.gov/vuln/detail/CVE-2022-20796\n[ 7 ] CVE-2022-20803\n https://nvd.nist.gov/vuln/detail/CVE-2022-20803\n[ 8 ] CVE-2023-20032\n https://nvd.nist.gov/vuln/detail/CVE-2023-20032\n[ 9 ] CVE-2023-20052\n https://nvd.nist.gov/vuln/detail/CVE-2023-20052\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202310-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-20785"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "VULHUB",
"id": "VHN-405338"
},
{
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-20785",
"trust": 3.7
},
{
"db": "PACKETSTORM",
"id": "167211",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167199",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.2431",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2362",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2784",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051836",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051732",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050437",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2063",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-64260",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-405338",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-20785",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174873",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405338"
},
{
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2063"
},
{
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"id": "VAR-202205-0220",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-405338"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:58:17.437000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2022-0ac71a8f3a Cisco Systems Cisco\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.clamav.net/"
},
{
"title": "ClamAV Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=191377"
},
{
"title": "Cisco: ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: May 2022",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-clamav-html-XAuOK8mR"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-20785"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2022-20785"
},
{
"title": "Ubuntu Security Notice: USN-5423-1: ClamAV vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5423-1"
},
{
"title": "Ubuntu Security Notice: USN-5423-2: ClamAV vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5423-2"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1621",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1621"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-090",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-090"
},
{
"title": "Amazon Linux 2022: ALAS-2022-229",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS-2022-229"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2063"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-401",
"trust": 1.1
},
{
"problemtype": "Lack of memory release after expiration (CWE-401) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405338"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-html-xauok8mr"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202310-01"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20785"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050437"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/clamav-multiple-vulnerabilities-38245"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051836"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-20785/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2362"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167199/ubuntu-security-notice-usn-5423-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2431"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167211/ubuntu-security-notice-usn-5423-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2784"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051732"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5423-1"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20770"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20771"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20796"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20792"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/401.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5423-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.22.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.21.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20052"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20803"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20698"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405338"
},
{
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2063"
},
{
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-405338"
},
{
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2063"
},
{
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-405338"
},
{
"date": "2022-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"date": "2023-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"date": "2022-05-18T16:36:26",
"db": "PACKETSTORM",
"id": "167211"
},
{
"date": "2022-05-17T17:12:26",
"db": "PACKETSTORM",
"id": "167199"
},
{
"date": "2023-10-02T15:09:41",
"db": "PACKETSTORM",
"id": "174873"
},
{
"date": "2022-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2063"
},
{
"date": "2022-05-04T17:15:08.680000",
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-405338"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"date": "2023-08-14T07:56:00",
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"date": "2022-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2063"
},
{
"date": "2024-11-21T06:43:33.120000",
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2063"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ClamAV\u00a0 Vulnerability regarding lack of memory release after expiration in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2063"
}
],
"trust": 0.6
}
}
var-202106-1709
Vulnerability from variot
ASP.NET Core Denial of Service Vulnerability. .NET and Microsoft Visual Studio Has ASP.NET Service operation is interrupted due to a defect in (DoS) A vulnerability exists.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET Core 3.1 on RHEL 7 security and bugfix update Advisory ID: RHSA-2021:2350-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2350 Issue date: 2021-06-08 CVE Names: CVE-2021-31957 ==================================================================== 1. Summary:
An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.116 and .NET Runtime 3.1.16.
Security Fix(es):
- dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet31-dotnet-3.1.116-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.116-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet31-dotnet-3.1.116-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.116-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet31-dotnet-3.1.116-1.el7_9.src.rpm
x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.116-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.116-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-31957 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYMAbx9zjgjWX9erEAQg0iA//ZMTDOkp9jyDMxC6VRisGHkU6yxWPFIEs 5xelU+7Pusp7mmYsFM9+c8dn7sWiRuuX7S9q+DhOTemcSmjfE8TCg2PIwDwJ4v4i AsPzx+x93ug0Jy6VWSJo/992tsdv+m809rQnqMItQy4BB7YrYaqsCtrsGxZHOP90 1LOyaiRSm7pg2OjUzvTg+k5WX4XCOvzRELiB2ErGpryR6CgU6zbCURf4fnczj2/d rNtbxXmsDSbmTUC0qt+7uKJHzoxKXUYAHDF+wyiJXSAe2eV29nINbPa9R8vx0koE BF2xcgVYd9MNPal3tsZ15jm6+hvk0tVMM+gPhAWQQczXl0aFMaWBSAmXPPJ/ZFXE +mdMXNKzuxaxK+9JsBcLS7gsTSOBfzq1Sm7oQRKGmQIPqSMdQZucs3C86sASXLGD ixQs99clPBeCFwUjvwIuHPkWQFHsxsM0LQJlGb6PHQJbVmRSc2PDgdu2BVjHJWSl c7VxLpXHwd7uiS/zw5KTpbcXpxzCAFwD2g9mZXvgRwv8xB/yMI1uim/mbdotTs5j C+Z8s0E1ggb6X9PkgFGMMwKIfZee3TiqbQevNjvZwqi3XbVEM4W2bDLLo0+I4Ly2 /1qPQc3r4ximd5loy9q3O/4kdkluuFsmznTg68Z0V1PCbhZ+JGpDi3ivdHV86LKa Y+qTXDnEhw8=kKm2 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1709",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "visual studio 2019",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "visual studio 2019",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.0"
},
{
"model": "visual studio 2019",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "16.10"
},
{
"model": ".net core",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1.15"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": ".net",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": ".net",
"scope": "lte",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.0.6"
},
{
"model": ".net core",
"scope": "gte",
"trust": 1.0,
"vendor": "microsoft",
"version": "3.1"
},
{
"model": ".net",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "microsoft visual studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001972"
},
{
"db": "NVD",
"id": "CVE-2021-31957"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163033"
},
{
"db": "PACKETSTORM",
"id": "163035"
},
{
"db": "PACKETSTORM",
"id": "163039"
},
{
"db": "PACKETSTORM",
"id": "163041"
}
],
"trust": 0.4
},
"cve": "CVE-2021-31957",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-31957",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-31957",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "secure@microsoft.com",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2021-31957",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-31957",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-31957",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "secure@microsoft.com",
"id": "CVE-2021-31957",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-31957",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-495",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001972"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-495"
},
{
"db": "NVD",
"id": "CVE-2021-31957"
},
{
"db": "NVD",
"id": "CVE-2021-31957"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASP.NET Core Denial of Service Vulnerability. .NET and Microsoft Visual Studio Has ASP.NET Service operation is interrupted due to a defect in (DoS) A vulnerability exists.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: .NET Core 3.1 on RHEL 7 security and bugfix update\nAdvisory ID: RHSA-2021:2350-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2350\nIssue date: 2021-06-08\nCVE Names: CVE-2021-31957\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET is a managed-software framework. It implements a subset of the .NET\nframework APIs and several new APIs, and it includes a CLR implementation. \n\nNew versions of .NET that address a security vulnerability are now\navailable. The updated versions are .NET SDK 3.1.116 and .NET Runtime\n3.1.16. \n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.116-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.116-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.116-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.116-1.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-dotnet-3.1.116-1.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-aspnetcore-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-apphost-pack-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-debuginfo-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-host-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-hostfxr-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-runtime-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-sdk-3.1-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-targeting-pack-3.1-3.1.16-1.el7_9.x86_64.rpm\nrh-dotnet31-dotnet-templates-3.1-3.1.116-1.el7_9.x86_64.rpm\nrh-dotnet31-netstandard-targeting-pack-2.1-3.1.116-1.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-31957\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYMAbx9zjgjWX9erEAQg0iA//ZMTDOkp9jyDMxC6VRisGHkU6yxWPFIEs\n5xelU+7Pusp7mmYsFM9+c8dn7sWiRuuX7S9q+DhOTemcSmjfE8TCg2PIwDwJ4v4i\nAsPzx+x93ug0Jy6VWSJo/992tsdv+m809rQnqMItQy4BB7YrYaqsCtrsGxZHOP90\n1LOyaiRSm7pg2OjUzvTg+k5WX4XCOvzRELiB2ErGpryR6CgU6zbCURf4fnczj2/d\nrNtbxXmsDSbmTUC0qt+7uKJHzoxKXUYAHDF+wyiJXSAe2eV29nINbPa9R8vx0koE\nBF2xcgVYd9MNPal3tsZ15jm6+hvk0tVMM+gPhAWQQczXl0aFMaWBSAmXPPJ/ZFXE\n+mdMXNKzuxaxK+9JsBcLS7gsTSOBfzq1Sm7oQRKGmQIPqSMdQZucs3C86sASXLGD\nixQs99clPBeCFwUjvwIuHPkWQFHsxsM0LQJlGb6PHQJbVmRSc2PDgdu2BVjHJWSl\nc7VxLpXHwd7uiS/zw5KTpbcXpxzCAFwD2g9mZXvgRwv8xB/yMI1uim/mbdotTs5j\nC+Z8s0E1ggb6X9PkgFGMMwKIfZee3TiqbQevNjvZwqi3XbVEM4W2bDLLo0+I4Ly2\n/1qPQc3r4ximd5loy9q3O/4kdkluuFsmznTg68Z0V1PCbhZ+JGpDi3ivdHV86LKa\nY+qTXDnEhw8=kKm2\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31957"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001972"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "PACKETSTORM",
"id": "163033"
},
{
"db": "PACKETSTORM",
"id": "163035"
},
{
"db": "PACKETSTORM",
"id": "163039"
},
{
"db": "PACKETSTORM",
"id": "163041"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-31957",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001972",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163033",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021061519",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060808",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021060930",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2038",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202106-495",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163035",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163039",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163041",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001972"
},
{
"db": "PACKETSTORM",
"id": "163033"
},
{
"db": "PACKETSTORM",
"id": "163035"
},
{
"db": "PACKETSTORM",
"id": "163039"
},
{
"db": "PACKETSTORM",
"id": "163041"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-495"
},
{
"db": "NVD",
"id": "CVE-2021-31957"
}
]
},
"id": "VAR-202106-1709",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.19172932
},
"last_update_date": "2024-08-14T12:28:35.463000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ASP.NET\u00a0Denial\u00a0of\u00a0Service\u00a0Vulnerability Security Update Guide",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG/"
},
{
"title": "Visual Studio Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155429"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001972"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-495"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001972"
},
{
"db": "NVD",
"id": "CVE-2021-31957"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-31957"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31957"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2021-31957"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4prvvlxxqef4sejobv3vrjhgx7yhy2cg/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cvcdyip4a6ddrt7g6p3zw6pknk2dnwj2/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pmhwhrrydhkm6biinw5v7ocsw4sdwb4w/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vmao4ng2oq4pcxuqwmnscmywlijjy6uy/"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20210609-ms.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2021/at210027.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cvcdyip4a6ddrt7g6p3zw6pknk2dnwj2/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/pmhwhrrydhkm6biinw5v7ocsw4sdwb4w/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vmao4ng2oq4pcxuqwmnscmywlijjy6uy/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4prvvlxxqef4sejobv3vrjhgx7yhy2cg/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163033/red-hat-security-advisory-2021-2352-01.html"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-31957"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2038"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060930"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/microsoft-visual-studio-vulnerabilities-of-june-2021-35661"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021061519"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021060808"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2352"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2353"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2350"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2351"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001972"
},
{
"db": "PACKETSTORM",
"id": "163033"
},
{
"db": "PACKETSTORM",
"id": "163035"
},
{
"db": "PACKETSTORM",
"id": "163039"
},
{
"db": "PACKETSTORM",
"id": "163041"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-495"
},
{
"db": "NVD",
"id": "CVE-2021-31957"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001972"
},
{
"db": "PACKETSTORM",
"id": "163033"
},
{
"db": "PACKETSTORM",
"id": "163035"
},
{
"db": "PACKETSTORM",
"id": "163039"
},
{
"db": "PACKETSTORM",
"id": "163041"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-495"
},
{
"db": "NVD",
"id": "CVE-2021-31957"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001972"
},
{
"date": "2021-06-09T13:27:08",
"db": "PACKETSTORM",
"id": "163033"
},
{
"date": "2021-06-09T13:27:47",
"db": "PACKETSTORM",
"id": "163035"
},
{
"date": "2021-06-09T13:40:11",
"db": "PACKETSTORM",
"id": "163039"
},
{
"date": "2021-06-09T13:40:25",
"db": "PACKETSTORM",
"id": "163041"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-495"
},
{
"date": "2021-06-08T23:15:08.870000",
"db": "NVD",
"id": "CVE-2021-31957"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-06T07:22:00",
"db": "JVNDB",
"id": "JVNDB-2021-001972"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-06-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-495"
},
{
"date": "2024-05-29T15:15:43.553000",
"db": "NVD",
"id": "CVE-2021-31957"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-495"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": ".NET\u00a0 and \u00a0Microsoft\u00a0Visual\u00a0Studio\u00a0 Denial of service in Japan \u00a0(DoS)\u00a0 Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001972"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
var-201710-1267
Vulnerability from variot
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. dnsmasq Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Siemens SCALANCE Products are prone to the following security vulnerabilities: 1. A buffer-overflow vulnerability 2. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device or cause a denial-of-service condition. This BID is being retired as a duplicate of BID 101085 Dnsmasq VU#973527 Multiple Security Vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-1267",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.3,
"vendor": "fedoraproject",
"version": "27"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "42.3"
},
{
"model": "dnsmasq",
"scope": "lte",
"trust": 1.0,
"vendor": "thekelleys",
"version": "2.77"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "42.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.1"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.9,
"vendor": "thekelleys",
"version": "2.77"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ruckus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dnsmasq",
"version": null
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "dnsmasq",
"scope": "lt",
"trust": 0.8,
"vendor": "thekelleys",
"version": "2.78"
},
{
"model": "enterprise linux desktop",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux workstation",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server year extended update support",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "-47.4"
},
{
"model": "scalance w1750d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance s615",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance m800",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "17.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.2.2"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.75"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.72"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.71"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.70"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.7"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.65"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.64"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.63"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.62"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.61"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.60"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.59"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.58"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.57"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.56"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.55"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.54"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.53"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.52"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.51"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.50"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.49"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.48"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.47"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.46"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.45"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.44"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.43"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.42"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.41"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.40"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.4"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.38"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.37"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.36"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.35"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.34"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.33"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.30"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.29"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.28"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.27"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.26"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.25"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.24"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.23"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.22"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.21"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.20"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.2"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.19"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.18"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.17"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.16"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.15"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.14"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.13"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.12"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.11"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.10"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.9"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.8"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.5"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.4"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.3"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.18"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.17"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.16"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.15"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.14"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.13"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.12"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.11"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.10"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.0"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.996"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.992"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.98"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.96"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.95"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.7"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.5"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server for arm",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server extended update suppor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server year extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-47.2"
},
{
"model": "enterprise linux server year extended upd",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-47.3"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux long life server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.9"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux for scientific computing",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power little endian extended update supp",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for power little endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for power big endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power little endian extended update suppo",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for power little endian extended update suppo",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux computenode optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux computenode optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux computenode optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux computenode eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux computenode eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux computenode",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "leap",
"scope": "eq",
"trust": 0.3,
"vendor": "opensuse",
"version": "42.3"
},
{
"model": "leap",
"scope": "eq",
"trust": 0.3,
"vendor": "opensuse",
"version": "42.2"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7.6"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6.10"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5.7"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.1.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.1.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.4.4"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.1.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-30",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "7"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "dnsmasq",
"scope": "ne",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.78"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.8"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7.7"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6.11"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5.8"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008617"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1115"
},
{
"db": "NVD",
"id": "CVE-2017-13704"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:canonical:ubuntu",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:thekelleys:dnsmasq",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008617"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gabriel Campana, Kevin Hamacher and Ron Bowes of the Google Security Team,Felix Wilhelm, Fermin J. Serna",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1115"
}
],
"trust": 0.6
},
"cve": "CVE-2017-13704",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-13704",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-13704",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-13704",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-13704",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1115",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-13704",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-13704"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008617"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1115"
},
{
"db": "NVD",
"id": "CVE-2017-13704"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero\u0027s (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. dnsmasq Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Siemens SCALANCE Products are prone to the following security vulnerabilities:\n1. A buffer-overflow vulnerability\n2. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the context of affected device or cause a denial-of-service condition. \nThis BID is being retired as a duplicate of BID 101085 Dnsmasq VU#973527 Multiple Security Vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13704"
},
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008617"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "VULMON",
"id": "CVE-2017-13704"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-13704",
"trust": 3.1
},
{
"db": "CERT/CC",
"id": "VU#973527",
"trust": 2.5
},
{
"db": "BID",
"id": "101085",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-17-332-01",
"trust": 2.0
},
{
"db": "BID",
"id": "101977",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1039474",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-689071",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU93453933",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008617",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1115",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-13704",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-13704"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008617"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1115"
},
{
"db": "NVD",
"id": "CVE-2017-13704"
}
]
},
"id": "VAR-201710-1267",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.25396827
},
"last_update_date": "2024-11-23T19:28:37.860000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2017-274d763ed8",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TK6DWC53WSU6633EVZL7H4PCWBYHMHK/"
},
{
"title": "CHANGELOG",
"trust": 0.8,
"url": "http://thekelleys.org.uk/dnsmasq/CHANGELOG"
},
{
"title": "Fix CVE-2017-13704, which resulted in a crash on a large DNS query.",
"trust": 0.8,
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928"
},
{
"title": "USN-3430-2",
"trust": 0.8,
"url": "https://usn.ubuntu.com/usn/USN-3430-2/"
},
{
"title": "USN-3430-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/usn/USN-3430-1/"
},
{
"title": "dnsmasq: Multiple Critical and Important vulnerabilities",
"trust": 0.8,
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"title": "Dnsmasq Enter the fix for the verification vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92838"
},
{
"title": "Debian CVElist Bug Report Logs: dnsmasq: CVE-2017-13704: Size parameter overflow via large DNS query",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=fa8aad66cae5df51d49e1cdce2fe4a42"
},
{
"title": "Red Hat: CVE-2017-13704",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2017-13704"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=7f490a104360d6f65bee18ec7bfa18a3"
},
{
"title": "Brocade Security Advisories: BSA-2017-455",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=f173c512f0a725c451f45840ccf64e99"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6283337cd31f81f24d445925f2138c0e"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/google-warns-of-dos-and-rce-bugs-in-dnsmasq/128238/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-13704"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008617"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1115"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
},
{
"problemtype": "CWE-191",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008617"
},
{
"db": "NVD",
"id": "CVE-2017-13704"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/101085"
},
{
"trust": 2.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-332-01"
},
{
"trust": 1.7,
"url": "http://www.thekelleys.org.uk/dnsmasq/doc.html"
},
{
"trust": 1.7,
"url": "https://www.kb.cert.org/vuls/id/973527"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/101977"
},
{
"trust": 1.1,
"url": "http://thekelleys.org.uk/dnsmasq/changelog"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1039474"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"trust": 1.1,
"url": "https://www.synology.com/support/security/synology_sa_17_59_dnsmasq"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-13704"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4tk6dwc53wsu6633evzl7h4pcwbyhmhk/"
},
{
"trust": 1.0,
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"
},
{
"trust": 1.0,
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3ba=commit%3bh=63437ffbb58837b214b4b92cb1c54bc5f3279928"
},
{
"trust": 1.0,
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"
},
{
"trust": 0.9,
"url": "http://www.thekelleys.org.uk/dnsmasq/changelog"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14491.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14492.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14493.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14494.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14495.py"
},
{
"trust": 0.9,
"url": "https://github.com/kubernetes/kubernetes/blob/master/changelog.md"
},
{
"trust": 0.9,
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2017\u0026m=slackware-security.601472"
},
{
"trust": 0.9,
"url": "https://source.android.com/security/bulletin/2017-10-01"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495410"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495411"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495412"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495415"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495416"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495510"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2017-14491"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2017-14492"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2017-14493"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2017-14494"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2017-14495"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2017-14496"
},
{
"trust": 0.9,
"url": "https://www.debian.org/security/2017/dsa-3989"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14496.py"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/errata/rhsa-2017:2836"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/errata/rhsa-2017:2837"
},
{
"trust": 0.8,
"url": "https://www.ruckuswireless.com/security"
},
{
"trust": 0.8,
"url": "https://www.zyxel.com/support/announcement_dnsmasq_vulnerabilities.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13704"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93453933/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13704"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495409bug1495409"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-17-332-01"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495409 bug 1495409"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html"
},
{
"trust": 0.1,
"url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4tk6dwc53wsu6633evzl7h4pcwbyhmhk/"
},
{
"trust": 0.1,
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877102"
},
{
"trust": 0.1,
"url": "https://threatpost.com/google-warns-of-dos-and-rce-bugs-in-dnsmasq/128238/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-13704"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008617"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1115"
},
{
"db": "NVD",
"id": "CVE-2017-13704"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-13704"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008617"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1115"
},
{
"db": "NVD",
"id": "CVE-2017-13704"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-02T00:00:00",
"db": "CERT/CC",
"id": "VU#973527"
},
{
"date": "2017-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-13704"
},
{
"date": "2017-11-28T00:00:00",
"db": "BID",
"id": "101977"
},
{
"date": "2017-10-02T00:00:00",
"db": "BID",
"id": "101085"
},
{
"date": "2017-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008617"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1115"
},
{
"date": "2017-10-03T01:29:01.637000",
"db": "NVD",
"id": "CVE-2017-13704"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-02T00:00:00",
"db": "CERT/CC",
"id": "VU#973527"
},
{
"date": "2018-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2017-13704"
},
{
"date": "2019-05-15T17:00:00",
"db": "BID",
"id": "101977"
},
{
"date": "2017-10-02T00:00:00",
"db": "BID",
"id": "101085"
},
{
"date": "2017-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008617"
},
{
"date": "2020-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1115"
},
{
"date": "2024-11-21T03:11:28.383000",
"db": "NVD",
"id": "CVE-2017-13704"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dnsmasq contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "101977"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1115"
}
],
"trust": 0.9
}
}
var-202210-1203
Vulnerability from variot
Git is an open source, scalable, distributed revision control system. git shell is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an int to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to execv(), it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to git shell as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling git shell access via remote logins is a viable short-term workaround. Git SCM of Git Products from multiple other vendors contain heap-based buffer overflow vulnerabilities and out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
This update includes two changes of behavior that may affect certain setup: - It stops when directory traversal changes ownership from the current user while looking for a top-level git directory, a user could make an exception by using the new safe.directory configuration. - The default of protocol.file.allow has been changed from "always" to "user".
For the stable distribution (bullseye), these problems have been fixed in version 1:2.30.2-1+deb11u1.
We recommend that you upgrade your git packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202312-15
https://security.gentoo.org/
Severity: High Title: Git: Multiple Vulnerabilities Date: December 27, 2023 Bugs: #838127, #857831, #877565, #891221, #894472, #905088 ID: 202312-15
Synopsis
Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution.
Affected packages
Package Vulnerable Unaffected
dev-vcs/git < 2.39.3 >= 2.39.3
Description
Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Git users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.39.3"
References
[ 1 ] CVE-2022-23521 https://nvd.nist.gov/vuln/detail/CVE-2022-23521 [ 2 ] CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 [ 3 ] CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 [ 4 ] CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 [ 5 ] CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 [ 6 ] CVE-2022-41903 https://nvd.nist.gov/vuln/detail/CVE-2022-41903 [ 7 ] CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 [ 8 ] CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 [ 9 ] CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 [ 10 ] CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 [ 11 ] CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202312-15
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-11-01-1 Xcode 14.1
Xcode 14.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213496.
Git Available for: macOS Monterey 12.5 and later Impact: Multiple issues in git Description: Multiple issues were addressed by updating to git version 2.32.3. CVE-2022-29187: Carlo Marcelo Arenas Belón and Johannes Schindelin
Git Available for: macOS Monterey 12.5 and later Impact: Cloning a malicious repository may result in the disclosure of sensitive information Description: This issue was addressed with improved checks. CVE-2022-39253: Cory Snider of Mirantis
Git Available for: macOS Monterey 12.5 and later Impact: A remote user may cause an unexpected app termination or arbitrary code execution if git shell is allowed as a login shell Description: This issue was addressed with improved checks. CVE-2022-39260: Kevin Backhouse of the GitHub Security Lab
IDE Xcode Server Available for: macOS Monterey 12.5 and later Impact: An app may be able to gain root privileges Description: An injection issue was addressed with improved input validation. CVE-2022-42797: Tim Michaud (@TimGMichaud) of Moveworks.ai
Xcode 14.1 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "Xcode 14.1". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. ========================================================================== Ubuntu Security Notice USN-5686-3 November 21, 2022
git vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
Summary:
Several security issues were fixed in Git. This update provides the corresponding updates for Ubuntu 22.10.
Original advisory details:
Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour. (CVE-2022-39253)
Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to arbitrary code execution. (CVE-2022-39260)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10: git 1:2.37.2-1ubuntu1.1
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: git security and bug fix update Advisory ID: RHSA-2023:2319-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2319 Issue date: 2023-05-09 CVE Names: CVE-2022-24765 CVE-2022-29187 CVE-2022-39253 CVE-2022-39260 ==================================================================== 1. Summary:
An update for git is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64
- As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. (CVE-2022-39260)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2073414 - CVE-2022-24765 git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree 2107439 - CVE-2022-29187 git: Bypass of safe.directory protections 2137422 - CVE-2022-39253 git: exposure of sensitive information to a malicious actor 2137423 - CVE-2022-39260 git: git shell function that splits command arguments can lead to arbitrary heap writes. 2139379 - Rebase git to 2.39 version [rhel-9.2]
- Package List:
Red Hat Enterprise Linux AppStream (v. 9):
Source: git-2.39.1-1.el9.src.rpm
aarch64: git-2.39.1-1.el9.aarch64.rpm git-core-2.39.1-1.el9.aarch64.rpm git-core-debuginfo-2.39.1-1.el9.aarch64.rpm git-credential-libsecret-2.39.1-1.el9.aarch64.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.aarch64.rpm git-daemon-2.39.1-1.el9.aarch64.rpm git-daemon-debuginfo-2.39.1-1.el9.aarch64.rpm git-debuginfo-2.39.1-1.el9.aarch64.rpm git-debugsource-2.39.1-1.el9.aarch64.rpm git-subtree-2.39.1-1.el9.aarch64.rpm
noarch: git-all-2.39.1-1.el9.noarch.rpm git-core-doc-2.39.1-1.el9.noarch.rpm git-email-2.39.1-1.el9.noarch.rpm git-gui-2.39.1-1.el9.noarch.rpm git-instaweb-2.39.1-1.el9.noarch.rpm git-svn-2.39.1-1.el9.noarch.rpm gitk-2.39.1-1.el9.noarch.rpm gitweb-2.39.1-1.el9.noarch.rpm perl-Git-2.39.1-1.el9.noarch.rpm perl-Git-SVN-2.39.1-1.el9.noarch.rpm
ppc64le: git-2.39.1-1.el9.ppc64le.rpm git-core-2.39.1-1.el9.ppc64le.rpm git-core-debuginfo-2.39.1-1.el9.ppc64le.rpm git-credential-libsecret-2.39.1-1.el9.ppc64le.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.ppc64le.rpm git-daemon-2.39.1-1.el9.ppc64le.rpm git-daemon-debuginfo-2.39.1-1.el9.ppc64le.rpm git-debuginfo-2.39.1-1.el9.ppc64le.rpm git-debugsource-2.39.1-1.el9.ppc64le.rpm git-subtree-2.39.1-1.el9.ppc64le.rpm
s390x: git-2.39.1-1.el9.s390x.rpm git-core-2.39.1-1.el9.s390x.rpm git-core-debuginfo-2.39.1-1.el9.s390x.rpm git-credential-libsecret-2.39.1-1.el9.s390x.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.s390x.rpm git-daemon-2.39.1-1.el9.s390x.rpm git-daemon-debuginfo-2.39.1-1.el9.s390x.rpm git-debuginfo-2.39.1-1.el9.s390x.rpm git-debugsource-2.39.1-1.el9.s390x.rpm git-subtree-2.39.1-1.el9.s390x.rpm
x86_64: git-2.39.1-1.el9.x86_64.rpm git-core-2.39.1-1.el9.x86_64.rpm git-core-debuginfo-2.39.1-1.el9.x86_64.rpm git-credential-libsecret-2.39.1-1.el9.x86_64.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.x86_64.rpm git-daemon-2.39.1-1.el9.x86_64.rpm git-daemon-debuginfo-2.39.1-1.el9.x86_64.rpm git-debuginfo-2.39.1-1.el9.x86_64.rpm git-debugsource-2.39.1-1.el9.x86_64.rpm git-subtree-2.39.1-1.el9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-24765 https://access.redhat.com/security/cve/CVE-2022-29187 https://access.redhat.com/security/cve/CVE-2022-39253 https://access.redhat.com/security/cve/CVE-2022-39260 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBZFo03tzjgjWX9erEAQhYSg//bKkon2hHN6jSsXXntqw9ViT5zo9r/KTD cV+t7GM4ipVK8j4EW8EnQKrJBWAzsEhqM2vh9MvM/PpTQ2I/JP53YbTed0qgxE3T SU07XMVbh1BA7OKyJ+eKfWJLBT03/VzzaepqQPwyHyFDAegJ/L9DlZOkHc9NJrfa R+N2Hde/TmUlnRl737ltWtQHE1QSTV1PQZuXb3AEWm6FDe7O62F0GpsuIWj1z8oo IIDLHRjp/mCqT6/A70NIRQvcwhLfRYYMOezKL80iGi7WwRokwEScDFE+gzB9FLrf pjNBFZkQVVxMVYOejArmPuLINaEdZJo/HAOiEtw9gOTzALyKFbWwOHDmSzz1hgbz kqFtZgwnpVZNs3UubXCgWeP4aU9xueZeyBHKNQKVERODtrKFt5jbpPrXu6qGyP9O 6GSgMbUDO5OMqOhTKQiMbKj5gO2DfOIO6vNP5eFwvSXPJG0ZlPIzAJD1cwZdtsVK wWBIMfjjc8zUh8OYm+CWg/lgpZLkQxe/wtFcC7Pw1u7nkN95npMXM3O75R8xe1zg xsa+wzjCmVRwrO2gLnT7/NUkY3saShCvBD+A82trnasbVlI/49oiojZY1PI3CZtz afQDlfLvgygNkV3e5CGe5p9PILwmFbrpALV43dEz6eY+MbeuoE6I7ON8tYtmx4Ds hOpSLJjOLjE=YQQZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202210-1203",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "git",
"scope": "lt",
"trust": 1.0,
"vendor": "git scm",
"version": "2.36.3"
},
{
"model": "git",
"scope": "eq",
"trust": 1.0,
"vendor": "git scm",
"version": "2.38.0"
},
{
"model": "git",
"scope": "lt",
"trust": 1.0,
"vendor": "git scm",
"version": "2.37.4"
},
{
"model": "git",
"scope": "gte",
"trust": 1.0,
"vendor": "git scm",
"version": "2.31.0"
},
{
"model": "git",
"scope": "gte",
"trust": 1.0,
"vendor": "git scm",
"version": "2.33.0"
},
{
"model": "git",
"scope": "lt",
"trust": 1.0,
"vendor": "git scm",
"version": "2.34.5"
},
{
"model": "git",
"scope": "lt",
"trust": 1.0,
"vendor": "git scm",
"version": "2.32.4"
},
{
"model": "xcode",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.1"
},
{
"model": "git",
"scope": "gte",
"trust": 1.0,
"vendor": "git scm",
"version": "2.37.0"
},
{
"model": "git",
"scope": "lt",
"trust": 1.0,
"vendor": "git scm",
"version": "2.31.5"
},
{
"model": "git",
"scope": "gte",
"trust": 1.0,
"vendor": "git scm",
"version": "2.34.0"
},
{
"model": "git",
"scope": "lt",
"trust": 1.0,
"vendor": "git scm",
"version": "2.30.6"
},
{
"model": "git",
"scope": "gte",
"trust": 1.0,
"vendor": "git scm",
"version": "2.36.0"
},
{
"model": "git",
"scope": "lt",
"trust": 1.0,
"vendor": "git scm",
"version": "2.33.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "git",
"scope": "lt",
"trust": 1.0,
"vendor": "git scm",
"version": "2.35.5"
},
{
"model": "git",
"scope": "gte",
"trust": 1.0,
"vendor": "git scm",
"version": "2.35.0"
},
{
"model": "git",
"scope": "gte",
"trust": 1.0,
"vendor": "git scm",
"version": "2.32.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "14.1"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "git",
"scope": null,
"trust": 0.8,
"vendor": "git scm",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019291"
},
{
"db": "NVD",
"id": "CVE-2022-39260"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "169416"
},
{
"db": "PACKETSTORM",
"id": "169954"
},
{
"db": "PACKETSTORM",
"id": "169939"
}
],
"trust": 0.3
},
"cve": "CVE-2022-39260",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-39260",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-39260",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-39260",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-39260",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2022-39260",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-39260",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202210-1260",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019291"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1260"
},
{
"db": "NVD",
"id": "CVE-2022-39260"
},
{
"db": "NVD",
"id": "CVE-2022-39260"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git\u0027s push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround. Git SCM of Git Products from multiple other vendors contain heap-based buffer overflow vulnerabilities and out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. \n\nThis update includes two changes of behavior that may affect certain setup:\n - It stops when directory traversal changes ownership from the current\n user while looking for a top-level git directory, a user could make an\n exception by using the new safe.directory configuration. \n - The default of protocol.file.allow has been changed from \"always\" to\n \"user\". \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1:2.30.2-1+deb11u1. \n\nWe recommend that you upgrade your git packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202312-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Git: Multiple Vulnerabilities\n Date: December 27, 2023\n Bugs: #838127, #857831, #877565, #891221, #894472, #905088\n ID: 202312-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nSeveral vulnerabilities have been found in Git, the worst of which could\nlead to remote code execution. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n----------- ------------ ------------\ndev-vcs/git \u003c 2.39.3 \u003e= 2.39.3\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Git. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Git users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-vcs/git-2.39.3\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-23521\n https://nvd.nist.gov/vuln/detail/CVE-2022-23521\n[ 2 ] CVE-2022-24765\n https://nvd.nist.gov/vuln/detail/CVE-2022-24765\n[ 3 ] CVE-2022-29187\n https://nvd.nist.gov/vuln/detail/CVE-2022-29187\n[ 4 ] CVE-2022-39253\n https://nvd.nist.gov/vuln/detail/CVE-2022-39253\n[ 5 ] CVE-2022-39260\n https://nvd.nist.gov/vuln/detail/CVE-2022-39260\n[ 6 ] CVE-2022-41903\n https://nvd.nist.gov/vuln/detail/CVE-2022-41903\n[ 7 ] CVE-2023-22490\n https://nvd.nist.gov/vuln/detail/CVE-2023-22490\n[ 8 ] CVE-2023-23946\n https://nvd.nist.gov/vuln/detail/CVE-2023-23946\n[ 9 ] CVE-2023-25652\n https://nvd.nist.gov/vuln/detail/CVE-2023-25652\n[ 10 ] CVE-2023-25815\n https://nvd.nist.gov/vuln/detail/CVE-2023-25815\n[ 11 ] CVE-2023-29007\n https://nvd.nist.gov/vuln/detail/CVE-2023-29007\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202312-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-11-01-1 Xcode 14.1\n\nXcode 14.1 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213496. \n\nGit\nAvailable for: macOS Monterey 12.5 and later\nImpact: Multiple issues in git\nDescription: Multiple issues were addressed by updating to git\nversion 2.32.3. \nCVE-2022-29187: Carlo Marcelo Arenas Bel\u00f3n and Johannes Schindelin\n\nGit\nAvailable for: macOS Monterey 12.5 and later\nImpact: Cloning a malicious repository may result in the disclosure\nof sensitive information\nDescription: This issue was addressed with improved checks. \nCVE-2022-39253: Cory Snider of Mirantis\n\nGit\nAvailable for: macOS Monterey 12.5 and later\nImpact: A remote user may cause an unexpected app termination or\narbitrary code execution if git shell is allowed as a login shell\nDescription: This issue was addressed with improved checks. \nCVE-2022-39260: Kevin Backhouse of the GitHub Security Lab\n\nIDE Xcode Server\nAvailable for: macOS Monterey 12.5 and later\nImpact: An app may be able to gain root privileges\nDescription: An injection issue was addressed with improved input\nvalidation. \nCVE-2022-42797: Tim Michaud (@TimGMichaud) of Moveworks.ai\n\nXcode 14.1 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/ To check that the Xcode\nhas been updated: * Select Xcode in the menu bar * Select About\nXcode * The version after applying this update will be \"Xcode 14.1\". \nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. ==========================================================================\nUbuntu Security Notice USN-5686-3\nNovember 21, 2022\n\ngit vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.10\n\nSummary:\n\nSeveral security issues were fixed in Git. This update provides the corresponding\nupdates for Ubuntu 22.10. \n\nOriginal advisory details:\n\n Cory Snider discovered that Git incorrectly handled certain symbolic links. \n An attacker could possibly use this issue to cause an unexpected behaviour. \n (CVE-2022-39253)\n\n Kevin Backhouse discovered that Git incorrectly handled certain command strings. \n An attacker could possibly use this issue to arbitrary code execution. \n (CVE-2022-39260)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.10:\n git 1:2.37.2-1ubuntu1.1\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: git security and bug fix update\nAdvisory ID: RHSA-2023:2319-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:2319\nIssue date: 2023-05-09\nCVE Names: CVE-2022-24765 CVE-2022-29187 CVE-2022-39253\n CVE-2022-39260\n====================================================================\n1. Summary:\n\nAn update for git is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git repository\nis an exact copy with complete revision history. This not only allows the\nuser to work on and contribute to projects without the need to have\npermission to push the changes to their official repositories, but also\nmakes it possible for the user to work with no network connection. (CVE-2022-39260)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 9.2 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2073414 - CVE-2022-24765 git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree\n2107439 - CVE-2022-29187 git: Bypass of safe.directory protections\n2137422 - CVE-2022-39253 git: exposure of sensitive information to a malicious actor\n2137423 - CVE-2022-39260 git: git shell function that splits command arguments can lead to arbitrary heap writes. \n2139379 - Rebase git to 2.39 version [rhel-9.2]\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\nSource:\ngit-2.39.1-1.el9.src.rpm\n\naarch64:\ngit-2.39.1-1.el9.aarch64.rpm\ngit-core-2.39.1-1.el9.aarch64.rpm\ngit-core-debuginfo-2.39.1-1.el9.aarch64.rpm\ngit-credential-libsecret-2.39.1-1.el9.aarch64.rpm\ngit-credential-libsecret-debuginfo-2.39.1-1.el9.aarch64.rpm\ngit-daemon-2.39.1-1.el9.aarch64.rpm\ngit-daemon-debuginfo-2.39.1-1.el9.aarch64.rpm\ngit-debuginfo-2.39.1-1.el9.aarch64.rpm\ngit-debugsource-2.39.1-1.el9.aarch64.rpm\ngit-subtree-2.39.1-1.el9.aarch64.rpm\n\nnoarch:\ngit-all-2.39.1-1.el9.noarch.rpm\ngit-core-doc-2.39.1-1.el9.noarch.rpm\ngit-email-2.39.1-1.el9.noarch.rpm\ngit-gui-2.39.1-1.el9.noarch.rpm\ngit-instaweb-2.39.1-1.el9.noarch.rpm\ngit-svn-2.39.1-1.el9.noarch.rpm\ngitk-2.39.1-1.el9.noarch.rpm\ngitweb-2.39.1-1.el9.noarch.rpm\nperl-Git-2.39.1-1.el9.noarch.rpm\nperl-Git-SVN-2.39.1-1.el9.noarch.rpm\n\nppc64le:\ngit-2.39.1-1.el9.ppc64le.rpm\ngit-core-2.39.1-1.el9.ppc64le.rpm\ngit-core-debuginfo-2.39.1-1.el9.ppc64le.rpm\ngit-credential-libsecret-2.39.1-1.el9.ppc64le.rpm\ngit-credential-libsecret-debuginfo-2.39.1-1.el9.ppc64le.rpm\ngit-daemon-2.39.1-1.el9.ppc64le.rpm\ngit-daemon-debuginfo-2.39.1-1.el9.ppc64le.rpm\ngit-debuginfo-2.39.1-1.el9.ppc64le.rpm\ngit-debugsource-2.39.1-1.el9.ppc64le.rpm\ngit-subtree-2.39.1-1.el9.ppc64le.rpm\n\ns390x:\ngit-2.39.1-1.el9.s390x.rpm\ngit-core-2.39.1-1.el9.s390x.rpm\ngit-core-debuginfo-2.39.1-1.el9.s390x.rpm\ngit-credential-libsecret-2.39.1-1.el9.s390x.rpm\ngit-credential-libsecret-debuginfo-2.39.1-1.el9.s390x.rpm\ngit-daemon-2.39.1-1.el9.s390x.rpm\ngit-daemon-debuginfo-2.39.1-1.el9.s390x.rpm\ngit-debuginfo-2.39.1-1.el9.s390x.rpm\ngit-debugsource-2.39.1-1.el9.s390x.rpm\ngit-subtree-2.39.1-1.el9.s390x.rpm\n\nx86_64:\ngit-2.39.1-1.el9.x86_64.rpm\ngit-core-2.39.1-1.el9.x86_64.rpm\ngit-core-debuginfo-2.39.1-1.el9.x86_64.rpm\ngit-credential-libsecret-2.39.1-1.el9.x86_64.rpm\ngit-credential-libsecret-debuginfo-2.39.1-1.el9.x86_64.rpm\ngit-daemon-2.39.1-1.el9.x86_64.rpm\ngit-daemon-debuginfo-2.39.1-1.el9.x86_64.rpm\ngit-debuginfo-2.39.1-1.el9.x86_64.rpm\ngit-debugsource-2.39.1-1.el9.x86_64.rpm\ngit-subtree-2.39.1-1.el9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-24765\nhttps://access.redhat.com/security/cve/CVE-2022-29187\nhttps://access.redhat.com/security/cve/CVE-2022-39253\nhttps://access.redhat.com/security/cve/CVE-2022-39260\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZFo03tzjgjWX9erEAQhYSg//bKkon2hHN6jSsXXntqw9ViT5zo9r/KTD\ncV+t7GM4ipVK8j4EW8EnQKrJBWAzsEhqM2vh9MvM/PpTQ2I/JP53YbTed0qgxE3T\nSU07XMVbh1BA7OKyJ+eKfWJLBT03/VzzaepqQPwyHyFDAegJ/L9DlZOkHc9NJrfa\nR+N2Hde/TmUlnRl737ltWtQHE1QSTV1PQZuXb3AEWm6FDe7O62F0GpsuIWj1z8oo\nIIDLHRjp/mCqT6/A70NIRQvcwhLfRYYMOezKL80iGi7WwRokwEScDFE+gzB9FLrf\npjNBFZkQVVxMVYOejArmPuLINaEdZJo/HAOiEtw9gOTzALyKFbWwOHDmSzz1hgbz\nkqFtZgwnpVZNs3UubXCgWeP4aU9xueZeyBHKNQKVERODtrKFt5jbpPrXu6qGyP9O\n6GSgMbUDO5OMqOhTKQiMbKj5gO2DfOIO6vNP5eFwvSXPJG0ZlPIzAJD1cwZdtsVK\nwWBIMfjjc8zUh8OYm+CWg/lgpZLkQxe/wtFcC7Pw1u7nkN95npMXM3O75R8xe1zg\nxsa+wzjCmVRwrO2gLnT7/NUkY3saShCvBD+A82trnasbVlI/49oiojZY1PI3CZtz\nafQDlfLvgygNkV3e5CGe5p9PILwmFbrpALV43dEz6eY+MbeuoE6I7ON8tYtmx4Ds\nhOpSLJjOLjE=YQQZ\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39260"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019291"
},
{
"db": "VULHUB",
"id": "VHN-435027"
},
{
"db": "PACKETSTORM",
"id": "169416"
},
{
"db": "PACKETSTORM",
"id": "170787"
},
{
"db": "PACKETSTORM",
"id": "176313"
},
{
"db": "PACKETSTORM",
"id": "169735"
},
{
"db": "PACKETSTORM",
"id": "169954"
},
{
"db": "PACKETSTORM",
"id": "169939"
},
{
"db": "PACKETSTORM",
"id": "172366"
},
{
"db": "PACKETSTORM",
"id": "172210"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-39260",
"trust": 4.1
},
{
"db": "PACKETSTORM",
"id": "169939",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169416",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "170787",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91198149",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-046-11",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019291",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169735",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169954",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.6094",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6031",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5479",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1260",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-435027",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "176313",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172366",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172210",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435027"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019291"
},
{
"db": "PACKETSTORM",
"id": "169416"
},
{
"db": "PACKETSTORM",
"id": "170787"
},
{
"db": "PACKETSTORM",
"id": "176313"
},
{
"db": "PACKETSTORM",
"id": "169735"
},
{
"db": "PACKETSTORM",
"id": "169954"
},
{
"db": "PACKETSTORM",
"id": "169939"
},
{
"db": "PACKETSTORM",
"id": "172366"
},
{
"db": "PACKETSTORM",
"id": "172210"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1260"
},
{
"db": "NVD",
"id": "CVE-2022-39260"
}
]
},
"id": "VAR-202210-1203",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-435027"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T20:25:26.712000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213496",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html"
},
{
"title": "Git Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=211664"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019291"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1260"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Heap-based buffer overflow (CWE-122) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435027"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019291"
},
{
"db": "NVD",
"id": "CVE-2022-39260"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/nov/1"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213496"
},
{
"trust": 1.7,
"url": "https://github.com/git/git/security/advisories/ghsa-rjr6-wcq6-83p6"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39260"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202312-15"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/c7b6jpkx5cgglahxjvqmiznneeb72fhd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ohno2fb55cpx47baxmbwubgwho6n6zzh/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ukfhe4kvd7eks5j3ktdfvbeku3clxgvv/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91198149/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ohno2fb55cpx47baxmbwubgwho6n6zzh/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ukfhe4kvd7eks5j3ktdfvbeku3clxgvv/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/c7b6jpkx5cgglahxjvqmiznneeb72fhd/"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39253"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169954/ubuntu-security-notice-usn-5686-3.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6031"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6094"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169735/apple-security-advisory-2022-11-01-1.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213496"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-39260/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5479"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170787/debian-security-advisory-5332-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169416/ubuntu-security-notice-usn-5686-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169939/ubuntu-security-notice-usn-5686-2.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29187"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24765"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5686-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41903"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23521"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-39260"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24765"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-39253"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-29187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.5"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/git"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-29007"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-25815"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-25652"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-22490"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42797"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213496."
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5686-3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/git/1:2.37.2-1ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5686-2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2859"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2319"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-435027"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019291"
},
{
"db": "PACKETSTORM",
"id": "169416"
},
{
"db": "PACKETSTORM",
"id": "170787"
},
{
"db": "PACKETSTORM",
"id": "176313"
},
{
"db": "PACKETSTORM",
"id": "169735"
},
{
"db": "PACKETSTORM",
"id": "169954"
},
{
"db": "PACKETSTORM",
"id": "169939"
},
{
"db": "PACKETSTORM",
"id": "172366"
},
{
"db": "PACKETSTORM",
"id": "172210"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1260"
},
{
"db": "NVD",
"id": "CVE-2022-39260"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-435027"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019291"
},
{
"db": "PACKETSTORM",
"id": "169416"
},
{
"db": "PACKETSTORM",
"id": "170787"
},
{
"db": "PACKETSTORM",
"id": "176313"
},
{
"db": "PACKETSTORM",
"id": "169735"
},
{
"db": "PACKETSTORM",
"id": "169954"
},
{
"db": "PACKETSTORM",
"id": "169939"
},
{
"db": "PACKETSTORM",
"id": "172366"
},
{
"db": "PACKETSTORM",
"id": "172210"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1260"
},
{
"db": "NVD",
"id": "CVE-2022-39260"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-435027"
},
{
"date": "2023-10-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019291"
},
{
"date": "2022-10-18T22:32:05",
"db": "PACKETSTORM",
"id": "169416"
},
{
"date": "2023-01-30T16:35:13",
"db": "PACKETSTORM",
"id": "170787"
},
{
"date": "2023-12-27T14:55:24",
"db": "PACKETSTORM",
"id": "176313"
},
{
"date": "2022-11-08T13:42:03",
"db": "PACKETSTORM",
"id": "169735"
},
{
"date": "2022-11-21T15:22:01",
"db": "PACKETSTORM",
"id": "169954"
},
{
"date": "2022-11-18T14:28:24",
"db": "PACKETSTORM",
"id": "169939"
},
{
"date": "2023-05-16T17:08:14",
"db": "PACKETSTORM",
"id": "172366"
},
{
"date": "2023-05-09T15:18:13",
"db": "PACKETSTORM",
"id": "172210"
},
{
"date": "2022-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1260"
},
{
"date": "2022-10-19T12:15:10.160000",
"db": "NVD",
"id": "CVE-2022-39260"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-435027"
},
{
"date": "2024-02-21T01:25:00",
"db": "JVNDB",
"id": "JVNDB-2022-019291"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202210-1260"
},
{
"date": "2023-12-27T10:15:37.793000",
"db": "NVD",
"id": "CVE-2022-39260"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "176313"
},
{
"db": "CNNVD",
"id": "CNNVD-202210-1260"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Git\u00a0SCM\u00a0 of \u00a0Git\u00a0 Heap-based buffer overflow vulnerabilities in products from other vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019291"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202210-1260"
}
],
"trust": 0.6
}
}
var-202103-1244
Vulnerability from variot
In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8. Linux Kernel Exists in a classic buffer overflow vulnerability. Vendor exploits this vulnerability CID-cc7a0bb058b8 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ========================================================================== Ubuntu Security Notice USN-5343-1 March 22, 2022
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-kvm: Linux kernel for cloud environments - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. (CVE-2022-0492)
It was discovered that the aufs file system in the Linux kernel did not properly restrict mount namespaces, when mounted with the non-default allow_userns option set. A local attacker could use this to gain administrative privileges. (CVE-2016-2853)
It was discovered that the aufs file system in the Linux kernel did not properly maintain POSIX ACL xattr data, when mounted with the non-default allow_userns option. A local attacker could possibly use this to gain elevated privileges. (CVE-2016-2854)
It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19449)
It was discovered that the XFS file system implementation in the Linux kernel did not properly validate meta data in some circumstances. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. (CVE-2020-12655)
Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-25670)
Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly deallocate memory in certain error situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2020-25671, CVE-2020-25672)
Kiyin (尹亮) discovered that the NFC LLCP protocol implementation in the Linux kernel did not properly handle error conditions in some situations, leading to an infinite loop. A local attacker could use this to cause a denial of service. (CVE-2020-25673)
Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled EAPOL frames from unauthenticated senders. A physically proximate attacker could inject malicious packets to cause a denial of service (system crash). (CVE-2020-26139)
Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. (CVE-2020-26147)
It was discovered that the BR/EDR pin-code pairing procedure in the Linux kernel was vulnerable to an impersonation attack. A physically proximate attacker could possibly use this to pair to a device without knowledge of the pin-code. (CVE-2020-26555)
It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129)
It was discovered that the FUSE user space file system implementation in the Linux kernel did not properly handle bad inodes in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2020-36322)
It was discovered that the Infiniband RDMA userspace connection manager implementation in the Linux kernel contained a race condition leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possible execute arbitrary code. A privileged attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-20292)
It was discovered that a race condition existed in the timer implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service. (CVE-2021-20317)
Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. A privileged local attacker could use this issue to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23134)
It was discovered that the Xen paravirtualization backend in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-28972)
It was discovered that a race condition existed in the netfilter subsystem of the Linux kernel when replacing tables. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-29650)
It was discovered that a race condition in the kernel Bluetooth subsystem could lead to use-after-free of slab objects. An attacker could use this issue to possibly execute arbitrary code. (CVE-2021-32399)
It was discovered that the CIPSO implementation in the Linux kernel did not properly perform reference counting in some situations, leading to use- after-free vulnerabilities. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33033)
It was discovered that a use-after-free existed in the Bluetooth HCI driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33034)
Asaf Modelevsky discovered that the Intel(R) Ethernet ixgbe driver for the Linux kernel did not properly validate large MTU requests from Virtual Function (VF) devices. A local attacker could possibly use this to cause a denial of service. (CVE-2021-33098)
Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-34693)
马哲宇 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3483)
It was discovered that an out-of-bounds (OOB) memory access flaw existed in the f2fs module of the Linux kernel. A local attacker could use this issue to cause a denial of service (system crash). (CVE-2021-3506)
It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3564)
It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device detach events, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3573)
Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612)
It was discovered that the tracing subsystem in the Linux kernel did not properly keep track of per-cpu ring buffer state. A privileged attacker could use this to cause a denial of service. (CVE-2021-3679)
It was discovered that the Virtio console implementation in the Linux kernel did not properly validate input lengths in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-38160)
It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly compute the access permissions for shadow pages in some situations. A local attacker could use this to cause a denial of service. (CVE-2021-38198)
It was discovered that the MAX-3421 host USB device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2021-38204)
It was discovered that the NFC implementation in the Linux kernel did not properly handle failed connect events leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2021-38208)
It was discovered that the configfs interface for USB gadgets in the Linux kernel contained a race condition. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2021-39648)
It was discovered that the ext4 file system in the Linux kernel contained a race condition when writing xattrs to an inode. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2021-40490)
It was discovered that the 6pack network protocol driver in the Linux kernel did not properly perform validation checks. A privileged attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-42008)
It was discovered that the ISDN CAPI implementation in the Linux kernel contained a race condition in certain situations that could trigger an array out-of-bounds bug. A privileged local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2021-43389)
It was discovered that the Phone Network protocol (PhoNet) implementation in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2021-45095)
Wenqing Liu discovered that the f2fs file system in the Linux kernel did not properly validate the last xattr entry in an inode. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-45469)
Amit Klein discovered that the IPv6 implementation in the Linux kernel could disclose internal state in some situations. An attacker could possibly use this to expose sensitive information. (CVE-2021-45485)
It was discovered that the per cpu memory allocator in the Linux kernel could report kernel pointers via dmesg. An attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability. (CVE-2018-5995)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: linux-image-4.4.0-1103-kvm 4.4.0-1103.112 linux-image-4.4.0-1138-aws 4.4.0-1138.152 linux-image-4.4.0-222-generic 4.4.0-222.255 linux-image-4.4.0-222-lowlatency 4.4.0-222.255 linux-image-aws 4.4.0.1138.143 linux-image-generic 4.4.0.222.229 linux-image-kvm 4.4.0.1103.101 linux-image-lowlatency 4.4.0.222.229 linux-image-virtual 4.4.0.222.229
Ubuntu 14.04 ESM: linux-image-4.4.0-1102-aws 4.4.0-1102.107 linux-image-4.4.0-222-generic 4.4.0-222.255~14.04.1 linux-image-4.4.0-222-lowlatency 4.4.0-222.255~14.04.1 linux-image-aws 4.4.0.1102.100 linux-image-generic-lts-xenial 4.4.0.222.193 linux-image-lowlatency-lts-xenial 4.4.0.222.193 linux-image-virtual-lts-xenial 4.4.0.222.193
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://ubuntu.com/security/notices/USN-5343-1 CVE-2016-2853, CVE-2016-2854, CVE-2018-5995, CVE-2019-19449, CVE-2020-12655, CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673, CVE-2020-26139, CVE-2020-26147, CVE-2020-26555, CVE-2020-26558, CVE-2020-36322, CVE-2020-36385, CVE-2021-0129, CVE-2021-20292, CVE-2021-20317, CVE-2021-23134, CVE-2021-28688, CVE-2021-28972, CVE-2021-29650, CVE-2021-32399, CVE-2021-33033, CVE-2021-33034, CVE-2021-33098, CVE-2021-34693, CVE-2021-3483, CVE-2021-3506, CVE-2021-3564, CVE-2021-3573, CVE-2021-3612, CVE-2021-3679, CVE-2021-38160, CVE-2021-38198, CVE-2021-38204, CVE-2021-38208, CVE-2021-39648, CVE-2021-40490, CVE-2021-42008, CVE-2021-43389, CVE-2021-45095, CVE-2021-45469, CVE-2021-45485, CVE-2022-0492
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1244",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "kernel",
"scope": "gt",
"trust": 1.0,
"vendor": "linux",
"version": "4.5"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.4.108"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.10.26"
},
{
"model": "kernel",
"scope": "gt",
"trust": 1.0,
"vendor": "linux",
"version": "4.15"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.10"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.14.227"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "kernel",
"scope": "lte",
"trust": 1.0,
"vendor": "linux",
"version": "4.19.183"
},
{
"model": "fas\\/aff baseboard management controller",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire baseboard management controller",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.11.9"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.4.263"
},
{
"model": "kernel",
"scope": "lte",
"trust": 1.0,
"vendor": "linux",
"version": "4.9.263"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.11"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.5.0"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.20"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "solidfire baseboard management controller",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "baseboard management controller",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "cloud backup",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": null,
"trust": 0.8,
"vendor": "linux",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010251"
},
{
"db": "NVD",
"id": "CVE-2021-28972"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "162969"
},
{
"db": "PACKETSTORM",
"id": "162981"
},
{
"db": "PACKETSTORM",
"id": "162939"
},
{
"db": "PACKETSTORM",
"id": "166417"
},
{
"db": "PACKETSTORM",
"id": "162549"
},
{
"db": "PACKETSTORM",
"id": "166101"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1260"
}
],
"trust": 1.2
},
"cve": "CVE-2021-28972",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-28972",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-388498",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2021-28972",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-28972",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-28972",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-28972",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1260",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-388498",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-28972",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388498"
},
{
"db": "VULMON",
"id": "CVE-2021-28972"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010251"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1260"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-28972"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name \u0027\\0\u0027 termination, aka CID-cc7a0bb058b8. Linux Kernel Exists in a classic buffer overflow vulnerability. Vendor exploits this vulnerability CID-cc7a0bb058b8 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ==========================================================================\nUbuntu Security Notice USN-5343-1\nMarch 22, 2022\n\nlinux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. \n\nSoftware Description:\n- linux: Linux kernel\n- linux-aws: Linux kernel for Amazon Web Services (AWS) systems\n- linux-kvm: Linux kernel for cloud environments\n- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty\n\nDetails:\n\nYiqi Sun and Kevin Wang discovered that the cgroups implementation in the\nLinux kernel did not properly restrict access to the cgroups v1\nrelease_agent feature. A local attacker could use this to gain\nadministrative privileges. (CVE-2022-0492)\n\nIt was discovered that the aufs file system in the Linux kernel did not\nproperly restrict mount namespaces, when mounted with the non-default\nallow_userns option set. A local attacker could use this to gain\nadministrative privileges. (CVE-2016-2853)\n\nIt was discovered that the aufs file system in the Linux kernel did not\nproperly maintain POSIX ACL xattr data, when mounted with the non-default\nallow_userns option. A local attacker could possibly use this to gain\nelevated privileges. (CVE-2016-2854)\n\nIt was discovered that the f2fs file system in the Linux kernel did not\nproperly validate metadata in some situations. An attacker could use this\nto construct a malicious f2fs image that, when mounted and operated on,\ncould cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2019-19449)\n\nIt was discovered that the XFS file system implementation in the Linux\nkernel did not properly validate meta data in some circumstances. An\nattacker could use this to construct a malicious XFS image that, when\nmounted, could cause a denial of service. (CVE-2020-12655)\n\nKiyin (\u5c39\u4eae) discovered that the NFC LLCP protocol implementation in the\nLinux kernel contained a reference counting error. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2020-25670)\n\nKiyin (\u5c39\u4eae) discovered that the NFC LLCP protocol implementation in the\nLinux kernel did not properly deallocate memory in certain error\nsituations. A local attacker could use this to cause a denial of service\n(memory exhaustion). (CVE-2020-25671, CVE-2020-25672)\n\nKiyin (\u5c39\u4eae) discovered that the NFC LLCP protocol implementation in the\nLinux kernel did not properly handle error conditions in some situations,\nleading to an infinite loop. A local attacker could use this to cause a\ndenial of service. (CVE-2020-25673)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation\nincorrectly handled EAPOL frames from unauthenticated senders. A physically\nproximate attacker could inject malicious packets to cause a denial of\nservice (system crash). (CVE-2020-26139)\n\nMathy Vanhoef discovered that the Linux kernel\u2019s WiFi implementation could\nreassemble mixed encrypted and plaintext fragments. A physically proximate\nattacker could possibly use this issue to inject packets or exfiltrate\nselected fragments. (CVE-2020-26147)\n\nIt was discovered that the BR/EDR pin-code pairing procedure in the Linux\nkernel was vulnerable to an impersonation attack. A physically proximate\nattacker could possibly use this to pair to a device without knowledge of\nthe pin-code. (CVE-2020-26555)\n\nIt was discovered that the bluetooth subsystem in the Linux kernel did not\nproperly perform access control. An authenticated attacker could possibly\nuse this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129)\n\nIt was discovered that the FUSE user space file system implementation in\nthe Linux kernel did not properly handle bad inodes in some situations. A\nlocal attacker could possibly use this to cause a denial of service. \n(CVE-2020-36322)\n\nIt was discovered that the Infiniband RDMA userspace connection manager\nimplementation in the Linux kernel contained a race condition leading to a\nuse-after-free vulnerability. A local attacker could use this to cause a\ndenial of service (system crash) or possible execute arbitrary code. A privileged attacker could possibly use this\nto cause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2021-20292)\n\nIt was discovered that a race condition existed in the timer implementation\nin the Linux kernel. A privileged attacker could use this to cause a denial\nof service. (CVE-2021-20317)\n\nOr Cohen and Nadav Markus discovered a use-after-free vulnerability in the\nnfc implementation in the Linux kernel. A privileged local attacker could\nuse this issue to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2021-23134)\n\nIt was discovered that the Xen paravirtualization backend in the Linux\nkernel did not properly deallocate memory in some situations. A local\nattacker could use this to cause a denial of service (memory exhaustion). A privileged attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2021-28972)\n\nIt was discovered that a race condition existed in the netfilter subsystem\nof the Linux kernel when replacing tables. A local attacker could use this\nto cause a denial of service (system crash). (CVE-2021-29650)\n\nIt was discovered that a race condition in the kernel Bluetooth subsystem\ncould lead to use-after-free of slab objects. An attacker could use this\nissue to possibly execute arbitrary code. (CVE-2021-32399)\n\nIt was discovered that the CIPSO implementation in the Linux kernel did not\nproperly perform reference counting in some situations, leading to use-\nafter-free vulnerabilities. An attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. (CVE-2021-33033)\n\nIt was discovered that a use-after-free existed in the Bluetooth HCI driver\nof the Linux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. (CVE-2021-33034)\n\nAsaf Modelevsky discovered that the Intel(R) Ethernet ixgbe driver for the\nLinux kernel did not properly validate large MTU requests from Virtual\nFunction (VF) devices. A local attacker could possibly use this to cause a\ndenial of service. (CVE-2021-33098)\n\nNorbert Slusarek discovered that the CAN broadcast manger (bcm) protocol\nimplementation in the Linux kernel did not properly initialize memory in\nsome situations. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2021-34693)\n\n\u9a6c\u54f2\u5b87 discovered that the IEEE 1394 (Firewire) nosy packet sniffer driver in\nthe Linux kernel did not properly perform reference counting in some\nsituations, leading to a use-after-free vulnerability. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2021-3483)\n\nIt was discovered that an out-of-bounds (OOB) memory access flaw existed in\nthe f2fs module of the Linux kernel. A local attacker could use this issue\nto cause a denial of service (system crash). (CVE-2021-3506)\n\nIt was discovered that the bluetooth subsystem in the Linux kernel did not\nproperly handle HCI device initialization failure, leading to a double-free\nvulnerability. An attacker could use this to cause a denial of service or\npossibly execute arbitrary code. (CVE-2021-3564)\n\nIt was discovered that the bluetooth subsystem in the Linux kernel did not\nproperly handle HCI device detach events, leading to a use-after-free\nvulnerability. An attacker could use this to cause a denial of service or\npossibly execute arbitrary code. (CVE-2021-3573)\n\nMurray McAllister discovered that the joystick device interface in the\nLinux kernel did not properly validate data passed via an ioctl(). A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code on systems with a joystick device\nregistered. (CVE-2021-3612)\n\nIt was discovered that the tracing subsystem in the Linux kernel did not\nproperly keep track of per-cpu ring buffer state. A privileged attacker\ncould use this to cause a denial of service. (CVE-2021-3679)\n\nIt was discovered that the Virtio console implementation in the Linux\nkernel did not properly validate input lengths in some situations. A local\nattacker could possibly use this to cause a denial of service (system\ncrash). (CVE-2021-38160)\n\nIt was discovered that the KVM hypervisor implementation in the Linux\nkernel did not properly compute the access permissions for shadow pages in\nsome situations. A local attacker could use this to cause a denial of\nservice. (CVE-2021-38198)\n\nIt was discovered that the MAX-3421 host USB device driver in the Linux\nkernel did not properly handle device removal events. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2021-38204)\n\nIt was discovered that the NFC implementation in the Linux kernel did not\nproperly handle failed connect events leading to a NULL pointer\ndereference. A local attacker could use this to cause a denial of service. \n(CVE-2021-38208)\n\nIt was discovered that the configfs interface for USB gadgets in the Linux\nkernel contained a race condition. A local attacker could possibly use this\nto expose sensitive information (kernel memory). (CVE-2021-39648)\n\nIt was discovered that the ext4 file system in the Linux kernel contained a\nrace condition when writing xattrs to an inode. A local attacker could use\nthis to cause a denial of service or possibly gain administrative\nprivileges. (CVE-2021-40490)\n\nIt was discovered that the 6pack network protocol driver in the Linux\nkernel did not properly perform validation checks. A privileged attacker\ncould use this to cause a denial of service (system crash) or execute\narbitrary code. (CVE-2021-42008)\n\nIt was discovered that the ISDN CAPI implementation in the Linux kernel\ncontained a race condition in certain situations that could trigger an\narray out-of-bounds bug. A privileged local attacker could possibly use\nthis to cause a denial of service or execute arbitrary code. \n(CVE-2021-43389)\n\nIt was discovered that the Phone Network protocol (PhoNet) implementation\nin the Linux kernel did not properly perform reference counting in some\nerror conditions. A local attacker could possibly use this to cause a\ndenial of service (memory exhaustion). (CVE-2021-45095)\n\nWenqing Liu discovered that the f2fs file system in the Linux kernel did\nnot properly validate the last xattr entry in an inode. An attacker could\nuse this to construct a malicious f2fs image that, when mounted and\noperated on, could cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2021-45469)\n\nAmit Klein discovered that the IPv6 implementation in the Linux kernel\ncould disclose internal state in some situations. An attacker could\npossibly use this to expose sensitive information. (CVE-2021-45485)\n\nIt was discovered that the per cpu memory allocator in the Linux kernel\ncould report kernel pointers via dmesg. An attacker could use this to\nexpose sensitive information or in conjunction with another kernel\nvulnerability. (CVE-2018-5995)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n linux-image-4.4.0-1103-kvm 4.4.0-1103.112\n linux-image-4.4.0-1138-aws 4.4.0-1138.152\n linux-image-4.4.0-222-generic 4.4.0-222.255\n linux-image-4.4.0-222-lowlatency 4.4.0-222.255\n linux-image-aws 4.4.0.1138.143\n linux-image-generic 4.4.0.222.229\n linux-image-kvm 4.4.0.1103.101\n linux-image-lowlatency 4.4.0.222.229\n linux-image-virtual 4.4.0.222.229\n\nUbuntu 14.04 ESM:\n linux-image-4.4.0-1102-aws 4.4.0-1102.107\n linux-image-4.4.0-222-generic 4.4.0-222.255~14.04.1\n linux-image-4.4.0-222-lowlatency 4.4.0-222.255~14.04.1\n linux-image-aws 4.4.0.1102.100\n linux-image-generic-lts-xenial 4.4.0.222.193\n linux-image-lowlatency-lts-xenial 4.4.0.222.193\n linux-image-virtual-lts-xenial 4.4.0.222.193\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5343-1\n CVE-2016-2853, CVE-2016-2854, CVE-2018-5995, CVE-2019-19449,\n CVE-2020-12655, CVE-2020-25670, CVE-2020-25671, CVE-2020-25672,\n CVE-2020-25673, CVE-2020-26139, CVE-2020-26147, CVE-2020-26555,\n CVE-2020-26558, CVE-2020-36322, CVE-2020-36385, CVE-2021-0129,\n CVE-2021-20292, CVE-2021-20317, CVE-2021-23134, CVE-2021-28688,\n CVE-2021-28972, CVE-2021-29650, CVE-2021-32399, CVE-2021-33033,\n CVE-2021-33034, CVE-2021-33098, CVE-2021-34693, CVE-2021-3483,\n CVE-2021-3506, CVE-2021-3564, CVE-2021-3573, CVE-2021-3612,\n CVE-2021-3679, CVE-2021-38160, CVE-2021-38198, CVE-2021-38204,\n CVE-2021-38208, CVE-2021-39648, CVE-2021-40490, CVE-2021-42008,\n CVE-2021-43389, CVE-2021-45095, CVE-2021-45469, CVE-2021-45485,\n CVE-2022-0492\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-28972"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010251"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-388498"
},
{
"db": "VULMON",
"id": "CVE-2021-28972"
},
{
"db": "PACKETSTORM",
"id": "162969"
},
{
"db": "PACKETSTORM",
"id": "162981"
},
{
"db": "PACKETSTORM",
"id": "162939"
},
{
"db": "PACKETSTORM",
"id": "166417"
},
{
"db": "PACKETSTORM",
"id": "162549"
},
{
"db": "PACKETSTORM",
"id": "166101"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-28972",
"trust": 4.0
},
{
"db": "PACKETSTORM",
"id": "162939",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162981",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162549",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166417",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010251",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1260",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166101",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.1625",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1299",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1307",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1964",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1919",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1946",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1225",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1669",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2136",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1231",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1655",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1694",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092209",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162969",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2021-24272",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-388498",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-28972",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388498"
},
{
"db": "VULMON",
"id": "CVE-2021-28972"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010251"
},
{
"db": "PACKETSTORM",
"id": "162969"
},
{
"db": "PACKETSTORM",
"id": "162981"
},
{
"db": "PACKETSTORM",
"id": "162939"
},
{
"db": "PACKETSTORM",
"id": "166417"
},
{
"db": "PACKETSTORM",
"id": "162549"
},
{
"db": "PACKETSTORM",
"id": "166101"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1260"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-28972"
}
]
},
"id": "VAR-202103-1244",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-388498"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:31:08.665000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fix\u00a0potential\u00a0drc_name\u00a0corruption\u00a0in\u00a0store\u00a0functions NetAppNetApp\u00a0Advisory",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4VCKIOXCOZGXBEZMO5LGGV5MWCHO6FT3/"
},
{
"title": "Linux kernel Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144778"
},
{
"title": "Red Hat: CVE-2021-28972",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-28972"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-28972 log"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-28972"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010251"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1260"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.1
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388498"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010251"
},
{
"db": "NVD",
"id": "CVE-2021-28972"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28972"
},
{
"trust": 1.8,
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc7a0bb058b85ea03db87169c60c7cfdd5d34678"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210430-0003/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4vckioxcozgxbezmo5lggv5mwcho6ft3/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ptrnpqtz4gvs46sz4obxy5ydogvpstgq/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/t2s3i4slrnruqdofyus6iuazmqnmpnlg/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4vckioxcozgxbezmo5lggv5mwcho6ft3/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/t2s3i4slrnruqdofyus6iuazmqnmpnlg/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ptrnpqtz4gvs46sz4obxy5ydogvpstgq/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-28972"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3483"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1225"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162939/ubuntu-security-notice-usn-4979-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1919"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162981/ubuntu-security-notice-usn-4984-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1964"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162549/ubuntu-security-notice-usn-4948-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1655"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/linux-kernel-buffer-overflow-via-add-slot-store-34914"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1946"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1307"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1625"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1669"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166417/ubuntu-security-notice-usn-5343-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1231"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2136"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092209"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1299"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1694"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166101/ubuntu-security-notice-usn-5299-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25670"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28964"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28688"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29647"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28971"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31916"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25673"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33033"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28950"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28660"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28952"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34693"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3564"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26147"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33034"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29650"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198510"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1046.50"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-74.83~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1040.41"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke-5.4/5.4.0-1044.46~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1044.47~18.04.2"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4982-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1044.47"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1016.17"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1048.50"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.4.0-74.83"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1046.50~18.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1044.46"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1048.50~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1049.51~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1016.17~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1049.51"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1033.35"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28038"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4984-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.8.0-55.62"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1028.30"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1035.37"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1031.32"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1032.34"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe-5.8/5.8.0-55.62~20.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3428"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1092.94"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4979-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1115.128"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1103.110"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1100.113"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1072.80"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-144.148"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1103.112"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2853"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26555"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26558"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12655"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36322"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33098"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32399"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5343-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3506"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20317"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36385"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26139"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2854"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4948-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oem-5.10/5.10.0-1026.27"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29266"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3489"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29657"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29649"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28951"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3490"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29646"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45485"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3679"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42008"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5299-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38204"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388498"
},
{
"db": "VULMON",
"id": "CVE-2021-28972"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010251"
},
{
"db": "PACKETSTORM",
"id": "162969"
},
{
"db": "PACKETSTORM",
"id": "162981"
},
{
"db": "PACKETSTORM",
"id": "162939"
},
{
"db": "PACKETSTORM",
"id": "166417"
},
{
"db": "PACKETSTORM",
"id": "162549"
},
{
"db": "PACKETSTORM",
"id": "166101"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1260"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-28972"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-388498"
},
{
"db": "VULMON",
"id": "CVE-2021-28972"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-010251"
},
{
"db": "PACKETSTORM",
"id": "162969"
},
{
"db": "PACKETSTORM",
"id": "162981"
},
{
"db": "PACKETSTORM",
"id": "162939"
},
{
"db": "PACKETSTORM",
"id": "166417"
},
{
"db": "PACKETSTORM",
"id": "162549"
},
{
"db": "PACKETSTORM",
"id": "166101"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1260"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-28972"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-388498"
},
{
"date": "2021-03-22T00:00:00",
"db": "VULMON",
"id": "CVE-2021-28972"
},
{
"date": "2022-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-010251"
},
{
"date": "2021-06-04T13:36:04",
"db": "PACKETSTORM",
"id": "162969"
},
{
"date": "2021-06-04T22:09:37",
"db": "PACKETSTORM",
"id": "162981"
},
{
"date": "2021-06-03T14:55:48",
"db": "PACKETSTORM",
"id": "162939"
},
{
"date": "2022-03-23T16:02:30",
"db": "PACKETSTORM",
"id": "166417"
},
{
"date": "2021-05-12T13:52:40",
"db": "PACKETSTORM",
"id": "162549"
},
{
"date": "2022-02-22T17:06:12",
"db": "PACKETSTORM",
"id": "166101"
},
{
"date": "2021-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1260"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-03-22T17:15:15.200000",
"db": "NVD",
"id": "CVE-2021-28972"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-03T00:00:00",
"db": "VULHUB",
"id": "VHN-388498"
},
{
"date": "2021-04-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-28972"
},
{
"date": "2022-06-28T06:12:00",
"db": "JVNDB",
"id": "JVNDB-2021-010251"
},
{
"date": "2022-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1260"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2024-11-21T06:00:28.767000",
"db": "NVD",
"id": "CVE-2021-28972"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "162969"
},
{
"db": "PACKETSTORM",
"id": "162939"
},
{
"db": "PACKETSTORM",
"id": "166417"
},
{
"db": "PACKETSTORM",
"id": "162549"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1260"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linux\u00a0Kernel\u00a0 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-010251"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1260"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 1.2
}
}
var-202006-1838
Vulnerability from variot
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. Perl Is vulnerable to out-of-bounds writes.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. An attacker could exploit this vulnerability to cause a denial of service. 7.7) - ppc64, ppc64le, s390x, x86_64
- Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.2.4 General Availability release images, which fix several bugs and security issues. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/
Security fixes:
-
redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)
-
console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092)
-
console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918)
Bug fixes:
-
RHACM 2.2.4 images (BZ# 1957254)
-
Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832)
-
ACM Operator should support using the default route TLS (BZ# 1955270)
-
The scrolling bar for search filter does not work properly (BZ# 1956852)
-
Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)
-
The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181)
-
Unable to make SSH connection to a Bitbucket server (BZ# 1966513)
-
Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message
- Description:
Security Fix(es):
- Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253
- Upgraded to a more recent version of autobahn to address CVE-2020-35678.
- Upgraded to a more recent version of nginx to address CVE-2019-20372.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches.
-
Improved analytics collection to collect the playbook status for all hosts in a playbook run
-
Solution:
For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html
- Bugs fixed (https://bugzilla.redhat.com/):
1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: perl security update Advisory ID: RHSA-2021:0343-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0343 Issue date: 2021-02-02 CVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 ==================================================================== 1. Summary:
An update for perl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
Perl is a high-level programming language that is commonly used for system administration utilities and web programming.
Security Fix(es):
-
perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543)
-
perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (CVE-2020-10878)
-
perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (CVE-2020-12723)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: perl-5.16.3-299.el7_9.src.rpm
noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm
x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: perl-5.16.3-299.el7_9.src.rpm
noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm
x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: perl-5.16.3-299.el7_9.src.rpm
noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm
ppc64: perl-5.16.3-299.el7_9.ppc64.rpm perl-Time-Piece-1.20.1-299.el7_9.ppc64.rpm perl-core-5.16.3-299.el7_9.ppc64.rpm perl-debuginfo-5.16.3-299.el7_9.ppc.rpm perl-debuginfo-5.16.3-299.el7_9.ppc64.rpm perl-devel-5.16.3-299.el7_9.ppc.rpm perl-devel-5.16.3-299.el7_9.ppc64.rpm perl-libs-5.16.3-299.el7_9.ppc.rpm perl-libs-5.16.3-299.el7_9.ppc64.rpm perl-macros-5.16.3-299.el7_9.ppc64.rpm
ppc64le: perl-5.16.3-299.el7_9.ppc64le.rpm perl-Time-Piece-1.20.1-299.el7_9.ppc64le.rpm perl-core-5.16.3-299.el7_9.ppc64le.rpm perl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm perl-devel-5.16.3-299.el7_9.ppc64le.rpm perl-libs-5.16.3-299.el7_9.ppc64le.rpm perl-macros-5.16.3-299.el7_9.ppc64le.rpm
s390x: perl-5.16.3-299.el7_9.s390x.rpm perl-Time-Piece-1.20.1-299.el7_9.s390x.rpm perl-core-5.16.3-299.el7_9.s390x.rpm perl-debuginfo-5.16.3-299.el7_9.s390.rpm perl-debuginfo-5.16.3-299.el7_9.s390x.rpm perl-devel-5.16.3-299.el7_9.s390.rpm perl-devel-5.16.3-299.el7_9.s390x.rpm perl-libs-5.16.3-299.el7_9.s390.rpm perl-libs-5.16.3-299.el7_9.s390x.rpm perl-macros-5.16.3-299.el7_9.s390x.rpm
x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: perl-debuginfo-5.16.3-299.el7_9.ppc64.rpm perl-tests-5.16.3-299.el7_9.ppc64.rpm
ppc64le: perl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm perl-tests-5.16.3-299.el7_9.ppc64le.rpm
s390x: perl-debuginfo-5.16.3-299.el7_9.s390x.rpm perl-tests-5.16.3-299.el7_9.s390x.rpm
x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: perl-5.16.3-299.el7_9.src.rpm
noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm
x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYBlBRdzjgjWX9erEAQgfWQ/+Pzq//upZZVPBq5+myRLRJCef7277Y+9k 54oh8wOTwtwEMs9ye5Y1FDmAxVd4fWX3JgAss1KE86Hhm5OoCX/FJ0/RGguMR1l2 qwmWtfGuZjrn1SmjdHlf8B/bC0f20IadUUbY/8clpFiMxe5V1g8s9ZgbHv/MBWnm Awac/6LPc7Eb24OnIuTKLYEcQRxuBG1KdikM1NN1uJU5WHkbhZfKWFMnjKihsPGp 42vnomd0P7RdXNc4FbuNlkm2iw04woJyz1AYPdScswWJqawQSbre6+3wpnHlWs4K RerhKZiJLJsC0XmSpma62I4kYbVlniYPcbrF4Zfo1j1vIIvjmOL26B/3JsUVtwfm AKVuAu8DbNIkdSo2CS2gauLWsykukprPx16X8n8Xlb9Kr9iL/r2/sI/jUGce+50S aoe2Hb40VIX6sHPLiEmWP0ufuoDxJZ2mY9mhqAMGt/xCPrZ/Pst0y4hewJVo2AIf /LG758/KJWYBx2ILfBwA07O829irVDnbw5blT47fS3qiqAzXRTp56xkCCnLQ0BGQ Ip3DFIwNVxznKYOgubXJBGl3xYHI+P/bu8tcCAYMaN4hAHdFrqJbPMNLLGf37L73 N83csDc07k/WsKua5atl3suUuYRWxSq6CnV9KNU4aUaKEmu+de+D2k34vn2+le0S HB63T1smQXA=Oj1P -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4602-1 October 26, 2020
perl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Perl.
Software Description: - perl: Practical Extraction and Report Language
Details:
ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10543)
Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10878)
Sergey Aleynikov discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12723)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: perl 5.30.0-9ubuntu0.2
Ubuntu 18.04 LTS: perl 5.26.1-6ubuntu0.5
Ubuntu 16.04 LTS: perl 5.22.1-9ubuntu0.9
In general, a standard system update will make all the necessary changes. 7) - aarch64, ppc64le, s390x
3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1838",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "communications lsms",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "communications performance intelligence center",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.0.1.0"
},
{
"model": "communications eagle application processor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.4.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "communications performance intelligence center",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.0.3.1"
},
{
"model": "tekelec platform distribution",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "perl",
"scope": "lt",
"trust": 1.0,
"vendor": "perl",
"version": "5.30.3"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "46.7"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "46.9"
},
{
"model": "communications performance intelligence center",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.0.0.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "communications performance intelligence center",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.0.2.1"
},
{
"model": "tekelec platform distribution",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.7.1"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2"
},
{
"model": "configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.2.0.8"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "46.8"
},
{
"model": "communications lsms",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.2.0"
},
{
"model": "communications eagle application processor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1.0"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "perl",
"scope": "eq",
"trust": 0.8,
"vendor": "the perl",
"version": "5.30.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006177"
},
{
"db": "NVD",
"id": "CVE-2020-10543"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:perl:perl",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006177"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162021"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "161255"
},
{
"db": "PACKETSTORM",
"id": "161843"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-145"
}
],
"trust": 1.1
},
"cve": "CVE-2020-10543",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-10543",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006177",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-163032",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-10543",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.2,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006177",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-10543",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006177",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-145",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-163032",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-10543",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163032"
},
{
"db": "VULMON",
"id": "CVE-2020-10543"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006177"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-145"
},
{
"db": "NVD",
"id": "CVE-2020-10543"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. Perl Is vulnerable to out-of-bounds writes.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. An attacker could exploit this vulnerability to cause a denial of service. 7.7) - ppc64, ppc64le, s390x, x86_64\n\n3. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.4 General\nAvailability\nrelease images, which fix several bugs and security issues. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.4 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability\nengineers face as they work across a range of public and private cloud\nenvironments. \nClusters and applications are all visible and managed from a single\nconsole\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor\nthis release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* redisgraph-tls: redis: integer overflow when configurable limit for\nmaximum supported bulk input size is too big on 32-bit platforms\n(CVE-2021-21309)\n\n* console-header-container: nodejs-netmask: improper input validation of\noctal input data (CVE-2021-28092)\n\n* console-container: nodejs-is-svg: ReDoS via malicious string\n(CVE-2021-28918)\n\nBug fixes: \n\n* RHACM 2.2.4 images (BZ# 1957254)\n\n* Enabling observability for OpenShift Container Storage with RHACM 2.2 on\nOCP 4.7 (BZ#1950832)\n\n* ACM Operator should support using the default route TLS (BZ# 1955270)\n\n* The scrolling bar for search filter does not work properly (BZ# 1956852)\n\n* Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)\n\n* The proxy setup in install-config.yaml is not worked when IPI installing\nwith RHACM (BZ# 1960181)\n\n* Unable to make SSH connection to a Bitbucket server (BZ# 1966513)\n\n* Observability Thanos store shard crashing - cannot unmarshall DNS message\n(BZ# 1967890)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7\n1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory\n1954506 - [DDF] Table does not contain data about 20 clusters. Now it\u0027s difficult to estimate CPU usage with larger clusters\n1954535 - Reinstall Submariner - No endpoints found on one cluster\n1955270 - ACM Operator should support using the default route TLS\n1956852 - The scrolling bar for search filter does not work properly\n1957254 - RHACM 2.2.4 images\n1959426 - Limits on Length of MultiClusterObservability Resource Name\n1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. \n1963128 - [DDF] Please rename this to \"Amazon Elastic Kubernetes Service\"\n1966513 - Unable to make SSH connection to a Bitbucket server\n1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. \n1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message\n\n5. Description:\n\nSecurity Fix(es):\n\n* Addressed a security issue which can allow a malicious playbook author to\nelevate to the awx user from outside the isolated environment:\nCVE-2021-20253\n* Upgraded to a more recent version of autobahn to address CVE-2020-35678. \n* Upgraded to a more recent version of nginx to address CVE-2019-20372. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Fixed a bug which can intermittently cause access to encrypted Tower\nsettings to fail, resulting in failed job launches. \n* Improved analytics collection to collect the playbook status for all\nhosts in a playbook run\n\n3. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page\n1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection\n1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: perl security update\nAdvisory ID: RHSA-2021:0343-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0343\nIssue date: 2021-02-02\nCVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723\n====================================================================\n1. Summary:\n\nAn update for perl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nPerl is a high-level programming language that is commonly used for system\nadministration utilities and web programming. \n\nSecurity Fix(es):\n\n* perl: heap-based buffer overflow in regular expression compiler leads to\nDoS (CVE-2020-10543)\n\n* perl: corruption of intermediate language state of compiled regular\nexpression due to integer overflow leads to DoS (CVE-2020-10878)\n\n* perl: corruption of intermediate language state of compiled regular\nexpression due to recursive S_study_chunk() calls leads to DoS\n(CVE-2020-12723)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nppc64:\nperl-5.16.3-299.el7_9.ppc64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.ppc64.rpm\nperl-core-5.16.3-299.el7_9.ppc64.rpm\nperl-debuginfo-5.16.3-299.el7_9.ppc.rpm\nperl-debuginfo-5.16.3-299.el7_9.ppc64.rpm\nperl-devel-5.16.3-299.el7_9.ppc.rpm\nperl-devel-5.16.3-299.el7_9.ppc64.rpm\nperl-libs-5.16.3-299.el7_9.ppc.rpm\nperl-libs-5.16.3-299.el7_9.ppc64.rpm\nperl-macros-5.16.3-299.el7_9.ppc64.rpm\n\nppc64le:\nperl-5.16.3-299.el7_9.ppc64le.rpm\nperl-Time-Piece-1.20.1-299.el7_9.ppc64le.rpm\nperl-core-5.16.3-299.el7_9.ppc64le.rpm\nperl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm\nperl-devel-5.16.3-299.el7_9.ppc64le.rpm\nperl-libs-5.16.3-299.el7_9.ppc64le.rpm\nperl-macros-5.16.3-299.el7_9.ppc64le.rpm\n\ns390x:\nperl-5.16.3-299.el7_9.s390x.rpm\nperl-Time-Piece-1.20.1-299.el7_9.s390x.rpm\nperl-core-5.16.3-299.el7_9.s390x.rpm\nperl-debuginfo-5.16.3-299.el7_9.s390.rpm\nperl-debuginfo-5.16.3-299.el7_9.s390x.rpm\nperl-devel-5.16.3-299.el7_9.s390.rpm\nperl-devel-5.16.3-299.el7_9.s390x.rpm\nperl-libs-5.16.3-299.el7_9.s390.rpm\nperl-libs-5.16.3-299.el7_9.s390x.rpm\nperl-macros-5.16.3-299.el7_9.s390x.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nperl-debuginfo-5.16.3-299.el7_9.ppc64.rpm\nperl-tests-5.16.3-299.el7_9.ppc64.rpm\n\nppc64le:\nperl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm\nperl-tests-5.16.3-299.el7_9.ppc64le.rpm\n\ns390x:\nperl-debuginfo-5.16.3-299.el7_9.s390x.rpm\nperl-tests-5.16.3-299.el7_9.s390x.rpm\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-10543\nhttps://access.redhat.com/security/cve/CVE-2020-10878\nhttps://access.redhat.com/security/cve/CVE-2020-12723\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYBlBRdzjgjWX9erEAQgfWQ/+Pzq//upZZVPBq5+myRLRJCef7277Y+9k\n54oh8wOTwtwEMs9ye5Y1FDmAxVd4fWX3JgAss1KE86Hhm5OoCX/FJ0/RGguMR1l2\nqwmWtfGuZjrn1SmjdHlf8B/bC0f20IadUUbY/8clpFiMxe5V1g8s9ZgbHv/MBWnm\nAwac/6LPc7Eb24OnIuTKLYEcQRxuBG1KdikM1NN1uJU5WHkbhZfKWFMnjKihsPGp\n42vnomd0P7RdXNc4FbuNlkm2iw04woJyz1AYPdScswWJqawQSbre6+3wpnHlWs4K\nRerhKZiJLJsC0XmSpma62I4kYbVlniYPcbrF4Zfo1j1vIIvjmOL26B/3JsUVtwfm\nAKVuAu8DbNIkdSo2CS2gauLWsykukprPx16X8n8Xlb9Kr9iL/r2/sI/jUGce+50S\naoe2Hb40VIX6sHPLiEmWP0ufuoDxJZ2mY9mhqAMGt/xCPrZ/Pst0y4hewJVo2AIf\n/LG758/KJWYBx2ILfBwA07O829irVDnbw5blT47fS3qiqAzXRTp56xkCCnLQ0BGQ\nIp3DFIwNVxznKYOgubXJBGl3xYHI+P/bu8tcCAYMaN4hAHdFrqJbPMNLLGf37L73\nN83csDc07k/WsKua5atl3suUuYRWxSq6CnV9KNU4aUaKEmu+de+D2k34vn2+le0S\nHB63T1smQXA=Oj1P\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-4602-1\nOctober 26, 2020\n\nperl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Perl. \n\nSoftware Description:\n- perl: Practical Extraction and Report Language\n\nDetails:\n\nManhND discovered that Perl incorrectly handled certain regular\nexpressions. In environments where untrusted regular expressions are\nevaluated, a remote attacker could possibly use this issue to cause Perl to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2020-10543)\n\nHugo van der Sanden and Slaven Rezic discovered that Perl incorrectly\nhandled certain regular expressions. In environments where untrusted\nregular expressions are evaluated, a remote attacker could possibly use\nthis issue to cause Perl to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2020-10878)\n\nSergey Aleynikov discovered that Perl incorrectly handled certain regular\nexpressions. In environments where untrusted regular expressions are\nevaluated, a remote attacker could possibly use this issue to cause Perl to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2020-12723)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\n perl 5.30.0-9ubuntu0.2\n\nUbuntu 18.04 LTS:\n perl 5.26.1-6ubuntu0.5\n\nUbuntu 16.04 LTS:\n perl 5.22.1-9ubuntu0.9\n\nIn general, a standard system update will make all the necessary changes. 7) - aarch64, ppc64le, s390x\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10543"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006177"
},
{
"db": "VULHUB",
"id": "VHN-163032"
},
{
"db": "VULMON",
"id": "CVE-2020-10543"
},
{
"db": "PACKETSTORM",
"id": "162021"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "161255"
},
{
"db": "PACKETSTORM",
"id": "159707"
},
{
"db": "PACKETSTORM",
"id": "161843"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10543",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "162021",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159707",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161255",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163188",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161843",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006177",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159726",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162650",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162877",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158058",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161728",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162837",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161656",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162245",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202006-145",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021042131",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052031",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072136",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092220",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072268",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163586",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1338",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2604",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2781",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0925",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1725",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0371",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1096",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2180",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0845",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1820",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1866",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2469",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161726",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161727",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-37944",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163032",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-10543",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163032"
},
{
"db": "VULMON",
"id": "CVE-2020-10543"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006177"
},
{
"db": "PACKETSTORM",
"id": "162021"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "161255"
},
{
"db": "PACKETSTORM",
"id": "159707"
},
{
"db": "PACKETSTORM",
"id": "161843"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-145"
},
{
"db": "NVD",
"id": "CVE-2020-10543"
}
]
},
"id": "VAR-202006-1838",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163032"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T22:13:49.767000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2020-fd73c08076",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"title": "regcomp.c: Prevent integer overflow from nested regex quantifiers.",
"trust": 0.8,
"url": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed"
},
{
"title": "perl5/pod/perl5303delta.pod",
"trust": 0.8,
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"title": "Comparing changes",
"trust": 0.8,
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"title": "Perl Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122040"
},
{
"title": "Red Hat: Moderate: perl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210343 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: perl: regexp security issues: CVE-2020-10543, CVE-2020-10878, CVE-2020-12723",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=babe2a0596ddd17a5ad75cd3c30c45ff"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1610",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1610"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.1.3 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210607 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: Cloud Pak for Security contains security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=08f19f0be4d5dcf7486e5abcdb671477"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "visualGambasDelta",
"trust": 0.1,
"url": "https://github.com/D5n9sMatrix/visualGambasDelta "
},
{
"title": "perl5283delta",
"trust": 0.1,
"url": "https://github.com/D5n9sMatrix/perl5283delta "
},
{
"title": "editorGambasDelta",
"trust": 0.1,
"url": "https://github.com/D5n9sMatrix/editorGambasDelta "
},
{
"title": "EditorGambasDelta",
"trust": 0.1,
"url": "https://github.com/D5n9sMatrix/EditorGambasDelta "
},
{
"title": "CICD_CloudBuild_01",
"trust": 0.1,
"url": "https://github.com/pbavinck/CICD_CloudBuild_01 "
},
{
"title": "gcr-kritis-signer",
"trust": 0.1,
"url": "https://github.com/binxio/gcr-kritis-signer "
},
{
"title": "gcp-kritis-signer",
"trust": 0.1,
"url": "https://github.com/binxio/gcp-kritis-signer "
},
{
"title": "litecoin-automation",
"trust": 0.1,
"url": "https://github.com/gzukel/litecoin-automation "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/D5n9sMatrix/perltoc "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
},
{
"title": "snykout",
"trust": 0.1,
"url": "https://github.com/garethr/snykout "
},
{
"title": "myapp-container-jaxrs",
"trust": 0.1,
"url": "https://github.com/akiraabe/myapp-container-jaxrs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10543"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006177"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-145"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.9
},
{
"problemtype": "CWE-190",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163032"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006177"
},
{
"db": "NVD",
"id": "CVE-2020-10543"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
},
{
"trust": 1.7,
"url": "https://github.com/perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"trust": 1.7,
"url": "https://github.com/perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"trust": 1.7,
"url": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10543"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162650/red-hat-security-advisory-2021-1678-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161255/red-hat-security-advisory-2021-0343-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-contains-security-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1866"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1820"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072268"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1725"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052031"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0371/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2781"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1096"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042131"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2180"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161656/red-hat-security-advisory-2021-0719-01.html"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-perl-affect-aix-cve-2020-10543-cve-2020-10878-and-cve-2020-12723/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163188/red-hat-security-advisory-2021-2461-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161728/red-hat-security-advisory-2021-0780-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0925"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158058/gentoo-linux-security-advisory-202006-03.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161843/red-hat-security-advisory-2021-0883-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159707/ubuntu-security-notice-usn-4602-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1338"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092220"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072136"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2469"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162021/red-hat-security-advisory-2021-1032-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162245/red-hat-security-advisory-2021-1266-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0845"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2604"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0791"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162837/red-hat-security-advisory-2021-2136-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162877/red-hat-security-advisory-2021-2121-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163586/red-hat-security-advisory-2021-2792-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159726/ubuntu-security-notice-usn-4602-2.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/perl-core-buffer-overflow-via-nested-regular-expression-quantifiers-32365"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10878"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10543"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-12723"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21639"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28165"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28092"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25037"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24977"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28163"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25034"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25035"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25038"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21309"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3501"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25042"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25648"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25036"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27170"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25215"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25692"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2433"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25039"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2461"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35678"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20253"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20178"
},
{
"trust": 0.1,
"url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20191"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20253"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35678"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20180"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20178"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0343"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.30.0-9ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.9"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4602-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.26.1-6ubuntu0.5"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0883"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163032"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006177"
},
{
"db": "PACKETSTORM",
"id": "162021"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "161255"
},
{
"db": "PACKETSTORM",
"id": "159707"
},
{
"db": "PACKETSTORM",
"id": "161843"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-145"
},
{
"db": "NVD",
"id": "CVE-2020-10543"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-163032"
},
{
"db": "VULMON",
"id": "CVE-2020-10543"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006177"
},
{
"db": "PACKETSTORM",
"id": "162021"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "161255"
},
{
"db": "PACKETSTORM",
"id": "159707"
},
{
"db": "PACKETSTORM",
"id": "161843"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-145"
},
{
"db": "NVD",
"id": "CVE-2020-10543"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-05T00:00:00",
"db": "VULHUB",
"id": "VHN-163032"
},
{
"date": "2020-06-05T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10543"
},
{
"date": "2020-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006177"
},
{
"date": "2021-03-30T14:26:55",
"db": "PACKETSTORM",
"id": "162021"
},
{
"date": "2021-06-17T17:53:22",
"db": "PACKETSTORM",
"id": "163188"
},
{
"date": "2021-03-09T16:23:27",
"db": "PACKETSTORM",
"id": "161726"
},
{
"date": "2021-02-02T16:12:23",
"db": "PACKETSTORM",
"id": "161255"
},
{
"date": "2020-10-26T16:43:39",
"db": "PACKETSTORM",
"id": "159707"
},
{
"date": "2021-03-17T14:36:02",
"db": "PACKETSTORM",
"id": "161843"
},
{
"date": "2020-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-145"
},
{
"date": "2020-06-05T14:15:10.467000",
"db": "NVD",
"id": "CVE-2020-10543"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-163032"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10543"
},
{
"date": "2020-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006177"
},
{
"date": "2022-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-145"
},
{
"date": "2024-11-21T04:55:32.927000",
"db": "NVD",
"id": "CVE-2020-10543"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "159707"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-145"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Perl Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006177"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-145"
}
],
"trust": 0.6
}
}
var-202109-1802
Vulnerability from variot
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the REST service, which listens on TCP port 443 by default. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. The server is fast, reliable and extensible through a simple API. The vulnerability stems from the mod_proxy module failing to properly validate user input. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: httpd security update Advisory ID: RHSA-2021:3856-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3856 Issue date: 2021-10-14 CVE Names: CVE-2021-40438 =====================================================================
- Summary:
An update for httpd is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.3) - noarch, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.7) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.7) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux Server TUS (v. 7.7) - noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Security Fix(es):
- httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" (CVE-2021-40438)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
2005117 - CVE-2021-40438 httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:"
- Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source: httpd-2.4.6-97.el7_9.1.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.1.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.1.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm httpd-devel-2.4.6-97.el7_9.1.x86_64.rpm httpd-tools-2.4.6-97.el7_9.1.x86_64.rpm mod_ldap-2.4.6-97.el7_9.1.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm mod_session-2.4.6-97.el7_9.1.x86_64.rpm mod_ssl-2.4.6-97.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: httpd-2.4.6-97.el7_9.1.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.1.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.1.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm httpd-devel-2.4.6-97.el7_9.1.x86_64.rpm httpd-tools-2.4.6-97.el7_9.1.x86_64.rpm mod_ldap-2.4.6-97.el7_9.1.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm mod_session-2.4.6-97.el7_9.1.x86_64.rpm mod_ssl-2.4.6-97.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 7.2):
Source: httpd-2.4.6-40.el7_2.7.src.rpm
noarch: httpd-manual-2.4.6-40.el7_2.7.noarch.rpm
x86_64: httpd-2.4.6-40.el7_2.7.x86_64.rpm httpd-debuginfo-2.4.6-40.el7_2.7.x86_64.rpm httpd-devel-2.4.6-40.el7_2.7.x86_64.rpm httpd-tools-2.4.6-40.el7_2.7.x86_64.rpm mod_ssl-2.4.6-40.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 7.3):
Source: httpd-2.4.6-45.el7_3.6.src.rpm
noarch: httpd-manual-2.4.6-45.el7_3.6.noarch.rpm
x86_64: httpd-2.4.6-45.el7_3.6.x86_64.rpm httpd-debuginfo-2.4.6-45.el7_3.6.x86_64.rpm httpd-devel-2.4.6-45.el7_3.6.x86_64.rpm httpd-tools-2.4.6-45.el7_3.6.x86_64.rpm mod_ssl-2.4.6-45.el7_3.6.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 7.4):
Source: httpd-2.4.6-67.el7_4.7.src.rpm
noarch: httpd-manual-2.4.6-67.el7_4.7.noarch.rpm
x86_64: httpd-2.4.6-67.el7_4.7.x86_64.rpm httpd-debuginfo-2.4.6-67.el7_4.7.x86_64.rpm httpd-devel-2.4.6-67.el7_4.7.x86_64.rpm httpd-tools-2.4.6-67.el7_4.7.x86_64.rpm mod_session-2.4.6-67.el7_4.7.x86_64.rpm mod_ssl-2.4.6-67.el7_4.7.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 7.6):
Source: httpd-2.4.6-89.el7_6.2.src.rpm
noarch: httpd-manual-2.4.6-89.el7_6.2.noarch.rpm
x86_64: httpd-2.4.6-89.el7_6.2.x86_64.rpm httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm httpd-devel-2.4.6-89.el7_6.2.x86_64.rpm httpd-tools-2.4.6-89.el7_6.2.x86_64.rpm mod_session-2.4.6-89.el7_6.2.x86_64.rpm mod_ssl-2.4.6-89.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.6):
Source: httpd-2.4.6-89.el7_6.2.src.rpm
noarch: httpd-manual-2.4.6-89.el7_6.2.noarch.rpm
ppc64le: httpd-2.4.6-89.el7_6.2.ppc64le.rpm httpd-debuginfo-2.4.6-89.el7_6.2.ppc64le.rpm httpd-devel-2.4.6-89.el7_6.2.ppc64le.rpm httpd-tools-2.4.6-89.el7_6.2.ppc64le.rpm mod_session-2.4.6-89.el7_6.2.ppc64le.rpm mod_ssl-2.4.6-89.el7_6.2.ppc64le.rpm
x86_64: httpd-2.4.6-89.el7_6.2.x86_64.rpm httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm httpd-devel-2.4.6-89.el7_6.2.x86_64.rpm httpd-tools-2.4.6-89.el7_6.2.x86_64.rpm mod_session-2.4.6-89.el7_6.2.x86_64.rpm mod_ssl-2.4.6-89.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.6):
Source: httpd-2.4.6-89.el7_6.2.src.rpm
noarch: httpd-manual-2.4.6-89.el7_6.2.noarch.rpm
x86_64: httpd-2.4.6-89.el7_6.2.x86_64.rpm httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm httpd-devel-2.4.6-89.el7_6.2.x86_64.rpm httpd-tools-2.4.6-89.el7_6.2.x86_64.rpm mod_session-2.4.6-89.el7_6.2.x86_64.rpm mod_ssl-2.4.6-89.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 7.7):
Source: httpd-2.4.6-90.el7_7.1.src.rpm
noarch: httpd-manual-2.4.6-90.el7_7.1.noarch.rpm
x86_64: httpd-2.4.6-90.el7_7.1.x86_64.rpm httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm httpd-devel-2.4.6-90.el7_7.1.x86_64.rpm httpd-tools-2.4.6-90.el7_7.1.x86_64.rpm mod_session-2.4.6-90.el7_7.1.x86_64.rpm mod_ssl-2.4.6-90.el7_7.1.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.7):
Source: httpd-2.4.6-90.el7_7.1.src.rpm
noarch: httpd-manual-2.4.6-90.el7_7.1.noarch.rpm
ppc64le: httpd-2.4.6-90.el7_7.1.ppc64le.rpm httpd-debuginfo-2.4.6-90.el7_7.1.ppc64le.rpm httpd-devel-2.4.6-90.el7_7.1.ppc64le.rpm httpd-tools-2.4.6-90.el7_7.1.ppc64le.rpm mod_session-2.4.6-90.el7_7.1.ppc64le.rpm mod_ssl-2.4.6-90.el7_7.1.ppc64le.rpm
x86_64: httpd-2.4.6-90.el7_7.1.x86_64.rpm httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm httpd-devel-2.4.6-90.el7_7.1.x86_64.rpm httpd-tools-2.4.6-90.el7_7.1.x86_64.rpm mod_session-2.4.6-90.el7_7.1.x86_64.rpm mod_ssl-2.4.6-90.el7_7.1.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.7):
Source: httpd-2.4.6-90.el7_7.1.src.rpm
noarch: httpd-manual-2.4.6-90.el7_7.1.noarch.rpm
x86_64: httpd-2.4.6-90.el7_7.1.x86_64.rpm httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm httpd-devel-2.4.6-90.el7_7.1.x86_64.rpm httpd-tools-2.4.6-90.el7_7.1.x86_64.rpm mod_session-2.4.6-90.el7_7.1.x86_64.rpm mod_ssl-2.4.6-90.el7_7.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: httpd-2.4.6-97.el7_9.1.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.1.noarch.rpm
ppc64: httpd-2.4.6-97.el7_9.1.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.ppc64.rpm httpd-devel-2.4.6-97.el7_9.1.ppc64.rpm httpd-tools-2.4.6-97.el7_9.1.ppc64.rpm mod_session-2.4.6-97.el7_9.1.ppc64.rpm mod_ssl-2.4.6-97.el7_9.1.ppc64.rpm
ppc64le: httpd-2.4.6-97.el7_9.1.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.1.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.1.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.1.ppc64le.rpm mod_session-2.4.6-97.el7_9.1.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.1.ppc64le.rpm
s390x: httpd-2.4.6-97.el7_9.1.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.1.s390x.rpm httpd-devel-2.4.6-97.el7_9.1.s390x.rpm httpd-tools-2.4.6-97.el7_9.1.s390x.rpm mod_session-2.4.6-97.el7_9.1.s390x.rpm mod_ssl-2.4.6-97.el7_9.1.s390x.rpm
x86_64: httpd-2.4.6-97.el7_9.1.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm httpd-devel-2.4.6-97.el7_9.1.x86_64.rpm httpd-tools-2.4.6-97.el7_9.1.x86_64.rpm mod_session-2.4.6-97.el7_9.1.x86_64.rpm mod_ssl-2.4.6-97.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.2):
x86_64: httpd-debuginfo-2.4.6-40.el7_2.7.x86_64.rpm mod_ldap-2.4.6-40.el7_2.7.x86_64.rpm mod_proxy_html-2.4.6-40.el7_2.7.x86_64.rpm mod_session-2.4.6-40.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.3):
x86_64: httpd-debuginfo-2.4.6-45.el7_3.6.x86_64.rpm mod_ldap-2.4.6-45.el7_3.6.x86_64.rpm mod_proxy_html-2.4.6-45.el7_3.6.x86_64.rpm mod_session-2.4.6-45.el7_3.6.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.4):
x86_64: httpd-debuginfo-2.4.6-67.el7_4.7.x86_64.rpm mod_ldap-2.4.6-67.el7_4.7.x86_64.rpm mod_proxy_html-2.4.6-67.el7_4.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.6):
x86_64: httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm mod_ldap-2.4.6-89.el7_6.2.x86_64.rpm mod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional E4S (v. 7.6):
ppc64le: httpd-debuginfo-2.4.6-89.el7_6.2.ppc64le.rpm mod_ldap-2.4.6-89.el7_6.2.ppc64le.rpm mod_proxy_html-2.4.6-89.el7_6.2.ppc64le.rpm
x86_64: httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm mod_ldap-2.4.6-89.el7_6.2.x86_64.rpm mod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 7.6):
x86_64: httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm mod_ldap-2.4.6-89.el7_6.2.x86_64.rpm mod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.7):
x86_64: httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm mod_ldap-2.4.6-90.el7_7.1.x86_64.rpm mod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional E4S (v. 7.6):
ppc64le: httpd-debuginfo-2.4.6-90.el7_7.1.ppc64le.rpm mod_ldap-2.4.6-90.el7_7.1.ppc64le.rpm mod_proxy_html-2.4.6-90.el7_7.1.ppc64le.rpm
x86_64: httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm mod_ldap-2.4.6-90.el7_7.1.x86_64.rpm mod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 7.7):
x86_64: httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm mod_ldap-2.4.6-90.el7_7.1.x86_64.rpm mod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: httpd-debuginfo-2.4.6-97.el7_9.1.ppc64.rpm mod_ldap-2.4.6-97.el7_9.1.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.1.ppc64.rpm
ppc64le: httpd-debuginfo-2.4.6-97.el7_9.1.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.1.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.1.ppc64le.rpm
s390x: httpd-debuginfo-2.4.6-97.el7_9.1.s390x.rpm mod_ldap-2.4.6-97.el7_9.1.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.1.s390x.rpm
x86_64: httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm mod_ldap-2.4.6-97.el7_9.1.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: httpd-2.4.6-97.el7_9.1.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.1.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.1.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm httpd-devel-2.4.6-97.el7_9.1.x86_64.rpm httpd-tools-2.4.6-97.el7_9.1.x86_64.rpm mod_session-2.4.6-97.el7_9.1.x86_64.rpm mod_ssl-2.4.6-97.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm mod_ldap-2.4.6-97.el7_9.1.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-40438 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYWfxl9zjgjWX9erEAQiHUQ//augswljuYjRC9IwK5XgDLjrigqEshGaa v5C3gfY1a4SwE/x0FQCawiBmh+8VMv5as3c0eeU5C6QB/05BSBycgboIZG3H6HdF sNOxNzkcG6WmooNZNJ0/c/ykvkn0tRq812yzDTxr2IB3+LxH5cYaw9wQnt62l3yF gjtWedH9xntGpqrVK17NVe/o9Jg4tL0CEPDk+NrbXeSgwnAnLKsLjpwQT72+GVJx ZLC9DYkFguzQN+wckKPRfxGtce0GtuXHkpEShCnH32RPrNyImFMn/Nc8IyOmTadT jCd07H2MNH6+Txxt6dh2aI+SI5JwdeGRNP7IXs86H+KPNZhphS/BqFt3qHGTsw4l 3f6jGfywbWfNdLw+s0qHaWvJ2ZgTw7O1QPncfozKn8cU3Rw9OunN+r2yVTcU3KW9 0ZGHpej56UhthE1qqS5vQjUPQ6SQgC1QHGDNgYkZk0mqIL3Vkv6gEqIF8TH4ezxZ LhZcY3N6HI5LC7568idurO0uLTdjPZq8+xMmDDAXA4QvIxOsOk6x4Rf1dzCtDpGo QSzxx6a6uYXF7EWIlkaR/qY5zcyk4i8aJN8yzrxu6oNulVSIsSuMnb00SIOk8cX7 lUt5V1/RhnWSRytHE5Tz68PyfNyqgJwFDg8D/p0nxZE1Q3tXmgtLwPOY0l2zkkjB 95kGnxWCYaA= =gPcK -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. Refer to the Release Notes for information on the security fix included in this release. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update. ========================================================================== Ubuntu Security Notice USN-5090-4 September 28, 2021
apache2 regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
USN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.
Original advisory details:
James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. (CVE-2021-34798)
Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275)
It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. (CVE-2021-40438)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm3 apache2-bin 2.4.18-2ubuntu3.17+esm3
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1802",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sinema remote connect server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "f5os",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.2.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ruggedcom nms",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "brocade fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "sinema remote connect server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.48"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "f5os",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.4"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "tenable.sc",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.19.1"
},
{
"model": "f5os",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.2.1"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "f5os",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.0"
},
{
"model": "sinec nms",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "hitachi infrastructure analytics advisor",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "clustered data ontap",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "hitachi ops center api configuration manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "http server",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "f5os",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"model": "storagegrid",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "hitachi configuration manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi device manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi ops center analyzer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "oneview",
"scope": null,
"trust": 0.7,
"vendor": "hewlett packard",
"version": null
},
{
"model": "http server",
"scope": "lte",
"trust": 0.6,
"vendor": "apache",
"version": "\u003c=2.4.48"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004150"
},
{
"db": "NVD",
"id": "CVE-2021-40438"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-812"
}
],
"trust": 0.7
},
"cve": "CVE-2021-40438",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-40438",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2022-03224",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-401786",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2021-40438",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.0,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-40438",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-40438",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-40438",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-40438",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2021-40438",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-03224",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-1094",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-401786",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-40438",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "VULHUB",
"id": "VHN-401786"
},
{
"db": "VULMON",
"id": "CVE-2021-40438"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004150"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1094"
},
{
"db": "NVD",
"id": "CVE-2021-40438"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the REST service, which listens on TCP port 443 by default. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. The server is fast, reliable and extensible through a simple API. The vulnerability stems from the mod_proxy module failing to properly validate user input. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: httpd security update\nAdvisory ID: RHSA-2021:3856-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:3856\nIssue date: 2021-10-14\nCVE Names: CVE-2021-40438 \n=====================================================================\n\n1. Summary:\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7, Red\nHat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux\n7.3 Advanced Update Support, Red Hat Enterprise Linux 7.4 Advanced Update\nSupport, Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat\nEnterprise Linux 7.6 Telco Extended Update Support, Red Hat Enterprise\nLinux 7.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 7.7\nAdvanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update\nSupport, and Red Hat Enterprise Linux 7.7 Update Services for SAP\nSolutions. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64\nRed Hat Enterprise Linux Server AUS (v. 7.3) - noarch, x86_64\nRed Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64\nRed Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64\nRed Hat Enterprise Linux Server AUS (v. 7.7) - noarch, x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.7) - noarch, ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.3) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.7) - x86_64\nRed Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.7) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. \n\nSecurity Fix(es):\n\n* httpd: mod_proxy: SSRF via a crafted request uri-path containing \"unix:\"\n(CVE-2021-40438)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2005117 - CVE-2021-40438 httpd: mod_proxy: SSRF via a crafted request uri-path containing \"unix:\"\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.1.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.1.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm\nmod_session-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.1.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.1.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm\nmod_session-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 7.2):\n\nSource:\nhttpd-2.4.6-40.el7_2.7.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-40.el7_2.7.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-40.el7_2.7.x86_64.rpm\nhttpd-debuginfo-2.4.6-40.el7_2.7.x86_64.rpm\nhttpd-devel-2.4.6-40.el7_2.7.x86_64.rpm\nhttpd-tools-2.4.6-40.el7_2.7.x86_64.rpm\nmod_ssl-2.4.6-40.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 7.3):\n\nSource:\nhttpd-2.4.6-45.el7_3.6.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-45.el7_3.6.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-45.el7_3.6.x86_64.rpm\nhttpd-debuginfo-2.4.6-45.el7_3.6.x86_64.rpm\nhttpd-devel-2.4.6-45.el7_3.6.x86_64.rpm\nhttpd-tools-2.4.6-45.el7_3.6.x86_64.rpm\nmod_ssl-2.4.6-45.el7_3.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 7.4):\n\nSource:\nhttpd-2.4.6-67.el7_4.7.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-67.el7_4.7.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-67.el7_4.7.x86_64.rpm\nhttpd-debuginfo-2.4.6-67.el7_4.7.x86_64.rpm\nhttpd-devel-2.4.6-67.el7_4.7.x86_64.rpm\nhttpd-tools-2.4.6-67.el7_4.7.x86_64.rpm\nmod_session-2.4.6-67.el7_4.7.x86_64.rpm\nmod_ssl-2.4.6-67.el7_4.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 7.6):\n\nSource:\nhttpd-2.4.6-89.el7_6.2.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-89.el7_6.2.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-devel-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-tools-2.4.6-89.el7_6.2.x86_64.rpm\nmod_session-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ssl-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.6):\n\nSource:\nhttpd-2.4.6-89.el7_6.2.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-89.el7_6.2.noarch.rpm\n\nppc64le:\nhttpd-2.4.6-89.el7_6.2.ppc64le.rpm\nhttpd-debuginfo-2.4.6-89.el7_6.2.ppc64le.rpm\nhttpd-devel-2.4.6-89.el7_6.2.ppc64le.rpm\nhttpd-tools-2.4.6-89.el7_6.2.ppc64le.rpm\nmod_session-2.4.6-89.el7_6.2.ppc64le.rpm\nmod_ssl-2.4.6-89.el7_6.2.ppc64le.rpm\n\nx86_64:\nhttpd-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-devel-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-tools-2.4.6-89.el7_6.2.x86_64.rpm\nmod_session-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ssl-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.6):\n\nSource:\nhttpd-2.4.6-89.el7_6.2.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-89.el7_6.2.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-devel-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-tools-2.4.6-89.el7_6.2.x86_64.rpm\nmod_session-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ssl-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 7.7):\n\nSource:\nhttpd-2.4.6-90.el7_7.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-90.el7_7.1.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-devel-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-tools-2.4.6-90.el7_7.1.x86_64.rpm\nmod_session-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ssl-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.7):\n\nSource:\nhttpd-2.4.6-90.el7_7.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-90.el7_7.1.noarch.rpm\n\nppc64le:\nhttpd-2.4.6-90.el7_7.1.ppc64le.rpm\nhttpd-debuginfo-2.4.6-90.el7_7.1.ppc64le.rpm\nhttpd-devel-2.4.6-90.el7_7.1.ppc64le.rpm\nhttpd-tools-2.4.6-90.el7_7.1.ppc64le.rpm\nmod_session-2.4.6-90.el7_7.1.ppc64le.rpm\nmod_ssl-2.4.6-90.el7_7.1.ppc64le.rpm\n\nx86_64:\nhttpd-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-devel-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-tools-2.4.6-90.el7_7.1.x86_64.rpm\nmod_session-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ssl-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.7):\n\nSource:\nhttpd-2.4.6-90.el7_7.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-90.el7_7.1.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-devel-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-tools-2.4.6-90.el7_7.1.x86_64.rpm\nmod_session-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ssl-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.1.noarch.rpm\n\nppc64:\nhttpd-2.4.6-97.el7_9.1.ppc64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.ppc64.rpm\nhttpd-devel-2.4.6-97.el7_9.1.ppc64.rpm\nhttpd-tools-2.4.6-97.el7_9.1.ppc64.rpm\nmod_session-2.4.6-97.el7_9.1.ppc64.rpm\nmod_ssl-2.4.6-97.el7_9.1.ppc64.rpm\n\nppc64le:\nhttpd-2.4.6-97.el7_9.1.ppc64le.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.ppc64le.rpm\nhttpd-devel-2.4.6-97.el7_9.1.ppc64le.rpm\nhttpd-tools-2.4.6-97.el7_9.1.ppc64le.rpm\nmod_session-2.4.6-97.el7_9.1.ppc64le.rpm\nmod_ssl-2.4.6-97.el7_9.1.ppc64le.rpm\n\ns390x:\nhttpd-2.4.6-97.el7_9.1.s390x.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.s390x.rpm\nhttpd-devel-2.4.6-97.el7_9.1.s390x.rpm\nhttpd-tools-2.4.6-97.el7_9.1.s390x.rpm\nmod_session-2.4.6-97.el7_9.1.s390x.rpm\nmod_ssl-2.4.6-97.el7_9.1.s390x.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.1.x86_64.rpm\nmod_session-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.2):\n\nx86_64:\nhttpd-debuginfo-2.4.6-40.el7_2.7.x86_64.rpm\nmod_ldap-2.4.6-40.el7_2.7.x86_64.rpm\nmod_proxy_html-2.4.6-40.el7_2.7.x86_64.rpm\nmod_session-2.4.6-40.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.3):\n\nx86_64:\nhttpd-debuginfo-2.4.6-45.el7_3.6.x86_64.rpm\nmod_ldap-2.4.6-45.el7_3.6.x86_64.rpm\nmod_proxy_html-2.4.6-45.el7_3.6.x86_64.rpm\nmod_session-2.4.6-45.el7_3.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4):\n\nx86_64:\nhttpd-debuginfo-2.4.6-67.el7_4.7.x86_64.rpm\nmod_ldap-2.4.6-67.el7_4.7.x86_64.rpm\nmod_proxy_html-2.4.6-67.el7_4.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.6):\n\nx86_64:\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ldap-2.4.6-89.el7_6.2.x86_64.rpm\nmod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.6):\n\nppc64le:\nhttpd-debuginfo-2.4.6-89.el7_6.2.ppc64le.rpm\nmod_ldap-2.4.6-89.el7_6.2.ppc64le.rpm\nmod_proxy_html-2.4.6-89.el7_6.2.ppc64le.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ldap-2.4.6-89.el7_6.2.x86_64.rpm\nmod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 7.6):\n\nx86_64:\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ldap-2.4.6-89.el7_6.2.x86_64.rpm\nmod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.7):\n\nx86_64:\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ldap-2.4.6-90.el7_7.1.x86_64.rpm\nmod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.6):\n\nppc64le:\nhttpd-debuginfo-2.4.6-90.el7_7.1.ppc64le.rpm\nmod_ldap-2.4.6-90.el7_7.1.ppc64le.rpm\nmod_proxy_html-2.4.6-90.el7_7.1.ppc64le.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ldap-2.4.6-90.el7_7.1.x86_64.rpm\nmod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 7.7):\n\nx86_64:\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ldap-2.4.6-90.el7_7.1.x86_64.rpm\nmod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nhttpd-debuginfo-2.4.6-97.el7_9.1.ppc64.rpm\nmod_ldap-2.4.6-97.el7_9.1.ppc64.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.ppc64.rpm\n\nppc64le:\nhttpd-debuginfo-2.4.6-97.el7_9.1.ppc64le.rpm\nmod_ldap-2.4.6-97.el7_9.1.ppc64le.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.ppc64le.rpm\n\ns390x:\nhttpd-debuginfo-2.4.6-97.el7_9.1.s390x.rpm\nmod_ldap-2.4.6-97.el7_9.1.s390x.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.s390x.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.1.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.1.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.1.x86_64.rpm\nmod_session-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.1.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-40438\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYWfxl9zjgjWX9erEAQiHUQ//augswljuYjRC9IwK5XgDLjrigqEshGaa\nv5C3gfY1a4SwE/x0FQCawiBmh+8VMv5as3c0eeU5C6QB/05BSBycgboIZG3H6HdF\nsNOxNzkcG6WmooNZNJ0/c/ykvkn0tRq812yzDTxr2IB3+LxH5cYaw9wQnt62l3yF\ngjtWedH9xntGpqrVK17NVe/o9Jg4tL0CEPDk+NrbXeSgwnAnLKsLjpwQT72+GVJx\nZLC9DYkFguzQN+wckKPRfxGtce0GtuXHkpEShCnH32RPrNyImFMn/Nc8IyOmTadT\njCd07H2MNH6+Txxt6dh2aI+SI5JwdeGRNP7IXs86H+KPNZhphS/BqFt3qHGTsw4l\n3f6jGfywbWfNdLw+s0qHaWvJ2ZgTw7O1QPncfozKn8cU3Rw9OunN+r2yVTcU3KW9\n0ZGHpej56UhthE1qqS5vQjUPQ6SQgC1QHGDNgYkZk0mqIL3Vkv6gEqIF8TH4ezxZ\nLhZcY3N6HI5LC7568idurO0uLTdjPZq8+xMmDDAXA4QvIxOsOk6x4Rf1dzCtDpGo\nQSzxx6a6uYXF7EWIlkaR/qY5zcyk4i8aJN8yzrxu6oNulVSIsSuMnb00SIOk8cX7\nlUt5V1/RhnWSRytHE5Tz68PyfNyqgJwFDg8D/p0nxZE1Q3tXmgtLwPOY0l2zkkjB\n95kGnxWCYaA=\n=gPcK\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. Refer to the Release Notes for information on the security fix\nincluded in this release. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. ==========================================================================\nUbuntu Security Notice USN-5090-4\nSeptember 28, 2021\n\napache2 regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nUSN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream\nfixes introduced a regression in UDS URIs. This update fixes the problem. \n\nOriginal advisory details:\n\n James Kettle discovered that the Apache HTTP Server HTTP/2 module\n incorrectly handled certain crafted methods. A remote attacker could\n possibly use this issue to perform request splitting or cache poisoning\n attacks. \n (CVE-2021-34798)\n \n Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly\n handled certain request uri-paths. \n This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote\n attacker could use this issue to cause the server to crash, resulting in a\n denial of service, or possibly execute arbitrary code. (CVE-2021-39275)\n \n It was discovered that the Apache mod_proxy module incorrectly handled\n certain request uri-paths. \n (CVE-2021-40438)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n apache2 2.4.18-2ubuntu3.17+esm3\n apache2-bin 2.4.18-2ubuntu3.17+esm3\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-40438"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004150"
},
{
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "VULHUB",
"id": "VHN-401786"
},
{
"db": "VULMON",
"id": "CVE-2021-40438"
},
{
"db": "PACKETSTORM",
"id": "164513"
},
{
"db": "PACKETSTORM",
"id": "164493"
},
{
"db": "PACKETSTORM",
"id": "164505"
},
{
"db": "PACKETSTORM",
"id": "164448"
},
{
"db": "PACKETSTORM",
"id": "164443"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-40438",
"trust": 4.6
},
{
"db": "SIEMENS",
"id": "SSA-685781",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2021-17",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004150",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-22691",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-812",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-03224",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168072",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164513",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164505",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164448",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164329",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164460",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164318",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.7",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3591",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3229",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3250",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3482",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3429",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.5",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3784",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3387",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3341",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3524",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3373",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2978",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3366",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3357",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3148",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101005",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041953",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021091707",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021112904",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101340",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101922",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011836",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060811",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042112",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101906",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021102601",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092301",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101116",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021111732",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-167-06",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1094",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-401786",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-40438",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164493",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164443",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164305",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "VULHUB",
"id": "VHN-401786"
},
{
"db": "VULMON",
"id": "CVE-2021-40438"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004150"
},
{
"db": "PACKETSTORM",
"id": "164513"
},
{
"db": "PACKETSTORM",
"id": "164493"
},
{
"db": "PACKETSTORM",
"id": "164505"
},
{
"db": "PACKETSTORM",
"id": "164448"
},
{
"db": "PACKETSTORM",
"id": "164443"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1094"
},
{
"db": "NVD",
"id": "CVE-2021-40438"
}
]
},
"id": "VAR-202109-1802",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "VULHUB",
"id": "VHN-401786"
}
],
"trust": 1.3031922749999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03224"
}
]
},
"last_update_date": "2024-11-29T20:14:24.364000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2021-139",
"trust": 0.8,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"title": "Hewlett Packard Enterprise has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04586en_us\u0026docLocale=en_US"
},
{
"title": "Patch for Apache HTTP Server mod_proxy server request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/313356"
},
{
"title": "Apache HTTP Server Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178533"
},
{
"title": "Red Hat: CVE-2021-40438",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-40438"
},
{
"title": "Debian Security Advisories: DSA-4982-1 apache2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=93a29f7ecf9a6aaba79d3b3320aa4b85"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-40438 log"
},
{
"title": "Hitachi Security Advisories: Vulnerability in Hitachi Command Suite, Hitachi Ops Center API Configuration Manager\u00ef\u00bc\u0152Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-139"
},
{
"title": "Tenable Security Advisories: [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1: Patch 202110.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-17"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1543",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1543"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1716",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1716"
},
{
"title": "Cisco: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
},
{
"title": "CVE-2021-40438 exploit PoC with Docker setup",
"trust": 0.1,
"url": "https://github.com/sixpacksecurity/CVE-2021-40438 "
},
{
"title": "CVE-2021-40438",
"trust": 0.1,
"url": "https://github.com/gassara-kys/CVE-2021-40438 "
},
{
"title": "CVE-2021-40438",
"trust": 0.1,
"url": "https://github.com/Kashkovsky/CVE-2021-40438 "
},
{
"title": "scan_ssrf.sh",
"trust": 0.1,
"url": "https://github.com/vsh00t/BB-PoC "
},
{
"title": "CVE-2021-40438",
"trust": 0.1,
"url": "https://github.com/xiaojiangxl/CVE-2021-40438 "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "VULMON",
"id": "CVE-2021-40438"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004150"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1094"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-918",
"trust": 1.1
},
{
"problemtype": "Server-side request forgery (CWE-918) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-401786"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004150"
},
{
"db": "NVD",
"id": "CVE-2021-40438"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40438"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-17"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2021/dsa-4982"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
},
{
"trust": 1.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-2.4.49-vwl69swq"
},
{
"trust": 1.1,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2021-40438"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3cbugs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://support.hpe.com/hpesc/public/docdisplay?docid=hpesbgn04586en_us\u0026doclocale=en_us"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3cbugs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00@%3cusers."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers."
},
{
"trust": 0.6,
"url": "httpd-2.4.49-vwl69swq"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a@%3cusers."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers."
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers."
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164505/red-hat-security-advisory-2021-3836-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101906"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3229"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021112904"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3524"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041953"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528442"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021111732"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3429"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164448/red-hat-security-advisory-2021-3746-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3373"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3357"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3250"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3591"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021102601"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101116"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.7"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164318/ubuntu-security-notice-usn-5090-3.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520016"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-06"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2978"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164460/red-hat-security-advisory-2021-3754-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.3"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.2"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.5"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6493841"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042112"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060811"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092301"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3387"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3341"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101922"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164329/ubuntu-security-notice-usn-5090-4.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3148"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164513/red-hat-security-advisory-2021-3856-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3366"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3784"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011836"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101340"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021091707"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-http-server-four-vulnerabilities-36444"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3482"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101005"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5090-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3cbugs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3856"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3836"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3746"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3745"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.17"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/xxxxxx"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5090-4"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "VULHUB",
"id": "VHN-401786"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004150"
},
{
"db": "PACKETSTORM",
"id": "164513"
},
{
"db": "PACKETSTORM",
"id": "164493"
},
{
"db": "PACKETSTORM",
"id": "164505"
},
{
"db": "PACKETSTORM",
"id": "164448"
},
{
"db": "PACKETSTORM",
"id": "164443"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1094"
},
{
"db": "NVD",
"id": "CVE-2021-40438"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "VULHUB",
"id": "VHN-401786"
},
{
"db": "VULMON",
"id": "CVE-2021-40438"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004150"
},
{
"db": "PACKETSTORM",
"id": "164513"
},
{
"db": "PACKETSTORM",
"id": "164493"
},
{
"db": "PACKETSTORM",
"id": "164505"
},
{
"db": "PACKETSTORM",
"id": "164448"
},
{
"db": "PACKETSTORM",
"id": "164443"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1094"
},
{
"db": "NVD",
"id": "CVE-2021-40438"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-06-18T00:00:00",
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"date": "2022-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"date": "2021-09-16T00:00:00",
"db": "VULHUB",
"id": "VHN-401786"
},
{
"date": "2021-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2021-40438"
},
{
"date": "2021-11-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004150"
},
{
"date": "2021-10-14T15:26:45",
"db": "PACKETSTORM",
"id": "164513"
},
{
"date": "2021-10-13T14:52:48",
"db": "PACKETSTORM",
"id": "164493"
},
{
"date": "2021-10-13T15:23:01",
"db": "PACKETSTORM",
"id": "164505"
},
{
"date": "2021-10-08T15:22:49",
"db": "PACKETSTORM",
"id": "164448"
},
{
"date": "2021-10-08T15:12:22",
"db": "PACKETSTORM",
"id": "164443"
},
{
"date": "2021-09-28T15:06:35",
"db": "PACKETSTORM",
"id": "164305"
},
{
"date": "2021-09-29T14:50:01",
"db": "PACKETSTORM",
"id": "164329"
},
{
"date": "2021-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1094"
},
{
"date": "2021-09-16T15:15:07.633000",
"db": "NVD",
"id": "CVE-2021-40438"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"date": "2022-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"date": "2022-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-401786"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-40438"
},
{
"date": "2021-11-16T05:31:00",
"db": "JVNDB",
"id": "JVNDB-2021-004150"
},
{
"date": "2022-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1094"
},
{
"date": "2024-11-21T06:24:06.787000",
"db": "NVD",
"id": "CVE-2021-40438"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1094"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache\u00a0HTTP\u00a0Server\u00a0 Vulnerability in which a request is forwarded to a remote user\u0027s selected origin server in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004150"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1094"
}
],
"trust": 0.6
}
}
var-202202-0417
Vulnerability from variot
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. Unzip Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Info-ZIP UnZip is a set of Unix platform-based tools for decompressing ".zip" file format developed by Greg Roelofs in the United States. There is a buffer overflow vulnerability in unzip, which is caused by a segmentation fault in the process of converting utf-8 strings to local strings. Apple is aware of a report that this issue may have been actively exploited. This was addressed with improved input validation. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-05-16-2 macOS Monterey 12.4
macOS Monterey 12.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213257.
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26772: an anonymous researcher
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2022-26741: ABC Research s.r.o CVE-2022-26742: ABC Research s.r.o CVE-2022-26749: ABC Research s.r.o CVE-2022-26750: ABC Research s.r.o CVE-2022-26752: ABC Research s.r.o CVE-2022-26753: ABC Research s.r.o CVE-2022-26754: ABC Research s.r.o
apache Available for: macOS Monterey Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721
AppleGraphicsControl Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro
AVEVideoEncoder Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26736: an anonymous researcher CVE-2022-26737: an anonymous researcher CVE-2022-26738: an anonymous researcher CVE-2022-26739: an anonymous researcher CVE-2022-26740: an anonymous researcher
Contacts Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-26694: Wojciech Reguła (@_r3ggi) of SecuRing
CVMS Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori
DriverKit Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
ImageIO Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow issue was addressed with improved input validation. CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative
ImageIO Available for: macOS Monterey Impact: Photo location information may persist after it is removed with Preview Inspector Description: A logic issue was addressed with improved state management. CVE-2022-26725: Andrew Williams and Avi Drissman of Google
Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic)
Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative
Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc
IOKit Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
IOMobileFrameBuffer Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher
Kernel Available for: macOS Monterey Impact: An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26743: Jordy Zomer (@pwningsystems)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero
Kernel Available for: macOS Monterey Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A memory corruption issue was addressed with improved validation. CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: macOS Monterey Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with improved state handling. CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)
LaunchServices Available for: macOS Monterey Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e)
LaunchServices Available for: macOS Monterey Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with additional permissions checks. CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing
libresolv Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team CVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team
libresolv Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team
LibreSSL Available for: macOS Monterey Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778
libxml2 Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308
OpenSSL Available for: macOS Monterey Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778
PackageKit Available for: macOS Monterey Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed by removing the vulnerable code. CVE-2022-26712: Mickey Jin (@patch1t)
PackageKit Available for: macOS Monterey Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed with improved entitlements. CVE-2022-26727: Mickey Jin (@patch1t)
Preview Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-26693: Wojciech Reguła (@_r3ggi) of SecuRing
Printing Available for: macOS Monterey Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics
Safari Private Browsing Available for: macOS Monterey Impact: A malicious website may be able to track users in Safari private browsing mode Description: A logic issue was addressed with improved state management. CVE-2022-26731: an anonymous researcher
Security Available for: macOS Monterey Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
SMB Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB Available for: macOS Monterey Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26723: Felix Poulin-Belanger
SoftwareUpdate Available for: macOS Monterey Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t)
Spotlight Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. CVE-2022-26704: an anonymous researcher
TCC Available for: macOS Monterey Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher
Tcl Available for: macOS Monterey Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e)
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238178 CVE-2022-26700: ryuzaki
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 236950 CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 237475 CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 238171 CVE-2022-26717: Jeonghoon Shin of Theori
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238183 CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab WebKit Bugzilla: 238699 CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech
WebRTC Available for: macOS Monterey Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call Description: A logic issue in the handling of concurrent media was addressed with improved state handling. WebKit Bugzilla: 237524 CVE-2022-22677: an anonymous researcher
Wi-Fi Available for: macOS Monterey Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher
Wi-Fi Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval
Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26762: Wang Yu of Cyberserval
zip Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530
zlib Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy
zsh Available for: macOS Monterey Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444
Additional recognition
AppleMobileFileIntegrity We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
Bluetooth We would like to acknowledge Jann Horn of Project Zero for their assistance.
Calendar We would like to acknowledge Eugene Lim of Government Technology Agency of Singapore for their assistance.
FaceTime We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
FileVault We would like to acknowledge Benjamin Adolphi of Promon Germany GmbH for their assistance.
Login Window We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
Photo Booth We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
System Preferences We would like to acknowledge Mohammad Tausif Siddiqui (@toshsiddiqui), an anonymous researcher for their assistance.
WebKit We would like to acknowledge James Lee, an anonymous researcher for their assistance.
Wi-Fi We would like to acknowledge Dana Morrison for their assistance.
macOS Monterey 12.4 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p rhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg Ejpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI DyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma mH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+ rQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc 402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV J23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa 5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ opD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs Z5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f LHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4= =jaCZ -----END PGP SIGNATURE-----
.
For the stable distribution (bullseye), these problems have been fixed in version 6.0-26+deb11u1.
We recommend that you upgrade your unzip packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-17
https://security.gentoo.org/
Severity: High Title: UnZip: Multiple Vulnerabilities Date: October 30, 2023 Bugs: #831190 ID: 202310-17
Synopsis
Multiple vulnerabilities have been discovered in UnZip, the worst of which could lead to code execution.
Background
Info-ZIP’s UnZip is a tool to list and extract files inside PKZIP compressed files.
Affected packages
Package Vulnerable Unaffected
app-arch/unzip < 6.0_p27 >= 6.0_p27
Description
Multiple vulnerabilities have been discovered in UnZip. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All UnZip users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-arch/unzip-6.0_p27"
References
[ 1 ] CVE-2022-0529 https://nvd.nist.gov/vuln/detail/CVE-2022-0529 [ 2 ] CVE-2022-0530 https://nvd.nist.gov/vuln/detail/CVE-2022-0530
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202310-17
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0417",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "unzip",
"scope": "eq",
"trust": 1.0,
"vendor": "unzip",
"version": "6.0"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.4"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "unzip",
"scope": null,
"trust": 0.8,
"vendor": "unzip",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "red hat enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005348"
},
{
"db": "NVD",
"id": "CVE-2022-0530"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167186"
},
{
"db": "PACKETSTORM",
"id": "167189"
}
],
"trust": 0.3
},
"cve": "CVE-2022-0530",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0530",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-414417",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0530",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-0530",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0530",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-0530",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-866",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-414417",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0530",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414417"
},
{
"db": "VULMON",
"id": "CVE-2022-0530"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005348"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-866"
},
{
"db": "NVD",
"id": "CVE-2022-0530"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. Unzip Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Info-ZIP UnZip is a set of Unix platform-based tools for decompressing \".zip\" file format developed by Greg Roelofs in the United States. There is a buffer overflow vulnerability in unzip, which is caused by a segmentation fault in the process of converting utf-8 strings to local strings. Apple is aware of a report that this issue may\nhave been actively exploited. This was addressed with improved input\nvalidation. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-05-16-2 macOS Monterey 12.4\n\nmacOS Monterey 12.4 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213257. \n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26772: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2022-26741: ABC Research s.r.o\nCVE-2022-26742: ABC Research s.r.o\nCVE-2022-26749: ABC Research s.r.o\nCVE-2022-26750: ABC Research s.r.o\nCVE-2022-26752: ABC Research s.r.o\nCVE-2022-26753: ABC Research s.r.o\nCVE-2022-26754: ABC Research s.r.o\n\napache\nAvailable for: macOS Monterey\nImpact: Multiple issues in apache\nDescription: Multiple issues were addressed by updating apache to\nversion 2.4.53. \nCVE-2021-44224\nCVE-2021-44790\nCVE-2022-22719\nCVE-2022-22720\nCVE-2022-22721\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day\nInitiative\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26697: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-26698: Qi Sun of Trend Micro\n\nAVEVideoEncoder\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26736: an anonymous researcher\nCVE-2022-26737: an anonymous researcher\nCVE-2022-26738: an anonymous researcher\nCVE-2022-26739: an anonymous researcher\nCVE-2022-26740: an anonymous researcher\n\nContacts\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-26694: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nCVMS\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A memory initialization issue was addressed. \nCVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori\nCVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori\n\nDriverKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: An out-of-bounds access issue was addressed with\nimproved bounds checking. \nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\nImageIO\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow issue was addressed with improved\ninput validation. \nCVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend\nMicro Zero Day Initiative\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Photo location information may persist after it is removed\nwith Preview Inspector\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-26725: Andrew Williams and Avi Drissman of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26720: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26769: Antonio Zekic (@antoniozekic)\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26770: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro\nZero Day Initiative\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26756: Jack Dates of RET2 Systems, Inc\n\nIOKit\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab\n\nIOMobileFrameBuffer\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26768: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker that has already achieved code execution in macOS\nRecovery may be able to escalate to kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26743: Jordy Zomer (@pwningsystems)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs\n(@starlabs_sg)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-26757: Ned Williamson of Google Project Zero\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker that has already achieved kernel code execution\nmay be able to bypass kernel memory mitigations\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious attacker with arbitrary read and write capability\nmay be able to bypass Pointer Authentication\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)\n\nLaunchServices\nAvailable for: macOS Monterey\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions on third-party applications. \nCVE-2022-26706: Arsenii Kostromin (0x3c3e)\n\nLaunchServices\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-26767: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nlibresolv\nAvailable for: macOS Monterey\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)\nof the Google Security Team\nCVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team\n\nlibresolv\nAvailable for: macOS Monterey\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team\n\nLibreSSL\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2022-0778\n\nlibxml2\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-23308\n\nOpenSSL\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: This issue was addressed with improved checks. \nCVE-2022-0778\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26712: Mickey Jin (@patch1t)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-26727: Mickey Jin (@patch1t)\n\nPreview\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-26693: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nPrinting\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26746: @gorelics\n\nSafari Private Browsing\nAvailable for: macOS Monterey\nImpact: A malicious website may be able to track users in Safari\nprivate browsing mode\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-26731: an anonymous researcher\n\nSecurity\nAvailable for: macOS Monterey\nImpact: A malicious app may be able to bypass signature validation\nDescription: A certificate parsing issue was addressed with improved\nchecks. \nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26715: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSMB\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26718: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSMB\nAvailable for: macOS Monterey\nImpact: Mounting a maliciously crafted Samba network share may lead\nto arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26723: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access restricted\nfiles\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-26728: Mickey Jin (@patch1t)\n\nSpotlight\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: A validation issue existed in the handling of symlinks\nand was addressed with improved validation of symlinks. \nCVE-2022-26704: an anonymous researcher\n\nTCC\nAvailable for: macOS Monterey\nImpact: An app may be able to capture a user\u0027s screen\nDescription: This issue was addressed with improved checks. \nCVE-2022-26726: an anonymous researcher\n\nTcl\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: This issue was addressed with improved environment\nsanitization. \nCVE-2022-26755: Arsenii Kostromin (0x3c3e)\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 238178\nCVE-2022-26700: ryuzaki\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 236950\nCVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua\nwingtecher lab\nWebKit Bugzilla: 237475\nCVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua\nwingtecher lab\nWebKit Bugzilla: 238171\nCVE-2022-26717: Jeonghoon Shin of Theori\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 238183\nCVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab\nWebKit Bugzilla: 238699\nCVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech\n\nWebRTC\nAvailable for: macOS Monterey\nImpact: Video self-preview in a webRTC call may be interrupted if the\nuser answers a phone call\nDescription: A logic issue in the handling of concurrent media was\naddressed with improved state handling. \nWebKit Bugzilla: 237524\nCVE-2022-22677: an anonymous researcher\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may disclose restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26745: an anonymous researcher\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2022-26761: Wang Yu of Cyberserval\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2022-26762: Wang Yu of Cyberserval\n\nzip\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to a denial of\nservice\nDescription: A denial of service issue was addressed with improved\nstate handling. \nCVE-2022-0530\n\nzlib\nAvailable for: macOS Monterey\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-25032: Tavis Ormandy\n\nzsh\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: This issue was addressed by updating to zsh version\n5.8.1. \nCVE-2021-45444\n\nAdditional recognition\n\nAppleMobileFileIntegrity\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\nBluetooth\nWe would like to acknowledge Jann Horn of Project Zero for their\nassistance. \n\nCalendar\nWe would like to acknowledge Eugene Lim of Government Technology\nAgency of Singapore for their assistance. \n\nFaceTime\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\nFileVault\nWe would like to acknowledge Benjamin Adolphi of Promon Germany GmbH\nfor their assistance. \n\nLogin Window\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\nSystem Preferences\nWe would like to acknowledge Mohammad Tausif Siddiqui\n(@toshsiddiqui), an anonymous researcher for their assistance. \n\nWebKit\nWe would like to acknowledge James Lee, an anonymous researcher for\ntheir assistance. \n\nWi-Fi\nWe would like to acknowledge Dana Morrison for their assistance. \n\nmacOS Monterey 12.4 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p\nrhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg\nEjpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI\nDyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma\nmH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+\nrQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc\n402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV\nJ23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa\n5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ\nopD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs\nZ5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f\nLHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4=\n=jaCZ\n-----END PGP SIGNATURE-----\n\n\n. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 6.0-26+deb11u1. \n\nWe recommend that you upgrade your unzip packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202310-17\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: UnZip: Multiple Vulnerabilities\n Date: October 30, 2023\n Bugs: #831190\n ID: 202310-17\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in UnZip, the worst of\nwhich could lead to code execution. \n\nBackground\n==========\n\nInfo-ZIP\u2019s UnZip is a tool to list and extract files inside PKZIP\ncompressed files. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n-------------- ------------ ------------\napp-arch/unzip \u003c 6.0_p27 \u003e= 6.0_p27\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in UnZip. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll UnZip users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-arch/unzip-6.0_p27\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-0529\n https://nvd.nist.gov/vuln/detail/CVE-2022-0529\n[ 2 ] CVE-2022-0530\n https://nvd.nist.gov/vuln/detail/CVE-2022-0530\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202310-17\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0530"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005348"
},
{
"db": "VULHUB",
"id": "VHN-414417"
},
{
"db": "VULMON",
"id": "CVE-2022-0530"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167186"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "169332"
},
{
"db": "PACKETSTORM",
"id": "175398"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-414417",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414417"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0530",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "167189",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005348",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169332",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.4712",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2411",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5111",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051703",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-866",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167186",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167188",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2022-11523",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-414417",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0530",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175398",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414417"
},
{
"db": "VULMON",
"id": "CVE-2022-0530"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005348"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167186"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "169332"
},
{
"db": "PACKETSTORM",
"id": "175398"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-866"
},
{
"db": "NVD",
"id": "CVE-2022-0530"
}
]
},
"id": "VAR-202202-0417",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-414417"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:11:51.006000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213257 Red hat Red\u00a0Hat\u00a0Bugzilla",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html"
},
{
"title": "Info-ZIP UnZip Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=184476"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2022-0530: null pointer dereference on invalid UTF-8 input",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=fa3e267db57a0f3de9126d0fec92f2c0"
},
{
"title": "Ubuntu Security Notice: USN-5673-1: unzip vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5673-1"
},
{
"title": "Debian Security Advisories: DSA-5202-1 unzip -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a54e43ba6a23ce52c7e1cd03151dca10"
},
{
"title": "Red Hat: CVE-2022-0530",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0530"
},
{
"title": "Apple: macOS Monterey 12.4",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=73857ee26a600b1527481f1deacc0619"
},
{
"title": "unzip_poc",
"trust": 0.1,
"url": "https://github.com/nanaao/unzip_poc "
},
{
"title": "unzip_poc",
"trust": 0.1,
"url": "https://github.com/ByteHackr/unzip_poc "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/adegoodyer/kubernetes-admin-toolkit "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0530"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005348"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-866"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005348"
},
{
"db": "NVD",
"id": "CVE-2022-0530"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://www.debian.org/security/2022/dsa-5202"
},
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0530"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/38"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/35"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/33"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051395"
},
{
"trust": 1.8,
"url": "https://github.com/bytehackr/unzip_poc"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213255"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213256"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213257"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202310-17"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051703"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213255"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169332/debian-security-advisory-5202-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167189/apple-security-advisory-2022-05-16-4.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5111"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/unzip-buffer-overflow-via-wide-string2-39012"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-0530"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2411"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4712"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-38381"
},
{
"trust": 0.3,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26698"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26697"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22663"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22665"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26712"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26714"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26715"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0529"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010355"
},
{
"trust": 0.1,
"url": "https://github.com/nanaao/unzip_poc"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5673-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213256."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26701"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26708"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22677"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213257."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26694"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26693"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26704"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26711"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213255."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26727"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26748"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26746"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/unzip"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414417"
},
{
"db": "VULMON",
"id": "CVE-2022-0530"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005348"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167186"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "169332"
},
{
"db": "PACKETSTORM",
"id": "175398"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-866"
},
{
"db": "NVD",
"id": "CVE-2022-0530"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-414417"
},
{
"db": "VULMON",
"id": "CVE-2022-0530"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005348"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167186"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "169332"
},
{
"db": "PACKETSTORM",
"id": "175398"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-866"
},
{
"db": "NVD",
"id": "CVE-2022-0530"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-414417"
},
{
"date": "2022-02-09T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0530"
},
{
"date": "2023-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005348"
},
{
"date": "2022-05-17T16:59:42",
"db": "PACKETSTORM",
"id": "167188"
},
{
"date": "2022-05-17T16:58:15",
"db": "PACKETSTORM",
"id": "167186"
},
{
"date": "2022-05-17T16:59:55",
"db": "PACKETSTORM",
"id": "167189"
},
{
"date": "2022-08-28T19:12:00",
"db": "PACKETSTORM",
"id": "169332"
},
{
"date": "2023-10-30T12:42:45",
"db": "PACKETSTORM",
"id": "175398"
},
{
"date": "2022-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-866"
},
{
"date": "2022-02-09T23:15:16.677000",
"db": "NVD",
"id": "CVE-2022-0530"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-414417"
},
{
"date": "2022-09-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0530"
},
{
"date": "2023-05-29T09:10:00",
"db": "JVNDB",
"id": "JVNDB-2022-005348"
},
{
"date": "2022-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-866"
},
{
"date": "2024-11-21T06:38:51.130000",
"db": "NVD",
"id": "CVE-2022-0530"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-866"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unzip\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005348"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-866"
}
],
"trust": 0.6
}
}
var-202103-1464
Vulnerability from variot
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. Summary:
Openshift Serverless 1.10.2 is now available. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.5. Solution:
See the documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.5/html/serverless_applications/index
Bug Fix(es):
-
WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)
-
LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917)
-
Telemetry info not completely available to identify windows nodes (BZ#1955319)
-
WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412)
-
kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263)
-
Solution:
For Windows Machine Config Operator upgrades, see the following documentation:
https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html
- Bugs fixed (https://bugzilla.redhat.com/):
1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.0.10 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
Bug fix:
-
RHACM 2.0.10 images (BZ #1940452)
-
Bugs fixed (https://bugzilla.redhat.com/):
1940452 - RHACM 2.0.10 images 1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function
- ========================================================================== Ubuntu Security Notice USN-4891-1 March 25, 2021
openssl vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
OpenSSL could be made to crash or run programs if it received specially crafted network traffic. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: libssl1.1 1.1.1f-1ubuntu4.3
Ubuntu 20.04 LTS: libssl1.1 1.1.1f-1ubuntu2.3
Ubuntu 18.04 LTS: libssl1.1 1.1.1-1ubuntu2.1~18.04.9
After a standard system update you need to reboot your computer to make all the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. Package List:
Red Hat Enterprise Linux BaseOS (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update Advisory ID: RHSA-2021:1200-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:1200 Issue date: 2021-04-14 CVE Names: CVE-2021-3449 CVE-2021-3450 ==================================================================== 1. Summary:
Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 6 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security fix(es):
-
openssl: NULL pointer deref in signature_algorithms processing (CVE-2021-3449)
-
openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
- Bugs fixed (https://bugzilla.redhat.com/):
1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing
- References:
https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp&downloadType=securityPatches&version=2.4.37
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYHcRztzjgjWX9erEAQi2UA//ZnBZbF6yu43LNZh8SpIsZt25+kmRXpPO 24bitxkguIp8Mbf6aysizioKh10TgUzJAZL/xwzVGaf1YTtGXEiiQZvl+qetQhal CYcQUX9iRTbN3LL5sT0es8qIc9pXnVSh9YCRaa2i3l9KWlPWA2U0R4OfrAmGIjUe VG3tJ92HhtdeEx0VOHC+X6e7bDMoGQboT7cDJsP/xn8abWrBn9pQYfh7Ej/4qwMK 8sm6M7KcMcl2Sxjv0PB5obmZWBILWiTwHrJu6M3D6HBMJ4IdA0+DrDjf5U3NW6xp uYmmkKkw18juBkRyLBFG0Xnm8JUh9t50zRL5XbI5rcv8w+puqcuLuNWD83L+fIFE Z7eDdVaf0TYljefjbiZP/An2vjiOJ6Tm7nO79lrCI/g7Oax+/oK0/ClDpLuwVKtB hz7f5VrK2+q+qDRvXk65Ala9kMHvhkr7s2/64/UMcvqpnTSkzypFORSdj+UBevUb a+2ClrFEeokOXZxvZGQQxvu6do8roy2vrpLgNmxaDf65JZk5R4NlC3J4SbEjwBTT Wg4bnZRXHi+T8OL3fmPTnNsEMOAdH3kwUfgzIbj9o6wFzoZiKYRUk9qQv8jb1G9K x0qnCqtrwqzBBUs+ntXfTguTOba7JYx7aWH6ieBOIb5tapLJw7xOlVWbE1d29BCy CkeZnyNSON8=u60F -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1464",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.3.1.2"
},
{
"model": "mysql workbench",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "simatic cloud connect 7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "cloud volumes ontap mediator",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic net cp 1543sp-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "simatic pdm",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "9.1.0.7"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.12.1"
},
{
"model": "essbase",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.2"
},
{
"model": "sma100",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.0"
},
{
"model": "multi-domain management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r80.40"
},
{
"model": "scalance s627-2m",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "scalance xp-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "simatic process historian opc ua server",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2019"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"model": "simatic cp 1242-7 gprs v2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "jd edwards world security",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "a9.4"
},
{
"model": "scalance xr524-8c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "tenable.sc",
"scope": "gte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.13.0"
},
{
"model": "simatic rf188ci",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic net cp 1243-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "simatic rf185c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.13.0"
},
{
"model": "mysql connectors",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "simatic net cp 1543-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "tim 1531 irc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.24.0"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.33"
},
{
"model": "scalance xr-300wg",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "sma100",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.0-17sv"
},
{
"model": "simatic s7-1200 cpu 1217c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics connect 300",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.12.0"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.11.1"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "scalance xm-400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "simatic net cp1243-7 lte eu",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "quantum security gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r81"
},
{
"model": "communications communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0.0.0"
},
{
"model": "simatic rf360r",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1200 cpu 1214c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance s615",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "simatic mv500",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1200 cpu 1212fc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinec pni",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xf-200ba",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.12.0"
},
{
"model": "simatic rf188c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "simatic s7-1200 cpu 1211c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "nessus",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "8.13.1"
},
{
"model": "enterprise manager for storage management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "multi-domain management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r81"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "simatic hmi basic panels 2nd generation",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "scalance w700",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.5"
},
{
"model": "e-series performance analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "scalance xr552-12",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "simatic net cp1243-7 lte us",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.3.5"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.14.0"
},
{
"model": "tenable.sc",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.17.0"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "10.1.1"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1k"
},
{
"model": "simatic rf166c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "scalance xc-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "simatic s7-1200 cpu 1215c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "quantum security management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r80.40"
},
{
"model": "scalance xr526-8c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.14.0"
},
{
"model": "simatic s7-1500 cpu 1518-4 pn\\/dp mfp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.2.10"
},
{
"model": "tim 1531 irc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.0.2"
},
{
"model": "secure backup",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1.0.1.0"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.11.0"
},
{
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "scalance sc-600",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "simatic pcs 7 telecontrol",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1200 cpu 1215 fc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.22.1"
},
{
"model": "simatic rf186ci",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "10.1.1"
},
{
"model": "simatic net cp 1542sp-1 irc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "capture client",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "3.5"
},
{
"model": "simatic logon",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.6.0.2"
},
{
"model": "simatic wincc telecontrol",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "sonicos",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "7.0.1.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.6.0"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic pcs neo",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance s623",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "scalance lpe9403",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1200 cpu 1214 fc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"model": "log correlation engine",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "6.0.9"
},
{
"model": "scalance m-800",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "simatic rf186c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.19"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.2.10"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.16.1"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "scalance s612",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "simatic s7-1200 cpu 1212c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "santricity smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "quantum security management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r81"
},
{
"model": "scalance xr528-6m",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "tia administrator",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinec nms",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "simatic logon",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "12.2"
},
{
"model": "sinumerik opc ua server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "scalance xb-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "scalance s602",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "ruggedcom rcm1224",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.13.0"
},
{
"model": "simatic cp 1242-7 gprs v2",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.19"
},
{
"model": "quantum security gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r80.40"
},
{
"model": "simatic net cp 1545-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "simatic cloud connect 7",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.0.0"
},
{
"model": "simatic net cp 1243-8 irc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "scalance w1700",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.15.0"
},
{
"model": "simatic net cp 1543-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "hitachi ops center analyzer viewpoint",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "storagegrid",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "ontap select deploy administration utility",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "quantum security gateway",
"scope": null,
"trust": 0.8,
"vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba",
"version": null
},
{
"model": "tenable.sc",
"scope": null,
"trust": 0.8,
"vendor": "tenable",
"version": null
},
{
"model": "nessus",
"scope": null,
"trust": 0.8,
"vendor": "tenable",
"version": null
},
{
"model": "oncommand workflow automation",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "freebsd",
"scope": null,
"trust": 0.8,
"vendor": "freebsd",
"version": null
},
{
"model": "hitachi ops center common services",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "santricity smi-s provider",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "mcafee web gateway \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30ab\u30d5\u30a3\u30fc",
"version": null
},
{
"model": "e-series performance analyzer",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "jp1/file transmission server/ftp",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "quantum security management",
"scope": null,
"trust": 0.8,
"vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba",
"version": null
},
{
"model": "openssl",
"scope": null,
"trust": 0.8,
"vendor": "openssl",
"version": null
},
{
"model": "cloud volumes ontap \u30e1\u30c7\u30a3\u30a8\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "jp1/base",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "web gateway cloud service",
"scope": null,
"trust": 0.8,
"vendor": "\u30de\u30ab\u30d5\u30a3\u30fc",
"version": null
},
{
"model": "multi-domain management",
"scope": null,
"trust": 0.8,
"vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001383"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162076"
},
{
"db": "PACKETSTORM",
"id": "162013"
},
{
"db": "PACKETSTORM",
"id": "162200"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "162189"
}
],
"trust": 0.8
},
"cve": "CVE-2021-3449",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-3449",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-388130",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2021-3449",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-3449",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-3449",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-3449",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULHUB",
"id": "VHN-388130",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001383"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. Summary:\n\nOpenshift Serverless 1.10.2 is now available. This version of the OpenShift Serverless\nOperator is supported on Red Hat OpenShift Container Platform version 4.5. Solution:\n\nSee the documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/\n4.5/html/serverless_applications/index\n\n4. \n\nBug Fix(es):\n\n* WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)\n\n* LoadBalancer Service type with invalid external loadbalancer IP breaks\nthe datapath (BZ#1952917)\n\n* Telemetry info not completely available to identify windows nodes\n(BZ#1955319)\n\n* WMCO incorrectly shows node as ready after a failed configuration\n(BZ#1956412)\n\n* kube-proxy service terminated unexpectedly after recreated LB service\n(BZ#1963263)\n\n3. Solution:\n\nFor Windows Machine Config Operator upgrades, see the following\ndocumentation:\n\nhttps://docs.openshift.com/container-platform/4.7/windows_containers/window\ns-node-upgrades.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1945248 - WMCO patch pub-key-hash annotation to Linux node\n1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don\u0027t create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM\n1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath\n1955319 - Telemetry info not completely available to identify windows nodes\n1956412 - WMCO incorrectly shows node as ready after a failed configuration\n1963263 - kube-proxy service terminated unexpectedly after recreated LB service\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.0.10 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nBug fix:\n\n* RHACM 2.0.10 images (BZ #1940452)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1940452 - RHACM 2.0.10 images\n1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function\n\n5. ==========================================================================\nUbuntu Security Notice USN-4891-1\nMarch 25, 2021\n\nopenssl vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nOpenSSL could be made to crash or run programs if it received specially\ncrafted network traffic. A remote attacker could use this issue to cause\nOpenSSL to crash, resulting in a denial of service, or possibly execute\narbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n libssl1.1 1.1.1f-1ubuntu4.3\n\nUbuntu 20.04 LTS:\n libssl1.1 1.1.1f-1ubuntu2.3\n\nUbuntu 18.04 LTS:\n libssl1.1 1.1.1-1ubuntu2.1~18.04.9\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update\nAdvisory ID: RHSA-2021:1200-01\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1200\nIssue date: 2021-04-14\nCVE Names: CVE-2021-3449 CVE-2021-3450\n====================================================================\n1. Summary:\n\nRed Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip\nrelease for RHEL 7, RHEL 8 and Microsoft Windows is available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages\nthat are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.37 Service Pack 6 and includes bug fixes and\nenhancements. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity fix(es):\n\n* openssl: NULL pointer deref in signature_algorithms processing\n(CVE-2021-3449)\n\n* openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n(CVE-2021-3450)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.37\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYHcRztzjgjWX9erEAQi2UA//ZnBZbF6yu43LNZh8SpIsZt25+kmRXpPO\n24bitxkguIp8Mbf6aysizioKh10TgUzJAZL/xwzVGaf1YTtGXEiiQZvl+qetQhal\nCYcQUX9iRTbN3LL5sT0es8qIc9pXnVSh9YCRaa2i3l9KWlPWA2U0R4OfrAmGIjUe\nVG3tJ92HhtdeEx0VOHC+X6e7bDMoGQboT7cDJsP/xn8abWrBn9pQYfh7Ej/4qwMK\n8sm6M7KcMcl2Sxjv0PB5obmZWBILWiTwHrJu6M3D6HBMJ4IdA0+DrDjf5U3NW6xp\nuYmmkKkw18juBkRyLBFG0Xnm8JUh9t50zRL5XbI5rcv8w+puqcuLuNWD83L+fIFE\nZ7eDdVaf0TYljefjbiZP/An2vjiOJ6Tm7nO79lrCI/g7Oax+/oK0/ClDpLuwVKtB\nhz7f5VrK2+q+qDRvXk65Ala9kMHvhkr7s2/64/UMcvqpnTSkzypFORSdj+UBevUb\na+2ClrFEeokOXZxvZGQQxvu6do8roy2vrpLgNmxaDf65JZk5R4NlC3J4SbEjwBTT\nWg4bnZRXHi+T8OL3fmPTnNsEMOAdH3kwUfgzIbj9o6wFzoZiKYRUk9qQv8jb1G9K\nx0qnCqtrwqzBBUs+ntXfTguTOba7JYx7aWH6ieBOIb5tapLJw7xOlVWbE1d29BCy\nCkeZnyNSON8=u60F\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3449"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001383"
},
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162076"
},
{
"db": "PACKETSTORM",
"id": "161984"
},
{
"db": "PACKETSTORM",
"id": "162013"
},
{
"db": "PACKETSTORM",
"id": "162200"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "162189"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-3449",
"trust": 2.8
},
{
"db": "TENABLE",
"id": "TNS-2021-06",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2021-09",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2021-05",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2021-10",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/28/3",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/27/2",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/28/4",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/27/1",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-772220",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.1
},
{
"db": "PULSESECURE",
"id": "SA44845",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10356",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU92126369",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001383",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162197",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162076",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163257",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162013",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162383",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162189",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161984",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162200",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162114",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162350",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162041",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162183",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162699",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162337",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162151",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162196",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162172",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162201",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162307",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-99170",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-388130",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162694",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001383"
},
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162076"
},
{
"db": "PACKETSTORM",
"id": "161984"
},
{
"db": "PACKETSTORM",
"id": "162013"
},
{
"db": "PACKETSTORM",
"id": "162200"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "162189"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"id": "VAR-202103-1464",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
}
],
"trust": 0.6742040990624999
},
"last_update_date": "2024-11-29T22:12:22.747000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2021-119 Software product security information",
"trust": 0.8,
"url": "https://www.debian.org/security/2021/dsa-4875"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001383"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001383"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 1.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-openssl-2021-ghy28djd"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
},
{
"trust": 1.1,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44845"
},
{
"trust": 1.1,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0013"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
},
{
"trust": 1.1,
"url": "https://www.openssl.org/news/secadv/20210325.txt"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-05"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-06"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-4875"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202103-03"
},
{
"trust": 1.1,
"url": "https://security.freebsd.org/advisories/freebsd-sa-21:07.openssl.asc"
},
{
"trust": 1.1,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
},
{
"trust": 1.0,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=fb9fa6b51defd48157eeb207f52181f735d96148"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10356"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92126369/"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-3450"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
},
{
"trust": 0.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10356"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13631"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20387"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.5/html/serverless_applications/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3115"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6405"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2021"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13631"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13630"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6405"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20916"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25736"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2130"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/windows_containers/window"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25736"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24977"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13776"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28374"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26708"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27365"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27152"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27152"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27365"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0466"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1448"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28374"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26708"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1063"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu4.3"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4891-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1024"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1203"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.37"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1195"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001383"
},
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162076"
},
{
"db": "PACKETSTORM",
"id": "161984"
},
{
"db": "PACKETSTORM",
"id": "162013"
},
{
"db": "PACKETSTORM",
"id": "162200"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "162189"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001383"
},
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162076"
},
{
"db": "PACKETSTORM",
"id": "161984"
},
{
"db": "PACKETSTORM",
"id": "162013"
},
{
"db": "PACKETSTORM",
"id": "162200"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "PACKETSTORM",
"id": "162189"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-388130"
},
{
"date": "2021-05-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001383"
},
{
"date": "2021-05-19T14:19:18",
"db": "PACKETSTORM",
"id": "162694"
},
{
"date": "2021-06-23T15:44:15",
"db": "PACKETSTORM",
"id": "163257"
},
{
"date": "2021-04-29T14:37:49",
"db": "PACKETSTORM",
"id": "162383"
},
{
"date": "2021-04-05T15:16:03",
"db": "PACKETSTORM",
"id": "162076"
},
{
"date": "2021-03-26T14:15:18",
"db": "PACKETSTORM",
"id": "161984"
},
{
"date": "2021-03-30T14:07:13",
"db": "PACKETSTORM",
"id": "162013"
},
{
"date": "2021-04-15T13:50:30",
"db": "PACKETSTORM",
"id": "162200"
},
{
"date": "2021-04-15T13:50:04",
"db": "PACKETSTORM",
"id": "162197"
},
{
"date": "2021-04-14T16:50:04",
"db": "PACKETSTORM",
"id": "162189"
},
{
"date": "2021-03-25T15:15:13.450000",
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-388130"
},
{
"date": "2021-09-13T07:43:00",
"db": "JVNDB",
"id": "JVNDB-2021-001383"
},
{
"date": "2024-11-21T06:21:33.050000",
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "161984"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001383"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "162694"
},
{
"db": "PACKETSTORM",
"id": "162383"
}
],
"trust": 0.2
}
}
var-202204-0692
Vulnerability from variot
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder C:\.git, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set GIT_PS1_SHOWDIRTYSTATE are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in C:\.git\config. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder .git on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend GIT_CEILING_DIRECTORIES to cover the parent directory of the user profile, e.g. C:\Users if the user profile is located in C:\Users\my-user-name. Git for Windows Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ==========================================================================
Ubuntu Security Notice USN-5376-1
April 12, 2022
git vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Git could be made to run arbitrary commands in platforms with multiple users support. An attacker could possibly use this issue to run arbitrary commands.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: git 1:2.32.0-1ubuntu1.1
Ubuntu 20.04 LTS: git 1:2.25.1-1ubuntu3.3
Ubuntu 18.04 LTS: git 1:2.17.1-1ubuntu0.10
In general, a standard system update will make all the necessary changes. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.
This update includes two changes of behavior that may affect certain setup: - It stops when directory traversal changes ownership from the current user while looking for a top-level git directory, a user could make an exception by using the new safe.directory configuration. - The default of protocol.file.allow has been changed from "always" to "user".
For the stable distribution (bullseye), these problems have been fixed in version 1:2.30.2-1+deb11u1.
We recommend that you upgrade your git packages.
For the detailed security status of git please refer to its security tracker page at: https://security-tracker.debian.org/tracker/git
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmPWoBQACgkQO1LKKgqv 2VQ9Ugf/amidAHmXSaPDpk9Hs52ttiUPJ6uMJRYyJI/KQ3o5eoQfdzYmVT9ACsuK XxT7Xd5JqkHZMJyABeqm42JJgOiyV5GUx2ZrsQ3M5UE2HD2keWxaJmrkj6VlzkFs qHOynAgprllBmw3RfHkyjybQEG4dtmiLk5+gJZK0MYxAaKzyeNi7dnLEllYOf+Xi dn3aSk8edTVqT80jdMIfBeOn1f/Zb+9kSHyVOezku1NfYES1dnA7RaOAkKmw/JkR HYnuxpdAfkb2K1z6LmDkLWpTQU7CbOPcPpWBWgkuD6tQmKjppx5MYuDZ+hW0y6aV EI1gHfi7qbZ3+b+nxEa9CTvap0d8QA== =Vh4D -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202312-15
https://security.gentoo.org/
Severity: High Title: Git: Multiple Vulnerabilities Date: December 27, 2023 Bugs: #838127, #857831, #877565, #891221, #894472, #905088 ID: 202312-15
Synopsis
Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution.
Background
Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.
Affected packages
Package Vulnerable Unaffected
dev-vcs/git < 2.39.3 >= 2.39.3
Description
Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Git users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.39.3"
References
[ 1 ] CVE-2022-23521 https://nvd.nist.gov/vuln/detail/CVE-2022-23521 [ 2 ] CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 [ 3 ] CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 [ 4 ] CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 [ 5 ] CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 [ 6 ] CVE-2022-41903 https://nvd.nist.gov/vuln/detail/CVE-2022-41903 [ 7 ] CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 [ 8 ] CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 [ 9 ] CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 [ 10 ] CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 [ 11 ] CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202312-15
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 .
The following advisory data is extracted from:
https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0407.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: git security and bug fix update Advisory ID: RHSA-2023:2319-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2319 Issue date: 2023-05-09 CVE Names: CVE-2022-24765 CVE-2022-29187 CVE-2022-39253 CVE-2022-39260 ==================================================================== 1. Summary:
An update for git is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Security Fix(es):
-
git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree (CVE-2022-24765)
-
git: Bypass of safe.directory protections (CVE-2022-29187)
-
git: exposure of sensitive information to a malicious actor (CVE-2022-39253)
-
git: git shell function that splits command arguments can lead to arbitrary heap writes. (CVE-2022-39260)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2073414 - CVE-2022-24765 git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree 2107439 - CVE-2022-29187 git: Bypass of safe.directory protections 2137422 - CVE-2022-39253 git: exposure of sensitive information to a malicious actor 2137423 - CVE-2022-39260 git: git shell function that splits command arguments can lead to arbitrary heap writes. Package List:
Red Hat Enterprise Linux AppStream (v. 9):
Source: git-2.39.1-1.el9.src.rpm
aarch64: git-2.39.1-1.el9.aarch64.rpm git-core-2.39.1-1.el9.aarch64.rpm git-core-debuginfo-2.39.1-1.el9.aarch64.rpm git-credential-libsecret-2.39.1-1.el9.aarch64.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.aarch64.rpm git-daemon-2.39.1-1.el9.aarch64.rpm git-daemon-debuginfo-2.39.1-1.el9.aarch64.rpm git-debuginfo-2.39.1-1.el9.aarch64.rpm git-debugsource-2.39.1-1.el9.aarch64.rpm git-subtree-2.39.1-1.el9.aarch64.rpm
noarch: git-all-2.39.1-1.el9.noarch.rpm git-core-doc-2.39.1-1.el9.noarch.rpm git-email-2.39.1-1.el9.noarch.rpm git-gui-2.39.1-1.el9.noarch.rpm git-instaweb-2.39.1-1.el9.noarch.rpm git-svn-2.39.1-1.el9.noarch.rpm gitk-2.39.1-1.el9.noarch.rpm gitweb-2.39.1-1.el9.noarch.rpm perl-Git-2.39.1-1.el9.noarch.rpm perl-Git-SVN-2.39.1-1.el9.noarch.rpm
ppc64le: git-2.39.1-1.el9.ppc64le.rpm git-core-2.39.1-1.el9.ppc64le.rpm git-core-debuginfo-2.39.1-1.el9.ppc64le.rpm git-credential-libsecret-2.39.1-1.el9.ppc64le.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.ppc64le.rpm git-daemon-2.39.1-1.el9.ppc64le.rpm git-daemon-debuginfo-2.39.1-1.el9.ppc64le.rpm git-debuginfo-2.39.1-1.el9.ppc64le.rpm git-debugsource-2.39.1-1.el9.ppc64le.rpm git-subtree-2.39.1-1.el9.ppc64le.rpm
s390x: git-2.39.1-1.el9.s390x.rpm git-core-2.39.1-1.el9.s390x.rpm git-core-debuginfo-2.39.1-1.el9.s390x.rpm git-credential-libsecret-2.39.1-1.el9.s390x.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.s390x.rpm git-daemon-2.39.1-1.el9.s390x.rpm git-daemon-debuginfo-2.39.1-1.el9.s390x.rpm git-debuginfo-2.39.1-1.el9.s390x.rpm git-debugsource-2.39.1-1.el9.s390x.rpm git-subtree-2.39.1-1.el9.s390x.rpm
x86_64: git-2.39.1-1.el9.x86_64.rpm git-core-2.39.1-1.el9.x86_64.rpm git-core-debuginfo-2.39.1-1.el9.x86_64.rpm git-credential-libsecret-2.39.1-1.el9.x86_64.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.x86_64.rpm git-daemon-2.39.1-1.el9.x86_64.rpm git-daemon-debuginfo-2.39.1-1.el9.x86_64.rpm git-debuginfo-2.39.1-1.el9.x86_64.rpm git-debugsource-2.39.1-1.el9.x86_64.rpm git-subtree-2.39.1-1.el9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-24765 https://access.redhat.com/security/cve/CVE-2022-29187 https://access.redhat.com/security/cve/CVE-2022-39253 https://access.redhat.com/security/cve/CVE-2022-39260 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBZFo03tzjgjWX9erEAQhYSg//bKkon2hHN6jSsXXntqw9ViT5zo9r/KTD cV+t7GM4ipVK8j4EW8EnQKrJBWAzsEhqM2vh9MvM/PpTQ2I/JP53YbTed0qgxE3T SU07XMVbh1BA7OKyJ+eKfWJLBT03/VzzaepqQPwyHyFDAegJ/L9DlZOkHc9NJrfa R+N2Hde/TmUlnRl737ltWtQHE1QSTV1PQZuXb3AEWm6FDe7O62F0GpsuIWj1z8oo IIDLHRjp/mCqT6/A70NIRQvcwhLfRYYMOezKL80iGi7WwRokwEScDFE+gzB9FLrf pjNBFZkQVVxMVYOejArmPuLINaEdZJo/HAOiEtw9gOTzALyKFbWwOHDmSzz1hgbz kqFtZgwnpVZNs3UubXCgWeP4aU9xueZeyBHKNQKVERODtrKFt5jbpPrXu6qGyP9O 6GSgMbUDO5OMqOhTKQiMbKj5gO2DfOIO6vNP5eFwvSXPJG0ZlPIzAJD1cwZdtsVK wWBIMfjjc8zUh8OYm+CWg/lgpZLkQxe/wtFcC7Pw1u7nkN95npMXM3O75R8xe1zg xsa+wzjCmVRwrO2gLnT7/NUkY3saShCvBD+A82trnasbVlI/49oiojZY1PI3CZtz afQDlfLvgygNkV3e5CGe5p9PILwmFbrpALV43dEz6eY+MbeuoE6I7ON8tYtmx4Ds hOpSLJjOLjE=YQQZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0692",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "git",
"scope": "lt",
"trust": 1.0,
"vendor": "git scm",
"version": "2.35.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "xcode",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.4"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "xcode",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "git",
"scope": null,
"trust": 0.8,
"vendor": "git scm",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009728"
},
{
"db": "NVD",
"id": "CVE-2022-24765"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "176728"
},
{
"db": "PACKETSTORM",
"id": "172366"
},
{
"db": "PACKETSTORM",
"id": "172210"
}
],
"trust": 0.3
},
"cve": "CVE-2022-24765",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2022-24765",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-414584",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-24765",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "security-advisories@github.com",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2022-24765",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-24765",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-24765",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2022-24765",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-24765",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-2943",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-414584",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-24765",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414584"
},
{
"db": "VULMON",
"id": "CVE-2022-24765"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009728"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2943"
},
{
"db": "NVD",
"id": "CVE-2022-24765"
},
{
"db": "NVD",
"id": "CVE-2022-24765"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\.git\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\Users` if the user profile is located in `C:\\Users\\my-user-name`. Git for Windows Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ==========================================================================\nUbuntu Security Notice USN-5376-1\nApril 12, 2022\n\ngit vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nGit could be made to run arbitrary commands in platforms with multiple users\nsupport. An attacker could possibly use\nthis issue to run arbitrary commands. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n git 1:2.32.0-1ubuntu1.1\n\nUbuntu 20.04 LTS:\n git 1:2.25.1-1ubuntu3.3\n\nUbuntu 18.04 LTS:\n git 1:2.17.1-1ubuntu0.10\n\nIn general, a standard system update will make all the necessary changes. \nAn attacker may trigger remote code execution, cause local users into\nexecuting arbitrary commands, leak information from the local filesystem,\nand bypass restricted shell. \n\nThis update includes two changes of behavior that may affect certain setup:\n - It stops when directory traversal changes ownership from the current\n user while looking for a top-level git directory, a user could make an\n exception by using the new safe.directory configuration. \n - The default of protocol.file.allow has been changed from \"always\" to\n \"user\". \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1:2.30.2-1+deb11u1. \n\nWe recommend that you upgrade your git packages. \n\nFor the detailed security status of git please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/git\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmPWoBQACgkQO1LKKgqv\n2VQ9Ugf/amidAHmXSaPDpk9Hs52ttiUPJ6uMJRYyJI/KQ3o5eoQfdzYmVT9ACsuK\nXxT7Xd5JqkHZMJyABeqm42JJgOiyV5GUx2ZrsQ3M5UE2HD2keWxaJmrkj6VlzkFs\nqHOynAgprllBmw3RfHkyjybQEG4dtmiLk5+gJZK0MYxAaKzyeNi7dnLEllYOf+Xi\ndn3aSk8edTVqT80jdMIfBeOn1f/Zb+9kSHyVOezku1NfYES1dnA7RaOAkKmw/JkR\nHYnuxpdAfkb2K1z6LmDkLWpTQU7CbOPcPpWBWgkuD6tQmKjppx5MYuDZ+hW0y6aV\nEI1gHfi7qbZ3+b+nxEa9CTvap0d8QA==\n=Vh4D\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202312-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Git: Multiple Vulnerabilities\n Date: December 27, 2023\n Bugs: #838127, #857831, #877565, #891221, #894472, #905088\n ID: 202312-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nSeveral vulnerabilities have been found in Git, the worst of which could\nlead to remote code execution. \n\nBackground\n==========\n\nGit is a free and open source distributed version control system\ndesigned to handle everything from small to very large projects with\nspeed and efficiency. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n----------- ------------ ------------\ndev-vcs/git \u003c 2.39.3 \u003e= 2.39.3\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Git. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Git users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-vcs/git-2.39.3\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-23521\n https://nvd.nist.gov/vuln/detail/CVE-2022-23521\n[ 2 ] CVE-2022-24765\n https://nvd.nist.gov/vuln/detail/CVE-2022-24765\n[ 3 ] CVE-2022-29187\n https://nvd.nist.gov/vuln/detail/CVE-2022-29187\n[ 4 ] CVE-2022-39253\n https://nvd.nist.gov/vuln/detail/CVE-2022-39253\n[ 5 ] CVE-2022-39260\n https://nvd.nist.gov/vuln/detail/CVE-2022-39260\n[ 6 ] CVE-2022-41903\n https://nvd.nist.gov/vuln/detail/CVE-2022-41903\n[ 7 ] CVE-2023-22490\n https://nvd.nist.gov/vuln/detail/CVE-2023-22490\n[ 8 ] CVE-2023-23946\n https://nvd.nist.gov/vuln/detail/CVE-2023-23946\n[ 9 ] CVE-2023-25652\n https://nvd.nist.gov/vuln/detail/CVE-2023-25652\n[ 10 ] CVE-2023-25815\n https://nvd.nist.gov/vuln/detail/CVE-2023-25815\n[ 11 ] CVE-2023-29007\n https://nvd.nist.gov/vuln/detail/CVE-2023-29007\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202312-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n\nThe following advisory data is extracted from:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0407.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: git security and bug fix update\nAdvisory ID: RHSA-2023:2319-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:2319\nIssue date: 2023-05-09\nCVE Names: CVE-2022-24765 CVE-2022-29187 CVE-2022-39253\n CVE-2022-39260\n====================================================================\n1. Summary:\n\nAn update for git is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nGit is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git repository\nis an exact copy with complete revision history. This not only allows the\nuser to work on and contribute to projects without the need to have\npermission to push the changes to their official repositories, but also\nmakes it possible for the user to work with no network connection. \n\nSecurity Fix(es):\n\n* git: On multi-user machines Git users might find themselves unexpectedly\nin a Git worktree (CVE-2022-24765)\n\n* git: Bypass of safe.directory protections (CVE-2022-29187)\n\n* git: exposure of sensitive information to a malicious actor\n(CVE-2022-39253)\n\n* git: git shell function that splits command arguments can lead to\narbitrary heap writes. (CVE-2022-39260)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 9.2 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2073414 - CVE-2022-24765 git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree\n2107439 - CVE-2022-29187 git: Bypass of safe.directory protections\n2137422 - CVE-2022-39253 git: exposure of sensitive information to a malicious actor\n2137423 - CVE-2022-39260 git: git shell function that splits command arguments can lead to arbitrary heap writes. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\nSource:\ngit-2.39.1-1.el9.src.rpm\n\naarch64:\ngit-2.39.1-1.el9.aarch64.rpm\ngit-core-2.39.1-1.el9.aarch64.rpm\ngit-core-debuginfo-2.39.1-1.el9.aarch64.rpm\ngit-credential-libsecret-2.39.1-1.el9.aarch64.rpm\ngit-credential-libsecret-debuginfo-2.39.1-1.el9.aarch64.rpm\ngit-daemon-2.39.1-1.el9.aarch64.rpm\ngit-daemon-debuginfo-2.39.1-1.el9.aarch64.rpm\ngit-debuginfo-2.39.1-1.el9.aarch64.rpm\ngit-debugsource-2.39.1-1.el9.aarch64.rpm\ngit-subtree-2.39.1-1.el9.aarch64.rpm\n\nnoarch:\ngit-all-2.39.1-1.el9.noarch.rpm\ngit-core-doc-2.39.1-1.el9.noarch.rpm\ngit-email-2.39.1-1.el9.noarch.rpm\ngit-gui-2.39.1-1.el9.noarch.rpm\ngit-instaweb-2.39.1-1.el9.noarch.rpm\ngit-svn-2.39.1-1.el9.noarch.rpm\ngitk-2.39.1-1.el9.noarch.rpm\ngitweb-2.39.1-1.el9.noarch.rpm\nperl-Git-2.39.1-1.el9.noarch.rpm\nperl-Git-SVN-2.39.1-1.el9.noarch.rpm\n\nppc64le:\ngit-2.39.1-1.el9.ppc64le.rpm\ngit-core-2.39.1-1.el9.ppc64le.rpm\ngit-core-debuginfo-2.39.1-1.el9.ppc64le.rpm\ngit-credential-libsecret-2.39.1-1.el9.ppc64le.rpm\ngit-credential-libsecret-debuginfo-2.39.1-1.el9.ppc64le.rpm\ngit-daemon-2.39.1-1.el9.ppc64le.rpm\ngit-daemon-debuginfo-2.39.1-1.el9.ppc64le.rpm\ngit-debuginfo-2.39.1-1.el9.ppc64le.rpm\ngit-debugsource-2.39.1-1.el9.ppc64le.rpm\ngit-subtree-2.39.1-1.el9.ppc64le.rpm\n\ns390x:\ngit-2.39.1-1.el9.s390x.rpm\ngit-core-2.39.1-1.el9.s390x.rpm\ngit-core-debuginfo-2.39.1-1.el9.s390x.rpm\ngit-credential-libsecret-2.39.1-1.el9.s390x.rpm\ngit-credential-libsecret-debuginfo-2.39.1-1.el9.s390x.rpm\ngit-daemon-2.39.1-1.el9.s390x.rpm\ngit-daemon-debuginfo-2.39.1-1.el9.s390x.rpm\ngit-debuginfo-2.39.1-1.el9.s390x.rpm\ngit-debugsource-2.39.1-1.el9.s390x.rpm\ngit-subtree-2.39.1-1.el9.s390x.rpm\n\nx86_64:\ngit-2.39.1-1.el9.x86_64.rpm\ngit-core-2.39.1-1.el9.x86_64.rpm\ngit-core-debuginfo-2.39.1-1.el9.x86_64.rpm\ngit-credential-libsecret-2.39.1-1.el9.x86_64.rpm\ngit-credential-libsecret-debuginfo-2.39.1-1.el9.x86_64.rpm\ngit-daemon-2.39.1-1.el9.x86_64.rpm\ngit-daemon-debuginfo-2.39.1-1.el9.x86_64.rpm\ngit-debuginfo-2.39.1-1.el9.x86_64.rpm\ngit-debugsource-2.39.1-1.el9.x86_64.rpm\ngit-subtree-2.39.1-1.el9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-24765\nhttps://access.redhat.com/security/cve/CVE-2022-29187\nhttps://access.redhat.com/security/cve/CVE-2022-39253\nhttps://access.redhat.com/security/cve/CVE-2022-39260\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZFo03tzjgjWX9erEAQhYSg//bKkon2hHN6jSsXXntqw9ViT5zo9r/KTD\ncV+t7GM4ipVK8j4EW8EnQKrJBWAzsEhqM2vh9MvM/PpTQ2I/JP53YbTed0qgxE3T\nSU07XMVbh1BA7OKyJ+eKfWJLBT03/VzzaepqQPwyHyFDAegJ/L9DlZOkHc9NJrfa\nR+N2Hde/TmUlnRl737ltWtQHE1QSTV1PQZuXb3AEWm6FDe7O62F0GpsuIWj1z8oo\nIIDLHRjp/mCqT6/A70NIRQvcwhLfRYYMOezKL80iGi7WwRokwEScDFE+gzB9FLrf\npjNBFZkQVVxMVYOejArmPuLINaEdZJo/HAOiEtw9gOTzALyKFbWwOHDmSzz1hgbz\nkqFtZgwnpVZNs3UubXCgWeP4aU9xueZeyBHKNQKVERODtrKFt5jbpPrXu6qGyP9O\n6GSgMbUDO5OMqOhTKQiMbKj5gO2DfOIO6vNP5eFwvSXPJG0ZlPIzAJD1cwZdtsVK\nwWBIMfjjc8zUh8OYm+CWg/lgpZLkQxe/wtFcC7Pw1u7nkN95npMXM3O75R8xe1zg\nxsa+wzjCmVRwrO2gLnT7/NUkY3saShCvBD+A82trnasbVlI/49oiojZY1PI3CZtz\nafQDlfLvgygNkV3e5CGe5p9PILwmFbrpALV43dEz6eY+MbeuoE6I7ON8tYtmx4Ds\nhOpSLJjOLjE=YQQZ\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24765"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009728"
},
{
"db": "VULHUB",
"id": "VHN-414584"
},
{
"db": "VULMON",
"id": "CVE-2022-24765"
},
{
"db": "PACKETSTORM",
"id": "167744"
},
{
"db": "PACKETSTORM",
"id": "166705"
},
{
"db": "PACKETSTORM",
"id": "170787"
},
{
"db": "PACKETSTORM",
"id": "176313"
},
{
"db": "PACKETSTORM",
"id": "176728"
},
{
"db": "PACKETSTORM",
"id": "172366"
},
{
"db": "PACKETSTORM",
"id": "172210"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-24765",
"trust": 4.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/04/12/7",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "167744",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "170787",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009728",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167204",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166705",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022061215",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071350",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041314",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072638",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072538",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071416",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051709",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041265",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042574",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041513",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166827",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1595",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1809",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3430",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4630",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3674",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2943",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-414584",
"trust": 0.1
},
{
"db": "ICS CERT",
"id": "ICSA-24-046-11",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-24765",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "176313",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "176728",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172366",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172210",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414584"
},
{
"db": "VULMON",
"id": "CVE-2022-24765"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009728"
},
{
"db": "PACKETSTORM",
"id": "167744"
},
{
"db": "PACKETSTORM",
"id": "166705"
},
{
"db": "PACKETSTORM",
"id": "170787"
},
{
"db": "PACKETSTORM",
"id": "176313"
},
{
"db": "PACKETSTORM",
"id": "176728"
},
{
"db": "PACKETSTORM",
"id": "172366"
},
{
"db": "PACKETSTORM",
"id": "172210"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2943"
},
{
"db": "NVD",
"id": "CVE-2022-24765"
}
]
},
"id": "VAR-202204-0692",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-414584"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T21:40:06.726000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Uncontrolled\u00a0search\u00a0for\u00a0the\u00a0Git\u00a0directory\u00a0in\u00a0Git\u00a0for\u00a0Windows Apple Apple\u00a0Security\u00a0Updates",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html"
},
{
"title": "Git for Windows Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=190447"
},
{
"title": "Ubuntu Security Notice: USN-5511-1: Git vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5511-1"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1589",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1589"
},
{
"title": "Debian CVElist Bug Report Logs: git: CVE-2022-29187",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=31324a5ad54489fd6559d515d47be3cb"
},
{
"title": "Red Hat: Moderate: git security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20232319 - Security Advisory"
},
{
"title": "Red Hat: Moderate: git security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20232859 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1810",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1810"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2022-24765"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-067",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-067"
},
{
"title": "Amazon Linux 2022: ALAS-2022-236",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS-2022-236"
},
{
"title": "act-fail-example",
"trust": 0.1,
"url": "https://github.com/makiuchi-d/act-fail-example "
},
{
"title": "https://github.com/hdclark/Ygor",
"trust": 0.1,
"url": "https://github.com/hdclark/Ygor "
},
{
"title": "JDim - 2ch browser for linux",
"trust": 0.1,
"url": "https://github.com/JDimproved/JDim "
},
{
"title": "BISDN Linux build system",
"trust": 0.1,
"url": "https://github.com/bisdn/bisdn-linux "
},
{
"title": "Table of Contents\nIntroduction\nGitHub\nUseful links",
"trust": 0.1,
"url": "https://github.com/davetang/getting_started_with_git "
},
{
"title": "https://github.com/9069332997/session-1-full-stack",
"trust": 0.1,
"url": "https://github.com/9069332997/session-1-full-stack "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2022/04/13/git_vuln/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-24765"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009728"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2943"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.1
},
{
"problemtype": "Uncontrolled search path elements (CWE-427) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414584"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009728"
},
{
"db": "NVD",
"id": "CVE-2022-24765"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213261"
},
{
"trust": 1.8,
"url": "https://github.com/git-for-windows/git/security/advisories/ghsa-vw2c-22j4-2fh2"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/31"
},
{
"trust": 1.8,
"url": "https://git-scm.com/book/en/v2/appendix-a%3a-git-in-other-environments-git-in-bash"
},
{
"trust": 1.8,
"url": "https://git-scm.com/docs/git#documentation/git.txt-codegitceilingdirectoriescode"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2022/04/12/7"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24765"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202312-15"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ptn5nyehyn2oqshsamcnicznk2u4qh6/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/benqytdgul6tf3ualy6gsiexihuiynwm/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/slp42kiz6hactvzmzljlfjq4w2xyt27m/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/trzg5cduq27owtpc5mqor4uasnxhwezs/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ddi325loo2xbddklinoaqjeg6mhaurze/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/dikwiswudft2faityia6372bvlh3oooc/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/yrocmbwyfkrss64po6funm6l7lkbukvw/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hvoler2pigmhpqmdgg4rde2kzb74qla2/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/udzrzal7qulob6v7mkt66momwjlbjpx4/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-24765"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ddi325loo2xbddklinoaqjeg6mhaurze/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/slp42kiz6hactvzmzljlfjq4w2xyt27m/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/benqytdgul6tf3ualy6gsiexihuiynwm/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/trzg5cduq27owtpc5mqor4uasnxhwezs/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5ptn5nyehyn2oqshsamcnicznk2u4qh6/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hvoler2pigmhpqmdgg4rde2kzb74qla2/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/udzrzal7qulob6v7mkt66momwjlbjpx4/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/dikwiswudft2faityia6372bvlh3oooc/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/yrocmbwyfkrss64po6funm6l7lkbukvw/"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-24765"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1595"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041513"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041314"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166827/ubuntu-security-notice-usn-5376-2.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213261"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1809"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4630"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170787/debian-security-advisory-5332-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071416"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071350"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051709"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041265"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042574"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022061215"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-24765/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/git-code-execution-via-multi-user-machines-38033"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166705/ubuntu-security-notice-usn-5376-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167204/apple-security-advisory-2022-05-16-8.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3430"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072638"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3674"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167744/ubuntu-security-notice-usn-5511-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072538"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29187"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39253"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39260"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5511-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41903"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23521"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-39260"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-39253"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-29187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/427.html"
},
{
"trust": 0.1,
"url": "https://github.com/makiuchi-d/act-fail-example"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1589.html"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.12"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/git/1:2.32.0-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.10"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5376-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/git/1:2.32.0-1ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/git"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-29007"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-25815"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-25652"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-22490"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168160"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0407.json"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107439"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2024:0407"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168161"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137422"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073414"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137423"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2859"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2319"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414584"
},
{
"db": "VULMON",
"id": "CVE-2022-24765"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009728"
},
{
"db": "PACKETSTORM",
"id": "167744"
},
{
"db": "PACKETSTORM",
"id": "166705"
},
{
"db": "PACKETSTORM",
"id": "170787"
},
{
"db": "PACKETSTORM",
"id": "176313"
},
{
"db": "PACKETSTORM",
"id": "176728"
},
{
"db": "PACKETSTORM",
"id": "172366"
},
{
"db": "PACKETSTORM",
"id": "172210"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2943"
},
{
"db": "NVD",
"id": "CVE-2022-24765"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-414584"
},
{
"db": "VULMON",
"id": "CVE-2022-24765"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-009728"
},
{
"db": "PACKETSTORM",
"id": "167744"
},
{
"db": "PACKETSTORM",
"id": "166705"
},
{
"db": "PACKETSTORM",
"id": "170787"
},
{
"db": "PACKETSTORM",
"id": "176313"
},
{
"db": "PACKETSTORM",
"id": "176728"
},
{
"db": "PACKETSTORM",
"id": "172366"
},
{
"db": "PACKETSTORM",
"id": "172210"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2943"
},
{
"db": "NVD",
"id": "CVE-2022-24765"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-12T00:00:00",
"db": "VULHUB",
"id": "VHN-414584"
},
{
"date": "2022-04-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-24765"
},
{
"date": "2023-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-009728"
},
{
"date": "2022-07-14T14:29:12",
"db": "PACKETSTORM",
"id": "167744"
},
{
"date": "2022-04-13T15:00:59",
"db": "PACKETSTORM",
"id": "166705"
},
{
"date": "2023-01-30T16:35:13",
"db": "PACKETSTORM",
"id": "170787"
},
{
"date": "2023-12-27T14:55:24",
"db": "PACKETSTORM",
"id": "176313"
},
{
"date": "2024-01-26T15:20:15",
"db": "PACKETSTORM",
"id": "176728"
},
{
"date": "2023-05-16T17:08:14",
"db": "PACKETSTORM",
"id": "172366"
},
{
"date": "2023-05-09T15:18:13",
"db": "PACKETSTORM",
"id": "172210"
},
{
"date": "2022-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2943"
},
{
"date": "2022-04-12T18:15:09.390000",
"db": "NVD",
"id": "CVE-2022-24765"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-414584"
},
{
"date": "2023-12-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-24765"
},
{
"date": "2023-08-08T03:01:00",
"db": "JVNDB",
"id": "JVNDB-2022-009728"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2943"
},
{
"date": "2024-11-21T06:51:02.873000",
"db": "NVD",
"id": "CVE-2022-24765"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2943"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Git\u00a0for\u00a0Windows\u00a0 Vulnerability regarding uncontrolled search path elements in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-009728"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2943"
}
],
"trust": 0.6
}
}
var-202011-1329
Vulnerability from variot
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. tcpdump Is vulnerable to resource allocation without restrictions or throttling.Denial of service (DoS) It may be put into a state. tcpdump is a set of sniffing tools run under the command line by the Tcpdump team. Summary:
An update for tcpdump is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.
Security Fix(es):
- tcpdump: ppp decapsulator can be convinced to allocate a large amount of memory (CVE-2020-8037)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: tcpdump-4.9.3-2.el8.src.rpm
aarch64: tcpdump-4.9.3-2.el8.aarch64.rpm tcpdump-debuginfo-4.9.3-2.el8.aarch64.rpm tcpdump-debugsource-4.9.3-2.el8.aarch64.rpm
ppc64le: tcpdump-4.9.3-2.el8.ppc64le.rpm tcpdump-debuginfo-4.9.3-2.el8.ppc64le.rpm tcpdump-debugsource-4.9.3-2.el8.ppc64le.rpm
s390x: tcpdump-4.9.3-2.el8.s390x.rpm tcpdump-debuginfo-4.9.3-2.el8.s390x.rpm tcpdump-debugsource-4.9.3-2.el8.s390x.rpm
x86_64: tcpdump-4.9.3-2.el8.x86_64.rpm tcpdump-debuginfo-4.9.3-2.el8.x86_64.rpm tcpdump-debugsource-4.9.3-2.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-8037 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYYrdidzjgjWX9erEAQhDCg/9Ek69RNw0Y2StR6KPJIm8xUPW8WYFNHag j9yEG5rPacLLPrrjDQkMhGOSywVdU3DRxyZWHGn18HjbsOfS7Wrj08BVtwdLWm9Y +3D57e/4+ZCXFl+4JBcueSfDmNqQbZRqYO+OOlQfvUZ82iU7JNwbacfDrtbhydj2 VcRKoQ5DCXkcyJp3AG0bf8+7goPpQGMRjTJP/cH1lExOiOzPKPXUTFmVeNyr1VTw QxwQgtYqGbheNTsCrdlwqRvmkvjMEfamsHkUQppoB9MJWv9ALBGJ7MbBgfP0VUhE NxO4bT2c1+FM2YF30pDtCsO3Jw72Z+jNGkPGh6njzdCBTN+wDHO08snQzQYMq26T WZnEq61QQy+TukdCM4MIYkKdozLusTWmlH/z8/oPPvvKOWM9239swV7ijegZcsU5 SFMDnyZe+A5iaddixc5v+2e9NRE5d44miXi34AbTuuIbt3ICBqfOzR/77EyyAXUV 9BinfBBCf1wsgKzUkvxnASnxtcjtk5gmo1V+s0Swhz2X3oEC+e3T7IT0HKiE3jfe bMH5GFyW58eV54U5pP+s0CzQnX7zv4ZQga78VhNR/FU0uvmOwKRHXe6Ra++o1m6h ympHQrgfQlrVKe+0mGtRiZVP7UkzQlt0n0JmZb2r3DVHqSY5mf4+1GzLRxYKqhPT wzpVwG+8r9E=lQRI -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-5331-2 April 11, 2022
tcpdump vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in tcpdump. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that tcpdump incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2018-16301)
It was discovered that tcpdump incorrectly handled certain captured data. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-8037)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: tcpdump 4.9.3-4ubuntu0.1
Ubuntu 18.04 LTS: tcpdump 4.9.3-0ubuntu0.18.04.2
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-04-26-2 macOS Big Sur 11.3
macOS Big Sur 11.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212325.
APFS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1853: Gary Nield of ECSC Group plc and Tim Michaud(@TimGMichaud) of Zoom Video Communications
AppleMobileFileIntegrity Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: An issue in code signature validation was addressed with improved checks. CVE-2021-1849: Siguza
Apple Neural Engine Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1867: Zuozhi Fan (@pattern_F_) and Wish Wu(吴潍浠) of Ant Group Tianqiong Security Lab
Archive Utility Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-1810: an anonymous researcher
Audio Available for: macOS Big Sur Impact: An application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab
CFNetwork Available for: macOS Big Sur Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1857: an anonymous researcher
CoreAudio Available for: macOS Big Sur Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab
CoreAudio Available for: macOS Big Sur Impact: A malicious application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab
CoreFoundation Available for: macOS Big Sur Impact: A malicious application may be able to leak sensitive user information Description: A validation issue was addressed with improved logic. CVE-2021-30659: Thijs Alkemade of Computest
CoreGraphics Available for: macOS Big Sur Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2021-1847: Xuwei Liu of Purdue University
CoreText Available for: macOS Big Sur Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A logic issue was addressed with improved state management. CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab
curl Available for: macOS Big Sur Impact: An attacker may provide a fraudulent OCSP response that would appear valid Description: This issue was addressed with improved checks. CVE-2020-8286: an anonymous researcher
curl Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A buffer overflow was addressed with improved input validation. CVE-2020-8285: xnynx
DiskArbitration Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. CVE-2021-1784: Mikko Kenttälä (@Turmio_) of SensorFu, Csaba Fitzl (@theevilbit) of Offensive Security, and an anonymous researcher
FaceTime Available for: macOS Big Sur Impact: Muting a CallKit call while ringing may not result in mute being enabled Description: A logic issue was addressed with improved state management. CVE-2021-1872: Siraj Zaneer of Facebook
FontParser Available for: macOS Big Sur Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi (@hjy79425575) of Qihoo 360
Foundation Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1882: Gabe Kirkpatrick (@gabe_k)
Foundation Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A validation issue was addressed with improved logic. CVE-2021-1813: Cees Elzinga
Heimdal Available for: macOS Big Sur Impact: Processing maliciously crafted server messages may lead to heap corruption Description: This issue was addressed with improved checks. CVE-2021-1883: Gabe Kirkpatrick (@gabe_k)
Heimdal Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A race condition was addressed with improved locking. CVE-2021-1884: Gabe Kirkpatrick (@gabe_k)
ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1880: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30653: Ye Zhang of Baidu Security CVE-2021-1814: Ye Zhang of Baidu Security, Mickey Jin & Qi Sun of Trend Micro, and Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1843: Ye Zhang of Baidu Security
ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1885: CFF of Topsec Alpha Team
ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1858: Mickey Jin of Trend Micro
Installer Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved handling of file metadata. CVE-2021-30658: Wojciech Reguła (@_r3ggi) of SecuRing
Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1841: Jack Dates of RET2 Systems, Inc. CVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
Kernel Available for: macOS Big Sur Impact: A malicious application may be able to disclose kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1860: @0xalsr
Kernel Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-1851: @0xalsr
Kernel Available for: macOS Big Sur Impact: Copied files may not have the expected file permissions Description: The issue was addressed with improved permissions logic. CVE-2021-1832: an anonymous researcher
Kernel Available for: macOS Big Sur Impact: A malicious application may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30660: Alex Plaskett
libxpc Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2021-30652: James Hutchins
libxslt Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to heap corruption Description: A double free issue was addressed with improved memory management. CVE-2021-1875: Found by OSS-Fuzz
Login Window Available for: macOS Big Sur Impact: A malicious application with root privileges may be able to access private information Description: This issue was addressed with improved entitlements. CVE-2021-1824: Wojciech Reguła (@_r3ggi) of SecuRing
Notes Available for: macOS Big Sur Impact: Locked Notes content may have been unexpectedly unlocked Description: A logic issue was addressed with improved state management. CVE-2021-1859: Syed Ali Shuja (@SyedAliShuja) of Colour King Pvt. Ltd
NSRemoteView Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1876: Matthew Denton of Google Chrome
Preferences Available for: macOS Big Sur Impact: A local user may be able to modify protected parts of the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) CVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
Safari Available for: macOS Big Sur Impact: A malicious website may be able to track users by setting state in a cache Description: An issue existed in determining cache occupancy. The issue was addressed through improved logic. CVE-2021-1861: Konstantinos Solomos of University of Illinois at Chicago
Safari Available for: macOS Big Sur Impact: A malicious website may be able to force unnecessary network connections to fetch its favicon Description: A logic issue was addressed with improved state management. CVE-2021-1855: Håvard Mikkelsen Ottestad of HASMAC AS
SampleAnalysis Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1868: Tim Michaud of Zoom Communications
smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An integer overflow was addressed with improved input validation. CVE-2021-1878: Aleksandar Nikolic of Cisco Talos (talosintelligence.com)
System Preferences Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30657: an anonymous researcher
tcpdump Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-8037: an anonymous researcher
Time Machine Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: The issue was addressed with improved permissions logic. CVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2021-1825: Alex Camboe of Aon’s Cyber Solutions
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-1817: an anonymous researcher
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved restrictions. CVE-2021-1826: an anonymous researcher
WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1820: an anonymous researcher
WebKit Storage Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management. CVE-2021-30661: yangkang(@dnpushme) of 360 ATA
WebRTC Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A use after free issue was addressed with improved memory management. CVE-2020-7463: Megan2013678
Wi-Fi Available for: macOS Big Sur Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2021-1829: Tielei Wang of Pangu Lab
Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with system privileges Description: The issue was addressed with improved permissions logic. CVE-2021-30655: Gary Nield of ECSC Group plc and Tim Michaud(@TimGMichaud) of Zoom Video Communications and Wojciech Reguła (@_r3ggi) of SecuRing
Windows Server Available for: macOS Big Sur Impact: A malicious application may be able to unexpectedly leak a user's credentials from secure text fields Description: An API issue in Accessibility TCC permissions was addressed with improved state management. CVE-2021-1873: an anonymous researcher
Installation note:
This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO0UACgkQZcsbuWJ6 jjA/XA/7BDDpbLo0btLbUrps6ELmcqFZhpvhuekw8Yd3jVeJihLcJGJpY38ZCcne srCJHuXPzlk3ex0bVkKNRrB04xF0vCA4TEBsJ495754PAKWrxmlx0Ce8zg4h+ey/ cMTaUgfB1sgOFO8kJCKJurCjhyQ3Xj5c5xa8/zxlKoAgI36PmhZsCoXC6KD+5mqn QCRF0kE/y0QSfsq13j4grLGMXLS4pkAJRMWvDiEliYDTw3pOul7ZDOwxLEyucVTv fE60H7ff7jfPbDcQ4yEgEbla40+YZYwl9Sv4zxIU2OBPva6HLbA+PXxk4F1QX7eA ECrfycMSIbQKZ2phryENZCcrX5DN4M/VcGIHq4ujF2CXBJymSWV0O5k5K0GzZ0Ko T2Zr2LOOunvHGrYy0okholNYb0iMA09dvwuDdEGr+vhLZhq1BBbmThhNEnArl7mE /fx2bvaS3o8TxGuh7mbeFK9q5Tafxe5Qhwgz9pnAtqBC8z1NgQoetk9pKPNDIsNY t3/7Xcix+fs28YOjmxPTpntud0EGSjxXm4g0bDbsU922iV1Z3ncgOvd//IzPXniS v4IqR/gPbhg+c2CGoaezD91sE5onLuMmFCogkUyftGHnN0EueKMjI+3fmyG4l4d1 0C3to6hKJNmTm56RgxwfVVOeVnsPF490s9LUYzO4ZUbaQHIuDfo= =9+Ju -----END PGP SIGNATURE-----
. Description:
Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provides a multicloud data management service with an S3 compatible API.
Bug Fix(es):
-
Previously, when the namespace store target was deleted, no alert was sent to the namespace bucket because of an issue in calculating the namespace bucket health. With this update, the issue in calculating the namespace bucket health is fixed and alerts are triggered as expected. (BZ#1993873)
-
Previously, the Multicloud Object Gateway (MCG) components performed slowly and there was a lot of pressure on the MCG components due to non-optimized database queries. With this update the non-optimized database queries are fixed which reduces the compute resources and time taken for queries. Bugs fixed (https://bugzilla.redhat.com/):
1993873 - [4.8.z clone] Alert NooBaaNamespaceBucketErrorState is not triggered when namespacestore's target bucket is deleted 2006958 - CVE-2020-26301 nodejs-ssh2: Command injection by calling vulnerable method with untrusted input
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1329",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "tcpdump",
"scope": "eq",
"trust": 1.0,
"vendor": "tcpdump",
"version": "4.9.3"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "tcpdump",
"scope": null,
"trust": 0.8,
"vendor": "the tcpdump group",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012987"
},
{
"db": "NVD",
"id": "CVE-2020-8037"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "162360"
},
{
"db": "PACKETSTORM",
"id": "162362"
},
{
"db": "PACKETSTORM",
"id": "162358"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-289"
}
],
"trust": 0.9
},
"cve": "CVE-2020-8037",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-8037",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-186162",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8037",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-8037",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8037",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-8037",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-289",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-186162",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-8037",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186162"
},
{
"db": "VULMON",
"id": "CVE-2020-8037"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012987"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-289"
},
{
"db": "NVD",
"id": "CVE-2020-8037"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. tcpdump Is vulnerable to resource allocation without restrictions or throttling.Denial of service (DoS) It may be put into a state. tcpdump is a set of sniffing tools run under the command line by the Tcpdump team. Summary:\n\nAn update for tcpdump is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe tcpdump packages contain the tcpdump utility for monitoring network\ntraffic. The tcpdump utility can capture and display the packet headers on\na particular network interface or on all interfaces. \n\nSecurity Fix(es):\n\n* tcpdump: ppp decapsulator can be convinced to allocate a large amount of\nmemory (CVE-2020-8037)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\ntcpdump-4.9.3-2.el8.src.rpm\n\naarch64:\ntcpdump-4.9.3-2.el8.aarch64.rpm\ntcpdump-debuginfo-4.9.3-2.el8.aarch64.rpm\ntcpdump-debugsource-4.9.3-2.el8.aarch64.rpm\n\nppc64le:\ntcpdump-4.9.3-2.el8.ppc64le.rpm\ntcpdump-debuginfo-4.9.3-2.el8.ppc64le.rpm\ntcpdump-debugsource-4.9.3-2.el8.ppc64le.rpm\n\ns390x:\ntcpdump-4.9.3-2.el8.s390x.rpm\ntcpdump-debuginfo-4.9.3-2.el8.s390x.rpm\ntcpdump-debugsource-4.9.3-2.el8.s390x.rpm\n\nx86_64:\ntcpdump-4.9.3-2.el8.x86_64.rpm\ntcpdump-debuginfo-4.9.3-2.el8.x86_64.rpm\ntcpdump-debugsource-4.9.3-2.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-8037\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYYrdidzjgjWX9erEAQhDCg/9Ek69RNw0Y2StR6KPJIm8xUPW8WYFNHag\nj9yEG5rPacLLPrrjDQkMhGOSywVdU3DRxyZWHGn18HjbsOfS7Wrj08BVtwdLWm9Y\n+3D57e/4+ZCXFl+4JBcueSfDmNqQbZRqYO+OOlQfvUZ82iU7JNwbacfDrtbhydj2\nVcRKoQ5DCXkcyJp3AG0bf8+7goPpQGMRjTJP/cH1lExOiOzPKPXUTFmVeNyr1VTw\nQxwQgtYqGbheNTsCrdlwqRvmkvjMEfamsHkUQppoB9MJWv9ALBGJ7MbBgfP0VUhE\nNxO4bT2c1+FM2YF30pDtCsO3Jw72Z+jNGkPGh6njzdCBTN+wDHO08snQzQYMq26T\nWZnEq61QQy+TukdCM4MIYkKdozLusTWmlH/z8/oPPvvKOWM9239swV7ijegZcsU5\nSFMDnyZe+A5iaddixc5v+2e9NRE5d44miXi34AbTuuIbt3ICBqfOzR/77EyyAXUV\n9BinfBBCf1wsgKzUkvxnASnxtcjtk5gmo1V+s0Swhz2X3oEC+e3T7IT0HKiE3jfe\nbMH5GFyW58eV54U5pP+s0CzQnX7zv4ZQga78VhNR/FU0uvmOwKRHXe6Ra++o1m6h\nympHQrgfQlrVKe+0mGtRiZVP7UkzQlt0n0JmZb2r3DVHqSY5mf4+1GzLRxYKqhPT\nwzpVwG+8r9E=lQRI\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-5331-2\nApril 11, 2022\n\ntcpdump vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in tcpdump. This update provides\nthe corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. \n\n\nOriginal advisory details:\n\n\nIt was discovered that tcpdump incorrectly handled certain inputs. \nAn attacker could possibly use this issue to cause a denial of service,\nor possibly execute arbitrary code. (CVE-2018-16301)\n\nIt was discovered that tcpdump incorrectly handled certain captured data. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2020-8037)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\ntcpdump 4.9.3-4ubuntu0.1\n\nUbuntu 18.04 LTS:\ntcpdump 4.9.3-0ubuntu0.18.04.2\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-04-26-2 macOS Big Sur 11.3\n\nmacOS Big Sur 11.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212325. \n\nAPFS\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1853: Gary Nield of ECSC Group plc and Tim\nMichaud(@TimGMichaud) of Zoom Video Communications\n\nAppleMobileFileIntegrity\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2021-1849: Siguza\n\nApple Neural Engine\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1867: Zuozhi Fan (@pattern_F_) and Wish Wu(\u5434\u6f4d\u6d60) of Ant Group\nTianqiong Security Lab\n\nArchive Utility\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1810: an anonymous researcher\n\nAudio\nAvailable for: macOS Big Sur\nImpact: An application may be able to read restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab\n\nCFNetwork\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1857: an anonymous researcher\n\nCoreAudio\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted audio file may disclose\nrestricted memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to read restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab\n\nCoreFoundation\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-30659: Thijs Alkemade of Computest\n\nCoreGraphics\nAvailable for: macOS Big Sur\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1847: Xuwei Liu of Purdue University\n\nCoreText\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab\n\ncurl\nAvailable for: macOS Big Sur\nImpact: An attacker may provide a fraudulent OCSP response that would\nappear valid\nDescription: This issue was addressed with improved checks. \nCVE-2020-8286: an anonymous researcher\n\ncurl\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A buffer overflow was addressed with improved input\nvalidation. \nCVE-2020-8285: xnynx\n\nDiskArbitration\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: A permissions issue existed in DiskArbitration. This was\naddressed with additional ownership checks. \nCVE-2021-1784: Mikko Kentt\u00e4l\u00e4 (@Turmio_) of SensorFu, Csaba Fitzl\n(@theevilbit) of Offensive Security, and an anonymous researcher\n\nFaceTime\nAvailable for: macOS Big Sur\nImpact: Muting a CallKit call while ringing may not result in mute\nbeing enabled\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1872: Siraj Zaneer of Facebook\n\nFontParser\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security\nLight-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi\n(@hjy79425575) of Qihoo 360\n\nFoundation\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1882: Gabe Kirkpatrick (@gabe_k)\n\nFoundation\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-1813: Cees Elzinga\n\nHeimdal\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted server messages may lead to\nheap corruption\nDescription: This issue was addressed with improved checks. \nCVE-2021-1883: Gabe Kirkpatrick (@gabe_k)\n\nHeimdal\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A race condition was addressed with improved locking. \nCVE-2021-1884: Gabe Kirkpatrick (@gabe_k)\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-1880: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30653: Ye Zhang of Baidu Security\nCVE-2021-1814: Ye Zhang of Baidu Security, Mickey Jin \u0026 Qi Sun of\nTrend Micro, and Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-1843: Ye Zhang of Baidu Security\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1885: CFF of Topsec Alpha Team\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-1858: Mickey Jin of Trend Micro\n\nInstaller\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved handling of file\nmetadata. \nCVE-2021-30658: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-1841: Jack Dates of RET2 Systems, Inc. \nCVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to disclose kernel memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1860: @0xalsr\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1851: @0xalsr\n\nKernel\nAvailable for: macOS Big Sur\nImpact: Copied files may not have the expected file permissions\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1832: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30660: Alex Plaskett\n\nlibxpc\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2021-30652: James Hutchins\n\nlibxslt\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to heap\ncorruption\nDescription: A double free issue was addressed with improved memory\nmanagement. \nCVE-2021-1875: Found by OSS-Fuzz\n\nLogin Window\nAvailable for: macOS Big Sur\nImpact: A malicious application with root privileges may be able to\naccess private information\nDescription: This issue was addressed with improved entitlements. \nCVE-2021-1824: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nNotes\nAvailable for: macOS Big Sur\nImpact: Locked Notes content may have been unexpectedly unlocked\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1859: Syed Ali Shuja (@SyedAliShuja) of Colour King Pvt. Ltd\n\nNSRemoteView\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-1876: Matthew Denton of Google Chrome\n\nPreferences\nAvailable for: macOS Big Sur\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\nCVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\nCVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nSafari\nAvailable for: macOS Big Sur\nImpact: A malicious website may be able to track users by setting\nstate in a cache\nDescription: An issue existed in determining cache occupancy. The\nissue was addressed through improved logic. \nCVE-2021-1861: Konstantinos Solomos of University of Illinois at\nChicago\n\nSafari\nAvailable for: macOS Big Sur\nImpact: A malicious website may be able to force unnecessary network\nconnections to fetch its favicon\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1855: H\u00e5vard Mikkelsen Ottestad of HASMAC AS\n\nSampleAnalysis\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1868: Tim Michaud of Zoom Communications\n\nsmbx\nAvailable for: macOS Big Sur\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2021-1878: Aleksandar Nikolic of Cisco Talos\n(talosintelligence.com)\n\nSystem Preferences\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30657: an anonymous researcher\n\ntcpdump\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2020-8037: an anonymous researcher\n\nTime Machine\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications\nand Gary Nield of ECSC Group plc\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2021-1825: Alex Camboe of Aon\u2019s Cyber Solutions\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-1817: an anonymous researcher\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-1826: an anonymous researcher\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1820: an anonymous researcher\n\nWebKit Storage\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. Apple is aware of a report that this issue\nmay have been actively exploited. \nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30661: yangkang(@dnpushme) of 360 ATA\n\nWebRTC\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-7463: Megan2013678\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-1829: Tielei Wang of Pangu Lab\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-30655: Gary Nield of ECSC Group plc and Tim\nMichaud(@TimGMichaud) of Zoom Video Communications and Wojciech\nRegu\u0142a (@_r3ggi) of SecuRing\n\nWindows Server\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to unexpectedly leak a\nuser\u0027s credentials from secure text fields\nDescription: An API issue in Accessibility TCC permissions was\naddressed with improved state management. \nCVE-2021-1873: an anonymous researcher\n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO0UACgkQZcsbuWJ6\njjA/XA/7BDDpbLo0btLbUrps6ELmcqFZhpvhuekw8Yd3jVeJihLcJGJpY38ZCcne\nsrCJHuXPzlk3ex0bVkKNRrB04xF0vCA4TEBsJ495754PAKWrxmlx0Ce8zg4h+ey/\ncMTaUgfB1sgOFO8kJCKJurCjhyQ3Xj5c5xa8/zxlKoAgI36PmhZsCoXC6KD+5mqn\nQCRF0kE/y0QSfsq13j4grLGMXLS4pkAJRMWvDiEliYDTw3pOul7ZDOwxLEyucVTv\nfE60H7ff7jfPbDcQ4yEgEbla40+YZYwl9Sv4zxIU2OBPva6HLbA+PXxk4F1QX7eA\nECrfycMSIbQKZ2phryENZCcrX5DN4M/VcGIHq4ujF2CXBJymSWV0O5k5K0GzZ0Ko\nT2Zr2LOOunvHGrYy0okholNYb0iMA09dvwuDdEGr+vhLZhq1BBbmThhNEnArl7mE\n/fx2bvaS3o8TxGuh7mbeFK9q5Tafxe5Qhwgz9pnAtqBC8z1NgQoetk9pKPNDIsNY\nt3/7Xcix+fs28YOjmxPTpntud0EGSjxXm4g0bDbsU922iV1Z3ncgOvd//IzPXniS\nv4IqR/gPbhg+c2CGoaezD91sE5onLuMmFCogkUyftGHnN0EueKMjI+3fmyG4l4d1\n0C3to6hKJNmTm56RgxwfVVOeVnsPF490s9LUYzO4ZUbaQHIuDfo=\n=9+Ju\n-----END PGP SIGNATURE-----\n\n\n. Description:\n\nRed Hat OpenShift Container Storage is software-defined storage integrated\nwith and optimized for the Red Hat OpenShift Container Platform. \nRed Hat OpenShift Container Storage is highly scalable, production-grade\npersistent storage for stateful applications running in the Red Hat\nOpenShift Container Platform. In addition to persistent storage, Red Hat\nOpenShift Container Storage provides a multicloud data management service\nwith an S3 compatible API. \n\nBug Fix(es):\n\n* Previously, when the namespace store target was deleted, no alert was\nsent to the namespace bucket because of an issue in calculating the\nnamespace bucket health. With this update, the issue in calculating the\nnamespace bucket health is fixed and alerts are triggered as expected. \n(BZ#1993873)\n\n* Previously, the Multicloud Object Gateway (MCG) components performed\nslowly and there was a lot of pressure on the MCG components due to\nnon-optimized database queries. With this update the non-optimized\ndatabase queries are fixed which reduces the compute resources and time\ntaken for queries. Bugs fixed (https://bugzilla.redhat.com/):\n\n1993873 - [4.8.z clone] Alert NooBaaNamespaceBucketErrorState is not triggered when namespacestore\u0027s target bucket is deleted\n2006958 - CVE-2020-26301 nodejs-ssh2: Command injection by calling vulnerable method with untrusted input\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8037"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012987"
},
{
"db": "VULHUB",
"id": "VHN-186162"
},
{
"db": "VULMON",
"id": "CVE-2020-8037"
},
{
"db": "PACKETSTORM",
"id": "164891"
},
{
"db": "PACKETSTORM",
"id": "166678"
},
{
"db": "PACKETSTORM",
"id": "162360"
},
{
"db": "PACKETSTORM",
"id": "162362"
},
{
"db": "PACKETSTORM",
"id": "166346"
},
{
"db": "PACKETSTORM",
"id": "162358"
},
{
"db": "PACKETSTORM",
"id": "165096"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-186162",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186162"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8037",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "166346",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162358",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "164891",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165096",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012987",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166678",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021042704",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031718",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1409.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3818",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3961",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1152",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4094",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202011-289",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162362",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162360",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-186162",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-8037",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186162"
},
{
"db": "VULMON",
"id": "CVE-2020-8037"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012987"
},
{
"db": "PACKETSTORM",
"id": "164891"
},
{
"db": "PACKETSTORM",
"id": "166678"
},
{
"db": "PACKETSTORM",
"id": "162360"
},
{
"db": "PACKETSTORM",
"id": "162362"
},
{
"db": "PACKETSTORM",
"id": "166346"
},
{
"db": "PACKETSTORM",
"id": "162358"
},
{
"db": "PACKETSTORM",
"id": "165096"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-289"
},
{
"db": "NVD",
"id": "CVE-2020-8037"
}
]
},
"id": "VAR-202011-1329",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-186162"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:22:31.267000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212327",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00018.html"
},
{
"title": "tcpdump Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134500"
},
{
"title": "Debian CVElist Bug Report Logs: tcpdump: CVE-2020-8037",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=60ea8b9518e441ea29029cccbcdf4aa4"
},
{
"title": "Apple: macOS Big Sur 11.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=c631c09ebe15d0799205eda727cdfeb3"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8037"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012987"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-289"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.1
},
{
"problemtype": "Allocation of resources without limits or throttling (CWE-770) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186162"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012987"
},
{
"db": "NVD",
"id": "CVE-2020-8037"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8037"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht212325"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht212326"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht212327"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2021/apr/51"
},
{
"trust": 1.8,
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00018.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/f2mx34mjiujqgl6cmepltkfoooc3cj4z/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lwdbonzvlc6baor2km376djcm4h3ferv/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/f2mx34mjiujqgl6cmepltkfoooc3cj4z/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lwdbonzvlc6baor2km376djcm4h3ferv/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031718"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166346/ubuntu-security-notice-usn-5331-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4094/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3818"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165096/red-hat-security-advisory-2021-4845-05.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1152"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042704"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4019"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht212327"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1409.2"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164891/red-hat-security-advisory-2021-4236-04.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3961/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162358/apple-security-advisory-2021-04-26-2.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166678/ubuntu-security-notice-usn-5331-2.html"
},
{
"trust": 0.3,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1813"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1840"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1739"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1828"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1809"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1784"
},
{
"trust": 0.3,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1843"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1811"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1839"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1834"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1808"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8037"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5331-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16301"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1860"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1857"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1876"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1875"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1847"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1810"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1824"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3838"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1797"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1873"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1740"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1868"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/770.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4236"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5331-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tcpdump/4.9.3-4ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tcpdump/4.9.3-0ubuntu0.18.04.2"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212326."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1878"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212327."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1815"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7463"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1846"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1832"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212325."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1829"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20095"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20266"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28493"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26301"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26301"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28957"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20095"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28493"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186162"
},
{
"db": "VULMON",
"id": "CVE-2020-8037"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012987"
},
{
"db": "PACKETSTORM",
"id": "164891"
},
{
"db": "PACKETSTORM",
"id": "166678"
},
{
"db": "PACKETSTORM",
"id": "162360"
},
{
"db": "PACKETSTORM",
"id": "162362"
},
{
"db": "PACKETSTORM",
"id": "166346"
},
{
"db": "PACKETSTORM",
"id": "162358"
},
{
"db": "PACKETSTORM",
"id": "165096"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-289"
},
{
"db": "NVD",
"id": "CVE-2020-8037"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-186162"
},
{
"db": "VULMON",
"id": "CVE-2020-8037"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012987"
},
{
"db": "PACKETSTORM",
"id": "164891"
},
{
"db": "PACKETSTORM",
"id": "166678"
},
{
"db": "PACKETSTORM",
"id": "162360"
},
{
"db": "PACKETSTORM",
"id": "162362"
},
{
"db": "PACKETSTORM",
"id": "166346"
},
{
"db": "PACKETSTORM",
"id": "162358"
},
{
"db": "PACKETSTORM",
"id": "165096"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-289"
},
{
"db": "NVD",
"id": "CVE-2020-8037"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-04T00:00:00",
"db": "VULHUB",
"id": "VHN-186162"
},
{
"date": "2020-11-04T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8037"
},
{
"date": "2021-06-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012987"
},
{
"date": "2021-11-10T17:13:26",
"db": "PACKETSTORM",
"id": "164891"
},
{
"date": "2022-04-11T17:16:34",
"db": "PACKETSTORM",
"id": "166678"
},
{
"date": "2021-04-28T14:58:36",
"db": "PACKETSTORM",
"id": "162360"
},
{
"date": "2021-04-28T15:00:23",
"db": "PACKETSTORM",
"id": "162362"
},
{
"date": "2022-03-16T17:29:24",
"db": "PACKETSTORM",
"id": "166346"
},
{
"date": "2021-04-28T14:55:56",
"db": "PACKETSTORM",
"id": "162358"
},
{
"date": "2021-11-29T18:12:32",
"db": "PACKETSTORM",
"id": "165096"
},
{
"date": "2020-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-289"
},
{
"date": "2020-11-04T18:15:20.843000",
"db": "NVD",
"id": "CVE-2020-8037"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-186162"
},
{
"date": "2021-05-05T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8037"
},
{
"date": "2021-06-16T06:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012987"
},
{
"date": "2022-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-289"
},
{
"date": "2024-11-21T05:38:16.200000",
"db": "NVD",
"id": "CVE-2020-8037"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-289"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "tcpdump\u00a0 Vulnerability in resource allocation without restrictions or throttling in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012987"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-289"
}
],
"trust": 0.6
}
}
var-202109-1900
Vulnerability from variot
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. HAProxy Exists in an integer overflow vulnerability.Information may be tampered with. HAProxy is an open source TCP/HTTP load balancing server from the French HAProxy= company. =
There is an input validation error vulnerability in HAProxy, which stems from the lack of header name length checking in the htx_add_header() and htx_add_trailer() functions in HAProxy, which can be exploited by attackers to cause request smuggling attacks or response splitting attacks. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.2.11 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments.
Clusters and applications are all visible and managed from a single console — with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/
Security updates:
-
object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 (CVE-2021-23434)
-
follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)
Related bugs:
-
RHACM 2.2.11 images (Bugzilla #2029508)
-
ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 (Bugzilla
2030859)
- Bugs fixed (https://bugzilla.redhat.com/):
1999810 - CVE-2021-23434 object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 2029508 - RHACM 2.2.11 images 2030859 - ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4968-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 07, 2021 https://www.debian.org/security/faq
Package : haproxy CVE ID : CVE-2021-40346
Ori Hollander reported that missing header name length checks in the htx_add_header() and htx_add_trailer() functions in HAProxy, a fast and reliable load balancing reverse proxy, could result in request smuggling attacks or response splitting attacks.
Additionally this update addresses #993303 introduced in DSA 4960-1 causing HAProxy to fail serving URLs with HTTP/2 containing '//'.
For the stable distribution (bullseye), this problem has been fixed in version 2.2.9-2+deb11u2.
We recommend that you upgrade your haproxy packages.
For the detailed security status of haproxy please refer to its security tracker page at: https://security-tracker.debian.org/tracker/haproxy
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmE30edfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QPzQ//Xl1VpOHuAwqodHnEx3DSP172eZ6lD3Mdrs+GXscbkCXTMHduSXGnSGA3 N1IrN8Wt1bfvxybqdR3CLTehTzmgBJLGEz8Ub5gu0IJ2o1edyiqpZBDhZvDSCPFC iFHWucZ2asOb9c/rCapTi7AD+S7NpC5AnIGfNhUHYWnFwR7Id8gHvd9JaHUGrInh P4T5lzY70fvNFPrSye7CQFPcSScHOe29i7igKXZmV+FxvnYEYJyavf6ijwGTJF87 e1lJAm8er9bQZp3GLzkbI3bRUDmO+IgGX+H3Qz/PxbU23PhyDN91QVWCY/CX11nN yH4evBchPM1ap2o8hPZYpUYUznYekOA1CfYxTcuP5oc9QFMEzHMNUVhSihsjGA4Y fCxFmdhcQzTLI7GcZTkSB2k0CikF4ncH7aqtM7oK2z/CM/uJeVO1WzRtvyJKuD72 Lv6PwQ/AbMa/dKYzROyQE0vDzRd23UzlQzg1npbpHlfPYXOgyfIRLCIfBPatyGrR snpdsNnGejesNmsbxCBwQGz2jsrgSqMe1qkho9ebK3aeaSA1lRe+WXV87NYH2wZi JOQH9JjqXCwkH/JDoOBWasOAhyKPs4jv1JT2L2iXCNVbFcgklnc+iaUgafYV9tob QMoc5oZREvgkpu+TOOTOBmrOw4sDfEOgcNf3G1sBBFKS4ds5wv0= =8IRe -----END PGP SIGNATURE----- . Bugs fixed (https://bugzilla.redhat.com/):
2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.9.6 packages and security update Advisory ID: RHSA-2021:4118-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:4118 Issue date: 2021-11-10 CVE Names: CVE-2021-39240 CVE-2021-39241 CVE-2021-39242 CVE-2021-40346 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.9.6 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat OpenShift Container Platform 4.9 - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.6. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:4119
Security Fix(es):
- haproxy: does not ensure that the scheme and path portions of a URI have the expected characters (CVE-2021-39240)
- haproxy: an HTTP method name may contain a space followed by the name of a protected resource (CVE-2021-39241)
- haproxy: it can lead to a situation with an attacker-controlled HTTP Host header because a mismatch between Host and authority is mishandled (CVE-2021-39242)
- haproxy: request smuggling attack or response splitting via duplicate content-length header (CVE-2021-40346)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
- Solution:
For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1995104 - CVE-2021-39240 haproxy: does not ensure that the scheme and path portions of a URI have the expected characters 1995107 - CVE-2021-39241 haproxy: an HTTP method name may contain a space followed by the name of a protected resource 1995112 - CVE-2021-39242 haproxy: it can lead to a situation with an attacker-controlled HTTP Host header because a mismatch between Host and authority is mishandled 2000599 - CVE-2021-40346 haproxy: request smuggling attack or response splitting via duplicate content-length header
- Package List:
Red Hat OpenShift Container Platform 4.9:
Source: cri-o-1.22.0-91.rhaos4.9.gitd745cab.el7.src.rpm openshift-4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el7.src.rpm
x86_64: cri-o-1.22.0-91.rhaos4.9.gitd745cab.el7.x86_64.rpm cri-o-debuginfo-1.22.0-91.rhaos4.9.gitd745cab.el7.x86_64.rpm openshift-hyperkube-4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el7.x86_64.rpm
Red Hat OpenShift Container Platform 4.9:
Source: cri-o-1.22.0-78.rhaos4.9.gitd745cab.el8.src.rpm haproxy-2.2.15-2.el8.src.rpm openshift-4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8.src.rpm openshift-kuryr-4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8.src.rpm openstack-ironic-18.1.1-0.20211019162143.e0437cd.el8.src.rpm
aarch64: cri-o-1.22.0-78.rhaos4.9.gitd745cab.el8.aarch64.rpm cri-o-debuginfo-1.22.0-78.rhaos4.9.gitd745cab.el8.aarch64.rpm cri-o-debugsource-1.22.0-78.rhaos4.9.gitd745cab.el8.aarch64.rpm haproxy-debugsource-2.2.15-2.el8.aarch64.rpm openshift-hyperkube-4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8.aarch64.rpm
noarch: openshift-kuryr-cni-4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8.noarch.rpm openshift-kuryr-common-4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8.noarch.rpm openshift-kuryr-controller-4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8.noarch.rpm openstack-ironic-api-18.1.1-0.20211019162143.e0437cd.el8.noarch.rpm openstack-ironic-common-18.1.1-0.20211019162143.e0437cd.el8.noarch.rpm openstack-ironic-conductor-18.1.1-0.20211019162143.e0437cd.el8.noarch.rpm python3-ironic-tests-18.1.1-0.20211019162143.e0437cd.el8.noarch.rpm python3-kuryr-kubernetes-4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8.noarch.rpm
ppc64le: cri-o-1.22.0-78.rhaos4.9.gitd745cab.el8.ppc64le.rpm cri-o-debuginfo-1.22.0-78.rhaos4.9.gitd745cab.el8.ppc64le.rpm cri-o-debugsource-1.22.0-78.rhaos4.9.gitd745cab.el8.ppc64le.rpm haproxy-debugsource-2.2.15-2.el8.ppc64le.rpm openshift-hyperkube-4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8.ppc64le.rpm
s390x: cri-o-1.22.0-78.rhaos4.9.gitd745cab.el8.s390x.rpm cri-o-debuginfo-1.22.0-78.rhaos4.9.gitd745cab.el8.s390x.rpm cri-o-debugsource-1.22.0-78.rhaos4.9.gitd745cab.el8.s390x.rpm haproxy-debugsource-2.2.15-2.el8.s390x.rpm openshift-hyperkube-4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8.s390x.rpm
x86_64: cri-o-1.22.0-78.rhaos4.9.gitd745cab.el8.x86_64.rpm cri-o-debuginfo-1.22.0-78.rhaos4.9.gitd745cab.el8.x86_64.rpm cri-o-debugsource-1.22.0-78.rhaos4.9.gitd745cab.el8.x86_64.rpm haproxy-debugsource-2.2.15-2.el8.x86_64.rpm openshift-hyperkube-4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-39240 https://access.redhat.com/security/cve/CVE-2021-39241 https://access.redhat.com/security/cve/CVE-2021-39242 https://access.redhat.com/security/cve/CVE-2021-40346 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYYx8gNzjgjWX9erEAQjjTg/5AXMVm45fYdpV7EOawTw6ADN3G+MIC9F+ 4/Yi3cEdClLzvColFg9mR8Ha/HrtSc8hl/ImYCdWpdaAgR69Z2ReFYR8skd6IQlg 2yqP8Fv34dXLxMkTgFpf2P4xsVdvAaKW5LXuZZ8tNYIRmCFmDJLbO1lyAAb0f7Tg cYFQE5LsuBSFceuY405VYjdwrAR1N/EwzleqpTrgcdeGliwRnfpiOjTs9rXgIIkf EFccGSIJpvlsibKm78o8PVxpoKmwRPnIUU/lOlLEsx4epYEal332i/JOhctXQ0MD KIPy0Ghto00KDyBfp1JziS3by4TD3DPYoZ2LqlmN844BUc4de7h/48gwy8n3PK7g A+0sguS3K4lTrb0INV6f3fPBsULZSAAhuPMkpAf0YgfnLdJlkm+oXBWDyiERZyaX lcQREEMJoKWnw5s83ip+o+QQdisxQ5olqEMD6g0qT9msUvgha4OIEgnN1dYgFvEK IY3zgShDHQGg2LwAXku1pvEB+N5MedDM/4OWV7qhFUN1edlTePGqN8tIE/bgEpib 464s1Q3FMcTwQDOmKpTh5GTt8TKkuNIibfHFqqwEJ/L/1L77qDjtp4EapFm0USxq 0R/bVd733gsEXghAv1NRBHQECb727Fne6cNLu+TffFQbtfSel+0MGogsSURVhy7e 7lkzoAA4Wc4= =r4tE -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/):
2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1900",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "haproxy",
"scope": "gte",
"trust": 1.0,
"vendor": "haproxy",
"version": "2.3.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "haproxy",
"scope": "gte",
"trust": 1.0,
"vendor": "haproxy",
"version": "2.4.0"
},
{
"model": "haproxy",
"scope": "gte",
"trust": 1.0,
"vendor": "haproxy",
"version": "2.0.0"
},
{
"model": "haproxy",
"scope": "eq",
"trust": 1.0,
"vendor": "haproxy",
"version": "2.5"
},
{
"model": "haproxy",
"scope": "lt",
"trust": 1.0,
"vendor": "haproxy",
"version": "2.3.14"
},
{
"model": "haproxy",
"scope": "gte",
"trust": 1.0,
"vendor": "haproxy",
"version": "2.2.0"
},
{
"model": "haproxy",
"scope": "lt",
"trust": 1.0,
"vendor": "haproxy",
"version": "2.2.17"
},
{
"model": "haproxy",
"scope": "lt",
"trust": 1.0,
"vendor": "haproxy",
"version": "2.0.25"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "haproxy",
"scope": "lt",
"trust": 1.0,
"vendor": "haproxy",
"version": "2.4.4"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "haproxy",
"scope": null,
"trust": 0.8,
"vendor": "willy tarreau",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "haproxy",
"scope": "gte",
"trust": 0.6,
"vendor": "haproxy",
"version": "2.0,\u003c=2.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-05867"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011455"
},
{
"db": "NVD",
"id": "CVE-2021-40346"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "165481"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "164940"
},
{
"db": "PACKETSTORM",
"id": "165552"
}
],
"trust": 0.5
},
"cve": "CVE-2021-40346",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-40346",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-05867",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-40346",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-40346",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-40346",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-40346",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-05867",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-365",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-40346",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-05867"
},
{
"db": "VULMON",
"id": "CVE-2021-40346"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011455"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-365"
},
{
"db": "NVD",
"id": "CVE-2021-40346"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. HAProxy Exists in an integer overflow vulnerability.Information may be tampered with. HAProxy is an open source TCP/HTTP load balancing server from the French HAProxy= company. =\n\r\n\r\nThere is an input validation error vulnerability in HAProxy, which stems from the lack of header name length checking in the htx_add_header() and htx_add_trailer() functions in HAProxy, which can be exploited by attackers to cause request smuggling attacks or response splitting attacks. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.11 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. \n\nClusters and applications are all visible and managed from a single console\n\u2014 with security policy built in. See the following Release Notes documentation, which\nwill be updated shortly for this release, for additional details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/\n\nSecurity updates:\n\n* object-path: Type confusion vulnerability can lead to a bypass of\nCVE-2020-15256 (CVE-2021-23434)\n\n* follow-redirects: Exposure of Private Personal Information to an\nUnauthorized Actor (CVE-2022-0155)\n\nRelated bugs: \n\n* RHACM 2.2.11 images (Bugzilla #2029508)\n\n* ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 (Bugzilla\n#2030859)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1999810 - CVE-2021-23434 object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256\n2029508 - RHACM 2.2.11 images\n2030859 - ClusterImageSet has 4.5 which is not supported in ACM 2.2.10\n2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4968-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nSeptember 07, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : haproxy\nCVE ID : CVE-2021-40346\n\nOri Hollander reported that missing header name length checks in the\nhtx_add_header() and htx_add_trailer() functions in HAProxy, a fast and\nreliable load balancing reverse proxy, could result in request smuggling\nattacks or response splitting attacks. \n\nAdditionally this update addresses #993303 introduced in DSA 4960-1\ncausing HAProxy to fail serving URLs with HTTP/2 containing \u0027//\u0027. \n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 2.2.9-2+deb11u2. \n\nWe recommend that you upgrade your haproxy packages. \n\nFor the detailed security status of haproxy please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/haproxy\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmE30edfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0QPzQ//Xl1VpOHuAwqodHnEx3DSP172eZ6lD3Mdrs+GXscbkCXTMHduSXGnSGA3\nN1IrN8Wt1bfvxybqdR3CLTehTzmgBJLGEz8Ub5gu0IJ2o1edyiqpZBDhZvDSCPFC\niFHWucZ2asOb9c/rCapTi7AD+S7NpC5AnIGfNhUHYWnFwR7Id8gHvd9JaHUGrInh\nP4T5lzY70fvNFPrSye7CQFPcSScHOe29i7igKXZmV+FxvnYEYJyavf6ijwGTJF87\ne1lJAm8er9bQZp3GLzkbI3bRUDmO+IgGX+H3Qz/PxbU23PhyDN91QVWCY/CX11nN\nyH4evBchPM1ap2o8hPZYpUYUznYekOA1CfYxTcuP5oc9QFMEzHMNUVhSihsjGA4Y\nfCxFmdhcQzTLI7GcZTkSB2k0CikF4ncH7aqtM7oK2z/CM/uJeVO1WzRtvyJKuD72\nLv6PwQ/AbMa/dKYzROyQE0vDzRd23UzlQzg1npbpHlfPYXOgyfIRLCIfBPatyGrR\nsnpdsNnGejesNmsbxCBwQGz2jsrgSqMe1qkho9ebK3aeaSA1lRe+WXV87NYH2wZi\nJOQH9JjqXCwkH/JDoOBWasOAhyKPs4jv1JT2L2iXCNVbFcgklnc+iaUgafYV9tob\nQMoc5oZREvgkpu+TOOTOBmrOw4sDfEOgcNf3G1sBBFKS4ds5wv0=\n=8IRe\n-----END PGP SIGNATURE-----\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: OpenShift Container Platform 4.9.6 packages and security update\nAdvisory ID: RHSA-2021:4118-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:4118\nIssue date: 2021-11-10\nCVE Names: CVE-2021-39240 CVE-2021-39241 CVE-2021-39242 \n CVE-2021-40346 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.9.6 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat OpenShift Container Platform 4.9 - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.9.6. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:4119\n\nSecurity Fix(es):\n\n* haproxy: does not ensure that the scheme and path portions of a URI have\nthe expected characters (CVE-2021-39240)\n* haproxy: an HTTP method name may contain a space followed by the name of\na protected resource (CVE-2021-39241)\n* haproxy: it can lead to a situation with an attacker-controlled HTTP Host\nheader because a mismatch between Host and authority is mishandled\n(CVE-2021-39242)\n* haproxy: request smuggling attack or response splitting via duplicate\ncontent-length header (CVE-2021-40346)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAll OpenShift Container Platform 4.9 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n4. Solution:\n\nFor OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster\n- -cli.html\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1995104 - CVE-2021-39240 haproxy: does not ensure that the scheme and path portions of a URI have the expected characters\n1995107 - CVE-2021-39241 haproxy: an HTTP method name may contain a space followed by the name of a protected resource\n1995112 - CVE-2021-39242 haproxy: it can lead to a situation with an attacker-controlled HTTP Host header because a mismatch between Host and authority is mishandled\n2000599 - CVE-2021-40346 haproxy: request smuggling attack or response splitting via duplicate content-length header\n\n6. Package List:\n\nRed Hat OpenShift Container Platform 4.9:\n\nSource:\ncri-o-1.22.0-91.rhaos4.9.gitd745cab.el7.src.rpm\nopenshift-4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el7.src.rpm\n\nx86_64:\ncri-o-1.22.0-91.rhaos4.9.gitd745cab.el7.x86_64.rpm\ncri-o-debuginfo-1.22.0-91.rhaos4.9.gitd745cab.el7.x86_64.rpm\nopenshift-hyperkube-4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el7.x86_64.rpm\n\nRed Hat OpenShift Container Platform 4.9:\n\nSource:\ncri-o-1.22.0-78.rhaos4.9.gitd745cab.el8.src.rpm\nhaproxy-2.2.15-2.el8.src.rpm\nopenshift-4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8.src.rpm\nopenshift-kuryr-4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8.src.rpm\nopenstack-ironic-18.1.1-0.20211019162143.e0437cd.el8.src.rpm\n\naarch64:\ncri-o-1.22.0-78.rhaos4.9.gitd745cab.el8.aarch64.rpm\ncri-o-debuginfo-1.22.0-78.rhaos4.9.gitd745cab.el8.aarch64.rpm\ncri-o-debugsource-1.22.0-78.rhaos4.9.gitd745cab.el8.aarch64.rpm\nhaproxy-debugsource-2.2.15-2.el8.aarch64.rpm\nopenshift-hyperkube-4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8.aarch64.rpm\n\nnoarch:\nopenshift-kuryr-cni-4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8.noarch.rpm\nopenshift-kuryr-common-4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8.noarch.rpm\nopenshift-kuryr-controller-4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8.noarch.rpm\nopenstack-ironic-api-18.1.1-0.20211019162143.e0437cd.el8.noarch.rpm\nopenstack-ironic-common-18.1.1-0.20211019162143.e0437cd.el8.noarch.rpm\nopenstack-ironic-conductor-18.1.1-0.20211019162143.e0437cd.el8.noarch.rpm\npython3-ironic-tests-18.1.1-0.20211019162143.e0437cd.el8.noarch.rpm\npython3-kuryr-kubernetes-4.9.0-202110281423.p0.git.4595a4e.assembly.stream.el8.noarch.rpm\n\nppc64le:\ncri-o-1.22.0-78.rhaos4.9.gitd745cab.el8.ppc64le.rpm\ncri-o-debuginfo-1.22.0-78.rhaos4.9.gitd745cab.el8.ppc64le.rpm\ncri-o-debugsource-1.22.0-78.rhaos4.9.gitd745cab.el8.ppc64le.rpm\nhaproxy-debugsource-2.2.15-2.el8.ppc64le.rpm\nopenshift-hyperkube-4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8.ppc64le.rpm\n\ns390x:\ncri-o-1.22.0-78.rhaos4.9.gitd745cab.el8.s390x.rpm\ncri-o-debuginfo-1.22.0-78.rhaos4.9.gitd745cab.el8.s390x.rpm\ncri-o-debugsource-1.22.0-78.rhaos4.9.gitd745cab.el8.s390x.rpm\nhaproxy-debugsource-2.2.15-2.el8.s390x.rpm\nopenshift-hyperkube-4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8.s390x.rpm\n\nx86_64:\ncri-o-1.22.0-78.rhaos4.9.gitd745cab.el8.x86_64.rpm\ncri-o-debuginfo-1.22.0-78.rhaos4.9.gitd745cab.el8.x86_64.rpm\ncri-o-debugsource-1.22.0-78.rhaos4.9.gitd745cab.el8.x86_64.rpm\nhaproxy-debugsource-2.2.15-2.el8.x86_64.rpm\nopenshift-hyperkube-4.9.0-202111020225.p0.git.d8c4430.assembly.stream.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-39240\nhttps://access.redhat.com/security/cve/CVE-2021-39241\nhttps://access.redhat.com/security/cve/CVE-2021-39242\nhttps://access.redhat.com/security/cve/CVE-2021-40346\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYYx8gNzjgjWX9erEAQjjTg/5AXMVm45fYdpV7EOawTw6ADN3G+MIC9F+\n4/Yi3cEdClLzvColFg9mR8Ha/HrtSc8hl/ImYCdWpdaAgR69Z2ReFYR8skd6IQlg\n2yqP8Fv34dXLxMkTgFpf2P4xsVdvAaKW5LXuZZ8tNYIRmCFmDJLbO1lyAAb0f7Tg\ncYFQE5LsuBSFceuY405VYjdwrAR1N/EwzleqpTrgcdeGliwRnfpiOjTs9rXgIIkf\nEFccGSIJpvlsibKm78o8PVxpoKmwRPnIUU/lOlLEsx4epYEal332i/JOhctXQ0MD\nKIPy0Ghto00KDyBfp1JziS3by4TD3DPYoZ2LqlmN844BUc4de7h/48gwy8n3PK7g\nA+0sguS3K4lTrb0INV6f3fPBsULZSAAhuPMkpAf0YgfnLdJlkm+oXBWDyiERZyaX\nlcQREEMJoKWnw5s83ip+o+QQdisxQ5olqEMD6g0qT9msUvgha4OIEgnN1dYgFvEK\nIY3zgShDHQGg2LwAXku1pvEB+N5MedDM/4OWV7qhFUN1edlTePGqN8tIE/bgEpib\n464s1Q3FMcTwQDOmKpTh5GTt8TKkuNIibfHFqqwEJ/L/1L77qDjtp4EapFm0USxq\n0R/bVd733gsEXghAv1NRBHQECb727Fne6cNLu+TffFQbtfSel+0MGogsSURVhy7e\n7lkzoAA4Wc4=\n=r4tE\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-40346"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011455"
},
{
"db": "CNVD",
"id": "CNVD-2022-05867"
},
{
"db": "VULMON",
"id": "CVE-2021-40346"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "169123"
},
{
"db": "PACKETSTORM",
"id": "165481"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "164940"
},
{
"db": "PACKETSTORM",
"id": "165552"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-40346",
"trust": 4.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011455",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165481",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164940",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "165552",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-05867",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "165624",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164079",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1071",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3024",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3853",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3263",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0716",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0048",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0175",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0238",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011734",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021111101",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011936",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021090814",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010526",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-365",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-40346",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166309",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169123",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166051",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-05867"
},
{
"db": "VULMON",
"id": "CVE-2021-40346"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011455"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "169123"
},
{
"db": "PACKETSTORM",
"id": "165481"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "164940"
},
{
"db": "PACKETSTORM",
"id": "165552"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-365"
},
{
"db": "NVD",
"id": "CVE-2021-40346"
}
]
},
"id": "VAR-202109-1900",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-05867"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-05867"
}
]
},
"last_update_date": "2024-11-29T19:25:45.719000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Messages\u00a0by\u00a0Thread",
"trust": 0.8,
"url": "https://www.debian.org/security/2021/dsa-4968"
},
{
"title": "Patch for HAProxy Input Validation Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/315566"
},
{
"title": "Haproxy HAProxy Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=162748"
},
{
"title": "Debian Security Advisories: DSA-4968-1 haproxy -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5748f9c5d3808c8bcb9436e54096d270"
},
{
"title": "Red Hat: CVE-2021-40346",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-40346"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-40346 log"
},
{
"title": "Amazon Linux 2: ALASHAPROXY2-2023-005",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALASHAPROXY2-2023-005"
},
{
"title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220580 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220856 - Security Advisory"
},
{
"title": "CVE-2021-40346",
"trust": 0.1,
"url": "https://github.com/knqyf263/CVE-2021-40346 "
},
{
"title": "CVE-2021-40346-POC",
"trust": 0.1,
"url": "https://github.com/donky16/CVE-2021-40346-POC "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-05867"
},
{
"db": "VULMON",
"id": "CVE-2021-40346"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011455"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-365"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.0
},
{
"problemtype": "Integer overflow or wraparound (CWE-190) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-011455"
},
{
"db": "NVD",
"id": "CVE-2021-40346"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40346"
},
{
"trust": 1.6,
"url": "https://github.com/haproxy/haproxy/commit/3b69886f7dcc3cfb3d166309018e6cfec9ce2c95"
},
{
"trust": 1.6,
"url": "https://git.haproxy.org/?p=haproxy.git"
},
{
"trust": 1.6,
"url": "https://www.debian.org/security/2021/dsa-4968"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2021-40346"
},
{
"trust": 1.0,
"url": "https://www.mail-archive.com/haproxy%40formilux.org"
},
{
"trust": 1.0,
"url": "https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/"
},
{
"trust": 1.0,
"url": "https://www.mail-archive.com/haproxy%40formilux.org/msg41114.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r284567dd7523f5823e2ce995f787ccd37b1cc4108779c50a97c79120%40%3cdev.cloudstack.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/a7v2iyo22lwvbgunzwvkntmdv4kinlfo/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/mxtsby2teaxwzvfqm3cxhjfronx7pemn/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8a58fd7a29808e5d27ee56877745e58dc4bb041b9af94601554e2a5a%40%3cdev.cloudstack.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r284567dd7523f5823e2ce995f787ccd37b1cc4108779c50a97c79120@%3cdev.cloudstack.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www.mail-archive.com/haproxy@formilux.org/msg41114.html"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8a58fd7a29808e5d27ee56877745e58dc4bb041b9af94601554e2a5a@%3cdev.cloudstack.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/a7v2iyo22lwvbgunzwvkntmdv4kinlfo/"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/mxtsby2teaxwzvfqm3cxhjfronx7pemn/"
},
{
"trust": 0.6,
"url": "http-smuggling/"
},
{
"trust": 0.6,
"url": "https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0048"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021111101"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0175"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165624/red-hat-security-advisory-2022-0114-04.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011936"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1071"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3002"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3024"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164940/red-hat-security-advisory-2021-4118-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165552/red-hat-security-advisory-2022-0026-06.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/haproxy-header-injection-via-htx-36327"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3263"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3853"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011734"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021090814"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0716"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164079/ubuntu-security-notice-usn-5063-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010526"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165481/red-hat-security-advisory-2021-5208-05.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0238"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-39241"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39241"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27645"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-39242"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-39240"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39240"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39242"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0185"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3564"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4122"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0466"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0856"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25214"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3573"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25214"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0920"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/haproxy"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:5209"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5208"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33574"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33560"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24348"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:4119"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4118"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2022:0025"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45105"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0026"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45105"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-05867"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011455"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "169123"
},
{
"db": "PACKETSTORM",
"id": "165481"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "164940"
},
{
"db": "PACKETSTORM",
"id": "165552"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-365"
},
{
"db": "NVD",
"id": "CVE-2021-40346"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-05867"
},
{
"db": "VULMON",
"id": "CVE-2021-40346"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-011455"
},
{
"db": "PACKETSTORM",
"id": "166309"
},
{
"db": "PACKETSTORM",
"id": "169123"
},
{
"db": "PACKETSTORM",
"id": "165481"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "164940"
},
{
"db": "PACKETSTORM",
"id": "165552"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-365"
},
{
"db": "NVD",
"id": "CVE-2021-40346"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-05867"
},
{
"date": "2021-09-08T00:00:00",
"db": "VULMON",
"id": "CVE-2021-40346"
},
{
"date": "2022-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-011455"
},
{
"date": "2022-03-15T15:44:21",
"db": "PACKETSTORM",
"id": "166309"
},
{
"date": "2021-09-28T19:12:00",
"db": "PACKETSTORM",
"id": "169123"
},
{
"date": "2022-01-06T18:21:30",
"db": "PACKETSTORM",
"id": "165481"
},
{
"date": "2022-02-18T16:37:39",
"db": "PACKETSTORM",
"id": "166051"
},
{
"date": "2021-11-11T15:02:06",
"db": "PACKETSTORM",
"id": "164940"
},
{
"date": "2022-01-13T16:32:51",
"db": "PACKETSTORM",
"id": "165552"
},
{
"date": "2021-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-365"
},
{
"date": "2021-09-08T17:15:12.457000",
"db": "NVD",
"id": "CVE-2021-40346"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-05867"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-40346"
},
{
"date": "2022-08-01T07:55:00",
"db": "JVNDB",
"id": "JVNDB-2021-011455"
},
{
"date": "2022-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-365"
},
{
"date": "2024-11-21T06:23:54.997000",
"db": "NVD",
"id": "CVE-2021-40346"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-365"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HAProxy\u00a0 Integer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-011455"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-365"
}
],
"trust": 0.6
}
}
var-202203-1324
Vulnerability from variot
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. There is a security vulnerability in vim, and there is no information about the vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: vim security update Advisory ID: RHSA-2022:5242-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5242 Issue date: 2022-06-28 CVE Names: CVE-2022-0554 CVE-2022-0943 CVE-2022-1154 CVE-2022-1420 CVE-2022-1621 CVE-2022-1629 ==================================================================== 1. Summary:
An update for vim is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 9):
aarch64: vim-X11-8.2.2637-16.el9_0.2.aarch64.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-common-8.2.2637-16.el9_0.2.aarch64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm vim-enhanced-8.2.2637-16.el9_0.2.aarch64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm
ppc64le: vim-X11-8.2.2637-16.el9_0.2.ppc64le.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-common-8.2.2637-16.el9_0.2.ppc64le.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm vim-enhanced-8.2.2637-16.el9_0.2.ppc64le.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm
s390x: vim-X11-8.2.2637-16.el9_0.2.s390x.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-common-8.2.2637-16.el9_0.2.s390x.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm vim-enhanced-8.2.2637-16.el9_0.2.s390x.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm
x86_64: vim-X11-8.2.2637-16.el9_0.2.x86_64.rpm vim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-common-8.2.2637-16.el9_0.2.x86_64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm vim-enhanced-8.2.2637-16.el9_0.2.x86_64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 9):
Source: vim-8.2.2637-16.el9_0.2.src.rpm
aarch64: vim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm vim-minimal-8.2.2637-16.el9_0.2.aarch64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm
noarch: vim-filesystem-8.2.2637-16.el9_0.2.noarch.rpm
ppc64le: vim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm vim-minimal-8.2.2637-16.el9_0.2.ppc64le.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm
s390x: vim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm vim-minimal-8.2.2637-16.el9_0.2.s390x.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm
x86_64: vim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm vim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm vim-minimal-8.2.2637-16.el9_0.2.x86_64.rpm vim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYr6V3dzjgjWX9erEAQgjKg//dM94CB7N4Qs8VgoJIWLkOPOo8LZkQ7rv NNMfLIICSC1ftk1+Yc/qYdyRQUTwzQ4ki7a9JQ4oD279rqJA0vTPQMuosEefTLi/ 3qSATQIOwsqbCCBBTCkQl7hqEMg+I+q35I/i8iAOw51Ec0EfbuoWHdQG/n8JYhTy mLmI6KcEZjRvoPJZdcxtwlAn1rwU8QC35S2x2NOF93CzP95r1ik9v/LxjJQBFVDs xbpHKU8qhmQuqqmnLgOnr8km6ufY8E2kuBfUK1/TIbi65/+ZEfKBuiF5Epfkra6B Cz3Iy8B1qwsl/FUZpzxr7xUfPRd/YEy36qh2R38DUzIzsUukk685OW06UgPJpquc 0vn2TUz2iTyNkvoocai+bDEBADWhsGNYfhBUQOa4N5Q7XBwOyg7j/J2WKIkvhECt LicGtj41J1qbKVDNSXm6hoLQnau8j3McWxjA9P4wdYPA6WzrigoWAct6y0aG1ZIv cSAAw7Wm/GQZ0VjjVBaTEJ7Ky1GHXbLw+CRVir2lgWYPGYn7nI5HNxICqP/0M8Vi 47+Pn+G+GshYhNOarGziOzvrMh7uo47WyK3dOIlBxkgflCbzNMDIUmGDQmfEWsmg qQZbciYy1FZFSEtMIKxQFSNmp6Q0DJDBXOYkVlno0GxNK7NsBtnVXTr0ga4k+0BY SbZjTjlw0C4=7TgI -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Unfortunately that update failed to include binary packages for some architectures. This update fixes that regression.
We apologize for the inconvenience. This issue affected only Ubuntu 22.04 LTS. ========================================================================== Ubuntu Security Notice USN-5460-1 June 06, 2022
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0943)
It was discovered that Vim was incorrectly performing bounds checks when processing invalid commands with composing characters in Ex mode, which could cause a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1616)
It was discovered that Vim was not properly processing latin1 data when issuing Ex commands, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1619)
It was discovered that Vim was not properly performing memory management when dealing with invalid regular expression patterns in buffers, which could cause a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-1620)
It was discovered that Vim was not properly processing invalid bytes when performing spell check operations, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-1621)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: vim 2:7.4.1689-3ubuntu1.5+esm6
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5460-1 CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1621
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-1324",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4563"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007997"
},
{
"db": "NVD",
"id": "CVE-2022-0943"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 0.3
},
"cve": "CVE-2022-0943",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2022-0943",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-415476",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0943",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2022-0943",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-0943",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0943",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0943",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-0943",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1381",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-415476",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0943",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415476"
},
{
"db": "VULMON",
"id": "CVE-2022-0943"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007997"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1381"
},
{
"db": "NVD",
"id": "CVE-2022-0943"
},
{
"db": "NVD",
"id": "CVE-2022-0943"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. There is a security vulnerability in vim, and there is no information about the vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: vim security update\nAdvisory ID: RHSA-2022:5242-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:5242\nIssue date: 2022-06-28\nCVE Names: CVE-2022-0554 CVE-2022-0943 CVE-2022-1154\n CVE-2022-1420 CVE-2022-1621 CVE-2022-1629\n====================================================================\n1. Summary:\n\nAn update for vim is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\naarch64:\nvim-X11-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-common-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\n\nppc64le:\nvim-X11-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-common-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\n\ns390x:\nvim-X11-8.2.2637-16.el9_0.2.s390x.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-common-8.2.2637-16.el9_0.2.s390x.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.s390x.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\n\nx86_64:\nvim-X11-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-common-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-enhanced-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 9):\n\nSource:\nvim-8.2.2637-16.el9_0.2.src.rpm\n\naarch64:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-minimal-8.2.2637-16.el9_0.2.aarch64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.aarch64.rpm\n\nnoarch:\nvim-filesystem-8.2.2637-16.el9_0.2.noarch.rpm\n\nppc64le:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-minimal-8.2.2637-16.el9_0.2.ppc64le.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.ppc64le.rpm\n\ns390x:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.s390x.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\nvim-minimal-8.2.2637-16.el9_0.2.s390x.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.s390x.rpm\n\nx86_64:\nvim-X11-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-common-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-debugsource-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-enhanced-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-minimal-8.2.2637-16.el9_0.2.x86_64.rpm\nvim-minimal-debuginfo-8.2.2637-16.el9_0.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYr6V3dzjgjWX9erEAQgjKg//dM94CB7N4Qs8VgoJIWLkOPOo8LZkQ7rv\nNNMfLIICSC1ftk1+Yc/qYdyRQUTwzQ4ki7a9JQ4oD279rqJA0vTPQMuosEefTLi/\n3qSATQIOwsqbCCBBTCkQl7hqEMg+I+q35I/i8iAOw51Ec0EfbuoWHdQG/n8JYhTy\nmLmI6KcEZjRvoPJZdcxtwlAn1rwU8QC35S2x2NOF93CzP95r1ik9v/LxjJQBFVDs\nxbpHKU8qhmQuqqmnLgOnr8km6ufY8E2kuBfUK1/TIbi65/+ZEfKBuiF5Epfkra6B\nCz3Iy8B1qwsl/FUZpzxr7xUfPRd/YEy36qh2R38DUzIzsUukk685OW06UgPJpquc\n0vn2TUz2iTyNkvoocai+bDEBADWhsGNYfhBUQOa4N5Q7XBwOyg7j/J2WKIkvhECt\nLicGtj41J1qbKVDNSXm6hoLQnau8j3McWxjA9P4wdYPA6WzrigoWAct6y0aG1ZIv\ncSAAw7Wm/GQZ0VjjVBaTEJ7Ky1GHXbLw+CRVir2lgWYPGYn7nI5HNxICqP/0M8Vi\n47+Pn+G+GshYhNOarGziOzvrMh7uo47WyK3dOIlBxkgflCbzNMDIUmGDQmfEWsmg\nqQZbciYy1FZFSEtMIKxQFSNmp6Q0DJDBXOYkVlno0GxNK7NsBtnVXTr0ga4k+0BY\nSbZjTjlw0C4=7TgI\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Unfortunately that update failed\nto include binary packages for some architectures. This update fixes that\nregression. \n\nWe apologize for the inconvenience. This issue affected only Ubuntu 22.04 LTS. ==========================================================================\nUbuntu Security Notice USN-5460-1\nJune 06, 2022\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. \nAn attacker could possibly use this issue to perform illegal memory\naccess and expose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks\nfor column numbers when replacing tabs with spaces or spaces with\ntabs, which could cause a heap buffer overflow. An attacker could\npossibly use this issue to cause a denial of service or execute\narbitrary code. (CVE-2022-0572)\n\nIt was discovered that Vim was not properly performing validation of\ndata that contained special multi-byte characters, which could cause\nan out-of-bounds read. An attacker could possibly use this issue to\ncause a denial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to\ndefine indentation in a file, which could cause a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial\nof service. (CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds\nread. An attacker could possibly use this issue to cause a denial of\nservice. (CVE-2022-0729)\n\nIt was discovered that Vim was not properly performing bounds checks\nwhen executing spell suggestion commands, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-0943)\n\nIt was discovered that Vim was incorrectly performing bounds checks\nwhen processing invalid commands with composing characters in Ex\nmode, which could cause a buffer overflow. An attacker could possibly\nuse this issue to cause a denial of service or execute arbitrary\ncode. (CVE-2022-1616)\n\nIt was discovered that Vim was not properly processing latin1 data\nwhen issuing Ex commands, which could cause a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-1619)\n\nIt was discovered that Vim was not properly performing memory\nmanagement when dealing with invalid regular expression patterns in\nbuffers, which could cause a NULL pointer dereference. An attacker\ncould possibly use this issue to cause a denial of service. \n(CVE-2022-1620)\n\nIt was discovered that Vim was not properly processing invalid bytes\nwhen performing spell check operations, which could cause a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-1621)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n vim 2:7.4.1689-3ubuntu1.5+esm6\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5460-1\n CVE-2022-0554, CVE-2022-0572, CVE-2022-0685, CVE-2022-0714,\n CVE-2022-0729, CVE-2022-0943, CVE-2022-1616, CVE-2022-1619,\n CVE-2022-1620, CVE-2022-1621\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0943"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007997"
},
{
"db": "VULHUB",
"id": "VHN-415476"
},
{
"db": "VULMON",
"id": "CVE-2022-0943"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0943",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "168420",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167666",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168395",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167419",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007997",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1381",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.4617",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4641",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3012",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3226",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072010",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022061208",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070642",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060635",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-415476",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0943",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415476"
},
{
"db": "VULMON",
"id": "CVE-2022-0943"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007997"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1381"
},
{
"db": "NVD",
"id": "CVE-2022-0943"
}
]
},
"id": "VAR-202203-1324",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415476"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:17:20.446000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=186594"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0943"
},
{
"title": "Ubuntu Security Notice: USN-5613-2: Vim regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5613-2"
},
{
"title": "Ubuntu Security Notice: USN-5613-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5613-1"
},
{
"title": "Ubuntu Security Notice: USN-5460-1: Vim vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5460-1"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1579",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1579"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1597",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1597"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1805",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1805"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-077",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-077"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0943"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007997"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1381"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415476"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007997"
},
{
"db": "NVD",
"id": "CVE-2022-0943"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/9e4de32f-ad5f-4830-b3ae-9467b5ab90a1"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/c3r36vslo4trx72swb6idjod24bqxpx2/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/raiqtuo35u5wo2nymy47637emcvdjrsl/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/c3r36vslo4trx72swb6idjod24bqxpx2/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/raiqtuo35u5wo2nymy47637emcvdjrsl/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-0943"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4617"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070642"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-spell-suggest-38013"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220720108"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167666/red-hat-security-advisory-2022-5242-01.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167419/ubuntu-security-notice-usn-5460-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060635"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022061208"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-0943/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2791"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3012"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4641"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168395/ubuntu-security-notice-usn-5613-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168420/ubuntu-security-notice-usn-5613-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3226"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5613-2"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5613-1"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5242"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.8"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1989973"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5460-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415476"
},
{
"db": "VULMON",
"id": "CVE-2022-0943"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007997"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1381"
},
{
"db": "NVD",
"id": "CVE-2022-0943"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415476"
},
{
"db": "VULMON",
"id": "CVE-2022-0943"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007997"
},
{
"db": "PACKETSTORM",
"id": "167666"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "168395"
},
{
"db": "PACKETSTORM",
"id": "168420"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1381"
},
{
"db": "NVD",
"id": "CVE-2022-0943"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-415476"
},
{
"date": "2022-03-14T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0943"
},
{
"date": "2023-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007997"
},
{
"date": "2022-07-01T15:00:50",
"db": "PACKETSTORM",
"id": "167666"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-09-15T14:21:20",
"db": "PACKETSTORM",
"id": "168395"
},
{
"date": "2022-09-19T18:26:16",
"db": "PACKETSTORM",
"id": "168420"
},
{
"date": "2022-06-07T15:13:22",
"db": "PACKETSTORM",
"id": "167419"
},
{
"date": "2022-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1381"
},
{
"date": "2022-03-14T21:15:07.887000",
"db": "NVD",
"id": "CVE-2022-0943"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-415476"
},
{
"date": "2022-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0943"
},
{
"date": "2023-07-24T02:29:00",
"db": "JVNDB",
"id": "JVNDB-2022-007997"
},
{
"date": "2022-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1381"
},
{
"date": "2024-11-21T06:39:42.793000",
"db": "NVD",
"id": "CVE-2022-0943"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1381"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007997"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1381"
}
],
"trust": 0.6
}
}
var-202208-0859
Vulnerability from variot
The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. feep.net of libtar Products from multiple other vendors are vulnerable to lack of freeing memory after expiration.Service operation interruption (DoS) It may be in a state. openEuler is an operating system of the Open Atom Open Source Foundation. There are security vulnerabilities in openEuler 20.03-LTS-SP1, 20.03-LTS-SP3 and 22.03-LTS versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: libtar security update Advisory ID: RHSA-2023:2898-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2898 Issue date: 2023-05-16 CVE Names: CVE-2021-33643 CVE-2021-33644 CVE-2021-33645 CVE-2021-33646 ==================================================================== 1. Summary:
An update for libtar is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The libtar packages contain a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions.
Security Fix(es):
-
libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)
-
libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)
-
libtar: memory leak found in th_read() function (CVE-2021-33645)
-
libtar: memory leak found in th_read() function (CVE-2021-33646)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: libtar-1.2.20-17.el8.src.rpm
aarch64: libtar-1.2.20-17.el8.aarch64.rpm libtar-debuginfo-1.2.20-17.el8.aarch64.rpm libtar-debugsource-1.2.20-17.el8.aarch64.rpm
ppc64le: libtar-1.2.20-17.el8.ppc64le.rpm libtar-debuginfo-1.2.20-17.el8.ppc64le.rpm libtar-debugsource-1.2.20-17.el8.ppc64le.rpm
s390x: libtar-1.2.20-17.el8.s390x.rpm libtar-debuginfo-1.2.20-17.el8.s390x.rpm libtar-debugsource-1.2.20-17.el8.s390x.rpm
x86_64: libtar-1.2.20-17.el8.i686.rpm libtar-1.2.20-17.el8.x86_64.rpm libtar-debuginfo-1.2.20-17.el8.i686.rpm libtar-debuginfo-1.2.20-17.el8.x86_64.rpm libtar-debugsource-1.2.20-17.el8.i686.rpm libtar-debugsource-1.2.20-17.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-33643 https://access.redhat.com/security/cve/CVE-2021-33644 https://access.redhat.com/security/cve/CVE-2021-33645 https://access.redhat.com/security/cve/CVE-2021-33646 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBZGNwdNzjgjWX9erEAQjfPw//SoG/pVemP1peDGxUFDfBMBbldrFWpNro Te4tTe3YAkVgQgtnGZ8n3Arlrryk+3wfgQj3u9gdUj1w14YyEZC8hpWLCXI5iw/P Ul4dHHOnO0UW568dkaqUeJjl02o2ugRp2RZVt14yuZqLKmF9WCJW7lCZQLoqCIVp 7P3vZOQBlyU6BuGXO4Th86fpLDEZCboBQDA2QeNFvt+qNwvNxgb3A05217tfXnZ4 EpltZPIrl8pzEmmWA09XeFgIm5GXNiWjjR/fF3OHSgQ9cmXnafxWSBNiDlzHNQCk 0/z5gcvl+BJLceQoZBo6hdldHCiOF20jCxr8Nb/3sSJ+zAqQqqNsnDQ1TGs2GMDz Mx5JECSk0p79MMKR0mrP2NbCqxqEsqOkjinIa0PDlKNPFbEikA4l7fXu58KyHsr/ V9otYHvD1ilS7cTw1FGi198oodCofA+euZCQBNnWuFbnrCo1cyRBN6mjCMZwDgww ZhNWOUvAmkhtC5ebBb8zuMJ73ojSwiv886kJbEjDlG7SDGbMPHxEAgTHWZp5l+jw z36m+SegsAXE/UKHRYTFriRA5p1pyq/AVUMwhMXvQhwwNxPl2wsaUOJGFBw3Fu3n bAFXpxAngQvELHEFOtmL9fzbnFo93OTkvuz9tJpbvNOCmDBJJEN6Znhic0iWzT0p kHiakPvkvj4=I+bk -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-0859",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openeuler",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "22.03"
},
{
"model": "openeuler",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "20.03"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "libtar",
"scope": "lt",
"trust": 1.0,
"vendor": "feep",
"version": "1.2.21"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "openeuler",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "libtar",
"scope": null,
"trust": 0.8,
"vendor": "feep net",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020152"
},
{
"db": "NVD",
"id": "CVE-2021-33645"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "172362"
}
],
"trust": 0.1
},
"cve": "CVE-2021-33645",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-33645",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-33645",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33645",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-33645",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2781",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020152"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2781"
},
{
"db": "NVD",
"id": "CVE-2021-33645"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The th_read() function doesn\u2019t free a variable t-\u003eth_buf.gnu_longlink after allocating memory, which may cause a memory leak. feep.net of libtar Products from multiple other vendors are vulnerable to lack of freeing memory after expiration.Service operation interruption (DoS) It may be in a state. openEuler is an operating system of the Open Atom Open Source Foundation. There are security vulnerabilities in openEuler 20.03-LTS-SP1, 20.03-LTS-SP3 and 22.03-LTS versions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: libtar security update\nAdvisory ID: RHSA-2023:2898-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:2898\nIssue date: 2023-05-16\nCVE Names: CVE-2021-33643 CVE-2021-33644 CVE-2021-33645\n CVE-2021-33646\n====================================================================\n1. Summary:\n\nAn update for libtar is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe libtar packages contain a C library for manipulating tar archives. The\nlibrary supports both the strict POSIX tar format and many of the commonly\nused GNU extensions. \n\nSecurity Fix(es):\n\n* libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)\n\n* libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)\n\n* libtar: memory leak found in th_read() function (CVE-2021-33645)\n\n* libtar: memory leak found in th_read() function (CVE-2021-33646)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.8 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nlibtar-1.2.20-17.el8.src.rpm\n\naarch64:\nlibtar-1.2.20-17.el8.aarch64.rpm\nlibtar-debuginfo-1.2.20-17.el8.aarch64.rpm\nlibtar-debugsource-1.2.20-17.el8.aarch64.rpm\n\nppc64le:\nlibtar-1.2.20-17.el8.ppc64le.rpm\nlibtar-debuginfo-1.2.20-17.el8.ppc64le.rpm\nlibtar-debugsource-1.2.20-17.el8.ppc64le.rpm\n\ns390x:\nlibtar-1.2.20-17.el8.s390x.rpm\nlibtar-debuginfo-1.2.20-17.el8.s390x.rpm\nlibtar-debugsource-1.2.20-17.el8.s390x.rpm\n\nx86_64:\nlibtar-1.2.20-17.el8.i686.rpm\nlibtar-1.2.20-17.el8.x86_64.rpm\nlibtar-debuginfo-1.2.20-17.el8.i686.rpm\nlibtar-debuginfo-1.2.20-17.el8.x86_64.rpm\nlibtar-debugsource-1.2.20-17.el8.i686.rpm\nlibtar-debugsource-1.2.20-17.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-33643\nhttps://access.redhat.com/security/cve/CVE-2021-33644\nhttps://access.redhat.com/security/cve/CVE-2021-33645\nhttps://access.redhat.com/security/cve/CVE-2021-33646\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZGNwdNzjgjWX9erEAQjfPw//SoG/pVemP1peDGxUFDfBMBbldrFWpNro\nTe4tTe3YAkVgQgtnGZ8n3Arlrryk+3wfgQj3u9gdUj1w14YyEZC8hpWLCXI5iw/P\nUl4dHHOnO0UW568dkaqUeJjl02o2ugRp2RZVt14yuZqLKmF9WCJW7lCZQLoqCIVp\n7P3vZOQBlyU6BuGXO4Th86fpLDEZCboBQDA2QeNFvt+qNwvNxgb3A05217tfXnZ4\nEpltZPIrl8pzEmmWA09XeFgIm5GXNiWjjR/fF3OHSgQ9cmXnafxWSBNiDlzHNQCk\n0/z5gcvl+BJLceQoZBo6hdldHCiOF20jCxr8Nb/3sSJ+zAqQqqNsnDQ1TGs2GMDz\nMx5JECSk0p79MMKR0mrP2NbCqxqEsqOkjinIa0PDlKNPFbEikA4l7fXu58KyHsr/\nV9otYHvD1ilS7cTw1FGi198oodCofA+euZCQBNnWuFbnrCo1cyRBN6mjCMZwDgww\nZhNWOUvAmkhtC5ebBb8zuMJ73ojSwiv886kJbEjDlG7SDGbMPHxEAgTHWZp5l+jw\nz36m+SegsAXE/UKHRYTFriRA5p1pyq/AVUMwhMXvQhwwNxPl2wsaUOJGFBw3Fu3n\nbAFXpxAngQvELHEFOtmL9fzbnFo93OTkvuz9tJpbvNOCmDBJJEN6Znhic0iWzT0p\nkHiakPvkvj4=I+bk\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33645"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020152"
},
{
"db": "VULHUB",
"id": "VHN-393723"
},
{
"db": "PACKETSTORM",
"id": "172362"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33645",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020152",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2781",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-393723",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172362",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393723"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020152"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2781"
},
{
"db": "NVD",
"id": "CVE-2021-33645"
}
]
},
"id": "VAR-202208-0859",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-393723"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:02:28.882000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "openEuler Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=204270"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2781"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-401",
"trust": 1.1
},
{
"problemtype": "Lack of memory release after expiration (CWE-401) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393723"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020152"
},
{
"db": "NVD",
"id": "CVE-2021-33645"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openeuler-sa-2022-1807"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7q26qdnojdofywmjweik5xr62m2ff6ij/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/od4hebsti22fnykokk7w3x6zqe6fv3xc/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4s4pjrcjleawn2ekxglsobtl7o57v7nc/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7wx5ye66ct7y5c2hthxsfdkqwywywj2t/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5yshzy753r7xw6cikjvawi373ww3yrrj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4s4pjrcjleawn2ekxglsobtl7o57v7nc/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5yshzy753r7xw6cikjvawi373ww3yrrj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7q26qdnojdofywmjweik5xr62m2ff6ij/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7wx5ye66ct7y5c2hthxsfdkqwywywj2t/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/od4hebsti22fnykokk7w3x6zqe6fv3xc/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33645"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/libtar-four-vulnerabilities-39176"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-33645/"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33646"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33646"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33644"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33644"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393723"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020152"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2781"
},
{
"db": "NVD",
"id": "CVE-2021-33645"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-393723"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020152"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2781"
},
{
"db": "NVD",
"id": "CVE-2021-33645"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-393723"
},
{
"date": "2023-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-020152"
},
{
"date": "2023-05-16T17:07:39",
"db": "PACKETSTORM",
"id": "172362"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2781"
},
{
"date": "2022-08-10T20:15:20.573000",
"db": "NVD",
"id": "CVE-2021-33645"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-11T00:00:00",
"db": "VULHUB",
"id": "VHN-393723"
},
{
"date": "2023-09-19T08:11:00",
"db": "JVNDB",
"id": "JVNDB-2021-020152"
},
{
"date": "2022-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2781"
},
{
"date": "2023-11-07T03:35:53.790000",
"db": "NVD",
"id": "CVE-2021-33645"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2781"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "feep.net\u00a0 of \u00a0libtar\u00a0 Vulnerability related to lack of free memory after expiration in products from other vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020152"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2781"
}
],
"trust": 0.6
}
}
var-202012-1279
Vulnerability from variot
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. curl Contains a certificate validation vulnerability.Information may be tampered with. HAXX libcurl is an open source client-side URL transfer library developed by Haxx (HAXX) in Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. A security vulnerability exists in libcurl that could be exploited by an attacker to read or write data in a session by acting as a man-in-the-middle through low-level OCSP authentication on libcurl. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4881-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini March 30, 2021 https://www.debian.org/security/faq
Package : curl CVE ID : CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890 Debian Bug : 965280 965281 968831 977161 977162 977163
Multiple vulnerabilities were discovered in cURL, an URL transfer library:
CVE-2020-8169
Marek Szlagor reported that libcurl could be tricked into prepending
a part of the password to the host name before it resolves it,
potentially leaking the partial password over the network and to the
DNS server(s).
CVE-2020-8177
sn reported that curl could be tricked by a malicious server into
overwriting a local file when using th -J (--remote-header-name) and
-i (--include) options in the same command line.
CVE-2020-8231
Marc Aldorasi reported that libcurl might use the wrong connection
when an application using libcurl's multi API sets the option
CURLOPT_CONNECT_ONLY, which could lead to information leaks.
CVE-2020-8284
Varnavas Papaioannou reported that a malicious server could use the
PASV response to trick curl into connecting back to an arbitrary IP
address and port, potentially making curl extract information about
services that are otherwise private and not disclosed.
CVE-2020-8285
xnynx reported that libcurl could run out of stack space when using
tha FTP wildcard matching functionality (CURLOPT_CHUNK_BGN_FUNCTION).
CVE-2020-8286
It was reported that libcurl didn't verify that an OCSP response
actually matches the certificate it is intended to.
CVE-2021-22876
Viktor Szakats reported that libcurl does not strip off user
credentials from the URL when automatically populating the Referer
HTTP request header field in outgoing HTTP requests.
CVE-2021-22890
Mingtao Yang reported that, when using an HTTPS proxy and TLS 1.3,
libcurl could confuse session tickets arriving from the HTTPS proxy
as if they arrived from the remote server instead. This could allow
an HTTPS proxy to trick libcurl into using the wrong session ticket
for the host and thereby circumvent the server TLS certificate check.
For the stable distribution (buster), these problems have been fixed in version 7.64.0-4+deb10u2.
We recommend that you upgrade your curl packages. Description:
This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
curl: Use-after-free in TLS session handling when using OpenSSL TLS backend (CVE-2021-22901)
-
httpd: NULL pointer dereference on specially crafted HTTP/2 request (CVE-2021-31618)
-
libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)
-
curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284)
-
curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)
-
curl: Inferior OCSP verification (CVE-2020-8286)
-
curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)
-
curl: TLS 1.3 session ticket mix-up with HTTPS proxy host (CVE-2021-22890)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically. Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. Bugs fixed (https://bugzilla.redhat.com/):
1847916 - CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect 1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host 1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used 1906096 - CVE-2020-8286 curl: Inferior OCSP verification 1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1941965 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host 1963146 - CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend 1968013 - CVE-2021-31618 httpd: NULL pointer dereference on specially crafted HTTP/2 request
-
Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
-
Bugs fixed (https://bugzilla.redhat.com/):
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve
- JIRA issues fixed (https://issues.jboss.org/):
TRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project
- Bugs fixed (https://bugzilla.redhat.com/):
1937901 - CVE-2021-27918 golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader 1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header 1965503 - CVE-2021-33196 golang: archive/zip: Malformed archive may cause panic or memory exhaustion 1971445 - Release of OpenShift Serverless Serving 1.16.0 1971448 - Release of OpenShift Serverless Eventing 1.16.0
- Summary:
Red Hat OpenShift Container Platform release 4.7.13 is now available with updates to packages and images that fix several bugs.
This release includes a security update for Red Hat OpenShift Container Platform 4.7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.13. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2021:2122
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
This update fixes the following bug among others:
- Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238)
Security Fix(es):
- gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64
The image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x
The image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le
The image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36
All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
- Solution:
For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled" 1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list 1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits 1959238 - CVO creating cloud-controller-manager too early causing upgrade failures 1960103 - SR-IOV obliviously reboot the node 1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1962302 - packageserver clusteroperator does not set reason or message for Available condition 1962312 - Deployment considered unhealthy despite being available and at latest generation 1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1963115 - Test verify /run filesystem contents failing
- References:
https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13012 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-18811 https://access.redhat.com/security/cve/CVE-2019-19523 https://access.redhat.com/security/cve/CVE-2019-19528 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2019-25032 https://access.redhat.com/security/cve/CVE-2019-25034 https://access.redhat.com/security/cve/CVE-2019-25035 https://access.redhat.com/security/cve/CVE-2019-25036 https://access.redhat.com/security/cve/CVE-2019-25037 https://access.redhat.com/security/cve/CVE-2019-25038 https://access.redhat.com/security/cve/CVE-2019-25039 https://access.redhat.com/security/cve/CVE-2019-25040 https://access.redhat.com/security/cve/CVE-2019-25041 https://access.redhat.com/security/cve/CVE-2019-25042 https://access.redhat.com/security/cve/CVE-2020-0431 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9948 https://access.redhat.com/security/cve/CVE-2020-9951 https://access.redhat.com/security/cve/CVE-2020-9983 https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-11608 https://access.redhat.com/security/cve/CVE-2020-12114 https://access.redhat.com/security/cve/CVE-2020-12362 https://access.redhat.com/security/cve/CVE-2020-12464 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13543 https://access.redhat.com/security/cve/CVE-2020-13584 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/cve/CVE-2020-14314 https://access.redhat.com/security/cve/CVE-2020-14344 https://access.redhat.com/security/cve/CVE-2020-14345 https://access.redhat.com/security/cve/CVE-2020-14346 https://access.redhat.com/security/cve/CVE-2020-14347 https://access.redhat.com/security/cve/CVE-2020-14356 https://access.redhat.com/security/cve/CVE-2020-14360 https://access.redhat.com/security/cve/CVE-2020-14361 https://access.redhat.com/security/cve/CVE-2020-14362 https://access.redhat.com/security/cve/CVE-2020-14363 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-15437 https://access.redhat.com/security/cve/CVE-2020-15586 https://access.redhat.com/security/cve/CVE-2020-16845 https://access.redhat.com/security/cve/CVE-2020-24330 https://access.redhat.com/security/cve/CVE-2020-24331 https://access.redhat.com/security/cve/CVE-2020-24332 https://access.redhat.com/security/cve/CVE-2020-24394 https://access.redhat.com/security/cve/CVE-2020-24977 https://access.redhat.com/security/cve/CVE-2020-25212 https://access.redhat.com/security/cve/CVE-2020-25284 https://access.redhat.com/security/cve/CVE-2020-25285 https://access.redhat.com/security/cve/CVE-2020-25643 https://access.redhat.com/security/cve/CVE-2020-25659 https://access.redhat.com/security/cve/CVE-2020-25704 https://access.redhat.com/security/cve/CVE-2020-25712 https://access.redhat.com/security/cve/CVE-2020-26116 https://access.redhat.com/security/cve/CVE-2020-26137 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27619 https://access.redhat.com/security/cve/CVE-2020-27783 https://access.redhat.com/security/cve/CVE-2020-27786 https://access.redhat.com/security/cve/CVE-2020-27835 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-28935 https://access.redhat.com/security/cve/CVE-2020-28974 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2020-35508 https://access.redhat.com/security/cve/CVE-2020-36242 https://access.redhat.com/security/cve/CVE-2020-36322 https://access.redhat.com/security/cve/CVE-2021-0342 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3177 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-21642 https://access.redhat.com/security/cve/CVE-2021-21643 https://access.redhat.com/security/cve/CVE-2021-21644 https://access.redhat.com/security/cve/CVE-2021-21645 https://access.redhat.com/security/cve/CVE-2021-23336 https://access.redhat.com/security/cve/CVE-2021-25215 https://access.redhat.com/security/cve/CVE-2021-30465 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYLXBgdzjgjWX9erEAQiYKw/+MeUvVzbi9kHuo6vE8J9xEQCvgpJtLfRM yj4VFCt8lkWmfGmuAMd5LkvD5suav1Gu9yA6E60VvKrorV6+PDOZ8jiUyzRR+di6 TZZ7Ji6taqaQUuf451KF39zuxYAh29pKT6mZMhmqK65jEg7uj66R8+P2p7tahaai Kkqe6LKxNCXyVzWmc5HHkc3AJJ6vSVIuMeA6KOHpXy0vy57jZKeyb3dau0BVl/ir ZbnbOHdTJ+7hEVV3yGwARcVgUhHDcHiSYAS+RUj7Hqx0RIFilb9RbOdoEdbauaWx CGIdSYmj1F4apCZuYWmhZxtQ5/Lsj7EPi+7UleyTzqgMQsqSr8kvxGe/yzfY+yAQ ++QCSnleeKu/+HjN72d73h8yWGGzMrc/rYwDJWcFwjIL6/pj4Tgm4OK30vJlQUz5 3gHuEDz+j42s270cv6dRDd9v5xpexxIOXyHzruFRLk4xVCnS17PGeJ4I9mJmkYxL 5GuCiMnixToobWtmrh9MX2Qjkhj81o4E+rLMvG/4yUk2kGejo/nLwgZNsSz8gN5Z gMZOYSDys2zJu6/jmxY/8MXzS3yNIJj3FxXe7w5XA0mHUuuZ/EaJsMLnlCCSRARV GpMwj1/Aj1ZSNeYplr2YwQz7lB7hp+J/vn567zBPeYQus5EAyzqzudTbSLdm8ZyL PEh85hYKLe4= =Xe05 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina
Security Update 2021-002 Catalina addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212326.
APFS Available for: macOS Catalina Impact: A local user may be able to read arbitrary files Description: The issue was addressed with improved permissions logic. CVE-2021-1797: Thomas Tempelmann
Archive Utility Available for: macOS Catalina Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-1810: an anonymous researcher
Audio Available for: macOS Catalina Impact: An application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab
CFNetwork Available for: macOS Catalina Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1857: an anonymous researcher
CoreAudio Available for: macOS Catalina Impact: A malicious application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab
CoreGraphics Available for: macOS Catalina Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2021-1847: Xuwei Liu of Purdue University
CoreText Available for: macOS Catalina Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A logic issue was addressed with improved state management. CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab
curl Available for: macOS Catalina Impact: A remote attacker may be able to cause a denial of service Description: A buffer overflow was addressed with improved input validation. CVE-2020-8285: xnynx
curl Available for: macOS Catalina Impact: An attacker may provide a fraudulent OCSP response that would appear valid Description: This issue was addressed with improved checks. CVE-2020-8286: an anonymous researcher
DiskArbitration Available for: macOS Catalina Impact: A malicious application may be able to modify protected parts of the file system Description: A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. CVE-2021-1784: Mikko Kenttälä (@Turmio_) of SensorFu, Csaba Fitzl (@theevilbit) of Offensive Security, and an anonymous researcher
FontParser Available for: macOS Catalina Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1881: Hou JingYi (@hjy79425575) of Qihoo 360, an anonymous researcher, Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin of Trend Micro
FontParser Available for: macOS Catalina Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-27942: an anonymous researcher
Foundation Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: A validation issue was addressed with improved logic. CVE-2021-1813: Cees Elzinga
Foundation Available for: macOS Catalina Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1882: Gabe Kirkpatrick (@gabe_k)
ImageIO Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1843: Ye Zhang of Baidu Security
Intel Graphics Driver Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
Kernel Available for: macOS Catalina Impact: A malicious application may be able to disclose kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1860: @0xalsr
Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-1851: @0xalsr
Kernel Available for: macOS Catalina Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
libxpc Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2021-30652: James Hutchins
libxslt Available for: macOS Catalina Impact: Processing a maliciously crafted file may lead to heap corruption Description: A double free issue was addressed with improved memory management. CVE-2021-1875: Found by OSS-Fuzz
Login Window Available for: macOS Catalina Impact: A malicious application with root privileges may be able to access private information Description: This issue was addressed with improved entitlements. CVE-2021-1824: Wojciech Reguła (@_r3ggi) of SecuRing
NSRemoteView Available for: macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1876: Matthew Denton of Google Chrome
Preferences Available for: macOS Catalina Impact: A local user may be able to modify protected parts of the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) CVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
smbx Available for: macOS Catalina Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An integer overflow was addressed with improved input validation. CVE-2021-1878: Aleksandar Nikolic of Cisco Talos (talosintelligence.com)
Tailspin Available for: macOS Catalina Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1868: Tim Michaud of Zoom Communications
tcpdump Available for: macOS Catalina Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-8037: an anonymous researcher
Time Machine Available for: macOS Catalina Impact: A local attacker may be able to elevate their privileges Description: The issue was addressed with improved permissions logic. CVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc
Wi-Fi Available for: macOS Catalina Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
wifivelocityd Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with system privileges Description: The issue was addressed with improved permissions logic. CVE-2020-3838: Dayton Pidhirney (@_watbulb)
Windows Server Available for: macOS Catalina Impact: A malicious application may be able to unexpectedly leak a user's credentials from secure text fields Description: An API issue in Accessibility TCC permissions was addressed with improved state management. CVE-2021-1873: an anonymous researcher
Installation note:
This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO1YACgkQZcsbuWJ6 jjBNDA//cITX6Bzw+4rkTd58ZQ+2P60B30bvuMWuNmXDEyIHZz0ZMDX7Wymm9SBC GLQ9mh9XY10/11NjdAiHZIs8BTs18CcOpjODbRTuF7d/plL6eUcsSLVbkC9hoyJF IOAEawLoqye7f+hlsCbC00NzLlAtsR5PjkqwCTGjGBw8G8qPbLFvh72Qwagr/G05 zeEg3fRM+lecFHUZzXVkdW2WiQ6aO2ejKkhdhSCATnj+xZF1wEz/Wjb3oLQ3qOvq i8lQg7Vcr64uF0HGCKPBmbINc7yM/ChZjs5oEyxdMc1/rxvU30nSvEc17LsVMIvM ZJxnjhBjcTi36gL8pM8Lfh57+AG0L/EwVe6onjC7yBneEbfk5dUYuglcAB2uJwgj V47KS0+5X9bwi33JmI/OpaaVRVCqJBO+iiZQnuQFAFFcC/F2fu6g8uKg8Vo/kg/I d4ypBrAsybJKZvMUVKBAWb9tS0JlVKpYurl89n9F2N47BkotP4AwDsmTTFZguiG+ sfRL+uAB2xy46VvLTNx71HeFTltc7wmlZOORx7MJ4bcYI/ibJbOq612Q7GyiADeP cKKpi4snPxv0mOiIsc4dE91RiUWfAUBmw+469EH3IWFQYMpuDtCmQPlHkrTmYu2K gn1q0sLR6LAX/l9uQxGaSarW2ZXmrj4/dpsfmnRYS8zDDQw/0JQ= =c954 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-1279",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "essbase",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "hci bootstrap os",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "libcurl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.74.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "simatic tim 1531 irc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "libcurl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.41.0"
},
{
"model": "clustered data ontap",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "tim 1531 irc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "solidfire",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "libcurl",
"scope": null,
"trust": 0.8,
"vendor": "haxx",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "hci storage node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "hci bootstrap os",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "hci management node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014405"
},
{
"db": "NVD",
"id": "CVE-2020-8286"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163197"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163496"
},
{
"db": "PACKETSTORM",
"id": "162877"
}
],
"trust": 0.4
},
"cve": "CVE-2020-8286",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-8286",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-186411",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8286",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-8286",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8286",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-8286",
"trust": 0.8,
"value": "High"
},
{
"author": "VULHUB",
"id": "VHN-186411",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-8286",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186411"
},
{
"db": "VULMON",
"id": "CVE-2020-8286"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014405"
},
{
"db": "NVD",
"id": "CVE-2020-8286"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. curl Contains a certificate validation vulnerability.Information may be tampered with. HAXX libcurl is an open source client-side URL transfer library developed by Haxx (HAXX) in Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. A security vulnerability exists in libcurl that could be exploited by an attacker to read or write data in a session by acting as a man-in-the-middle through low-level OCSP authentication on libcurl. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4881-1 security@debian.org\nhttps://www.debian.org/security/ Alessandro Ghedini\nMarch 30, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : curl\nCVE ID : CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 \n CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890\nDebian Bug : 965280 965281 968831 977161 977162 977163\n\nMultiple vulnerabilities were discovered in cURL, an URL transfer library:\n\nCVE-2020-8169\n\n Marek Szlagor reported that libcurl could be tricked into prepending\n a part of the password to the host name before it resolves it,\n potentially leaking the partial password over the network and to the\n DNS server(s). \n\nCVE-2020-8177\n\n sn reported that curl could be tricked by a malicious server into\n overwriting a local file when using th -J (--remote-header-name) and\n -i (--include) options in the same command line. \n\nCVE-2020-8231\n\n Marc Aldorasi reported that libcurl might use the wrong connection\n when an application using libcurl\u0027s multi API sets the option\n CURLOPT_CONNECT_ONLY, which could lead to information leaks. \n\nCVE-2020-8284\n\n Varnavas Papaioannou reported that a malicious server could use the\n PASV response to trick curl into connecting back to an arbitrary IP\n address and port, potentially making curl extract information about\n services that are otherwise private and not disclosed. \n\nCVE-2020-8285\n\n xnynx reported that libcurl could run out of stack space when using\n tha FTP wildcard matching functionality (CURLOPT_CHUNK_BGN_FUNCTION). \n\nCVE-2020-8286\n\n It was reported that libcurl didn\u0027t verify that an OCSP response\n actually matches the certificate it is intended to. \n\nCVE-2021-22876\n\n Viktor Szakats reported that libcurl does not strip off user\n credentials from the URL when automatically populating the Referer\n HTTP request header field in outgoing HTTP requests. \n\nCVE-2021-22890\n\n Mingtao Yang reported that, when using an HTTPS proxy and TLS 1.3,\n libcurl could confuse session tickets arriving from the HTTPS proxy\n as if they arrived from the remote server instead. This could allow\n an HTTPS proxy to trick libcurl into using the wrong session ticket\n for the host and thereby circumvent the server TLS certificate check. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.64.0-4+deb10u2. \n\nWe recommend that you upgrade your curl packages. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages\nthat are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.37 Service Pack 7 and includes bug fixes and\nenhancements. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* curl: Use-after-free in TLS session handling when using OpenSSL TLS\nbackend (CVE-2021-22901)\n\n* httpd: NULL pointer dereference on specially crafted HTTP/2 request\n(CVE-2021-31618)\n\n* libcurl: partial password leak over DNS on HTTP redirect (CVE-2020-8169)\n\n* curl: FTP PASV command response can cause curl to connect to arbitrary\nhost (CVE-2020-8284)\n\n* curl: Malicious FTP server can trigger stack overflow when\nCURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285)\n\n* curl: Inferior OCSP verification (CVE-2020-8286)\n\n* curl: Leak of authentication credentials in URL via automatic Referer\n(CVE-2021-22876)\n\n* curl: TLS 1.3 session ticket mix-up with HTTPS proxy host\n(CVE-2021-22890)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Applications using the APR libraries, such as httpd, must be\nrestarted for this update to take effect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1847916 - CVE-2020-8169 libcurl: partial password leak over DNS on HTTP redirect\n1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host\n1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used\n1906096 - CVE-2020-8286 curl: Inferior OCSP verification\n1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer\n1941965 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host\n1963146 - CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend\n1968013 - CVE-2021-31618 httpd: NULL pointer dereference on specially crafted HTTP/2 request\n\n6. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Bugs fixed (https://bugzilla.redhat.com/):\n\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nTRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project\n\n6. Bugs fixed (https://bugzilla.redhat.com/):\n\n1937901 - CVE-2021-27918 golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader\n1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header\n1965503 - CVE-2021-33196 golang: archive/zip: Malformed archive may cause panic or memory exhaustion\n1971445 - Release of OpenShift Serverless Serving 1.16.0\n1971448 - Release of OpenShift Serverless Eventing 1.16.0\n\n5. Summary:\n\nRed Hat OpenShift Container Platform release 4.7.13 is now available with\nupdates to packages and images that fix several bugs. \n\nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.13. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2021:2122\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nThis update fixes the following bug among others:\n\n* Previously, resources for the ClusterOperator were being created early in\nthe update process, which led to update failures when the ClusterOperator\nhad no status condition while Operators were updating. This bug fix changes\nthe timing of when these resources are created. As a result, updates can\ntake place without errors. (BZ#1959238)\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-x86_64\n\nThe image digest is\nsha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-s390x\n\nThe image digest is\nsha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le\n\nThe image digest is\nsha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n3. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923268 - [Assisted-4.7] [Staging] Using two both spelling \"canceled\" \"cancelled\"\n1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go\n1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list\n1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits\n1959238 - CVO creating cloud-controller-manager too early causing upgrade failures\n1960103 - SR-IOV obliviously reboot the node\n1961941 - Local Storage Operator using LocalVolume CR fails to create PV\u0027s when backend storage failure is simulated\n1962302 - packageserver clusteroperator does not set reason or message for Available condition\n1962312 - Deployment considered unhealthy despite being available and at latest generation\n1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone\n1963115 - Test verify /run filesystem contents failing\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-10228\nhttps://access.redhat.com/security/cve/CVE-2019-2708\nhttps://access.redhat.com/security/cve/CVE-2019-3842\nhttps://access.redhat.com/security/cve/CVE-2019-9169\nhttps://access.redhat.com/security/cve/CVE-2019-13012\nhttps://access.redhat.com/security/cve/CVE-2019-14866\nhttps://access.redhat.com/security/cve/CVE-2019-18811\nhttps://access.redhat.com/security/cve/CVE-2019-19523\nhttps://access.redhat.com/security/cve/CVE-2019-19528\nhttps://access.redhat.com/security/cve/CVE-2019-25013\nhttps://access.redhat.com/security/cve/CVE-2019-25032\nhttps://access.redhat.com/security/cve/CVE-2019-25034\nhttps://access.redhat.com/security/cve/CVE-2019-25035\nhttps://access.redhat.com/security/cve/CVE-2019-25036\nhttps://access.redhat.com/security/cve/CVE-2019-25037\nhttps://access.redhat.com/security/cve/CVE-2019-25038\nhttps://access.redhat.com/security/cve/CVE-2019-25039\nhttps://access.redhat.com/security/cve/CVE-2019-25040\nhttps://access.redhat.com/security/cve/CVE-2019-25041\nhttps://access.redhat.com/security/cve/CVE-2019-25042\nhttps://access.redhat.com/security/cve/CVE-2020-0431\nhttps://access.redhat.com/security/cve/CVE-2020-8231\nhttps://access.redhat.com/security/cve/CVE-2020-8284\nhttps://access.redhat.com/security/cve/CVE-2020-8285\nhttps://access.redhat.com/security/cve/CVE-2020-8286\nhttps://access.redhat.com/security/cve/CVE-2020-8927\nhttps://access.redhat.com/security/cve/CVE-2020-9948\nhttps://access.redhat.com/security/cve/CVE-2020-9951\nhttps://access.redhat.com/security/cve/CVE-2020-9983\nhttps://access.redhat.com/security/cve/CVE-2020-10543\nhttps://access.redhat.com/security/cve/CVE-2020-10878\nhttps://access.redhat.com/security/cve/CVE-2020-11608\nhttps://access.redhat.com/security/cve/CVE-2020-12114\nhttps://access.redhat.com/security/cve/CVE-2020-12362\nhttps://access.redhat.com/security/cve/CVE-2020-12464\nhttps://access.redhat.com/security/cve/CVE-2020-13434\nhttps://access.redhat.com/security/cve/CVE-2020-13543\nhttps://access.redhat.com/security/cve/CVE-2020-13584\nhttps://access.redhat.com/security/cve/CVE-2020-13776\nhttps://access.redhat.com/security/cve/CVE-2020-14314\nhttps://access.redhat.com/security/cve/CVE-2020-14344\nhttps://access.redhat.com/security/cve/CVE-2020-14345\nhttps://access.redhat.com/security/cve/CVE-2020-14346\nhttps://access.redhat.com/security/cve/CVE-2020-14347\nhttps://access.redhat.com/security/cve/CVE-2020-14356\nhttps://access.redhat.com/security/cve/CVE-2020-14360\nhttps://access.redhat.com/security/cve/CVE-2020-14361\nhttps://access.redhat.com/security/cve/CVE-2020-14362\nhttps://access.redhat.com/security/cve/CVE-2020-14363\nhttps://access.redhat.com/security/cve/CVE-2020-15358\nhttps://access.redhat.com/security/cve/CVE-2020-15437\nhttps://access.redhat.com/security/cve/CVE-2020-15586\nhttps://access.redhat.com/security/cve/CVE-2020-16845\nhttps://access.redhat.com/security/cve/CVE-2020-24330\nhttps://access.redhat.com/security/cve/CVE-2020-24331\nhttps://access.redhat.com/security/cve/CVE-2020-24332\nhttps://access.redhat.com/security/cve/CVE-2020-24394\nhttps://access.redhat.com/security/cve/CVE-2020-24977\nhttps://access.redhat.com/security/cve/CVE-2020-25212\nhttps://access.redhat.com/security/cve/CVE-2020-25284\nhttps://access.redhat.com/security/cve/CVE-2020-25285\nhttps://access.redhat.com/security/cve/CVE-2020-25643\nhttps://access.redhat.com/security/cve/CVE-2020-25659\nhttps://access.redhat.com/security/cve/CVE-2020-25704\nhttps://access.redhat.com/security/cve/CVE-2020-25712\nhttps://access.redhat.com/security/cve/CVE-2020-26116\nhttps://access.redhat.com/security/cve/CVE-2020-26137\nhttps://access.redhat.com/security/cve/CVE-2020-27618\nhttps://access.redhat.com/security/cve/CVE-2020-27619\nhttps://access.redhat.com/security/cve/CVE-2020-27783\nhttps://access.redhat.com/security/cve/CVE-2020-27786\nhttps://access.redhat.com/security/cve/CVE-2020-27835\nhttps://access.redhat.com/security/cve/CVE-2020-28196\nhttps://access.redhat.com/security/cve/CVE-2020-28935\nhttps://access.redhat.com/security/cve/CVE-2020-28974\nhttps://access.redhat.com/security/cve/CVE-2020-29361\nhttps://access.redhat.com/security/cve/CVE-2020-29362\nhttps://access.redhat.com/security/cve/CVE-2020-29363\nhttps://access.redhat.com/security/cve/CVE-2020-35508\nhttps://access.redhat.com/security/cve/CVE-2020-36242\nhttps://access.redhat.com/security/cve/CVE-2020-36322\nhttps://access.redhat.com/security/cve/CVE-2021-0342\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/cve/CVE-2021-3177\nhttps://access.redhat.com/security/cve/CVE-2021-3326\nhttps://access.redhat.com/security/cve/CVE-2021-21642\nhttps://access.redhat.com/security/cve/CVE-2021-21643\nhttps://access.redhat.com/security/cve/CVE-2021-21644\nhttps://access.redhat.com/security/cve/CVE-2021-21645\nhttps://access.redhat.com/security/cve/CVE-2021-23336\nhttps://access.redhat.com/security/cve/CVE-2021-25215\nhttps://access.redhat.com/security/cve/CVE-2021-30465\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYLXBgdzjgjWX9erEAQiYKw/+MeUvVzbi9kHuo6vE8J9xEQCvgpJtLfRM\nyj4VFCt8lkWmfGmuAMd5LkvD5suav1Gu9yA6E60VvKrorV6+PDOZ8jiUyzRR+di6\nTZZ7Ji6taqaQUuf451KF39zuxYAh29pKT6mZMhmqK65jEg7uj66R8+P2p7tahaai\nKkqe6LKxNCXyVzWmc5HHkc3AJJ6vSVIuMeA6KOHpXy0vy57jZKeyb3dau0BVl/ir\nZbnbOHdTJ+7hEVV3yGwARcVgUhHDcHiSYAS+RUj7Hqx0RIFilb9RbOdoEdbauaWx\nCGIdSYmj1F4apCZuYWmhZxtQ5/Lsj7EPi+7UleyTzqgMQsqSr8kvxGe/yzfY+yAQ\n++QCSnleeKu/+HjN72d73h8yWGGzMrc/rYwDJWcFwjIL6/pj4Tgm4OK30vJlQUz5\n3gHuEDz+j42s270cv6dRDd9v5xpexxIOXyHzruFRLk4xVCnS17PGeJ4I9mJmkYxL\n5GuCiMnixToobWtmrh9MX2Qjkhj81o4E+rLMvG/4yUk2kGejo/nLwgZNsSz8gN5Z\ngMZOYSDys2zJu6/jmxY/8MXzS3yNIJj3FxXe7w5XA0mHUuuZ/EaJsMLnlCCSRARV\nGpMwj1/Aj1ZSNeYplr2YwQz7lB7hp+J/vn567zBPeYQus5EAyzqzudTbSLdm8ZyL\nPEh85hYKLe4=\n=Xe05\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina\n\nSecurity Update 2021-002 Catalina addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212326. \n\nAPFS\nAvailable for: macOS Catalina\nImpact: A local user may be able to read arbitrary files\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1797: Thomas Tempelmann\n\nArchive Utility\nAvailable for: macOS Catalina\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1810: an anonymous researcher\n\nAudio\nAvailable for: macOS Catalina\nImpact: An application may be able to read restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab\n\nCFNetwork\nAvailable for: macOS Catalina\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1857: an anonymous researcher\n\nCoreAudio\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to read restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab\n\nCoreGraphics\nAvailable for: macOS Catalina\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1847: Xuwei Liu of Purdue University\n\nCoreText\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab\n\ncurl\nAvailable for: macOS Catalina\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A buffer overflow was addressed with improved input\nvalidation. \nCVE-2020-8285: xnynx\n\ncurl\nAvailable for: macOS Catalina\nImpact: An attacker may provide a fraudulent OCSP response that would\nappear valid\nDescription: This issue was addressed with improved checks. \nCVE-2020-8286: an anonymous researcher\n\nDiskArbitration\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: A permissions issue existed in DiskArbitration. This was\naddressed with additional ownership checks. \nCVE-2021-1784: Mikko Kentt\u00e4l\u00e4 (@Turmio_) of SensorFu, Csaba Fitzl\n(@theevilbit) of Offensive Security, and an anonymous researcher\n\nFontParser\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1881: Hou JingYi (@hjy79425575) of Qihoo 360, an anonymous\nresearcher, Xingwei Lin of Ant Security Light-Year Lab, and Mickey\nJin of Trend Micro\n\nFontParser\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-27942: an anonymous researcher\n\nFoundation\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to gain root privileges\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-1813: Cees Elzinga\n\nFoundation\nAvailable for: macOS Catalina\nImpact: An application may be able to gain elevated privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1882: Gabe Kirkpatrick (@gabe_k)\n\nImageIO\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-1843: Ye Zhang of Baidu Security\n\nIntel Graphics Driver\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nKernel\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to disclose kernel memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1860: @0xalsr\n\nKernel\nAvailable for: macOS Catalina\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1851: @0xalsr\n\nKernel\nAvailable for: macOS Catalina\nImpact: A local attacker may be able to elevate their privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nlibxpc\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to gain root privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2021-30652: James Hutchins\n\nlibxslt\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted file may lead to heap\ncorruption\nDescription: A double free issue was addressed with improved memory\nmanagement. \nCVE-2021-1875: Found by OSS-Fuzz\n\nLogin Window\nAvailable for: macOS Catalina\nImpact: A malicious application with root privileges may be able to\naccess private information\nDescription: This issue was addressed with improved entitlements. \nCVE-2021-1824: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nNSRemoteView\nAvailable for: macOS Catalina\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-1876: Matthew Denton of Google Chrome\n\nPreferences\nAvailable for: macOS Catalina\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\nCVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nsmbx\nAvailable for: macOS Catalina\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2021-1878: Aleksandar Nikolic of Cisco Talos\n(talosintelligence.com)\n\nTailspin\nAvailable for: macOS Catalina\nImpact: A local attacker may be able to elevate their privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1868: Tim Michaud of Zoom Communications\n\ntcpdump\nAvailable for: macOS Catalina\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2020-8037: an anonymous researcher\n\nTime Machine\nAvailable for: macOS Catalina\nImpact: A local attacker may be able to elevate their privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications\nand Gary Nield of ECSC Group plc\n\nWi-Fi\nAvailable for: macOS Catalina\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nwifivelocityd\nAvailable for: macOS Catalina\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2020-3838: Dayton Pidhirney (@_watbulb)\n\nWindows Server\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to unexpectedly leak a\nuser\u0027s credentials from secure text fields\nDescription: An API issue in Accessibility TCC permissions was\naddressed with improved state management. \nCVE-2021-1873: an anonymous researcher\n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO1YACgkQZcsbuWJ6\njjBNDA//cITX6Bzw+4rkTd58ZQ+2P60B30bvuMWuNmXDEyIHZz0ZMDX7Wymm9SBC\nGLQ9mh9XY10/11NjdAiHZIs8BTs18CcOpjODbRTuF7d/plL6eUcsSLVbkC9hoyJF\nIOAEawLoqye7f+hlsCbC00NzLlAtsR5PjkqwCTGjGBw8G8qPbLFvh72Qwagr/G05\nzeEg3fRM+lecFHUZzXVkdW2WiQ6aO2ejKkhdhSCATnj+xZF1wEz/Wjb3oLQ3qOvq\ni8lQg7Vcr64uF0HGCKPBmbINc7yM/ChZjs5oEyxdMc1/rxvU30nSvEc17LsVMIvM\nZJxnjhBjcTi36gL8pM8Lfh57+AG0L/EwVe6onjC7yBneEbfk5dUYuglcAB2uJwgj\nV47KS0+5X9bwi33JmI/OpaaVRVCqJBO+iiZQnuQFAFFcC/F2fu6g8uKg8Vo/kg/I\nd4ypBrAsybJKZvMUVKBAWb9tS0JlVKpYurl89n9F2N47BkotP4AwDsmTTFZguiG+\nsfRL+uAB2xy46VvLTNx71HeFTltc7wmlZOORx7MJ4bcYI/ibJbOq612Q7GyiADeP\ncKKpi4snPxv0mOiIsc4dE91RiUWfAUBmw+469EH3IWFQYMpuDtCmQPlHkrTmYu2K\ngn1q0sLR6LAX/l9uQxGaSarW2ZXmrj4/dpsfmnRYS8zDDQw/0JQ=\n=c954\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8286"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014405"
},
{
"db": "VULHUB",
"id": "VHN-186411"
},
{
"db": "VULMON",
"id": "CVE-2020-8286"
},
{
"db": "PACKETSTORM",
"id": "169015"
},
{
"db": "PACKETSTORM",
"id": "163197"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163496"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "162360"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-186411",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186411"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8286",
"trust": 2.6
},
{
"db": "HACKERONE",
"id": "1048457",
"trust": 1.9
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-200951",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU95781418",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014405",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163197",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163267",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163496",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162360",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162362",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160706",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162358",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163257",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160423",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163193",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163276",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162629",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-186411",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-8286",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169015",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162877",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186411"
},
{
"db": "VULMON",
"id": "CVE-2020-8286"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014405"
},
{
"db": "PACKETSTORM",
"id": "169015"
},
{
"db": "PACKETSTORM",
"id": "163197"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163496"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "162360"
},
{
"db": "NVD",
"id": "CVE-2020-8286"
}
]
},
"id": "VAR-202012-1279",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-186411"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T21:59:36.977000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-200951",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
},
{
"title": "Debian CVElist Bug Report Logs: curl: CVE-2020-8286: Inferior OCSP verification",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=94b5024386b61af7dfe7d6777c542252"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-8286 log"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1693",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1693"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=f387a8b703f2e28130691e84d6b3091f"
},
{
"title": "Debian Security Advisories: DSA-4881-1 curl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a9706a30f62799ecc4d45bdb53c244eb"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "envoy_mtls",
"trust": 0.1,
"url": "https://github.com/salrashid123/envoy_mtls "
},
{
"title": "ecr-api",
"trust": 0.1,
"url": "https://github.com/YaleSpinup/ecr-api "
},
{
"title": "myapp-container-jaxrs",
"trust": 0.1,
"url": "https://github.com/akiraabe/myapp-container-jaxrs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8286"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014405"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
},
{
"problemtype": "Bad certificate verification (CWE-295) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186411"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014405"
},
{
"db": "NVD",
"id": "CVE-2020-8286"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://hackerone.com/reports/1048457"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210122-0007/"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht212325"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht212326"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht212327"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-4881"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2021/apr/50"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2021/apr/51"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2021/apr/54"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202012-14"
},
{
"trust": 1.1,
"url": "https://curl.se/docs/cve-2020-8286.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95781418/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-24977"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-3842"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13776"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8169"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22890"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23336"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27619"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/daehe2s2qlo4ao4meeyl75nb7sah5psl/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nzuvsqhn2eshmjxnq2z7t2eelbb5hjxg/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22901"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22901"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22890"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2472"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8169"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhb"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3450"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31525"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36322"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12114"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9951"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25704"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36242"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25037"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10878"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19528"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9948"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0431"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25034"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25035"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25038"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18811"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14360"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21645"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19528"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12464"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14314"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25042"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25659"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14356"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25036"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27786"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25215"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9983"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24331"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24394"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0431"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0342"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18811"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30465"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14345"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14344"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21644"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25285"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35508"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25212"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28974"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25039"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15437"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25284"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2122"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21642"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12464"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1860"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1857"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1876"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1828"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212326."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1809"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8037"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1784"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1847"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1843"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1810"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1839"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1834"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1740"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1808"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1868"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186411"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014405"
},
{
"db": "PACKETSTORM",
"id": "169015"
},
{
"db": "PACKETSTORM",
"id": "163197"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163496"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "162360"
},
{
"db": "NVD",
"id": "CVE-2020-8286"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-186411"
},
{
"db": "VULMON",
"id": "CVE-2020-8286"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014405"
},
{
"db": "PACKETSTORM",
"id": "169015"
},
{
"db": "PACKETSTORM",
"id": "163197"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163496"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "162360"
},
{
"db": "NVD",
"id": "CVE-2020-8286"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-186411"
},
{
"date": "2020-12-14T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8286"
},
{
"date": "2021-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014405"
},
{
"date": "2021-03-28T19:12:00",
"db": "PACKETSTORM",
"id": "169015"
},
{
"date": "2021-06-17T18:09:26",
"db": "PACKETSTORM",
"id": "163197"
},
{
"date": "2021-06-23T16:08:25",
"db": "PACKETSTORM",
"id": "163267"
},
{
"date": "2021-07-14T15:02:07",
"db": "PACKETSTORM",
"id": "163496"
},
{
"date": "2021-06-01T14:45:29",
"db": "PACKETSTORM",
"id": "162877"
},
{
"date": "2021-04-28T14:58:36",
"db": "PACKETSTORM",
"id": "162360"
},
{
"date": "2020-12-14T20:15:14.043000",
"db": "NVD",
"id": "CVE-2020-8286"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-13T00:00:00",
"db": "VULHUB",
"id": "VHN-186411"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8286"
},
{
"date": "2021-08-17T09:01:00",
"db": "JVNDB",
"id": "JVNDB-2020-014405"
},
{
"date": "2024-11-21T05:38:39.643000",
"db": "NVD",
"id": "CVE-2020-8286"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl\u00a0 Vulnerability in Certificate Verification",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014405"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow, code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "162360"
}
],
"trust": 0.1
}
}
var-202104-0195
Vulnerability from variot
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. plural Apple There are unspecified vulnerabilities in the product.Information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A security issue exists in WebKitGTK prior to 2.30.6 and WPE WebKit prior to 2.30.6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: GNOME security, bug fix, and enhancement update Advisory ID: RHSA-2021:4381-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4381 Issue date: 2021-11-09 CVE Names: CVE-2020-13558 CVE-2020-24870 CVE-2020-27918 CVE-2020-29623 CVE-2020-36241 CVE-2021-1765 CVE-2021-1788 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1844 CVE-2021-1870 CVE-2021-1871 CVE-2021-21775 CVE-2021-21779 CVE-2021-21806 CVE-2021-28650 CVE-2021-30663 CVE-2021-30665 CVE-2021-30682 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799 ==================================================================== 1. Summary:
An update for GNOME is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
GNOME is the default desktop environment of Red Hat Enterprise Linux.
The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). (BZ#1909300)
Security Fix(es):
-
webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558)
-
LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870)
-
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918)
-
webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765)
-
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-1788)
-
webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)
-
webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)
-
webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801)
-
webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)
-
webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870)
-
webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1871)
-
webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775)
-
webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779)
-
webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)
-
webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)
-
webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)
-
webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)
-
webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)
-
webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)
-
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734)
-
webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744)
-
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30749)
-
webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)
-
webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30795)
-
webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)
-
webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30799)
-
webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)
-
gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (CVE-2020-36241)
-
gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
GDM must be restarted for this update to take effect. The GNOME session must be restarted (log out, then log back in) for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time 1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8) 1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop 1813727 - Files copied from NFS4 to Desktop can't be opened 1854679 - [RFE] Disable left edge gesture 1873297 - Gnome-software coredumps when run as root in terminal 1873488 - GTK3 prints errors with overlay scrollbar disabled 1888404 - Updates page hides ongoing updates on refresh 1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3. 1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ... 1904139 - Automatic Logout Feature not working 1905000 - Desktop refresh broken after unlock 1909300 - gdm isn't killing the login screen on login after all, should rebase to latest release 1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot 1924725 - [Wayland] Double-touch desktop icons fails sometimes 1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory 1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp 1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution 1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login 1937416 - Rebase WebKitGTK to 2.32 1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0] 1938937 - Mutter: mouse click doesn't work when using 10-bit graphic monitor [rhel-8.5.0] 1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) 1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution 1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history 1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation 1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution 1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection 1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation 1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution 1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution 1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution 1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution 1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH 1951086 - Disable the Facebook provider 1952136 - Disable the Foursquare provider 1955754 - gnome-session kiosk-session support still isn't up to muster 1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide 1960705 - Vino nonfunctional in FIPS mode 1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V 1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens 1971534 - gnome-shell[2343]: gsignal.c:2642: instance '0x5583c61f9280' has no handler with id '23831' 1972545 - flatpak: Prefer runtime from the same origin as the application 1978287 - gnome-shell to include / Documented - PolicyKit-authentication-agent 1978505 - Gnome Software development package is missing important header files. 1978612 - pt_BR translations for "Register System" panel 1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution 1980661 - "Screen Lock disabled" notification appears on first login after disabling gdm and notification pop-up. 1981420 - Improve style of overview close buttons 1986863 - CVE-2021-21775 webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution 1986866 - CVE-2021-21779 webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution 1986872 - CVE-2021-30663 webkitgtk: Integer overflow leading to arbitrary code execution 1986874 - CVE-2021-30665 webkitgtk: Memory corruption leading to arbitrary code execution 1986879 - CVE-2021-30682 webkitgtk: Logic issue leading to leak of sensitive user information 1986881 - CVE-2021-30689 webkitgtk: Logic issue leading to universal cross site scripting attack 1986883 - CVE-2021-30720 webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers 1986886 - CVE-2021-30734 webkitgtk: Memory corruptions leading to arbitrary code execution 1986888 - CVE-2021-30744 webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack 1986890 - CVE-2021-30749 webkitgtk: Memory corruptions leading to arbitrary code execution 1986892 - CVE-2021-30758 webkitgtk: Type confusion leading to arbitrary code execution 1986900 - CVE-2021-30795 webkitgtk: Use-after-free leading to arbitrary code execution 1986902 - CVE-2021-30797 webkitgtk: Insufficient checks leading to arbitrary code execution 1986906 - CVE-2021-30799 webkitgtk: Memory corruptions leading to arbitrary code execution 1987233 - [RHEL8.5]Login screen shows dots when entering username 1989035 - terminal don't redraw if partially off screen 1998989 - [RHEL8.5] [Hyper-V]Cannot display GUI after installed RHEL8.5 recent build 1999120 - Gnome file manager crashes Xwayland/Desktop on drag/drop of files 2004170 - Unable to login to session via xdmcp
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: LibRaw-0.19.5-3.el8.src.rpm accountsservice-0.6.55-2.el8.src.rpm gdm-40.0-15.el8.src.rpm gnome-autoar-0.2.3-2.el8.src.rpm gnome-calculator-3.28.2-2.el8.src.rpm gnome-control-center-3.28.2-28.el8.src.rpm gnome-online-accounts-3.28.2-3.el8.src.rpm gnome-session-3.28.1-13.el8.src.rpm gnome-settings-daemon-3.32.0-16.el8.src.rpm gnome-shell-3.32.2-40.el8.src.rpm gnome-shell-extensions-3.32.1-20.el8.src.rpm gnome-software-3.36.1-10.el8.src.rpm gtk3-3.22.30-8.el8.src.rpm mutter-3.32.2-60.el8.src.rpm vino-3.22.0-11.el8.src.rpm webkit2gtk3-2.32.3-2.el8.src.rpm
aarch64: accountsservice-0.6.55-2.el8.aarch64.rpm accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm accountsservice-libs-0.6.55-2.el8.aarch64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm gdm-40.0-15.el8.aarch64.rpm gdm-debuginfo-40.0-15.el8.aarch64.rpm gdm-debugsource-40.0-15.el8.aarch64.rpm gnome-autoar-0.2.3-2.el8.aarch64.rpm gnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm gnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm gnome-calculator-3.28.2-2.el8.aarch64.rpm gnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm gnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm gnome-control-center-3.28.2-28.el8.aarch64.rpm gnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm gnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm gnome-online-accounts-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm gnome-session-3.28.1-13.el8.aarch64.rpm gnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm gnome-session-debugsource-3.28.1-13.el8.aarch64.rpm gnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm gnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm gnome-session-xsession-3.28.1-13.el8.aarch64.rpm gnome-settings-daemon-3.32.0-16.el8.aarch64.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm gnome-shell-3.32.2-40.el8.aarch64.rpm gnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm gnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm gnome-software-3.36.1-10.el8.aarch64.rpm gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm gtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-3.22.30-8.el8.aarch64.rpm gtk3-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-debugsource-3.22.30-8.el8.aarch64.rpm gtk3-devel-3.22.30-8.el8.aarch64.rpm gtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm mutter-3.32.2-60.el8.aarch64.rpm mutter-debuginfo-3.32.2-60.el8.aarch64.rpm mutter-debugsource-3.32.2-60.el8.aarch64.rpm mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm vino-3.22.0-11.el8.aarch64.rpm vino-debuginfo-3.22.0-11.el8.aarch64.rpm vino-debugsource-3.22.0-11.el8.aarch64.rpm webkit2gtk3-2.32.3-2.el8.aarch64.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm webkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
noarch: gnome-classic-session-3.32.1-20.el8.noarch.rpm gnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm gnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm gnome-shell-extension-common-3.32.1-20.el8.noarch.rpm gnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm gnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm gnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm gnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm gnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm gnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm gnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm gnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm gnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm gnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm gnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm gnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm gnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm gnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm gnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm gnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm gnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm
ppc64le: LibRaw-0.19.5-3.el8.ppc64le.rpm LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm accountsservice-0.6.55-2.el8.ppc64le.rpm accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm gdm-40.0-15.el8.ppc64le.rpm gdm-debuginfo-40.0-15.el8.ppc64le.rpm gdm-debugsource-40.0-15.el8.ppc64le.rpm gnome-autoar-0.2.3-2.el8.ppc64le.rpm gnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm gnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm gnome-calculator-3.28.2-2.el8.ppc64le.rpm gnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm gnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm gnome-control-center-3.28.2-28.el8.ppc64le.rpm gnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm gnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm gnome-online-accounts-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm gnome-session-3.28.1-13.el8.ppc64le.rpm gnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm gnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm gnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm gnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm gnome-session-xsession-3.28.1-13.el8.ppc64le.rpm gnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm gnome-shell-3.32.2-40.el8.ppc64le.rpm gnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm gnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm gnome-software-3.36.1-10.el8.ppc64le.rpm gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm gtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-3.22.30-8.el8.ppc64le.rpm gtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-debugsource-3.22.30-8.el8.ppc64le.rpm gtk3-devel-3.22.30-8.el8.ppc64le.rpm gtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm mutter-3.32.2-60.el8.ppc64le.rpm mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm mutter-debugsource-3.32.2-60.el8.ppc64le.rpm mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm vino-3.22.0-11.el8.ppc64le.rpm vino-debuginfo-3.22.0-11.el8.ppc64le.rpm vino-debugsource-3.22.0-11.el8.ppc64le.rpm webkit2gtk3-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
s390x: accountsservice-0.6.55-2.el8.s390x.rpm accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm accountsservice-debugsource-0.6.55-2.el8.s390x.rpm accountsservice-libs-0.6.55-2.el8.s390x.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm gdm-40.0-15.el8.s390x.rpm gdm-debuginfo-40.0-15.el8.s390x.rpm gdm-debugsource-40.0-15.el8.s390x.rpm gnome-autoar-0.2.3-2.el8.s390x.rpm gnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm gnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm gnome-calculator-3.28.2-2.el8.s390x.rpm gnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm gnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm gnome-control-center-3.28.2-28.el8.s390x.rpm gnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm gnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm gnome-online-accounts-3.28.2-3.el8.s390x.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm gnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm gnome-session-3.28.1-13.el8.s390x.rpm gnome-session-debuginfo-3.28.1-13.el8.s390x.rpm gnome-session-debugsource-3.28.1-13.el8.s390x.rpm gnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm gnome-session-wayland-session-3.28.1-13.el8.s390x.rpm gnome-session-xsession-3.28.1-13.el8.s390x.rpm gnome-settings-daemon-3.32.0-16.el8.s390x.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm gnome-shell-3.32.2-40.el8.s390x.rpm gnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm gnome-shell-debugsource-3.32.2-40.el8.s390x.rpm gnome-software-3.36.1-10.el8.s390x.rpm gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm gnome-software-debugsource-3.36.1-10.el8.s390x.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm gtk-update-icon-cache-3.22.30-8.el8.s390x.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-3.22.30-8.el8.s390x.rpm gtk3-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-debugsource-3.22.30-8.el8.s390x.rpm gtk3-devel-3.22.30-8.el8.s390x.rpm gtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-immodule-xim-3.22.30-8.el8.s390x.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm mutter-3.32.2-60.el8.s390x.rpm mutter-debuginfo-3.32.2-60.el8.s390x.rpm mutter-debugsource-3.32.2-60.el8.s390x.rpm mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm vino-3.22.0-11.el8.s390x.rpm vino-debuginfo-3.22.0-11.el8.s390x.rpm vino-debugsource-3.22.0-11.el8.s390x.rpm webkit2gtk3-2.32.3-2.el8.s390x.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm webkit2gtk3-devel-2.32.3-2.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm
x86_64: LibRaw-0.19.5-3.el8.i686.rpm LibRaw-0.19.5-3.el8.x86_64.rpm LibRaw-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm LibRaw-debugsource-0.19.5-3.el8.i686.rpm LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm accountsservice-0.6.55-2.el8.x86_64.rpm accountsservice-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm accountsservice-debugsource-0.6.55-2.el8.i686.rpm accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm accountsservice-libs-0.6.55-2.el8.i686.rpm accountsservice-libs-0.6.55-2.el8.x86_64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm gdm-40.0-15.el8.i686.rpm gdm-40.0-15.el8.x86_64.rpm gdm-debuginfo-40.0-15.el8.i686.rpm gdm-debuginfo-40.0-15.el8.x86_64.rpm gdm-debugsource-40.0-15.el8.i686.rpm gdm-debugsource-40.0-15.el8.x86_64.rpm gnome-autoar-0.2.3-2.el8.i686.rpm gnome-autoar-0.2.3-2.el8.x86_64.rpm gnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm gnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm gnome-autoar-debugsource-0.2.3-2.el8.i686.rpm gnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm gnome-calculator-3.28.2-2.el8.x86_64.rpm gnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm gnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm gnome-control-center-3.28.2-28.el8.x86_64.rpm gnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm gnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm gnome-online-accounts-3.28.2-3.el8.i686.rpm gnome-online-accounts-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-devel-3.28.2-3.el8.i686.rpm gnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm gnome-session-3.28.1-13.el8.x86_64.rpm gnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm gnome-session-debugsource-3.28.1-13.el8.x86_64.rpm gnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm gnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm gnome-session-xsession-3.28.1-13.el8.x86_64.rpm gnome-settings-daemon-3.32.0-16.el8.x86_64.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm gnome-shell-3.32.2-40.el8.x86_64.rpm gnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm gnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm gnome-software-3.36.1-10.el8.x86_64.rpm gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm gsettings-desktop-schemas-3.32.0-6.el8.i686.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm gtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-3.22.30-8.el8.i686.rpm gtk3-3.22.30-8.el8.x86_64.rpm gtk3-debuginfo-3.22.30-8.el8.i686.rpm gtk3-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-debugsource-3.22.30-8.el8.i686.rpm gtk3-debugsource-3.22.30-8.el8.x86_64.rpm gtk3-devel-3.22.30-8.el8.i686.rpm gtk3-devel-3.22.30-8.el8.x86_64.rpm gtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm gtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm gtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm mutter-3.32.2-60.el8.i686.rpm mutter-3.32.2-60.el8.x86_64.rpm mutter-debuginfo-3.32.2-60.el8.i686.rpm mutter-debuginfo-3.32.2-60.el8.x86_64.rpm mutter-debugsource-3.32.2-60.el8.i686.rpm mutter-debugsource-3.32.2-60.el8.x86_64.rpm mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm vino-3.22.0-11.el8.x86_64.rpm vino-debuginfo-3.22.0-11.el8.x86_64.rpm vino-debugsource-3.22.0-11.el8.x86_64.rpm webkit2gtk3-2.32.3-2.el8.i686.rpm webkit2gtk3-2.32.3-2.el8.x86_64.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm webkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm webkit2gtk3-devel-2.32.3-2.el8.i686.rpm webkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source: gsettings-desktop-schemas-3.32.0-6.el8.src.rpm
aarch64: gsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm
ppc64le: gsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm
s390x: gsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm
x86_64: gsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 8):
aarch64: accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm accountsservice-devel-0.6.55-2.el8.aarch64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm gnome-software-devel-3.36.1-10.el8.aarch64.rpm mutter-debuginfo-3.32.2-60.el8.aarch64.rpm mutter-debugsource-3.32.2-60.el8.aarch64.rpm mutter-devel-3.32.2-60.el8.aarch64.rpm mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
ppc64le: LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm LibRaw-devel-0.19.5-3.el8.ppc64le.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm accountsservice-devel-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm gnome-software-devel-3.36.1-10.el8.ppc64le.rpm mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm mutter-debugsource-3.32.2-60.el8.ppc64le.rpm mutter-devel-3.32.2-60.el8.ppc64le.rpm mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
s390x: accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm accountsservice-debugsource-0.6.55-2.el8.s390x.rpm accountsservice-devel-0.6.55-2.el8.s390x.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm gnome-software-debugsource-3.36.1-10.el8.s390x.rpm gnome-software-devel-3.36.1-10.el8.s390x.rpm mutter-debuginfo-3.32.2-60.el8.s390x.rpm mutter-debugsource-3.32.2-60.el8.s390x.rpm mutter-devel-3.32.2-60.el8.s390x.rpm mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
x86_64: LibRaw-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm LibRaw-debugsource-0.19.5-3.el8.i686.rpm LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm LibRaw-devel-0.19.5-3.el8.i686.rpm LibRaw-devel-0.19.5-3.el8.x86_64.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm accountsservice-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm accountsservice-debugsource-0.6.55-2.el8.i686.rpm accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm accountsservice-devel-0.6.55-2.el8.i686.rpm accountsservice-devel-0.6.55-2.el8.x86_64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm gnome-software-3.36.1-10.el8.i686.rpm gnome-software-debuginfo-3.36.1-10.el8.i686.rpm gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm gnome-software-debugsource-3.36.1-10.el8.i686.rpm gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm gnome-software-devel-3.36.1-10.el8.i686.rpm gnome-software-devel-3.36.1-10.el8.x86_64.rpm mutter-debuginfo-3.32.2-60.el8.i686.rpm mutter-debuginfo-3.32.2-60.el8.x86_64.rpm mutter-debugsource-3.32.2-60.el8.i686.rpm mutter-debugsource-3.32.2-60.el8.x86_64.rpm mutter-devel-3.32.2-60.el8.i686.rpm mutter-devel-3.32.2-60.el8.x86_64.rpm mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-13558 https://access.redhat.com/security/cve/CVE-2020-24870 https://access.redhat.com/security/cve/CVE-2020-27918 https://access.redhat.com/security/cve/CVE-2020-29623 https://access.redhat.com/security/cve/CVE-2020-36241 https://access.redhat.com/security/cve/CVE-2021-1765 https://access.redhat.com/security/cve/CVE-2021-1788 https://access.redhat.com/security/cve/CVE-2021-1789 https://access.redhat.com/security/cve/CVE-2021-1799 https://access.redhat.com/security/cve/CVE-2021-1801 https://access.redhat.com/security/cve/CVE-2021-1844 https://access.redhat.com/security/cve/CVE-2021-1870 https://access.redhat.com/security/cve/CVE-2021-1871 https://access.redhat.com/security/cve/CVE-2021-21775 https://access.redhat.com/security/cve/CVE-2021-21779 https://access.redhat.com/security/cve/CVE-2021-21806 https://access.redhat.com/security/cve/CVE-2021-28650 https://access.redhat.com/security/cve/CVE-2021-30663 https://access.redhat.com/security/cve/CVE-2021-30665 https://access.redhat.com/security/cve/CVE-2021-30682 https://access.redhat.com/security/cve/CVE-2021-30689 https://access.redhat.com/security/cve/CVE-2021-30720 https://access.redhat.com/security/cve/CVE-2021-30734 https://access.redhat.com/security/cve/CVE-2021-30744 https://access.redhat.com/security/cve/CVE-2021-30749 https://access.redhat.com/security/cve/CVE-2021-30758 https://access.redhat.com/security/cve/CVE-2021-30795 https://access.redhat.com/security/cve/CVE-2021-30797 https://access.redhat.com/security/cve/CVE-2021-30799 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYYrdm9zjgjWX9erEAQhgIA/+KzLn8QVHI3X8x9ufH1+nO8QXQqwTGQ0E awNXP8h4qsL7EGugHrz/KVjwaKJs/erPxh5jGl/xE1ZhngGlyStUpQkI2Y3cP2/3 05jDPPS0QEfG5Y0rlnESyPxtwQTCpqped5P7L8VtKuzRae1HV63onsBB8zpcIFF7 sTKcP6wAAjJDltUjlhnEkkE3G6Dxfv14/UowRAWoT9pa9cP0+KqdhuYKHdt3fCD7 tEItM/SFQGoCF8zvXbvAiUXfZsQ/t/Yik9O6WISTWenaxCcP43Xn7aicsvZMVOvQ w+jnH/hnMLBoPhH2k4PClsDapa/D6IrQIUrwxtgfbC4KRs0fbdrEGCPqs4nl/AdD Migcf4gCMBq0bk3/yKp+/bi+OWwRMmw3ZdkJsOTNrOAkK1UCyrpF1ULyfs+8/OC5 QnXW88fPCwhFj+KSAq5Cqfwm3hrKTCWIT/T1DQBG+J7Y9NgEx+zEXVmWaaA0z+7T qji5aUsIH+TG3t1EwtXABWGGEBRxC+svUoWNJBW1u6qwxfMx5E+hHUHhRewVYLYu SToRXa3cIX23M/XyHNXBgMCpPPw8DeY5aAA1fvKQsuMCLywDg0N3mYhvk1HUNidb Z6HmsLjLrGbkb1AAhP0V0wUuh5P6YJlL6iM49fQgztlHoBO0OAo56GBjAyT3pAAX 2rgR2Ny0wo4=gfrM -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:
The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es):
- mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"
- Gentoo Linux Security Advisory GLSA 202104-03
https://security.gentoo.org/
Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: April 30, 2021 Bugs: #770793, #773193 ID: 202104-03
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.30.6 >= 2.30.6
Description
Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.30.6"
References
[ 1 ] CVE-2020-13558 https://nvd.nist.gov/vuln/detail/CVE-2020-13558 [ 2 ] CVE-2020-27918 https://nvd.nist.gov/vuln/detail/CVE-2020-27918 [ 3 ] CVE-2020-29623 https://nvd.nist.gov/vuln/detail/CVE-2020-29623 [ 4 ] CVE-2020-9947 https://nvd.nist.gov/vuln/detail/CVE-2020-9947 [ 5 ] CVE-2021-1765 https://nvd.nist.gov/vuln/detail/CVE-2021-1765 [ 6 ] CVE-2021-1789 https://nvd.nist.gov/vuln/detail/CVE-2021-1789 [ 7 ] CVE-2021-1799 https://nvd.nist.gov/vuln/detail/CVE-2021-1799 [ 8 ] CVE-2021-1801 https://nvd.nist.gov/vuln/detail/CVE-2021-1801 [ 9 ] CVE-2021-1870 https://nvd.nist.gov/vuln/detail/CVE-2021-1870 [ 10 ] WSA-2021-0001 https://webkitgtk.org/security/WSA-2021-0001.html [ 11 ] WSA-2021-0002 https://webkitgtk.org/security/WSA-2021-0002.html
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202104-03
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4877-1 security@debian.org https://www.debian.org/security/ Alberto Garcia March 27, 2021 https://www.debian.org/security/faq
Package : webkit2gtk CVE ID : CVE-2020-27918 CVE-2020-29623 CVE-2021-1765 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1870
The following vulnerabilities have been discovered in the webkit2gtk web engine:
CVE-2020-27918
Liu Long discovered that processing maliciously crafted web
content may lead to arbitrary code execution.
CVE-2021-1765
Eliya Stein discovered that maliciously crafted web content may
violate iframe sandboxing policy.
CVE-2021-1799
Gregory Vishnepolsky, Ben Seri and Samy Kamkar discovered that a
malicious website may be able to access restricted ports on
arbitrary servers.
CVE-2021-1870
An anonymous researcher discovered that processing maliciously
crafted web content may lead to arbitrary code execution.
For the stable distribution (buster), these problems have been fixed in version 2.30.6-1~deb10u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmBe0l1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0S5hQ/8C2v1zUfBwSGNyQkeH/8SJ4P39FOtLS7uKAsBu24uFgQn0NJ2tITsGU+d MvPT813PYFND7RRjwch+KVhxfj1py0JzxeizGNJf8B5qocfCLJn/cGzrxIqurxVC eiwum9x49P9+kCBfiBBz3hTGiaVJa9HdgonauOhlxgVITYDqgE5Z5jTpKaM3lKQv qa9CIrP0zaGdOVwY9PUMRNCxJ1i90cKNePLaIE/a1R4p7pwa5sR069uu94PGahQx KDd8w0/3dFeQoQTALhvrkxdKCDgi4GWzCnB1KD2k4lZncPOrx0yGRx8H0lXO+MgN 6+0zg5EaG1bdk4aYoyYKTPIYPRVbJBpg9pisgJ+IL452P1F7zmaUq2vtSZMl7JIN xwzxuMKAR7letp+Ji7HRb34rex7ni0bIMndDs1sBjesUK1C9c2gRUtj2uhRStS9a 0sqmVjCqGxaXzsKL+5AqJY8VYbPCXvxhoNGHzGA6SdFv/bj8l6FOpsrFguNhpFJ4 6QdvgvFuRo2fYXsfRhosyLH4XXfyf4XZiDC4zX6Z1/Ata4mPJCgbS/aoewEIarm5 Nw426CdjAtefXdeRbRd/VRmZPNriolXlYI11VxhM9xpmw0Ag75jq+meNF3+wi9G0 6m8OoG+6FhUc4UcLv/OiSFHZgy3eTP6wIqa/6FG1gh7wta2+sXM= =IQ2D -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0195",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.1.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.3"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "webkitgtk",
"scope": "lt",
"trust": 1.0,
"vendor": "webkitgtk",
"version": "2.30.6"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.3"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.14"
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "tvos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "webkitgtk",
"scope": null,
"trust": 0.8,
"vendor": "the webkitgtk team",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017364"
},
{
"db": "NVD",
"id": "CVE-2020-29623"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "162412"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1572"
}
],
"trust": 0.7
},
"cve": "CVE-2020-29623",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-29623",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-376371",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2020-29623",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-29623",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-29623",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2020-29623",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1572",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-376371",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2020-29623",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376371"
},
{
"db": "VULMON",
"id": "CVE-2020-29623"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017364"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1572"
},
{
"db": "NVD",
"id": "CVE-2020-29623"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\"Clear History and Website Data\" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. plural Apple There are unspecified vulnerabilities in the product.Information may be tampered with. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. A security issue exists in WebKitGTK prior to 2.30.6 and WPE WebKit prior to 2.30.6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: GNOME security, bug fix, and enhancement update\nAdvisory ID: RHSA-2021:4381-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:4381\nIssue date: 2021-11-09\nCVE Names: CVE-2020-13558 CVE-2020-24870 CVE-2020-27918\n CVE-2020-29623 CVE-2020-36241 CVE-2021-1765\n CVE-2021-1788 CVE-2021-1789 CVE-2021-1799\n CVE-2021-1801 CVE-2021-1844 CVE-2021-1870\n CVE-2021-1871 CVE-2021-21775 CVE-2021-21779\n CVE-2021-21806 CVE-2021-28650 CVE-2021-30663\n CVE-2021-30665 CVE-2021-30682 CVE-2021-30689\n CVE-2021-30720 CVE-2021-30734 CVE-2021-30744\n CVE-2021-30749 CVE-2021-30758 CVE-2021-30795\n CVE-2021-30797 CVE-2021-30799\n====================================================================\n1. Summary:\n\nAn update for GNOME is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nGNOME is the default desktop environment of Red Hat Enterprise Linux. \n\nThe following packages have been upgraded to a later upstream version: gdm\n(40.0), webkit2gtk3 (2.32.3). (BZ#1909300)\n\nSecurity Fix(es):\n\n* webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to\narbitrary code execution (CVE-2020-13558)\n\n* LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in\nidentify.cpp (CVE-2020-24870)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution\n(CVE-2020-27918)\n\n* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution\n(CVE-2021-1788)\n\n* webkitgtk: Type confusion issue leading to arbitrary code execution\n(CVE-2021-1789)\n\n* webkitgtk: Access to restricted ports on arbitrary servers via port\nredirection (CVE-2021-1799)\n\n* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801)\n\n* webkitgtk: Memory corruption issue leading to arbitrary code execution\n(CVE-2021-1844)\n\n* webkitgtk: Logic issue leading to arbitrary code execution\n(CVE-2021-1870)\n\n* webkitgtk: Logic issue leading to arbitrary code execution\n(CVE-2021-1871)\n\n* webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent\nleading to information leak and possibly code execution (CVE-2021-21775)\n\n* webkitgtk: Use-after-free in WebCore::GraphicsContext leading to\ninformation leak and possibly code execution (CVE-2021-21779)\n\n* webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code\nexecution (CVE-2021-21806)\n\n* webkitgtk: Integer overflow leading to arbitrary code execution\n(CVE-2021-30663)\n\n* webkitgtk: Memory corruption leading to arbitrary code execution\n(CVE-2021-30665)\n\n* webkitgtk: Logic issue leading to leak of sensitive user information\n(CVE-2021-30682)\n\n* webkitgtk: Logic issue leading to universal cross site scripting attack\n(CVE-2021-30689)\n\n* webkitgtk: Logic issue allowing access to restricted ports on arbitrary\nservers (CVE-2021-30720)\n\n* webkitgtk: Memory corruptions leading to arbitrary code execution\n(CVE-2021-30734)\n\n* webkitgtk: Cross-origin issue with iframe elements leading to universal\ncross site scripting attack (CVE-2021-30744)\n\n* webkitgtk: Memory corruptions leading to arbitrary code execution\n(CVE-2021-30749)\n\n* webkitgtk: Type confusion leading to arbitrary code execution\n(CVE-2021-30758)\n\n* webkitgtk: Use-after-free leading to arbitrary code execution\n(CVE-2021-30795)\n\n* webkitgtk: Insufficient checks leading to arbitrary code execution\n(CVE-2021-30797)\n\n* webkitgtk: Memory corruptions leading to arbitrary code execution\n(CVE-2021-30799)\n\n* webkitgtk: User may be unable to fully delete browsing history\n(CVE-2020-29623)\n\n* gnome-autoar: Directory traversal via directory symbolic links pointing\noutside of the destination directory (CVE-2020-36241)\n\n* gnome-autoar: Directory traversal via directory symbolic links pointing\noutside of the destination directory (incomplete CVE-2020-36241 fix)\n(CVE-2021-28650)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nGDM must be restarted for this update to take effect. The GNOME session\nmust be restarted (log out, then log back in) for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time\n1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8)\n1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop\n1813727 - Files copied from NFS4 to Desktop can\u0027t be opened\n1854679 - [RFE] Disable left edge gesture\n1873297 - Gnome-software coredumps when run as root in terminal\n1873488 - GTK3 prints errors with overlay scrollbar disabled\n1888404 - Updates page hides ongoing updates on refresh\n1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3. \n1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ... \n1904139 - Automatic Logout Feature not working\n1905000 - Desktop refresh broken after unlock\n1909300 - gdm isn\u0027t killing the login screen on login after all, should rebase to latest release\n1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot\n1924725 - [Wayland] Double-touch desktop icons fails sometimes\n1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory\n1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp\n1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution\n1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login\n1937416 - Rebase WebKitGTK to 2.32\n1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0]\n1938937 - Mutter: mouse click doesn\u0027t work when using 10-bit graphic monitor [rhel-8.5.0]\n1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix)\n1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution\n1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history\n1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation\n1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution\n1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection\n1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation\n1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution\n1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution\n1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution\n1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution\n1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH\n1951086 - Disable the Facebook provider\n1952136 - Disable the Foursquare provider\n1955754 - gnome-session kiosk-session support still isn\u0027t up to muster\n1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide\n1960705 - Vino nonfunctional in FIPS mode\n1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V\n1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens\n1971534 - gnome-shell[2343]: gsignal.c:2642: instance \u00270x5583c61f9280\u0027 has no handler with id \u002723831\u0027\n1972545 - flatpak: Prefer runtime from the same origin as the application\n1978287 - gnome-shell to include / Documented - PolicyKit-authentication-agent\n1978505 - Gnome Software development package is missing important header files. \n1978612 - pt_BR translations for \"Register System\" panel\n1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution\n1980661 - \"Screen Lock disabled\" notification appears on first login after disabling gdm and notification pop-up. \n1981420 - Improve style of overview close buttons\n1986863 - CVE-2021-21775 webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution\n1986866 - CVE-2021-21779 webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution\n1986872 - CVE-2021-30663 webkitgtk: Integer overflow leading to arbitrary code execution\n1986874 - CVE-2021-30665 webkitgtk: Memory corruption leading to arbitrary code execution\n1986879 - CVE-2021-30682 webkitgtk: Logic issue leading to leak of sensitive user information\n1986881 - CVE-2021-30689 webkitgtk: Logic issue leading to universal cross site scripting attack\n1986883 - CVE-2021-30720 webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers\n1986886 - CVE-2021-30734 webkitgtk: Memory corruptions leading to arbitrary code execution\n1986888 - CVE-2021-30744 webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack\n1986890 - CVE-2021-30749 webkitgtk: Memory corruptions leading to arbitrary code execution\n1986892 - CVE-2021-30758 webkitgtk: Type confusion leading to arbitrary code execution\n1986900 - CVE-2021-30795 webkitgtk: Use-after-free leading to arbitrary code execution\n1986902 - CVE-2021-30797 webkitgtk: Insufficient checks leading to arbitrary code execution\n1986906 - CVE-2021-30799 webkitgtk: Memory corruptions leading to arbitrary code execution\n1987233 - [RHEL8.5]Login screen shows dots when entering username\n1989035 - terminal don\u0027t redraw if partially off screen\n1998989 - [RHEL8.5] [Hyper-V]Cannot display GUI after installed RHEL8.5 recent build\n1999120 - Gnome file manager crashes Xwayland/Desktop on drag/drop of files\n2004170 - Unable to login to session via xdmcp\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nLibRaw-0.19.5-3.el8.src.rpm\naccountsservice-0.6.55-2.el8.src.rpm\ngdm-40.0-15.el8.src.rpm\ngnome-autoar-0.2.3-2.el8.src.rpm\ngnome-calculator-3.28.2-2.el8.src.rpm\ngnome-control-center-3.28.2-28.el8.src.rpm\ngnome-online-accounts-3.28.2-3.el8.src.rpm\ngnome-session-3.28.1-13.el8.src.rpm\ngnome-settings-daemon-3.32.0-16.el8.src.rpm\ngnome-shell-3.32.2-40.el8.src.rpm\ngnome-shell-extensions-3.32.1-20.el8.src.rpm\ngnome-software-3.36.1-10.el8.src.rpm\ngtk3-3.22.30-8.el8.src.rpm\nmutter-3.32.2-60.el8.src.rpm\nvino-3.22.0-11.el8.src.rpm\nwebkit2gtk3-2.32.3-2.el8.src.rpm\n\naarch64:\naccountsservice-0.6.55-2.el8.aarch64.rpm\naccountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm\naccountsservice-debugsource-0.6.55-2.el8.aarch64.rpm\naccountsservice-libs-0.6.55-2.el8.aarch64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm\ngdm-40.0-15.el8.aarch64.rpm\ngdm-debuginfo-40.0-15.el8.aarch64.rpm\ngdm-debugsource-40.0-15.el8.aarch64.rpm\ngnome-autoar-0.2.3-2.el8.aarch64.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm\ngnome-calculator-3.28.2-2.el8.aarch64.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm\ngnome-control-center-3.28.2-28.el8.aarch64.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm\ngnome-online-accounts-3.28.2-3.el8.aarch64.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm\ngnome-session-3.28.1-13.el8.aarch64.rpm\ngnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm\ngnome-session-debugsource-3.28.1-13.el8.aarch64.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm\ngnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm\ngnome-session-xsession-3.28.1-13.el8.aarch64.rpm\ngnome-settings-daemon-3.32.0-16.el8.aarch64.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm\ngnome-shell-3.32.2-40.el8.aarch64.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm\ngnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm\ngnome-software-3.36.1-10.el8.aarch64.rpm\ngnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm\ngnome-software-debugsource-3.36.1-10.el8.aarch64.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm\ngtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-3.22.30-8.el8.aarch64.rpm\ngtk3-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-debugsource-3.22.30-8.el8.aarch64.rpm\ngtk3-devel-3.22.30-8.el8.aarch64.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm\nmutter-3.32.2-60.el8.aarch64.rpm\nmutter-debuginfo-3.32.2-60.el8.aarch64.rpm\nmutter-debugsource-3.32.2-60.el8.aarch64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm\nvino-3.22.0-11.el8.aarch64.rpm\nvino-debuginfo-3.22.0-11.el8.aarch64.rpm\nvino-debugsource-3.22.0-11.el8.aarch64.rpm\nwebkit2gtk3-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm\n\nnoarch:\ngnome-classic-session-3.32.1-20.el8.noarch.rpm\ngnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm\ngnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-common-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm\n\nppc64le:\nLibRaw-0.19.5-3.el8.ppc64le.rpm\nLibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm\nLibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm\naccountsservice-0.6.55-2.el8.ppc64le.rpm\naccountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm\naccountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm\naccountsservice-libs-0.6.55-2.el8.ppc64le.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm\ngdm-40.0-15.el8.ppc64le.rpm\ngdm-debuginfo-40.0-15.el8.ppc64le.rpm\ngdm-debugsource-40.0-15.el8.ppc64le.rpm\ngnome-autoar-0.2.3-2.el8.ppc64le.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm\ngnome-calculator-3.28.2-2.el8.ppc64le.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm\ngnome-control-center-3.28.2-28.el8.ppc64le.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm\ngnome-online-accounts-3.28.2-3.el8.ppc64le.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm\ngnome-session-3.28.1-13.el8.ppc64le.rpm\ngnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm\ngnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm\ngnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm\ngnome-session-xsession-3.28.1-13.el8.ppc64le.rpm\ngnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm\ngnome-shell-3.32.2-40.el8.ppc64le.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm\ngnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm\ngnome-software-3.36.1-10.el8.ppc64le.rpm\ngnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm\ngnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm\ngtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-3.22.30-8.el8.ppc64le.rpm\ngtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-debugsource-3.22.30-8.el8.ppc64le.rpm\ngtk3-devel-3.22.30-8.el8.ppc64le.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm\nmutter-3.32.2-60.el8.ppc64le.rpm\nmutter-debuginfo-3.32.2-60.el8.ppc64le.rpm\nmutter-debugsource-3.32.2-60.el8.ppc64le.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm\nvino-3.22.0-11.el8.ppc64le.rpm\nvino-debuginfo-3.22.0-11.el8.ppc64le.rpm\nvino-debugsource-3.22.0-11.el8.ppc64le.rpm\nwebkit2gtk3-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm\n\ns390x:\naccountsservice-0.6.55-2.el8.s390x.rpm\naccountsservice-debuginfo-0.6.55-2.el8.s390x.rpm\naccountsservice-debugsource-0.6.55-2.el8.s390x.rpm\naccountsservice-libs-0.6.55-2.el8.s390x.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm\ngdm-40.0-15.el8.s390x.rpm\ngdm-debuginfo-40.0-15.el8.s390x.rpm\ngdm-debugsource-40.0-15.el8.s390x.rpm\ngnome-autoar-0.2.3-2.el8.s390x.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm\ngnome-calculator-3.28.2-2.el8.s390x.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm\ngnome-control-center-3.28.2-28.el8.s390x.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm\ngnome-online-accounts-3.28.2-3.el8.s390x.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm\ngnome-session-3.28.1-13.el8.s390x.rpm\ngnome-session-debuginfo-3.28.1-13.el8.s390x.rpm\ngnome-session-debugsource-3.28.1-13.el8.s390x.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm\ngnome-session-wayland-session-3.28.1-13.el8.s390x.rpm\ngnome-session-xsession-3.28.1-13.el8.s390x.rpm\ngnome-settings-daemon-3.32.0-16.el8.s390x.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm\ngnome-shell-3.32.2-40.el8.s390x.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm\ngnome-shell-debugsource-3.32.2-40.el8.s390x.rpm\ngnome-software-3.36.1-10.el8.s390x.rpm\ngnome-software-debuginfo-3.36.1-10.el8.s390x.rpm\ngnome-software-debugsource-3.36.1-10.el8.s390x.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm\ngtk-update-icon-cache-3.22.30-8.el8.s390x.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-3.22.30-8.el8.s390x.rpm\ngtk3-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-debugsource-3.22.30-8.el8.s390x.rpm\ngtk3-devel-3.22.30-8.el8.s390x.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-immodule-xim-3.22.30-8.el8.s390x.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm\nmutter-3.32.2-60.el8.s390x.rpm\nmutter-debuginfo-3.32.2-60.el8.s390x.rpm\nmutter-debugsource-3.32.2-60.el8.s390x.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm\nvino-3.22.0-11.el8.s390x.rpm\nvino-debuginfo-3.22.0-11.el8.s390x.rpm\nvino-debugsource-3.22.0-11.el8.s390x.rpm\nwebkit2gtk3-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm\n\nx86_64:\nLibRaw-0.19.5-3.el8.i686.rpm\nLibRaw-0.19.5-3.el8.x86_64.rpm\nLibRaw-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm\nLibRaw-debugsource-0.19.5-3.el8.i686.rpm\nLibRaw-debugsource-0.19.5-3.el8.x86_64.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm\naccountsservice-0.6.55-2.el8.x86_64.rpm\naccountsservice-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm\naccountsservice-debugsource-0.6.55-2.el8.i686.rpm\naccountsservice-debugsource-0.6.55-2.el8.x86_64.rpm\naccountsservice-libs-0.6.55-2.el8.i686.rpm\naccountsservice-libs-0.6.55-2.el8.x86_64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm\ngdm-40.0-15.el8.i686.rpm\ngdm-40.0-15.el8.x86_64.rpm\ngdm-debuginfo-40.0-15.el8.i686.rpm\ngdm-debuginfo-40.0-15.el8.x86_64.rpm\ngdm-debugsource-40.0-15.el8.i686.rpm\ngdm-debugsource-40.0-15.el8.x86_64.rpm\ngnome-autoar-0.2.3-2.el8.i686.rpm\ngnome-autoar-0.2.3-2.el8.x86_64.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.i686.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm\ngnome-calculator-3.28.2-2.el8.x86_64.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm\ngnome-control-center-3.28.2-28.el8.x86_64.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm\ngnome-online-accounts-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-3.28.2-3.el8.x86_64.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm\ngnome-session-3.28.1-13.el8.x86_64.rpm\ngnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm\ngnome-session-debugsource-3.28.1-13.el8.x86_64.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm\ngnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm\ngnome-session-xsession-3.28.1-13.el8.x86_64.rpm\ngnome-settings-daemon-3.32.0-16.el8.x86_64.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm\ngnome-shell-3.32.2-40.el8.x86_64.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm\ngnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm\ngnome-software-3.36.1-10.el8.x86_64.rpm\ngnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm\ngnome-software-debugsource-3.36.1-10.el8.x86_64.rpm\ngsettings-desktop-schemas-3.32.0-6.el8.i686.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm\ngtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-3.22.30-8.el8.i686.rpm\ngtk3-3.22.30-8.el8.x86_64.rpm\ngtk3-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-debugsource-3.22.30-8.el8.i686.rpm\ngtk3-debugsource-3.22.30-8.el8.x86_64.rpm\ngtk3-devel-3.22.30-8.el8.i686.rpm\ngtk3-devel-3.22.30-8.el8.x86_64.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm\nmutter-3.32.2-60.el8.i686.rpm\nmutter-3.32.2-60.el8.x86_64.rpm\nmutter-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-debuginfo-3.32.2-60.el8.x86_64.rpm\nmutter-debugsource-3.32.2-60.el8.i686.rpm\nmutter-debugsource-3.32.2-60.el8.x86_64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm\nvino-3.22.0-11.el8.x86_64.rpm\nvino-debuginfo-3.22.0-11.el8.x86_64.rpm\nvino-debugsource-3.22.0-11.el8.x86_64.rpm\nwebkit2gtk3-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\ngsettings-desktop-schemas-3.32.0-6.el8.src.rpm\n\naarch64:\ngsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm\n\nppc64le:\ngsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm\n\ns390x:\ngsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm\n\nx86_64:\ngsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm\n\nRed Hat Enterprise Linux CRB (v. 8):\n\naarch64:\naccountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm\naccountsservice-debugsource-0.6.55-2.el8.aarch64.rpm\naccountsservice-devel-0.6.55-2.el8.aarch64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm\ngnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm\ngnome-software-debugsource-3.36.1-10.el8.aarch64.rpm\ngnome-software-devel-3.36.1-10.el8.aarch64.rpm\nmutter-debuginfo-3.32.2-60.el8.aarch64.rpm\nmutter-debugsource-3.32.2-60.el8.aarch64.rpm\nmutter-devel-3.32.2-60.el8.aarch64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm\n\nppc64le:\nLibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm\nLibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm\nLibRaw-devel-0.19.5-3.el8.ppc64le.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm\naccountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm\naccountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm\naccountsservice-devel-0.6.55-2.el8.ppc64le.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm\ngnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm\ngnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm\ngnome-software-devel-3.36.1-10.el8.ppc64le.rpm\nmutter-debuginfo-3.32.2-60.el8.ppc64le.rpm\nmutter-debugsource-3.32.2-60.el8.ppc64le.rpm\nmutter-devel-3.32.2-60.el8.ppc64le.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm\n\ns390x:\naccountsservice-debuginfo-0.6.55-2.el8.s390x.rpm\naccountsservice-debugsource-0.6.55-2.el8.s390x.rpm\naccountsservice-devel-0.6.55-2.el8.s390x.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm\ngnome-software-debuginfo-3.36.1-10.el8.s390x.rpm\ngnome-software-debugsource-3.36.1-10.el8.s390x.rpm\ngnome-software-devel-3.36.1-10.el8.s390x.rpm\nmutter-debuginfo-3.32.2-60.el8.s390x.rpm\nmutter-debugsource-3.32.2-60.el8.s390x.rpm\nmutter-devel-3.32.2-60.el8.s390x.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm\n\nx86_64:\nLibRaw-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm\nLibRaw-debugsource-0.19.5-3.el8.i686.rpm\nLibRaw-debugsource-0.19.5-3.el8.x86_64.rpm\nLibRaw-devel-0.19.5-3.el8.i686.rpm\nLibRaw-devel-0.19.5-3.el8.x86_64.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm\naccountsservice-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm\naccountsservice-debugsource-0.6.55-2.el8.i686.rpm\naccountsservice-debugsource-0.6.55-2.el8.x86_64.rpm\naccountsservice-devel-0.6.55-2.el8.i686.rpm\naccountsservice-devel-0.6.55-2.el8.x86_64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm\ngnome-software-3.36.1-10.el8.i686.rpm\ngnome-software-debuginfo-3.36.1-10.el8.i686.rpm\ngnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm\ngnome-software-debugsource-3.36.1-10.el8.i686.rpm\ngnome-software-debugsource-3.36.1-10.el8.x86_64.rpm\ngnome-software-devel-3.36.1-10.el8.i686.rpm\ngnome-software-devel-3.36.1-10.el8.x86_64.rpm\nmutter-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-debuginfo-3.32.2-60.el8.x86_64.rpm\nmutter-debugsource-3.32.2-60.el8.i686.rpm\nmutter-debugsource-3.32.2-60.el8.x86_64.rpm\nmutter-devel-3.32.2-60.el8.i686.rpm\nmutter-devel-3.32.2-60.el8.x86_64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-13558\nhttps://access.redhat.com/security/cve/CVE-2020-24870\nhttps://access.redhat.com/security/cve/CVE-2020-27918\nhttps://access.redhat.com/security/cve/CVE-2020-29623\nhttps://access.redhat.com/security/cve/CVE-2020-36241\nhttps://access.redhat.com/security/cve/CVE-2021-1765\nhttps://access.redhat.com/security/cve/CVE-2021-1788\nhttps://access.redhat.com/security/cve/CVE-2021-1789\nhttps://access.redhat.com/security/cve/CVE-2021-1799\nhttps://access.redhat.com/security/cve/CVE-2021-1801\nhttps://access.redhat.com/security/cve/CVE-2021-1844\nhttps://access.redhat.com/security/cve/CVE-2021-1870\nhttps://access.redhat.com/security/cve/CVE-2021-1871\nhttps://access.redhat.com/security/cve/CVE-2021-21775\nhttps://access.redhat.com/security/cve/CVE-2021-21779\nhttps://access.redhat.com/security/cve/CVE-2021-21806\nhttps://access.redhat.com/security/cve/CVE-2021-28650\nhttps://access.redhat.com/security/cve/CVE-2021-30663\nhttps://access.redhat.com/security/cve/CVE-2021-30665\nhttps://access.redhat.com/security/cve/CVE-2021-30682\nhttps://access.redhat.com/security/cve/CVE-2021-30689\nhttps://access.redhat.com/security/cve/CVE-2021-30720\nhttps://access.redhat.com/security/cve/CVE-2021-30734\nhttps://access.redhat.com/security/cve/CVE-2021-30744\nhttps://access.redhat.com/security/cve/CVE-2021-30749\nhttps://access.redhat.com/security/cve/CVE-2021-30758\nhttps://access.redhat.com/security/cve/CVE-2021-30795\nhttps://access.redhat.com/security/cve/CVE-2021-30797\nhttps://access.redhat.com/security/cve/CVE-2021-30799\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYYrdm9zjgjWX9erEAQhgIA/+KzLn8QVHI3X8x9ufH1+nO8QXQqwTGQ0E\nawNXP8h4qsL7EGugHrz/KVjwaKJs/erPxh5jGl/xE1ZhngGlyStUpQkI2Y3cP2/3\n05jDPPS0QEfG5Y0rlnESyPxtwQTCpqped5P7L8VtKuzRae1HV63onsBB8zpcIFF7\nsTKcP6wAAjJDltUjlhnEkkE3G6Dxfv14/UowRAWoT9pa9cP0+KqdhuYKHdt3fCD7\ntEItM/SFQGoCF8zvXbvAiUXfZsQ/t/Yik9O6WISTWenaxCcP43Xn7aicsvZMVOvQ\nw+jnH/hnMLBoPhH2k4PClsDapa/D6IrQIUrwxtgfbC4KRs0fbdrEGCPqs4nl/AdD\nMigcf4gCMBq0bk3/yKp+/bi+OWwRMmw3ZdkJsOTNrOAkK1UCyrpF1ULyfs+8/OC5\nQnXW88fPCwhFj+KSAq5Cqfwm3hrKTCWIT/T1DQBG+J7Y9NgEx+zEXVmWaaA0z+7T\nqji5aUsIH+TG3t1EwtXABWGGEBRxC+svUoWNJBW1u6qwxfMx5E+hHUHhRewVYLYu\nSToRXa3cIX23M/XyHNXBgMCpPPw8DeY5aAA1fvKQsuMCLywDg0N3mYhvk1HUNidb\nZ6HmsLjLrGbkb1AAhP0V0wUuh5P6YJlL6iM49fQgztlHoBO0OAo56GBjAyT3pAAX\n2rgR2Ny0wo4=gfrM\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nSecurity Fix(es):\n\n* mig-controller: incorrect namespaces handling may lead to not authorized\nusage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2019088 - \"MigrationController\" CR displays syntax error when unquiescing applications\n2021666 - Route name longer than 63 characters causes direct volume migration to fail\n2021668 - \"MigrationController\" CR ignores the \"cluster_subdomain\" value for direct volume migration routes\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image\n2027196 - \"migration-controller\" pod goes into \"CrashLoopBackoff\" state if an invalid registry route is entered on the \"Clusters\" page of the web console\n2027382 - \"Copy oc describe/oc logs\" window does not close automatically after timeout\n2028841 - \"rsync-client\" container fails during direct volume migration with \"Address family not supported by protocol\" error\n2031793 - \"migration-controller\" pod goes into \"CrashLoopBackOff\" state if \"MigPlan\" CR contains an invalid \"includedResources\" resource\n2039852 - \"migration-controller\" pod goes into \"CrashLoopBackOff\" state if \"MigPlan\" CR contains an invalid \"destMigClusterRef\" or \"srcMigClusterRef\"\n\n5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202104-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: April 30, 2021\n Bugs: #770793, #773193\n ID: 202104-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nBackground\n==========\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from\nhybrid HTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.30.6 \u003e= 2.30.6\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in WebkitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.30.6\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-13558\n https://nvd.nist.gov/vuln/detail/CVE-2020-13558\n[ 2 ] CVE-2020-27918\n https://nvd.nist.gov/vuln/detail/CVE-2020-27918\n[ 3 ] CVE-2020-29623\n https://nvd.nist.gov/vuln/detail/CVE-2020-29623\n[ 4 ] CVE-2020-9947\n https://nvd.nist.gov/vuln/detail/CVE-2020-9947\n[ 5 ] CVE-2021-1765\n https://nvd.nist.gov/vuln/detail/CVE-2021-1765\n[ 6 ] CVE-2021-1789\n https://nvd.nist.gov/vuln/detail/CVE-2021-1789\n[ 7 ] CVE-2021-1799\n https://nvd.nist.gov/vuln/detail/CVE-2021-1799\n[ 8 ] CVE-2021-1801\n https://nvd.nist.gov/vuln/detail/CVE-2021-1801\n[ 9 ] CVE-2021-1870\n https://nvd.nist.gov/vuln/detail/CVE-2021-1870\n[ 10 ] WSA-2021-0001\n https://webkitgtk.org/security/WSA-2021-0001.html\n[ 11 ] WSA-2021-0002\n https://webkitgtk.org/security/WSA-2021-0002.html\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202104-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4877-1 security@debian.org\nhttps://www.debian.org/security/ Alberto Garcia\nMarch 27, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : webkit2gtk\nCVE ID : CVE-2020-27918 CVE-2020-29623 CVE-2021-1765 CVE-2021-1789\n CVE-2021-1799 CVE-2021-1801 CVE-2021-1870\n\nThe following vulnerabilities have been discovered in the webkit2gtk\nweb engine:\n\nCVE-2020-27918\n\n Liu Long discovered that processing maliciously crafted web\n content may lead to arbitrary code execution. \n\nCVE-2021-1765\n\n Eliya Stein discovered that maliciously crafted web content may\n violate iframe sandboxing policy. \n\nCVE-2021-1799\n\n Gregory Vishnepolsky, Ben Seri and Samy Kamkar discovered that a\n malicious website may be able to access restricted ports on\n arbitrary servers. \n\nCVE-2021-1870\n\n An anonymous researcher discovered that processing maliciously\n crafted web content may lead to arbitrary code execution. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.30.6-1~deb10u1. \n\nWe recommend that you upgrade your webkit2gtk packages. \n\nFor the detailed security status of webkit2gtk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/webkit2gtk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmBe0l1fFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0S5hQ/8C2v1zUfBwSGNyQkeH/8SJ4P39FOtLS7uKAsBu24uFgQn0NJ2tITsGU+d\nMvPT813PYFND7RRjwch+KVhxfj1py0JzxeizGNJf8B5qocfCLJn/cGzrxIqurxVC\neiwum9x49P9+kCBfiBBz3hTGiaVJa9HdgonauOhlxgVITYDqgE5Z5jTpKaM3lKQv\nqa9CIrP0zaGdOVwY9PUMRNCxJ1i90cKNePLaIE/a1R4p7pwa5sR069uu94PGahQx\nKDd8w0/3dFeQoQTALhvrkxdKCDgi4GWzCnB1KD2k4lZncPOrx0yGRx8H0lXO+MgN\n6+0zg5EaG1bdk4aYoyYKTPIYPRVbJBpg9pisgJ+IL452P1F7zmaUq2vtSZMl7JIN\nxwzxuMKAR7letp+Ji7HRb34rex7ni0bIMndDs1sBjesUK1C9c2gRUtj2uhRStS9a\n0sqmVjCqGxaXzsKL+5AqJY8VYbPCXvxhoNGHzGA6SdFv/bj8l6FOpsrFguNhpFJ4\n6QdvgvFuRo2fYXsfRhosyLH4XXfyf4XZiDC4zX6Z1/Ata4mPJCgbS/aoewEIarm5\nNw426CdjAtefXdeRbRd/VRmZPNriolXlYI11VxhM9xpmw0Ag75jq+meNF3+wi9G0\n6m8OoG+6FhUc4UcLv/OiSFHZgy3eTP6wIqa/6FG1gh7wta2+sXM=\n=IQ2D\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-29623"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017364"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-376371"
},
{
"db": "VULMON",
"id": "CVE-2020-29623"
},
{
"db": "PACKETSTORM",
"id": "164872"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "162412"
},
{
"db": "PACKETSTORM",
"id": "169018"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-29623",
"trust": 3.8
},
{
"db": "PACKETSTORM",
"id": "162412",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "164872",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95288122",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017364",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1572",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1071",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1486",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3779",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0245",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1078",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0382",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2194",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1566",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050106",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-376371",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-29623",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165631",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169018",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376371"
},
{
"db": "VULMON",
"id": "CVE-2020-29623"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017364"
},
{
"db": "PACKETSTORM",
"id": "164872"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "162412"
},
{
"db": "PACKETSTORM",
"id": "169018"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1572"
},
{
"db": "NVD",
"id": "CVE-2020-29623"
}
]
},
"id": "VAR-202104-0195",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-376371"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:27:15.342000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212011",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/"
},
{
"title": "Apple macOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146568"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-29623 log"
},
{
"title": "Debian Security Advisories: DSA-4877-1 webkit2gtk -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=54614041ef5c5198dc0441d800a306fb"
},
{
"title": "Arch Linux Advisories: [ASA-202103-25] wpewebkit: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202103-25"
},
{
"title": "Arch Linux Advisories: [ASA-202103-24] webkit2gtk: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202103-24"
},
{
"title": "Amazon Linux 2: ALAS2-2023-2088",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-2088"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-29623"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017364"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1572"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017364"
},
{
"db": "NVD",
"id": "CVE-2020-29623"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://security.gentoo.org/glsa/202104-03"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212003"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212005"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212011"
},
{
"trust": 1.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29623"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/l3l6zzou5js7e3rfyglp7uflxcg7tnlu/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jn6zod62cto54chtmjthvef6r2y532tj/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jn6zod62cto54chtmjthvef6r2y532tj/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l3l6zzou5js7e3rfyglp7uflxcg7tnlu/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95288122/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0245"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050106"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0382"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3779"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1566"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162412/gentoo-linux-security-advisory-202104-03.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164872/red-hat-security-advisory-2021-4381-05.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkitgtk-multiple-vulnerabilities-34951"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1078"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1486"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2194"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1071"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1765"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1801"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1870"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13558"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1799"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27918"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1789"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30744"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1844"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21775"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1871"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21806"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30734"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30758"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1870"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1801"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36241"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30797"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1765"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13558"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-28650"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24870"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1799"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21779"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-29623"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1789"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27918"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30749"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30795"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30663"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1788"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30799"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30665"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30689"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30682"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2020-29623"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/2021/dsa-4877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30689"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1871"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30758"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24870"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36241"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28650"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3575"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15389"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-18032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3948"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27828"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26926"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0202"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15389"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9947"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0002.html"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0001.html"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/webkit2gtk"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376371"
},
{
"db": "VULMON",
"id": "CVE-2020-29623"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017364"
},
{
"db": "PACKETSTORM",
"id": "164872"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "162412"
},
{
"db": "PACKETSTORM",
"id": "169018"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1572"
},
{
"db": "NVD",
"id": "CVE-2020-29623"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-376371"
},
{
"db": "VULMON",
"id": "CVE-2020-29623"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017364"
},
{
"db": "PACKETSTORM",
"id": "164872"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "162412"
},
{
"db": "PACKETSTORM",
"id": "169018"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1572"
},
{
"db": "NVD",
"id": "CVE-2020-29623"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-376371"
},
{
"date": "2021-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-29623"
},
{
"date": "2022-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-017364"
},
{
"date": "2021-11-10T17:09:58",
"db": "PACKETSTORM",
"id": "164872"
},
{
"date": "2022-01-20T17:48:29",
"db": "PACKETSTORM",
"id": "165631"
},
{
"date": "2021-05-03T20:24:45",
"db": "PACKETSTORM",
"id": "162412"
},
{
"date": "2021-03-28T19:12:00",
"db": "PACKETSTORM",
"id": "169018"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1572"
},
{
"date": "2021-04-02T18:15:17.887000",
"db": "NVD",
"id": "CVE-2020-29623"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-02T00:00:00",
"db": "VULHUB",
"id": "VHN-376371"
},
{
"date": "2021-06-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-29623"
},
{
"date": "2022-09-09T02:11:00",
"db": "JVNDB",
"id": "JVNDB-2020-017364"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1572"
},
{
"date": "2024-11-21T05:24:20.450000",
"db": "NVD",
"id": "CVE-2020-29623"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1572"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Apple\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017364"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1572"
}
],
"trust": 1.2
}
}
var-202202-0156
Vulnerability from variot
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-6026-1 April 19, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and
expose sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-4166)
It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4192)
It was discovered that Vim was incorrectly handling virtual column position operations, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4193)
It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0213)
It was discovered that Vim was incorrectly performing read and write operations when in visual block mode, going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0261, CVE-2022-0318)
It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319)
It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0351)
It was discovered that Vim was not properly handling memory allocation when processing data in Ex mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0359)
It was discovered that Vim was not properly performing bounds checks when executing line operations in Visual mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361, CVE-2022-0368)
It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0408)
It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0629)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. (CVE-2022-2207)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.7
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.14
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.13
Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm9
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13
macOS Ventura 13 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213488.
Accelerate Framework Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36)
AppleAVD Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to cause a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, an anonymous researcher
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc.
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved checks. CVE-2022-32890: Mickey Jin (@patch1t)
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2022-42796: an anonymous researcher
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022
AVEVideoEncoder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o.
Calendar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher
CFNetwork Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)
ColorSync Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. CVE-2022-26730: David Hoyt of Hoyt LLC
Crash Reporter Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection. CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike
curl Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.84.0. CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208
Directory Utility Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: A logic issue was addressed with improved checks. CVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc.
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03)
Exchange Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher
FaceTime Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2022-32935: Bistrit Dahal Entry added October 27, 2022
Find My Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A malicious application may be able to read sensitive location information Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security, Wojciech Reguła of SecuRing (wojciechregula.blog)
Finder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges Description: This issue was addressed with improved validation of symlinks. CVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies LTD
GPU Drivers Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi)
Grapher Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution Description: The issue was addressed with improved memory handling. CVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)
Heimdal Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-3437: Evgeny Legerov of Intevydis Entry added October 25, 2022
Image Processing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)
ImageIO Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622
Intel Graphics Driver Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-32936: Antonio Zekic (@antoniozekic)
IOHIDFamily Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom) Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero Entry added October 27, 2022
Mail Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: This issue was addressed with improved data protection. CVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security
Maps Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com
MediaLibrary Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
Model I/O Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: The issue was addressed with improved memory handling. CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security Light-Year Lab Entry added October 27, 2022
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: A denial-of-service issue was addressed with improved validation. CVE-2022-29458
Notes Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to track user activity Description: This issue was addressed with improved data protection. CVE-2022-42818: Gustav Hansen from WithSecure
Notifications Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer
PackageKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A race condition was addressed with improved state handling. CVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Photos Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection. CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022
Ruby Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Security Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania
Sidecar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital
Siri Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)
SMB Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger
Software Update Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro
SQLite Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690
Vim Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0696 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1381 CVE-2022-1420 CVE-2022-1725 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126
Weather Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc (@xmzyshypnc1)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose internal states of the app Description: A correctness issue in the JIT was addressed with improved checks. WebKit Bugzilla: 242964 CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab Entry added October 27, 2022
WebKit PDF Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative
WebKit Sandboxing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab
zlib Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022
Additional recognition
Airport We would like to acknowledge Joseph Salazar Acuña and Renato Llamoca of Intrado-Life & Safety/Globant for their assistance. AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance.
FaceTime We would like to acknowledge an anonymous researcher for their assistance.
FileVault We would like to acknowledge Timothy Perfitt of Twocanoes Software for their assistance.
Find My We would like to acknowledge an anonymous researcher for their assistance.
Identity Services We would like to acknowledge Joshua Jones for their assistance.
IOAcceleratorFamily We would like to acknowledge Antonio Zekic (@antoniozekic) for their assistance.
Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous researcher for their assistance.
Mail We would like to acknowledge an anonymous researcher for their assistance.
Mail Drafts We would like to acknowledge an anonymous researcher for their assistance.
Networking We would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video Communications for their assistance.
Photo Booth We would like to acknowledge Prashanth Kannan of Dremio for their assistance.
Quick Look We would like to acknowledge Hilary “It’s off by a Pixel” Street for their assistance.
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
smbx We would like to acknowledge HD Moore of runZero Asset Inventory for their assistance.
System We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.
System Settings We would like to acknowledge Bjorn Hellenbrand for their assistance.
UIKit We would like to acknowledge Aleczander Ewing for their assistance.
WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance.
WebRTC We would like to acknowledge an anonymous researcher for their assistance.
macOS Ventura 13 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke Nxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC /v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5 hyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb h3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z Eois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ qdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok r5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ MzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv tswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY +aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU w3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA= =lIdC -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0156",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4397"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005817"
},
{
"db": "NVD",
"id": "CVE-2022-0629"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169551"
}
],
"trust": 0.2
},
"cve": "CVE-2022-0629",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0629",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-415148",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0629",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2022-0629",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-0629",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0629",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0629",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-0629",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1396",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-415148",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0629",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415148"
},
{
"db": "VULMON",
"id": "CVE-2022-0629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005817"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1396"
},
{
"db": "NVD",
"id": "CVE-2022-0629"
},
{
"db": "NVD",
"id": "CVE-2022-0629"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-6026-1\nApril 19, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An \nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS. \n(CVE-2021-4166)\n\nIt was discovered that Vim was using freed memory when dealing with regular\nexpressions inside a visual selection. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu\n20.04 LTS. (CVE-2021-4192)\n\nIt was discovered that Vim was incorrectly handling virtual column position\noperations, which could result in an out-of-bounds read. An attacker could\npossibly use this issue to expose sensitive information. This issue only\naffected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. \n(CVE-2021-4193)\n\nIt was discovered that Vim was not properly performing bounds checks when\nupdating windows present on a screen, which could result in a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0213)\n\nIt was discovered that Vim was incorrectly performing read and write\noperations when in visual block mode, going beyond the end of a line and\ncausing a heap buffer overflow. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu\n22.04 LTS. (CVE-2022-0261, CVE-2022-0318)\n\nIt was discovered that Vim was incorrectly handling window exchanging\noperations when in Visual mode, which could result in an out-of-bounds read. \nAn attacker could possibly use this issue to expose sensitive information. \n(CVE-2022-0319)\n\nIt was discovered that Vim was incorrectly handling recursion when parsing\nconditional expressions. An attacker could possibly use this issue to cause\na denial of service or execute arbitrary code. (CVE-2022-0351)\n\nIt was discovered that Vim was not properly handling memory allocation when\nprocessing data in Ex mode, which could result in a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. (CVE-2022-0359)\n\nIt was discovered that Vim was not properly performing bounds checks when\nexecuting line operations in Visual mode, which could result in a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. This issue only affected\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361,\nCVE-2022-0368)\n\nIt was discovered that Vim was not properly handling loop conditions when\nlooking for spell suggestions, which could result in a stack buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0408)\n\nIt was discovered that Vim was incorrectly handling memory access when\nexecuting buffer operations, which could result in the usage of freed\nmemory. An attacker could possibly use this issue to execute arbitrary\ncode. (CVE-2022-0443)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks for\ncolumn numbers when replacing tabs with spaces or spaces with tabs, which\ncould cause a heap buffer overflow. An attacker could possibly use this\nissue to cause a denial of service or execute arbitrary code. \n(CVE-2022-0572)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS and\nUbuntu 22.04 LTS. (CVE-2022-0629)\n\nIt was discovered that Vim was not properly performing validation of data\nthat contained special multi-byte characters, which could cause an\nout-of-bounds read. An attacker could possibly use this issue to cause a\ndenial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to define\nindentation in a file, which could cause a heap buffer overflow. An\nattacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds read. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0729)\n\nIt was discovered that Vim incorrectly handled memory access. An attacker\ncould potentially use this issue to cause the corruption of sensitive\ninformation, a crash, or arbitrary code execution. (CVE-2022-2207)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.7\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.14\n\nUbuntu 18.04 LTS:\n vim 2:8.0.1453-1ubuntu1.13\n\nUbuntu 14.04 ESM:\n vim 2:7.4.052-1ubuntu3.1+esm9\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13\n\nmacOS Ventura 13 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213488. \n\nAccelerate Framework\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\n\nAppleAVD\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to cause a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, an anonymous researcher\n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32890: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-42796: an anonymous researcher\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42798: Anonymous working with Trend Micro Zero Day\nInitiative\nEntry added October 27, 2022\n\nAVEVideoEncoder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32940: ABC Research s.r.o. \n\nCalendar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\n\nCFNetwork\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A certificate validation issue existed in the handling\nof WKWebView. This issue was addressed with improved validation. \nCVE-2022-42813: Jonathan Zhang of Open Computing Facility\n(ocf.berkeley.edu)\n\nColorSync\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the processing of\nICC profiles. This issue was addressed with improved input\nvalidation. \nCVE-2022-26730: David Hoyt of Hoyt LLC\n\nCrash Reporter\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\n\ncurl\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.84.0. \nCVE-2022-32205\nCVE-2022-32206\nCVE-2022-32207\nCVE-2022-32208\n\nDirectory Utility\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc. \n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32915: Tommy Muir (@Muirey03)\n\nExchange\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\n\nFaceTime\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen \nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2022-32935: Bistrit Dahal\nEntry added October 27, 2022\n\nFind My\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A malicious application may be able to read sensitive\nlocation information\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security,\nWojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nFinder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted DMG file may lead to\narbitrary code execution with system privileges\nDescription: This issue was addressed with improved validation of\nsymlinks. \nCVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies\nLTD\n\nGPU Drivers\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32947: Asahi Lina (@LinaAsahi)\n\nGrapher\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted gcx file may lead to\nunexpected app termination or arbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)\n\nHeimdal\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-3437: Evgeny Legerov of Intevydis\nEntry added October 25, 2022\n\nImage Processing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nImageIO\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\n\nIntel Graphics Driver\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-32936: Antonio Zekic (@antoniozekic)\n\nIOHIDFamily\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-42820: Peter Pan ZhenPeng of STAR Labs\n\nIOKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42806: Tingting Yin of Tsinghua University\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-42808: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: A race condition was addressed with improved locking. \nCVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42801: Ian Beer of Google Project Zero\nEntry added October 27, 2022\n\nMail\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security\n\nMaps\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\n\nMediaLibrary\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nModel I/O\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security\nLight-Year Lab\nEntry added October 27, 2022\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-29458\n\nNotes\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to track\nuser activity\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42818: Gustav Hansen from WithSecure\n\nNotifications\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\n\nPackageKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nPhotos\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-42829: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42830: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42831: an anonymous researcher\nCVE-2022-42832: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A buffer overflow may result in arbitrary code execution \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32941: an anonymous researcher\nEntry added October 27, 2022\n\nRuby\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: A memory corruption issue was addressed by updating Ruby\nto version 2.6.10. \nCVE-2022-28739\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32862: an anonymous researcher\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-42811: Justin Bui (@slyd0g) of Snowflake\n\nSecurity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\n\nShortcuts\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A shortcut may be able to check the existence of an arbitrary\npath on the file system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of\nComputer Science of. Romania\n\nSidecar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\n\nSiri\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)\n\nSMB\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\n\nSoftware Update\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro\n\nSQLite\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\n\nVim\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2022-0261\nCVE-2022-0318\nCVE-2022-0319\nCVE-2022-0351\nCVE-2022-0359\nCVE-2022-0361\nCVE-2022-0368\nCVE-2022-0392\nCVE-2022-0554\nCVE-2022-0572\nCVE-2022-0629\nCVE-2022-0685\nCVE-2022-0696\nCVE-2022-0714\nCVE-2022-0729\nCVE-2022-0943\nCVE-2022-1381\nCVE-2022-1420\nCVE-2022-1725\nCVE-2022-1616\nCVE-2022-1619\nCVE-2022-1620\nCVE-2022-1621\nCVE-2022-1629\nCVE-2022-1674\nCVE-2022-1733\nCVE-2022-1735\nCVE-2022-1769\nCVE-2022-1927\nCVE-2022-1942\nCVE-2022-1968\nCVE-2022-1851\nCVE-2022-1897\nCVE-2022-1898\nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\n\nWeather\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc\n(@xmzyshypnc1)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243693\nCVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 244622\nCVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 245058\nCVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser\nVulnerability Research, Ryan Shin of IAAI SecLab at Korea University,\nDohyun Lee (@l33d0hyun) of DNSLab at Korea University\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\ninternal states of the app\nDescription: A correctness issue in the JIT was addressed with\nimproved checks. \nWebKit Bugzilla: 242964\nCVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab\nEntry added October 27, 2022\n\nWebKit PDF\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 242781\nCVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend\nMicro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\n\nzlib\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution \nDescription: This issue was addressed with improved checks. \nCVE-2022-37434: Evgeny Legerov\nCVE-2022-42800: Evgeny Legerov\nEntry added October 27, 2022\n\nAdditional recognition\n\nAirport\nWe would like to acknowledge Joseph Salazar Acu\u00f1a and Renato Llamoca\nof Intrado-Life \u0026 Safety/Globant for their assistance. \nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nFileVault\nWe would like to acknowledge Timothy Perfitt of Twocanoes Software\nfor their assistance. \n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nIOAcceleratorFamily\nWe would like to acknowledge Antonio Zekic (@antoniozekic) for their\nassistance. \n\nKernel\nWe would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud\n(@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University,\nand Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous\nresearcher for their assistance. \n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMail Drafts\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNetworking\nWe would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video\nCommunications for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \n\nQuick Look\nWe would like to acknowledge Hilary \u201cIt\u2019s off by a Pixel\u201d Street for\ntheir assistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nsmbx\nWe would like to acknowledge HD Moore of runZero Asset Inventory for\ntheir assistance. \n\nSystem\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\nSystem Settings\nWe would like to acknowledge Bjorn Hellenbrand for their assistance. \n\nUIKit\nWe would like to acknowledge Aleczander Ewing for their assistance. \n\nWebKit\nWe would like to acknowledge Maddie Stone of Google Project Zero,\nNarendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an\nanonymous researcher for their assistance. \n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nmacOS Ventura 13 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke\nNxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC\n/v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5\nhyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb\nh3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z\nEois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ\nqdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok\nr5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ\nMzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv\ntswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY\n+aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU\nw3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA=\n=lIdC\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005817"
},
{
"db": "VULHUB",
"id": "VHN-415148"
},
{
"db": "VULMON",
"id": "CVE-2022-0629"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169551"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0629",
"trust": 3.8
},
{
"db": "PACKETSTORM",
"id": "169561",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005817",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1396",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.6148",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169551",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2022-13367",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-415148",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0629",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171934",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415148"
},
{
"db": "VULMON",
"id": "CVE-2022-0629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005817"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1396"
},
{
"db": "NVD",
"id": "CVE-2022-0629"
}
]
},
"id": "VAR-202202-0156",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415148"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:22:34.079000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "crash\u00a0when\u00a0using\u00a0many\u00a0composing\u00a0characters\u00a0in\u00a0error\u00a0message Apple Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"title": "vim Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=183183"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0629"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1771",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1771"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1579",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1579"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005817"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1396"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-121",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415148"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005817"
},
{
"db": "NVD",
"id": "CVE-2022-0629"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/34f8117dec685ace52cd9e578e2729db278163fc"
},
{
"trust": 1.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/uurgabndl77yr5frqktfbynbdqx2ko7q/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/uurgabndl77yr5frqktfbynbdqx2ko7q/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-0629"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-ga-concat-shorten-esc-37625"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6148"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169561/apple-security-advisory-2022-10-27-5.html"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht213488."
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2022-1771.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.13"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6026-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.7"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415148"
},
{
"db": "VULMON",
"id": "CVE-2022-0629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005817"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1396"
},
{
"db": "NVD",
"id": "CVE-2022-0629"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415148"
},
{
"db": "VULMON",
"id": "CVE-2022-0629"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005817"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1396"
},
{
"db": "NVD",
"id": "CVE-2022-0629"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-17T00:00:00",
"db": "VULHUB",
"id": "VHN-415148"
},
{
"date": "2022-02-17T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0629"
},
{
"date": "2023-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005817"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-04-19T13:03:56",
"db": "PACKETSTORM",
"id": "171934"
},
{
"date": "2022-10-31T14:22:32",
"db": "PACKETSTORM",
"id": "169561"
},
{
"date": "2022-10-31T14:19:00",
"db": "PACKETSTORM",
"id": "169551"
},
{
"date": "2022-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1396"
},
{
"date": "2022-02-17T12:15:07.810000",
"db": "NVD",
"id": "CVE-2022-0629"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-02T00:00:00",
"db": "VULHUB",
"id": "VHN-415148"
},
{
"date": "2022-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0629"
},
{
"date": "2023-06-13T08:32:00",
"db": "JVNDB",
"id": "JVNDB-2022-005817"
},
{
"date": "2022-11-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1396"
},
{
"date": "2024-11-21T06:39:04.147000",
"db": "NVD",
"id": "CVE-2022-0629"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1396"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005817"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1396"
}
],
"trust": 0.6
}
}
var-201504-0150
Vulnerability from variot
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlA third party can connect as another user via a request. Both Haxx curl and libcurl are products of the Swedish company Haxx. ============================================================================ Ubuntu Security Notice USN-2591-1 April 30, 2015
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. (CVE-2015-3143)
Hanno B=C3=B6ck discovered that curl incorrectly handled zero-length host names. If a user or automated system were tricked into using a specially crafted host name, an attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. If a user or automated system were tricked into parsing a specially crafted cookie, an attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3148)
Yehezkel Horowitz and Oren Souroujon discovered that curl sent HTTP headers both to servers and proxies by default, contrary to expectations. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3153)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04: libcurl3 7.38.0-3ubuntu2.2 libcurl3-gnutls 7.38.0-3ubuntu2.2 libcurl3-nss 7.38.0-3ubuntu2.2
Ubuntu 14.10: libcurl3 7.37.1-1ubuntu3.4 libcurl3-gnutls 7.37.1-1ubuntu3.4 libcurl3-nss 7.37.1-1ubuntu3.4
Ubuntu 14.04 LTS: libcurl3 7.35.0-1ubuntu2.5 libcurl3-gnutls 7.35.0-1ubuntu2.5 libcurl3-nss 7.35.0-1ubuntu2.5
Ubuntu 12.04 LTS: libcurl3 7.22.0-3ubuntu4.14 libcurl3-gnutls 7.22.0-3ubuntu4.14 libcurl3-nss 7.22.0-3ubuntu4.14
In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201509-02
https://security.gentoo.org/
Severity: Normal Title: cURL: Multiple vulnerabilities Date: September 24, 2015 Bugs: #547376, #552618 ID: 201509-02
Synopsis
Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition.
Background
cURL is a tool and libcurl is a library for transferring data with URL syntax.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.43.0 >= 7.43.0
Description
Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All cURL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.43.0"
References
[ 1 ] CVE-2015-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3143 [ 2 ] CVE-2015-3144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3144 [ 3 ] CVE-2015-3145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3145 [ 4 ] CVE-2015-3148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3148 [ 5 ] CVE-2015-3236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3236 [ 6 ] CVE-2015-3237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3237
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201509-02
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . This is similar to the issue fixed in DSA-2849-1.
CVE-2015-3144
When parsing URLs with a zero-length hostname (such as "http://:80"),
libcurl would try to read from an invalid memory address. This could
allow remote attackers to cause a denial of service (crash). This
issue only affects the upcoming stable (jessie) and unstable (sid)
distributions.
CVE-2015-3145
When parsing HTTP cookies, if the parsed cookie's "path" element
consists of a single double-quote, libcurl would try to write to an
invalid heap memory address. This could allow remote attackers to
cause a denial of service (crash). This issue only affects the
upcoming stable (jessie) and unstable (sid) distributions.
For the stable distribution (wheezy), these problems have been fixed in version 7.26.0-1+wheezy13.
For the upcoming stable distribution (jessie), these problems have been fixed in version 7.38.0-4+deb8u1.
For the unstable distribution (sid), these problems have been fixed in version 7.42.0-1.
We recommend that you upgrade your curl packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04986859
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04986859 Version: 1
HPSBHF03544 rev.1 - HPE iMC PLAT and other HP and H3C products using Comware 7 and cURL, Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-02-19 Last Updated: 2016-02-19
Potential Security Impact: Remote Unauthorized Access
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities in cURL and libcurl have been addressed with HPE iMC PLAT and other HP and H3C products using Comware 7. The vulnerabilities could be exploited remotely resulting in unauthorized access.
References:
- CVE-2015-3143
- CVE-2015-3148
- SSRT102110
- PSRT110028
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION below for a list of impacted products.
Note: all product versions are impacted prior to the fixed versions listed.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-3143 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2015-3148 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION HPE has released the following software updates to resolve the vulnerabilities in Comware 7 and iMC Plat.
COMWARE 7 Products
- 12500 (Comware 7) R7375
- HP Network Products
- JC085A HP A12518 Switch Chassis
- JC086A HP A12508 Switch Chassis
- JC652A HP 12508 DC Switch Chassis
- JC653A HP 12518 DC Switch Chassis
- JC654A HP 12504 AC Switch Chassis
- JC655A HP 12504 DC Switch Chassis
- JF430A HP A12518 Switch Chassis
- JF430B HP 12518 Switch Chassis
- JF430C HP 12518 AC Switch Chassis
- JF431A HP A12508 Switch Chassis
- JF431B HP 12508 Switch Chassis
- JF431C HP 12508 AC Switch Chassis
- JC072B HP 12500 Main Processing Unit
- JG497A HP 12500 MPU w/Comware V7 OS
- JG782A HP FF 12508E AC Switch Chassis
- JG783A HP FF 12508E DC Switch Chassis
- JG784A HP FF 12518E AC Switch Chassis
- JG785A HP FF 12518E DC Switch Chassis
- JG802A HP FF 12500E MPU
- JG836A HP FlexFabric 12518E AC Switch TAA-compliant Chassis
- JG834A HP FlexFabric 12508E AC Switch TAA-compliant Chassis
- JG835A HP FlexFabric 12508E DC Switch TAA-compliant Chassis
- JG837A HP FlexFabric 12518E DC Switch TAA-compliant Chassis
- JG803A HP FlexFabric 12500E TAA-compliant Main Processing Unit
- JG796A HP FlexFabric 12500 48-port 10GbE SFP+ FD Module
- JG790A HP FlexFabric 12500 16-port 40GbE QSFP+ FD Module
- JG794A HP FlexFabric 12500 40-port 10GbE SFP+ FG Module
- JG792A HP FlexFabric 12500 40-port 10GbE SFP+ FD Module
- JG788A HP FlexFabric 12500 4-port 100GbE CFP FG Module
- JG786A HP FlexFabric 12500 4-port 100GbE CFP FD Module
- JG797A HP FlexFabric 12500 48-port 10GbE SFP+ FD TAA-compliant Module
- JG791A HP FlexFabric 12500 16-port 40GbE QSFP+ FD TAA-compliant Module
- JG795A HP FlexFabric 12500 40-port 10GbE SFP+ FG TAA-compliant Module
- JG793A HP FlexFabric 12500 40-port 10GbE SFP+ FD TAA-compliant Module
- JG789A HP FlexFabric 12500 4-port 100GbE CFP FG TAA-compliant Module
- JG787A HP FlexFabric 12500 4-port 100GbE CFP FD TAA-compliant Module
- JG798A HP FlexFabric 12508E Fabric Module
- H3C Products
- H3C S12508 Routing Switch (AC-1) (0235A0GE)
- H3C S12518 Routing Switch (AC-1) (0235A0GF)
- H3C S12508 Chassis (0235A0E6)
- H3C S12508 Chassis (0235A38N)
- H3C S12518 Chassis (0235A0E7)
- H3C S12518 Chassis (0235A38M)
- H3C 12508 DC Switch Chassis (0235A38L)
- H3C 12518 DC Switch Chassis (0235A38K)
- 10500 (Comware 7) R7168
- HP Network Products
- JC611A HP 10508-V Switch Chassis
- JC612A HP 10508 Switch Chassis
- JC613A HP 10504 Switch Chassis
- JC748A HP 10512 Switch Chassis
- JG820A HP 10504 TAA Switch Chassis
- JG821A HP 10508 TAA Switch Chassis
- JG822A HP 10508-V TAA Switch Chassis
- JG823A HP 10512 TAA Switch Chassis
- JG496A HP 10500 Type A MPU w/Comware v7 OS
- JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
- JH191A HP 10500 44-port GbE(SFP,LC)/ 4-port 10GbE SFP+ (SFP+,LC) SE Module
- JH192A HP 10500 48-port Gig-T (RJ45) SE Module
- JH193A HP 10500 16-port 10GbE SFP+ (SFP+,LC) SF Module
- JH194A HP 10500 24-port 10GbE SFP+ (SFP+,LC) EC Module
- JH195A HP 10500 6-port 40GbE QSFP+ EC Module
- JH196A HP 10500 2-port 100GbE CFP EC Module
- JH197A HP 10500 48-port 10GbE SFP+ (SFP+,LC) SG Module
- 12900 (Comware 7) R1137
- HP Network Products
- JG619A HP FlexFabric 12910 Switch AC Chassis
- JG621A HP FlexFabric 12910 Main Processing Unit
- JG632A HP FlexFabric 12916 Switch AC Chassis
- JG634A HP FlexFabric 12916 Main Processing Unit
- JH104A HP FlexFabric 12900E Main Processing Unit
- JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
- JH263A HP FlexFabric 12904E Main Processing Unit
- JH255A HP FlexFabric 12908E Switch Chassis
- JH262A HP FlexFabric 12904E Switch Chassis
- JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
- JH103A HP FlexFabric 12916E Switch Chassis
- 5900 (Comware 7) R2422P01
- HP Network Products
- JC772A HP 5900AF-48XG-4QSFP+ Switch
- JG336A HP 5900AF-48XGT-4QSFP+ Switch
- JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
- JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
- JG838A HP FF 5900CP-48XG-4QSFP+ Switch
- JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
- JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
- JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
- 5920 (Comware 7) R2422P01
- HP Network Products
- JG296A HP 5920AF-24XG Switch
- JG555A HP 5920AF-24XG TAA Switch
- MSR1000 (Comware 7) R0304P04
- HP Network Products
- JG875A HP MSR1002-4 AC Router
- JH060A HP MSR1003-8S AC Router
- MSR2000 (Comware 7) R0304P04
- HP Network Products
- JG411A HP MSR2003 AC Router
- JG734A HP MSR2004-24 AC Router
- JG735A HP MSR2004-48 Router
- JG866A HP MSR2003 TAA-compliant AC Router
- MSR3000 (Comware 7) R0304P04
- HP Network Products
- JG404A HP MSR3064 Router
- JG405A HP MSR3044 Router
- JG406A HP MSR3024 AC Router
- JG407A HP MSR3024 DC Router
- JG408A HP MSR3024 PoE Router
- JG409A HP MSR3012 AC Router
- JG410A HP MSR3012 DC Router
- JG861A HP MSR3024 TAA-compliant AC Router
- MSR4000 (Comware 7) R0304P04
- HP Network Products
- JG402A HP MSR4080 Router Chassis
- JG403A HP MSR4060 Router Chassis
- JG412A HP MSR4000 MPU-100 Main Processing Unit
- JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
- VSR (Comware 7) E0321
- HP Network Products
- JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
- JG811AAE HP VSR1001 Comware 7 Virtual Services Router
- JG812AAE HP VSR1004 Comware 7 Virtual Services Router
- JG813AAE HP VSR1008 Comware 7 Virtual Services Router
- 7900 (Comware 7) R2137
- HP Network Products
- JG682A HP FlexFabric 7904 Switch Chassis
- JG841A HP FlexFabric 7910 Switch Chassis
- JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
- JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
- JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
- JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
- JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
- JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
- 5130 (Comware 7) R3109P09
- HP Network Products
- JG932A HP 5130-24G-4SFP+ EI Switch
- JG933A HP 5130-24G-SFP-4SFP+ EI Switch
- JG934A HP 5130-48G-4SFP+ EI Switch
- JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
- JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
- JG975A HP 5130-24G-4SFP+ EI Brazil Switch
- JG976A HP 5130-48G-4SFP+ EI Brazil Switch
- JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
- JG938A HP 5130-24G-2SFP+-2XGT EI Switch
- JG939A HP 5130-48G-2SFP+-2XGT EI Switch
- JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
- JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
- 5700 (Comware 7) R2422P01
- HP Network Products
- JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
- JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
- JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
- JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
- JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
- JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
- 5930 (Comware 7) R2422P01
- HP Network Products
- JG726A HP FlexFabric 5930 32QSFP+ Switch
- JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
- JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
- JH179A HP FlexFabric 5930 4-slot Switch
- JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
- JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
- HSR6602 (Comware 7) R7103P05
- HP Network Products
- JG353A HP HSR6602-G Router
- JG354A HP HSR6602-XG Router
- JG776A HP HSR6602-G TAA-compliant Router
- JG777A HP HSR6602-XG TAA-compliant Router
- HSR6800 (Comware 7) R7103P05
- HP Network Products
- JG361A HP HSR6802 Router Chassis
- JG361B HP HSR6802 Router Chassis
- JG362A HP HSR6804 Router Chassis
- JG362B HP HSR6804 Router Chassis
- JG363A HP HSR6808 Router Chassis
- JG363B HP HSR6808 Router Chassis
- JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
- JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
- JH075A) HP HSR6800 RSE-X3 Router Main Processing Unit
- 1950 R3109P09
- HP Network Products
- JG960A HP 1950-24G-4XG Switch
- JG961A HP 1950-48G-2SFP+-2XGT Switch
- JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
- JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
iMC
- iMC Plat iMC Plat 7.1 (E0303P13)
- HP Network Products
- JD125A HP IMC Std S/W Platform w/100-node
- JD126A HP IMC Ent S/W Platform w/100-node
- JD808A HP IMC Ent Platform w/100-node License
- JD814A HP A-IMC Enterprise Edition Software DVD Media
- JD815A HP IMC Std Platform w/100-node License
- JD816A HP A-IMC Standard Edition Software DVD Media
- JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
- JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
- JF377A HP IMC Std S/W Platform w/100-node Lic
- JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
- JF378A HP IMC Ent S/W Platform w/200-node Lic
- JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
- JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
- JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
- JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
- JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU
- JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU
- JG659AAE HP IMC Smart Connect VAE E-LTU
- JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU
- JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
- JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
- JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU
- JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU
- JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
HISTORY Version:1 (rev.1) - 19 February 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. 7) - x86_64
-
(BZ#1154060)
-
TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl. (BZ#1170339)
-
FTP operations such as downloading files took a significantly long time to complete. Now, the FTP implementation in libcurl correctly sets blocking direction and estimated timeout for connections, resulting in faster FTP transfers. (BZ#1066065)
-
The libcurl library did not implement a non-blocking SSL handshake, which negatively affected performance of applications based on the libcurl multi API. The non-blocking SSL handshake has been implemented in libcurl, and the libcurl multi API now immediately returns the control back to the application whenever it cannot read or write data from or to the underlying network socket. (BZ#1091429)
-
The libcurl library used an unnecessarily long blocking delay for actions with no active file descriptors, even for short operations. Some actions, such as resolving a host name using /etc/hosts, took a long time to complete. The blocking code in libcurl has been modified so that the initial delay is short and gradually increases until an event occurs.
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/curl-7.45.0-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3237 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.45.0-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.45.0-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.45.0-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.45.0-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.45.0-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.45.0-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.45.0-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.45.0-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.45.0-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.45.0-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.45.0-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.45.0-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: e9307566f43c3c12ac72f12cea688741 curl-7.45.0-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 5fe5a7733ce969f8f468c6b03cf6b1f7 curl-7.45.0-x86_64-1_slack13.0.txz
Slackware 13.1 package: 9d3d5ccbae7284c84c4667885bf9fd0d curl-7.45.0-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 7e7f04d3de8d34b8b082729ceaa53ba9 curl-7.45.0-x86_64-1_slack13.1.txz
Slackware 13.37 package: 00bd418a8607ea74d1986c08d5358052 curl-7.45.0-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 23e7da7ab6846fed5d18b5f5399ac400 curl-7.45.0-x86_64-1_slack13.37.txz
Slackware 14.0 package: 76f010b92c755f16f19840723d845e21 curl-7.45.0-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: daf0b67147a50e44d89f8852632fcdf7 curl-7.45.0-x86_64-1_slack14.0.txz
Slackware 14.1 package: 8c2a5796d4a4ce840a767423667eb97b curl-7.45.0-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 763157115101b63867217707ff4a9021 curl-7.45.0-x86_64-1_slack14.1.txz
Slackware -current package: 0c2d192aff4af6f74281a1d724d31ce3 n/curl-7.45.0-i586-1.txz
Slackware x86_64 -current package: 4791e2bb2afd43ec0642d94e22259e81 n/curl-7.45.0-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg curl-7.45.0-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: curl security, bug fix, and enhancement update Advisory ID: RHSA-2015:1254-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1254.html Issue date: 2015-07-22 Updated on: 2014-12-15 CVE Names: CVE-2014-3613 CVE-2014-3707 CVE-2014-8150 CVE-2015-3143 CVE-2015-3148 =====================================================================
- Summary:
Updated curl packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. (CVE-2014-3613)
A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory. (CVE-2014-3707)
It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests. (CVE-2014-8150)
It was discovered that libcurl implemented aspects of the NTLM and Negotatiate authentication incorrectly. If an application uses libcurl and the affected mechanisms in a specifc way, certain requests to a previously NTLM-authenticated server could appears as sent by the wrong authenticated user. Additionally, the initial set of credentials for HTTP Negotiate-authenticated requests could be reused in subsequent requests, although a different set of credentials was specified. (CVE-2015-3143, CVE-2015-3148)
Red Hat would like to thank the cURL project for reporting these issues.
Bug fixes:
-
An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available with libcurl. Attackers could abuse the fallback to force downgrade of the SSL version. The fallback has been removed from libcurl. Users requiring this functionality can explicitly enable SSLv3.0 through the libcurl API. (BZ#1154059)
-
A single upload transfer through the FILE protocol opened the destination file twice. If the inotify kernel subsystem monitored the file, two events were produced unnecessarily. The file is now opened only once per upload. (BZ#883002)
-
Utilities using libcurl for SCP/SFTP transfers could terminate unexpectedly when the system was running in FIPS mode. (BZ#1008178)
-
Using the "--retry" option with the curl utility could cause curl to terminate unexpectedly with a segmentation fault. Now, adding "--retry" no longer causes curl to crash. (BZ#1009455)
-
The "curl --trace-time" command did not use the correct local time when printing timestamps. Now, "curl --trace-time" works as expected. (BZ#1120196)
-
The valgrind utility could report dynamically allocated memory leaks on curl exit. Now, curl performs a global shutdown of the NetScape Portable Runtime (NSPR) library on exit, and valgrind no longer reports the memory leaks. (BZ#1146528)
-
Previously, libcurl returned an incorrect value of the CURLINFO_HEADER_SIZE field when a proxy server appended its own headers to the HTTP response. Now, the returned value is valid. (BZ#1161163)
Enhancements:
-
The "--tlsv1.0", "--tlsv1.1", and "--tlsv1.2" options are available for specifying the minor version of the TLS protocol to be negotiated by NSS. The "--tlsv1" option now negotiates the highest version of the TLS protocol supported by both the client and the server. (BZ#1012136)
-
It is now possible to explicitly enable or disable the ECC and the new AES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)
All curl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
835898 - Bug in DNS cache causes connections until restart of libcurl-using processes 883002 - curl used with file:// protocol opens and closes a destination file twice 997185 - sendrecv.c example incorrect type for sockfd 1008178 - curl scp download fails in fips mode 1011083 - CA certificate cannot be specified by nickname [documentation bug] 1011101 - manpage typos found using aspell 1058767 - curl does not support ECDSA certificates 1104160 - Link in curl man page is wrong 1136154 - CVE-2014-3613 curl: incorrect handling of IP addresses in cookie domain 1154059 - curl: Disable out-of-protocol fallback to SSL 3.0 1154747 - NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth 1154941 - CVE-2014-3707 curl: incorrect handle duplication after COPYPOSTFIELDS 1156422 - curl does not allow explicit control of DHE ciphers 1161163 - Response headers added by proxy servers missing in CURLINFO_HEADER_SIZE 1168137 - curl closes connection after HEAD request fails 1178692 - CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn() 1213306 - CVE-2015-3143 curl: re-using authenticated connection when unauthenticated 1213351 - CVE-2015-3148 curl: Negotiate not treated as connection-oriented
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: curl-7.19.7-46.el6.src.rpm
i386: curl-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.i686.rpm
x86_64: curl-7.19.7-46.el6.x86_64.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: curl-debuginfo-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.i686.rpm
x86_64: curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-devel-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: curl-7.19.7-46.el6.src.rpm
x86_64: curl-7.19.7-46.el6.x86_64.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-devel-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: curl-7.19.7-46.el6.src.rpm
i386: curl-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.i686.rpm
ppc64: curl-7.19.7-46.el6.ppc64.rpm curl-debuginfo-7.19.7-46.el6.ppc.rpm curl-debuginfo-7.19.7-46.el6.ppc64.rpm libcurl-7.19.7-46.el6.ppc.rpm libcurl-7.19.7-46.el6.ppc64.rpm libcurl-devel-7.19.7-46.el6.ppc.rpm libcurl-devel-7.19.7-46.el6.ppc64.rpm
s390x: curl-7.19.7-46.el6.s390x.rpm curl-debuginfo-7.19.7-46.el6.s390.rpm curl-debuginfo-7.19.7-46.el6.s390x.rpm libcurl-7.19.7-46.el6.s390.rpm libcurl-7.19.7-46.el6.s390x.rpm libcurl-devel-7.19.7-46.el6.s390.rpm libcurl-devel-7.19.7-46.el6.s390x.rpm
x86_64: curl-7.19.7-46.el6.x86_64.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.x86_64.rpm libcurl-devel-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: curl-7.19.7-46.el6.src.rpm
i386: curl-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.i686.rpm
x86_64: curl-7.19.7-46.el6.x86_64.rpm curl-debuginfo-7.19.7-46.el6.i686.rpm curl-debuginfo-7.19.7-46.el6.x86_64.rpm libcurl-7.19.7-46.el6.i686.rpm libcurl-7.19.7-46.el6.x86_64.rpm libcurl-devel-7.19.7-46.el6.i686.rpm libcurl-devel-7.19.7-46.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-3613 https://access.redhat.com/security/cve/CVE-2014-3707 https://access.redhat.com/security/cve/CVE-2014-8150 https://access.redhat.com/security/cve/CVE-2015-3143 https://access.redhat.com/security/cve/CVE-2015-3148 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFVrzSJXlSAg2UNWIIRAnEiAJ9xqOogsAzooomZ4VeMgA+gUwEuTwCfTzMn emWApg/iYw5vIs3rWoqmU7A= =p+Xb -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148 http://advisories.mageia.org/MGASA-2015-0179.html
Updated Packages:
Mandriva Business Server 1/X86_64: fd3f4894f5c5215c29b84d70f2c6ada2 mbs1/x86_64/curl-7.24.0-3.9.mbs1.x86_64.rpm a00d0747b4d6ae22475948119a42efc4 mbs1/x86_64/curl-examples-7.24.0-3.9.mbs1.x86_64.rpm d5291ae320dd5766e4b981ff66b36e19 mbs1/x86_64/lib64curl4-7.24.0-3.9.mbs1.x86_64.rpm 62d5295190433ca4ff7d2cda746d6b16 mbs1/x86_64/lib64curl-devel-7.24.0-3.9.mbs1.x86_64.rpm 5bcf6538291f947870a9ccfe62c9ea6d mbs1/SRPMS/curl-7.24.0-3.9.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0150",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "curl",
"scope": "eq",
"trust": 1.6,
"vendor": "haxx",
"version": "7.28.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.6,
"vendor": "haxx",
"version": "7.12.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.6,
"vendor": "haxx",
"version": "7.13.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.6,
"vendor": "haxx",
"version": "7.16.3"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.6,
"vendor": "haxx",
"version": "7.13.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.6,
"vendor": "haxx",
"version": "7.12.2"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.6,
"vendor": "haxx",
"version": "7.16.2"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.6,
"vendor": "haxx",
"version": "7.13.2"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.6,
"vendor": "haxx",
"version": "7.12.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.20.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.21.4"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.33.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.13.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.32.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.37.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.21.6"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.18.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.19.3"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.34.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.11.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.21.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.23.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.21.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.18.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.3"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.15.5"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.16.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.11.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.19.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.35.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.24.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.28.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.20.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.36.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.15.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.21.2"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.17.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.15.4"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.19.4"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.16.2"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.38.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.31.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.14.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.41.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.10.6"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.25.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.19.6"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.13.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.21.3"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.15.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.19.7"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.23.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.10.8"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.26.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.10.7"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.12.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.29.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.14.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.15.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.12.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "22"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.16.4"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.37.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.21.5"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.19.5"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.22.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.17.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.40.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.11.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.19.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.14.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.18.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.39.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.19.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.30.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.4"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.16.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.20.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.21.4"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.21.6"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.21.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.15.3"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.33.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.32.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.37.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.19.3"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.23.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.34.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.11.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.18.2"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.16.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.11.2"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.19.2"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.35.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "21"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.12.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.13.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.15.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.36.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.21.7"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.21.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.24.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.28.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.27.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.15.4"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.20.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.16.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.15.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.28.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.31.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.17.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.19.4"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.41.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.38.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.10.6"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.25.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.15.3"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.21.3"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.10"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.15.2"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.19.7"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.19.6"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.12.3"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.23.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.39"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.10.8"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.18.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.29.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.04"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.26.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.10.7"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.21.7"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.14.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.21.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.16.4"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.27.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.37.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.19.5"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.22.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.15.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.16.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.12.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.40.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.19.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.21.5"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.17.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.19.1"
},
{
"model": "system management homepage",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "7.5.3.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.30.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.11.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.18.1"
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": "eq",
"trust": 0.8,
"vendor": "debian",
"version": "7.0"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "curl",
"scope": "eq",
"trust": 0.8,
"vendor": "haxx",
"version": "7.10.6 to 7.41.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.8,
"vendor": "haxx",
"version": "7.10.6 to 7.41.0"
},
{
"model": "opensuse",
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.4"
},
{
"model": "comware",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "hpe intelligent management center plat",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "system management homepage",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.6,
"vendor": "novell",
"version": "13.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002487"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-503"
},
{
"db": "NVD",
"id": "CVE-2015-3148"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:canonical:ubuntu",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:haxx:curl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:haxx:libcurl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:opensuse_project:opensuse",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:comware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:intelligent_management_center_platform",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:system_management_homepage",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002487"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "134443"
},
{
"db": "PACKETSTORM",
"id": "132792"
}
],
"trust": 0.2
},
"cve": "CVE-2015-3148",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-3148",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-81109",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-3148",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-3148",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-503",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-81109",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-3148",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81109"
},
{
"db": "VULMON",
"id": "CVE-2015-3148"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002487"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-503"
},
{
"db": "NVD",
"id": "CVE-2015-3148"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlA third party can connect as another user via a request. Both Haxx curl and libcurl are products of the Swedish company Haxx. ============================================================================\nUbuntu Security Notice USN-2591-1\nApril 30, 2015\n\ncurl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nParas Sethia discovered that curl could incorrectly re-use NTLM HTTP\ncredentials when subsequently connecting to the same host over HTTP. \n(CVE-2015-3143)\n\nHanno B=C3=B6ck discovered that curl incorrectly handled zero-length host names. \nIf a user or automated system were tricked into using a specially crafted\nhost name, an attacker could possibly use this issue to cause curl to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. \nIf a user or automated system were tricked into parsing a specially crafted\ncookie, an attacker could possibly use this issue to cause curl to crash,\nresulting in a denial of service, or possibly execute arbitrary code. This\nissue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3148)\n\nYehezkel Horowitz and Oren Souroujon discovered that curl sent HTTP headers\nboth to servers and proxies by default, contrary to expectations. This\nissue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3153)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n libcurl3 7.38.0-3ubuntu2.2\n libcurl3-gnutls 7.38.0-3ubuntu2.2\n libcurl3-nss 7.38.0-3ubuntu2.2\n\nUbuntu 14.10:\n libcurl3 7.37.1-1ubuntu3.4\n libcurl3-gnutls 7.37.1-1ubuntu3.4\n libcurl3-nss 7.37.1-1ubuntu3.4\n\nUbuntu 14.04 LTS:\n libcurl3 7.35.0-1ubuntu2.5\n libcurl3-gnutls 7.35.0-1ubuntu2.5\n libcurl3-nss 7.35.0-1ubuntu2.5\n\nUbuntu 12.04 LTS:\n libcurl3 7.22.0-3ubuntu4.14\n libcurl3-gnutls 7.22.0-3ubuntu4.14\n libcurl3-nss 7.22.0-3ubuntu4.14\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201509-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: cURL: Multiple vulnerabilities\n Date: September 24, 2015\n Bugs: #547376, #552618\n ID: 201509-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in cURL, the worst of which\ncan allow remote attackers to cause Denial of Service condition. \n\nBackground\n==========\n\ncURL is a tool and libcurl is a library for transferring data with URL\nsyntax. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl \u003c 7.43.0 \u003e= 7.43.0\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in cURL. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll cURL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.43.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-3143\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3143\n[ 2 ] CVE-2015-3144\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3144\n[ 3 ] CVE-2015-3145\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3145\n[ 4 ] CVE-2015-3148\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3148\n[ 5 ] CVE-2015-3236\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3236\n[ 6 ] CVE-2015-3237\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3237\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201509-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. This is\n similar to the issue fixed in DSA-2849-1. \n\nCVE-2015-3144\n\n When parsing URLs with a zero-length hostname (such as \"http://:80\"),\n libcurl would try to read from an invalid memory address. This could\n allow remote attackers to cause a denial of service (crash). This\n issue only affects the upcoming stable (jessie) and unstable (sid)\n distributions. \n\nCVE-2015-3145\n\n When parsing HTTP cookies, if the parsed cookie\u0027s \"path\" element\n consists of a single double-quote, libcurl would try to write to an\n invalid heap memory address. This could allow remote attackers to\n cause a denial of service (crash). This issue only affects the\n upcoming stable (jessie) and unstable (sid) distributions. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 7.26.0-1+wheezy13. \n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 7.38.0-4+deb8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.42.0-1. \n\nWe recommend that you upgrade your curl packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c04986859\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04986859\nVersion: 1\n\nHPSBHF03544 rev.1 - HPE iMC PLAT and other HP and H3C products using Comware\n7 and cURL, Remote Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-02-19\nLast Updated: 2016-02-19\n\nPotential Security Impact: Remote Unauthorized Access\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities in cURL and libcurl have been addressed\nwith HPE iMC PLAT and other HP and H3C products using Comware 7. The\nvulnerabilities could be exploited remotely resulting in unauthorized access. \n\nReferences:\n\n - CVE-2015-3143\n - CVE-2015-3148\n - SSRT102110\n - PSRT110028\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nPlease refer to the RESOLUTION\n below for a list of impacted products. \n\nNote: all product versions are impacted prior to the fixed versions listed. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-3143 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\nCVE-2015-3148 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\nHPE has released the following software updates to resolve the\nvulnerabilities in Comware 7 and iMC Plat. \n\n**COMWARE 7 Products**\n\n + 12500 (Comware 7) R7375\n * HP Network Products\n - JC085A HP A12518 Switch Chassis\n - JC086A HP A12508 Switch Chassis\n - JC652A HP 12508 DC Switch Chassis\n - JC653A HP 12518 DC Switch Chassis\n - JC654A HP 12504 AC Switch Chassis\n - JC655A HP 12504 DC Switch Chassis\n - JF430A HP A12518 Switch Chassis\n - JF430B HP 12518 Switch Chassis\n - JF430C HP 12518 AC Switch Chassis\n - JF431A HP A12508 Switch Chassis\n - JF431B HP 12508 Switch Chassis\n - JF431C HP 12508 AC Switch Chassis\n - JC072B HP 12500 Main Processing Unit\n - JG497A HP 12500 MPU w/Comware V7 OS\n - JG782A HP FF 12508E AC Switch Chassis\n - JG783A HP FF 12508E DC Switch Chassis\n - JG784A HP FF 12518E AC Switch Chassis\n - JG785A HP FF 12518E DC Switch Chassis\n - JG802A HP FF 12500E MPU\n - JG836A HP FlexFabric 12518E AC Switch TAA-compliant Chassis\n - JG834A HP FlexFabric 12508E AC Switch TAA-compliant Chassis\n - JG835A HP FlexFabric 12508E DC Switch TAA-compliant Chassis\n - JG837A HP FlexFabric 12518E DC Switch TAA-compliant Chassis\n - JG803A HP FlexFabric 12500E TAA-compliant Main Processing Unit\n - JG796A HP FlexFabric 12500 48-port 10GbE SFP+ FD Module\n - JG790A HP FlexFabric 12500 16-port 40GbE QSFP+ FD Module\n - JG794A HP FlexFabric 12500 40-port 10GbE SFP+ FG Module\n - JG792A HP FlexFabric 12500 40-port 10GbE SFP+ FD Module\n - JG788A HP FlexFabric 12500 4-port 100GbE CFP FG Module\n - JG786A HP FlexFabric 12500 4-port 100GbE CFP FD Module\n - JG797A HP FlexFabric 12500 48-port 10GbE SFP+ FD TAA-compliant Module\n - JG791A HP FlexFabric 12500 16-port 40GbE QSFP+ FD TAA-compliant\nModule\n - JG795A HP FlexFabric 12500 40-port 10GbE SFP+ FG TAA-compliant Module\n - JG793A HP FlexFabric 12500 40-port 10GbE SFP+ FD TAA-compliant Module\n - JG789A HP FlexFabric 12500 4-port 100GbE CFP FG TAA-compliant Module\n - JG787A HP FlexFabric 12500 4-port 100GbE CFP FD TAA-compliant Module\n - JG798A HP FlexFabric 12508E Fabric Module\n * H3C Products\n - H3C S12508 Routing Switch (AC-1) (0235A0GE)\n - H3C S12518 Routing Switch (AC-1) (0235A0GF)\n - H3C S12508 Chassis (0235A0E6)\n - H3C S12508 Chassis (0235A38N)\n - H3C S12518 Chassis (0235A0E7)\n - H3C S12518 Chassis (0235A38M)\n - H3C 12508 DC Switch Chassis (0235A38L)\n - H3C 12518 DC Switch Chassis (0235A38K)\n + 10500 (Comware 7) R7168\n * HP Network Products\n - JC611A HP 10508-V Switch Chassis\n - JC612A HP 10508 Switch Chassis\n - JC613A HP 10504 Switch Chassis\n - JC748A HP 10512 Switch Chassis\n - JG820A HP 10504 TAA Switch Chassis\n - JG821A HP 10508 TAA Switch Chassis\n - JG822A HP 10508-V TAA Switch Chassis\n - JG823A HP 10512 TAA Switch Chassis\n - JG496A HP 10500 Type A MPU w/Comware v7 OS\n - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n - JH191A HP 10500 44-port GbE(SFP,LC)/ 4-port 10GbE SFP+ (SFP+,LC) SE\nModule\n - JH192A HP 10500 48-port Gig-T (RJ45) SE Module\n - JH193A HP 10500 16-port 10GbE SFP+ (SFP+,LC) SF Module\n - JH194A HP 10500 24-port 10GbE SFP+ (SFP+,LC) EC Module\n - JH195A HP 10500 6-port 40GbE QSFP+ EC Module\n - JH196A HP 10500 2-port 100GbE CFP EC Module\n - JH197A HP 10500 48-port 10GbE SFP+ (SFP+,LC) SG Module\n + 12900 (Comware 7) R1137\n * HP Network Products\n - JG619A HP FlexFabric 12910 Switch AC Chassis\n - JG621A HP FlexFabric 12910 Main Processing Unit\n - JG632A HP FlexFabric 12916 Switch AC Chassis\n - JG634A HP FlexFabric 12916 Main Processing Unit\n - JH104A HP FlexFabric 12900E Main Processing Unit\n - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n - JH263A HP FlexFabric 12904E Main Processing Unit\n - JH255A HP FlexFabric 12908E Switch Chassis\n - JH262A HP FlexFabric 12904E Switch Chassis\n - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n - JH103A HP FlexFabric 12916E Switch Chassis\n + 5900 (Comware 7) R2422P01\n * HP Network Products\n - JC772A HP 5900AF-48XG-4QSFP+ Switch\n - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n + 5920 (Comware 7) R2422P01\n * HP Network Products\n - JG296A HP 5920AF-24XG Switch\n - JG555A HP 5920AF-24XG TAA Switch\n + MSR1000 (Comware 7) R0304P04\n * HP Network Products\n - JG875A HP MSR1002-4 AC Router\n - JH060A HP MSR1003-8S AC Router\n + MSR2000 (Comware 7) R0304P04\n * HP Network Products\n - JG411A HP MSR2003 AC Router\n - JG734A HP MSR2004-24 AC Router\n - JG735A HP MSR2004-48 Router\n - JG866A HP MSR2003 TAA-compliant AC Router\n + MSR3000 (Comware 7) R0304P04\n * HP Network Products\n - JG404A HP MSR3064 Router\n - JG405A HP MSR3044 Router\n - JG406A HP MSR3024 AC Router\n - JG407A HP MSR3024 DC Router\n - JG408A HP MSR3024 PoE Router\n - JG409A HP MSR3012 AC Router\n - JG410A HP MSR3012 DC Router\n - JG861A HP MSR3024 TAA-compliant AC Router\n + MSR4000 (Comware 7) R0304P04\n * HP Network Products\n - JG402A HP MSR4080 Router Chassis\n - JG403A HP MSR4060 Router Chassis\n - JG412A HP MSR4000 MPU-100 Main Processing Unit\n - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n + VSR (Comware 7) E0321\n * HP Network Products\n - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n + 7900 (Comware 7) R2137\n * HP Network Products\n - JG682A HP FlexFabric 7904 Switch Chassis\n - JG841A HP FlexFabric 7910 Switch Chassis\n - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n + 5130 (Comware 7) R3109P09\n * HP Network Products\n - JG932A HP 5130-24G-4SFP+ EI Switch\n - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n - JG934A HP 5130-48G-4SFP+ EI Switch\n - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n + 5700 (Comware 7) R2422P01\n * HP Network Products\n - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n + 5930 (Comware 7) R2422P01\n * HP Network Products\n - JG726A HP FlexFabric 5930 32QSFP+ Switch\n - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n - JH179A HP FlexFabric 5930 4-slot Switch\n - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n + HSR6602 (Comware 7) R7103P05\n * HP Network Products\n - JG353A HP HSR6602-G Router\n - JG354A HP HSR6602-XG Router\n - JG776A HP HSR6602-G TAA-compliant Router\n - JG777A HP HSR6602-XG TAA-compliant Router\n + HSR6800 (Comware 7) R7103P05\n * HP Network Products\n - JG361A HP HSR6802 Router Chassis\n - JG361B HP HSR6802 Router Chassis\n - JG362A HP HSR6804 Router Chassis\n - JG362B HP HSR6804 Router Chassis\n - JG363A HP HSR6808 Router Chassis\n - JG363B HP HSR6808 Router Chassis\n - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n - JH075A) HP HSR6800 RSE-X3 Router Main Processing Unit\n + 1950 R3109P09\n * HP Network Products\n - JG960A HP 1950-24G-4XG Switch\n - JG961A HP 1950-48G-2SFP+-2XGT Switch\n - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n\n**iMC**\n\n + iMC Plat iMC Plat 7.1 (E0303P13)\n * HP Network Products\n - JD125A HP IMC Std S/W Platform w/100-node\n - JD126A HP IMC Ent S/W Platform w/100-node\n - JD808A HP IMC Ent Platform w/100-node License\n - JD814A HP A-IMC Enterprise Edition Software DVD Media\n - JD815A HP IMC Std Platform w/100-node License\n - JD816A HP A-IMC Standard Edition Software DVD Media\n - JF288AAE HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n - JF289AAE HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n - JF377A HP IMC Std S/W Platform w/100-node Lic\n - JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU\n - JF378A HP IMC Ent S/W Platform w/200-node Lic\n - JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU\n - JG546AAE HP IMC Basic SW Platform w/50-node E-LTU\n - JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n - JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU\n - JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU\n - JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU\n - JG659AAE HP IMC Smart Connect VAE E-LTU\n - JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU\n - JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU\n - JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n - JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU\n - JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU\n - JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n\nHISTORY\nVersion:1 (rev.1) - 19 February 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. 7) - x86_64\n\n3. \n(BZ#1154060)\n\n* TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl. (BZ#1170339)\n\n* FTP operations such as downloading files took a significantly long time\nto complete. Now, the FTP implementation in libcurl correctly sets blocking\ndirection and estimated timeout for connections, resulting in faster FTP\ntransfers. (BZ#1066065)\n\n* The libcurl library did not implement a non-blocking SSL handshake, which\nnegatively affected performance of applications based on the libcurl multi\nAPI. The non-blocking SSL handshake has been implemented in libcurl, and\nthe libcurl multi API now immediately returns the control back to the\napplication whenever it cannot read or write data from or to the underlying\nnetwork socket. (BZ#1091429)\n\n* The libcurl library used an unnecessarily long blocking delay for actions\nwith no active file descriptors, even for short operations. Some actions,\nsuch as resolving a host name using /etc/hosts, took a long time to\ncomplete. The blocking code in libcurl has been modified so that the\ninitial delay is short and gradually increases until an event occurs. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/curl-7.45.0-i486-1_slack14.1.txz: Upgraded. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3236\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3237\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.45.0-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.45.0-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.45.0-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.45.0-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.45.0-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.45.0-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.45.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.45.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.45.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.45.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.45.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.45.0-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\ne9307566f43c3c12ac72f12cea688741 curl-7.45.0-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n5fe5a7733ce969f8f468c6b03cf6b1f7 curl-7.45.0-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n9d3d5ccbae7284c84c4667885bf9fd0d curl-7.45.0-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n7e7f04d3de8d34b8b082729ceaa53ba9 curl-7.45.0-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n00bd418a8607ea74d1986c08d5358052 curl-7.45.0-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n23e7da7ab6846fed5d18b5f5399ac400 curl-7.45.0-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n76f010b92c755f16f19840723d845e21 curl-7.45.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ndaf0b67147a50e44d89f8852632fcdf7 curl-7.45.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n8c2a5796d4a4ce840a767423667eb97b curl-7.45.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n763157115101b63867217707ff4a9021 curl-7.45.0-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n0c2d192aff4af6f74281a1d724d31ce3 n/curl-7.45.0-i586-1.txz\n\nSlackware x86_64 -current package:\n4791e2bb2afd43ec0642d94e22259e81 n/curl-7.45.0-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg curl-7.45.0-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: curl security, bug fix, and enhancement update\nAdvisory ID: RHSA-2015:1254-02\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-1254.html\nIssue date: 2015-07-22\nUpdated on: 2014-12-15\nCVE Names: CVE-2014-3613 CVE-2014-3707 CVE-2014-8150 \n CVE-2015-3143 CVE-2015-3148 \n=====================================================================\n\n1. Summary:\n\nUpdated curl packages that fix multiple security issues, several bugs, and\nadd two enhancements are now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nIt was found that the libcurl library did not correctly handle partial\nliteral IP addresses when parsing received HTTP cookies. An attacker able\nto trick a user into connecting to a malicious server could use this flaw\nto set the user\u0027s cookie to a crafted domain, making other cookie-related\nissues easier to exploit. (CVE-2014-3613)\n\nA flaw was found in the way the libcurl library performed the duplication\nof connection handles. If an application set the CURLOPT_COPYPOSTFIELDS\noption for a handle, using the handle\u0027s duplicate could cause the\napplication to crash or disclose a portion of its memory. (CVE-2014-3707)\n\nIt was discovered that the libcurl library failed to properly handle URLs\nwith embedded end-of-line characters. An attacker able to make an\napplication using libcurl to access a specially crafted URL via an HTTP\nproxy could use this flaw to inject additional headers to the request or\nconstruct additional requests. (CVE-2014-8150)\n\nIt was discovered that libcurl implemented aspects of the NTLM and\nNegotatiate authentication incorrectly. If an application uses libcurl\nand the affected mechanisms in a specifc way, certain requests to a\npreviously NTLM-authenticated server could appears as sent by the wrong\nauthenticated user. Additionally, the initial set of credentials for HTTP\nNegotiate-authenticated requests could be reused in subsequent requests,\nalthough a different set of credentials was specified. (CVE-2015-3143,\nCVE-2015-3148)\n\nRed Hat would like to thank the cURL project for reporting these issues. \n\nBug fixes:\n\n* An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available\nwith libcurl. Attackers could abuse the fallback to force downgrade of the\nSSL version. The fallback has been removed from libcurl. Users requiring\nthis functionality can explicitly enable SSLv3.0 through the libcurl API. \n(BZ#1154059)\n\n* A single upload transfer through the FILE protocol opened the destination\nfile twice. If the inotify kernel subsystem monitored the file, two events\nwere produced unnecessarily. The file is now opened only once per upload. \n(BZ#883002)\n\n* Utilities using libcurl for SCP/SFTP transfers could terminate\nunexpectedly when the system was running in FIPS mode. (BZ#1008178)\n\n* Using the \"--retry\" option with the curl utility could cause curl to\nterminate unexpectedly with a segmentation fault. Now, adding \"--retry\" no\nlonger causes curl to crash. (BZ#1009455)\n\n* The \"curl --trace-time\" command did not use the correct local time when\nprinting timestamps. Now, \"curl --trace-time\" works as expected. \n(BZ#1120196)\n\n* The valgrind utility could report dynamically allocated memory leaks on\ncurl exit. Now, curl performs a global shutdown of the NetScape Portable\nRuntime (NSPR) library on exit, and valgrind no longer reports the memory\nleaks. (BZ#1146528)\n\n* Previously, libcurl returned an incorrect value of the\nCURLINFO_HEADER_SIZE field when a proxy server appended its own headers to\nthe HTTP response. Now, the returned value is valid. (BZ#1161163)\n\nEnhancements:\n\n* The \"--tlsv1.0\", \"--tlsv1.1\", and \"--tlsv1.2\" options are available for\nspecifying the minor version of the TLS protocol to be negotiated by NSS. \nThe \"--tlsv1\" option now negotiates the highest version of the TLS protocol\nsupported by both the client and the server. (BZ#1012136)\n\n* It is now possible to explicitly enable or disable the ECC and the new\nAES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422)\n\nAll curl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n835898 - Bug in DNS cache causes connections until restart of libcurl-using processes\n883002 - curl used with file:// protocol opens and closes a destination file twice\n997185 - sendrecv.c example incorrect type for sockfd\n1008178 - curl scp download fails in fips mode\n1011083 - CA certificate cannot be specified by nickname [documentation bug]\n1011101 - manpage typos found using aspell\n1058767 - curl does not support ECDSA certificates\n1104160 - Link in curl man page is wrong\n1136154 - CVE-2014-3613 curl: incorrect handling of IP addresses in cookie domain\n1154059 - curl: Disable out-of-protocol fallback to SSL 3.0\n1154747 - NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth\n1154941 - CVE-2014-3707 curl: incorrect handle duplication after COPYPOSTFIELDS\n1156422 - curl does not allow explicit control of DHE ciphers\n1161163 - Response headers added by proxy servers missing in CURLINFO_HEADER_SIZE\n1168137 - curl closes connection after HEAD request fails\n1178692 - CVE-2014-8150 curl: URL request injection vulnerability in parseurlandfillconn()\n1213306 - CVE-2015-3143 curl: re-using authenticated connection when unauthenticated\n1213351 - CVE-2015-3148 curl: Negotiate not treated as connection-oriented\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\ncurl-7.19.7-46.el6.src.rpm\n\ni386:\ncurl-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\n\nx86_64:\ncurl-7.19.7-46.el6.x86_64.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\n\nx86_64:\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\ncurl-7.19.7-46.el6.src.rpm\n\nx86_64:\ncurl-7.19.7-46.el6.x86_64.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\ncurl-7.19.7-46.el6.src.rpm\n\ni386:\ncurl-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\n\nppc64:\ncurl-7.19.7-46.el6.ppc64.rpm\ncurl-debuginfo-7.19.7-46.el6.ppc.rpm\ncurl-debuginfo-7.19.7-46.el6.ppc64.rpm\nlibcurl-7.19.7-46.el6.ppc.rpm\nlibcurl-7.19.7-46.el6.ppc64.rpm\nlibcurl-devel-7.19.7-46.el6.ppc.rpm\nlibcurl-devel-7.19.7-46.el6.ppc64.rpm\n\ns390x:\ncurl-7.19.7-46.el6.s390x.rpm\ncurl-debuginfo-7.19.7-46.el6.s390.rpm\ncurl-debuginfo-7.19.7-46.el6.s390x.rpm\nlibcurl-7.19.7-46.el6.s390.rpm\nlibcurl-7.19.7-46.el6.s390x.rpm\nlibcurl-devel-7.19.7-46.el6.s390.rpm\nlibcurl-devel-7.19.7-46.el6.s390x.rpm\n\nx86_64:\ncurl-7.19.7-46.el6.x86_64.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.x86_64.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\ncurl-7.19.7-46.el6.src.rpm\n\ni386:\ncurl-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\n\nx86_64:\ncurl-7.19.7-46.el6.x86_64.rpm\ncurl-debuginfo-7.19.7-46.el6.i686.rpm\ncurl-debuginfo-7.19.7-46.el6.x86_64.rpm\nlibcurl-7.19.7-46.el6.i686.rpm\nlibcurl-7.19.7-46.el6.x86_64.rpm\nlibcurl-devel-7.19.7-46.el6.i686.rpm\nlibcurl-devel-7.19.7-46.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3613\nhttps://access.redhat.com/security/cve/CVE-2014-3707\nhttps://access.redhat.com/security/cve/CVE-2014-8150\nhttps://access.redhat.com/security/cve/CVE-2015-3143\nhttps://access.redhat.com/security/cve/CVE-2015-3148\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVrzSJXlSAg2UNWIIRAnEiAJ9xqOogsAzooomZ4VeMgA+gUwEuTwCfTzMn\nemWApg/iYw5vIs3rWoqmU7A=\n=p+Xb\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148\n http://advisories.mageia.org/MGASA-2015-0179.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n fd3f4894f5c5215c29b84d70f2c6ada2 mbs1/x86_64/curl-7.24.0-3.9.mbs1.x86_64.rpm\n a00d0747b4d6ae22475948119a42efc4 mbs1/x86_64/curl-examples-7.24.0-3.9.mbs1.x86_64.rpm\n d5291ae320dd5766e4b981ff66b36e19 mbs1/x86_64/lib64curl4-7.24.0-3.9.mbs1.x86_64.rpm\n 62d5295190433ca4ff7d2cda746d6b16 mbs1/x86_64/lib64curl-devel-7.24.0-3.9.mbs1.x86_64.rpm \n 5bcf6538291f947870a9ccfe62c9ea6d mbs1/SRPMS/curl-7.24.0-3.9.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3148"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002487"
},
{
"db": "VULHUB",
"id": "VHN-81109"
},
{
"db": "VULMON",
"id": "CVE-2015-3148"
},
{
"db": "PACKETSTORM",
"id": "131699"
},
{
"db": "PACKETSTORM",
"id": "133700"
},
{
"db": "PACKETSTORM",
"id": "131588"
},
{
"db": "PACKETSTORM",
"id": "135878"
},
{
"db": "PACKETSTORM",
"id": "134443"
},
{
"db": "PACKETSTORM",
"id": "134138"
},
{
"db": "PACKETSTORM",
"id": "132792"
},
{
"db": "PACKETSTORM",
"id": "131726"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3148",
"trust": 3.4
},
{
"db": "BID",
"id": "74301",
"trust": 1.2
},
{
"db": "SECTRACK",
"id": "1032232",
"trust": 1.2
},
{
"db": "JUNIPER",
"id": "JSA10743",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002487",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-503",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.0637",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-81109",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-3148",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131699",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133700",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131588",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135878",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134443",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134138",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132792",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131726",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81109"
},
{
"db": "VULMON",
"id": "CVE-2015-3148"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002487"
},
{
"db": "PACKETSTORM",
"id": "131699"
},
{
"db": "PACKETSTORM",
"id": "133700"
},
{
"db": "PACKETSTORM",
"id": "131588"
},
{
"db": "PACKETSTORM",
"id": "135878"
},
{
"db": "PACKETSTORM",
"id": "134443"
},
{
"db": "PACKETSTORM",
"id": "134138"
},
{
"db": "PACKETSTORM",
"id": "132792"
},
{
"db": "PACKETSTORM",
"id": "131726"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-503"
},
{
"db": "NVD",
"id": "CVE-2015-3148"
}
]
},
"id": "VAR-201504-0150",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81109"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T20:00:21.820000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT205031"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT205031"
},
{
"title": "DSA-3232",
"trust": 0.8,
"url": "https://www.debian.org/security/2015/dsa-3232"
},
{
"title": "FEDORA-2015-6695",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html"
},
{
"title": "FEDORA-2015-6728",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html"
},
{
"title": "FEDORA-2015-6853",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html"
},
{
"title": "FEDORA-2015-6864",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html"
},
{
"title": "HPSBHF03544",
"trust": 0.8,
"url": "http://marc.info/?l=bugtraq\u0026m=145612005512270\u0026w=2"
},
{
"title": "HPSBMU03546",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"title": "openSUSE-SU-2015:0799",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html"
},
{
"title": "Negotiate not treated as connection-oriented",
"trust": 0.8,
"url": "http://curl.haxx.se/docs/adv_20150422B.html"
},
{
"title": "USN-2591-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/USN-2591-1"
},
{
"title": "curl-curl-7_42_0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55216"
},
{
"title": "curl-curl-7_42_0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55215"
},
{
"title": "Red Hat: Moderate: curl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170847 - Security Advisory"
},
{
"title": "Red Hat: Moderate: curl security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20152159 - Security Advisory"
},
{
"title": "Red Hat: CVE-2015-3148",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-3148"
},
{
"title": "Ubuntu Security Notice: curl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2591-1"
},
{
"title": "Debian Security Advisories: DSA-3232-1 curl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6e7bbc3a8db398caa606cf6110790ac9"
},
{
"title": "Amazon Linux AMI: ALAS-2015-514",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-514"
},
{
"title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-3148"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002487"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-503"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81109"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002487"
},
{
"db": "NVD",
"id": "CVE-2015-3148"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://advisories.mageia.org/mgasa-2015-0179.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/74301"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/201509-02"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1254.html"
},
{
"trust": 1.3,
"url": "http://www.ubuntu.com/usn/usn-2591-1"
},
{
"trust": 1.2,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"trust": 1.2,
"url": "http://curl.haxx.se/docs/adv_20150422b.html"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"trust": 1.2,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
},
{
"trust": 1.2,
"url": "https://support.apple.com/kb/ht205031"
},
{
"trust": 1.2,
"url": "http://www.debian.org/security/2015/dsa-3232"
},
{
"trust": 1.2,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-april/155957.html"
},
{
"trust": 1.2,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-april/156250.html"
},
{
"trust": 1.2,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157017.html"
},
{
"trust": 1.2,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157188.html"
},
{
"trust": 1.2,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/156945.html"
},
{
"trust": 1.2,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:219"
},
{
"trust": 1.2,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:220"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1032232"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=145612005512270\u0026w=2"
},
{
"trust": 1.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10743"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3148"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3148"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3148"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3143"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0637"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3144"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3145"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-3148"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3236"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-3143"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3613"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3707"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8150"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-3613"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3707"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2014-8150"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3143"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10743"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145612005512270\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/284.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2017:0847"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2591-1/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38683"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.38.0-3ubuntu2.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.37.1-1ubuntu3.4"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3153"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3144"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3145"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3143"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3237"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3236"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3148"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://:80\"),"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2015-2159.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3236"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3145"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3144"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3237"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81109"
},
{
"db": "VULMON",
"id": "CVE-2015-3148"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002487"
},
{
"db": "PACKETSTORM",
"id": "131699"
},
{
"db": "PACKETSTORM",
"id": "133700"
},
{
"db": "PACKETSTORM",
"id": "131588"
},
{
"db": "PACKETSTORM",
"id": "135878"
},
{
"db": "PACKETSTORM",
"id": "134443"
},
{
"db": "PACKETSTORM",
"id": "134138"
},
{
"db": "PACKETSTORM",
"id": "132792"
},
{
"db": "PACKETSTORM",
"id": "131726"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-503"
},
{
"db": "NVD",
"id": "CVE-2015-3148"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81109"
},
{
"db": "VULMON",
"id": "CVE-2015-3148"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002487"
},
{
"db": "PACKETSTORM",
"id": "131699"
},
{
"db": "PACKETSTORM",
"id": "133700"
},
{
"db": "PACKETSTORM",
"id": "131588"
},
{
"db": "PACKETSTORM",
"id": "135878"
},
{
"db": "PACKETSTORM",
"id": "134443"
},
{
"db": "PACKETSTORM",
"id": "134138"
},
{
"db": "PACKETSTORM",
"id": "132792"
},
{
"db": "PACKETSTORM",
"id": "131726"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-503"
},
{
"db": "NVD",
"id": "CVE-2015-3148"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-24T00:00:00",
"db": "VULHUB",
"id": "VHN-81109"
},
{
"date": "2015-04-24T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3148"
},
{
"date": "2015-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002487"
},
{
"date": "2015-04-30T15:48:24",
"db": "PACKETSTORM",
"id": "131699"
},
{
"date": "2015-09-25T06:54:51",
"db": "PACKETSTORM",
"id": "133700"
},
{
"date": "2015-04-22T20:15:37",
"db": "PACKETSTORM",
"id": "131588"
},
{
"date": "2016-02-23T05:11:25",
"db": "PACKETSTORM",
"id": "135878"
},
{
"date": "2015-11-20T00:41:15",
"db": "PACKETSTORM",
"id": "134443"
},
{
"date": "2015-10-30T23:23:03",
"db": "PACKETSTORM",
"id": "134138"
},
{
"date": "2015-07-22T17:57:59",
"db": "PACKETSTORM",
"id": "132792"
},
{
"date": "2015-05-04T17:18:17",
"db": "PACKETSTORM",
"id": "131726"
},
{
"date": "2015-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-503"
},
{
"date": "2015-04-24T14:59:11",
"db": "NVD",
"id": "CVE-2015-3148"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-81109"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3148"
},
{
"date": "2016-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002487"
},
{
"date": "2021-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-503"
},
{
"date": "2024-11-21T02:28:46.560000",
"db": "NVD",
"id": "CVE-2015-3148"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "133700"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-503"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cURL and libcurl Vulnerabilities connected as other users",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002487"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "131699"
}
],
"trust": 0.1
}
}
var-202102-1092
Vulnerability from variot
An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. GNOME GLib Is vulnerable to a conversion error between numeric types.Denial of service (DoS) It may be put into a state. Currently there is no information about this vulnerability. Please keep an eye on CNNVD or manufacturer announcements. Relevant releases/architectures:
Red Hat Enterprise Linux CRB (v. 8) - noarch
- Description:
GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.
The following packages have been upgraded to a later upstream version: mingw-glib2 (2.66.7).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1929847 - CVE-2021-27218 glib: integer overflow in g_byte_array_new_take function when called with a buffer of 4GB or more on a 64-bit platform 1929858 - CVE-2021-27219 glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits
- Package List:
Red Hat Enterprise Linux CRB (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Description:
Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1869800 - CVE-2020-8911 aws/aws-sdk-go: CBC padding oracle issue in AWS S3 Crypto SDK for golang 1869801 - CVE-2020-8912 aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto SDK for golang 1930083 - CVE-2021-3442 PT RHOAM: XSS in 3scale at various places
- Gentoo Linux Security Advisory GLSA 202107-13
https://security.gentoo.org/
Severity: Normal Title: GLib: Multiple vulnerabilities Date: July 07, 2021 Bugs: #768753, #775632 ID: 202107-13
Synopsis
Multiple vulnerabilities have been found in GLib, the worst of which could result in the arbitrary execution of code.
Background
GLib is a library providing a number of GNOME's core objects and functions.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/glib < 2.66.8 >= 2.66.8
Description
Multiple vulnerabilities have been discovered in GLib. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All GLib users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.66.8"
References
[ 1 ] CVE-2021-27218 https://nvd.nist.gov/vuln/detail/CVE-2021-27218 [ 2 ] CVE-2021-27219 https://nvd.nist.gov/vuln/detail/CVE-2021-27219 [ 3 ] CVE-2021-28153 https://nvd.nist.gov/vuln/detail/CVE-2021-28153
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202107-13
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
.
Software Description: - glib2.0: GLib library of C routines
Details:
Krzesimir Nowak discovered that GLib incorrectly handled certain large buffers. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-27218)
Kevin Backhouse discovered that GLib incorrectly handled certain memory allocations. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-27219)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: libglib2.0-0 2.66.1-2ubuntu0.1
Ubuntu 20.04 LTS: libglib2.0-0 2.64.6-1~ubuntu20.04.2
Ubuntu 18.04 LTS: libglib2.0-0 2.56.4-0ubuntu0.18.04.7
Ubuntu 16.04 LTS: libglib2.0-0 2.48.2-0ubuntu4.7
After a standard system update you need to restart your session to make all the necessary changes. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html/release_notes/
Security:
- nodejs-kind-of: ctorName in index.js allows external user input to overwrite certain internal attributes (CVE-2019-20149)
Bugs:
-
RHACM 2.3.2 images (BZ# 1991623)
-
Bugs fixed (https://bugzilla.redhat.com/):
1959721 - CVE-2019-20149 nodejs-kind-of: ctorName in index.js allows external user input to overwrite certain internal attributes 1991623 - RHACM 2.3.2 images
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: ACS 3.64 security and enhancement update Advisory ID: RHSA-2021:3146-01 Product: RHACS Advisory URL: https://access.redhat.com/errata/RHSA-2021:3146 Issue date: 2021-08-11 CVE Names: CVE-2021-27218 CVE-2021-33195 CVE-2021-33197 CVE-2021-33198 CVE-2021-34558 ==================================================================== 1. Summary:
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS).
- Red Hat Product Security has rated this update as having a "Moderate" security impact.
-
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the references section.
-
Description:
New Features The release of RHACS 3.64 provides the following new features:
- You can now use deployment and namespace annotations to define where RHACS sends the violation notifications when configuring your notifiers such as Slack, Microsoft Teams, Email, and others.
- The Red Hat Advanced Cluster Security Operator now supports the ability to allow users to set the enforcement behavior of the admission controller as part of their custom resource.
- RHACS now supports kernel modules for Ubuntu 16.04 LTS with extended security maintenance (ESM).
Security Fixes The release of RHACS 3.64 provides the following security fixes:
- golang:
netlookup functions may return invalid hostnames (CVE-2021-33195) - golang:
net/http/httputilReverseProxy forwards connection headers if the first one is empty (CVE-2021-33197) - golang:
math/big.Ratmay cause panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198) - golang:
crypto/tlscertificate of the wrong type is causing TLS client to panic (CVE-2021-34558)
For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages in the references section.
System changes The release of RHACS 3.64 includes the following system changes:
- RHACS now pre-fixes the optional security context constraint name with
stackroxto avoid global naming conflicts. - Previously, violations for
port forwardsandexecevents did not contain information about the user who performed the action that generated the events. The violations now include the user context. - The cluster init bundles contain the secrets required for internal RHACS services to communicate with each other. You can delete these to rotate secrets, which have previously sometimes caused outages. This update includes a new deletion workflow that warns about the possible impact of deletion on your environment.
-
The OpenShift compliance operator uses
rpmonly for querying, and it does not install any packages. Therefore, this update includes a policy exception for this pod by default to reduce the violations count. -
Solution:
To take advantage of these new features and changes, please upgrade Red Hat Advanced Cluster Security for Kubernetes to version 3.64
- Bugs fixed (https://bugzilla.redhat.com/):
1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents
- JIRA issues fixed (https://issues.jboss.org/):
RHACS-25 - Release RHACS 3.64
- References:
https://access.redhat.com/security/cve/CVE-2021-27218 https://access.redhat.com/security/cve/CVE-2021-33195 https://access.redhat.com/security/cve/CVE-2021-33197 https://access.redhat.com/security/cve/CVE-2021-33198 https://access.redhat.com/security/cve/CVE-2021-34558 https://docs.openshift.com/acs/release_notes/364-release-notes.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYRR/dtzjgjWX9erEAQiwMg/8DLRIyhV+QWOxDgfkSsEB7xtCZGtXtaFG xj8HX+yxGvYOCZVLNK+6CR2qhr8MI28QtU4UFhO6WlbyEByVVq6tNJV6Db/ismsX 6+JTK18O+EGEjVK4dhnuvv9+u/155X6UXe60gZxcOmHI/tIiqf7Tz4TmKMsXb02R OPpgOBOEtEEbn9HiJJ9LXiaDyjKB1vSkgLv0RS4M2nvHq9XVUjLPaBq2uroSlCYr Xcne7F2mtEkltGfL3Za4hEaywSZBD0rJe0a5GS/91m3s4SgQvFTs5g4+suBxSjFG AaLpRfMuhWxpgQqYCtTswvUcMi3wsrbNgDtZN3atRruo6RlLCVVpcrDlGRD5/fxn G2YMeSg0WAJhQdU93OYpyGBdhoVdkITjqCV0TsUSDQp77gxfiZ3f+eCybxiCmeil Apb4CypEPucVBzfEi9cCJyNxQLM4p8vzCOF0qS4xiRA9ZDrwvRbdZcjsxKhczLIb gAxLesiu7tfCqLT8Yy4CqCaMlEhSS049jhj6jzlWzRmO0rgpGQfWD1hIlixV+3Xh 4URAmkmE5CRHs6kc6tT4XIS4XcAzn3TvVrMw8yo+bZFGzFMqIvYmhBxaUyYIWdZN /5zbh8OBC2KCqHyQAcL11qnid+o2cnl4mZs+gSwqOGxx8nqKrHPtnTaa2ZMXodJI QjlOAcComy8=OnA7 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 1998818 - virt-handler Pod is missing xorrisofs command 1998983 - 4.8.2 containers 2000021 - [VMIO][RHV VM Import] 63 long char VM Name with more than 1 Disk results in DataVolumeCreationFailed 2001038 - Importer attempts to shrink an image in certain situations 2001069 - [4.8.z] Automatic size detection may not request a PVC that is large enough for an import
- Summary:
The Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):
2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution 2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport) 2006842 - MigCluster CR remains in "unready" state and source registry is inaccessible after temporary shutdown of source cluster 2007429 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1092",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "glib",
"scope": "lt",
"trust": 1.0,
"vendor": "gnome",
"version": "2.66.7"
},
{
"model": "brocade fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "glib",
"scope": "lt",
"trust": 1.0,
"vendor": "gnome",
"version": "2.67.4"
},
{
"model": "glib",
"scope": "gte",
"trust": 1.0,
"vendor": "gnome",
"version": "2.67.0"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "e-series performance analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "glib",
"scope": null,
"trust": 0.8,
"vendor": "gnome",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003856"
},
{
"db": "NVD",
"id": "CVE-2021-27218"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "164856"
},
{
"db": "PACKETSTORM",
"id": "164511"
},
{
"db": "PACKETSTORM",
"id": "164076"
},
{
"db": "PACKETSTORM",
"id": "163806"
},
{
"db": "PACKETSTORM",
"id": "164223"
},
{
"db": "PACKETSTORM",
"id": "165099"
}
],
"trust": 0.6
},
"cve": "CVE-2021-27218",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27218",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-386439",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27218",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-27218",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27218",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-27218",
"trust": 0.8,
"value": "High"
},
{
"author": "VULHUB",
"id": "VHN-386439",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-27218",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386439"
},
{
"db": "VULMON",
"id": "CVE-2021-27218"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003856"
},
{
"db": "NVD",
"id": "CVE-2021-27218"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. GNOME GLib Is vulnerable to a conversion error between numeric types.Denial of service (DoS) It may be put into a state. Currently there is no information about this vulnerability. Please keep an eye on CNNVD or manufacturer announcements. Relevant releases/architectures:\n\nRed Hat Enterprise Linux CRB (v. 8) - noarch\n\n3. Description:\n\nGLib provides the core application building blocks for libraries and\napplications written in C. It provides the core object system used in\nGNOME, the main loop implementation, and a large set of utility functions\nfor strings and common data structures. \n\nThe following packages have been upgraded to a later upstream version:\nmingw-glib2 (2.66.7). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1929847 - CVE-2021-27218 glib: integer overflow in g_byte_array_new_take function when called with a buffer of 4GB or more on a 64-bit platform\n1929858 - CVE-2021-27219 glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits\n\n6. Package List:\n\nRed Hat Enterprise Linux CRB (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Description:\n\nRed Hat 3scale API Management delivers centralized API management features\nthrough a distributed, cloud-hosted layer. It includes built-in features to\nhelp in building a more successful API program, including access control,\nrate limits, payment gateway integration, and developer experience tools. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1869800 - CVE-2020-8911 aws/aws-sdk-go: CBC padding oracle issue in AWS S3 Crypto SDK for golang\n1869801 - CVE-2020-8912 aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto SDK for golang\n1930083 - CVE-2021-3442 PT RHOAM: XSS in 3scale at various places\n\n5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202107-13\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: GLib: Multiple vulnerabilities\n Date: July 07, 2021\n Bugs: #768753, #775632\n ID: 202107-13\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in GLib, the worst of which\ncould result in the arbitrary execution of code. \n\nBackground\n==========\n\nGLib is a library providing a number of GNOME\u0027s core objects and\nfunctions. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/glib \u003c 2.66.8 \u003e= 2.66.8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in GLib. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll GLib users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/glib-2.66.8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2021-27218\n https://nvd.nist.gov/vuln/detail/CVE-2021-27218\n[ 2 ] CVE-2021-27219\n https://nvd.nist.gov/vuln/detail/CVE-2021-27219\n[ 3 ] CVE-2021-28153\n https://nvd.nist.gov/vuln/detail/CVE-2021-28153\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202107-13\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n\n. \n\nSoftware Description:\n- glib2.0: GLib library of C routines\n\nDetails:\n\nKrzesimir Nowak discovered that GLib incorrectly handled certain large\nbuffers. A remote attacker could use this issue to cause applications\nlinked to GLib to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2021-27218)\n\nKevin Backhouse discovered that GLib incorrectly handled certain memory\nallocations. A remote attacker could use this issue to cause applications\nlinked to GLib to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2021-27219)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n libglib2.0-0 2.66.1-2ubuntu0.1\n\nUbuntu 20.04 LTS:\n libglib2.0-0 2.64.6-1~ubuntu20.04.2\n\nUbuntu 18.04 LTS:\n libglib2.0-0 2.56.4-0ubuntu0.18.04.7\n\nUbuntu 16.04 LTS:\n libglib2.0-0 2.48.2-0ubuntu4.7\n\nAfter a standard system update you need to restart your session to make all\nthe necessary changes. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.3/html/release_notes/\n\nSecurity:\n\n* nodejs-kind-of: ctorName in index.js allows external user input to\noverwrite certain internal attributes (CVE-2019-20149) \n\nBugs:\n\n* RHACM 2.3.2 images (BZ# 1991623)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1959721 - CVE-2019-20149 nodejs-kind-of: ctorName in index.js allows external user input to overwrite certain internal attributes\n1991623 - RHACM 2.3.2 images\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: ACS 3.64 security and enhancement update\nAdvisory ID: RHSA-2021:3146-01\nProduct: RHACS\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:3146\nIssue date: 2021-08-11\nCVE Names: CVE-2021-27218 CVE-2021-33195 CVE-2021-33197\n CVE-2021-33198 CVE-2021-34558\n====================================================================\n1. Summary:\n\nUpdated images are now available for Red Hat Advanced Cluster Security for\nKubernetes (RHACS). \n\n* Red Hat Product Security has rated this update as having a \"Moderate\"\nsecurity impact. \n* A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlinks in the references section. \n\n2. Description:\n\nNew Features\nThe release of RHACS 3.64 provides the following new features:\n\n1. You can now use deployment and namespace annotations to define where\nRHACS sends the violation notifications when configuring your notifiers\nsuch as Slack, Microsoft Teams, Email, and others. \n2. The Red Hat Advanced Cluster Security Operator now supports the ability\nto allow users to set the enforcement behavior of the admission controller\nas part of their custom resource. \n3. RHACS now supports kernel modules for Ubuntu 16.04 LTS with extended\nsecurity maintenance (ESM). \n\nSecurity Fixes\nThe release of RHACS 3.64 provides the following security fixes:\n\n* golang: `net` lookup functions may return invalid hostnames\n(CVE-2021-33195)\n* golang: `net/http/httputil` ReverseProxy forwards connection headers if\nthe first one is empty (CVE-2021-33197)\n* golang: `math/big.Rat` may cause panic or an unrecoverable fatal error if\npassed inputs with very large exponents (CVE-2021-33198)\n* golang: `crypto/tls` certificate of the wrong type is causing TLS client\nto panic (CVE-2021-34558)\n\nFor more details about the security issues, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npages in the references section. \n\nSystem changes\nThe release of RHACS 3.64 includes the following system changes:\n\n1. RHACS now pre-fixes the optional security context constraint name with\n`stackrox` to avoid global naming conflicts. \n2. Previously, violations for `port forwards` and `exec` events did not\ncontain information about the user who performed the action that generated\nthe events. The violations now include the user context. \n3. The cluster init bundles contain the secrets required for internal RHACS\nservices to communicate with each other. You can delete these to rotate\nsecrets, which have previously sometimes caused outages. This update\nincludes a new deletion workflow that warns about the possible impact of\ndeletion on your environment. \n4. The OpenShift compliance operator uses `rpm` only for querying, and it\ndoes not install any packages. Therefore, this update includes a policy\nexception for this pod by default to reduce the violations count. \n\n3. Solution:\n\nTo take advantage of these new features and changes, please upgrade Red Hat\nAdvanced Cluster Security for Kubernetes to version 3.64\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names\n1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty\n1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nRHACS-25 - Release RHACS 3.64\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-27218\nhttps://access.redhat.com/security/cve/CVE-2021-33195\nhttps://access.redhat.com/security/cve/CVE-2021-33197\nhttps://access.redhat.com/security/cve/CVE-2021-33198\nhttps://access.redhat.com/security/cve/CVE-2021-34558\nhttps://docs.openshift.com/acs/release_notes/364-release-notes.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYRR/dtzjgjWX9erEAQiwMg/8DLRIyhV+QWOxDgfkSsEB7xtCZGtXtaFG\nxj8HX+yxGvYOCZVLNK+6CR2qhr8MI28QtU4UFhO6WlbyEByVVq6tNJV6Db/ismsX\n6+JTK18O+EGEjVK4dhnuvv9+u/155X6UXe60gZxcOmHI/tIiqf7Tz4TmKMsXb02R\nOPpgOBOEtEEbn9HiJJ9LXiaDyjKB1vSkgLv0RS4M2nvHq9XVUjLPaBq2uroSlCYr\nXcne7F2mtEkltGfL3Za4hEaywSZBD0rJe0a5GS/91m3s4SgQvFTs5g4+suBxSjFG\nAaLpRfMuhWxpgQqYCtTswvUcMi3wsrbNgDtZN3atRruo6RlLCVVpcrDlGRD5/fxn\nG2YMeSg0WAJhQdU93OYpyGBdhoVdkITjqCV0TsUSDQp77gxfiZ3f+eCybxiCmeil\nApb4CypEPucVBzfEi9cCJyNxQLM4p8vzCOF0qS4xiRA9ZDrwvRbdZcjsxKhczLIb\ngAxLesiu7tfCqLT8Yy4CqCaMlEhSS049jhj6jzlWzRmO0rgpGQfWD1hIlixV+3Xh\n4URAmkmE5CRHs6kc6tT4XIS4XcAzn3TvVrMw8yo+bZFGzFMqIvYmhBxaUyYIWdZN\n/5zbh8OBC2KCqHyQAcL11qnid+o2cnl4mZs+gSwqOGxx8nqKrHPtnTaa2ZMXodJI\nQjlOAcComy8=OnA7\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \n1998818 - virt-handler Pod is missing xorrisofs command\n1998983 - 4.8.2 containers\n2000021 - [VMIO][RHV VM Import] 63 long char VM Name with more than 1 Disk results in DataVolumeCreationFailed\n2001038 - Importer attempts to shrink an image in certain situations\n2001069 - [4.8.z] Automatic size detection may not request a PVC that is large enough for an import\n\n5. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution\n2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport)\n2006842 - MigCluster CR remains in \"unready\" state and source registry is inaccessible after temporary shutdown of source cluster\n2007429 - \"oc describe\" and \"oc log\" commands on \"Migration resources\" tree cannot be copied after failed migration\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27218"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003856"
},
{
"db": "VULHUB",
"id": "VHN-386439"
},
{
"db": "VULMON",
"id": "CVE-2021-27218"
},
{
"db": "PACKETSTORM",
"id": "164856"
},
{
"db": "PACKETSTORM",
"id": "164511"
},
{
"db": "PACKETSTORM",
"id": "163426"
},
{
"db": "PACKETSTORM",
"id": "161714"
},
{
"db": "PACKETSTORM",
"id": "164076"
},
{
"db": "PACKETSTORM",
"id": "163806"
},
{
"db": "PACKETSTORM",
"id": "164223"
},
{
"db": "PACKETSTORM",
"id": "165099"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27218",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003856",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163426",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165099",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "164856",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161714",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-386439",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-27218",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164511",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164076",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163806",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164223",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386439"
},
{
"db": "VULMON",
"id": "CVE-2021-27218"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003856"
},
{
"db": "PACKETSTORM",
"id": "164856"
},
{
"db": "PACKETSTORM",
"id": "164511"
},
{
"db": "PACKETSTORM",
"id": "163426"
},
{
"db": "PACKETSTORM",
"id": "161714"
},
{
"db": "PACKETSTORM",
"id": "164076"
},
{
"db": "PACKETSTORM",
"id": "163806"
},
{
"db": "PACKETSTORM",
"id": "164223"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "NVD",
"id": "CVE-2021-27218"
}
]
},
"id": "VAR-202102-1092",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-386439"
}
],
"trust": 0.725
},
"last_update_date": "2024-11-29T19:50:50.434000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "gbytearray",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1711",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1711"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-27218 log"
},
{
"title": "Red Hat: Important: Service Telemetry Framework 1.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225924 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220056 - Security Advisory"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2021-27218 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-27218"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003856"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-681",
"trust": 1.1
},
{
"problemtype": "Incorrect conversion between numeric types (CWE-681) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386439"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003856"
},
{
"db": "NVD",
"id": "CVE-2021-27218"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/202107-13"
},
{
"trust": 1.2,
"url": "https://security.netapp.com/advisory/ntap-20210319-0004/"
},
{
"trust": 1.2,
"url": "https://gitlab.gnome.org/gnome/glib/-/merge_requests/1942"
},
{
"trust": 1.2,
"url": "https://gitlab.gnome.org/gnome/glib/-/merge_requests/1944"
},
{
"trust": 1.2,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3cdev.mina.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2rea7rvkn7zhrljoegbrqkjipzqpaelz/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jjmpndo4gdvuryqfykfowy5haf4ftepn/"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-27218"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33195"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33197"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-33195"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33198"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-33198"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-34558"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-33197"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34558"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36222"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22543"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22543"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3609"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3609"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22555"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-22555"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jjmpndo4gdvuryqfykfowy5haf4ftepn/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2rea7rvkn7zhrljoegbrqkjipzqpaelz/"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3cdev.mina.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/681.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2021-1711.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4526"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8912"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8911"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3653"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3442"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8911"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22922"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3442"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3653"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8912"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36222"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/glib2.0/2.48.2-0ubuntu4.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/glib2.0/2.64.6-1~ubuntu20.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/glib2.0/2.56.4-0ubuntu0.18.04.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/glib2.0/2.66.1-2ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4759-1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20149"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32399"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29650"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27777"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-32399"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20149"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3454"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29650"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3146"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/acs/release_notes/364-release-notes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37576"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3598"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38575"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/virt/upgrading-virt.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38575"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37576"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3757"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4848"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20266"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3948"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3620"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386439"
},
{
"db": "VULMON",
"id": "CVE-2021-27218"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003856"
},
{
"db": "PACKETSTORM",
"id": "164856"
},
{
"db": "PACKETSTORM",
"id": "164511"
},
{
"db": "PACKETSTORM",
"id": "163426"
},
{
"db": "PACKETSTORM",
"id": "161714"
},
{
"db": "PACKETSTORM",
"id": "164076"
},
{
"db": "PACKETSTORM",
"id": "163806"
},
{
"db": "PACKETSTORM",
"id": "164223"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "NVD",
"id": "CVE-2021-27218"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-386439"
},
{
"db": "VULMON",
"id": "CVE-2021-27218"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003856"
},
{
"db": "PACKETSTORM",
"id": "164856"
},
{
"db": "PACKETSTORM",
"id": "164511"
},
{
"db": "PACKETSTORM",
"id": "163426"
},
{
"db": "PACKETSTORM",
"id": "161714"
},
{
"db": "PACKETSTORM",
"id": "164076"
},
{
"db": "PACKETSTORM",
"id": "163806"
},
{
"db": "PACKETSTORM",
"id": "164223"
},
{
"db": "PACKETSTORM",
"id": "165099"
},
{
"db": "NVD",
"id": "CVE-2021-27218"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-15T00:00:00",
"db": "VULHUB",
"id": "VHN-386439"
},
{
"date": "2021-02-15T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27218"
},
{
"date": "2021-11-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003856"
},
{
"date": "2021-11-10T17:07:39",
"db": "PACKETSTORM",
"id": "164856"
},
{
"date": "2021-10-14T15:19:59",
"db": "PACKETSTORM",
"id": "164511"
},
{
"date": "2021-07-07T16:09:05",
"db": "PACKETSTORM",
"id": "163426"
},
{
"date": "2021-03-09T16:02:39",
"db": "PACKETSTORM",
"id": "161714"
},
{
"date": "2021-09-08T14:26:43",
"db": "PACKETSTORM",
"id": "164076"
},
{
"date": "2021-08-12T15:48:34",
"db": "PACKETSTORM",
"id": "163806"
},
{
"date": "2021-09-21T15:42:50",
"db": "PACKETSTORM",
"id": "164223"
},
{
"date": "2021-11-30T14:44:48",
"db": "PACKETSTORM",
"id": "165099"
},
{
"date": "2021-02-15T17:15:13.073000",
"db": "NVD",
"id": "CVE-2021-27218"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-386439"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27218"
},
{
"date": "2021-11-08T08:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-003856"
},
{
"date": "2024-11-21T05:57:37.240000",
"db": "NVD",
"id": "CVE-2021-27218"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "161714"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GNOME\u00a0GLib\u00a0 Vulnerability in conversion between numeric types in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003856"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "163426"
},
{
"db": "PACKETSTORM",
"id": "161714"
}
],
"trust": 0.2
}
}
var-202004-0061
Vulnerability from variot
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. An attacker could exploit this vulnerability to forcibly create arbitrary objects on the target system. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: rh-ruby25-ruby security, bug fix, and enhancement update Advisory ID: RHSA-2021:2104-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:2104 Issue date: 2021-05-25 CVE Names: CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2020-10663 CVE-2020-10933 CVE-2020-25613 CVE-2021-28965 =====================================================================
- Summary:
An update for rh-ruby25-ruby is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
- Description:
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: rh-ruby25-ruby (2.5.9). (BZ#1952998)
Security Fix(es):
-
ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845)
-
ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication (CVE-2019-16201)
-
ruby: Code injection via command argument of Shell#test / Shell#[] (CVE-2019-16255)
-
rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663)
-
ruby: BasicSocket#read_nonblock method leads to information disclosure (CVE-2020-10933)
-
ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)
-
ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)
-
ruby: HTTP response splitting in WEBrick (CVE-2019-16254)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
rh-ruby25-ruby: Resolv::DNS: timeouts if multiple IPv6 name servers are given and address contains leading zero [rhscl-3] (BZ#1953001)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-ruby25-ruby-2.5.9-9.el7.src.rpm
noarch: rh-ruby25-ruby-doc-2.5.9-9.el7.noarch.rpm rh-ruby25-ruby-irb-2.5.9-9.el7.noarch.rpm rh-ruby25-rubygem-did_you_mean-1.2.0-9.el7.noarch.rpm rh-ruby25-rubygem-minitest-5.10.3-9.el7.noarch.rpm rh-ruby25-rubygem-net-telnet-0.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-power_assert-1.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-rake-12.3.3-9.el7.noarch.rpm rh-ruby25-rubygem-rdoc-6.0.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-test-unit-3.2.7-9.el7.noarch.rpm rh-ruby25-rubygem-xmlrpc-0.3.0-9.el7.noarch.rpm rh-ruby25-rubygems-2.7.6.3-9.el7.noarch.rpm rh-ruby25-rubygems-devel-2.7.6.3-9.el7.noarch.rpm
ppc64le: rh-ruby25-ruby-2.5.9-9.el7.ppc64le.rpm rh-ruby25-ruby-debuginfo-2.5.9-9.el7.ppc64le.rpm rh-ruby25-ruby-devel-2.5.9-9.el7.ppc64le.rpm rh-ruby25-ruby-libs-2.5.9-9.el7.ppc64le.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.ppc64le.rpm rh-ruby25-rubygem-io-console-0.4.6-9.el7.ppc64le.rpm rh-ruby25-rubygem-json-2.1.0-9.el7.ppc64le.rpm rh-ruby25-rubygem-openssl-2.1.2-9.el7.ppc64le.rpm rh-ruby25-rubygem-psych-3.0.2-9.el7.ppc64le.rpm
s390x: rh-ruby25-ruby-2.5.9-9.el7.s390x.rpm rh-ruby25-ruby-debuginfo-2.5.9-9.el7.s390x.rpm rh-ruby25-ruby-devel-2.5.9-9.el7.s390x.rpm rh-ruby25-ruby-libs-2.5.9-9.el7.s390x.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.s390x.rpm rh-ruby25-rubygem-io-console-0.4.6-9.el7.s390x.rpm rh-ruby25-rubygem-json-2.1.0-9.el7.s390x.rpm rh-ruby25-rubygem-openssl-2.1.2-9.el7.s390x.rpm rh-ruby25-rubygem-psych-3.0.2-9.el7.s390x.rpm
x86_64: rh-ruby25-ruby-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-debuginfo-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-devel-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-libs-2.5.9-9.el7.x86_64.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.x86_64.rpm rh-ruby25-rubygem-io-console-0.4.6-9.el7.x86_64.rpm rh-ruby25-rubygem-json-2.1.0-9.el7.x86_64.rpm rh-ruby25-rubygem-openssl-2.1.2-9.el7.x86_64.rpm rh-ruby25-rubygem-psych-3.0.2-9.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-ruby25-ruby-2.5.9-9.el7.src.rpm
noarch: rh-ruby25-ruby-doc-2.5.9-9.el7.noarch.rpm rh-ruby25-ruby-irb-2.5.9-9.el7.noarch.rpm rh-ruby25-rubygem-did_you_mean-1.2.0-9.el7.noarch.rpm rh-ruby25-rubygem-minitest-5.10.3-9.el7.noarch.rpm rh-ruby25-rubygem-net-telnet-0.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-power_assert-1.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-rake-12.3.3-9.el7.noarch.rpm rh-ruby25-rubygem-rdoc-6.0.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-test-unit-3.2.7-9.el7.noarch.rpm rh-ruby25-rubygem-xmlrpc-0.3.0-9.el7.noarch.rpm rh-ruby25-rubygems-2.7.6.3-9.el7.noarch.rpm rh-ruby25-rubygems-devel-2.7.6.3-9.el7.noarch.rpm
ppc64le: rh-ruby25-ruby-2.5.9-9.el7.ppc64le.rpm rh-ruby25-ruby-debuginfo-2.5.9-9.el7.ppc64le.rpm rh-ruby25-ruby-devel-2.5.9-9.el7.ppc64le.rpm rh-ruby25-ruby-libs-2.5.9-9.el7.ppc64le.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.ppc64le.rpm rh-ruby25-rubygem-io-console-0.4.6-9.el7.ppc64le.rpm rh-ruby25-rubygem-json-2.1.0-9.el7.ppc64le.rpm rh-ruby25-rubygem-openssl-2.1.2-9.el7.ppc64le.rpm rh-ruby25-rubygem-psych-3.0.2-9.el7.ppc64le.rpm
s390x: rh-ruby25-ruby-2.5.9-9.el7.s390x.rpm rh-ruby25-ruby-debuginfo-2.5.9-9.el7.s390x.rpm rh-ruby25-ruby-devel-2.5.9-9.el7.s390x.rpm rh-ruby25-ruby-libs-2.5.9-9.el7.s390x.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.s390x.rpm rh-ruby25-rubygem-io-console-0.4.6-9.el7.s390x.rpm rh-ruby25-rubygem-json-2.1.0-9.el7.s390x.rpm rh-ruby25-rubygem-openssl-2.1.2-9.el7.s390x.rpm rh-ruby25-rubygem-psych-3.0.2-9.el7.s390x.rpm
x86_64: rh-ruby25-ruby-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-debuginfo-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-devel-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-libs-2.5.9-9.el7.x86_64.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.x86_64.rpm rh-ruby25-rubygem-io-console-0.4.6-9.el7.x86_64.rpm rh-ruby25-rubygem-json-2.1.0-9.el7.x86_64.rpm rh-ruby25-rubygem-openssl-2.1.2-9.el7.x86_64.rpm rh-ruby25-rubygem-psych-3.0.2-9.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-ruby25-ruby-2.5.9-9.el7.src.rpm
noarch: rh-ruby25-ruby-doc-2.5.9-9.el7.noarch.rpm rh-ruby25-ruby-irb-2.5.9-9.el7.noarch.rpm rh-ruby25-rubygem-did_you_mean-1.2.0-9.el7.noarch.rpm rh-ruby25-rubygem-minitest-5.10.3-9.el7.noarch.rpm rh-ruby25-rubygem-net-telnet-0.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-power_assert-1.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-rake-12.3.3-9.el7.noarch.rpm rh-ruby25-rubygem-rdoc-6.0.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-test-unit-3.2.7-9.el7.noarch.rpm rh-ruby25-rubygem-xmlrpc-0.3.0-9.el7.noarch.rpm rh-ruby25-rubygems-2.7.6.3-9.el7.noarch.rpm rh-ruby25-rubygems-devel-2.7.6.3-9.el7.noarch.rpm
ppc64le: rh-ruby25-ruby-2.5.9-9.el7.ppc64le.rpm rh-ruby25-ruby-debuginfo-2.5.9-9.el7.ppc64le.rpm rh-ruby25-ruby-devel-2.5.9-9.el7.ppc64le.rpm rh-ruby25-ruby-libs-2.5.9-9.el7.ppc64le.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.ppc64le.rpm rh-ruby25-rubygem-io-console-0.4.6-9.el7.ppc64le.rpm rh-ruby25-rubygem-json-2.1.0-9.el7.ppc64le.rpm rh-ruby25-rubygem-openssl-2.1.2-9.el7.ppc64le.rpm rh-ruby25-rubygem-psych-3.0.2-9.el7.ppc64le.rpm
s390x: rh-ruby25-ruby-2.5.9-9.el7.s390x.rpm rh-ruby25-ruby-debuginfo-2.5.9-9.el7.s390x.rpm rh-ruby25-ruby-devel-2.5.9-9.el7.s390x.rpm rh-ruby25-ruby-libs-2.5.9-9.el7.s390x.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.s390x.rpm rh-ruby25-rubygem-io-console-0.4.6-9.el7.s390x.rpm rh-ruby25-rubygem-json-2.1.0-9.el7.s390x.rpm rh-ruby25-rubygem-openssl-2.1.2-9.el7.s390x.rpm rh-ruby25-rubygem-psych-3.0.2-9.el7.s390x.rpm
x86_64: rh-ruby25-ruby-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-debuginfo-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-devel-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-libs-2.5.9-9.el7.x86_64.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.x86_64.rpm rh-ruby25-rubygem-io-console-0.4.6-9.el7.x86_64.rpm rh-ruby25-rubygem-json-2.1.0-9.el7.x86_64.rpm rh-ruby25-rubygem-openssl-2.1.2-9.el7.x86_64.rpm rh-ruby25-rubygem-psych-3.0.2-9.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-ruby25-ruby-2.5.9-9.el7.src.rpm
noarch: rh-ruby25-ruby-doc-2.5.9-9.el7.noarch.rpm rh-ruby25-ruby-irb-2.5.9-9.el7.noarch.rpm rh-ruby25-rubygem-did_you_mean-1.2.0-9.el7.noarch.rpm rh-ruby25-rubygem-minitest-5.10.3-9.el7.noarch.rpm rh-ruby25-rubygem-net-telnet-0.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-power_assert-1.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-rake-12.3.3-9.el7.noarch.rpm rh-ruby25-rubygem-rdoc-6.0.1.1-9.el7.noarch.rpm rh-ruby25-rubygem-test-unit-3.2.7-9.el7.noarch.rpm rh-ruby25-rubygem-xmlrpc-0.3.0-9.el7.noarch.rpm rh-ruby25-rubygems-2.7.6.3-9.el7.noarch.rpm rh-ruby25-rubygems-devel-2.7.6.3-9.el7.noarch.rpm
x86_64: rh-ruby25-ruby-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-debuginfo-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-devel-2.5.9-9.el7.x86_64.rpm rh-ruby25-ruby-libs-2.5.9-9.el7.x86_64.rpm rh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.x86_64.rpm rh-ruby25-rubygem-io-console-0.4.6-9.el7.x86_64.rpm rh-ruby25-rubygem-json-2.1.0-9.el7.x86_64.rpm rh-ruby25-rubygem-openssl-2.1.2-9.el7.x86_64.rpm rh-ruby25-rubygem-psych-3.0.2-9.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-15845 https://access.redhat.com/security/cve/CVE-2019-16201 https://access.redhat.com/security/cve/CVE-2019-16254 https://access.redhat.com/security/cve/CVE-2019-16255 https://access.redhat.com/security/cve/CVE-2020-10663 https://access.redhat.com/security/cve/CVE-2020-10933 https://access.redhat.com/security/cve/CVE-2020-25613 https://access.redhat.com/security/cve/CVE-2021-28965 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. 8) - aarch64, noarch, ppc64le, s390x, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1
macOS Big Sur 11.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT211931.
AMD Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-27914: Yu Wang of Didi Research America CVE-2020-27915: Yu Wang of Didi Research America Entry added December 14, 2020
App Store Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Audio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light- Year Lab
Audio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
Audio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab
Audio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab
Bluetooth Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause unexpected application termination or heap corruption Description: Multiple integer overflows were addressed with improved input validation. CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
CoreAudio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light- Year Lab CVE-2020-27909: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year Lab CVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab Entry added December 14, 2020
CoreAudio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab
CoreCapture Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9949: Proteas
CoreGraphics Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro
Crash Reporter Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local attacker may be able to elevate their privileges Description: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan
CoreText Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-27922: Mickey Jin of Trend Micro Entry added December 14, 2020
CoreText Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-9999: Apple Entry updated December 14, 2020
Disk Images Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9965: Proteas CVE-2020-9966: Proteas
Finder Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Users may be unable to remove metadata indicating where files were downloaded from Description: The issue was addressed with additional user controls. CVE-2020-27894: Manuel Trezza of Shuggr (shuggr.com)
FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved size validation. CVE-2020-9962: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added December 14, 2020
FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of Trend Micro Entry added December 14, 2020
FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Micro’s Zero Day Initiative Entry added December 14, 2020
FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. CVE-2020-27931: Apple Entry added December 14, 2020
FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A memory corruption issue was addressed with improved input validation. CVE-2020-27930: Google Project Zero
FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab
Foundation Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local user may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2020-10002: James Hutchins
HomeKit Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An attacker in a privileged network position may be able to unexpectedly alter application state Description: This issue was addressed with improved setting propagation. CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology Entry added December 14, 2020
ImageIO Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab Entry added December 14, 2020
ImageIO Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27924: Lei Sun Entry added December 14, 2020
ImageIO Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab CVE-2020-27923: Lei Sun Entry updated December 14, 2020
ImageIO Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9876: Mickey Jin of Trend Micro
Intel Graphics Driver Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day Initiative CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc., and Luyi Xing of Indiana University Bloomington Entry added December 14, 2020
Intel Graphics Driver Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day Initiative Entry added December 14, 2020
Image Processing Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei Lin of Ant Security Light-Year Lab Entry added December 14, 2020
Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2020-9967: Alex Plaskett (@alexjplaskett) Entry added December 14, 2020
Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9975: Tielei Wang of Pangu Lab Entry added December 14, 2020
Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2020-27921: Linus Henze (pinauten.de) Entry added December 14, 2020
Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management. CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqong Security Lab
Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel Description: A routing issue was addressed with improved restrictions. CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall
Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A memory initialization issue was addressed. CVE-2020-27950: Google Project Zero
Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved state management. CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-10016: Alex Helie
Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A type confusion issue was addressed with improved state handling. CVE-2020-27932: Google Project Zero
libxml2 Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing maliciously crafted web content may lead to code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-27917: found by OSS-Fuzz CVE-2020-27920: found by OSS-Fuzz Entry updated December 14, 2020
libxml2 Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2020-27911: found by OSS-Fuzz
libxpc Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved validation. CVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Entry added December 14, 2020
libxpc Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to break out of its sandbox Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Logging Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local attacker may be able to elevate their privileges Description: A path handling issue was addressed with improved validation. CVE-2020-10010: Tommy Muir (@Muirey03)
Mail Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to unexpectedly alter application state Description: This issue was addressed with improved checks. CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences
Messages Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local user may be able to discover a user’s deleted messages Description: The issue was addressed with improved deletion. CVE-2020-9988: William Breuer of the Netherlands CVE-2020-9989: von Brunn Media
Model I/O Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-10011: Aleksandar Nikolic of Cisco Talos Entry added December 14, 2020
Model I/O Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
NetworkExtension Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to elevate privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and Mickey Jin of Trend Micro
NSRemoteView Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved restrictions. CVE-2020-27901: Thijs Alkemade of Computest Research Division Entry added December 14, 2020
NSRemoteView Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to preview files it does not have access to Description: An issue existed in the handling of snapshots. The issue was resolved with improved permissions logic. CVE-2020-27900: Thijs Alkemade of Computest Research Division
PCRE Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Multiple issues in pcre Description: Multiple issues were addressed by updating to version 8.44. CVE-2019-20838 CVE-2020-14155
Power Management Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved state management. CVE-2020-10007: singi@theori working with Trend Micro Zero Day Initiative
python Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Cookies belonging to one origin may be sent to another origin Description: Multiple issues were addressed with improved logic. CVE-2020-27896: an anonymous researcher
Quick Look Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious app may be able to determine the existence of files on the computer Description: The issue was addressed with improved handling of icon caches. CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security
Quick Look Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted document may lead to a cross site scripting attack Description: An access issue was addressed with improved access restrictions. CVE-2020-10012: Heige of KnownSec 404 Team (https://www.knownsec.com/) and Bo Qu of Palo Alto Networks (https://www.paloaltonetworks.com/)
Ruby Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to modify the file system Description: A path handling issue was addressed with improved validation. CVE-2020-27896: an anonymous researcher
Ruby Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system Description: This issue was addressed with improved checks. CVE-2020-10663: Jeremy Evans
Safari Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Visiting a malicious website may lead to address bar spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2020-9945: Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati
Safari Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to determine a user's open tabs in Safari Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. CVE-2020-9977: Josh Parnham (@joshparnham)
Safari Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2020-9942: an anonymous researcher, Rahul d Kankrale (servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho (@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab
Sandbox Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local user may be able to view senstive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog)
SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-9991
SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to leak memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-9849
SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating SQLite to version 3.32.3. CVE-2020-15358
SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A maliciously crafted SQL query may lead to data corruption Description: This issue was addressed with improved checks. CVE-2020-13631
SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-13434 CVE-2020-13435 CVE-2020-9991
SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-13630
Symptom Framework Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local attacker may be able to elevate their privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-27899: 08Tc3wBB working with ZecOps Entry added December 14, 2020
System Preferences Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved state management. CVE-2020-10009: Thijs Alkemade of Computest Research Division
TCC Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application with root privileges may be able to access private information Description: A logic issue was addressed with improved restrictions. CVE-2020-10008: Wojciech Reguła of SecuRing (wojciechregula.blog) Entry added December 14, 2020
WebKit Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-27918: Liu Long of Ant Security Light-Year Lab Entry updated December 14, 2020
Wi-Fi Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An attacker may be able to bypass Managed Frame Protection Description: A denial of service issue was addressed with improved state handling. CVE-2020-27898: Stephan Marais of University of Johannesburg
Xsan Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2020-10006: Wojciech Reguła (@_r3ggi) of SecuRing
Additional recognition
802.1X We would like to acknowledge Kenana Dalle of Hamad bin Khalifa University and Ryan Riley of Carnegie Mellon University in Qatar for their assistance. Entry added December 14, 2020
Audio We would like to acknowledge JunDong Xie and XingWei Lin of Ant- financial Light-Year Security Lab, an anonymous researcher for their assistance.
Bluetooth We would like to acknowledge Andy Davis of NCC Group, Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance. Entry updated December 14, 2020
Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.
Core Location We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.
Crash Reporter We would like to acknowledge Artur Byszko of AFINE for their assistance. Entry added December 14, 2020
Directory Utility We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
iAP We would like to acknowledge Andy Davis of NCC Group for their assistance.
Kernel We would like to acknowledge Brandon Azad of Google Project Zero, Stephen Röttger of Google for their assistance.
libxml2 We would like to acknowledge an anonymous researcher for their assistance. Entry added December 14, 2020
Login Window We would like to acknowledge Rob Morton of Leidos for their assistance.
Photos Storage We would like to acknowledge Paulos Yibelo of LimeHats for their assistance.
Quick Look We would like to acknowledge Csaba Fitzl (@theevilbit) and Wojciech Reguła of SecuRing (wojciechregula.blog) for their assistance.
Safari We would like to acknowledge Gabriel Corona and Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati for their assistance.
Security We would like to acknowledge Christian Starkjohann of Objective Development Software GmbH for their assistance.
System Preferences We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YDPwACgkQZcsbuWJ6 jjANmhAAoj+ZHNnH2pGDFl2/jrAtvWBtXg8mqw6NtNbGqWDZFhnY5q7Lp8WTx/Pi x64A4F8bU5xcybnmaDpK5PMwAAIiAg4g1BhpOq3pGyeHEasNx7D9damfqFGKiivS p8nl62XE74ayfxdZGa+2tOVFTFwqixfr0aALVoQUhAWNeYuvVSgJXlgdGjj+QSL+ 9vW86kbQypOqT5TPDg6tpJy3g5s4hotkfzCfxA9mIKOg5e/nnoRNhw0c1dzfeTRO INzGxnajKGGYy2C3MH6t0cKG0B6cH7aePZCHYJ1jmuAVd0SD3PfmoT76DeRGC4Ri c8fGD+5pvSF6/+5E+MbH3t3D6bLiCGRFJtYNMpr46gUKKt27EonSiheYCP9xR6lU ChpYdcgHMOHX4a07/Oo8vEwQrtJ4JryhI9tfBel1ewdSoxk2iCFKzLLYkDMihD6B 1x/9MlaqEpLYBnuKkrRzFINW23TzFPTI/+i2SbUscRQtK0qE7Up5C+IUkRvBGhEs MuEmEnn5spnVG2EBcKeLtJxtf/h5WaRFrev72EvSVR+Ko8Cj0MgK6IATu6saq8bV kURL5empvpexFAvVQWRDaLgGBHKM+uArBz2OP6t7wFvD2p1Vq5M+dMrEPna1JO/S AXZYC9Y9bBRZfYQAv7nxa+uIXy2rGTuQKQY8ldu4eEHtJ0OhaB8= =T5Y8 -----END PGP SIGNATURE-----
. ========================================================================== Ubuntu Security Notice USN-4882-1 March 18, 2021
ruby2.3, ruby2.5, ruby2.7 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Ruby. If a user or automated system were tricked into parsing a specially crafted JSON file, a remote attacker could use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-10663)
It was discovered that Ruby incorrectly handled certain socket memory operations. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-10933)
It was discovered that Ruby incorrectly handled certain transfer-encoding headers when using Webrick. A remote attacker could possibly use this issue to bypass a reverse proxy. (CVE-2020-25613)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: libruby2.7 2.7.1-3ubuntu1.2 ruby2.7 2.7.1-3ubuntu1.2
Ubuntu 20.04 LTS: libruby2.7 2.7.0-5ubuntu1.3 ruby2.7 2.7.0-5ubuntu1.3
Ubuntu 18.04 LTS: libruby2.5 2.5.1-1ubuntu1.8 ruby2.5 2.5.1-1ubuntu1.8
Ubuntu 16.04 LTS: libruby2.3 2.3.1-2~ubuntu16.04.15 ruby2.3 2.3.1-2~ubuntu16.04.15
In general, a standard system update will make all the necessary changes. 8.0) - ppc64le, s390x, x86_64
- Description:
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Bug Fix(es):
- [GUI] Colocation constraint can't be added (BZ#1840156)
4
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0061",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "json",
"scope": "lte",
"trust": 1.0,
"vendor": "json",
"version": "2.2.0"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "json",
"scope": "eq",
"trust": 0.8,
"vendor": "json",
"version": "2.2.0"
},
{
"model": "leap",
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005087"
},
{
"db": "NVD",
"id": "CVE-2020-10663"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:json_project:json",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:opensuse_project:leap",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005087"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162764"
},
{
"db": "PACKETSTORM",
"id": "163317"
},
{
"db": "PACKETSTORM",
"id": "162953"
},
{
"db": "PACKETSTORM",
"id": "158018"
},
{
"db": "PACKETSTORM",
"id": "166075"
},
{
"db": "PACKETSTORM",
"id": "166070"
}
],
"trust": 0.6
},
"cve": "CVE-2020-10663",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-10663",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005087",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-163164",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-10663",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005087",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-10663",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005087",
"trust": 0.8,
"value": "High"
},
{
"author": "VULHUB",
"id": "VHN-163164",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-10663",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163164"
},
{
"db": "VULMON",
"id": "CVE-2020-10663"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005087"
},
{
"db": "NVD",
"id": "CVE-2020-10663"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. An attacker could exploit this vulnerability to forcibly create arbitrary objects on the target system. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: rh-ruby25-ruby security, bug fix, and enhancement update\nAdvisory ID: RHSA-2021:2104-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2104\nIssue date: 2021-05-25\nCVE Names: CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 \n CVE-2019-16255 CVE-2020-10663 CVE-2020-10933 \n CVE-2020-25613 CVE-2021-28965 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-ruby25-ruby is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nRuby is an extensible, interpreted, object-oriented, scripting language. It\nhas features to process text files and to perform system management tasks. \n\nThe following packages have been upgraded to a later upstream version:\nrh-ruby25-ruby (2.5.9). (BZ#1952998)\n\nSecurity Fix(es):\n\n* ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch?\n(CVE-2019-15845)\n\n* ruby: Regular expression denial of service vulnerability of WEBrick\u0027s\nDigest authentication (CVE-2019-16201)\n\n* ruby: Code injection via command argument of Shell#test / Shell#[]\n(CVE-2019-16255)\n\n* rubygem-json: Unsafe object creation vulnerability in JSON\n(CVE-2020-10663)\n\n* ruby: BasicSocket#read_nonblock method leads to information disclosure\n(CVE-2020-10933)\n\n* ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)\n\n* ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)\n\n* ruby: HTTP response splitting in WEBrick (CVE-2019-16254)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* rh-ruby25-ruby: Resolv::DNS: timeouts if multiple IPv6 name servers are\ngiven and address contains leading zero [rhscl-3] (BZ#1953001)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-ruby25-ruby-2.5.9-9.el7.src.rpm\n\nnoarch:\nrh-ruby25-ruby-doc-2.5.9-9.el7.noarch.rpm\nrh-ruby25-ruby-irb-2.5.9-9.el7.noarch.rpm\nrh-ruby25-rubygem-did_you_mean-1.2.0-9.el7.noarch.rpm\nrh-ruby25-rubygem-minitest-5.10.3-9.el7.noarch.rpm\nrh-ruby25-rubygem-net-telnet-0.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-power_assert-1.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-rake-12.3.3-9.el7.noarch.rpm\nrh-ruby25-rubygem-rdoc-6.0.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-test-unit-3.2.7-9.el7.noarch.rpm\nrh-ruby25-rubygem-xmlrpc-0.3.0-9.el7.noarch.rpm\nrh-ruby25-rubygems-2.7.6.3-9.el7.noarch.rpm\nrh-ruby25-rubygems-devel-2.7.6.3-9.el7.noarch.rpm\n\nppc64le:\nrh-ruby25-ruby-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-ruby-debuginfo-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-ruby-devel-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-ruby-libs-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-io-console-0.4.6-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-json-2.1.0-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-openssl-2.1.2-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-psych-3.0.2-9.el7.ppc64le.rpm\n\ns390x:\nrh-ruby25-ruby-2.5.9-9.el7.s390x.rpm\nrh-ruby25-ruby-debuginfo-2.5.9-9.el7.s390x.rpm\nrh-ruby25-ruby-devel-2.5.9-9.el7.s390x.rpm\nrh-ruby25-ruby-libs-2.5.9-9.el7.s390x.rpm\nrh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.s390x.rpm\nrh-ruby25-rubygem-io-console-0.4.6-9.el7.s390x.rpm\nrh-ruby25-rubygem-json-2.1.0-9.el7.s390x.rpm\nrh-ruby25-rubygem-openssl-2.1.2-9.el7.s390x.rpm\nrh-ruby25-rubygem-psych-3.0.2-9.el7.s390x.rpm\n\nx86_64:\nrh-ruby25-ruby-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-debuginfo-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-devel-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-libs-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.x86_64.rpm\nrh-ruby25-rubygem-io-console-0.4.6-9.el7.x86_64.rpm\nrh-ruby25-rubygem-json-2.1.0-9.el7.x86_64.rpm\nrh-ruby25-rubygem-openssl-2.1.2-9.el7.x86_64.rpm\nrh-ruby25-rubygem-psych-3.0.2-9.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-ruby25-ruby-2.5.9-9.el7.src.rpm\n\nnoarch:\nrh-ruby25-ruby-doc-2.5.9-9.el7.noarch.rpm\nrh-ruby25-ruby-irb-2.5.9-9.el7.noarch.rpm\nrh-ruby25-rubygem-did_you_mean-1.2.0-9.el7.noarch.rpm\nrh-ruby25-rubygem-minitest-5.10.3-9.el7.noarch.rpm\nrh-ruby25-rubygem-net-telnet-0.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-power_assert-1.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-rake-12.3.3-9.el7.noarch.rpm\nrh-ruby25-rubygem-rdoc-6.0.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-test-unit-3.2.7-9.el7.noarch.rpm\nrh-ruby25-rubygem-xmlrpc-0.3.0-9.el7.noarch.rpm\nrh-ruby25-rubygems-2.7.6.3-9.el7.noarch.rpm\nrh-ruby25-rubygems-devel-2.7.6.3-9.el7.noarch.rpm\n\nppc64le:\nrh-ruby25-ruby-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-ruby-debuginfo-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-ruby-devel-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-ruby-libs-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-io-console-0.4.6-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-json-2.1.0-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-openssl-2.1.2-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-psych-3.0.2-9.el7.ppc64le.rpm\n\ns390x:\nrh-ruby25-ruby-2.5.9-9.el7.s390x.rpm\nrh-ruby25-ruby-debuginfo-2.5.9-9.el7.s390x.rpm\nrh-ruby25-ruby-devel-2.5.9-9.el7.s390x.rpm\nrh-ruby25-ruby-libs-2.5.9-9.el7.s390x.rpm\nrh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.s390x.rpm\nrh-ruby25-rubygem-io-console-0.4.6-9.el7.s390x.rpm\nrh-ruby25-rubygem-json-2.1.0-9.el7.s390x.rpm\nrh-ruby25-rubygem-openssl-2.1.2-9.el7.s390x.rpm\nrh-ruby25-rubygem-psych-3.0.2-9.el7.s390x.rpm\n\nx86_64:\nrh-ruby25-ruby-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-debuginfo-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-devel-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-libs-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.x86_64.rpm\nrh-ruby25-rubygem-io-console-0.4.6-9.el7.x86_64.rpm\nrh-ruby25-rubygem-json-2.1.0-9.el7.x86_64.rpm\nrh-ruby25-rubygem-openssl-2.1.2-9.el7.x86_64.rpm\nrh-ruby25-rubygem-psych-3.0.2-9.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-ruby25-ruby-2.5.9-9.el7.src.rpm\n\nnoarch:\nrh-ruby25-ruby-doc-2.5.9-9.el7.noarch.rpm\nrh-ruby25-ruby-irb-2.5.9-9.el7.noarch.rpm\nrh-ruby25-rubygem-did_you_mean-1.2.0-9.el7.noarch.rpm\nrh-ruby25-rubygem-minitest-5.10.3-9.el7.noarch.rpm\nrh-ruby25-rubygem-net-telnet-0.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-power_assert-1.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-rake-12.3.3-9.el7.noarch.rpm\nrh-ruby25-rubygem-rdoc-6.0.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-test-unit-3.2.7-9.el7.noarch.rpm\nrh-ruby25-rubygem-xmlrpc-0.3.0-9.el7.noarch.rpm\nrh-ruby25-rubygems-2.7.6.3-9.el7.noarch.rpm\nrh-ruby25-rubygems-devel-2.7.6.3-9.el7.noarch.rpm\n\nppc64le:\nrh-ruby25-ruby-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-ruby-debuginfo-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-ruby-devel-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-ruby-libs-2.5.9-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-io-console-0.4.6-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-json-2.1.0-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-openssl-2.1.2-9.el7.ppc64le.rpm\nrh-ruby25-rubygem-psych-3.0.2-9.el7.ppc64le.rpm\n\ns390x:\nrh-ruby25-ruby-2.5.9-9.el7.s390x.rpm\nrh-ruby25-ruby-debuginfo-2.5.9-9.el7.s390x.rpm\nrh-ruby25-ruby-devel-2.5.9-9.el7.s390x.rpm\nrh-ruby25-ruby-libs-2.5.9-9.el7.s390x.rpm\nrh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.s390x.rpm\nrh-ruby25-rubygem-io-console-0.4.6-9.el7.s390x.rpm\nrh-ruby25-rubygem-json-2.1.0-9.el7.s390x.rpm\nrh-ruby25-rubygem-openssl-2.1.2-9.el7.s390x.rpm\nrh-ruby25-rubygem-psych-3.0.2-9.el7.s390x.rpm\n\nx86_64:\nrh-ruby25-ruby-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-debuginfo-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-devel-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-libs-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.x86_64.rpm\nrh-ruby25-rubygem-io-console-0.4.6-9.el7.x86_64.rpm\nrh-ruby25-rubygem-json-2.1.0-9.el7.x86_64.rpm\nrh-ruby25-rubygem-openssl-2.1.2-9.el7.x86_64.rpm\nrh-ruby25-rubygem-psych-3.0.2-9.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-ruby25-ruby-2.5.9-9.el7.src.rpm\n\nnoarch:\nrh-ruby25-ruby-doc-2.5.9-9.el7.noarch.rpm\nrh-ruby25-ruby-irb-2.5.9-9.el7.noarch.rpm\nrh-ruby25-rubygem-did_you_mean-1.2.0-9.el7.noarch.rpm\nrh-ruby25-rubygem-minitest-5.10.3-9.el7.noarch.rpm\nrh-ruby25-rubygem-net-telnet-0.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-power_assert-1.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-rake-12.3.3-9.el7.noarch.rpm\nrh-ruby25-rubygem-rdoc-6.0.1.1-9.el7.noarch.rpm\nrh-ruby25-rubygem-test-unit-3.2.7-9.el7.noarch.rpm\nrh-ruby25-rubygem-xmlrpc-0.3.0-9.el7.noarch.rpm\nrh-ruby25-rubygems-2.7.6.3-9.el7.noarch.rpm\nrh-ruby25-rubygems-devel-2.7.6.3-9.el7.noarch.rpm\n\nx86_64:\nrh-ruby25-ruby-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-debuginfo-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-devel-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-ruby-libs-2.5.9-9.el7.x86_64.rpm\nrh-ruby25-rubygem-bigdecimal-1.3.4-9.el7.x86_64.rpm\nrh-ruby25-rubygem-io-console-0.4.6-9.el7.x86_64.rpm\nrh-ruby25-rubygem-json-2.1.0-9.el7.x86_64.rpm\nrh-ruby25-rubygem-openssl-2.1.2-9.el7.x86_64.rpm\nrh-ruby25-rubygem-psych-3.0.2-9.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-15845\nhttps://access.redhat.com/security/cve/CVE-2019-16201\nhttps://access.redhat.com/security/cve/CVE-2019-16254\nhttps://access.redhat.com/security/cve/CVE-2019-16255\nhttps://access.redhat.com/security/cve/CVE-2020-10663\nhttps://access.redhat.com/security/cve/CVE-2020-10933\nhttps://access.redhat.com/security/cve/CVE-2020-25613\nhttps://access.redhat.com/security/cve/CVE-2021-28965\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-12-14-4 Additional information for\nAPPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1\n\nmacOS Big Sur 11.0.1 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT211931. \n\nAMD\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2020-27914: Yu Wang of Didi Research America\nCVE-2020-27915: Yu Wang of Didi Research America\nEntry added December 14, 2020\n\nApp Store\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: An application may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nAudio\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-\nYear Lab\n\nAudio\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab\n\nAudio\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A malicious application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab\n\nAudio\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab\n\nBluetooth\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A remote attacker may be able to cause unexpected application\ntermination or heap corruption\nDescription: Multiple integer overflows were addressed with improved\ninput validation. \nCVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nCoreAudio\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light-\nYear Lab\nCVE-2020-27909: Anonymous working with Trend Micro Zero Day\nInitiative, JunDong Xie and XingWei Lin of Ant Security Light-Year\nLab\nCVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year\nLab\nEntry added December 14, 2020\n\nCoreAudio\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,\nJunDong Xie of Ant Security Light-Year Lab\n\nCoreCapture\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-9949: Proteas\n\nCoreGraphics\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nCrash Reporter\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A local attacker may be able to elevate their privileges\nDescription: An issue existed within the path validation logic for\nsymlinks. This issue was addressed with improved path sanitization. \nCVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan\n\nCoreText\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-27922: Mickey Jin of Trend Micro\nEntry added December 14, 2020\n\nCoreText\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Processing a maliciously crafted text file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-9999: Apple\nEntry updated December 14, 2020\n\nDisk Images\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-9965: Proteas\nCVE-2020-9966: Proteas\n\nFinder\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Users may be unable to remove metadata indicating where files\nwere downloaded from\nDescription: The issue was addressed with additional user controls. \nCVE-2020-27894: Manuel Trezza of Shuggr (shuggr.com)\n\nFontParser\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2020-9962: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\nEntry added December 14, 2020\n\nFontParser\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of\nTrend Micro\nEntry added December 14, 2020\n\nFontParser\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile\nSecurity Research Team working with Trend Micro\u2019s Zero Day Initiative\nEntry added December 14, 2020\n\nFontParser\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed with improved input validation. \nCVE-2020-27931: Apple\nEntry added December 14, 2020\n\nFontParser\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Processing a maliciously crafted font may lead to arbitrary\ncode execution. Apple is aware of reports that an exploit for this\nissue exists in the wild. \nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2020-27930: Google Project Zero\n\nFontParser\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab\n\nFoundation\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A local user may be able to read arbitrary files\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-10002: James Hutchins\n\nHomeKit\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: An attacker in a privileged network position may be able to\nunexpectedly alter application state\nDescription: This issue was addressed with improved setting\npropagation. \nCVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana\nUniversity Bloomington, Yan Jia of Xidian University and University\nof Chinese Academy of Sciences, and Bin Yuan of HuaZhong University\nof Science and Technology\nEntry added December 14, 2020\n\nImageIO\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security\nLight-Year Lab\nEntry added December 14, 2020\n\nImageIO\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-27924: Lei Sun\nEntry added December 14, 2020\n\nImageIO\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2020-27923: Lei Sun\nEntry updated December 14, 2020\n\nImageIO\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9876: Mickey Jin of Trend Micro\n\nIntel Graphics Driver\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\nCVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.,\nand Luyi Xing of Indiana University Bloomington\nEntry added December 14, 2020\n\nIntel Graphics Driver\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\nEntry added December 14, 2020\n\nImage Processing\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei\nLin of Ant Security Light-Year Lab\nEntry added December 14, 2020\n\nKernel\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2020-9967: Alex Plaskett (@alexjplaskett)\nEntry added December 14, 2020\n\nKernel\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-9975: Tielei Wang of Pangu Lab\nEntry added December 14, 2020\n\nKernel\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2020-27921: Linus Henze (pinauten.de)\nEntry added December 14, 2020\n\nKernel\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue existed resulting in memory corruption. \nThis was addressed with improved state management. \nCVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqong\nSecurity Lab\n\nKernel\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: An attacker in a privileged network position may be able to\ninject into active connections within a VPN tunnel\nDescription: A routing issue was addressed with improved\nrestrictions. \nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. \nCrandall\n\nKernel\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A malicious application may be able to disclose kernel\nmemory. Apple is aware of reports that an exploit for this issue\nexists in the wild. \nDescription: A memory initialization issue was addressed. \nCVE-2020-27950: Google Project Zero\n\nKernel\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-9974: Tommy Muir (@Muirey03)\n\nKernel\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-10016: Alex Helie\n\nKernel\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges. Apple is aware of reports that an exploit for\nthis issue exists in the wild. \nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2020-27932: Google Project Zero\n\nlibxml2\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-27917: found by OSS-Fuzz\nCVE-2020-27920: found by OSS-Fuzz\nEntry updated December 14, 2020\n\nlibxml2\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2020-27911: found by OSS-Fuzz\n\nlibxpc\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\nEntry added December 14, 2020\n\nlibxpc\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nLogging\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A local attacker may be able to elevate their privileges\nDescription: A path handling issue was addressed with improved\nvalidation. \nCVE-2020-10010: Tommy Muir (@Muirey03)\n\nMail\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A remote attacker may be able to unexpectedly alter\napplication state\nDescription: This issue was addressed with improved checks. \nCVE-2020-9941: Fabian Ising of FH M\u00fcnster University of Applied\nSciences and Damian Poddebniak of FH M\u00fcnster University of Applied\nSciences\n\nMessages\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A local user may be able to discover a user\u2019s deleted\nmessages\nDescription: The issue was addressed with improved deletion. \nCVE-2020-9988: William Breuer of the Netherlands\nCVE-2020-9989: von Brunn Media\n\nModel I/O\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-10011: Aleksandar Nikolic of Cisco Talos\nEntry added December 14, 2020\n\nModel I/O\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-13524: Aleksandar Nikolic of Cisco Talos\n\nModel I/O\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-10004: Aleksandar Nikolic of Cisco Talos\n\nNetworkExtension\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A malicious application may be able to elevate privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and\nMickey Jin of Trend Micro\n\nNSRemoteView\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-27901: Thijs Alkemade of Computest Research Division\nEntry added December 14, 2020\n\nNSRemoteView\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A malicious application may be able to preview files it does\nnot have access to\nDescription: An issue existed in the handling of snapshots. The issue\nwas resolved with improved permissions logic. \nCVE-2020-27900: Thijs Alkemade of Computest Research Division\n\nPCRE\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Multiple issues in pcre\nDescription: Multiple issues were addressed by updating to version\n8.44. \nCVE-2019-20838\nCVE-2020-14155\n\nPower Management\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-10007: singi@theori working with Trend Micro Zero Day\nInitiative\n\npython\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Cookies belonging to one origin may be sent to another origin\nDescription: Multiple issues were addressed with improved logic. \nCVE-2020-27896: an anonymous researcher\n\nQuick Look\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A malicious app may be able to determine the existence of\nfiles on the computer\nDescription: The issue was addressed with improved handling of icon\ncaches. \nCVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security\n\nQuick Look\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Processing a maliciously crafted document may lead to a cross\nsite scripting attack\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2020-10012: Heige of KnownSec 404 Team\n(https://www.knownsec.com/) and Bo Qu of Palo Alto Networks\n(https://www.paloaltonetworks.com/)\n\nRuby\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A remote attacker may be able to modify the file system\nDescription: A path handling issue was addressed with improved\nvalidation. \nCVE-2020-27896: an anonymous researcher\n\nRuby\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: When parsing certain JSON documents, the json gem can be\ncoerced into creating arbitrary objects in the target system\nDescription: This issue was addressed with improved checks. \nCVE-2020-10663: Jeremy Evans\n\nSafari\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: A spoofing issue existed in the handling of URLs. This\nissue was addressed with improved input validation. \nCVE-2020-9945: Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India)\n@imnarendrabhati\n\nSafari\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A malicious application may be able to determine a user\u0027s\nopen tabs in Safari\nDescription: A validation issue existed in the entitlement\nverification. This issue was addressed with improved validation of\nthe process entitlement. \nCVE-2020-9977: Josh Parnham (@joshparnham)\n\nSafari\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Visiting a malicious website may lead to address bar spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2020-9942: an anonymous researcher, Rahul d Kankrale\n(servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF\nChapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho\n(@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang\nZeng(@Wester) of OPPO ZIWU Security Lab\n\nSandbox\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A local user may be able to view senstive user information\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2020-9969: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nSQLite\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2020-9991\n\nSQLite\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A remote attacker may be able to leak memory\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2020-9849\n\nSQLite\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Multiple issues in SQLite\nDescription: Multiple issues were addressed by updating SQLite to\nversion 3.32.3. \nCVE-2020-15358\n\nSQLite\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A maliciously crafted SQL query may lead to data corruption\nDescription: This issue was addressed with improved checks. \nCVE-2020-13631\n\nSQLite\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2020-13434\nCVE-2020-13435\nCVE-2020-9991\n\nSQLite\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-13630\n\nSymptom Framework\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A local attacker may be able to elevate their privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-27899: 08Tc3wBB working with ZecOps\nEntry added December 14, 2020\n\nSystem Preferences\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-10009: Thijs Alkemade of Computest Research Division\n\nTCC\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A malicious application with root privileges may be able to\naccess private information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-10008: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\nEntry added December 14, 2020\n\nWebKit\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-27918: Liu Long of Ant Security Light-Year Lab\nEntry updated December 14, 2020\n\nWi-Fi\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: An attacker may be able to bypass Managed Frame Protection\nDescription: A denial of service issue was addressed with improved\nstate handling. \nCVE-2020-27898: Stephan Marais of University of Johannesburg\n\nXsan\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and\nlater), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),\niMac (2014 and later), MacBook (2015 and later), iMac Pro (all\nmodels)\nImpact: A malicious application may be able to access restricted\nfiles\nDescription: This issue was addressed with improved entitlements. \nCVE-2020-10006: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nAdditional recognition\n\n802.1X\nWe would like to acknowledge Kenana Dalle of Hamad bin Khalifa\nUniversity and Ryan Riley of Carnegie Mellon University in Qatar for\ntheir assistance. \nEntry added December 14, 2020\n\nAudio\nWe would like to acknowledge JunDong Xie and XingWei Lin of Ant-\nfinancial Light-Year Security Lab, an anonymous researcher for their\nassistance. \n\nBluetooth\nWe would like to acknowledge Andy Davis of NCC Group, Dennis Heinze\n(@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their\nassistance. \nEntry updated December 14, 2020\n\nClang\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nCore Location\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\nCrash Reporter\nWe would like to acknowledge Artur Byszko of AFINE for their\nassistance. \nEntry added December 14, 2020\n\nDirectory Utility\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\niAP\nWe would like to acknowledge Andy Davis of NCC Group for their\nassistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero,\nStephen R\u00f6ttger of Google for their assistance. \n\nlibxml2\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added December 14, 2020\n\nLogin Window\nWe would like to acknowledge Rob Morton of Leidos for their\nassistance. \n\nPhotos Storage\nWe would like to acknowledge Paulos Yibelo of LimeHats for their\nassistance. \n\nQuick Look\nWe would like to acknowledge Csaba Fitzl (@theevilbit) and Wojciech\nRegu\u0142a of SecuRing (wojciechregula.blog) for their assistance. \n\nSafari\nWe would like to acknowledge Gabriel Corona and Narendra Bhati From\nSuma Soft Pvt. Ltd. Pune (India) @imnarendrabhati for their\nassistance. \n\nSecurity\nWe would like to acknowledge Christian Starkjohann of Objective\nDevelopment Software GmbH for their assistance. \n\nSystem Preferences\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YDPwACgkQZcsbuWJ6\njjANmhAAoj+ZHNnH2pGDFl2/jrAtvWBtXg8mqw6NtNbGqWDZFhnY5q7Lp8WTx/Pi\nx64A4F8bU5xcybnmaDpK5PMwAAIiAg4g1BhpOq3pGyeHEasNx7D9damfqFGKiivS\np8nl62XE74ayfxdZGa+2tOVFTFwqixfr0aALVoQUhAWNeYuvVSgJXlgdGjj+QSL+\n9vW86kbQypOqT5TPDg6tpJy3g5s4hotkfzCfxA9mIKOg5e/nnoRNhw0c1dzfeTRO\nINzGxnajKGGYy2C3MH6t0cKG0B6cH7aePZCHYJ1jmuAVd0SD3PfmoT76DeRGC4Ri\nc8fGD+5pvSF6/+5E+MbH3t3D6bLiCGRFJtYNMpr46gUKKt27EonSiheYCP9xR6lU\nChpYdcgHMOHX4a07/Oo8vEwQrtJ4JryhI9tfBel1ewdSoxk2iCFKzLLYkDMihD6B\n1x/9MlaqEpLYBnuKkrRzFINW23TzFPTI/+i2SbUscRQtK0qE7Up5C+IUkRvBGhEs\nMuEmEnn5spnVG2EBcKeLtJxtf/h5WaRFrev72EvSVR+Ko8Cj0MgK6IATu6saq8bV\nkURL5empvpexFAvVQWRDaLgGBHKM+uArBz2OP6t7wFvD2p1Vq5M+dMrEPna1JO/S\nAXZYC9Y9bBRZfYQAv7nxa+uIXy2rGTuQKQY8ldu4eEHtJ0OhaB8=\n=T5Y8\n-----END PGP SIGNATURE-----\n\n\n. ==========================================================================\nUbuntu Security Notice USN-4882-1\nMarch 18, 2021\n\nruby2.3, ruby2.5, ruby2.7 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Ruby. If a user or automated system were tricked into parsing a specially\ncrafted JSON file, a remote attacker could use this issue to execute\narbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04\nLTS. (CVE-2020-10663)\n\nIt was discovered that Ruby incorrectly handled certain socket memory\noperations. A remote attacker could possibly use this issue to obtain\nsensitive information. This issue only affected Ubuntu 18.04 LTS and\nUbuntu 20.04 LTS. (CVE-2020-10933)\n\nIt was discovered that Ruby incorrectly handled certain transfer-encoding\nheaders when using Webrick. A remote attacker could possibly use this issue\nto bypass a reverse proxy. (CVE-2020-25613)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n libruby2.7 2.7.1-3ubuntu1.2\n ruby2.7 2.7.1-3ubuntu1.2\n\nUbuntu 20.04 LTS:\n libruby2.7 2.7.0-5ubuntu1.3\n ruby2.7 2.7.0-5ubuntu1.3\n\nUbuntu 18.04 LTS:\n libruby2.5 2.5.1-1ubuntu1.8\n ruby2.5 2.5.1-1ubuntu1.8\n\nUbuntu 16.04 LTS:\n libruby2.3 2.3.1-2~ubuntu16.04.15\n ruby2.3 2.3.1-2~ubuntu16.04.15\n\nIn general, a standard system update will make all the necessary changes. 8.0) - ppc64le, s390x, x86_64\n\n3. Description:\n\nThe pcs packages provide a command-line configuration system for the\nPacemaker and Corosync utilities. \n\nBug Fix(es):\n\n* [GUI] Colocation constraint can\u0027t be added (BZ#1840156)\n\n4",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10663"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005087"
},
{
"db": "VULHUB",
"id": "VHN-163164"
},
{
"db": "VULMON",
"id": "CVE-2020-10663"
},
{
"db": "PACKETSTORM",
"id": "162764"
},
{
"db": "PACKETSTORM",
"id": "163317"
},
{
"db": "PACKETSTORM",
"id": "162953"
},
{
"db": "PACKETSTORM",
"id": "160545"
},
{
"db": "PACKETSTORM",
"id": "161870"
},
{
"db": "PACKETSTORM",
"id": "158018"
},
{
"db": "PACKETSTORM",
"id": "166075"
},
{
"db": "PACKETSTORM",
"id": "166070"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-163164",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163164"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10663",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005087",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161870",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163317",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "160545",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162764",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158018",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162953",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158023",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158184",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163318",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-32355",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1294",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163164",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-10663",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166075",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166070",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163164"
},
{
"db": "VULMON",
"id": "CVE-2020-10663"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005087"
},
{
"db": "PACKETSTORM",
"id": "162764"
},
{
"db": "PACKETSTORM",
"id": "163317"
},
{
"db": "PACKETSTORM",
"id": "162953"
},
{
"db": "PACKETSTORM",
"id": "160545"
},
{
"db": "PACKETSTORM",
"id": "161870"
},
{
"db": "PACKETSTORM",
"id": "158018"
},
{
"db": "PACKETSTORM",
"id": "166075"
},
{
"db": "PACKETSTORM",
"id": "166070"
},
{
"db": "NVD",
"id": "CVE-2020-10663"
}
]
},
"id": "VAR-202004-0061",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163164"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T20:53:48.007000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[SECURITY] [DLA 2192-1] ruby2.1 security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html"
},
{
"title": "FEDORA-2020-26df92331a",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QL6MJD2BO4IRJ5CJFNMCDYMQQFT24BJ/"
},
{
"title": "FEDORA-2020-a95706b117",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4TNVTT66VPRMX5UZYSDGSVRXKKDDDU5/"
},
{
"title": "FEDORA-2020-d171bf636d",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NK2PBXWMFRUD7U7Q7LHV4KYLYID77RI4/"
},
{
"title": "openSUSE-SU-2020:0586-1",
"trust": 0.8,
"url": "https://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html"
},
{
"title": "CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (Additional fix)",
"trust": 0.8,
"url": "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/"
},
{
"title": "Red Hat: Moderate: pcs security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202473 - Security Advisory"
},
{
"title": "Red Hat: Moderate: pcs security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202670 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4721-1 ruby2.5 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5216eb40be88e11afae842c5a0cad903"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1426",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1426"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1423",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1423"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1416",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1416"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1641",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1641"
},
{
"title": "Red Hat: Important: ruby:2.6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220582 - Security Advisory"
},
{
"title": "Red Hat: Important: ruby:2.6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220581 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1422",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1422"
},
{
"title": "Amazon Linux 2: ALASRUBY2.6-2023-007",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALASRUBY2.6-2023-007"
},
{
"title": "mandrill-api-ruby",
"trust": 0.1,
"url": "https://github.com/CareerJSM/mandrill-api-ruby "
},
{
"title": "gem mandrill-api",
"trust": 0.1,
"url": "https://github.com/szmo/mandrill-api-updated "
},
{
"title": "mandrill-api-ruby",
"trust": 0.1,
"url": "https://github.com/retailzipline/mandrill-api-ruby "
},
{
"title": "Workaround for CVE-2020-10663 (vulnerability in json gem)",
"trust": 0.1,
"url": "https://github.com/rails-lts/json_cve_2020_10663 "
},
{
"title": "gem mandrill-api",
"trust": 0.1,
"url": "https://github.com/getaway-house/gem-mandrill-api "
},
{
"title": "CodeQuality",
"trust": 0.1,
"url": "https://github.com/rainchen/code_quality "
},
{
"title": "https://github.com/francois/bundler-slowness-repro",
"trust": 0.1,
"url": "https://github.com/francois/bundler-slowness-repro "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/soosmile/POC "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000S/PoC-in-GitHub "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/hectorgie/PoC-in-GitHub "
},
{
"title": "veracode-container-security-finding-parser",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/0xT11/CVE-POC "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10663"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005087"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163164"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005087"
},
{
"db": "NVD",
"id": "CVE-2020-10663"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10663"
},
{
"trust": 1.3,
"url": "https://www.debian.org/security/2020/dsa-4721"
},
{
"trust": 1.2,
"url": "https://security.netapp.com/advisory/ntap-20210129-0003/"
},
{
"trust": 1.2,
"url": "https://support.apple.com/kb/ht211931"
},
{
"trust": 1.2,
"url": "https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/"
},
{
"trust": 1.2,
"url": "http://seclists.org/fulldisclosure/2020/dec/32"
},
{
"trust": 1.2,
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00004.html"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ql6mjd2bo4irj5cjfnmcdymqqft24bj/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nk2pbxwmfrud7u7q7lhv4kylyid77ri4/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/f4tnvtt66vprmx5uzysdgsvrxkkdddu5/"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10663"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-10663"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10933"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25613"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10933"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15845"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-25613"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-16255"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-16201"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-16254"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16254"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-15845"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16201"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-28965"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28965"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16255"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:2473"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36327"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-32066"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41817"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31810"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-31810"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-32066"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-31799"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31799"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/6206172"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36327"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-41819"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-41817"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41819"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ql6mjd2bo4irj5cjfnmcdymqqft24bj/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/f4tnvtt66vprmx5uzysdgsvrxkkdddu5/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nk2pbxwmfrud7u7q7lhv4kylyid77ri4/"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://github.com/careerjsm/mandrill-api-ruby"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2104"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.7_release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3881"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3881"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2230"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10014"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10011"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10015"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10017"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27894"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27896"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13631"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht211931."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14899"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10003"
},
{
"trust": 0.1,
"url": "https://www.knownsec.com/)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10009"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10004"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10008"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13630"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10002"
},
{
"trust": 0.1,
"url": "https://www.paloaltonetworks.com/)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10012"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10006"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10007"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ruby2.5/2.5.1-1ubuntu1.8"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4882-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ruby2.7/2.7.0-5ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ruby2.7/2.7.1-3ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ruby2.3/2.3.1-2~ubuntu16.04.15"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0582"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0581"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163164"
},
{
"db": "VULMON",
"id": "CVE-2020-10663"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005087"
},
{
"db": "PACKETSTORM",
"id": "162764"
},
{
"db": "PACKETSTORM",
"id": "163317"
},
{
"db": "PACKETSTORM",
"id": "162953"
},
{
"db": "PACKETSTORM",
"id": "160545"
},
{
"db": "PACKETSTORM",
"id": "161870"
},
{
"db": "PACKETSTORM",
"id": "158018"
},
{
"db": "PACKETSTORM",
"id": "166075"
},
{
"db": "PACKETSTORM",
"id": "166070"
},
{
"db": "NVD",
"id": "CVE-2020-10663"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-163164"
},
{
"db": "VULMON",
"id": "CVE-2020-10663"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005087"
},
{
"db": "PACKETSTORM",
"id": "162764"
},
{
"db": "PACKETSTORM",
"id": "163317"
},
{
"db": "PACKETSTORM",
"id": "162953"
},
{
"db": "PACKETSTORM",
"id": "160545"
},
{
"db": "PACKETSTORM",
"id": "161870"
},
{
"db": "PACKETSTORM",
"id": "158018"
},
{
"db": "PACKETSTORM",
"id": "166075"
},
{
"db": "PACKETSTORM",
"id": "166070"
},
{
"db": "NVD",
"id": "CVE-2020-10663"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-163164"
},
{
"date": "2020-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10663"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005087"
},
{
"date": "2021-05-25T14:44:09",
"db": "PACKETSTORM",
"id": "162764"
},
{
"date": "2021-06-30T15:20:46",
"db": "PACKETSTORM",
"id": "163317"
},
{
"date": "2021-06-03T15:13:27",
"db": "PACKETSTORM",
"id": "162953"
},
{
"date": "2020-12-16T18:05:29",
"db": "PACKETSTORM",
"id": "160545"
},
{
"date": "2021-03-19T15:41:51",
"db": "PACKETSTORM",
"id": "161870"
},
{
"date": "2020-06-10T15:10:17",
"db": "PACKETSTORM",
"id": "158018"
},
{
"date": "2022-02-21T15:17:19",
"db": "PACKETSTORM",
"id": "166075"
},
{
"date": "2022-02-21T15:09:47",
"db": "PACKETSTORM",
"id": "166070"
},
{
"date": "2020-04-28T21:15:11.667000",
"db": "NVD",
"id": "CVE-2020-10663"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-163164"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10663"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005087"
},
{
"date": "2024-11-21T04:55:47.670000",
"db": "NVD",
"id": "CVE-2020-10663"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "161870"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JSON gem Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005087"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "spoof, code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "166075"
},
{
"db": "PACKETSTORM",
"id": "166070"
}
],
"trust": 0.2
}
}
var-202207-1498
Vulnerability from variot
Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory. apple's iPadOS Products from other vendors have out-of-bounds write vulnerabilities.Information may be obtained. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple iOS versions prior to 15.6 and iPadOS versions prior to 15.6 have a buffer error vulnerability, which is caused by a boundary error in the GPU driver. Native applications can trigger an out-of-bounds write error and execute arbitrary code with root privileges. The vulnerability could allow a local application to escalate privileges on the system. iOS 15.6 and iPadOS 15.6. Alternatively, on your watch, select "My Watch > General > About". CVE-2022-32832: Tommy Muir (@Muirey03)
AppleAVD Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote user may be able to cause kernel code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2022-32821: John Aakerblom (@jaakerblom)
Home Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 15.6 and iPadOS 15.6". Information about the security content is also available at https://support.apple.com/HT213345.
APFS Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03)
AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32810: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32840: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2022-32845: Mohamed Ghannam (@_simo36)
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: This issue was addressed with improved checks. CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security
Audio Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher
Audio Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32825: John Aakerblom (@jaakerblom)
Automation Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved checks. CVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Calendar Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: The issue was addressed with improved handling of caches. CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)
CoreText Available for: macOS Monterey Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg)
File System Events Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32793: an anonymous researcher
GPU Drivers Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-32821: John Aakerblom (@jaakerblom)
iCloud Photo Library Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones
ICU Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-32841: hjy79425575 ImageIO Available for: macOS Monterey Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)
Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2022-32811: ABC Research s.r.o
Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.
Kernel Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32813: Xinru Chi of Pangu Lab CVE-2022-32815: Xinru Chi of Pangu Lab
Kernel Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32817: Xinru Chi of Pangu Lab
Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32829: an anonymous researcher
Liblouis Available for: macOS Monterey Impact: An app may cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)
libxml2 Available for: macOS Monterey Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823
Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: An issue in the handling of environment variables was addressed with improved validation. CVE-2022-32786: Mickey Jin (@patch1t)
PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2022-32800: Mickey Jin (@patch1t)
PluginKit Available for: macOS Monterey Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro
PS Normalizer Available for: macOS Monterey Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz
SMB Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: A user in a privileged network position may be able to leak sensitive information Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)
Software Update Available for: macOS Monterey Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin)
Spindump Available for: macOS Monterey Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed with improved file handling. CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Spotlight Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: This issue was addressed with improved checks. CVE-2022-32801: Joshua Mason (@josh@jhu.edu)
subversion Available for: macOS Monterey Impact: Multiple issues in subversion Description: Multiple issues were addressed by updating subversion. CVE-2021-28544: Evgeny Kotkov, visualsvn.com CVE-2022-24070: Evgeny Kotkov, visualsvn.com CVE-2022-29046: Evgeny Kotkov, visualsvn.com CVE-2022-29048: Evgeny Kotkov, visualsvn.com
TCC Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An access issue was addressed with improvements to the sandbox. CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
WebKit Available for: macOS Monterey Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 239316 CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. WebKit Bugzilla: 240720 CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative
WebRTC Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 242339 CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team
Wi-Fi Available for: macOS Monterey Impact: An app may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks. CVE-2022-32837: Wang Yu of Cyberserval
Wi-Fi Available for: macOS Monterey Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval
Windows Server Available for: macOS Monterey Impact: An app may be able to capture a user’s screen Description: A logic issue was addressed with improved checks. CVE-2022-32848: Jeremy Legendre of MacEnhance
Additional recognition
802.1X We would like to acknowledge Shin Sun of National Taiwan University for their assistance.
AppleMobileFileIntegrity We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
Calendar We would like to acknowledge Joshua Jones for their assistance.
configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
DiskArbitration We would like to acknowledge Mike Cush for their assistance.
macOS Monterey 12.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p rhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b /Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh 6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn Er5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa mcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9 V1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr pfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD TY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q WqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV fz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n DJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg= =ibIr -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-1498",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "8.7"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.6"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.6"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.6"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.5"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "tvos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "8.7"
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-017283"
},
{
"db": "NVD",
"id": "CVE-2022-32793"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "167791"
},
{
"db": "PACKETSTORM",
"id": "167790"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "167787"
}
],
"trust": 0.4
},
"cve": "CVE-2022-32793",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-32793",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-32793",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-32793",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-32793",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-2089",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-017283"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-2089"
},
{
"db": "NVD",
"id": "CVE-2022-32793"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory. apple\u0027s iPadOS Products from other vendors have out-of-bounds write vulnerabilities.Information may be obtained. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple iOS versions prior to 15.6 and iPadOS versions prior to 15.6 have a buffer error vulnerability, which is caused by a boundary error in the GPU driver. Native applications can trigger an out-of-bounds write error and execute arbitrary code with root privileges. The vulnerability could allow a local application to escalate privileges on the system. iOS 15.6 and iPadOS 15.6. Alternatively, on your watch, select\n\"My Watch \u003e General \u003e About\". \nCVE-2022-32832: Tommy Muir (@Muirey03)\n\nAppleAVD\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A remote user may be able to cause kernel code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\nHome\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/ iTunes and Software Update on the\ndevice will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it is downloaded and the option\nto be installed is presented to the user when the iOS device is\ndocked. We recommend applying the update immediately if possible. \nSelecting Don\u0027t Install will present the option the next time you\nconnect your iOS device. The automatic update process may take up to\na week depending on the day that iTunes or the device checks for\nupdates. You may manually obtain the update via the Check for Updates\nbutton within iTunes, or the Software Update on your device. To\ncheck that the iPhone, iPod touch, or iPad has been updated: *\nNavigate to Settings * Select General * Select About. The version\nafter applying this update will be \"iOS 15.6 and iPadOS 15.6\". \nInformation about the security content is also available at\nhttps://support.apple.com/HT213345. \n\nAPFS\nAvailable for: macOS Monterey\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32832: Tommy Muir (@Muirey03)\n\nAppleMobileFileIntegrity\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32810: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32840: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to break out of its sandbox\nDescription: This issue was addressed with improved checks. \nCVE-2022-32845: Mohamed Ghannam (@_simo36)\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu\nSecurity, Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security\nCVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security\nCVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security\n\nAudio\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-32820: an anonymous researcher\n\nAudio\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32825: John Aakerblom (@jaakerblom)\n\nAutomation\nAvailable for: macOS Monterey\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nCalendar\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom\n(@jaakerblom)\n\nCoreText\nAvailable for: macOS Monterey\nImpact: A remote user may cause an unexpected app termination or\narbitrary code execution\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\nFile System Events\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32793: an anonymous researcher\n\nGPU Drivers\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\niCloud Photo Library\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2022-32849: Joshua Jones\n\nICU\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may result in\ndisclosure of process memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32841: hjy79425575\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing an image may lead to a denial-of-service\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-32785: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2022-32811: ABC Research s.r.o\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. \n\nKernel\nAvailable for: macOS Monterey\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32813: Xinru Chi of Pangu Lab\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32817: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32829: an anonymous researcher\n\nLiblouis\nAvailable for: macOS Monterey\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: This issue was addressed with improved checks. \nCVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China\n(nipc.org.cn)\n\nlibxml2\nAvailable for: macOS Monterey\nImpact: An app may be able to leak sensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-32823\n\nMulti-Touch\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\nMulti-Touch\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: An issue in the handling of environment variables was\naddressed with improved validation. \nCVE-2022-32786: Mickey Jin (@patch1t)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed with improved checks. \nCVE-2022-32800: Mickey Jin (@patch1t)\n\nPluginKit\nAvailable for: macOS Monterey\nImpact: An app may be able to read arbitrary files\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro\n\nPS Normalizer\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted Postscript file may result\nin unexpected app termination or disclosure of process memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32843: Kai Lu of Zscaler\u0027s ThreatLabz\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A user in a privileged network position may be able to leak\nsensitive information\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)\n\nSoftware Update\nAvailable for: macOS Monterey\nImpact: A user in a privileged network position can track a user\u2019s\nactivity\nDescription: This issue was addressed by using HTTPS when sending\ninformation over the network. \nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\nSpindump\nAvailable for: macOS Monterey\nImpact: An app may be able to overwrite arbitrary files\nDescription: This issue was addressed with improved file handling. \nCVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nSpotlight\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32801: Joshua Mason (@josh@jhu.edu)\n\nsubversion\nAvailable for: macOS Monterey\nImpact: Multiple issues in subversion\nDescription: Multiple issues were addressed by updating subversion. \nCVE-2021-28544: Evgeny Kotkov, visualsvn.com\nCVE-2022-24070: Evgeny Kotkov, visualsvn.com\nCVE-2022-29046: Evgeny Kotkov, visualsvn.com\nCVE-2022-29048: Evgeny Kotkov, visualsvn.com\n\nTCC\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: An access issue was addressed with improvements to the\nsandbox. \nCVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Visiting a website that frames malicious content may lead to\nUI spoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 239316\nCVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nWebKit Bugzilla: 240720\nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero\nDay Initiative\n\nWebRTC\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. \nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 242339\nCVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: An app may be able to cause unexpected system termination or\nwrite kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32837: Wang Yu of Cyberserval\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A remote user may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32847: Wang Yu of Cyberserval\n\nWindows Server\nAvailable for: macOS Monterey\nImpact: An app may be able to capture a user\u2019s screen\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32848: Jeremy Legendre of MacEnhance\n\nAdditional recognition\n\n802.1X\nWe would like to acknowledge Shin Sun of National Taiwan University\nfor their assistance. \n\nAppleMobileFileIntegrity\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a\n(@_r3ggi) of SecuRing for their assistance. \n\nCalendar\nWe would like to acknowledge Joshua Jones for their assistance. \n\nconfigd\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a\n(@_r3ggi) of SecuRing for their assistance. \n\nDiskArbitration\nWe would like to acknowledge Mike Cush for their assistance. \n\nmacOS Monterey 12.5 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p\nrhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b\n/Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh\n6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn\nEr5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa\nmcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9\nV1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr\npfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD\nTY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q\nWqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV\nfz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n\nDJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg=\n=ibIr\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32793"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017283"
},
{
"db": "VULHUB",
"id": "VHN-424882"
},
{
"db": "VULMON",
"id": "CVE-2022-32793"
},
{
"db": "PACKETSTORM",
"id": "167791"
},
{
"db": "PACKETSTORM",
"id": "167790"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "167787"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-32793",
"trust": 3.8
},
{
"db": "PACKETSTORM",
"id": "167791",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167790",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017283",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-2089",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022072107",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3563",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167786",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167787",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-424882",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-32793",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424882"
},
{
"db": "VULMON",
"id": "CVE-2022-32793"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017283"
},
{
"db": "PACKETSTORM",
"id": "167791"
},
{
"db": "PACKETSTORM",
"id": "167790"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-2089"
},
{
"db": "NVD",
"id": "CVE-2022-32793"
}
]
},
"id": "VAR-202207-1498",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-424882"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:54:21.857000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213346 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/"
},
{
"title": "Apple iOS and Apple iPadOS Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=200846"
},
{
"title": "Apple: iOS 15.6 and iPadOS 15.6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=25de7f37f4830a629a57f79175aeaa2a"
},
{
"title": "Apple: macOS Monterey 12.5",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=c765c13fa342a7957a4e91e6dc3d34f4"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32793"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017283"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-2089"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424882"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017283"
},
{
"db": "NVD",
"id": "CVE-2022-32793"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://support.apple.com/en-us/ht213346"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht213340"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht213342"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht213345"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32793"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7setaaxepgnbmyktudfezhs5lgsq64ql/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ykjgv2exvmyqw3oajni4wutkkvmd2yyk/"
},
{
"trust": 1.0,
"url": "https://support.apple.com/kb/ht213446"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ykjgv2exvmyqw3oajni4wutkkvmd2yyk/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7setaaxepgnbmyktudfezhs5lgsq64ql/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167791/apple-security-advisory-2022-07-20-6.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-12-multiple-vulnerabilities-38873"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-32793/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3563"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167790/apple-security-advisory-2022-07-20-5.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072107"
},
{
"trust": 0.4,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32792"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26981"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
},
{
"trust": 0.4,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32788"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32814"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32813"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32815"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32810"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32817"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32816"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32821"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32820"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32819"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32802"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2294"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht213346"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213340."
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213342."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32784"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213346."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26768"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24070"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213345."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29046"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29048"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32789"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424882"
},
{
"db": "VULMON",
"id": "CVE-2022-32793"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017283"
},
{
"db": "PACKETSTORM",
"id": "167791"
},
{
"db": "PACKETSTORM",
"id": "167790"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-2089"
},
{
"db": "NVD",
"id": "CVE-2022-32793"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-424882"
},
{
"db": "VULMON",
"id": "CVE-2022-32793"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017283"
},
{
"db": "PACKETSTORM",
"id": "167791"
},
{
"db": "PACKETSTORM",
"id": "167790"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-2089"
},
{
"db": "NVD",
"id": "CVE-2022-32793"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-424882"
},
{
"date": "2023-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-017283"
},
{
"date": "2022-07-22T16:24:29",
"db": "PACKETSTORM",
"id": "167791"
},
{
"date": "2022-07-22T16:24:11",
"db": "PACKETSTORM",
"id": "167790"
},
{
"date": "2022-07-22T16:22:17",
"db": "PACKETSTORM",
"id": "167786"
},
{
"date": "2022-07-22T16:22:49",
"db": "PACKETSTORM",
"id": "167787"
},
{
"date": "2022-07-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-2089"
},
{
"date": "2022-08-24T20:15:08.627000",
"db": "NVD",
"id": "CVE-2022-32793"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-16T00:00:00",
"db": "VULHUB",
"id": "VHN-424882"
},
{
"date": "2023-10-12T01:33:00",
"db": "JVNDB",
"id": "JVNDB-2022-017283"
},
{
"date": "2022-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-2089"
},
{
"date": "2023-11-07T03:48:11.840000",
"db": "NVD",
"id": "CVE-2022-32793"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-2089"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0iPadOS\u00a0 Out-of-Bounds Write Vulnerability in Other Vendors\u0027 Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-017283"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-2089"
}
],
"trust": 0.6
}
}
var-202004-0465
Vulnerability from variot
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain. Xen Is vulnerable to handling exceptional conditions.Service operation interruption (DoS) It may be put into a state. Xen is an open source virtual machine monitor product from the University of Cambridge. The product enables different and incompatible operating systems to run on the same computer and supports migration during runtime to ensure normal operation and avoid downtime.
There are security vulnerabilities in Xen 4.13.x and previous versions. An attacker can use this vulnerability to cause a denial of service. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202005-08
https://security.gentoo.org/
Severity: Normal Title: Xen: Multiple vulnerabilities Date: May 14, 2020 Bugs: #717446 ID: 202005-08
Synopsis
Multiple vulnerabilities have been found in Xen, the worst of which could allow privilege escalation.
Background
Xen is a bare-metal hypervisor.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-emulation/xen < 4.12.2-r2 >= 4.12.2-r2 2 app-emulation/xen-tools < 4.12.2-r2 >= 4.12.2-r2 ------------------------------------------------------------------- 2 affected packages
Description
Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Xen users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.12.2-r2"
References
[ 1 ] CVE-2020-11739 https://nvd.nist.gov/vuln/detail/CVE-2020-11739 [ 2 ] CVE-2020-11740 https://nvd.nist.gov/vuln/detail/CVE-2020-11740 [ 3 ] CVE-2020-11741 https://nvd.nist.gov/vuln/detail/CVE-2020-11741 [ 4 ] CVE-2020-11742 https://nvd.nist.gov/vuln/detail/CVE-2020-11742 [ 5 ] CVE-2020-11743 https://nvd.nist.gov/vuln/detail/CVE-2020-11743
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202005-08
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 .
For the stable distribution (buster), these problems have been fixed in version 4.11.4+24-gddaaccbbab-1~deb10u1.
We recommend that you upgrade your xen packages.
For the detailed security status of xen please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xen
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8Lc/AACgkQEMKTtsN8 TjaMdxAAqGcAm1NI7JRg7LQprevLCPkxPItZapx3n/q/W6HwiGQxC6KP9Ntp3ArR QiIeIPzTWVMHcaahlgkLePaFPU3MCe5TkL0GKG1JIAD8JieKBSrAWJ6tqTiZx+G+ anbksp/I9Mq9nciMlnPXeOVQgksoCB0tFYC2Ld+H7btZdD5G4KpJsz25c0S5poxW sIXLgNXIzmZcI8mVzUlt+w0FG3tnolr/kJppHBkgC46riVcy8LHRaRQiVTjwqjSn Eop4oXxLDZ/qH8k+0JAZLtBPpc9PfQcLxCJnhH8z76QdPPkcJuNFx5zRXqr1dZfG AkRuG6LZa2tRGYzKZmo7BMj5dUei4xhDHLAoWGhSHkTmYtdc1Kyy4+duGPEChSCm fCSC1FhFJFK30iq918cunWtjhRrEqrJr10HuC+YlSXfqrv1Z12fPw3UPRJmdG2Dv UPS5vT8/NwF0osNrvNE+rkhYXTEKECE756pP3jTV4+BBBgf9DLtbV0EvYq1YWlJw iT+KnzX9iW/jJg3bC32+UJlVv7IAkb8F9hcK3wKpvgSUVJIDWN352rfW7p8/xZoj 7eIlmZwDPKWsyMlbt2OsyYQFQlBvNsk0+7ycu9hG6fBaF5ATSxTO+A43Q7OxorP9 g8OhDVMgrx5GM4rXSZ60J6uxkd2eUns4Ud8pDGG8XTpnRBxD8Kk= =tfm7 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0465",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xen",
"scope": "lte",
"trust": 1.0,
"vendor": "xen",
"version": "4.13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "xen",
"scope": "eq",
"trust": 1.0,
"vendor": "xen",
"version": "4.13.0"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "xen",
"scope": null,
"trust": 0.8,
"vendor": "xen",
"version": null
},
{
"model": "xen",
"scope": "lte",
"trust": 0.6,
"vendor": "xen",
"version": "\u003c=4.13.x"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25872"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004781"
},
{
"db": "NVD",
"id": "CVE-2020-11743"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:xen:xen",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004781"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "157721"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-657"
}
],
"trust": 0.7
},
"cve": "CVE-2020-11743",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-11743",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 2.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-004781",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-25872",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2020-11743",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-004781",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-11743",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-004781",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-25872",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-657",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-11743",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25872"
},
{
"db": "VULMON",
"id": "CVE-2020-11743"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004781"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-657"
},
{
"db": "NVD",
"id": "CVE-2020-11743"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain. Xen Is vulnerable to handling exceptional conditions.Service operation interruption (DoS) It may be put into a state. Xen is an open source virtual machine monitor product from the University of Cambridge. The product enables different and incompatible operating systems to run on the same computer and supports migration during runtime to ensure normal operation and avoid downtime. \n\r\n\r\nThere are security vulnerabilities in Xen 4.13.x and previous versions. An attacker can use this vulnerability to cause a denial of service. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202005-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Xen: Multiple vulnerabilities\n Date: May 14, 2020\n Bugs: #717446\n ID: 202005-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Xen, the worst of which\ncould allow privilege escalation. \n\nBackground\n==========\n\nXen is a bare-metal hypervisor. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-emulation/xen \u003c 4.12.2-r2 \u003e= 4.12.2-r2\n 2 app-emulation/xen-tools \u003c 4.12.2-r2 \u003e= 4.12.2-r2\n -------------------------------------------------------------------\n 2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Xen. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Xen users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-emulation/xen-4.12.2-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-11739\n https://nvd.nist.gov/vuln/detail/CVE-2020-11739\n[ 2 ] CVE-2020-11740\n https://nvd.nist.gov/vuln/detail/CVE-2020-11740\n[ 3 ] CVE-2020-11741\n https://nvd.nist.gov/vuln/detail/CVE-2020-11741\n[ 4 ] CVE-2020-11742\n https://nvd.nist.gov/vuln/detail/CVE-2020-11742\n[ 5 ] CVE-2020-11743\n https://nvd.nist.gov/vuln/detail/CVE-2020-11743\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202005-08\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n \nFor the stable distribution (buster), these problems have been fixed in\nversion 4.11.4+24-gddaaccbbab-1~deb10u1. \n\nWe recommend that you upgrade your xen packages. \n\nFor the detailed security status of xen please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/xen\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8Lc/AACgkQEMKTtsN8\nTjaMdxAAqGcAm1NI7JRg7LQprevLCPkxPItZapx3n/q/W6HwiGQxC6KP9Ntp3ArR\nQiIeIPzTWVMHcaahlgkLePaFPU3MCe5TkL0GKG1JIAD8JieKBSrAWJ6tqTiZx+G+\nanbksp/I9Mq9nciMlnPXeOVQgksoCB0tFYC2Ld+H7btZdD5G4KpJsz25c0S5poxW\nsIXLgNXIzmZcI8mVzUlt+w0FG3tnolr/kJppHBkgC46riVcy8LHRaRQiVTjwqjSn\nEop4oXxLDZ/qH8k+0JAZLtBPpc9PfQcLxCJnhH8z76QdPPkcJuNFx5zRXqr1dZfG\nAkRuG6LZa2tRGYzKZmo7BMj5dUei4xhDHLAoWGhSHkTmYtdc1Kyy4+duGPEChSCm\nfCSC1FhFJFK30iq918cunWtjhRrEqrJr10HuC+YlSXfqrv1Z12fPw3UPRJmdG2Dv\nUPS5vT8/NwF0osNrvNE+rkhYXTEKECE756pP3jTV4+BBBgf9DLtbV0EvYq1YWlJw\niT+KnzX9iW/jJg3bC32+UJlVv7IAkb8F9hcK3wKpvgSUVJIDWN352rfW7p8/xZoj\n7eIlmZwDPKWsyMlbt2OsyYQFQlBvNsk0+7ycu9hG6fBaF5ATSxTO+A43Q7OxorP9\ng8OhDVMgrx5GM4rXSZ60J6uxkd2eUns4Ud8pDGG8XTpnRBxD8Kk=\n=tfm7\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11743"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004781"
},
{
"db": "CNVD",
"id": "CNVD-2020-25872"
},
{
"db": "VULMON",
"id": "CVE-2020-11743"
},
{
"db": "PACKETSTORM",
"id": "157721"
},
{
"db": "PACKETSTORM",
"id": "168871"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11743",
"trust": 3.3
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/04/14/3",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004781",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "157721",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-25872",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1373",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1463",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1575",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4642",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2364",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1317",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-657",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-11743",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168871",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25872"
},
{
"db": "VULMON",
"id": "CVE-2020-11743"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004781"
},
{
"db": "PACKETSTORM",
"id": "157721"
},
{
"db": "PACKETSTORM",
"id": "168871"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-657"
},
{
"db": "NVD",
"id": "CVE-2020-11743"
}
]
},
"id": "VAR-202004-0465",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25872"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25872"
}
]
},
"last_update_date": "2024-11-23T20:42:02.449000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2020-295ed0b1e0",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/"
},
{
"title": "FEDORA-2020-cbc3149753",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"
},
{
"title": "FEDORA-2020-440457afe4",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/"
},
{
"title": "XSA-316",
"trust": 0.8,
"url": "https://xenbits.xen.org/xsa/advisory-316.html"
},
{
"title": "Patch for Xen Denial of Service Vulnerability (CNVD-2020-25872)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/216039"
},
{
"title": "Xen Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113687"
},
{
"title": "Citrix Security Bulletins: Citrix Hypervisor Multiple Security Updates",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=f370ea0c562996cebdbcb6d5adc19514"
},
{
"title": "Debian Security Advisories: DSA-4723-1 xen -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0d177f74e6265e2fdbb8df6fa6c636bf"
},
{
"title": "Ubuntu Security Notice: USN-5617-1: Xen vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5617-1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-25872"
},
{
"db": "VULMON",
"id": "CVE-2020-11743"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004781"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-657"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004781"
},
{
"db": "NVD",
"id": "CVE-2020-11743"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://xenbits.xen.org/xsa/advisory-316.html"
},
{
"trust": 2.5,
"url": "http://www.openwall.com/lists/oss-security/2020/04/14/3"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202005-08"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2020/dsa-4723"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11743"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5m2xrnchoggtjqbzqj7dcv6znakn3le2/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ymaw7d2mp6re4bfi5bzwobbwgy3vsofn/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/nvtp4oyhctru3onfjofjqvndfb25kllg/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11743"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ymaw7d2mp6re4bfi5bzwobbwgy3vsofn/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5m2xrnchoggtjqbzqj7dcv6znakn3le2/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/nvtp4oyhctru3onfjofjqvndfb25kllg/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11743"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1317/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/xen-denial-of-service-via-gnttabop-map-grant-32010"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4642"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1373/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1463/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2364/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1575/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157721/gentoo-linux-security-advisory-202005-08.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11742"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11741"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11739"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11740"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/755.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://seclists.org/oss-sec/2020/q2/24"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5617-1"
},
{
"trust": 0.1,
"url": "https://support.citrix.com/article/ctx270837"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15564"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15567"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15563"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/xen"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15565"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-11743"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004781"
},
{
"db": "PACKETSTORM",
"id": "157721"
},
{
"db": "PACKETSTORM",
"id": "168871"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-657"
},
{
"db": "NVD",
"id": "CVE-2020-11743"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-25872"
},
{
"db": "VULMON",
"id": "CVE-2020-11743"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004781"
},
{
"db": "PACKETSTORM",
"id": "157721"
},
{
"db": "PACKETSTORM",
"id": "168871"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-657"
},
{
"db": "NVD",
"id": "CVE-2020-11743"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-25872"
},
{
"date": "2020-04-14T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11743"
},
{
"date": "2020-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004781"
},
{
"date": "2020-05-15T14:52:42",
"db": "PACKETSTORM",
"id": "157721"
},
{
"date": "2020-07-28T19:12:00",
"db": "PACKETSTORM",
"id": "168871"
},
{
"date": "2020-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-657"
},
{
"date": "2020-04-14T13:15:12.970000",
"db": "NVD",
"id": "CVE-2020-11743"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-25872"
},
{
"date": "2020-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11743"
},
{
"date": "2020-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004781"
},
{
"date": "2022-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-657"
},
{
"date": "2024-11-21T04:58:31.960000",
"db": "NVD",
"id": "CVE-2020-11743"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-657"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xen Vulnerability in handling exceptional conditions in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004781"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-657"
}
],
"trust": 0.6
}
}
var-202201-0426
Vulnerability from variot
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-24
https://security.gentoo.org/
Severity: High Title: Expat: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #791703, #830422, #831918, #833431, #870097 ID: 202209-24
Synopsis
Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/expat < 2.4.9 >= 2.4.9
Description
Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Expat users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">\xdev-libs/expat-2.4.9"
References
[ 1 ] CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 [ 2 ] CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 [ 3 ] CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 [ 4 ] CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 [ 5 ] CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 [ 6 ] CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 [ 7 ] CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 [ 8 ] CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 [ 9 ] CVE-2022-23852 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 [ 10 ] CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 [ 11 ] CVE-2022-25235 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 [ 12 ] CVE-2022-25236 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 [ 13 ] CVE-2022-25313 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 [ 14 ] CVE-2022-25314 https://nvd.nist.gov/vuln/detail/CVE-2022-25314 [ 15 ] CVE-2022-25315 https://nvd.nist.gov/vuln/detail/CVE-2022-25315 [ 16 ] CVE-2022-40674 https://nvd.nist.gov/vuln/detail/CVE-2022-40674
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202209-24
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 .
For the oldstable distribution (buster), these problems have been fixed in version 2.2.6-2+deb10u2.
For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u1.
For the detailed security status of expat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/expat
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIHtfRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R5Uw/8Cx7ErfU/j1OgJxyfoRH3/Rz5YNCRzmEzjg7Uh8ZuJl6WfkcvcKvYlCoi /RtUOzYfk2Zg7NHXE86TWOWtbxU1n16n22XwhpbLHAIPuw1GhvwDG6Ctt8U3YAaJ zBReZvw3NSxWJdOD7rTJlAtlQcFpHSUJd2jWjcggZCfySduYMKwLYNzt5+eruwpe YhPKDdZH/MUMe0zOV43qfyYTeP7bqCbpnyhZXk8cNC39SzrJnXwovn7eKmFFCW5x g/ptvOIBJVzh3LxemMyWF4qomQ1rRxGWbkXx46cUQ7alyTcExMnIwBfpzJYCpAKC XV9FvhGS0sfug9NelY9+xpQAvrfCYToHW5niA6OzPuP/Lf7AAWinmGNpxTlYWQcF 1ZxOEQbv8XGikfM74pEsSjIkFwjkLQEFfETaImsvonZf6A3IIhLqkSBsS+j7LNcl ht3uMiJIXkn+iJyDYcCaB0PhgPAqBVk/wk9X01sygzMNrFrYfcX8CeALq5uaZkl6 ut1wYIirLFRKIhuHdGsmt/NKyFIJTzfmaL2W0nvAdLFVxPZQwIzaGxUALo04O+Zn AQj2/JbsAiO2p/N5CXEwtyBNzmJNqlzPlcZ+42uuo/nvsscw2QAL+Yk88XZKwx1B QS4zjj7Lf38+ATT5CFR8m8MTjlv4pUVnYABjx+8LX3pDS3QH4mM= =hLGY -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: mingw-expat security update Advisory ID: RHSA-2022:7811-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7811 Issue date: 2022-11-08 CVE Names: CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ==================================================================== 1. Summary:
An update for mingw-expat is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - noarch
- Description:
Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW.
The following packages have been upgraded to a later upstream version: mingw-expat (2.4.8). (BZ#2057023, BZ#2057037, BZ#2057127)
Security Fix(es):
-
expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
-
expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)
-
expat: Integer overflow in storeRawNames() (CVE-2022-25315)
-
expat: Stack exhaustion in doctype parsing (CVE-2022-25313)
-
expat: Integer overflow in copyString() (CVE-2022-25314)
-
expat: Integer overflow in the doProlog function (CVE-2022-23990)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat CodeReady Linux Builder (v. 8):
Source: mingw-expat-2.4.8-1.el8.src.rpm
noarch: mingw32-expat-2.4.8-1.el8.noarch.rpm mingw32-expat-debuginfo-2.4.8-1.el8.noarch.rpm mingw64-expat-2.4.8-1.el8.noarch.rpm mingw64-expat-debuginfo-2.4.8-1.el8.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-23990 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBY2pSN9zjgjWX9erEAQiUug//S0FwujIXoFODWtJgEPijbfoA28JgVjcz lRdWl0wmXyMSlFkkBVIrOeGgxM4oLUpAwOdOPWIzb/M29xEfo4h3e8lHlwAwqklO lQcv663dY57lHRfbKgunlYWKTZ4+3kZbziZB/Zv58rw6bPDQ/wE96urY3/O0m1ct Dkk3j4zKiAnIFKWEvUHCwui7tOeUHXNAasCXifYoePimf9+lgta+pnYf86parIBg D3afd0S6meUnLqW6EtD0WTJPh6eztjDFEJ/9LKpXo2SL8FAYTrI9yfGQJNsHkGc4 9NaAd3QeBKoGqcg/qBdb9FfwQqHZJGot4BtTui8/E5xnUg3F+/1PuMGxtQ4jI6X9 ey6sWsUKCXMdlhv3TxAs/LFTR1cnkT7heEag/f58eo/W8VBow09k7cs3iktrNd+M 4REv3cfyJ+kFAfA6N6plHb27lFP0aTMveH7FYiWpFGqPH15u3NFcPdsk8qijv4WZ sREJ6LgDknk80Rmla2td+l3Vo4iTCWEL7gvoY9uhzWCbuMvj1SSk5rOqVXtOEvuF 8MpPM+xShIgGbYrFPxeMjYF16p+FxYVDcapSGrIORksAKOunAWDOHmZf+jR7iCMX ts3y9wxwNBObMK+Jr+ApYRohz9obamvxjlwBwXSWJ6xlsFyu5Y3e6IzSm/EJpK1i f25ydDFruA4=jL/2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. After installing the updated packages, the httpd daemon will be restarted automatically
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0426",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sinema remote connect server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "nessus",
"scope": "gte",
"trust": 1.0,
"vendor": "tenable",
"version": "10.0.0"
},
{
"model": "nessus",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "8.15.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "nessus",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "10.1.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "libexpat",
"scope": "lt",
"trust": 1.0,
"vendor": "libexpat",
"version": "2.4.4"
},
{
"model": "communications metasolv solution",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "oracle communications metasolv solution",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "libexpat",
"scope": null,
"trust": 0.8,
"vendor": "libexpat",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "nessus",
"scope": null,
"trust": 0.8,
"vendor": "tenable",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "sinema remote connect server",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003474"
},
{
"db": "NVD",
"id": "CVE-2022-23990"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens notified CISA of these vulnerabilities.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2483"
}
],
"trust": 0.6
},
"cve": "CVE-2022-23990",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-23990",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-413433",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-23990",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-23990",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-23990",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-23990",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-2483",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-413433",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-23990",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413433"
},
{
"db": "VULMON",
"id": "CVE-2022-23990"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003474"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2483"
},
{
"db": "NVD",
"id": "CVE-2022-23990"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202209-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Expat: Multiple Vulnerabilities\n Date: September 29, 2022\n Bugs: #791703, #830422, #831918, #833431, #870097\n ID: 202209-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Expat, the worst of\nwhich could result in arbitrary code execution. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/expat \u003c 2.4.9 \u003e= 2.4.9\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Expat. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Expat users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e\\xdev-libs/expat-2.4.9\"\n\nReferences\n=========\n[ 1 ] CVE-2021-45960\n https://nvd.nist.gov/vuln/detail/CVE-2021-45960\n[ 2 ] CVE-2021-46143\n https://nvd.nist.gov/vuln/detail/CVE-2021-46143\n[ 3 ] CVE-2022-22822\n https://nvd.nist.gov/vuln/detail/CVE-2022-22822\n[ 4 ] CVE-2022-22823\n https://nvd.nist.gov/vuln/detail/CVE-2022-22823\n[ 5 ] CVE-2022-22824\n https://nvd.nist.gov/vuln/detail/CVE-2022-22824\n[ 6 ] CVE-2022-22825\n https://nvd.nist.gov/vuln/detail/CVE-2022-22825\n[ 7 ] CVE-2022-22826\n https://nvd.nist.gov/vuln/detail/CVE-2022-22826\n[ 8 ] CVE-2022-22827\n https://nvd.nist.gov/vuln/detail/CVE-2022-22827\n[ 9 ] CVE-2022-23852\n https://nvd.nist.gov/vuln/detail/CVE-2022-23852\n[ 10 ] CVE-2022-23990\n https://nvd.nist.gov/vuln/detail/CVE-2022-23990\n[ 11 ] CVE-2022-25235\n https://nvd.nist.gov/vuln/detail/CVE-2022-25235\n[ 12 ] CVE-2022-25236\n https://nvd.nist.gov/vuln/detail/CVE-2022-25236\n[ 13 ] CVE-2022-25313\n https://nvd.nist.gov/vuln/detail/CVE-2022-25313\n[ 14 ] CVE-2022-25314\n https://nvd.nist.gov/vuln/detail/CVE-2022-25314\n[ 15 ] CVE-2022-25315\n https://nvd.nist.gov/vuln/detail/CVE-2022-25315\n[ 16 ] CVE-2022-40674\n https://nvd.nist.gov/vuln/detail/CVE-2022-40674\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202209-24\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.2.6-2+deb10u2. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.2.10-2+deb11u1. \n\nFor the detailed security status of expat please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/expat\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIHtfRfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0R5Uw/8Cx7ErfU/j1OgJxyfoRH3/Rz5YNCRzmEzjg7Uh8ZuJl6WfkcvcKvYlCoi\n/RtUOzYfk2Zg7NHXE86TWOWtbxU1n16n22XwhpbLHAIPuw1GhvwDG6Ctt8U3YAaJ\nzBReZvw3NSxWJdOD7rTJlAtlQcFpHSUJd2jWjcggZCfySduYMKwLYNzt5+eruwpe\nYhPKDdZH/MUMe0zOV43qfyYTeP7bqCbpnyhZXk8cNC39SzrJnXwovn7eKmFFCW5x\ng/ptvOIBJVzh3LxemMyWF4qomQ1rRxGWbkXx46cUQ7alyTcExMnIwBfpzJYCpAKC\nXV9FvhGS0sfug9NelY9+xpQAvrfCYToHW5niA6OzPuP/Lf7AAWinmGNpxTlYWQcF\n1ZxOEQbv8XGikfM74pEsSjIkFwjkLQEFfETaImsvonZf6A3IIhLqkSBsS+j7LNcl\nht3uMiJIXkn+iJyDYcCaB0PhgPAqBVk/wk9X01sygzMNrFrYfcX8CeALq5uaZkl6\nut1wYIirLFRKIhuHdGsmt/NKyFIJTzfmaL2W0nvAdLFVxPZQwIzaGxUALo04O+Zn\nAQj2/JbsAiO2p/N5CXEwtyBNzmJNqlzPlcZ+42uuo/nvsscw2QAL+Yk88XZKwx1B\nQS4zjj7Lf38+ATT5CFR8m8MTjlv4pUVnYABjx+8LX3pDS3QH4mM=\n=hLGY\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: mingw-expat security update\nAdvisory ID: RHSA-2022:7811-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:7811\nIssue date: 2022-11-08\nCVE Names: CVE-2022-23990 CVE-2022-25235 CVE-2022-25236\n CVE-2022-25313 CVE-2022-25314 CVE-2022-25315\n====================================================================\n1. Summary:\n\nAn update for mingw-expat is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat CodeReady Linux Builder (v. 8) - noarch\n\n3. Description:\n\nExpat is a C library for parsing XML documents. The mingw-expat packages\nprovide a port of the Expat library for MinGW. \n\nThe following packages have been upgraded to a later upstream version:\nmingw-expat (2.4.8). (BZ#2057023, BZ#2057037, BZ#2057127)\n\nSecurity Fix(es):\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code\nexecution (CVE-2022-25235)\n\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute\nvalues can lead to arbitrary code execution (CVE-2022-25236)\n\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n\n* expat: Stack exhaustion in doctype parsing (CVE-2022-25313)\n\n* expat: Integer overflow in copyString() (CVE-2022-25314)\n\n* expat: Integer overflow in the doProlog function (CVE-2022-23990)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.7 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat CodeReady Linux Builder (v. 8):\n\nSource:\nmingw-expat-2.4.8-1.el8.src.rpm\n\nnoarch:\nmingw32-expat-2.4.8-1.el8.noarch.rpm\nmingw32-expat-debuginfo-2.4.8-1.el8.noarch.rpm\nmingw64-expat-2.4.8-1.el8.noarch.rpm\nmingw64-expat-debuginfo-2.4.8-1.el8.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-23990\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25313\nhttps://access.redhat.com/security/cve/CVE-2022-25314\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY2pSN9zjgjWX9erEAQiUug//S0FwujIXoFODWtJgEPijbfoA28JgVjcz\nlRdWl0wmXyMSlFkkBVIrOeGgxM4oLUpAwOdOPWIzb/M29xEfo4h3e8lHlwAwqklO\nlQcv663dY57lHRfbKgunlYWKTZ4+3kZbziZB/Zv58rw6bPDQ/wE96urY3/O0m1ct\nDkk3j4zKiAnIFKWEvUHCwui7tOeUHXNAasCXifYoePimf9+lgta+pnYf86parIBg\nD3afd0S6meUnLqW6EtD0WTJPh6eztjDFEJ/9LKpXo2SL8FAYTrI9yfGQJNsHkGc4\n9NaAd3QeBKoGqcg/qBdb9FfwQqHZJGot4BtTui8/E5xnUg3F+/1PuMGxtQ4jI6X9\ney6sWsUKCXMdlhv3TxAs/LFTR1cnkT7heEag/f58eo/W8VBow09k7cs3iktrNd+M\n4REv3cfyJ+kFAfA6N6plHb27lFP0aTMveH7FYiWpFGqPH15u3NFcPdsk8qijv4WZ\nsREJ6LgDknk80Rmla2td+l3Vo4iTCWEL7gvoY9uhzWCbuMvj1SSk5rOqVXtOEvuF\n8MpPM+xShIgGbYrFPxeMjYF16p+FxYVDcapSGrIORksAKOunAWDOHmZf+jR7iCMX\nts3y9wxwNBObMK+Jr+ApYRohz9obamvxjlwBwXSWJ6xlsFyu5Y3e6IzSm/EJpK1i\nf25ydDFruA4=jL/2\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. After installing the updated packages, the\nhttpd daemon will be restarted automatically",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23990"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003474"
},
{
"db": "VULHUB",
"id": "VHN-413433"
},
{
"db": "VULMON",
"id": "CVE-2022-23990"
},
{
"db": "PACKETSTORM",
"id": "168578"
},
{
"db": "PACKETSTORM",
"id": "169217"
},
{
"db": "PACKETSTORM",
"id": "169777"
},
{
"db": "PACKETSTORM",
"id": "169540"
},
{
"db": "PACKETSTORM",
"id": "169541"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-23990",
"trust": 3.9
},
{
"db": "TENABLE",
"id": "TNS-2022-05",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-484086",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-167-17",
"trust": 1.4
},
{
"db": "PACKETSTORM",
"id": "169777",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168578",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-278-01",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99030761",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97425465",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003474",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2483",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022021418",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032013",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042116",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022416",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012804",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060617",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022061722",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041954",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022020902",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072607",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0749",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0626",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0741",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5749",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0596",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1795",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2607",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4460",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-413433",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-23990",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169217",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169540",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169541",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413433"
},
{
"db": "VULMON",
"id": "CVE-2022-23990"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003474"
},
{
"db": "PACKETSTORM",
"id": "168578"
},
{
"db": "PACKETSTORM",
"id": "169217"
},
{
"db": "PACKETSTORM",
"id": "169777"
},
{
"db": "PACKETSTORM",
"id": "169540"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2483"
},
{
"db": "NVD",
"id": "CVE-2022-23990"
}
]
},
"id": "VAR-202201-0426",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-413433"
}
],
"trust": 0.7003805
},
"last_update_date": "2024-11-23T19:28:30.448000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2023-204",
"trust": 0.8,
"url": "https://www.debian.org/security/2022/dsa-5073"
},
{
"title": "Expat Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=180387"
},
{
"title": "Amazon Linux AMI: ALAS-2023-1882",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2023-1882"
},
{
"title": "Red Hat: CVE-2022-23990",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-23990"
},
{
"title": "Red Hat: Important: mingw-expat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227811 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2023-2280",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-2280"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227143 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227144 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-5073-1 expat -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=131f3d669e0814049dd7f5b87ef0af84"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-028",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-028"
},
{
"title": "Tenable Security Advisories: [R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2022-05"
},
{
"title": "Amazon Linux 2022: ALAS-2022-232",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS-2022-232"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-23990 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/gatecheckdev/gatecheck "
},
{
"title": "myapp-container-jaxrs",
"trust": 0.1,
"url": "https://github.com/akiraabe/myapp-container-jaxrs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-23990"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003474"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2483"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.1
},
{
"problemtype": "Integer overflow or wraparound (CWE-190) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413433"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003474"
},
{
"db": "NVD",
"id": "CVE-2022-23990"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202209-24"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2022-05"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2022/dsa-5073"
},
{
"trust": 1.7,
"url": "https://github.com/libexpat/libexpat/pull/551"
},
{
"trust": 1.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23990"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/r7ff2uh7mpxktadysjuahi2y5uhbshuh/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34nxvl2rzc2yzrv74zq3rnfb7wceup7d/"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2022-23990"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99030761/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97425465/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-01"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34nxvl2rzc2yzrv74zq3rnfb7wceup7d/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/r7ff2uh7mpxktadysjuahi2y5uhbshuh/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0741"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1795"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2607"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022416"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022020902"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/expat-integer-overflow-via-doprolog-37397"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021418"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072607"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169777/red-hat-security-advisory-2022-7811-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0596"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5749"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060617"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042116"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022061722"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032013"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4460"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012804"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0749"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0626"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-25235"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-25315"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-25236"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33193"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22822"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-36160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22824"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22826"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22827"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-45960"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-41524"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-44224"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22823"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22825"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-46143"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-39275"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40674"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/expat"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7811"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7144"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7143"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413433"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003474"
},
{
"db": "PACKETSTORM",
"id": "168578"
},
{
"db": "PACKETSTORM",
"id": "169217"
},
{
"db": "PACKETSTORM",
"id": "169777"
},
{
"db": "PACKETSTORM",
"id": "169540"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2483"
},
{
"db": "NVD",
"id": "CVE-2022-23990"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-413433"
},
{
"db": "VULMON",
"id": "CVE-2022-23990"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003474"
},
{
"db": "PACKETSTORM",
"id": "168578"
},
{
"db": "PACKETSTORM",
"id": "169217"
},
{
"db": "PACKETSTORM",
"id": "169777"
},
{
"db": "PACKETSTORM",
"id": "169540"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2483"
},
{
"db": "NVD",
"id": "CVE-2022-23990"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-26T00:00:00",
"db": "VULHUB",
"id": "VHN-413433"
},
{
"date": "2022-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23990"
},
{
"date": "2023-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-003474"
},
{
"date": "2022-09-30T14:56:43",
"db": "PACKETSTORM",
"id": "168578"
},
{
"date": "2022-02-28T20:12:00",
"db": "PACKETSTORM",
"id": "169217"
},
{
"date": "2022-11-08T13:49:57",
"db": "PACKETSTORM",
"id": "169777"
},
{
"date": "2022-10-27T13:05:19",
"db": "PACKETSTORM",
"id": "169540"
},
{
"date": "2022-10-27T13:05:26",
"db": "PACKETSTORM",
"id": "169541"
},
{
"date": "2022-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2483"
},
{
"date": "2022-01-26T19:15:08.517000",
"db": "NVD",
"id": "CVE-2022-23990"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-413433"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23990"
},
{
"date": "2023-10-10T06:14:00",
"db": "JVNDB",
"id": "JVNDB-2022-003474"
},
{
"date": "2022-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2483"
},
{
"date": "2024-11-21T06:49:36.670000",
"db": "NVD",
"id": "CVE-2022-23990"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2483"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Expat\u00a0 Integer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003474"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2483"
}
],
"trust": 0.6
}
}
var-202202-0008
Vulnerability from variot
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. vim/vim for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-6195-1 July 03, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim contained an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0128)
It was discovered that Vim did not properly manage memory when freeing allocated memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0156)
It was discovered that Vim contained a heap-based buffer overflow vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0158)
It was discovered that Vim did not properly manage memory when recording and using select mode. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0393)
It was discovered that Vim incorrectly handled certain memory operations during a visual block yank. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. An attacker could possible use this issue to cause a denial of service. (CVE-2022-0696)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.9 vim-athena 2:8.2.3995-1ubuntu2.9 vim-gtk3 2:8.2.3995-1ubuntu2.9 vim-nox 2:8.2.3995-1ubuntu2.9 vim-tiny 2:8.2.3995-1ubuntu2.9 xxd 2:8.2.3995-1ubuntu2.9
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6195-1 CVE-2022-0128, CVE-2022-0156, CVE-2022-0158, CVE-2022-0393, CVE-2022-0407, CVE-2022-0696
Package Information: https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.9
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0008",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4428"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006017"
},
{
"db": "NVD",
"id": "CVE-2022-0696"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "173275"
}
],
"trust": 0.1
},
"cve": "CVE-2022-0696",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0696",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-415375",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0696",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.5,
"id": "CVE-2022-0696",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-0696",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0696",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0696",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-0696",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1716",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-415375",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0696",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415375"
},
{
"db": "VULMON",
"id": "CVE-2022-0696"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006017"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1716"
},
{
"db": "NVD",
"id": "CVE-2022-0696"
},
{
"db": "NVD",
"id": "CVE-2022-0696"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. vim/vim for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. ==========================================================================\nUbuntu Security Notice USN-6195-1\nJuly 03, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim contained an out-of-bounds read vulnerability. \nAn attacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. (CVE-2022-0128)\n\nIt was discovered that Vim did not properly manage memory when freeing\nallocated memory. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. (CVE-2022-0156)\n\nIt was discovered that Vim contained a heap-based buffer overflow\nvulnerability. An attacker could possibly use this issue to cause a denial\nof service or execute arbitrary code. (CVE-2022-0158)\n\nIt was discovered that Vim did not properly manage memory when recording\nand using select mode. An attacker could possibly use this issue to cause\na denial of service. (CVE-2022-0393)\n\nIt was discovered that Vim incorrectly handled certain memory operations\nduring a visual block yank. An attacker could possibly use this issue to\ncause a denial of service or execute arbitrary code. An attacker could possible use this\nissue to cause a denial of service. (CVE-2022-0696)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.9\n vim-athena 2:8.2.3995-1ubuntu2.9\n vim-gtk3 2:8.2.3995-1ubuntu2.9\n vim-nox 2:8.2.3995-1ubuntu2.9\n vim-tiny 2:8.2.3995-1ubuntu2.9\n xxd 2:8.2.3995-1ubuntu2.9\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-6195-1\n CVE-2022-0128, CVE-2022-0156, CVE-2022-0158, CVE-2022-0393,\n CVE-2022-0407, CVE-2022-0696\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.9\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0696"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006017"
},
{
"db": "VULHUB",
"id": "VHN-415375"
},
{
"db": "VULMON",
"id": "CVE-2022-0696"
},
{
"db": "PACKETSTORM",
"id": "173275"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0696",
"trust": 3.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006017",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3782",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6148",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1716",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-415375",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0696",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "173275",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415375"
},
{
"db": "VULMON",
"id": "CVE-2022-0696"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006017"
},
{
"db": "PACKETSTORM",
"id": "173275"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1716"
},
{
"db": "NVD",
"id": "CVE-2022-0696"
}
]
},
"id": "VAR-202202-0008",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415375"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:54:02.537000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"title": "Vim Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=184791"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1771",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1771"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1579",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1579"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0696"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006017"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1716"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415375"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006017"
},
{
"db": "NVD",
"id": "CVE-2022-0696"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0696"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-null-pointer-dereference-via-get-user-var-name-37654"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6148"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-0696/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-0696"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3782"
},
{
"trust": 0.2,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2022-1771.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.9"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6195-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415375"
},
{
"db": "VULMON",
"id": "CVE-2022-0696"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006017"
},
{
"db": "PACKETSTORM",
"id": "173275"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1716"
},
{
"db": "NVD",
"id": "CVE-2022-0696"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415375"
},
{
"db": "VULMON",
"id": "CVE-2022-0696"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006017"
},
{
"db": "PACKETSTORM",
"id": "173275"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1716"
},
{
"db": "NVD",
"id": "CVE-2022-0696"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-415375"
},
{
"date": "2022-02-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0696"
},
{
"date": "2023-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006017"
},
{
"date": "2023-07-04T01:10:12",
"db": "PACKETSTORM",
"id": "173275"
},
{
"date": "2022-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1716"
},
{
"date": "2022-02-21T20:15:08.230000",
"db": "NVD",
"id": "CVE-2022-0696"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-415375"
},
{
"date": "2022-03-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0696"
},
{
"date": "2023-06-26T02:46:00",
"db": "JVNDB",
"id": "JVNDB-2022-006017"
},
{
"date": "2023-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1716"
},
{
"date": "2024-11-21T06:39:12.430000",
"db": "NVD",
"id": "CVE-2022-0696"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1716"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006017"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1716"
}
],
"trust": 0.6
}
}
var-202207-0587
Vulnerability from variot
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). llhttp of llhttp For products from other vendors, HTTP There is a vulnerability related to request smuggling.Information may be obtained and information may be tampered with. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security and bug fix update Advisory ID: RHSA-2022:6389-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2022:6389 Issue date: 2022-09-08 CVE Names: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-33987 ==================================================================== 1. Summary:
An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
- Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs14-nodejs (14.20.0).
Security Fix(es):
-
nodejs: DNS rebinding in --inspect via invalid IP addresses (CVE-2022-32212)
-
nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding (CVE-2022-32213)
-
nodejs: HTTP request smuggling due to improper delimiting of header fields (CVE-2022-32214)
-
nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (CVE-2022-32215)
-
got: missing verification of requested URLs allows redirects to UNIX sockets (CVE-2022-33987)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
rh-nodejs14-nodejs: rebase to latest upstream release (BZ#2106673)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2102001 - CVE-2022-33987 got: missing verification of requested URLs allows redirects to UNIX sockets 2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses 2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding 2105428 - CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields 2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding 2106673 - rh-nodejs14-nodejs: rebase to latest upstream release [rhscl-3.8.z]
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nodejs14-nodejs-14.20.0-2.el7.src.rpm rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm
noarch: rh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm
ppc64le: rh-nodejs14-nodejs-14.20.0-2.el7.ppc64le.rpm rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.ppc64le.rpm rh-nodejs14-nodejs-devel-14.20.0-2.el7.ppc64le.rpm rh-nodejs14-npm-6.14.17-14.20.0.2.el7.ppc64le.rpm
s390x: rh-nodejs14-nodejs-14.20.0-2.el7.s390x.rpm rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.s390x.rpm rh-nodejs14-nodejs-devel-14.20.0-2.el7.s390x.rpm rh-nodejs14-npm-6.14.17-14.20.0.2.el7.s390x.rpm
x86_64: rh-nodejs14-nodejs-14.20.0-2.el7.x86_64.rpm rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.x86_64.rpm rh-nodejs14-nodejs-devel-14.20.0-2.el7.x86_64.rpm rh-nodejs14-npm-6.14.17-14.20.0.2.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nodejs14-nodejs-14.20.0-2.el7.src.rpm rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm
noarch: rh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm rh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm
x86_64: rh-nodejs14-nodejs-14.20.0-2.el7.x86_64.rpm rh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.x86_64.rpm rh-nodejs14-nodejs-devel-14.20.0-2.el7.x86_64.rpm rh-nodejs14-npm-6.14.17-14.20.0.2.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-32212 https://access.redhat.com/security/cve/CVE-2022-32213 https://access.redhat.com/security/cve/CVE-2022-32214 https://access.redhat.com/security/cve/CVE-2022-32215 https://access.redhat.com/security/cve/CVE-2022-33987 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYxnqU9zjgjWX9erEAQipBg/+NJmkBsKEPkFHZAiZhGKiwIkwaFcHK+e/ ODClFTTT9SkkMBheuc9HQDmwukaVlLMvbOJSVL/6NvuLQvOcQHtprOAJXr3I6KQm VScJRQny4et+D/N3bJJiuhqe9YY9Bh+EP7omS4aq2UuphEhkuTSQ0V2+Fa4O8wdZ bAhUhU660Q6aGzNGvcyz8vi7ohmOFZS94/x2Lr6cBG8LF0dmr/pIw+uPlO36ghXF IPEM3VcGisTGQRg2Xy5yqeouK1S+YAcZ1f0QUOePP+WRhIecfmG3cj6oYTRnrOyq +62525BHDNjIz55z6H32dKBIy+r+HT7WaOGgPwvH+ugmlH6NyKHjSyy+IJoglkfM 4+QA0zun7WhLet5y4jmsWCpT3mOCWj7h+iW6IqTlfcad3wCQ6OnySRq67W3GDq+M 3kdUdBoyfLm1vzLceEF4AK8qChj7rVl8x0b4v8OfRGv6ZEIe+BfJYNzI9HeuIE91 BYtLGe18vMs5mcWxcYMWlfAgzVSGTaqaaBie9qPtAThs00lJd9oRf/Mfga42/6vI nBLHwE3NyPyKfaLvcyLa/oPwGnOhKyPtD8HeN2MORm6RUeUClaq9s+ihDIPvbyLX bcKKdjGoJDWyJy2yU2GkVwrbF6gcKgdvo2uFckOpouKQ4P9KEooI/15fLy8NPIZz hGdWoRKL34w\xcePC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 9) - aarch64, noarch, ppc64le, s390x, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5326-1 security@debian.org https://www.debian.org/security/ Aron Xu January 24, 2023 https://www.debian.org/security/faq
Package : nodejs CVE ID : CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 CVE-2022-43548
Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup.
For the stable distribution (bullseye), these problems have been fixed in version 12.22.12~dfsg-1~deb11u3.
We recommend that you upgrade your nodejs packages.
For the detailed security status of nodejs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nodejs
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPQNhIACgkQEMKTtsN8 TjaRmA/+KDFkQcd2sE/eAAx9cVikICNkfu7uIVKHpeDH9o5oq5M2nj4zHJCeAArp WblguyZwEtqzAOO2WesbrmwfXLmglhrNZwRMOrsbu63JxSnecp7qcMwR8A4JWdmd Txb4aZr6Prmwq6fT0G3K6oV8Hw+OeqYA/RZKenxtkBf/jdzVahGJHJ/NrFKKWVQW xbqHwCkP7uUlm+5UR5XzNrodTRCQYHJvUmDUrjEOjM6x+sqYirKWiERN0A14kVn9 0Ufrw6+Z2tKhdKFZfU1BtDthhlH/nybz0h3aHsk+E5/vx20WAURiCEDVi7nf8+Rf EtbCxaqV+/xVoPmXStHY/ogCo8CgRVsyYUIemgi4q5LwVx/Oqjm2CJ/xCwOKh0E2 idXLJfLSpxxBe598MUn9iKbnFFCN9DQZXf7BYs3djtn8ALFVBSHZSF1QXFoFQ86w Y9xGhBQzfEgCoEW7H4S30ZQ+Gz+ZnOMCSH+MKIMtSpqbc7wLtrKf839DO6Uux7B7 u0WR3lZlsihi92QKq9X/VRkyy8ZiA2TYy3IE+KDKlXDHKls9FR9BUClYe9L8RiRu boP8KPFUHUsSVaTzkufMStdKkcXCqgj/6KhJL6E9ZunTBpTmqx1Ty7/N2qktLFnH ujrffzV3rCE6eIg7ps8OdZbjCfqUqmQk9/pV6ZDjymqjZ1LKZDs\xfeRn -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202405-29
https://security.gentoo.org/
Severity: Low Title: Node.js: Multiple Vulnerabilities Date: May 08, 2024 Bugs: #772422, #781704, #800986, #805053, #807775, #811273, #817938, #831037, #835615, #857111, #865627, #872692, #879617, #918086, #918614 ID: 202405-29
Synopsis
Multiple vulnerabilities have been discovered in Node.js.
Background
Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine.
Affected packages
Package Vulnerable Unaffected
net-libs/nodejs < 16.20.2 >= 16.20.2
Description
Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Node.js 20 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/nodejs-20.5.1"
All Node.js 18 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/nodejs-18.17.1"
All Node.js 16 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/nodejs-16.20.2"
References
[ 1 ] CVE-2020-7774 https://nvd.nist.gov/vuln/detail/CVE-2020-7774 [ 2 ] CVE-2021-3672 https://nvd.nist.gov/vuln/detail/CVE-2021-3672 [ 3 ] CVE-2021-22883 https://nvd.nist.gov/vuln/detail/CVE-2021-22883 [ 4 ] CVE-2021-22884 https://nvd.nist.gov/vuln/detail/CVE-2021-22884 [ 5 ] CVE-2021-22918 https://nvd.nist.gov/vuln/detail/CVE-2021-22918 [ 6 ] CVE-2021-22930 https://nvd.nist.gov/vuln/detail/CVE-2021-22930 [ 7 ] CVE-2021-22931 https://nvd.nist.gov/vuln/detail/CVE-2021-22931 [ 8 ] CVE-2021-22939 https://nvd.nist.gov/vuln/detail/CVE-2021-22939 [ 9 ] CVE-2021-22940 https://nvd.nist.gov/vuln/detail/CVE-2021-22940 [ 10 ] CVE-2021-22959 https://nvd.nist.gov/vuln/detail/CVE-2021-22959 [ 11 ] CVE-2021-22960 https://nvd.nist.gov/vuln/detail/CVE-2021-22960 [ 12 ] CVE-2021-37701 https://nvd.nist.gov/vuln/detail/CVE-2021-37701 [ 13 ] CVE-2021-37712 https://nvd.nist.gov/vuln/detail/CVE-2021-37712 [ 14 ] CVE-2021-39134 https://nvd.nist.gov/vuln/detail/CVE-2021-39134 [ 15 ] CVE-2021-39135 https://nvd.nist.gov/vuln/detail/CVE-2021-39135 [ 16 ] CVE-2021-44531 https://nvd.nist.gov/vuln/detail/CVE-2021-44531 [ 17 ] CVE-2021-44532 https://nvd.nist.gov/vuln/detail/CVE-2021-44532 [ 18 ] CVE-2021-44533 https://nvd.nist.gov/vuln/detail/CVE-2021-44533 [ 19 ] CVE-2022-0778 https://nvd.nist.gov/vuln/detail/CVE-2022-0778 [ 20 ] CVE-2022-3602 https://nvd.nist.gov/vuln/detail/CVE-2022-3602 [ 21 ] CVE-2022-3786 https://nvd.nist.gov/vuln/detail/CVE-2022-3786 [ 22 ] CVE-2022-21824 https://nvd.nist.gov/vuln/detail/CVE-2022-21824 [ 23 ] CVE-2022-32212 https://nvd.nist.gov/vuln/detail/CVE-2022-32212 [ 24 ] CVE-2022-32213 https://nvd.nist.gov/vuln/detail/CVE-2022-32213 [ 25 ] CVE-2022-32214 https://nvd.nist.gov/vuln/detail/CVE-2022-32214 [ 26 ] CVE-2022-32215 https://nvd.nist.gov/vuln/detail/CVE-2022-32215 [ 27 ] CVE-2022-32222 https://nvd.nist.gov/vuln/detail/CVE-2022-32222 [ 28 ] CVE-2022-35255 https://nvd.nist.gov/vuln/detail/CVE-2022-35255 [ 29 ] CVE-2022-35256 https://nvd.nist.gov/vuln/detail/CVE-2022-35256 [ 30 ] CVE-2022-35948 https://nvd.nist.gov/vuln/detail/CVE-2022-35948 [ 31 ] CVE-2022-35949 https://nvd.nist.gov/vuln/detail/CVE-2022-35949 [ 32 ] CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 [ 33 ] CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 [ 34 ] CVE-2023-30582 https://nvd.nist.gov/vuln/detail/CVE-2023-30582 [ 35 ] CVE-2023-30583 https://nvd.nist.gov/vuln/detail/CVE-2023-30583 [ 36 ] CVE-2023-30584 https://nvd.nist.gov/vuln/detail/CVE-2023-30584 [ 37 ] CVE-2023-30586 https://nvd.nist.gov/vuln/detail/CVE-2023-30586 [ 38 ] CVE-2023-30587 https://nvd.nist.gov/vuln/detail/CVE-2023-30587 [ 39 ] CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 [ 40 ] CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 [ 41 ] CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 [ 42 ] CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 [ 43 ] CVE-2023-32003 https://nvd.nist.gov/vuln/detail/CVE-2023-32003 [ 44 ] CVE-2023-32004 https://nvd.nist.gov/vuln/detail/CVE-2023-32004 [ 45 ] CVE-2023-32005 https://nvd.nist.gov/vuln/detail/CVE-2023-32005 [ 46 ] CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 [ 47 ] CVE-2023-32558 https://nvd.nist.gov/vuln/detail/CVE-2023-32558 [ 48 ] CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202405-29
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0587",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "16.17.1"
},
{
"model": "sinec ins",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "18.9.1"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "16.0.0"
},
{
"model": "management center",
"scope": "lt",
"trust": 1.0,
"vendor": "stormshield",
"version": "3.3.2"
},
{
"model": "llhttp",
"scope": "lt",
"trust": 1.0,
"vendor": "llhttp",
"version": "2.1.5"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.14.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.0.0"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "16.12.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "16.13.0"
},
{
"model": "llhttp",
"scope": "lt",
"trust": 1.0,
"vendor": "llhttp",
"version": "6.0.7"
},
{
"model": "llhttp",
"scope": "gte",
"trust": 1.0,
"vendor": "llhttp",
"version": "6.0.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.20.1"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "18.0.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.15.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "management center",
"scope": null,
"trust": 0.8,
"vendor": "stormshield",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "llhttp",
"scope": null,
"trust": 0.8,
"vendor": "llhttp",
"version": null
},
{
"model": "node.js",
"scope": null,
"trust": 0.8,
"vendor": "node js",
"version": null
},
{
"model": "sinec ins",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013368"
},
{
"db": "NVD",
"id": "CVE-2022-32213"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168305"
},
{
"db": "PACKETSTORM",
"id": "169410"
},
{
"db": "PACKETSTORM",
"id": "168442"
},
{
"db": "PACKETSTORM",
"id": "168358"
},
{
"db": "PACKETSTORM",
"id": "168359"
}
],
"trust": 0.5
},
"cve": "CVE-2022-32213",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2022-32213",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-32213",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-32213",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-32213",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-683",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013368"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-683"
},
{
"db": "NVD",
"id": "CVE-2022-32213"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The llhttp parser \u003cv14.20.1, \u003cv16.17.1 and \u003cv18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). llhttp of llhttp For products from other vendors, HTTP There is a vulnerability related to request smuggling.Information may be obtained and information may be tampered with. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security and bug fix update\nAdvisory ID: RHSA-2022:6389-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6389\nIssue date: 2022-09-08\nCVE Names: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214\n CVE-2022-32215 CVE-2022-33987\n====================================================================\n1. Summary:\n\nAn update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now\navailable for Red Hat Software Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs14-nodejs (14.20.0). \n\nSecurity Fix(es):\n\n* nodejs: DNS rebinding in --inspect via invalid IP addresses\n(CVE-2022-32212)\n\n* nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding\n(CVE-2022-32213)\n\n* nodejs: HTTP request smuggling due to improper delimiting of header\nfields (CVE-2022-32214)\n\n* nodejs: HTTP request smuggling due to incorrect parsing of multi-line\nTransfer-Encoding (CVE-2022-32215)\n\n* got: missing verification of requested URLs allows redirects to UNIX\nsockets (CVE-2022-33987)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* rh-nodejs14-nodejs: rebase to latest upstream release (BZ#2106673)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2102001 - CVE-2022-33987 got: missing verification of requested URLs allows redirects to UNIX sockets\n2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses\n2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding\n2105428 - CVE-2022-32214 nodejs: HTTP request smuggling due to improper delimiting of header fields\n2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding\n2106673 - rh-nodejs14-nodejs: rebase to latest upstream release [rhscl-3.8.z]\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nodejs14-nodejs-14.20.0-2.el7.src.rpm\nrh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm\n\nnoarch:\nrh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm\nrh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm\n\nppc64le:\nrh-nodejs14-nodejs-14.20.0-2.el7.ppc64le.rpm\nrh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.ppc64le.rpm\nrh-nodejs14-nodejs-devel-14.20.0-2.el7.ppc64le.rpm\nrh-nodejs14-npm-6.14.17-14.20.0.2.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs14-nodejs-14.20.0-2.el7.s390x.rpm\nrh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.s390x.rpm\nrh-nodejs14-nodejs-devel-14.20.0-2.el7.s390x.rpm\nrh-nodejs14-npm-6.14.17-14.20.0.2.el7.s390x.rpm\n\nx86_64:\nrh-nodejs14-nodejs-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-nodejs-devel-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-npm-6.14.17-14.20.0.2.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nodejs14-nodejs-14.20.0-2.el7.src.rpm\nrh-nodejs14-nodejs-nodemon-2.0.19-1.el7.src.rpm\n\nnoarch:\nrh-nodejs14-nodejs-docs-14.20.0-2.el7.noarch.rpm\nrh-nodejs14-nodejs-nodemon-2.0.19-1.el7.noarch.rpm\n\nx86_64:\nrh-nodejs14-nodejs-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-nodejs-debuginfo-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-nodejs-devel-14.20.0-2.el7.x86_64.rpm\nrh-nodejs14-npm-6.14.17-14.20.0.2.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-32212\nhttps://access.redhat.com/security/cve/CVE-2022-32213\nhttps://access.redhat.com/security/cve/CVE-2022-32214\nhttps://access.redhat.com/security/cve/CVE-2022-32215\nhttps://access.redhat.com/security/cve/CVE-2022-33987\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYxnqU9zjgjWX9erEAQipBg/+NJmkBsKEPkFHZAiZhGKiwIkwaFcHK+e/\nODClFTTT9SkkMBheuc9HQDmwukaVlLMvbOJSVL/6NvuLQvOcQHtprOAJXr3I6KQm\nVScJRQny4et+D/N3bJJiuhqe9YY9Bh+EP7omS4aq2UuphEhkuTSQ0V2+Fa4O8wdZ\nbAhUhU660Q6aGzNGvcyz8vi7ohmOFZS94/x2Lr6cBG8LF0dmr/pIw+uPlO36ghXF\nIPEM3VcGisTGQRg2Xy5yqeouK1S+YAcZ1f0QUOePP+WRhIecfmG3cj6oYTRnrOyq\n+62525BHDNjIz55z6H32dKBIy+r+HT7WaOGgPwvH+ugmlH6NyKHjSyy+IJoglkfM\n4+QA0zun7WhLet5y4jmsWCpT3mOCWj7h+iW6IqTlfcad3wCQ6OnySRq67W3GDq+M\n3kdUdBoyfLm1vzLceEF4AK8qChj7rVl8x0b4v8OfRGv6ZEIe+BfJYNzI9HeuIE91\nBYtLGe18vMs5mcWxcYMWlfAgzVSGTaqaaBie9qPtAThs00lJd9oRf/Mfga42/6vI\nnBLHwE3NyPyKfaLvcyLa/oPwGnOhKyPtD8HeN2MORm6RUeUClaq9s+ihDIPvbyLX\nbcKKdjGoJDWyJy2yU2GkVwrbF6gcKgdvo2uFckOpouKQ4P9KEooI/15fLy8NPIZz\nhGdWoRKL34w\\xcePC\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 9) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5326-1 security@debian.org\nhttps://www.debian.org/security/ Aron Xu\nJanuary 24, 2023 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nodejs\nCVE ID : CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215\n CVE-2022-35255 CVE-2022-35256 CVE-2022-43548\n\nMultiple vulnerabilities were discovered in Node.js, which could result\nin HTTP request smuggling, bypass of host IP address validation and weak\nrandomness setup. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 12.22.12~dfsg-1~deb11u3. \n\nWe recommend that you upgrade your nodejs packages. \n\nFor the detailed security status of nodejs please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nodejs\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPQNhIACgkQEMKTtsN8\nTjaRmA/+KDFkQcd2sE/eAAx9cVikICNkfu7uIVKHpeDH9o5oq5M2nj4zHJCeAArp\nWblguyZwEtqzAOO2WesbrmwfXLmglhrNZwRMOrsbu63JxSnecp7qcMwR8A4JWdmd\nTxb4aZr6Prmwq6fT0G3K6oV8Hw+OeqYA/RZKenxtkBf/jdzVahGJHJ/NrFKKWVQW\nxbqHwCkP7uUlm+5UR5XzNrodTRCQYHJvUmDUrjEOjM6x+sqYirKWiERN0A14kVn9\n0Ufrw6+Z2tKhdKFZfU1BtDthhlH/nybz0h3aHsk+E5/vx20WAURiCEDVi7nf8+Rf\nEtbCxaqV+/xVoPmXStHY/ogCo8CgRVsyYUIemgi4q5LwVx/Oqjm2CJ/xCwOKh0E2\nidXLJfLSpxxBe598MUn9iKbnFFCN9DQZXf7BYs3djtn8ALFVBSHZSF1QXFoFQ86w\nY9xGhBQzfEgCoEW7H4S30ZQ+Gz+ZnOMCSH+MKIMtSpqbc7wLtrKf839DO6Uux7B7\nu0WR3lZlsihi92QKq9X/VRkyy8ZiA2TYy3IE+KDKlXDHKls9FR9BUClYe9L8RiRu\nboP8KPFUHUsSVaTzkufMStdKkcXCqgj/6KhJL6E9ZunTBpTmqx1Ty7/N2qktLFnH\nujrffzV3rCE6eIg7ps8OdZbjCfqUqmQk9/pV6ZDjymqjZ1LKZDs\\xfeRn\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202405-29\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Node.js: Multiple Vulnerabilities\n Date: May 08, 2024\n Bugs: #772422, #781704, #800986, #805053, #807775, #811273, #817938, #831037, #835615, #857111, #865627, #872692, #879617, #918086, #918614\n ID: 202405-29\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Node.js. \n\nBackground\n=========\nNode.js is a JavaScript runtime built on Chrome\u2019s V8 JavaScript engine. \n\nAffected packages\n================\nPackage Vulnerable Unaffected\n--------------- ------------ ------------\nnet-libs/nodejs \u003c 16.20.2 \u003e= 16.20.2\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Node.js. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Node.js 20 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/nodejs-20.5.1\"\n\nAll Node.js 18 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/nodejs-18.17.1\"\n\nAll Node.js 16 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/nodejs-16.20.2\"\n\nReferences\n=========\n[ 1 ] CVE-2020-7774\n https://nvd.nist.gov/vuln/detail/CVE-2020-7774\n[ 2 ] CVE-2021-3672\n https://nvd.nist.gov/vuln/detail/CVE-2021-3672\n[ 3 ] CVE-2021-22883\n https://nvd.nist.gov/vuln/detail/CVE-2021-22883\n[ 4 ] CVE-2021-22884\n https://nvd.nist.gov/vuln/detail/CVE-2021-22884\n[ 5 ] CVE-2021-22918\n https://nvd.nist.gov/vuln/detail/CVE-2021-22918\n[ 6 ] CVE-2021-22930\n https://nvd.nist.gov/vuln/detail/CVE-2021-22930\n[ 7 ] CVE-2021-22931\n https://nvd.nist.gov/vuln/detail/CVE-2021-22931\n[ 8 ] CVE-2021-22939\n https://nvd.nist.gov/vuln/detail/CVE-2021-22939\n[ 9 ] CVE-2021-22940\n https://nvd.nist.gov/vuln/detail/CVE-2021-22940\n[ 10 ] CVE-2021-22959\n https://nvd.nist.gov/vuln/detail/CVE-2021-22959\n[ 11 ] CVE-2021-22960\n https://nvd.nist.gov/vuln/detail/CVE-2021-22960\n[ 12 ] CVE-2021-37701\n https://nvd.nist.gov/vuln/detail/CVE-2021-37701\n[ 13 ] CVE-2021-37712\n https://nvd.nist.gov/vuln/detail/CVE-2021-37712\n[ 14 ] CVE-2021-39134\n https://nvd.nist.gov/vuln/detail/CVE-2021-39134\n[ 15 ] CVE-2021-39135\n https://nvd.nist.gov/vuln/detail/CVE-2021-39135\n[ 16 ] CVE-2021-44531\n https://nvd.nist.gov/vuln/detail/CVE-2021-44531\n[ 17 ] CVE-2021-44532\n https://nvd.nist.gov/vuln/detail/CVE-2021-44532\n[ 18 ] CVE-2021-44533\n https://nvd.nist.gov/vuln/detail/CVE-2021-44533\n[ 19 ] CVE-2022-0778\n https://nvd.nist.gov/vuln/detail/CVE-2022-0778\n[ 20 ] CVE-2022-3602\n https://nvd.nist.gov/vuln/detail/CVE-2022-3602\n[ 21 ] CVE-2022-3786\n https://nvd.nist.gov/vuln/detail/CVE-2022-3786\n[ 22 ] CVE-2022-21824\n https://nvd.nist.gov/vuln/detail/CVE-2022-21824\n[ 23 ] CVE-2022-32212\n https://nvd.nist.gov/vuln/detail/CVE-2022-32212\n[ 24 ] CVE-2022-32213\n https://nvd.nist.gov/vuln/detail/CVE-2022-32213\n[ 25 ] CVE-2022-32214\n https://nvd.nist.gov/vuln/detail/CVE-2022-32214\n[ 26 ] CVE-2022-32215\n https://nvd.nist.gov/vuln/detail/CVE-2022-32215\n[ 27 ] CVE-2022-32222\n https://nvd.nist.gov/vuln/detail/CVE-2022-32222\n[ 28 ] CVE-2022-35255\n https://nvd.nist.gov/vuln/detail/CVE-2022-35255\n[ 29 ] CVE-2022-35256\n https://nvd.nist.gov/vuln/detail/CVE-2022-35256\n[ 30 ] CVE-2022-35948\n https://nvd.nist.gov/vuln/detail/CVE-2022-35948\n[ 31 ] CVE-2022-35949\n https://nvd.nist.gov/vuln/detail/CVE-2022-35949\n[ 32 ] CVE-2022-43548\n https://nvd.nist.gov/vuln/detail/CVE-2022-43548\n[ 33 ] CVE-2023-30581\n https://nvd.nist.gov/vuln/detail/CVE-2023-30581\n[ 34 ] CVE-2023-30582\n https://nvd.nist.gov/vuln/detail/CVE-2023-30582\n[ 35 ] CVE-2023-30583\n https://nvd.nist.gov/vuln/detail/CVE-2023-30583\n[ 36 ] CVE-2023-30584\n https://nvd.nist.gov/vuln/detail/CVE-2023-30584\n[ 37 ] CVE-2023-30586\n https://nvd.nist.gov/vuln/detail/CVE-2023-30586\n[ 38 ] CVE-2023-30587\n https://nvd.nist.gov/vuln/detail/CVE-2023-30587\n[ 39 ] CVE-2023-30588\n https://nvd.nist.gov/vuln/detail/CVE-2023-30588\n[ 40 ] CVE-2023-30589\n https://nvd.nist.gov/vuln/detail/CVE-2023-30589\n[ 41 ] CVE-2023-30590\n https://nvd.nist.gov/vuln/detail/CVE-2023-30590\n[ 42 ] CVE-2023-32002\n https://nvd.nist.gov/vuln/detail/CVE-2023-32002\n[ 43 ] CVE-2023-32003\n https://nvd.nist.gov/vuln/detail/CVE-2023-32003\n[ 44 ] CVE-2023-32004\n https://nvd.nist.gov/vuln/detail/CVE-2023-32004\n[ 45 ] CVE-2023-32005\n https://nvd.nist.gov/vuln/detail/CVE-2023-32005\n[ 46 ] CVE-2023-32006\n https://nvd.nist.gov/vuln/detail/CVE-2023-32006\n[ 47 ] CVE-2023-32558\n https://nvd.nist.gov/vuln/detail/CVE-2023-32558\n[ 48 ] CVE-2023-32559\n https://nvd.nist.gov/vuln/detail/CVE-2023-32559\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202405-29\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2024 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32213"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013368"
},
{
"db": "VULMON",
"id": "CVE-2022-32213"
},
{
"db": "PACKETSTORM",
"id": "168305"
},
{
"db": "PACKETSTORM",
"id": "169410"
},
{
"db": "PACKETSTORM",
"id": "168442"
},
{
"db": "PACKETSTORM",
"id": "168358"
},
{
"db": "PACKETSTORM",
"id": "168359"
},
{
"db": "PACKETSTORM",
"id": "170727"
},
{
"db": "PACKETSTORM",
"id": "178512"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-32213",
"trust": 4.0
},
{
"db": "SIEMENS",
"id": "SSA-332410",
"trust": 2.4
},
{
"db": "HACKERONE",
"id": "1524555",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-23-017-03",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90782730",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013368",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168305",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169410",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168442",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168359",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "170727",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.3673",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3488",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3505",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3487",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4136",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4101",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3586",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4681",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071827",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071338",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072639",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072522",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071612",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202207-683",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-32213",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168358",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "178512",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32213"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013368"
},
{
"db": "PACKETSTORM",
"id": "168305"
},
{
"db": "PACKETSTORM",
"id": "169410"
},
{
"db": "PACKETSTORM",
"id": "168442"
},
{
"db": "PACKETSTORM",
"id": "168358"
},
{
"db": "PACKETSTORM",
"id": "168359"
},
{
"db": "PACKETSTORM",
"id": "170727"
},
{
"db": "PACKETSTORM",
"id": "178512"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-683"
},
{
"db": "NVD",
"id": "CVE-2022-32213"
}
]
},
"id": "VAR-202207-0587",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.20766129
},
"last_update_date": "2024-08-14T12:04:24.035000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-444",
"trust": 1.0
},
{
"problemtype": "HTTP Request Smuggling (CWE-444) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013368"
},
{
"db": "NVD",
"id": "CVE-2022-32213"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"
},
{
"trust": 2.4,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"trust": 2.4,
"url": "https://hackerone.com/reports/1524555"
},
{
"trust": 2.4,
"url": "https://www.debian.org/security/2023/dsa-5326"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32213"
},
{
"trust": 1.4,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2icg6csib3guwh5dusqevx53mojw7lyk/"
},
{
"trust": 1.4,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qcnn3yg2bcls4zekj3clsut6as7axth3/"
},
{
"trust": 1.4,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/vmqk5l5sbyd47qqz67lemhnq662gh3oy/"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32213"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2icg6csib3guwh5dusqevx53mojw7lyk/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qcnn3yg2bcls4zekj3clsut6as7axth3/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/vmqk5l5sbyd47qqz67lemhnq662gh3oy/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90782730/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-017-03"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32215"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32214"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32212"
},
{
"trust": 0.6,
"url": "https://security.netapp.com/advisory/ntap-20220915-0001/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170727/debian-security-advisory-5326-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3505"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168305/red-hat-security-advisory-2022-6389-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072522"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168442/red-hat-security-advisory-2022-6595-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168359/red-hat-security-advisory-2022-6448-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4681"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072639"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4101"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3673"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4136"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3487"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071827"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3586"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3488"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071612"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169410/red-hat-security-advisory-2022-6985-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071338"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-32213/"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-32214"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-32212"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33987"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-32215"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-33987"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3807"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3807"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35256"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35255"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43548"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6389"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6985"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29244"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28469"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29244"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28469"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7788"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6448"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/nodejs"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30587"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32006"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22931"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22939"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32558"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30588"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3672"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35949"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22959"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202405-29"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32004"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30584"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7774"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30589"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32003"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22883"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35948"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44533"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30582"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3602"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30590"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30586"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22940"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32559"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30581"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-30583"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44531"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37701"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32213"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013368"
},
{
"db": "PACKETSTORM",
"id": "168305"
},
{
"db": "PACKETSTORM",
"id": "169410"
},
{
"db": "PACKETSTORM",
"id": "168442"
},
{
"db": "PACKETSTORM",
"id": "168358"
},
{
"db": "PACKETSTORM",
"id": "168359"
},
{
"db": "PACKETSTORM",
"id": "170727"
},
{
"db": "PACKETSTORM",
"id": "178512"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-683"
},
{
"db": "NVD",
"id": "CVE-2022-32213"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-32213"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013368"
},
{
"db": "PACKETSTORM",
"id": "168305"
},
{
"db": "PACKETSTORM",
"id": "169410"
},
{
"db": "PACKETSTORM",
"id": "168442"
},
{
"db": "PACKETSTORM",
"id": "168358"
},
{
"db": "PACKETSTORM",
"id": "168359"
},
{
"db": "PACKETSTORM",
"id": "170727"
},
{
"db": "PACKETSTORM",
"id": "178512"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-683"
},
{
"db": "NVD",
"id": "CVE-2022-32213"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013368"
},
{
"date": "2022-09-08T14:41:32",
"db": "PACKETSTORM",
"id": "168305"
},
{
"date": "2022-10-18T22:30:49",
"db": "PACKETSTORM",
"id": "169410"
},
{
"date": "2022-09-21T13:47:04",
"db": "PACKETSTORM",
"id": "168442"
},
{
"date": "2022-09-13T15:43:41",
"db": "PACKETSTORM",
"id": "168358"
},
{
"date": "2022-09-13T15:43:55",
"db": "PACKETSTORM",
"id": "168359"
},
{
"date": "2023-01-25T16:09:12",
"db": "PACKETSTORM",
"id": "170727"
},
{
"date": "2024-05-09T15:46:44",
"db": "PACKETSTORM",
"id": "178512"
},
{
"date": "2022-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-683"
},
{
"date": "2022-07-14T15:15:08.287000",
"db": "NVD",
"id": "CVE-2022-32213"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-07T08:25:00",
"db": "JVNDB",
"id": "JVNDB-2022-013368"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-683"
},
{
"date": "2023-11-07T03:47:46.473000",
"db": "NVD",
"id": "CVE-2022-32213"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-683"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "llhttp\u00a0 of \u00a0llhttp\u00a0 in products from other multiple vendors \u00a0HTTP\u00a0 Request Smuggling Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013368"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "environmental issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-683"
}
],
"trust": 0.6
}
}
var-201504-0149
Vulnerability from variot
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. cURL/libcURL are prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Both Haxx curl and libcurl are products of the Swedish company Haxx. There is a security vulnerability in the 'sanitize_cookie_path' function of Haxx cURL and libcurl versions 7.31.0 to 7.41.0. The vulnerability is caused by the program not calculating the index correctly. ============================================================================ Ubuntu Security Notice USN-2591-1 April 30, 2015
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. (CVE-2015-3143)
Hanno B=C3=B6ck discovered that curl incorrectly handled zero-length host names. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3144)
Hanno B=C3=B6ck discovered that curl incorrectly handled cookie path elements. This issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3148)
Yehezkel Horowitz and Oren Souroujon discovered that curl sent HTTP headers both to servers and proxies by default, contrary to expectations. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3153)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04: libcurl3 7.38.0-3ubuntu2.2 libcurl3-gnutls 7.38.0-3ubuntu2.2 libcurl3-nss 7.38.0-3ubuntu2.2
Ubuntu 14.10: libcurl3 7.37.1-1ubuntu3.4 libcurl3-gnutls 7.37.1-1ubuntu3.4 libcurl3-nss 7.37.1-1ubuntu3.4
Ubuntu 14.04 LTS: libcurl3 7.35.0-1ubuntu2.5 libcurl3-gnutls 7.35.0-1ubuntu2.5 libcurl3-nss 7.35.0-1ubuntu2.5
Ubuntu 12.04 LTS: libcurl3 7.22.0-3ubuntu4.14 libcurl3-gnutls 7.22.0-3ubuntu4.14 libcurl3-nss 7.22.0-3ubuntu4.14
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2591-1 CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153
Package Information: https://launchpad.net/ubuntu/+source/curl/7.38.0-3ubuntu2.2 https://launchpad.net/ubuntu/+source/curl/7.37.1-1ubuntu3.4 https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.5 https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.14 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201509-02
https://security.gentoo.org/
Severity: Normal Title: cURL: Multiple vulnerabilities Date: September 24, 2015 Bugs: #547376, #552618 ID: 201509-02
Synopsis
Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition.
Background
cURL is a tool and libcurl is a library for transferring data with URL syntax.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.43.0 >= 7.43.0
Description
Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All cURL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.43.0"
References
[ 1 ] CVE-2015-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3143 [ 2 ] CVE-2015-3144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3144 [ 3 ] CVE-2015-3145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3145 [ 4 ] CVE-2015-3148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3148 [ 5 ] CVE-2015-3236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3236 [ 6 ] CVE-2015-3237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3237
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201509-02
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-3232-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini April 22, 2015 http://www.debian.org/security/faq
Package : curl CVE ID : CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148
Several vulnerabilities were discovered in cURL, an URL transfer library:
CVE-2015-3143
NTLM-authenticated connections could be wrongly reused for requests
without any credentials set, leading to HTTP requests being sent
over the connection authenticated as a different user. This is
similar to the issue fixed in DSA-2849-1.
CVE-2015-3144
When parsing URLs with a zero-length hostname (such as "http://:80"),
libcurl would try to read from an invalid memory address. This
issue only affects the upcoming stable (jessie) and unstable (sid)
distributions.
CVE-2015-3145
When parsing HTTP cookies, if the parsed cookie's "path" element
consists of a single double-quote, libcurl would try to write to an
invalid heap memory address. This issue only affects the
upcoming stable (jessie) and unstable (sid) distributions.
CVE-2015-3148
When doing HTTP requests using the Negotiate authentication method
along with NTLM, the connection used would not be marked as
authenticated, making it possible to reuse it and send requests for
one user over the connection authenticated as a different user.
For the stable distribution (wheezy), these problems have been fixed in version 7.26.0-1+wheezy13.
For the upcoming stable distribution (jessie), these problems have been fixed in version 7.38.0-4+deb8u1.
For the unstable distribution (sid), these problems have been fixed in version 7.42.0-1.
We recommend that you upgrade your curl packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJVN484AAoJEK+lG9bN5XPL5isP/2PLo2iCsaKPAl4FCMC7G8uj D3WJgAx3dID1+FwDU/2GX7L4Lb8u7iDGY7qVJV09cdYVJUb9U5hiHrrjthR3WMhi qpK+2d3RtbzdKb83RJ+Ye/Px0O3wBtO5WZ5o8fWoPHXMPZzo9bPuqBHtYciNrhea ot3fWCK6TWCazSx4wU2MSoDhmu+GjxUqAwI9XhzKi5ui4YuUDZIGAZXe2XSmpyZy KyMFSTaEMCg972rWXmBJfq6mbiEkkNWKfPCFvLmDJAQA9RR9f6euTo4BOV2/NpJ7 m0OhXwofCy/7TIontfO+j+rB0p3pVI2YEC9zSF7ITqggH47rVjkeEGEO+fDOEKJz QqiATeDY77z5WINVFFDukbw5lMy+os848+r8WbfhWv7PMozWncIjcSxzBkTvX3QY iG2khFbpEYXnBt/JFXnCtYVMO94KhAw8+9e0+mOZvexglEo/tIcsseK20eu8KDw0 pDPpuqvxYF47uQTts/kNVkC4Yk5ZdCnIzZCoUUbfJ/5Lo+8pRlUCd3aOgIAfwwp5 TPXdTLr3cLajVBPWUwRolvuQD7fdht0294UlKZwGhXlYJ9UwqDVfYwAoc2KVt4hI mRMbBRdyy+LVzIOMXqYgOU0njpTZj+lTAWZkbeVmdMMUU/u0l2peGabJUbUmk35j 3UCM8MZyw4I0qI5KGlL1 =FvPw -----END PGP SIGNATURE----- .
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/curl-7.45.0-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3237 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.45.0-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.45.0-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.45.0-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.45.0-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.45.0-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.45.0-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.45.0-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.45.0-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.45.0-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.45.0-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.45.0-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.45.0-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: e9307566f43c3c12ac72f12cea688741 curl-7.45.0-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 5fe5a7733ce969f8f468c6b03cf6b1f7 curl-7.45.0-x86_64-1_slack13.0.txz
Slackware 13.1 package: 9d3d5ccbae7284c84c4667885bf9fd0d curl-7.45.0-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 7e7f04d3de8d34b8b082729ceaa53ba9 curl-7.45.0-x86_64-1_slack13.1.txz
Slackware 13.37 package: 00bd418a8607ea74d1986c08d5358052 curl-7.45.0-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 23e7da7ab6846fed5d18b5f5399ac400 curl-7.45.0-x86_64-1_slack13.37.txz
Slackware 14.0 package: 76f010b92c755f16f19840723d845e21 curl-7.45.0-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: daf0b67147a50e44d89f8852632fcdf7 curl-7.45.0-x86_64-1_slack14.0.txz
Slackware 14.1 package: 8c2a5796d4a4ce840a767423667eb97b curl-7.45.0-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 763157115101b63867217707ff4a9021 curl-7.45.0-x86_64-1_slack14.1.txz
Slackware -current package: 0c2d192aff4af6f74281a1d724d31ce3 n/curl-7.45.0-i586-1.txz
Slackware x86_64 -current package: 4791e2bb2afd43ec0642d94e22259e81 n/curl-7.45.0-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg curl-7.45.0-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148 http://advisories.mageia.org/MGASA-2015-0179.html
Updated Packages:
Mandriva Business Server 2/X86_64: b393afe9953fd43da5f93c4451f4f84d mbs2/x86_64/curl-7.34.0-3.2.mbs2.x86_64.rpm 545e67ed6bcaa35849991a672247aaec mbs2/x86_64/curl-examples-7.34.0-3.2.mbs2.noarch.rpm 489d8f2de0435424263da4be0dd0280d mbs2/x86_64/lib64curl4-7.34.0-3.2.mbs2.x86_64.rpm f0e972e99602adee6f11ae901daedc39 mbs2/x86_64/lib64curl-devel-7.34.0-3.2.mbs2.x86_64.rpm 7dfe1a041b36ad253d3e609a1ee5a089 mbs2/SRPMS/curl-7.34.0-3.2.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0149",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.6,
"vendor": "fedoraproject",
"version": "22"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.6,
"vendor": "fedoraproject",
"version": "21"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.4"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.41.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.10"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.33.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.32.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.2"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.37.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.34.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.33.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.32.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.37.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.39"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.34.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.04"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.3"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.35.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.35.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.37.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.36.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.37.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.40.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.36.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.40.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.31.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "system management homepage",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "7.5.3.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.39.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.38.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.31.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.30.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.41.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.38.0"
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": "eq",
"trust": 0.8,
"vendor": "debian",
"version": "7.0"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "curl",
"scope": "eq",
"trust": 0.8,
"vendor": "haxx",
"version": "7.31.0 to 7.41.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.8,
"vendor": "haxx",
"version": "7.31.0 to 7.41.0"
},
{
"model": "opensuse",
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.4"
},
{
"model": "system management homepage",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "74303"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002486"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-502"
},
{
"db": "NVD",
"id": "CVE-2015-3145"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:canonical:ubuntu",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:haxx:curl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:haxx:libcurl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:opensuse_project:opensuse",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:system_management_homepage",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002486"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanno B\u0026amp;amp;ouml;ck",
"sources": [
{
"db": "BID",
"id": "74303"
}
],
"trust": 0.3
},
"cve": "CVE-2015-3145",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-3145",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-81106",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-3145",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-3145",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-502",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-81106",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-3145",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81106"
},
{
"db": "VULMON",
"id": "CVE-2015-3145"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002486"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-502"
},
{
"db": "NVD",
"id": "CVE-2015-3145"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. cURL/libcURL are prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to crash the affected application, denying service to legitimate users. Both Haxx curl and libcurl are products of the Swedish company Haxx. There is a security vulnerability in the \u0027sanitize_cookie_path\u0027 function of Haxx cURL and libcurl versions 7.31.0 to 7.41.0. The vulnerability is caused by the program not calculating the index correctly. ============================================================================\nUbuntu Security Notice USN-2591-1\nApril 30, 2015\n\ncurl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nParas Sethia discovered that curl could incorrectly re-use NTLM HTTP\ncredentials when subsequently connecting to the same host over HTTP. \n(CVE-2015-3143)\n\nHanno B=C3=B6ck discovered that curl incorrectly handled zero-length host names. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. \n(CVE-2015-3144)\n\nHanno B=C3=B6ck discovered that curl incorrectly handled cookie path elements. This\nissue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3148)\n\nYehezkel Horowitz and Oren Souroujon discovered that curl sent HTTP headers\nboth to servers and proxies by default, contrary to expectations. This\nissue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3153)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n libcurl3 7.38.0-3ubuntu2.2\n libcurl3-gnutls 7.38.0-3ubuntu2.2\n libcurl3-nss 7.38.0-3ubuntu2.2\n\nUbuntu 14.10:\n libcurl3 7.37.1-1ubuntu3.4\n libcurl3-gnutls 7.37.1-1ubuntu3.4\n libcurl3-nss 7.37.1-1ubuntu3.4\n\nUbuntu 14.04 LTS:\n libcurl3 7.35.0-1ubuntu2.5\n libcurl3-gnutls 7.35.0-1ubuntu2.5\n libcurl3-nss 7.35.0-1ubuntu2.5\n\nUbuntu 12.04 LTS:\n libcurl3 7.22.0-3ubuntu4.14\n libcurl3-gnutls 7.22.0-3ubuntu4.14\n libcurl3-nss 7.22.0-3ubuntu4.14\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2591-1\n CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148,\n CVE-2015-3153\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/curl/7.38.0-3ubuntu2.2\n https://launchpad.net/ubuntu/+source/curl/7.37.1-1ubuntu3.4\n https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.5\n https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.14\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201509-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: cURL: Multiple vulnerabilities\n Date: September 24, 2015\n Bugs: #547376, #552618\n ID: 201509-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in cURL, the worst of which\ncan allow remote attackers to cause Denial of Service condition. \n\nBackground\n==========\n\ncURL is a tool and libcurl is a library for transferring data with URL\nsyntax. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl \u003c 7.43.0 \u003e= 7.43.0\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in cURL. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll cURL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.43.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-3143\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3143\n[ 2 ] CVE-2015-3144\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3144\n[ 3 ] CVE-2015-3145\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3145\n[ 4 ] CVE-2015-3148\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3148\n[ 5 ] CVE-2015-3236\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3236\n[ 6 ] CVE-2015-3237\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3237\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201509-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3232-1 security@debian.org\nhttp://www.debian.org/security/ Alessandro Ghedini\nApril 22, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : curl\nCVE ID : CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148\n\nSeveral vulnerabilities were discovered in cURL, an URL transfer library:\n\nCVE-2015-3143\n\n NTLM-authenticated connections could be wrongly reused for requests\n without any credentials set, leading to HTTP requests being sent\n over the connection authenticated as a different user. This is\n similar to the issue fixed in DSA-2849-1. \n\nCVE-2015-3144\n\n When parsing URLs with a zero-length hostname (such as \"http://:80\"),\n libcurl would try to read from an invalid memory address. This\n issue only affects the upcoming stable (jessie) and unstable (sid)\n distributions. \n\nCVE-2015-3145\n\n When parsing HTTP cookies, if the parsed cookie\u0027s \"path\" element\n consists of a single double-quote, libcurl would try to write to an\n invalid heap memory address. This issue only affects the\n upcoming stable (jessie) and unstable (sid) distributions. \n\nCVE-2015-3148\n\n When doing HTTP requests using the Negotiate authentication method\n along with NTLM, the connection used would not be marked as\n authenticated, making it possible to reuse it and send requests for\n one user over the connection authenticated as a different user. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 7.26.0-1+wheezy13. \n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 7.38.0-4+deb8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.42.0-1. \n\nWe recommend that you upgrade your curl packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBCgAGBQJVN484AAoJEK+lG9bN5XPL5isP/2PLo2iCsaKPAl4FCMC7G8uj\nD3WJgAx3dID1+FwDU/2GX7L4Lb8u7iDGY7qVJV09cdYVJUb9U5hiHrrjthR3WMhi\nqpK+2d3RtbzdKb83RJ+Ye/Px0O3wBtO5WZ5o8fWoPHXMPZzo9bPuqBHtYciNrhea\not3fWCK6TWCazSx4wU2MSoDhmu+GjxUqAwI9XhzKi5ui4YuUDZIGAZXe2XSmpyZy\nKyMFSTaEMCg972rWXmBJfq6mbiEkkNWKfPCFvLmDJAQA9RR9f6euTo4BOV2/NpJ7\nm0OhXwofCy/7TIontfO+j+rB0p3pVI2YEC9zSF7ITqggH47rVjkeEGEO+fDOEKJz\nQqiATeDY77z5WINVFFDukbw5lMy+os848+r8WbfhWv7PMozWncIjcSxzBkTvX3QY\niG2khFbpEYXnBt/JFXnCtYVMO94KhAw8+9e0+mOZvexglEo/tIcsseK20eu8KDw0\npDPpuqvxYF47uQTts/kNVkC4Yk5ZdCnIzZCoUUbfJ/5Lo+8pRlUCd3aOgIAfwwp5\nTPXdTLr3cLajVBPWUwRolvuQD7fdht0294UlKZwGhXlYJ9UwqDVfYwAoc2KVt4hI\nmRMbBRdyy+LVzIOMXqYgOU0njpTZj+lTAWZkbeVmdMMUU/u0l2peGabJUbUmk35j\n3UCM8MZyw4I0qI5KGlL1\n=FvPw\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/curl-7.45.0-i486-1_slack14.1.txz: Upgraded. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3236\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3237\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.45.0-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.45.0-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.45.0-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.45.0-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.45.0-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.45.0-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.45.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.45.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.45.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.45.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.45.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.45.0-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\ne9307566f43c3c12ac72f12cea688741 curl-7.45.0-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n5fe5a7733ce969f8f468c6b03cf6b1f7 curl-7.45.0-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n9d3d5ccbae7284c84c4667885bf9fd0d curl-7.45.0-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n7e7f04d3de8d34b8b082729ceaa53ba9 curl-7.45.0-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n00bd418a8607ea74d1986c08d5358052 curl-7.45.0-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n23e7da7ab6846fed5d18b5f5399ac400 curl-7.45.0-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n76f010b92c755f16f19840723d845e21 curl-7.45.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ndaf0b67147a50e44d89f8852632fcdf7 curl-7.45.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n8c2a5796d4a4ce840a767423667eb97b curl-7.45.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n763157115101b63867217707ff4a9021 curl-7.45.0-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n0c2d192aff4af6f74281a1d724d31ce3 n/curl-7.45.0-i586-1.txz\n\nSlackware x86_64 -current package:\n4791e2bb2afd43ec0642d94e22259e81 n/curl-7.45.0-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg curl-7.45.0-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148\n http://advisories.mageia.org/MGASA-2015-0179.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n b393afe9953fd43da5f93c4451f4f84d mbs2/x86_64/curl-7.34.0-3.2.mbs2.x86_64.rpm\n 545e67ed6bcaa35849991a672247aaec mbs2/x86_64/curl-examples-7.34.0-3.2.mbs2.noarch.rpm\n 489d8f2de0435424263da4be0dd0280d mbs2/x86_64/lib64curl4-7.34.0-3.2.mbs2.x86_64.rpm\n f0e972e99602adee6f11ae901daedc39 mbs2/x86_64/lib64curl-devel-7.34.0-3.2.mbs2.x86_64.rpm \n 7dfe1a041b36ad253d3e609a1ee5a089 mbs2/SRPMS/curl-7.34.0-3.2.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3145"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002486"
},
{
"db": "BID",
"id": "74303"
},
{
"db": "VULHUB",
"id": "VHN-81106"
},
{
"db": "VULMON",
"id": "CVE-2015-3145"
},
{
"db": "PACKETSTORM",
"id": "131699"
},
{
"db": "PACKETSTORM",
"id": "133700"
},
{
"db": "PACKETSTORM",
"id": "131588"
},
{
"db": "PACKETSTORM",
"id": "134138"
},
{
"db": "PACKETSTORM",
"id": "131727"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3145",
"trust": 3.4
},
{
"db": "BID",
"id": "74303",
"trust": 1.5
},
{
"db": "JUNIPER",
"id": "JSA10743",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1032232",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002486",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-502",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "64164",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "64284",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-81106",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-3145",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131699",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133700",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131588",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134138",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131727",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81106"
},
{
"db": "VULMON",
"id": "CVE-2015-3145"
},
{
"db": "BID",
"id": "74303"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002486"
},
{
"db": "PACKETSTORM",
"id": "131699"
},
{
"db": "PACKETSTORM",
"id": "133700"
},
{
"db": "PACKETSTORM",
"id": "131588"
},
{
"db": "PACKETSTORM",
"id": "134138"
},
{
"db": "PACKETSTORM",
"id": "131727"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-502"
},
{
"db": "NVD",
"id": "CVE-2015-3145"
}
]
},
"id": "VAR-201504-0149",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81106"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:47:13.093000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT205031"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT205031"
},
{
"title": "DSA-3232",
"trust": 0.8,
"url": "https://www.debian.org/security/2015/dsa-3232"
},
{
"title": "FEDORA-2015-6695",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html"
},
{
"title": "FEDORA-2015-6728",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html"
},
{
"title": "FEDORA-2015-6853",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html"
},
{
"title": "FEDORA-2015-6864",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html"
},
{
"title": "HPSBMU03546",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"title": "openSUSE-SU-2015:0799",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html"
},
{
"title": "cookie parser out of boundary memory access",
"trust": 0.8,
"url": "http://curl.haxx.se/docs/adv_20150422C.html"
},
{
"title": "USN-2591-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/USN-2591-1"
},
{
"title": "curl-curl-7_42_0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55216"
},
{
"title": "curl-curl-7_42_0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55215"
},
{
"title": "Red Hat: CVE-2015-3145",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-3145"
},
{
"title": "Debian Security Advisories: DSA-3232-1 curl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6e7bbc3a8db398caa606cf6110790ac9"
},
{
"title": "Ubuntu Security Notice: curl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2591-1"
},
{
"title": "Amazon Linux AMI: ALAS-2015-514",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-514"
},
{
"title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
},
{
"title": "afl-cve",
"trust": 0.1,
"url": "https://github.com/mrash/afl-cve "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-3145"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002486"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-502"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81106"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002486"
},
{
"db": "NVD",
"id": "CVE-2015-3145"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://advisories.mageia.org/mgasa-2015-0179.html"
},
{
"trust": 2.1,
"url": "http://curl.haxx.se/docs/adv_20150422c.html"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2015/dsa-3232"
},
{
"trust": 1.5,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/74303"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/201509-02"
},
{
"trust": 1.3,
"url": "http://www.ubuntu.com/usn/usn-2591-1"
},
{
"trust": 1.2,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 1.2,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
},
{
"trust": 1.2,
"url": "https://support.apple.com/kb/ht205031"
},
{
"trust": 1.2,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-april/155957.html"
},
{
"trust": 1.2,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-april/156250.html"
},
{
"trust": 1.2,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157017.html"
},
{
"trust": 1.2,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157188.html"
},
{
"trust": 1.2,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/156945.html"
},
{
"trust": 1.2,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:219"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1032232"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html"
},
{
"trust": 1.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10743"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3145"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3145"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/64164"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/64284"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3148"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3143"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3145"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3144"
},
{
"trust": 0.3,
"url": "http://curl.haxx.se/"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10743\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903004"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903006"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967789"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3236"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3143"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3148"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10743"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3145"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2591-1/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.38.0-3ubuntu2.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.37.1-1ubuntu3.4"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3153"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3144"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3145"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3143"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3237"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3236"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3148"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://:80\"),"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3236"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3144"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3237"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81106"
},
{
"db": "VULMON",
"id": "CVE-2015-3145"
},
{
"db": "BID",
"id": "74303"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002486"
},
{
"db": "PACKETSTORM",
"id": "131699"
},
{
"db": "PACKETSTORM",
"id": "133700"
},
{
"db": "PACKETSTORM",
"id": "131588"
},
{
"db": "PACKETSTORM",
"id": "134138"
},
{
"db": "PACKETSTORM",
"id": "131727"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-502"
},
{
"db": "NVD",
"id": "CVE-2015-3145"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81106"
},
{
"db": "VULMON",
"id": "CVE-2015-3145"
},
{
"db": "BID",
"id": "74303"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002486"
},
{
"db": "PACKETSTORM",
"id": "131699"
},
{
"db": "PACKETSTORM",
"id": "133700"
},
{
"db": "PACKETSTORM",
"id": "131588"
},
{
"db": "PACKETSTORM",
"id": "134138"
},
{
"db": "PACKETSTORM",
"id": "131727"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-502"
},
{
"db": "NVD",
"id": "CVE-2015-3145"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-24T00:00:00",
"db": "VULHUB",
"id": "VHN-81106"
},
{
"date": "2015-04-24T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3145"
},
{
"date": "2015-04-22T00:00:00",
"db": "BID",
"id": "74303"
},
{
"date": "2015-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002486"
},
{
"date": "2015-04-30T15:48:24",
"db": "PACKETSTORM",
"id": "131699"
},
{
"date": "2015-09-25T06:54:51",
"db": "PACKETSTORM",
"id": "133700"
},
{
"date": "2015-04-22T20:15:37",
"db": "PACKETSTORM",
"id": "131588"
},
{
"date": "2015-10-30T23:23:03",
"db": "PACKETSTORM",
"id": "134138"
},
{
"date": "2015-05-04T17:18:27",
"db": "PACKETSTORM",
"id": "131727"
},
{
"date": "2015-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-502"
},
{
"date": "2015-04-24T14:59:10.157000",
"db": "NVD",
"id": "CVE-2015-3145"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-81106"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3145"
},
{
"date": "2016-07-06T14:27:00",
"db": "BID",
"id": "74303"
},
{
"date": "2016-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002486"
},
{
"date": "2015-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-502"
},
{
"date": "2024-11-21T02:28:46.150000",
"db": "NVD",
"id": "CVE-2015-3145"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "133700"
},
{
"db": "PACKETSTORM",
"id": "131727"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-502"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cURL and libcurl of sanitize_cookie_path Service disruption in functions (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002486"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-502"
}
],
"trust": 0.6
}
}
var-202112-1669
Vulnerability from variot
vim is vulnerable to Heap-based Buffer Overflow. vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. No detailed vulnerability details are currently available. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3927) A flaw was found in vim. A possible stack-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3928) A flaw was found in vim. A possible heap use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3968) A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3973) A flaw was found in vim. A possible use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3974) A flaw was found in vim. A possible heap-based buffer overflow allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is confidentiality, integrity, and system availability. (CVE-2021-3984) A flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is system availability. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4136) A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4166) A flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4173) A flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. A specially crafted file could be used to, when opened in vim, disclose some of the process's internal memory. (CVE-2021-4193) References to CVE-2021-4192 and CVE-2021-4193 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory's initial release on 2022-01-18. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-03-14-4 macOS Monterey 12.3
macOS Monterey 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213183.
Accelerate Framework Available for: macOS Monterey Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22669: an anonymous researcher
AppKit Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team
AppleGraphicsControl Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.79.1. CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 CVE-2022-22623
FaceTime Available for: macOS Monterey Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks. CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google
Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab
IOGPUFamily Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher
Kernel Available for: macOS Monterey Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders
Kernel Available for: macOS Monterey Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn
libarchive Available for: macOS Monterey Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation. CVE-2021-36976
Login Window Available for: macOS Monterey Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher
LoginWindow Available for: macOS Monterey Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-22657: Brandon Perry of Atredis Partners
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22664: Brandon Perry of Atredis Partners
NSSpellChecker Available for: macOS Monterey Impact: A malicious application may be able to access information about a user's contacts Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2022-22644: an anonymous researcher
PackageKit Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t)
Preferences Available for: macOS Monterey Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
QuickTime Player Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing
Safari Downloads Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
Sandbox Available for: macOS Monterey Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran
Siri Available for: macOS Monterey Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)
SMB Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22651: Felix Poulin-Belanger
SoftwareUpdate Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22639: Mickey Jin (@patch1t)
System Preferences Available for: macOS Monterey Impact: An app may be able to spoof system notifications and UI Description: This issue was addressed with a new entitlement. CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)
UIKit Available for: macOS Monterey Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt
Vim Available for: macOS Monterey Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158
VoiceOver Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2021-30918: an anonymous researcher
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: macOS Monterey Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google
Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2022-22668: MrPhil17
xar Available for: macOS Monterey Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2022-22582: Richard Warren of NCC Group
Additional recognition
AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance.
Bluetooth We would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance.
Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance.
Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.
Local Authentication We would like to acknowledge an anonymous researcher for their assistance.
Notes We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance.
Password Manager We would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance.
Siri We would like to acknowledge an anonymous researcher for their assistance.
syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.
TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.
WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.
macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM 0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/ KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI= =RiA+ -----END PGP SIGNATURE-----
. Apple is aware of a report that this issue may have been actively exploited. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-1669",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.3847"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.6"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016868"
},
{
"db": "NVD",
"id": "CVE-2021-4136"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167789"
}
],
"trust": 0.3
},
"cve": "CVE-2021-4136",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-4136",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-408692",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-4136",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-4136",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-4136",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-4136",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2021-4136",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-4136",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-1496",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-408692",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-4136",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408692"
},
{
"db": "VULMON",
"id": "CVE-2021-4136"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016868"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1496"
},
{
"db": "NVD",
"id": "CVE-2021-4136"
},
{
"db": "NVD",
"id": "CVE-2021-4136"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim is vulnerable to Heap-based Buffer Overflow. vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. No detailed vulnerability details are currently available. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3927)\nA flaw was found in vim. A possible stack-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3928)\nA flaw was found in vim. A possible heap use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3968)\nA flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3973)\nA flaw was found in vim. A possible use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3974)\nA flaw was found in vim. A possible heap-based buffer overflow allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is confidentiality, integrity, and system availability. (CVE-2021-3984)\nA flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is system availability. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4136)\nA flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4166)\nA flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4173)\nA flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. A specially crafted file could be used to, when opened in vim, disclose some of the process\u0027s internal memory. (CVE-2021-4193)\nReferences to CVE-2021-4192 and CVE-2021-4193 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory\u0027s initial release on 2022-01-18. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-4 macOS Monterey 12.3\n\nmacOS Monterey 12.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213183. \n\nAccelerate Framework\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-22633: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22669: an anonymous researcher\n\nAppKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22631: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: An application may be able to read restricted memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-22648: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\nBOM\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.79.1. \nCVE-2021-22946\nCVE-2021-22947\nCVE-2021-22945\nCVE-2022-22623\n\nFaceTime\nAvailable for: macOS Monterey\nImpact: A user may send audio and video in a FaceTime call without\nknowing that they have done so\nDescription: This issue was addressed with improved checks. \nCVE-2022-22643: Sonali Luthar of the University of Virginia, Michael\nLiao of the University of Illinois at Urbana-Champaign, Rohan Pahwa\nof Rutgers University, and Bao Nguyen of the University of Florida\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22611: Xingyu Jin of Google\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-22612: Xingyu Jin of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba\nSecurity Pandora Lab\n\nIOGPUFamily\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22641: Mohamed Ghannam (@_simo36)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22613: Alex, an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22614: an anonymous researcher\nCVE-2022-22615: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22632: Keegan Saunders\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-22638: derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22640: sqrtpwn\n\nlibarchive\nAvailable for: macOS Monterey\nImpact: Multiple issues in libarchive\nDescription: Multiple memory corruption issues existed in libarchive. \nThese issues were addressed with improved input validation. \nCVE-2021-36976\n\nLogin Window\nAvailable for: macOS Monterey\nImpact: A person with access to a Mac may be able to bypass Login\nWindow\nDescription: This issue was addressed with improved checks. \nCVE-2022-22647: an anonymous researcher\n\nLoginWindow\nAvailable for: macOS Monterey\nImpact: A local attacker may be able to view the previous logged in\nuser\u2019s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2022-22656\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-22657: Brandon Perry of Atredis Partners\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22664: Brandon Perry of Atredis Partners\n\nNSSpellChecker\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access information\nabout a user\u0027s contacts\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed with improved state management. \nCVE-2022-22644: an anonymous researcher\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22617: Mickey Jin (@patch1t)\n\nPreferences\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to read other\napplications\u0027 settings\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nQuickTime Player\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-22650: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nSafari Downloads\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: The issue was addressed with improved permissions logic. \nCVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,\nKhiem Tran\n\nSiri\nAvailable for: macOS Monterey\nImpact: A person with physical access to a device may be able to use\nSiri to obtain some location information from the lock screen\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,\nMcCombs School of Business (linkedin.com/andrew-goldberg/)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22651: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22639: Mickey Jin (@patch1t)\n\nSystem Preferences\nAvailable for: macOS Monterey\nImpact: An app may be able to spoof system notifications and UI\nDescription: This issue was addressed with a new entitlement. \nCVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nUIKit\nAvailable for: macOS Monterey\nImpact: A person with physical access to an iOS device may be able to\nsee sensitive information via keyboard suggestions\nDescription: This issue was addressed with improved checks. \nCVE-2022-22621: Joey Hewitt\n\nVim\nAvailable for: macOS Monterey\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\nCVE-2022-0156\nCVE-2022-0158\n\nVoiceOver\nAvailable for: macOS Monterey\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2021-30918: an anonymous researcher\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cookie management issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232748\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232812\nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 233172\nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\nWebKit Bugzilla: 234147\nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 234966\nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro\nZero Day Initiative\n\nWebKit\nAvailable for: macOS Monterey\nImpact: A malicious website may cause unexpected cross-origin\nbehavior\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 235294\nCVE-2022-22637: Tom McKee of Google\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-22668: MrPhil17\n\nxar\nAvailable for: macOS Monterey\nImpact: A local user may be able to write arbitrary files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2022-22582: Richard Warren of NCC Group\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Omar Espino (omespino.com), Ron Masas of\nBreakPoint.sh for their assistance. \n\nBluetooth\nWe would like to acknowledge an anonymous researcher, chenyuwang\n(@mzzzz__) of Tencent Security Xuanwu Lab for their assistance. \n\nFace Gallery\nWe would like to acknowledge Tian Zhang (@KhaosT) for their\nassistance. \n\nIntel Graphics Driver\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi\nWu (@3ndy1) for their assistance. \n\nLocal Authentication\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNotes\nWe would like to acknowledge Nathaniel Ekoniak of Ennate Technologies\nfor their assistance. \n\nPassword Manager\nWe would like to acknowledge Maximilian Golla (@m33x) of Max Planck\nInstitute for Security and Privacy (MPI-SP) for their assistance. \n\nSiri\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nsyslog\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for\ntheir assistance. \n\nTCC\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their\nassistance. \n\nWebKit\nWe would like to acknowledge Abdullah Md Shaleh for their assistance. \n\nWebKit Storage\nWe would like to acknowledge Martin Bajanik of FingerprintJS for\ntheir assistance. \n\nmacOS Monterey 12.3 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p\nrhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd\nLrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC\njfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM\n0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL\nosOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa\nrizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/\nKZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB\nL1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi\nkwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ\nJSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo\nGXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI=\n=RiA+\n-----END PGP SIGNATURE-----\n\n\n. Apple is aware of a report that this issue may\nhave been actively exploited. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-4136"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016868"
},
{
"db": "VULHUB",
"id": "VHN-408692"
},
{
"db": "VULMON",
"id": "CVE-2021-4136"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-408692",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408692"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-4136",
"trust": 3.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/15/1",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167789",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167188",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166319",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016868",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.3561",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2412",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072103",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051702",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031433",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1496",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-05065",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-408692",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-4136",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408692"
},
{
"db": "VULMON",
"id": "CVE-2021-4136"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016868"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1496"
},
{
"db": "NVD",
"id": "CVE-2021-4136"
}
]
},
"id": "VAR-202112-1669",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-408692"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:51:09.069000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213256 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/"
},
{
"title": "vim Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=176292"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2021-4136",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=8555eee3fc6f369b98c0f1edfd9a3e96"
},
{
"title": "Red Hat: CVE-2021-4136",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-4136"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1557",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1557"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1743",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1743"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-014",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-014"
},
{
"title": "Apple: macOS Monterey 12.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f1105c4a20da11497b610b14a1668180"
},
{
"title": "Apple: Security Update 2022-005 Catalina",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=b71ee1a3b689c178ee5a5bc823295063"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-4136"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016868"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1496"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408692"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016868"
},
{
"db": "NVD",
"id": "CVE-2021-4136"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213183"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213256"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213343"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/mar/29"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/35"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/jul/14"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ey2vfbu3yggwi5bw4xkt3f37mygequd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ey2vfbu3yggwi5bw4xkt3f37mygequd/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072103"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051702"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-eval-lambda-37182"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167789/apple-security-advisory-2022-07-20-4.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213183"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213343"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213256"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166319/apple-security-advisory-2022-03-14-4.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167188/apple-security-advisory-2022-05-16-3.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3561"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168124/gentoo-linux-security-advisory-202208-32.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031433"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2412"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.3,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002534"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1557.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22582"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213183."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22674"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213256."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0530"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26697"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213343."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26704"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408692"
},
{
"db": "VULMON",
"id": "CVE-2021-4136"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016868"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1496"
},
{
"db": "NVD",
"id": "CVE-2021-4136"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-408692"
},
{
"db": "VULMON",
"id": "CVE-2021-4136"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016868"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1496"
},
{
"db": "NVD",
"id": "CVE-2021-4136"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-408692"
},
{
"date": "2021-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-4136"
},
{
"date": "2022-12-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016868"
},
{
"date": "2022-03-15T15:49:02",
"db": "PACKETSTORM",
"id": "166319"
},
{
"date": "2022-05-17T16:59:42",
"db": "PACKETSTORM",
"id": "167188"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2022-07-22T16:23:52",
"db": "PACKETSTORM",
"id": "167789"
},
{
"date": "2021-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-1496"
},
{
"date": "2021-12-19T17:15:07.553000",
"db": "NVD",
"id": "CVE-2021-4136"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-408692"
},
{
"date": "2022-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2021-4136"
},
{
"date": "2022-12-26T02:14:00",
"db": "JVNDB",
"id": "JVNDB-2021-016868"
},
{
"date": "2023-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-1496"
},
{
"date": "2024-11-21T06:36:58.833000",
"db": "NVD",
"id": "CVE-2021-4136"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1496"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016868"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1496"
}
],
"trust": 0.6
}
}
var-202205-0218
Vulnerability from variot
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. ClamAV Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. ========================================================================== Ubuntu Security Notice USN-5423-2 May 17, 2022
clamav vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in ClamAV.
Software Description: - clamav: Anti-virus utility for Unix
Details:
USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.
Original advisory details:
Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20770)
Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20771)
Michał Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service. (CVE-2022-20785)
Michał Dardas discovered that ClamAV incorrectly handled loading the signature database. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-20792)
Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly handled the scan verdict cache check. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.(CVE-2022-20796)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1
Ubuntu 14.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5423-2 https://ubuntu.com/security/notices/USN-5423-1 CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792, CVE-2022-20796 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-01
https://security.gentoo.org/
Severity: Normal Title: ClamAV: Multiple Vulnerabilities Date: October 01, 2023 Bugs: #831083, #842813, #894672 ID: 202310-01
Synopsis
Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.
Background
ClamAV is a GPL virus scanner.
Affected packages
Package Vulnerable Unaffected
app-antivirus/clamav < 0.103.7 >= 0.103.7
Description
Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All ClamAV users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.103.7"
References
[ 1 ] CVE-2022-20698 https://nvd.nist.gov/vuln/detail/CVE-2022-20698 [ 2 ] CVE-2022-20770 https://nvd.nist.gov/vuln/detail/CVE-2022-20770 [ 3 ] CVE-2022-20771 https://nvd.nist.gov/vuln/detail/CVE-2022-20771 [ 4 ] CVE-2022-20785 https://nvd.nist.gov/vuln/detail/CVE-2022-20785 [ 5 ] CVE-2022-20792 https://nvd.nist.gov/vuln/detail/CVE-2022-20792 [ 6 ] CVE-2022-20796 https://nvd.nist.gov/vuln/detail/CVE-2022-20796 [ 7 ] CVE-2022-20803 https://nvd.nist.gov/vuln/detail/CVE-2022-20803 [ 8 ] CVE-2023-20032 https://nvd.nist.gov/vuln/detail/CVE-2023-20032 [ 9 ] CVE-2023-20052 https://nvd.nist.gov/vuln/detail/CVE-2023-20052
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202310-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0218",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clamav",
"scope": "gte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.0"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.18.2"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.17.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "clamav",
"scope": "lte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "clamav",
"scope": "lte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.103.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "secure endpoint",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.18.0"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.16.3"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "cisco secure endpoint",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "clamav",
"scope": null,
"trust": 0.8,
"vendor": "clamav",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
}
],
"trust": 0.2
},
"cve": "CVE-2022-20771",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-20771",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-405324",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-20771",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-20771",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-20771",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2022-20771",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-20771",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2064",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-405324",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-20771",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405324"
},
{
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2064"
},
{
"db": "NVD",
"id": "CVE-2022-20771"
},
{
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. ClamAV Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. ==========================================================================\nUbuntu Security Notice USN-5423-2\nMay 17, 2022\n\nclamav vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in ClamAV. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nUSN-5423-1 fixed several vulnerabilities in ClamAV. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. \n\n\nOriginal advisory details:\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing CHM files. \n A remote attacker could possibly use this issue to cause ClamAV to stop\n responding, resulting in a denial of service. (CVE-2022-20770)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing TIFF\n files. A remote attacker could possibly use this issue to cause ClamAV to\n stop responding, resulting in a denial of service. (CVE-2022-20771)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing HTML\n files. A remote attacker could possibly use this issue to cause ClamAV to\n consume resources, resulting in a denial of service. (CVE-2022-20785)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled loading the\n signature database. A remote attacker could possibly use this issue to\n cause ClamAV to crash, resulting in a denial of service, or possibly\n execute arbitrary code. (CVE-2022-20792)\n\n Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly\n handled the scan verdict cache check. A remote attacker could possibly use\n this issue to cause ClamAV to crash, resulting in a denial of service, or\n possibly execute arbitrary code.(CVE-2022-20796)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1\n\nUbuntu 14.04 ESM:\n clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. In general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5423-2\n https://ubuntu.com/security/notices/USN-5423-1\n CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792,\n CVE-2022-20796\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202310-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: ClamAV: Multiple Vulnerabilities\n Date: October 01, 2023\n Bugs: #831083, #842813, #894672\n ID: 202310-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in ClamAV, the worst of\nwhich could result in remote code execution. \n\nBackground\n==========\n\nClamAV is a GPL virus scanner. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n-------------------- ------------ ------------\napp-antivirus/clamav \u003c 0.103.7 \u003e= 0.103.7\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in ClamAV. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll ClamAV users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-antivirus/clamav-0.103.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-20698\n https://nvd.nist.gov/vuln/detail/CVE-2022-20698\n[ 2 ] CVE-2022-20770\n https://nvd.nist.gov/vuln/detail/CVE-2022-20770\n[ 3 ] CVE-2022-20771\n https://nvd.nist.gov/vuln/detail/CVE-2022-20771\n[ 4 ] CVE-2022-20785\n https://nvd.nist.gov/vuln/detail/CVE-2022-20785\n[ 5 ] CVE-2022-20792\n https://nvd.nist.gov/vuln/detail/CVE-2022-20792\n[ 6 ] CVE-2022-20796\n https://nvd.nist.gov/vuln/detail/CVE-2022-20796\n[ 7 ] CVE-2022-20803\n https://nvd.nist.gov/vuln/detail/CVE-2022-20803\n[ 8 ] CVE-2023-20032\n https://nvd.nist.gov/vuln/detail/CVE-2023-20032\n[ 9 ] CVE-2023-20052\n https://nvd.nist.gov/vuln/detail/CVE-2023-20052\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202310-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-20771"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "VULHUB",
"id": "VHN-405324"
},
{
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-20771",
"trust": 3.7
},
{
"db": "PACKETSTORM",
"id": "167199",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167211",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010586",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.2431",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2362",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2784",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051836",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051732",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050437",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2064",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-64262",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-405324",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-20771",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174873",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405324"
},
{
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2064"
},
{
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"id": "VAR-202205-0218",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-405324"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:58:17.572000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2022-0ac71a8f3a Cisco Systems Cisco\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.clamav.net/"
},
{
"title": "ClamAV Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=191378"
},
{
"title": "Cisco: ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-clamav-dos-ZAZBwRVG"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2022-20771"
},
{
"title": "Ubuntu Security Notice: USN-5423-1: ClamAV vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5423-1"
},
{
"title": "Ubuntu Security Notice: USN-5423-2: ClamAV vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5423-2"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1621",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1621"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-090",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-090"
},
{
"title": "Amazon Linux 2022: ALAS-2022-229",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS-2022-229"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2064"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-dos-zazbwrvg"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202310-01"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20771"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050437"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/clamav-multiple-vulnerabilities-38245"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051836"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2362"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-20771/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167199/ubuntu-security-notice-usn-5423-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2431"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167211/ubuntu-security-notice-usn-5423-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2784"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051732"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5423-1"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20770"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20796"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20792"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20785"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-dos-zazbwrvg"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5423-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.22.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.21.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20052"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20803"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20698"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405324"
},
{
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2064"
},
{
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-405324"
},
{
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2064"
},
{
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-405324"
},
{
"date": "2022-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"date": "2023-08-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"date": "2022-05-18T16:36:26",
"db": "PACKETSTORM",
"id": "167211"
},
{
"date": "2022-05-17T17:12:26",
"db": "PACKETSTORM",
"id": "167199"
},
{
"date": "2023-10-02T15:09:41",
"db": "PACKETSTORM",
"id": "174873"
},
{
"date": "2022-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2064"
},
{
"date": "2022-05-04T17:15:08.440000",
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-405324"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"date": "2023-08-16T04:37:00",
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"date": "2022-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2064"
},
{
"date": "2024-11-21T06:43:31.423000",
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2064"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ClamAV\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2064"
}
],
"trust": 0.6
}
}
var-202012-0763
Vulnerability from variot
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. This vulnerability number has been assigned, and the vulnerability details will be updated soon. A security issue exists in WebKitGTK prior to 2.30.6 and WPE WebKit prior to 2.30.6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: GNOME security, bug fix, and enhancement update Advisory ID: RHSA-2021:4381-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4381 Issue date: 2021-11-09 CVE Names: CVE-2020-13558 CVE-2020-24870 CVE-2020-27918 CVE-2020-29623 CVE-2020-36241 CVE-2021-1765 CVE-2021-1788 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1844 CVE-2021-1870 CVE-2021-1871 CVE-2021-21775 CVE-2021-21779 CVE-2021-21806 CVE-2021-28650 CVE-2021-30663 CVE-2021-30665 CVE-2021-30682 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799 ==================================================================== 1. Summary:
An update for GNOME is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
GNOME is the default desktop environment of Red Hat Enterprise Linux.
The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
GDM must be restarted for this update to take effect. The GNOME session must be restarted (log out, then log back in) for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time 1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8) 1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop 1813727 - Files copied from NFS4 to Desktop can't be opened 1854679 - [RFE] Disable left edge gesture 1873297 - Gnome-software coredumps when run as root in terminal 1873488 - GTK3 prints errors with overlay scrollbar disabled 1888404 - Updates page hides ongoing updates on refresh 1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3. 1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ... 1904139 - Automatic Logout Feature not working 1905000 - Desktop refresh broken after unlock 1909300 - gdm isn't killing the login screen on login after all, should rebase to latest release 1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot 1924725 - [Wayland] Double-touch desktop icons fails sometimes 1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory 1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp 1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution 1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login 1937416 - Rebase WebKitGTK to 2.32 1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0] 1938937 - Mutter: mouse click doesn't work when using 10-bit graphic monitor [rhel-8.5.0] 1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) 1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution 1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history 1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation 1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution 1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection 1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation 1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution 1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution 1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution 1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution 1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH 1951086 - Disable the Facebook provider 1952136 - Disable the Foursquare provider 1955754 - gnome-session kiosk-session support still isn't up to muster 1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide 1960705 - Vino nonfunctional in FIPS mode 1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V 1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens 1971534 - gnome-shell[2343]: gsignal.c:2642: instance '0x5583c61f9280' has no handler with id '23831' 1972545 - flatpak: Prefer runtime from the same origin as the application 1978287 - gnome-shell to include / Documented - PolicyKit-authentication-agent 1978505 - Gnome Software development package is missing important header files. 1978612 - pt_BR translations for "Register System" panel 1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution 1980661 - "Screen Lock disabled" notification appears on first login after disabling gdm and notification pop-up. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: LibRaw-0.19.5-3.el8.src.rpm accountsservice-0.6.55-2.el8.src.rpm gdm-40.0-15.el8.src.rpm gnome-autoar-0.2.3-2.el8.src.rpm gnome-calculator-3.28.2-2.el8.src.rpm gnome-control-center-3.28.2-28.el8.src.rpm gnome-online-accounts-3.28.2-3.el8.src.rpm gnome-session-3.28.1-13.el8.src.rpm gnome-settings-daemon-3.32.0-16.el8.src.rpm gnome-shell-3.32.2-40.el8.src.rpm gnome-shell-extensions-3.32.1-20.el8.src.rpm gnome-software-3.36.1-10.el8.src.rpm gtk3-3.22.30-8.el8.src.rpm mutter-3.32.2-60.el8.src.rpm vino-3.22.0-11.el8.src.rpm webkit2gtk3-2.32.3-2.el8.src.rpm
aarch64: accountsservice-0.6.55-2.el8.aarch64.rpm accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm accountsservice-libs-0.6.55-2.el8.aarch64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm gdm-40.0-15.el8.aarch64.rpm gdm-debuginfo-40.0-15.el8.aarch64.rpm gdm-debugsource-40.0-15.el8.aarch64.rpm gnome-autoar-0.2.3-2.el8.aarch64.rpm gnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm gnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm gnome-calculator-3.28.2-2.el8.aarch64.rpm gnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm gnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm gnome-control-center-3.28.2-28.el8.aarch64.rpm gnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm gnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm gnome-online-accounts-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm gnome-session-3.28.1-13.el8.aarch64.rpm gnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm gnome-session-debugsource-3.28.1-13.el8.aarch64.rpm gnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm gnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm gnome-session-xsession-3.28.1-13.el8.aarch64.rpm gnome-settings-daemon-3.32.0-16.el8.aarch64.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm gnome-shell-3.32.2-40.el8.aarch64.rpm gnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm gnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm gnome-software-3.36.1-10.el8.aarch64.rpm gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm gtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-3.22.30-8.el8.aarch64.rpm gtk3-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-debugsource-3.22.30-8.el8.aarch64.rpm gtk3-devel-3.22.30-8.el8.aarch64.rpm gtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm mutter-3.32.2-60.el8.aarch64.rpm mutter-debuginfo-3.32.2-60.el8.aarch64.rpm mutter-debugsource-3.32.2-60.el8.aarch64.rpm mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm vino-3.22.0-11.el8.aarch64.rpm vino-debuginfo-3.22.0-11.el8.aarch64.rpm vino-debugsource-3.22.0-11.el8.aarch64.rpm webkit2gtk3-2.32.3-2.el8.aarch64.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm webkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
noarch: gnome-classic-session-3.32.1-20.el8.noarch.rpm gnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm gnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm gnome-shell-extension-common-3.32.1-20.el8.noarch.rpm gnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm gnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm gnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm gnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm gnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm gnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm gnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm gnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm gnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm gnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm gnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm gnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm gnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm gnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm gnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm gnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm gnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm
ppc64le: LibRaw-0.19.5-3.el8.ppc64le.rpm LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm accountsservice-0.6.55-2.el8.ppc64le.rpm accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm gdm-40.0-15.el8.ppc64le.rpm gdm-debuginfo-40.0-15.el8.ppc64le.rpm gdm-debugsource-40.0-15.el8.ppc64le.rpm gnome-autoar-0.2.3-2.el8.ppc64le.rpm gnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm gnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm gnome-calculator-3.28.2-2.el8.ppc64le.rpm gnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm gnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm gnome-control-center-3.28.2-28.el8.ppc64le.rpm gnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm gnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm gnome-online-accounts-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm gnome-session-3.28.1-13.el8.ppc64le.rpm gnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm gnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm gnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm gnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm gnome-session-xsession-3.28.1-13.el8.ppc64le.rpm gnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm gnome-shell-3.32.2-40.el8.ppc64le.rpm gnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm gnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm gnome-software-3.36.1-10.el8.ppc64le.rpm gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm gtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-3.22.30-8.el8.ppc64le.rpm gtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-debugsource-3.22.30-8.el8.ppc64le.rpm gtk3-devel-3.22.30-8.el8.ppc64le.rpm gtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm mutter-3.32.2-60.el8.ppc64le.rpm mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm mutter-debugsource-3.32.2-60.el8.ppc64le.rpm mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm vino-3.22.0-11.el8.ppc64le.rpm vino-debuginfo-3.22.0-11.el8.ppc64le.rpm vino-debugsource-3.22.0-11.el8.ppc64le.rpm webkit2gtk3-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
s390x: accountsservice-0.6.55-2.el8.s390x.rpm accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm accountsservice-debugsource-0.6.55-2.el8.s390x.rpm accountsservice-libs-0.6.55-2.el8.s390x.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm gdm-40.0-15.el8.s390x.rpm gdm-debuginfo-40.0-15.el8.s390x.rpm gdm-debugsource-40.0-15.el8.s390x.rpm gnome-autoar-0.2.3-2.el8.s390x.rpm gnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm gnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm gnome-calculator-3.28.2-2.el8.s390x.rpm gnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm gnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm gnome-control-center-3.28.2-28.el8.s390x.rpm gnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm gnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm gnome-online-accounts-3.28.2-3.el8.s390x.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm gnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm gnome-session-3.28.1-13.el8.s390x.rpm gnome-session-debuginfo-3.28.1-13.el8.s390x.rpm gnome-session-debugsource-3.28.1-13.el8.s390x.rpm gnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm gnome-session-wayland-session-3.28.1-13.el8.s390x.rpm gnome-session-xsession-3.28.1-13.el8.s390x.rpm gnome-settings-daemon-3.32.0-16.el8.s390x.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm gnome-shell-3.32.2-40.el8.s390x.rpm gnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm gnome-shell-debugsource-3.32.2-40.el8.s390x.rpm gnome-software-3.36.1-10.el8.s390x.rpm gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm gnome-software-debugsource-3.36.1-10.el8.s390x.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm gtk-update-icon-cache-3.22.30-8.el8.s390x.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-3.22.30-8.el8.s390x.rpm gtk3-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-debugsource-3.22.30-8.el8.s390x.rpm gtk3-devel-3.22.30-8.el8.s390x.rpm gtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-immodule-xim-3.22.30-8.el8.s390x.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm mutter-3.32.2-60.el8.s390x.rpm mutter-debuginfo-3.32.2-60.el8.s390x.rpm mutter-debugsource-3.32.2-60.el8.s390x.rpm mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm vino-3.22.0-11.el8.s390x.rpm vino-debuginfo-3.22.0-11.el8.s390x.rpm vino-debugsource-3.22.0-11.el8.s390x.rpm webkit2gtk3-2.32.3-2.el8.s390x.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm webkit2gtk3-devel-2.32.3-2.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm
x86_64: LibRaw-0.19.5-3.el8.i686.rpm LibRaw-0.19.5-3.el8.x86_64.rpm LibRaw-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm LibRaw-debugsource-0.19.5-3.el8.i686.rpm LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm accountsservice-0.6.55-2.el8.x86_64.rpm accountsservice-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm accountsservice-debugsource-0.6.55-2.el8.i686.rpm accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm accountsservice-libs-0.6.55-2.el8.i686.rpm accountsservice-libs-0.6.55-2.el8.x86_64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm gdm-40.0-15.el8.i686.rpm gdm-40.0-15.el8.x86_64.rpm gdm-debuginfo-40.0-15.el8.i686.rpm gdm-debuginfo-40.0-15.el8.x86_64.rpm gdm-debugsource-40.0-15.el8.i686.rpm gdm-debugsource-40.0-15.el8.x86_64.rpm gnome-autoar-0.2.3-2.el8.i686.rpm gnome-autoar-0.2.3-2.el8.x86_64.rpm gnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm gnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm gnome-autoar-debugsource-0.2.3-2.el8.i686.rpm gnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm gnome-calculator-3.28.2-2.el8.x86_64.rpm gnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm gnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm gnome-control-center-3.28.2-28.el8.x86_64.rpm gnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm gnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm gnome-online-accounts-3.28.2-3.el8.i686.rpm gnome-online-accounts-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-devel-3.28.2-3.el8.i686.rpm gnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm gnome-session-3.28.1-13.el8.x86_64.rpm gnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm gnome-session-debugsource-3.28.1-13.el8.x86_64.rpm gnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm gnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm gnome-session-xsession-3.28.1-13.el8.x86_64.rpm gnome-settings-daemon-3.32.0-16.el8.x86_64.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm gnome-shell-3.32.2-40.el8.x86_64.rpm gnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm gnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm gnome-software-3.36.1-10.el8.x86_64.rpm gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm gsettings-desktop-schemas-3.32.0-6.el8.i686.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm gtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-3.22.30-8.el8.i686.rpm gtk3-3.22.30-8.el8.x86_64.rpm gtk3-debuginfo-3.22.30-8.el8.i686.rpm gtk3-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-debugsource-3.22.30-8.el8.i686.rpm gtk3-debugsource-3.22.30-8.el8.x86_64.rpm gtk3-devel-3.22.30-8.el8.i686.rpm gtk3-devel-3.22.30-8.el8.x86_64.rpm gtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm gtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm gtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm mutter-3.32.2-60.el8.i686.rpm mutter-3.32.2-60.el8.x86_64.rpm mutter-debuginfo-3.32.2-60.el8.i686.rpm mutter-debuginfo-3.32.2-60.el8.x86_64.rpm mutter-debugsource-3.32.2-60.el8.i686.rpm mutter-debugsource-3.32.2-60.el8.x86_64.rpm mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm vino-3.22.0-11.el8.x86_64.rpm vino-debuginfo-3.22.0-11.el8.x86_64.rpm vino-debugsource-3.22.0-11.el8.x86_64.rpm webkit2gtk3-2.32.3-2.el8.i686.rpm webkit2gtk3-2.32.3-2.el8.x86_64.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm webkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm webkit2gtk3-devel-2.32.3-2.el8.i686.rpm webkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source: gsettings-desktop-schemas-3.32.0-6.el8.src.rpm
aarch64: gsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm
ppc64le: gsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm
s390x: gsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm
x86_64: gsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 8):
aarch64: accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm accountsservice-devel-0.6.55-2.el8.aarch64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm gnome-software-devel-3.36.1-10.el8.aarch64.rpm mutter-debuginfo-3.32.2-60.el8.aarch64.rpm mutter-debugsource-3.32.2-60.el8.aarch64.rpm mutter-devel-3.32.2-60.el8.aarch64.rpm mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
ppc64le: LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm LibRaw-devel-0.19.5-3.el8.ppc64le.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm accountsservice-devel-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm gnome-software-devel-3.36.1-10.el8.ppc64le.rpm mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm mutter-debugsource-3.32.2-60.el8.ppc64le.rpm mutter-devel-3.32.2-60.el8.ppc64le.rpm mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
s390x: accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm accountsservice-debugsource-0.6.55-2.el8.s390x.rpm accountsservice-devel-0.6.55-2.el8.s390x.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm gnome-software-debugsource-3.36.1-10.el8.s390x.rpm gnome-software-devel-3.36.1-10.el8.s390x.rpm mutter-debuginfo-3.32.2-60.el8.s390x.rpm mutter-debugsource-3.32.2-60.el8.s390x.rpm mutter-devel-3.32.2-60.el8.s390x.rpm mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
x86_64: LibRaw-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm LibRaw-debugsource-0.19.5-3.el8.i686.rpm LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm LibRaw-devel-0.19.5-3.el8.i686.rpm LibRaw-devel-0.19.5-3.el8.x86_64.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm accountsservice-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm accountsservice-debugsource-0.6.55-2.el8.i686.rpm accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm accountsservice-devel-0.6.55-2.el8.i686.rpm accountsservice-devel-0.6.55-2.el8.x86_64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm gnome-software-3.36.1-10.el8.i686.rpm gnome-software-debuginfo-3.36.1-10.el8.i686.rpm gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm gnome-software-debugsource-3.36.1-10.el8.i686.rpm gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm gnome-software-devel-3.36.1-10.el8.i686.rpm gnome-software-devel-3.36.1-10.el8.x86_64.rpm mutter-debuginfo-3.32.2-60.el8.i686.rpm mutter-debuginfo-3.32.2-60.el8.x86_64.rpm mutter-debugsource-3.32.2-60.el8.i686.rpm mutter-debugsource-3.32.2-60.el8.x86_64.rpm mutter-devel-3.32.2-60.el8.i686.rpm mutter-devel-3.32.2-60.el8.x86_64.rpm mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-13558 https://access.redhat.com/security/cve/CVE-2020-24870 https://access.redhat.com/security/cve/CVE-2020-27918 https://access.redhat.com/security/cve/CVE-2020-29623 https://access.redhat.com/security/cve/CVE-2020-36241 https://access.redhat.com/security/cve/CVE-2021-1765 https://access.redhat.com/security/cve/CVE-2021-1788 https://access.redhat.com/security/cve/CVE-2021-1789 https://access.redhat.com/security/cve/CVE-2021-1799 https://access.redhat.com/security/cve/CVE-2021-1801 https://access.redhat.com/security/cve/CVE-2021-1844 https://access.redhat.com/security/cve/CVE-2021-1870 https://access.redhat.com/security/cve/CVE-2021-1871 https://access.redhat.com/security/cve/CVE-2021-21775 https://access.redhat.com/security/cve/CVE-2021-21779 https://access.redhat.com/security/cve/CVE-2021-21806 https://access.redhat.com/security/cve/CVE-2021-28650 https://access.redhat.com/security/cve/CVE-2021-30663 https://access.redhat.com/security/cve/CVE-2021-30665 https://access.redhat.com/security/cve/CVE-2021-30682 https://access.redhat.com/security/cve/CVE-2021-30689 https://access.redhat.com/security/cve/CVE-2021-30720 https://access.redhat.com/security/cve/CVE-2021-30734 https://access.redhat.com/security/cve/CVE-2021-30744 https://access.redhat.com/security/cve/CVE-2021-30749 https://access.redhat.com/security/cve/CVE-2021-30758 https://access.redhat.com/security/cve/CVE-2021-30795 https://access.redhat.com/security/cve/CVE-2021-30797 https://access.redhat.com/security/cve/CVE-2021-30799 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. Summary:
The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es):
- mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"
- Gentoo Linux Security Advisory GLSA 202104-03
https://security.gentoo.org/
Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: April 30, 2021 Bugs: #770793, #773193 ID: 202104-03
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.30.6 >= 2.30.6
Description
Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.30.6"
References
[ 1 ] CVE-2020-13558 https://nvd.nist.gov/vuln/detail/CVE-2020-13558 [ 2 ] CVE-2020-27918 https://nvd.nist.gov/vuln/detail/CVE-2020-27918 [ 3 ] CVE-2020-29623 https://nvd.nist.gov/vuln/detail/CVE-2020-29623 [ 4 ] CVE-2020-9947 https://nvd.nist.gov/vuln/detail/CVE-2020-9947 [ 5 ] CVE-2021-1765 https://nvd.nist.gov/vuln/detail/CVE-2021-1765 [ 6 ] CVE-2021-1789 https://nvd.nist.gov/vuln/detail/CVE-2021-1789 [ 7 ] CVE-2021-1799 https://nvd.nist.gov/vuln/detail/CVE-2021-1799 [ 8 ] CVE-2021-1801 https://nvd.nist.gov/vuln/detail/CVE-2021-1801 [ 9 ] CVE-2021-1870 https://nvd.nist.gov/vuln/detail/CVE-2021-1870 [ 10 ] WSA-2021-0001 https://webkitgtk.org/security/WSA-2021-0001.html [ 11 ] WSA-2021-0002 https://webkitgtk.org/security/WSA-2021-0002.html
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202104-03
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-4894-1 March 29, 2021
webkit2gtk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Software Description: - webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: libjavascriptcoregtk-4.0-18 2.30.6-0ubuntu0.20.10.1 libwebkit2gtk-4.0-37 2.30.6-0ubuntu0.20.10.1
Ubuntu 20.04 LTS: libjavascriptcoregtk-4.0-18 2.30.6-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 2.30.6-0ubuntu0.20.04.1
Ubuntu 18.04 LTS: libjavascriptcoregtk-4.0-18 2.30.6-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 2.30.6-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2
iOS 14.2 and iPadOS 14.2 are now available and address the following issues. Information about the security content is also available at https://support.apple.com/HT211929.
Audio Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light- Year Lab
Audio Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
CallKit Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A user may answer two calls simultaneously without indication they have answered a second call Description: An issue existed in the handling of incoming calls. CVE-2020-27925: Nick Tangri
CoreAudio Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab
CoreAudio Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27909: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year Lab
Crash Reporter Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A local attacker may be able to elevate their privileges Description: An issue existed within the path validation logic for symlinks. CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan
FontParser Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild. CVE-2020-27930: Google Project Zero
FontParser Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab
Foundation Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A local user may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2020-10002: James Hutchins
ImageIO Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
IOAcceleratorFamily Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-27905: Mohamed Ghannam (@_simo36)
Kernel Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild. CVE-2020-27950: Google Project Zero
Kernel Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved state management. CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-10016: Alex Helie
Kernel Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild. CVE-2020-27932: Google Project Zero
Keyboard Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A person with physical access to an iOS device may be able to access stored passwords without authentication Description: An authentication issue was addressed with improved state management. CVE-2020-27902: Connor Ford (@connorford2)
libxml2 Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing maliciously crafted web content may lead to code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-27917: found by OSS-Fuzz
libxml2 Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2020-27911: found by OSS-Fuzz
libxml2 Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-27926: found by OSS-Fuzz
Logging Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A local attacker may be able to elevate their privileges Description: A path handling issue was addressed with improved validation. CVE-2020-10010: Tommy Muir (@Muirey03)
Model I/O Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
Model I/O Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-10011: Aleksandar Nikolic of Cisco Talos
WebKit Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-27918: an anonymous researcher
Safari We would like to acknowledge Gabriel Corona for their assistance.
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "iOS 14.2 and iPadOS 14.2".
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+khmUACgkQZcsbuWJ6 jjA/cxAArQHJ0PJZVPQ5gF3071ZxAlwu7iHuphiiYzM9JYskEJYymSxaRxm3mPaK sT+1znbSDecwZLwFM5Luepkk3DHuj2sFRMZvYDfVvxvCvCob2b5ZQTsjfAimxemz nrGFcZp/fRGSu1vG1l/wZRta3J6n1WogIvYw+belthcnJHjJ+KThmXL/iDOTRXev KgS2K94G6tRAkgIUPuuLFnnrxHNyplzhECJXe55YBnkZxGcOBg0ZF7itF8F4q9sQ TtnfgGxgKbkxXXGKID/ihgByEOI1iSSiiCMsKm2OoltaCB1kcOuT0PwuygRBZaDA j+HdamnxBErgsQeTvaJPRlIEJFJgVrmr8/nHfKqxNSpF2LxDK+NTXQqo4iAHjy0j QN4vmKueIN2j6IQmey3zwlkpao8Wg0mYNt9auWHC/S3aNCFVCEKLwUC9e74Ckbzk 5kWpUgtQsUdZDkHZRfPhEntB69KFGfaBAv+fZNewtnsVtoiqx8uxSDCsS8FY6qZL X/wb2BKgqqmKfketffhihTKGKbBd045tyfjPd1Bodp753U6SKnhPMIQ283uHglEc auWTj5YBeFtszLYaDvNi4DMci5olBd6n61kuSt8W+hy9vGPIREfPihsZFSGOwB53 ItcJGAqRgwlUEy4O3HUVugUXIJ3qhoHhV+SPaKcWomW3pJgzpg8= =9YuD -----END PGP SIGNATURE-----
.
CVE-2020-29623
Simon Hunt discovered that users may be unable to fully delete
their browsing history under some circumstances.
CVE-2021-1799
Gregory Vishnepolsky, Ben Seri and Samy Kamkar discovered that a
malicious website may be able to access restricted ports on
arbitrary servers.
For the stable distribution (buster), these problems have been fixed in version 2.30.6-1~deb10u1.
We recommend that you upgrade your webkit2gtk packages
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202012-0763",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.5"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "7.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.2"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.0.1"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.2"
},
{
"model": "itunes",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.11"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "webkitgtk\\+",
"scope": "lt",
"trust": 1.0,
"vendor": "webkitgtk",
"version": "2.30.6"
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "tvos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "7.1"
},
{
"model": "itunes",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "icloud",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "(apple watch series 3 or later )"
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014226"
},
{
"db": "NVD",
"id": "CVE-2020-27918"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "162412"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-583"
}
],
"trust": 0.7
},
"cve": "CVE-2020-27918",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-27918",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-372029",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-27918",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-27918",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-27918",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-27918",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-583",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-372029",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-27918",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-372029"
},
{
"db": "VULMON",
"id": "CVE-2020-27918"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014226"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-583"
},
{
"db": "NVD",
"id": "CVE-2020-27918"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. This vulnerability number has been assigned, and the vulnerability details will be updated soon. A security issue exists in WebKitGTK prior to 2.30.6 and WPE WebKit prior to 2.30.6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: GNOME security, bug fix, and enhancement update\nAdvisory ID: RHSA-2021:4381-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:4381\nIssue date: 2021-11-09\nCVE Names: CVE-2020-13558 CVE-2020-24870 CVE-2020-27918\n CVE-2020-29623 CVE-2020-36241 CVE-2021-1765\n CVE-2021-1788 CVE-2021-1789 CVE-2021-1799\n CVE-2021-1801 CVE-2021-1844 CVE-2021-1870\n CVE-2021-1871 CVE-2021-21775 CVE-2021-21779\n CVE-2021-21806 CVE-2021-28650 CVE-2021-30663\n CVE-2021-30665 CVE-2021-30682 CVE-2021-30689\n CVE-2021-30720 CVE-2021-30734 CVE-2021-30744\n CVE-2021-30749 CVE-2021-30758 CVE-2021-30795\n CVE-2021-30797 CVE-2021-30799\n====================================================================\n1. Summary:\n\nAn update for GNOME is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nGNOME is the default desktop environment of Red Hat Enterprise Linux. \n\nThe following packages have been upgraded to a later upstream version: gdm\n(40.0), webkit2gtk3 (2.32.3). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nGDM must be restarted for this update to take effect. The GNOME session\nmust be restarted (log out, then log back in) for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time\n1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8)\n1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop\n1813727 - Files copied from NFS4 to Desktop can\u0027t be opened\n1854679 - [RFE] Disable left edge gesture\n1873297 - Gnome-software coredumps when run as root in terminal\n1873488 - GTK3 prints errors with overlay scrollbar disabled\n1888404 - Updates page hides ongoing updates on refresh\n1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3. \n1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ... \n1904139 - Automatic Logout Feature not working\n1905000 - Desktop refresh broken after unlock\n1909300 - gdm isn\u0027t killing the login screen on login after all, should rebase to latest release\n1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot\n1924725 - [Wayland] Double-touch desktop icons fails sometimes\n1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory\n1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp\n1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution\n1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login\n1937416 - Rebase WebKitGTK to 2.32\n1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0]\n1938937 - Mutter: mouse click doesn\u0027t work when using 10-bit graphic monitor [rhel-8.5.0]\n1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix)\n1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution\n1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history\n1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation\n1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution\n1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection\n1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation\n1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution\n1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution\n1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution\n1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution\n1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH\n1951086 - Disable the Facebook provider\n1952136 - Disable the Foursquare provider\n1955754 - gnome-session kiosk-session support still isn\u0027t up to muster\n1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide\n1960705 - Vino nonfunctional in FIPS mode\n1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V\n1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens\n1971534 - gnome-shell[2343]: gsignal.c:2642: instance \u00270x5583c61f9280\u0027 has no handler with id \u002723831\u0027\n1972545 - flatpak: Prefer runtime from the same origin as the application\n1978287 - gnome-shell to include / Documented - PolicyKit-authentication-agent\n1978505 - Gnome Software development package is missing important header files. \n1978612 - pt_BR translations for \"Register System\" panel\n1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution\n1980661 - \"Screen Lock disabled\" notification appears on first login after disabling gdm and notification pop-up. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nLibRaw-0.19.5-3.el8.src.rpm\naccountsservice-0.6.55-2.el8.src.rpm\ngdm-40.0-15.el8.src.rpm\ngnome-autoar-0.2.3-2.el8.src.rpm\ngnome-calculator-3.28.2-2.el8.src.rpm\ngnome-control-center-3.28.2-28.el8.src.rpm\ngnome-online-accounts-3.28.2-3.el8.src.rpm\ngnome-session-3.28.1-13.el8.src.rpm\ngnome-settings-daemon-3.32.0-16.el8.src.rpm\ngnome-shell-3.32.2-40.el8.src.rpm\ngnome-shell-extensions-3.32.1-20.el8.src.rpm\ngnome-software-3.36.1-10.el8.src.rpm\ngtk3-3.22.30-8.el8.src.rpm\nmutter-3.32.2-60.el8.src.rpm\nvino-3.22.0-11.el8.src.rpm\nwebkit2gtk3-2.32.3-2.el8.src.rpm\n\naarch64:\naccountsservice-0.6.55-2.el8.aarch64.rpm\naccountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm\naccountsservice-debugsource-0.6.55-2.el8.aarch64.rpm\naccountsservice-libs-0.6.55-2.el8.aarch64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm\ngdm-40.0-15.el8.aarch64.rpm\ngdm-debuginfo-40.0-15.el8.aarch64.rpm\ngdm-debugsource-40.0-15.el8.aarch64.rpm\ngnome-autoar-0.2.3-2.el8.aarch64.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm\ngnome-calculator-3.28.2-2.el8.aarch64.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm\ngnome-control-center-3.28.2-28.el8.aarch64.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm\ngnome-online-accounts-3.28.2-3.el8.aarch64.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm\ngnome-session-3.28.1-13.el8.aarch64.rpm\ngnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm\ngnome-session-debugsource-3.28.1-13.el8.aarch64.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm\ngnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm\ngnome-session-xsession-3.28.1-13.el8.aarch64.rpm\ngnome-settings-daemon-3.32.0-16.el8.aarch64.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm\ngnome-shell-3.32.2-40.el8.aarch64.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm\ngnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm\ngnome-software-3.36.1-10.el8.aarch64.rpm\ngnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm\ngnome-software-debugsource-3.36.1-10.el8.aarch64.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm\ngtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-3.22.30-8.el8.aarch64.rpm\ngtk3-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-debugsource-3.22.30-8.el8.aarch64.rpm\ngtk3-devel-3.22.30-8.el8.aarch64.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm\nmutter-3.32.2-60.el8.aarch64.rpm\nmutter-debuginfo-3.32.2-60.el8.aarch64.rpm\nmutter-debugsource-3.32.2-60.el8.aarch64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm\nvino-3.22.0-11.el8.aarch64.rpm\nvino-debuginfo-3.22.0-11.el8.aarch64.rpm\nvino-debugsource-3.22.0-11.el8.aarch64.rpm\nwebkit2gtk3-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm\n\nnoarch:\ngnome-classic-session-3.32.1-20.el8.noarch.rpm\ngnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm\ngnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-common-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm\n\nppc64le:\nLibRaw-0.19.5-3.el8.ppc64le.rpm\nLibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm\nLibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm\naccountsservice-0.6.55-2.el8.ppc64le.rpm\naccountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm\naccountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm\naccountsservice-libs-0.6.55-2.el8.ppc64le.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm\ngdm-40.0-15.el8.ppc64le.rpm\ngdm-debuginfo-40.0-15.el8.ppc64le.rpm\ngdm-debugsource-40.0-15.el8.ppc64le.rpm\ngnome-autoar-0.2.3-2.el8.ppc64le.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm\ngnome-calculator-3.28.2-2.el8.ppc64le.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm\ngnome-control-center-3.28.2-28.el8.ppc64le.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm\ngnome-online-accounts-3.28.2-3.el8.ppc64le.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm\ngnome-session-3.28.1-13.el8.ppc64le.rpm\ngnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm\ngnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm\ngnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm\ngnome-session-xsession-3.28.1-13.el8.ppc64le.rpm\ngnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm\ngnome-shell-3.32.2-40.el8.ppc64le.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm\ngnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm\ngnome-software-3.36.1-10.el8.ppc64le.rpm\ngnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm\ngnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm\ngtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-3.22.30-8.el8.ppc64le.rpm\ngtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-debugsource-3.22.30-8.el8.ppc64le.rpm\ngtk3-devel-3.22.30-8.el8.ppc64le.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm\nmutter-3.32.2-60.el8.ppc64le.rpm\nmutter-debuginfo-3.32.2-60.el8.ppc64le.rpm\nmutter-debugsource-3.32.2-60.el8.ppc64le.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm\nvino-3.22.0-11.el8.ppc64le.rpm\nvino-debuginfo-3.22.0-11.el8.ppc64le.rpm\nvino-debugsource-3.22.0-11.el8.ppc64le.rpm\nwebkit2gtk3-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm\n\ns390x:\naccountsservice-0.6.55-2.el8.s390x.rpm\naccountsservice-debuginfo-0.6.55-2.el8.s390x.rpm\naccountsservice-debugsource-0.6.55-2.el8.s390x.rpm\naccountsservice-libs-0.6.55-2.el8.s390x.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm\ngdm-40.0-15.el8.s390x.rpm\ngdm-debuginfo-40.0-15.el8.s390x.rpm\ngdm-debugsource-40.0-15.el8.s390x.rpm\ngnome-autoar-0.2.3-2.el8.s390x.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm\ngnome-calculator-3.28.2-2.el8.s390x.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm\ngnome-control-center-3.28.2-28.el8.s390x.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm\ngnome-online-accounts-3.28.2-3.el8.s390x.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm\ngnome-session-3.28.1-13.el8.s390x.rpm\ngnome-session-debuginfo-3.28.1-13.el8.s390x.rpm\ngnome-session-debugsource-3.28.1-13.el8.s390x.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm\ngnome-session-wayland-session-3.28.1-13.el8.s390x.rpm\ngnome-session-xsession-3.28.1-13.el8.s390x.rpm\ngnome-settings-daemon-3.32.0-16.el8.s390x.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm\ngnome-shell-3.32.2-40.el8.s390x.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm\ngnome-shell-debugsource-3.32.2-40.el8.s390x.rpm\ngnome-software-3.36.1-10.el8.s390x.rpm\ngnome-software-debuginfo-3.36.1-10.el8.s390x.rpm\ngnome-software-debugsource-3.36.1-10.el8.s390x.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm\ngtk-update-icon-cache-3.22.30-8.el8.s390x.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-3.22.30-8.el8.s390x.rpm\ngtk3-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-debugsource-3.22.30-8.el8.s390x.rpm\ngtk3-devel-3.22.30-8.el8.s390x.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-immodule-xim-3.22.30-8.el8.s390x.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm\nmutter-3.32.2-60.el8.s390x.rpm\nmutter-debuginfo-3.32.2-60.el8.s390x.rpm\nmutter-debugsource-3.32.2-60.el8.s390x.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm\nvino-3.22.0-11.el8.s390x.rpm\nvino-debuginfo-3.22.0-11.el8.s390x.rpm\nvino-debugsource-3.22.0-11.el8.s390x.rpm\nwebkit2gtk3-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm\n\nx86_64:\nLibRaw-0.19.5-3.el8.i686.rpm\nLibRaw-0.19.5-3.el8.x86_64.rpm\nLibRaw-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm\nLibRaw-debugsource-0.19.5-3.el8.i686.rpm\nLibRaw-debugsource-0.19.5-3.el8.x86_64.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm\naccountsservice-0.6.55-2.el8.x86_64.rpm\naccountsservice-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm\naccountsservice-debugsource-0.6.55-2.el8.i686.rpm\naccountsservice-debugsource-0.6.55-2.el8.x86_64.rpm\naccountsservice-libs-0.6.55-2.el8.i686.rpm\naccountsservice-libs-0.6.55-2.el8.x86_64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm\ngdm-40.0-15.el8.i686.rpm\ngdm-40.0-15.el8.x86_64.rpm\ngdm-debuginfo-40.0-15.el8.i686.rpm\ngdm-debuginfo-40.0-15.el8.x86_64.rpm\ngdm-debugsource-40.0-15.el8.i686.rpm\ngdm-debugsource-40.0-15.el8.x86_64.rpm\ngnome-autoar-0.2.3-2.el8.i686.rpm\ngnome-autoar-0.2.3-2.el8.x86_64.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.i686.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm\ngnome-calculator-3.28.2-2.el8.x86_64.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm\ngnome-control-center-3.28.2-28.el8.x86_64.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm\ngnome-online-accounts-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-3.28.2-3.el8.x86_64.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm\ngnome-session-3.28.1-13.el8.x86_64.rpm\ngnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm\ngnome-session-debugsource-3.28.1-13.el8.x86_64.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm\ngnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm\ngnome-session-xsession-3.28.1-13.el8.x86_64.rpm\ngnome-settings-daemon-3.32.0-16.el8.x86_64.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm\ngnome-shell-3.32.2-40.el8.x86_64.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm\ngnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm\ngnome-software-3.36.1-10.el8.x86_64.rpm\ngnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm\ngnome-software-debugsource-3.36.1-10.el8.x86_64.rpm\ngsettings-desktop-schemas-3.32.0-6.el8.i686.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm\ngtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-3.22.30-8.el8.i686.rpm\ngtk3-3.22.30-8.el8.x86_64.rpm\ngtk3-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-debugsource-3.22.30-8.el8.i686.rpm\ngtk3-debugsource-3.22.30-8.el8.x86_64.rpm\ngtk3-devel-3.22.30-8.el8.i686.rpm\ngtk3-devel-3.22.30-8.el8.x86_64.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm\nmutter-3.32.2-60.el8.i686.rpm\nmutter-3.32.2-60.el8.x86_64.rpm\nmutter-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-debuginfo-3.32.2-60.el8.x86_64.rpm\nmutter-debugsource-3.32.2-60.el8.i686.rpm\nmutter-debugsource-3.32.2-60.el8.x86_64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm\nvino-3.22.0-11.el8.x86_64.rpm\nvino-debuginfo-3.22.0-11.el8.x86_64.rpm\nvino-debugsource-3.22.0-11.el8.x86_64.rpm\nwebkit2gtk3-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\ngsettings-desktop-schemas-3.32.0-6.el8.src.rpm\n\naarch64:\ngsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm\n\nppc64le:\ngsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm\n\ns390x:\ngsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm\n\nx86_64:\ngsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm\n\nRed Hat Enterprise Linux CRB (v. 8):\n\naarch64:\naccountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm\naccountsservice-debugsource-0.6.55-2.el8.aarch64.rpm\naccountsservice-devel-0.6.55-2.el8.aarch64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm\ngnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm\ngnome-software-debugsource-3.36.1-10.el8.aarch64.rpm\ngnome-software-devel-3.36.1-10.el8.aarch64.rpm\nmutter-debuginfo-3.32.2-60.el8.aarch64.rpm\nmutter-debugsource-3.32.2-60.el8.aarch64.rpm\nmutter-devel-3.32.2-60.el8.aarch64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm\n\nppc64le:\nLibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm\nLibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm\nLibRaw-devel-0.19.5-3.el8.ppc64le.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm\naccountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm\naccountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm\naccountsservice-devel-0.6.55-2.el8.ppc64le.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm\ngnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm\ngnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm\ngnome-software-devel-3.36.1-10.el8.ppc64le.rpm\nmutter-debuginfo-3.32.2-60.el8.ppc64le.rpm\nmutter-debugsource-3.32.2-60.el8.ppc64le.rpm\nmutter-devel-3.32.2-60.el8.ppc64le.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm\n\ns390x:\naccountsservice-debuginfo-0.6.55-2.el8.s390x.rpm\naccountsservice-debugsource-0.6.55-2.el8.s390x.rpm\naccountsservice-devel-0.6.55-2.el8.s390x.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm\ngnome-software-debuginfo-3.36.1-10.el8.s390x.rpm\ngnome-software-debugsource-3.36.1-10.el8.s390x.rpm\ngnome-software-devel-3.36.1-10.el8.s390x.rpm\nmutter-debuginfo-3.32.2-60.el8.s390x.rpm\nmutter-debugsource-3.32.2-60.el8.s390x.rpm\nmutter-devel-3.32.2-60.el8.s390x.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm\n\nx86_64:\nLibRaw-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm\nLibRaw-debugsource-0.19.5-3.el8.i686.rpm\nLibRaw-debugsource-0.19.5-3.el8.x86_64.rpm\nLibRaw-devel-0.19.5-3.el8.i686.rpm\nLibRaw-devel-0.19.5-3.el8.x86_64.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm\naccountsservice-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm\naccountsservice-debugsource-0.6.55-2.el8.i686.rpm\naccountsservice-debugsource-0.6.55-2.el8.x86_64.rpm\naccountsservice-devel-0.6.55-2.el8.i686.rpm\naccountsservice-devel-0.6.55-2.el8.x86_64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm\ngnome-software-3.36.1-10.el8.i686.rpm\ngnome-software-debuginfo-3.36.1-10.el8.i686.rpm\ngnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm\ngnome-software-debugsource-3.36.1-10.el8.i686.rpm\ngnome-software-debugsource-3.36.1-10.el8.x86_64.rpm\ngnome-software-devel-3.36.1-10.el8.i686.rpm\ngnome-software-devel-3.36.1-10.el8.x86_64.rpm\nmutter-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-debuginfo-3.32.2-60.el8.x86_64.rpm\nmutter-debugsource-3.32.2-60.el8.i686.rpm\nmutter-debugsource-3.32.2-60.el8.x86_64.rpm\nmutter-devel-3.32.2-60.el8.i686.rpm\nmutter-devel-3.32.2-60.el8.x86_64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-13558\nhttps://access.redhat.com/security/cve/CVE-2020-24870\nhttps://access.redhat.com/security/cve/CVE-2020-27918\nhttps://access.redhat.com/security/cve/CVE-2020-29623\nhttps://access.redhat.com/security/cve/CVE-2020-36241\nhttps://access.redhat.com/security/cve/CVE-2021-1765\nhttps://access.redhat.com/security/cve/CVE-2021-1788\nhttps://access.redhat.com/security/cve/CVE-2021-1789\nhttps://access.redhat.com/security/cve/CVE-2021-1799\nhttps://access.redhat.com/security/cve/CVE-2021-1801\nhttps://access.redhat.com/security/cve/CVE-2021-1844\nhttps://access.redhat.com/security/cve/CVE-2021-1870\nhttps://access.redhat.com/security/cve/CVE-2021-1871\nhttps://access.redhat.com/security/cve/CVE-2021-21775\nhttps://access.redhat.com/security/cve/CVE-2021-21779\nhttps://access.redhat.com/security/cve/CVE-2021-21806\nhttps://access.redhat.com/security/cve/CVE-2021-28650\nhttps://access.redhat.com/security/cve/CVE-2021-30663\nhttps://access.redhat.com/security/cve/CVE-2021-30665\nhttps://access.redhat.com/security/cve/CVE-2021-30682\nhttps://access.redhat.com/security/cve/CVE-2021-30689\nhttps://access.redhat.com/security/cve/CVE-2021-30720\nhttps://access.redhat.com/security/cve/CVE-2021-30734\nhttps://access.redhat.com/security/cve/CVE-2021-30744\nhttps://access.redhat.com/security/cve/CVE-2021-30749\nhttps://access.redhat.com/security/cve/CVE-2021-30758\nhttps://access.redhat.com/security/cve/CVE-2021-30795\nhttps://access.redhat.com/security/cve/CVE-2021-30797\nhttps://access.redhat.com/security/cve/CVE-2021-30799\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nSecurity Fix(es):\n\n* mig-controller: incorrect namespaces handling may lead to not authorized\nusage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2019088 - \"MigrationController\" CR displays syntax error when unquiescing applications\n2021666 - Route name longer than 63 characters causes direct volume migration to fail\n2021668 - \"MigrationController\" CR ignores the \"cluster_subdomain\" value for direct volume migration routes\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image\n2027196 - \"migration-controller\" pod goes into \"CrashLoopBackoff\" state if an invalid registry route is entered on the \"Clusters\" page of the web console\n2027382 - \"Copy oc describe/oc logs\" window does not close automatically after timeout\n2028841 - \"rsync-client\" container fails during direct volume migration with \"Address family not supported by protocol\" error\n2031793 - \"migration-controller\" pod goes into \"CrashLoopBackOff\" state if \"MigPlan\" CR contains an invalid \"includedResources\" resource\n2039852 - \"migration-controller\" pod goes into \"CrashLoopBackOff\" state if \"MigPlan\" CR contains an invalid \"destMigClusterRef\" or \"srcMigClusterRef\"\n\n5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202104-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: April 30, 2021\n Bugs: #770793, #773193\n ID: 202104-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nBackground\n==========\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from\nhybrid HTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.30.6 \u003e= 2.30.6\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in WebkitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.30.6\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-13558\n https://nvd.nist.gov/vuln/detail/CVE-2020-13558\n[ 2 ] CVE-2020-27918\n https://nvd.nist.gov/vuln/detail/CVE-2020-27918\n[ 3 ] CVE-2020-29623\n https://nvd.nist.gov/vuln/detail/CVE-2020-29623\n[ 4 ] CVE-2020-9947\n https://nvd.nist.gov/vuln/detail/CVE-2020-9947\n[ 5 ] CVE-2021-1765\n https://nvd.nist.gov/vuln/detail/CVE-2021-1765\n[ 6 ] CVE-2021-1789\n https://nvd.nist.gov/vuln/detail/CVE-2021-1789\n[ 7 ] CVE-2021-1799\n https://nvd.nist.gov/vuln/detail/CVE-2021-1799\n[ 8 ] CVE-2021-1801\n https://nvd.nist.gov/vuln/detail/CVE-2021-1801\n[ 9 ] CVE-2021-1870\n https://nvd.nist.gov/vuln/detail/CVE-2021-1870\n[ 10 ] WSA-2021-0001\n https://webkitgtk.org/security/WSA-2021-0001.html\n[ 11 ] WSA-2021-0002\n https://webkitgtk.org/security/WSA-2021-0002.html\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202104-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-4894-1\nMarch 29, 2021\n\nwebkit2gtk vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK. \n\nSoftware Description:\n- webkit2gtk: Web content engine library for GTK+\n\nDetails:\n\nA large number of security issues were discovered in the WebKitGTK Web and\nJavaScript engines. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n libjavascriptcoregtk-4.0-18 2.30.6-0ubuntu0.20.10.1\n libwebkit2gtk-4.0-37 2.30.6-0ubuntu0.20.10.1\n\nUbuntu 20.04 LTS:\n libjavascriptcoregtk-4.0-18 2.30.6-0ubuntu0.20.04.1\n libwebkit2gtk-4.0-37 2.30.6-0ubuntu0.20.04.1\n\nUbuntu 18.04 LTS:\n libjavascriptcoregtk-4.0-18 2.30.6-0ubuntu0.18.04.1\n libwebkit2gtk-4.0-37 2.30.6-0ubuntu0.18.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK, such as Epiphany, to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2\n\niOS 14.2 and iPadOS 14.2 are now available and address the following\nissues. Information about the security content is also available at\nhttps://support.apple.com/HT211929. \n\nAudio\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-\nYear Lab\n\nAudio\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab\n\nCallKit\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A user may answer two calls simultaneously without indication\nthey have answered a second call\nDescription: An issue existed in the handling of incoming calls. \nCVE-2020-27925: Nick Tangri\n\nCoreAudio\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,\nJunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-27909: Anonymous working with Trend Micro Zero Day\nInitiative, JunDong Xie and XingWei Lin of Ant Security Light-Year\nLab\n\nCrash Reporter\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A local attacker may be able to elevate their privileges\nDescription: An issue existed within the path validation logic for\nsymlinks. \nCVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan\n\nFontParser\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Processing a maliciously crafted font may lead to arbitrary\ncode execution. Apple is aware of reports that an exploit for this\nissue exists in the wild. \nCVE-2020-27930: Google Project Zero\n\nFontParser\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab\n\nFoundation\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A local user may be able to read arbitrary files\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-10002: James Hutchins\n\nImageIO\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab\n\nIOAcceleratorFamily\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-27905: Mohamed Ghannam (@_simo36)\n\nKernel\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A malicious application may be able to disclose kernel\nmemory. Apple is aware of reports that an exploit for this issue\nexists in the wild. \nCVE-2020-27950: Google Project Zero\n\nKernel\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-9974: Tommy Muir (@Muirey03)\n\nKernel\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-10016: Alex Helie\n\nKernel\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges. Apple is aware of reports that an exploit for\nthis issue exists in the wild. \nCVE-2020-27932: Google Project Zero\n\nKeyboard\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A person with physical access to an iOS device may be able to\naccess stored passwords without authentication\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2020-27902: Connor Ford (@connorford2)\n\nlibxml2\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-27917: found by OSS-Fuzz\n\nlibxml2\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2020-27911: found by OSS-Fuzz\n\nlibxml2\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-27926: found by OSS-Fuzz\n\nLogging\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: A local attacker may be able to elevate their privileges\nDescription: A path handling issue was addressed with improved\nvalidation. \nCVE-2020-10010: Tommy Muir (@Muirey03)\n\nModel I/O\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-10004: Aleksandar Nikolic of Cisco Talos\n\nModel I/O\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-13524: Aleksandar Nikolic of Cisco Talos\n\nModel I/O\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-10011: Aleksandar Nikolic of Cisco Talos\n\nWebKit\nAvailable for: iPhone 6s and later, iPod touch 7th generation, iPad\nAir 2 and later, and iPad mini 4 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-27918: an anonymous researcher\n\nSafari\nWe would like to acknowledge Gabriel Corona for their assistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 14.2 and iPadOS 14.2\". \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+khmUACgkQZcsbuWJ6\njjA/cxAArQHJ0PJZVPQ5gF3071ZxAlwu7iHuphiiYzM9JYskEJYymSxaRxm3mPaK\nsT+1znbSDecwZLwFM5Luepkk3DHuj2sFRMZvYDfVvxvCvCob2b5ZQTsjfAimxemz\nnrGFcZp/fRGSu1vG1l/wZRta3J6n1WogIvYw+belthcnJHjJ+KThmXL/iDOTRXev\nKgS2K94G6tRAkgIUPuuLFnnrxHNyplzhECJXe55YBnkZxGcOBg0ZF7itF8F4q9sQ\nTtnfgGxgKbkxXXGKID/ihgByEOI1iSSiiCMsKm2OoltaCB1kcOuT0PwuygRBZaDA\nj+HdamnxBErgsQeTvaJPRlIEJFJgVrmr8/nHfKqxNSpF2LxDK+NTXQqo4iAHjy0j\nQN4vmKueIN2j6IQmey3zwlkpao8Wg0mYNt9auWHC/S3aNCFVCEKLwUC9e74Ckbzk\n5kWpUgtQsUdZDkHZRfPhEntB69KFGfaBAv+fZNewtnsVtoiqx8uxSDCsS8FY6qZL\nX/wb2BKgqqmKfketffhihTKGKbBd045tyfjPd1Bodp753U6SKnhPMIQ283uHglEc\nauWTj5YBeFtszLYaDvNi4DMci5olBd6n61kuSt8W+hy9vGPIREfPihsZFSGOwB53\nItcJGAqRgwlUEy4O3HUVugUXIJ3qhoHhV+SPaKcWomW3pJgzpg8=\n=9YuD\n-----END PGP SIGNATURE-----\n\n\n. \n\nCVE-2020-29623\n\n Simon Hunt discovered that users may be unable to fully delete\n their browsing history under some circumstances. \n\nCVE-2021-1799\n\n Gregory Vishnepolsky, Ben Seri and Samy Kamkar discovered that a\n malicious website may be able to access restricted ports on\n arbitrary servers. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.30.6-1~deb10u1. \n\nWe recommend that you upgrade your webkit2gtk packages",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27918"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014226"
},
{
"db": "VULHUB",
"id": "VHN-372029"
},
{
"db": "VULMON",
"id": "CVE-2020-27918"
},
{
"db": "PACKETSTORM",
"id": "164872"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "159969"
},
{
"db": "PACKETSTORM",
"id": "162412"
},
{
"db": "PACKETSTORM",
"id": "162023"
},
{
"db": "PACKETSTORM",
"id": "159953"
},
{
"db": "PACKETSTORM",
"id": "169018"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-372029",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-372029"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-27918",
"trust": 3.3
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/22/1",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "159953",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162023",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162412",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "164872",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99462952",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92370378",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014226",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202011-583",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.1071",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1566",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1486",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3779",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0245",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4060",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1078",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0382",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2194",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3911",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4060.2",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050106",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "159969",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-372029",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-27918",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165631",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169018",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-372029"
},
{
"db": "VULMON",
"id": "CVE-2020-27918"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014226"
},
{
"db": "PACKETSTORM",
"id": "164872"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "159969"
},
{
"db": "PACKETSTORM",
"id": "162412"
},
{
"db": "PACKETSTORM",
"id": "162023"
},
{
"db": "PACKETSTORM",
"id": "159953"
},
{
"db": "PACKETSTORM",
"id": "169018"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-583"
},
{
"db": "NVD",
"id": "CVE-2020-27918"
}
]
},
"id": "VAR-202012-0763",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-372029"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:38:28.577000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT211934 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://www.debian.org/security/2021/dsa-4877"
},
{
"title": "Apple iCloud for Windows Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136400"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-27918 log"
},
{
"title": "Debian Security Advisories: DSA-4877-1 webkit2gtk -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=54614041ef5c5198dc0441d800a306fb"
},
{
"title": "Arch Linux Advisories: [ASA-202103-25] wpewebkit: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202103-25"
},
{
"title": "Arch Linux Advisories: [ASA-202103-24] webkit2gtk: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202103-24"
},
{
"title": "Amazon Linux 2: ALAS2-2023-2088",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-2088"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2020-27918 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-27918"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014226"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-583"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-372029"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014226"
},
{
"db": "NVD",
"id": "CVE-2020-27918"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://support.apple.com/en-us/ht211935"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27918"
},
{
"trust": 1.9,
"url": "https://www.debian.org/security/2021/dsa-4877"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202104-03"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2020/dec/32"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht211928"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht211929"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht211930"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht211931"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht211933"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht211934"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2021/03/22/1"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/l3l6zzou5js7e3rfyglp7uflxcg7tnlu/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jn6zod62cto54chtmjthvef6r2y532tj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/eq3u3vbsojb46wco66tewe5oaxltu3yw/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jn6zod62cto54chtmjthvef6r2y532tj/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/eq3u3vbsojb46wco66tewe5oaxltu3yw/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l3l6zzou5js7e3rfyglp7uflxcg7tnlu/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99462952/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92370378/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3911/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0245"
},
{
"trust": 0.6,
"url": "https://support.apple.com/kb/ht211928"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050106"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162023/ubuntu-security-notice-usn-4894-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0382"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3779"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4060/"
},
{
"trust": 0.6,
"url": "https://support.apple.com/kb/ht211933"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1566"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162412/gentoo-linux-security-advisory-202104-03.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164872/red-hat-security-advisory-2021-4381-05.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkitgtk-multiple-vulnerabilities-34951"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1078"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1486"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159953/apple-security-advisory-2020-11-05-1.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-ios-14-multiple-vulnerabilities-33841"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4060.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2194"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1071"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1799"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1765"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1801"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1870"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29623"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13558"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1789"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30744"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1844"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21775"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1871"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21806"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30734"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30758"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1870"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1801"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36241"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30797"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1765"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13558"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-28650"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24870"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1799"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21779"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-29623"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1789"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27918"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30749"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30795"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30663"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1788"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30799"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30665"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30689"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30682"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10002"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10017"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27916"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27909"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27912"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10010"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10003"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27911"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27917"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27927"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10016"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27905"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27910"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9974"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2020-27918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2020-27918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30689"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1871"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30758"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24870"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36241"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28650"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3575"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15389"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-18032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3948"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27828"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26926"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0202"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15389"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27824"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht211930."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9947"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0002.html"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0001.html"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-4894-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.30.6-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.30.6-0ubuntu0.20.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.30.6-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27926"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27925"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27902"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10011"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27932"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10004"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27950"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht211929."
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/webkit2gtk"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-372029"
},
{
"db": "VULMON",
"id": "CVE-2020-27918"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014226"
},
{
"db": "PACKETSTORM",
"id": "164872"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "159969"
},
{
"db": "PACKETSTORM",
"id": "162412"
},
{
"db": "PACKETSTORM",
"id": "162023"
},
{
"db": "PACKETSTORM",
"id": "159953"
},
{
"db": "PACKETSTORM",
"id": "169018"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-583"
},
{
"db": "NVD",
"id": "CVE-2020-27918"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-372029"
},
{
"db": "VULMON",
"id": "CVE-2020-27918"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-014226"
},
{
"db": "PACKETSTORM",
"id": "164872"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "159969"
},
{
"db": "PACKETSTORM",
"id": "162412"
},
{
"db": "PACKETSTORM",
"id": "162023"
},
{
"db": "PACKETSTORM",
"id": "159953"
},
{
"db": "PACKETSTORM",
"id": "169018"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-583"
},
{
"db": "NVD",
"id": "CVE-2020-27918"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-372029"
},
{
"date": "2020-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27918"
},
{
"date": "2021-08-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-014226"
},
{
"date": "2021-11-10T17:09:58",
"db": "PACKETSTORM",
"id": "164872"
},
{
"date": "2022-01-20T17:48:29",
"db": "PACKETSTORM",
"id": "165631"
},
{
"date": "2020-11-09T18:59:25",
"db": "PACKETSTORM",
"id": "159969"
},
{
"date": "2021-05-03T20:24:45",
"db": "PACKETSTORM",
"id": "162412"
},
{
"date": "2021-03-30T14:29:09",
"db": "PACKETSTORM",
"id": "162023"
},
{
"date": "2020-11-09T18:10:20",
"db": "PACKETSTORM",
"id": "159953"
},
{
"date": "2021-03-28T19:12:00",
"db": "PACKETSTORM",
"id": "169018"
},
{
"date": "2020-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-583"
},
{
"date": "2020-12-08T22:15:18.727000",
"db": "NVD",
"id": "CVE-2020-27918"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-372029"
},
{
"date": "2023-01-09T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27918"
},
{
"date": "2021-08-12T05:22:00",
"db": "JVNDB",
"id": "JVNDB-2020-014226"
},
{
"date": "2022-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-583"
},
{
"date": "2024-11-21T05:22:03.033000",
"db": "NVD",
"id": "CVE-2020-27918"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-583"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Apple\u00a0 Product Free Memory Usage Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-014226"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-583"
}
],
"trust": 0.6
}
}
var-202108-1249
Vulnerability from variot
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. apple's Safari Classic buffer overflow vulnerabilities exist in products from multiple vendors.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. (CVE-2020-27918) "Clear History and Website Data" did not clear the history. A user may be unable to fully delete browsing history. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1789) A port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870) A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775) A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779) An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. The victim needs to visit a malicious web site to trigger the vulnerability. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30799) A use-after-free flaw was found in WebKitGTK. (CVE-2021-30809) A confusion type flaw was found in WebKitGTK. (CVE-2021-30818) An out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30887) An information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888) A buffer overflow flaw was found in WebKitGTK. (CVE-2021-30952) An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30984) ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912) BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762) A segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. An app may be able to disclose kernel memory. Visiting a website that frames malicious content may lead to UI spoofing. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-46700) A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529) A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358) A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360) A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361) A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362) A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363) The vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932) The vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954) An out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373) N/A (CVE-2023-32409).
For the oldstable distribution (buster), these problems have been fixed in version 2.34.4-1~deb10u1.
For the stable distribution (bullseye), these problems have been fixed in version 2.34.4-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-12-15-6 watchOS 8.3
watchOS 8.3 addresses the following issues. CVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab
CFNetwork Proxies Available for: Apple Watch Series 3 and later Impact: User traffic might unexpectedly be leaked to a proxy server despite PAC configurations Description: A logic issue was addressed with improved state management. CVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab
CoreAudio Available for: Apple Watch Series 3 and later Impact: Playing a malicious audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab
Crash Reporter Available for: Apple Watch Series 3 and later Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30916: Zweig of Kunlun Lab
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30937: Sergei Glazunov of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30927: Xinru Chi of Pangu Lab CVE-2021-30980: Xinru Chi of Pangu Lab
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30949: Ian Beer of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2021-30955: Zweig of Kunlun Lab
Preferences Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to elevate privileges Description: A race condition was addressed with improved state handling. CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions. CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved restrictions. CVE-2021-30946: @gorelics
Sandbox Available for: Apple Watch Series 3 and later Impact: An application may be able to access a user's files Description: An access issue was addressed with additional sandbox restrictions. CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security
TCC Available for: Apple Watch Series 3 and later Impact: A local user may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30767: @gorelics
TCC Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass Privacy preferences Description: An inherited permissions issue was addressed with additional restrictions. CVE-2021-30954: Kunlun Lab
Additional recognition
Bluetooth We would like to acknowledge Haram Park, Korea University for their assistance.
ColorSync We would like to acknowledge Mateusz Jurczyk of Google Project Zero for their assistance.
Contacts We would like to acknowledge Minchan Park (03stin) for their assistance.
Kernel We would like to acknowledge Amit Klein of Bar-Ilan University's Center for Research in Applied Cryptography and Cyber Security for their assistance.
WebKit We would like to acknowledge Peter Snyder of Brave and Soroush Karami for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p rhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn wkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1 eG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh TL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj t1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+ wlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz xnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS rwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj FPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj zn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI 1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+ -----END PGP SIGNATURE-----
. ========================================================================== Ubuntu Security Notice USN-5255-1 January 27, 2022
webkit2gtk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Software Description: - webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: libjavascriptcoregtk-4.0-18 2.34.4-0ubuntu0.21.10.1 libwebkit2gtk-4.0-37 2.34.4-0ubuntu0.21.10.1
Ubuntu 20.04 LTS: libjavascriptcoregtk-4.0-18 2.34.4-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 2.34.4-0ubuntu0.20.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1249",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.1"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "8.3"
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "8.3"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "tvos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021216"
},
{
"db": "NVD",
"id": "CVE-2021-30934"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
}
],
"trust": 0.3
},
"cve": "CVE-2021-30934",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-30934",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-390667",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-30934",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-30934",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-30934",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-30934",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-2032",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-390667",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-30934",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390667"
},
{
"db": "VULMON",
"id": "CVE-2021-30934"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021216"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2032"
},
{
"db": "NVD",
"id": "CVE-2021-30934"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. apple\u0027s Safari Classic buffer overflow vulnerabilities exist in products from multiple vendors.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. (CVE-2020-27918)\n\"Clear History and Website Data\" did not clear the history. A user may be unable to fully delete browsing history. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1789)\nA port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870)\nA use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\nA use-after-free vulnerability exists in the way Webkit\u0027s GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779)\nAn exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. The victim needs to visit a malicious web site to trigger the vulnerability. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30799)\nA use-after-free flaw was found in WebKitGTK. (CVE-2021-30809)\nA confusion type flaw was found in WebKitGTK. (CVE-2021-30818)\nAn out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30887)\nAn information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888)\nA buffer overflow flaw was found in WebKitGTK. (CVE-2021-30952)\nAn out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30984)\n** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912)\nBubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762)\nA segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. An app may be able to disclose kernel memory. Visiting a website that frames malicious content may lead to UI spoofing. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-46700)\nA flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529)\nA use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358)\nA use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360)\nA use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361)\nA use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362)\nA use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363)\nThe vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932)\nThe vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954)\nAn out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373)\nN/A (CVE-2023-32409). \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.34.4-1~deb10u1. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.34.4-1~deb11u1. \n\nWe recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-12-15-6 watchOS 8.3\n\nwatchOS 8.3 addresses the following issues. \nCVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab\n\nCFNetwork Proxies\nAvailable for: Apple Watch Series 3 and later\nImpact: User traffic might unexpectedly be leaked to a proxy server\ndespite PAC configurations\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: Apple Watch Series 3 and later\nImpact: Playing a malicious audio file may lead to arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab\n\nCrash Reporter\nAvailable for: Apple Watch Series 3 and later\nImpact: A local attacker may be able to elevate their privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year\nLab, Mickey Jin (@patch1t) of Trend Micro\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30916: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2021-30937: Sergei Glazunov of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30927: Xinru Chi of Pangu Lab\nCVE-2021-30980: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30949: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30955: Zweig of Kunlun Lab\n\nPreferences\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A validation issue related to hard link behavior was\naddressed with improved sandbox restrictions. \nCVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30946: @gorelics\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to access a user\u0027s files\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30767: @gorelics\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: An inherited permissions issue was addressed with\nadditional restrictions. \nCVE-2021-30954: Kunlun Lab\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Haram Park, Korea University for their\nassistance. \n\nColorSync\nWe would like to acknowledge Mateusz Jurczyk of Google Project Zero\nfor their assistance. \n\nContacts\nWe would like to acknowledge Minchan Park (03stin) for their\nassistance. \n\nKernel\nWe would like to acknowledge Amit Klein of Bar-Ilan University\u0027s\nCenter for Research in Applied Cryptography and Cyber Security for\ntheir assistance. \n\nWebKit\nWe would like to acknowledge Peter Snyder of Brave and Soroush Karami\nfor their assistance. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p\nrhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn\nwkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1\neG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh\nTL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj\nt1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+\nwlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz\nxnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS\nrwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj\nFPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj\nzn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI\n1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+\n-----END PGP SIGNATURE-----\n\n\n\n. ==========================================================================\nUbuntu Security Notice USN-5255-1\nJanuary 27, 2022\n\nwebkit2gtk vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK. \n\nSoftware Description:\n- webkit2gtk: Web content engine library for GTK+\n\nDetails:\n\nA large number of security issues were discovered in the WebKitGTK Web and\nJavaScript engines. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n libjavascriptcoregtk-4.0-18 2.34.4-0ubuntu0.21.10.1\n libwebkit2gtk-4.0-37 2.34.4-0ubuntu0.21.10.1\n\nUbuntu 20.04 LTS:\n libjavascriptcoregtk-4.0-18 2.34.4-0ubuntu0.20.04.1\n libwebkit2gtk-4.0-37 2.34.4-0ubuntu0.20.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK, such as Epiphany, to make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-30934"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021216"
},
{
"db": "VULHUB",
"id": "VHN-390667"
},
{
"db": "VULMON",
"id": "CVE-2021-30934"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "PACKETSTORM",
"id": "165765"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-390667",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390667"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-30934",
"trust": 4.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/21/2",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "165360",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165765",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021216",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167037",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022012631",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121510",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121434",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051140",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012301",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0371",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0899",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4260",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0405",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2032",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "165359",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165358",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-390667",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-30934",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169186",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169195",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390667"
},
{
"db": "VULMON",
"id": "CVE-2021-30934"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021216"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "PACKETSTORM",
"id": "165765"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2032"
},
{
"db": "NVD",
"id": "CVE-2021-30934"
}
]
},
"id": "VAR-202108-1249",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-390667"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T22:39:20.492000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212980 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://www.debian.org/security/2022/dsa-5060"
},
{
"title": "Apple iOS and iPadOS Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174510"
},
{
"title": "Red Hat: CVE-2021-30934",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-30934"
},
{
"title": "Debian Security Advisories: DSA-5060-1 webkit2gtk -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=743b4956bba0b69beefec691bcb80a4f"
},
{
"title": "Debian Security Advisories: DSA-5061-1 wpewebkit -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=de655d6c12336519b9a7054c0eb4670d"
},
{
"title": "Amazon Linux 2: ALAS2-2023-2088",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-2088"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-30934"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021216"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2032"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.1
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390667"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021216"
},
{
"db": "NVD",
"id": "CVE-2021-30934"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.openwall.com/lists/oss-security/2022/01/21/2"
},
{
"trust": 2.4,
"url": "https://support.apple.com/en-us/ht212976"
},
{
"trust": 2.4,
"url": "https://support.apple.com/en-us/ht212982"
},
{
"trust": 1.9,
"url": "https://www.debian.org/security/2022/dsa-5060"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2022/dsa-5061"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212975"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212978"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212980"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30934"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-30934"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30953"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165765/ubuntu-security-notice-usn-5255-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0371"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-37064"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167037/red-hat-security-advisory-2022-1777-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121510"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkitgtk-multiple-vulnerabilities-37345"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051140"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4260"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0405"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121434"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0899"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165360/apple-security-advisory-2021-12-15-7.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012301"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012631"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30954"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30952"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30951"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30936"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30984"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30966"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30926"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30957"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30958"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30960"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30916"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30945"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30939"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30955"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30937"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30980"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30949"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30947"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30942"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2023-2088.html"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/webkit2gtk"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30995"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212980."
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212975."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30767"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30964"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212982."
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/wpewebkit"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5255-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.34.4-0ubuntu0.21.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.34.4-0ubuntu0.20.04.1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390667"
},
{
"db": "VULMON",
"id": "CVE-2021-30934"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021216"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "PACKETSTORM",
"id": "165765"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2032"
},
{
"db": "NVD",
"id": "CVE-2021-30934"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-390667"
},
{
"db": "VULMON",
"id": "CVE-2021-30934"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021216"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "PACKETSTORM",
"id": "165765"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2032"
},
{
"db": "NVD",
"id": "CVE-2021-30934"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-390667"
},
{
"date": "2021-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30934"
},
{
"date": "2024-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-021216"
},
{
"date": "2022-01-28T20:12:00",
"db": "PACKETSTORM",
"id": "169186"
},
{
"date": "2021-12-17T19:19:55",
"db": "PACKETSTORM",
"id": "165358"
},
{
"date": "2021-12-17T19:20:06",
"db": "PACKETSTORM",
"id": "165359"
},
{
"date": "2021-12-17T19:23:27",
"db": "PACKETSTORM",
"id": "165360"
},
{
"date": "2022-01-28T20:12:00",
"db": "PACKETSTORM",
"id": "169195"
},
{
"date": "2022-01-28T14:36:27",
"db": "PACKETSTORM",
"id": "165765"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2032"
},
{
"date": "2021-08-24T19:15:20.657000",
"db": "NVD",
"id": "CVE-2021-30934"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-19T00:00:00",
"db": "VULHUB",
"id": "VHN-390667"
},
{
"date": "2022-02-19T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30934"
},
{
"date": "2024-07-18T08:42:00",
"db": "JVNDB",
"id": "JVNDB-2021-021216"
},
{
"date": "2022-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2032"
},
{
"date": "2023-11-07T03:33:56.027000",
"db": "NVD",
"id": "CVE-2021-30934"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "165765"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2032"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0Safari\u00a0 Classic buffer overflow vulnerabilities in products from multiple vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021216"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2032"
}
],
"trust": 0.6
}
}
var-202206-1900
Vulnerability from variot
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. Haxx of cURL Products from multiple other vendors are vulnerable to resource allocation without limits or throttling.Service operation interruption (DoS) It may be in a state. Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207). Bugs fixed (https://bugzilla.redhat.com/):
2041540 - RHACM 2.4 using deprecated APIs in managed clusters 2074766 - vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes 2079418 - cluster update status is stuck, also update is not even visible 2088486 - Policy that creates cluster role is showing as not compliant due to Request entity too large message 2089490 - Upgraded from RHACM 2.2-->2.3-->2.4 and cannot create cluster 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2097464 - ACM Console Becomes Unusable After a Time 2100613 - RHACM 2.4.6 images 2102436 - Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster 2102495 - ManagedClusters in Pending import state after ACM hub migration 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2109354 - CVE-2022-31150 nodejs16: CRLF injection in node-undici 2121396 - CVE-2022-31151 nodejs/undici: Cookie headers uncleared on cross-origin redirect 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2
- Summary:
OpenShift sandboxed containers 1.3.1 is now available. Description:
OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime.
Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory. Solution:
Before applying this update, ensure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2118556 - CVE-2022-2832 blender: Null pointer reference in blender thumbnail extractor
- JIRA issues fixed (https://issues.jboss.org/):
KATA-1751 - CVE-2022-24675 osc-operator-container: golang: encoding/pem: fix stack overflow in Decode [rhosc-1] KATA-1752 - CVE-2022-28327 osc-operator-container: golang: crypto/elliptic: panic caused by oversized scalar [rhosc-1] KATA-1754 - OSC Pod security issue in 4.12 prevents subscribing to operator KATA-1758 - CVE-2022-30632 osc-operator-container: golang: path/filepath: stack exhaustion in Glob [rhosc-1]
- Bugs fixed (https://bugzilla.redhat.com/):
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
- JIRA issues fixed (https://issues.jboss.org/):
LOG-2647 - Add link to log console from pod views LOG-2801 - After upgrade all logs are stored in app indices LOG-2917 - Changing refresh interval throws error when the 'Query' field is empty
- Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es):
-
nodejs-url-parse: authorization bypass through user-controlled key (CVE-2022-0512)
-
npm-url-parse: Authorization bypass through user-controlled key (CVE-2022-0686)
-
npm-url-parse: authorization bypass through user-controlled key (CVE-2022-0691)
-
eventsource: Exposure of Sensitive Information (CVE-2022-1650)
-
nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)
-
nodejs-lodash: command injection via template (CVE-2021-23337)
-
npm-url-parse: Authorization Bypass Through User-Controlled Key (CVE-2022-0639)
-
golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 2054663 - CVE-2022-0512 nodejs-url-parse: authorization bypass through user-controlled key 2057442 - CVE-2022-0639 npm-url-parse: Authorization Bypass Through User-Controlled Key 2060018 - CVE-2022-0686 npm-url-parse: Authorization bypass through user-controlled key 2060020 - CVE-2022-0691 npm-url-parse: authorization bypass through user-controlled key 2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
- These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack.
For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u2.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K i8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD waofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp rXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz Uao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE yIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab SPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF REStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R 1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt TV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38 EPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA= =3E71 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update Advisory ID: RHSA-2022:8840-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2022:8840 Issue date: 2022-12-08 CVE Names: CVE-2022-1292 CVE-2022-2068 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-30522 CVE-2022-31813 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-32221 CVE-2022-35252 CVE-2022-42915 CVE-2022-42916 ==================================================================== 1. Summary:
An update is now available for Red Hat JBoss Core Services.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64 Red Hat JBoss Core Services on RHEL 8 - noarch, x86_64
- Description:
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
-
curl: HSTS bypass via IDN (CVE-2022-42916)
-
curl: HTTP proxy double-free (CVE-2022-42915)
-
curl: POST following PUT confusion (CVE-2022-32221)
-
httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)
-
httpd: mod_sed: DoS vulnerability (CVE-2022-30522)
-
httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)
-
httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)
-
httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)
-
curl: control code in cookie denial of service (CVE-2022-35252)
-
jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330)
-
curl: Unpreserved file permissions (CVE-2022-32207)
-
curl: various flaws (CVE-2022-32206 CVE-2022-32208)
-
openssl: the c_rehash script allows command injection (CVE-2022-2068)
-
openssl: c_rehash script allows command injection (CVE-2022-1292)
-
jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)
-
jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling 2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read 2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite() 2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match() 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism 2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection 2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099305 - CVE-2022-32207 curl: Unpreserved file permissions 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification 2120718 - CVE-2022-35252 curl: control code in cookie denial of service 2135411 - CVE-2022-32221 curl: POST following PUT confusion 2135413 - CVE-2022-42915 curl: HTTP proxy double-free 2135416 - CVE-2022-42916 curl: HSTS bypass via IDN
- Package List:
Red Hat JBoss Core Services on RHEL 7 Server:
Source: jbcs-httpd24-apr-util-1.6.1-99.el7jbcs.src.rpm jbcs-httpd24-curl-7.86.0-2.el7jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-37.el7jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el7jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-18.el7jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-22.el7jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-13.el7jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.src.rpm
noarch: jbcs-httpd24-httpd-manual-2.4.51-37.el7jbcs.noarch.rpm
x86_64: jbcs-httpd24-apr-util-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-curl-7.86.0-2.el7jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.86.0-2.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.86.0-2.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.86.0-2.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-18.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-18.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-22.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-22.el7jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-11.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-13.el7jbcs.x86_64.rpm
Red Hat JBoss Core Services on RHEL 8:
Source: jbcs-httpd24-apr-util-1.6.1-99.el8jbcs.src.rpm jbcs-httpd24-curl-7.86.0-2.el8jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-37.el8jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el8jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-18.el8jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-22.el8jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-13.el8jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.src.rpm
noarch: jbcs-httpd24-httpd-manual-2.4.51-37.el8jbcs.noarch.rpm
x86_64: jbcs-httpd24-apr-util-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-curl-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-18.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-18.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-22.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-22.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-11.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-13.el8jbcs.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-22721 https://access.redhat.com/security/cve/CVE-2022-23943 https://access.redhat.com/security/cve/CVE-2022-26377 https://access.redhat.com/security/cve/CVE-2022-28330 https://access.redhat.com/security/cve/CVE-2022-28614 https://access.redhat.com/security/cve/CVE-2022-28615 https://access.redhat.com/security/cve/CVE-2022-30522 https://access.redhat.com/security/cve/CVE-2022-31813 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32207 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-32221 https://access.redhat.com/security/cve/CVE-2022-35252 https://access.redhat.com/security/cve/CVE-2022-42915 https://access.redhat.com/security/cve/CVE-2022-42916 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBY5ISE9zjgjWX9erEAQixuA//dX5Q3wtu2MRvrjD/sK/r6dqBz4fWWhS9 ws2A8cRa5ki3RlCaYQ3pP7LkRtIdankAP3HG1NU4er/odsMEW5aEgku+5foV7w4M WEd0USLKs3Pw5a7/3TjOBUf5CA7oet03C7/u9idWaLD/ip4UMhskSnz33qFQSFZf FAWNdsRhH8+ql6qFMg9Odv5RFX3i2+wBy5pC69Akr2FBEt9j+/PbvSPWuPD26n6H 0l+QUKrI3OW1EHzz+S/8aEfTFKLluXfhVJn61wdA8Kjs4ZKrnBz8czJjxn4hOi7a z0tpzg5d1BJEf/UB7EdyyLBGRIliWhf978qtG8QS37GEgnQSof2xgcfu1NGiHl9j ypCqX1R4oOkeoISynnZUKWZ1uFp5GkMiRtPu0Bw7WYB6z/8OWZce4yIqh1rcG09d NcyleabDtpJ7C3BJQzpnhXAWjri7oJ6wHBvcbQ9sLj2xkQRX2Zpi0KJGIH8iLwdn Ik+RIZ7u/mXeW3ulcwiQTPYbTQLWGXqgZV1qxJq91HIcu+y3STQwZjb4fZuqjH5M onO/rF2y50l9LqArg/v9KAJUbHSKMDP6r7Dx02J+iKjW3g7NczoImrU7JcyAgce9 mCN7gMmU9bQx1tagIKcKKW5IVN/jHyWKJW/t0teoaECsa2LMgoEIt+6RcmQXWpdF 6t6oQh+b3NY=UGfz -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.5.2 General Availability release images, which fix security issues and bugs. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.5.2 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/
Security fixes:
- moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)
- vm2: Sandbox Escape in vm2 (CVE-2022-36067)
Bug fixes:
-
Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters (BZ# 2074547)
-
OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constrain (BZ# 2082254)
-
subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec (BZ# 2083659)
-
Yaml editor for creating vSphere cluster moves to next line after typing (BZ# 2086883)
-
Submariner addon status doesn't track all deployment failures (BZ# 2090311)
-
Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret (BZ# 2091170)
-
After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors (BZ# 2095481)
-
Enforce failed and report the violation after modified memory value in limitrange policy (BZ# 2100036)
-
Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" (BZ# 2101577)
-
Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies (BZ# 2102273)
-
managed cluster is in "unknown" state for 120 mins after OADP restore
-
RHACM 2.5.2 images (BZ# 2104553)
-
Subscription UI does not allow binding to label with empty value (BZ# 2104961)
-
Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ# 2106069)
-
Region information is not available for Azure cloud in managedcluster CR (BZ# 2107134)
-
cluster uninstall log points to incorrect container name (BZ# 2107359)
-
ACM shows wrong path for Argo CD applicationset git generator (BZ# 2107885)
-
Single node checkbox not visible for 4.11 images (BZ# 2109134)
-
Unable to deploy hypershift cluster when enabling validate-cluster-security (BZ# 2109544)
-
Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application (BZ# 20110026)
-
After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating (BZ# 2117728)
-
pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)
-
ArgoCD and AppSet Applications do not deploy to local-cluster (BZ# 2124707)
-
Solution:
For Red Hat Advanced Cluster Management for Kubernetes, see the following documentation, which will be updated shortly for this release, for important instructions about installing this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing
- Bugs fixed (https://bugzilla.redhat.com/):
2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters 2082254 - OCP 4.11 - Install fails because of: pods "management-ingress-63029-5cf6789dd6-" is forbidden: unable to validate against any security context constraint 2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec 2086883 - Yaml editor for creating vSphere cluster moves to next line after typing 2090311 - Submariner addon status doesn't track all deployment failures 2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret 2095481 - After switching to ACM 2.5 the managed clusters log "unable to create ClusterClaim" errors 2100036 - Enforce failed and report the violation after modified memory value in limitrange policy 2101577 - Creating an application fails with "This application has no subscription match selector (spec.selector.matchExpressions)" 2102273 - Inconsistent cluster resource statuses between "All Subscription" topology and individual topologies 2103653 - managed cluster is in "unknown" state for 120 mins after OADP restore 2104553 - RHACM 2.5.2 images 2104961 - Subscription UI does not allow binding to label with empty value 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD 2107134 - Region information is not available for Azure cloud in managedcluster CR 2107359 - cluster uninstall log points to incorrect container name 2107885 - ACM shows wrong path for Argo CD applicationset git generator 2109134 - Single node checkbox not visible for 4.11 images 2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application 2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating 2122292 - pods in CrashLoopBackoff on 3.11 managed cluster 2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1900",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scalance sc646-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "scalance sc636-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "bootstrap os",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "element software",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "scalance sc642-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "curl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.84.0"
},
{
"model": "scalance sc622-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "scalance sc632-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "scalance sc626-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "scalance sc-642-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "h410s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "scalance sc-632-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "clustered data ontap",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "scalance sc-636-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "curl",
"scope": null,
"trust": 0.8,
"vendor": "haxx",
"version": null
},
{
"model": "hci management node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "bootstrap os",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "h700s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "h500s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "scalance sc626-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance sc-646-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "scalance sc-622-2c",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "solidfire",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "h300s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "element software",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012769"
},
{
"db": "NVD",
"id": "CVE-2022-32206"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168538"
},
{
"db": "PACKETSTORM",
"id": "169443"
},
{
"db": "PACKETSTORM",
"id": "168275"
},
{
"db": "PACKETSTORM",
"id": "168352"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "168378"
},
{
"db": "PACKETSTORM",
"id": "168284"
}
],
"trust": 0.7
},
"cve": "CVE-2022-32206",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-32206",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2022-32206",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-32206",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-32206",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-32206",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2565",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012769"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2565"
},
{
"db": "NVD",
"id": "CVE-2022-32206"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. Haxx of cURL Products from multiple other vendors are vulnerable to resource allocation without limits or throttling.Service operation interruption (DoS) It may be in a state. Harry Sintonen incorrectly handled certain file permissions. \nAn attacker could possibly use this issue to expose sensitive information. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207). Bugs fixed (https://bugzilla.redhat.com/):\n\n2041540 - RHACM 2.4 using deprecated APIs in managed clusters\n2074766 - vSphere network name doesn\u0027t allow entering spaces and doesn\u0027t reflect YAML changes\n2079418 - cluster update status is stuck, also update is not even visible\n2088486 - Policy that creates cluster role is showing as not compliant due to Request entity too large message\n2089490 - Upgraded from RHACM 2.2--\u003e2.3--\u003e2.4 and cannot create cluster\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2097464 - ACM Console Becomes Unusable After a Time\n2100613 - RHACM 2.4.6 images\n2102436 - Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster\n2102495 - ManagedClusters in Pending import state after ACM hub migration\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2109354 - CVE-2022-31150 nodejs16: CRLF injection in node-undici\n2121396 - CVE-2022-31151 nodejs/undici: Cookie headers uncleared on cross-origin redirect\n2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2\n\n5. Summary:\n\nOpenShift sandboxed containers 1.3.1 is now available. Description:\n\nOpenShift sandboxed containers support for OpenShift Container Platform\nprovides users with built-in support for running Kata containers as an\nadditional, optional runtime. \n\nSpace precludes documenting all of the updates to OpenShift sandboxed\ncontainers in this advisory. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2118556 - CVE-2022-2832 blender: Null pointer reference in blender thumbnail extractor\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nKATA-1751 - CVE-2022-24675 osc-operator-container: golang: encoding/pem: fix stack overflow in Decode [rhosc-1]\nKATA-1752 - CVE-2022-28327 osc-operator-container: golang: crypto/elliptic: panic caused by oversized scalar [rhosc-1]\nKATA-1754 - OSC Pod security issue in 4.12 prevents subscribing to operator\nKATA-1758 - CVE-2022-30632 osc-operator-container: golang: path/filepath: stack exhaustion in Glob [rhosc-1]\n\n6. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2647 - Add link to log console from pod views\nLOG-2801 - After upgrade all logs are stored in app indices\nLOG-2917 - Changing refresh interval throws error when the \u0027Query\u0027 field is empty\n\n6. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nSecurity Fix(es):\n\n* nodejs-url-parse: authorization bypass through user-controlled key\n(CVE-2022-0512)\n\n* npm-url-parse: Authorization bypass through user-controlled key\n(CVE-2022-0686)\n\n* npm-url-parse: authorization bypass through user-controlled key\n(CVE-2022-0691)\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n(CVE-2020-28500)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\n* npm-url-parse: Authorization Bypass Through User-Controlled Key\n(CVE-2022-0639)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1928937 - CVE-2021-23337 nodejs-lodash: command injection via template\n1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n2054663 - CVE-2022-0512 nodejs-url-parse: authorization bypass through user-controlled key\n2057442 - CVE-2022-0639 npm-url-parse: Authorization Bypass Through User-Controlled Key\n2060018 - CVE-2022-0686 npm-url-parse: Authorization bypass through user-controlled key\n2060020 - CVE-2022-0691 npm-url-parse: authorization bypass through user-controlled key\n2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n\n5. These flaws may allow remote attackers to obtain sensitive\ninformation, leak authentication or cookie header data or facilitate a\ndenial of service attack. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 7.74.0-1.3+deb11u2. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K\ni8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD\nwaofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp\nrXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz\nUao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE\nyIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab\nSPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF\nREStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R\n1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt\nTV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38\nEPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA=\n=3E71\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update\nAdvisory ID: RHSA-2022:8840-01\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:8840\nIssue date: 2022-12-08\nCVE Names: CVE-2022-1292 CVE-2022-2068 CVE-2022-22721\n CVE-2022-23943 CVE-2022-26377 CVE-2022-28330\n CVE-2022-28614 CVE-2022-28615 CVE-2022-30522\n CVE-2022-31813 CVE-2022-32206 CVE-2022-32207\n CVE-2022-32208 CVE-2022-32221 CVE-2022-35252\n CVE-2022-42915 CVE-2022-42916\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Core Services. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64\nRed Hat JBoss Core Services on RHEL 8 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nService Pack 1 serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.51, and includes bug fixes and enhancements, which\nare documented in the Release Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* curl: HSTS bypass via IDN (CVE-2022-42916)\n\n* curl: HTTP proxy double-free (CVE-2022-42915)\n\n* curl: POST following PUT confusion (CVE-2022-32221)\n\n* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n(CVE-2022-31813)\n\n* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)\n\n* httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)\n\n* httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)\n\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)\n\n* curl: control code in cookie denial of service (CVE-2022-35252)\n\n* jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330)\n\n* curl: Unpreserved file permissions (CVE-2022-32207)\n\n* curl: various flaws (CVE-2022-32206 CVE-2022-32208)\n\n* openssl: the c_rehash script allows command injection (CVE-2022-2068)\n\n* openssl: c_rehash script allows command injection (CVE-2022-1292)\n\n* jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large\nor unlimited LimitXMLRequestBody (CVE-2022-22721)\n\n* jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds\n(CVE-2022-23943)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for\nthis update to take effect. After installing the updated packages, the\nhttpd daemon will be restarted automatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds\n2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody\n2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection\n2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling\n2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read\n2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite()\n2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match()\n2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability\n2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection\n2099300 - CVE-2022-32206 curl: HTTP compression denial of service\n2099305 - CVE-2022-32207 curl: Unpreserved file permissions\n2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification\n2120718 - CVE-2022-35252 curl: control code in cookie denial of service\n2135411 - CVE-2022-32221 curl: POST following PUT confusion\n2135413 - CVE-2022-42915 curl: HTTP proxy double-free\n2135416 - CVE-2022-42916 curl: HSTS bypass via IDN\n\n6. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-apr-util-1.6.1-99.el7jbcs.src.rpm\njbcs-httpd24-curl-7.86.0-2.el7jbcs.src.rpm\njbcs-httpd24-httpd-2.4.51-37.el7jbcs.src.rpm\njbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.src.rpm\njbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el7jbcs.src.rpm\njbcs-httpd24-mod_md-2.4.0-18.el7jbcs.src.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.src.rpm\njbcs-httpd24-mod_security-2.9.3-22.el7jbcs.src.rpm\njbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.src.rpm\njbcs-httpd24-openssl-1.1.1k-13.el7jbcs.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.51-37.el7jbcs.noarch.rpm\n\nx86_64:\njbcs-httpd24-apr-util-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-debuginfo-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-devel-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-curl-7.86.0-2.el7jbcs.x86_64.rpm\njbcs-httpd24-curl-debuginfo-7.86.0-2.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-libcurl-7.86.0-2.el7jbcs.x86_64.rpm\njbcs-httpd24-libcurl-devel-7.86.0-2.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_md-2.4.0-18.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.4.0-18.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_security-2.9.3-22.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.3-22.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_session-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.43.0-11.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1k-13.el7jbcs.x86_64.rpm\n\nRed Hat JBoss Core Services on RHEL 8:\n\nSource:\njbcs-httpd24-apr-util-1.6.1-99.el8jbcs.src.rpm\njbcs-httpd24-curl-7.86.0-2.el8jbcs.src.rpm\njbcs-httpd24-httpd-2.4.51-37.el8jbcs.src.rpm\njbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.src.rpm\njbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el8jbcs.src.rpm\njbcs-httpd24-mod_md-2.4.0-18.el8jbcs.src.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.src.rpm\njbcs-httpd24-mod_security-2.9.3-22.el8jbcs.src.rpm\njbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.src.rpm\njbcs-httpd24-openssl-1.1.1k-13.el8jbcs.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.51-37.el8jbcs.noarch.rpm\n\nx86_64:\njbcs-httpd24-apr-util-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-devel-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-curl-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-curl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-devel-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_md-2.4.0-18.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.4.0-18.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_security-2.9.3-22.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.3-22.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_session-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_session-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.43.0-11.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1k-13.el8jbcs.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-1292\nhttps://access.redhat.com/security/cve/CVE-2022-2068\nhttps://access.redhat.com/security/cve/CVE-2022-22721\nhttps://access.redhat.com/security/cve/CVE-2022-23943\nhttps://access.redhat.com/security/cve/CVE-2022-26377\nhttps://access.redhat.com/security/cve/CVE-2022-28330\nhttps://access.redhat.com/security/cve/CVE-2022-28614\nhttps://access.redhat.com/security/cve/CVE-2022-28615\nhttps://access.redhat.com/security/cve/CVE-2022-30522\nhttps://access.redhat.com/security/cve/CVE-2022-31813\nhttps://access.redhat.com/security/cve/CVE-2022-32206\nhttps://access.redhat.com/security/cve/CVE-2022-32207\nhttps://access.redhat.com/security/cve/CVE-2022-32208\nhttps://access.redhat.com/security/cve/CVE-2022-32221\nhttps://access.redhat.com/security/cve/CVE-2022-35252\nhttps://access.redhat.com/security/cve/CVE-2022-42915\nhttps://access.redhat.com/security/cve/CVE-2022-42916\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY5ISE9zjgjWX9erEAQixuA//dX5Q3wtu2MRvrjD/sK/r6dqBz4fWWhS9\nws2A8cRa5ki3RlCaYQ3pP7LkRtIdankAP3HG1NU4er/odsMEW5aEgku+5foV7w4M\nWEd0USLKs3Pw5a7/3TjOBUf5CA7oet03C7/u9idWaLD/ip4UMhskSnz33qFQSFZf\nFAWNdsRhH8+ql6qFMg9Odv5RFX3i2+wBy5pC69Akr2FBEt9j+/PbvSPWuPD26n6H\n0l+QUKrI3OW1EHzz+S/8aEfTFKLluXfhVJn61wdA8Kjs4ZKrnBz8czJjxn4hOi7a\nz0tpzg5d1BJEf/UB7EdyyLBGRIliWhf978qtG8QS37GEgnQSof2xgcfu1NGiHl9j\nypCqX1R4oOkeoISynnZUKWZ1uFp5GkMiRtPu0Bw7WYB6z/8OWZce4yIqh1rcG09d\nNcyleabDtpJ7C3BJQzpnhXAWjri7oJ6wHBvcbQ9sLj2xkQRX2Zpi0KJGIH8iLwdn\nIk+RIZ7u/mXeW3ulcwiQTPYbTQLWGXqgZV1qxJq91HIcu+y3STQwZjb4fZuqjH5M\nonO/rF2y50l9LqArg/v9KAJUbHSKMDP6r7Dx02J+iKjW3g7NczoImrU7JcyAgce9\nmCN7gMmU9bQx1tagIKcKKW5IVN/jHyWKJW/t0teoaECsa2LMgoEIt+6RcmQXWpdF\n6t6oQh+b3NY=UGfz\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.5.2 General\nAvailability release images, which fix security issues and bugs. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.5.2 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/\n\nSecurity fixes:\n\n* moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)\n* vm2: Sandbox Escape in vm2 (CVE-2022-36067)\n\nBug fixes:\n\n* Submariner Globalnet e2e tests failed on MTU between On-Prem to Public\nclusters (BZ# 2074547)\n\n* OCP 4.11 - Install fails because of: pods\n\"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate\nagainst any security context constrain (BZ# 2082254)\n\n* subctl gather fails to gather libreswan data if CableDriver field is\nmissing/empty in Submariner Spec (BZ# 2083659)\n\n* Yaml editor for creating vSphere cluster moves to next line after typing\n(BZ# 2086883)\n\n* Submariner addon status doesn\u0027t track all deployment failures (BZ#\n2090311)\n\n* Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn\nwithout including s3 secret (BZ# 2091170)\n\n* After switching to ACM 2.5 the managed clusters log \"unable to create\nClusterClaim\" errors (BZ# 2095481)\n\n* Enforce failed and report the violation after modified memory value in\nlimitrange policy (BZ# 2100036)\n\n* Creating an application fails with \"This application has no subscription\nmatch selector (spec.selector.matchExpressions)\" (BZ# 2101577)\n\n* Inconsistent cluster resource statuses between \"All Subscription\"\ntopology and individual topologies (BZ# 2102273)\n\n* managed cluster is in \"unknown\" state for 120 mins after OADP restore\n\n* RHACM 2.5.2 images (BZ# 2104553)\n\n* Subscription UI does not allow binding to label with empty value (BZ#\n2104961)\n\n* Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD (BZ#\n2106069)\n\n* Region information is not available for Azure cloud in managedcluster CR\n(BZ# 2107134)\n\n* cluster uninstall log points to incorrect container name (BZ# 2107359)\n\n* ACM shows wrong path for Argo CD applicationset git generator (BZ#\n2107885)\n\n* Single node checkbox not visible for 4.11 images (BZ# 2109134)\n\n* Unable to deploy hypershift cluster when enabling\nvalidate-cluster-security (BZ# 2109544)\n\n* Deletion of Application (including app related resources) from the\nconsole fails to delete PlacementRule for the application (BZ# 20110026)\n\n* After the creation by a policy of job or deployment (in case the object\nis missing)ACM is trying to add new containers instead of updating (BZ#\n2117728)\n\n* pods in CrashLoopBackoff on 3.11 managed cluster (BZ# 2122292)\n\n* ArgoCD and AppSet Applications do not deploy to local-cluster (BZ#\n2124707)\n\n3. Solution:\n\nFor Red Hat Advanced Cluster Management for Kubernetes, see the following\ndocumentation, which will be updated shortly for this release, for\nimportant\ninstructions about installing this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2074547 - Submariner Globalnet e2e tests failed on MTU between On-Prem to Public clusters\n2082254 - OCP 4.11 - Install fails because of: pods \"management-ingress-63029-5cf6789dd6-\" is forbidden: unable to validate against any security context constraint\n2083659 - subctl gather fails to gather libreswan data if CableDriver field is missing/empty in Submariner Spec\n2086883 - Yaml editor for creating vSphere cluster moves to next line after typing\n2090311 - Submariner addon status doesn\u0027t track all deployment failures\n2091170 - Unable to deploy Hypershift operator on MCE hub using ManagedClusterAddOn without including s3 secret\n2095481 - After switching to ACM 2.5 the managed clusters log \"unable to create ClusterClaim\" errors\n2100036 - Enforce failed and report the violation after modified memory value in limitrange policy\n2101577 - Creating an application fails with \"This application has no subscription match selector (spec.selector.matchExpressions)\"\n2102273 - Inconsistent cluster resource statuses between \"All Subscription\" topology and individual topologies\n2103653 - managed cluster is in \"unknown\" state for 120 mins after OADP restore\n2104553 - RHACM 2.5.2 images\n2104961 - Subscription UI does not allow binding to label with empty value\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2106069 - Upgrade to 2.5.1 from 2.5.0 fails due to missing Subscription CRD\n2107134 - Region information is not available for Azure cloud in managedcluster CR\n2107359 - cluster uninstall log points to incorrect container name\n2107885 - ACM shows wrong path for Argo CD applicationset git generator\n2109134 - Single node checkbox not visible for 4.11 images\n2110026 - Deletion of Application (including app related resources) from the console fails to delete PlacementRule for the application\n2117728 - After the creation by a policy of job or deployment (in case the object is missing)ACM is trying to add new containers instead of updating\n2122292 - pods in CrashLoopBackoff on 3.11 managed cluster\n2124707 - ArgoCD and AppSet Applications do not deploy to local-cluster\n2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32206"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012769"
},
{
"db": "VULMON",
"id": "CVE-2022-32206"
},
{
"db": "PACKETSTORM",
"id": "168538"
},
{
"db": "PACKETSTORM",
"id": "169443"
},
{
"db": "PACKETSTORM",
"id": "168275"
},
{
"db": "PACKETSTORM",
"id": "168352"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "168378"
},
{
"db": "PACKETSTORM",
"id": "168284"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-32206",
"trust": 4.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/02/15/3",
"trust": 2.4
},
{
"db": "SIEMENS",
"id": "SSA-333517",
"trust": 2.4
},
{
"db": "HACKERONE",
"id": "1570651",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-22-349-18",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-103-09",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91561630",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94715153",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012769",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169443",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "170166",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168378",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168284",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.3366",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6333",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3732",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6290",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4468",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4757",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3143",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3238",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4324",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5247",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4266",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4112",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3117",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5632",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2163",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4525",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4568",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168347",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167607",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168301",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168174",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168503",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071152",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062927",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2565",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-32206",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168538",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168275",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168352",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169318",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32206"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012769"
},
{
"db": "PACKETSTORM",
"id": "168538"
},
{
"db": "PACKETSTORM",
"id": "169443"
},
{
"db": "PACKETSTORM",
"id": "168275"
},
{
"db": "PACKETSTORM",
"id": "168352"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "168378"
},
{
"db": "PACKETSTORM",
"id": "168284"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2565"
},
{
"db": "NVD",
"id": "CVE-2022-32206"
}
]
},
"id": "VAR-202206-1900",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5566514
},
"last_update_date": "2024-11-29T21:39:59.178000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "curl Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=198520"
},
{
"title": "Ubuntu Security Notice: USN-5495-1: curl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5495-1"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32206"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2565"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.0
},
{
"problemtype": "Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012769"
},
{
"db": "NVD",
"id": "CVE-2022-32206"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 2.4,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 2.4,
"url": "http://www.openwall.com/lists/oss-security/2023/02/15/3"
},
{
"trust": 2.4,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
},
{
"trust": 2.4,
"url": "https://hackerone.com/reports/1570651"
},
{
"trust": 2.4,
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"trust": 2.4,
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"trust": 2.4,
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"trust": 2.4,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 2.4,
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
},
{
"trust": 1.4,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91561630/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94715153/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-18"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-09"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-32206"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-32208"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-29154"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/curl-denial-of-service-via-http-compression-38671"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062927"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168347/red-hat-security-advisory-2022-6422-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6290"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168301/red-hat-security-advisory-2022-6287-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168174/red-hat-security-advisory-2022-6157-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4112"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170166/red-hat-security-advisory-2022-8840-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168378/red-hat-security-advisory-2022-6507-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5247"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6333"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3366"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168503/red-hat-security-advisory-2022-6560-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4757"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167607/ubuntu-security-notice-usn-5495-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2163"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071152"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3238"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168284/red-hat-security-advisory-2022-6183-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4266"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-32206/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5632"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4468"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4324"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4525"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169443/red-hat-security-advisory-2022-7058-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3117"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4568"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-2097"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-1586"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-1785"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-1897"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-1927"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-2526"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
},
{
"trust": 0.3,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-30631"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-32250"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-36067"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-20107"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-30629"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1012"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-40528"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0391"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-29824"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-34903"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-32148"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1705"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32148"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1705"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5495-1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1729"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21123"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27776"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28915"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21123"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21166"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21125"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22576"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1729"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27774"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31151"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30632"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/sandboxed_containers/sandboxed-containers-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7058"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/sandboxed_containers/upgrade-sandboxed-containers.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40674"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6344"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8559"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4189"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20095"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3634"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0686"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3737"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6429"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0512"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28493"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1650"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32207"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42916"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-35252"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28614"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26377"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30522"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6507"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32250"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6183"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32206"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012769"
},
{
"db": "PACKETSTORM",
"id": "168538"
},
{
"db": "PACKETSTORM",
"id": "169443"
},
{
"db": "PACKETSTORM",
"id": "168275"
},
{
"db": "PACKETSTORM",
"id": "168352"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "168378"
},
{
"db": "PACKETSTORM",
"id": "168284"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2565"
},
{
"db": "NVD",
"id": "CVE-2022-32206"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-32206"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012769"
},
{
"db": "PACKETSTORM",
"id": "168538"
},
{
"db": "PACKETSTORM",
"id": "169443"
},
{
"db": "PACKETSTORM",
"id": "168275"
},
{
"db": "PACKETSTORM",
"id": "168352"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "168378"
},
{
"db": "PACKETSTORM",
"id": "168284"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2565"
},
{
"db": "NVD",
"id": "CVE-2022-32206"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-012769"
},
{
"date": "2022-09-27T16:01:00",
"db": "PACKETSTORM",
"id": "168538"
},
{
"date": "2022-10-20T14:21:57",
"db": "PACKETSTORM",
"id": "169443"
},
{
"date": "2022-09-07T16:50:50",
"db": "PACKETSTORM",
"id": "168275"
},
{
"date": "2022-09-13T15:42:14",
"db": "PACKETSTORM",
"id": "168352"
},
{
"date": "2022-08-28T19:12:00",
"db": "PACKETSTORM",
"id": "169318"
},
{
"date": "2022-12-08T21:28:44",
"db": "PACKETSTORM",
"id": "170166"
},
{
"date": "2022-09-14T15:08:07",
"db": "PACKETSTORM",
"id": "168378"
},
{
"date": "2022-09-07T16:57:47",
"db": "PACKETSTORM",
"id": "168284"
},
{
"date": "2022-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2565"
},
{
"date": "2022-07-07T13:15:08.340000",
"db": "NVD",
"id": "CVE-2022-32206"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-09-01T08:15:00",
"db": "JVNDB",
"id": "JVNDB-2022-012769"
},
{
"date": "2023-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2565"
},
{
"date": "2024-03-27T15:00:54.267000",
"db": "NVD",
"id": "CVE-2022-32206"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2565"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Haxx\u00a0 of \u00a0cURL\u00a0 Vulnerabilities related to unrestricted or throttled resource allocation in products from multiple other vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012769"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2565"
}
],
"trust": 0.6
}
}
var-202207-0791
Vulnerability from variot
Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks. Git contains an uncontrolled search path element vulnerability. This vulnerability is CVE-2022-24765 And related vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-5511-1 July 13, 2022
git vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Git could be made to run arbitrary commands as an administrator if it received specially crafted inputs. An attacker could possibly use this issue to run arbitrary commands as administrator. (CVE-2022-29187)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: git 1:2.34.1-1ubuntu1.4
Ubuntu 21.10: git 1:2.32.0-1ubuntu1.3
Ubuntu 20.04 LTS: git 1:2.25.1-1ubuntu3.5
Ubuntu 18.04 LTS: git 1:2.17.1-1ubuntu0.12
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: git security and bug fix update Advisory ID: RHSA-2023:2319-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2319 Issue date: 2023-05-09 CVE Names: CVE-2022-24765 CVE-2022-29187 CVE-2022-39253 CVE-2022-39260 ==================================================================== 1. Summary:
An update for git is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64
- As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.
Security Fix(es):
-
git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree (CVE-2022-24765)
-
git: Bypass of safe.directory protections (CVE-2022-29187)
-
git: exposure of sensitive information to a malicious actor (CVE-2022-39253)
-
git: git shell function that splits command arguments can lead to arbitrary heap writes. (CVE-2022-39260)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2073414 - CVE-2022-24765 git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree 2107439 - CVE-2022-29187 git: Bypass of safe.directory protections 2137422 - CVE-2022-39253 git: exposure of sensitive information to a malicious actor 2137423 - CVE-2022-39260 git: git shell function that splits command arguments can lead to arbitrary heap writes. 2139379 - Rebase git to 2.39 version [rhel-9.2]
- Package List:
Red Hat Enterprise Linux AppStream (v. 9):
Source: git-2.39.1-1.el9.src.rpm
aarch64: git-2.39.1-1.el9.aarch64.rpm git-core-2.39.1-1.el9.aarch64.rpm git-core-debuginfo-2.39.1-1.el9.aarch64.rpm git-credential-libsecret-2.39.1-1.el9.aarch64.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.aarch64.rpm git-daemon-2.39.1-1.el9.aarch64.rpm git-daemon-debuginfo-2.39.1-1.el9.aarch64.rpm git-debuginfo-2.39.1-1.el9.aarch64.rpm git-debugsource-2.39.1-1.el9.aarch64.rpm git-subtree-2.39.1-1.el9.aarch64.rpm
noarch: git-all-2.39.1-1.el9.noarch.rpm git-core-doc-2.39.1-1.el9.noarch.rpm git-email-2.39.1-1.el9.noarch.rpm git-gui-2.39.1-1.el9.noarch.rpm git-instaweb-2.39.1-1.el9.noarch.rpm git-svn-2.39.1-1.el9.noarch.rpm gitk-2.39.1-1.el9.noarch.rpm gitweb-2.39.1-1.el9.noarch.rpm perl-Git-2.39.1-1.el9.noarch.rpm perl-Git-SVN-2.39.1-1.el9.noarch.rpm
ppc64le: git-2.39.1-1.el9.ppc64le.rpm git-core-2.39.1-1.el9.ppc64le.rpm git-core-debuginfo-2.39.1-1.el9.ppc64le.rpm git-credential-libsecret-2.39.1-1.el9.ppc64le.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.ppc64le.rpm git-daemon-2.39.1-1.el9.ppc64le.rpm git-daemon-debuginfo-2.39.1-1.el9.ppc64le.rpm git-debuginfo-2.39.1-1.el9.ppc64le.rpm git-debugsource-2.39.1-1.el9.ppc64le.rpm git-subtree-2.39.1-1.el9.ppc64le.rpm
s390x: git-2.39.1-1.el9.s390x.rpm git-core-2.39.1-1.el9.s390x.rpm git-core-debuginfo-2.39.1-1.el9.s390x.rpm git-credential-libsecret-2.39.1-1.el9.s390x.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.s390x.rpm git-daemon-2.39.1-1.el9.s390x.rpm git-daemon-debuginfo-2.39.1-1.el9.s390x.rpm git-debuginfo-2.39.1-1.el9.s390x.rpm git-debugsource-2.39.1-1.el9.s390x.rpm git-subtree-2.39.1-1.el9.s390x.rpm
x86_64: git-2.39.1-1.el9.x86_64.rpm git-core-2.39.1-1.el9.x86_64.rpm git-core-debuginfo-2.39.1-1.el9.x86_64.rpm git-credential-libsecret-2.39.1-1.el9.x86_64.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.x86_64.rpm git-daemon-2.39.1-1.el9.x86_64.rpm git-daemon-debuginfo-2.39.1-1.el9.x86_64.rpm git-debuginfo-2.39.1-1.el9.x86_64.rpm git-debugsource-2.39.1-1.el9.x86_64.rpm git-subtree-2.39.1-1.el9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-24765 https://access.redhat.com/security/cve/CVE-2022-29187 https://access.redhat.com/security/cve/CVE-2022-39253 https://access.redhat.com/security/cve/CVE-2022-39260 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBZFo03tzjgjWX9erEAQhYSg//bKkon2hHN6jSsXXntqw9ViT5zo9r/KTD cV+t7GM4ipVK8j4EW8EnQKrJBWAzsEhqM2vh9MvM/PpTQ2I/JP53YbTed0qgxE3T SU07XMVbh1BA7OKyJ+eKfWJLBT03/VzzaepqQPwyHyFDAegJ/L9DlZOkHc9NJrfa R+N2Hde/TmUlnRl737ltWtQHE1QSTV1PQZuXb3AEWm6FDe7O62F0GpsuIWj1z8oo IIDLHRjp/mCqT6/A70NIRQvcwhLfRYYMOezKL80iGi7WwRokwEScDFE+gzB9FLrf pjNBFZkQVVxMVYOejArmPuLINaEdZJo/HAOiEtw9gOTzALyKFbWwOHDmSzz1hgbz kqFtZgwnpVZNs3UubXCgWeP4aU9xueZeyBHKNQKVERODtrKFt5jbpPrXu6qGyP9O 6GSgMbUDO5OMqOhTKQiMbKj5gO2DfOIO6vNP5eFwvSXPJG0ZlPIzAJD1cwZdtsVK wWBIMfjjc8zUh8OYm+CWg/lgpZLkQxe/wtFcC7Pw1u7nkN95npMXM3O75R8xe1zg xsa+wzjCmVRwrO2gLnT7/NUkY3saShCvBD+A82trnasbVlI/49oiojZY1PI3CZtz afQDlfLvgygNkV3e5CGe5p9PILwmFbrpALV43dEz6eY+MbeuoE6I7ON8tYtmx4Ds hOpSLJjOLjE=YQQZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-11-01-1 Xcode 14.1
Xcode 14.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213496.
Git Available for: macOS Monterey 12.5 and later Impact: Multiple issues in git Description: Multiple issues were addressed by updating to git version 2.32.3. CVE-2022-29187: Carlo Marcelo Arenas Belón and Johannes Schindelin
Git Available for: macOS Monterey 12.5 and later Impact: Cloning a malicious repository may result in the disclosure of sensitive information Description: This issue was addressed with improved checks. CVE-2022-39253: Cory Snider of Mirantis
Git Available for: macOS Monterey 12.5 and later Impact: A remote user may cause an unexpected app termination or arbitrary code execution if git shell is allowed as a login shell Description: This issue was addressed with improved checks. CVE-2022-39260: Kevin Backhouse of the GitHub Security Lab
IDE Xcode Server Available for: macOS Monterey 12.5 and later Impact: An app may be able to gain root privileges Description: An injection issue was addressed with improved input validation. CVE-2022-42797: Tim Michaud (@TimGMichaud) of Moveworks.ai
Xcode 14.1 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "Xcode 14.1". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. An attacker may trigger remote code execution, cause local users into executing arbitrary commands, leak information from the local filesystem, and bypass restricted shell.
This update includes two changes of behavior that may affect certain setup: - It stops when directory traversal changes ownership from the current user while looking for a top-level git directory, a user could make an exception by using the new safe.directory configuration. - The default of protocol.file.allow has been changed from "always" to "user".
For the stable distribution (bullseye), these problems have been fixed in version 1:2.30.2-1+deb11u1.
We recommend that you upgrade your git packages.
Background
libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API.
Impact
Usages of a malicious crafted Git repository could allow the creator of the repository to elevate privileges to those of the user accessing the repository.
Workaround
Administrators can ensure that their usages of libgit2 only interact with repositories which have only been modified by trusted users. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202312-15
https://security.gentoo.org/
Severity: High Title: Git: Multiple Vulnerabilities Date: December 27, 2023 Bugs: #838127, #857831, #877565, #891221, #894472, #905088 ID: 202312-15
Synopsis
Several vulnerabilities have been found in Git, the worst of which could lead to remote code execution.
Background
Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.
Affected packages
Package Vulnerable Unaffected
dev-vcs/git < 2.39.3 >= 2.39.3
Description
Multiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Git users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/git-2.39.3"
References
[ 1 ] CVE-2022-23521 https://nvd.nist.gov/vuln/detail/CVE-2022-23521 [ 2 ] CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 [ 3 ] CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 [ 4 ] CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 [ 5 ] CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 [ 6 ] CVE-2022-41903 https://nvd.nist.gov/vuln/detail/CVE-2022-41903 [ 7 ] CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 [ 8 ] CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 [ 9 ] CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 [ 10 ] CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 [ 11 ] CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202312-15
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0791",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "git",
"scope": "lt",
"trust": 1.0,
"vendor": "git scm",
"version": "2.35.4"
},
{
"model": "git",
"scope": "lt",
"trust": 1.0,
"vendor": "git scm",
"version": "2.33.4"
},
{
"model": "git",
"scope": "lt",
"trust": 1.0,
"vendor": "git scm",
"version": "2.32.3"
},
{
"model": "git",
"scope": "gte",
"trust": 1.0,
"vendor": "git scm",
"version": "2.32.1"
},
{
"model": "git",
"scope": "lt",
"trust": 1.0,
"vendor": "git scm",
"version": "2.31.4"
},
{
"model": "git",
"scope": "gte",
"trust": 1.0,
"vendor": "git scm",
"version": "2.35.2"
},
{
"model": "xcode",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.1"
},
{
"model": "git",
"scope": "gte",
"trust": 1.0,
"vendor": "git scm",
"version": "2.37.0"
},
{
"model": "git",
"scope": "lt",
"trust": 1.0,
"vendor": "git scm",
"version": "2.34.4"
},
{
"model": "git",
"scope": "gte",
"trust": 1.0,
"vendor": "git scm",
"version": "2.33.2"
},
{
"model": "git",
"scope": "lt",
"trust": 1.0,
"vendor": "git scm",
"version": "2.36.2"
},
{
"model": "git",
"scope": "gte",
"trust": 1.0,
"vendor": "git scm",
"version": "2.30.3"
},
{
"model": "git",
"scope": "gte",
"trust": 1.0,
"vendor": "git scm",
"version": "2.36.0"
},
{
"model": "git",
"scope": "gte",
"trust": 1.0,
"vendor": "git scm",
"version": "2.31.2"
},
{
"model": "git",
"scope": "lt",
"trust": 1.0,
"vendor": "git scm",
"version": "2.30.5"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "git",
"scope": "gte",
"trust": 1.0,
"vendor": "git scm",
"version": "2.34.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "git",
"scope": "lt",
"trust": 1.0,
"vendor": "git scm",
"version": "2.37.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "git",
"scope": null,
"trust": 0.8,
"vendor": "git scm",
"version": null
},
{
"model": "xcode",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015238"
},
{
"db": "NVD",
"id": "CVE-2022-29187"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "172366"
},
{
"db": "PACKETSTORM",
"id": "172210"
}
],
"trust": 0.2
},
"cve": "CVE-2022-29187",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2022-29187",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-420721",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-29187",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-015238",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-29187",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2022-29187",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-29187",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-1179",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-420721",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-29187",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420721"
},
{
"db": "VULMON",
"id": "CVE-2022-29187"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015238"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-1179"
},
{
"db": "NVD",
"id": "CVE-2022-29187"
},
{
"db": "NVD",
"id": "CVE-2022-29187"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks. Git contains an uncontrolled search path element vulnerability. This vulnerability is CVE-2022-24765 And related vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ==========================================================================\nUbuntu Security Notice USN-5511-1\nJuly 13, 2022\n\ngit vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nGit could be made to run arbitrary commands as an administrator\nif it received specially crafted inputs. An attacker could possibly use this issue to\nrun arbitrary commands as administrator. (CVE-2022-29187)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n git 1:2.34.1-1ubuntu1.4\n\nUbuntu 21.10:\n git 1:2.32.0-1ubuntu1.3\n\nUbuntu 20.04 LTS:\n git 1:2.25.1-1ubuntu3.5\n\nUbuntu 18.04 LTS:\n git 1:2.17.1-1ubuntu0.12\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: git security and bug fix update\nAdvisory ID: RHSA-2023:2319-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:2319\nIssue date: 2023-05-09\nCVE Names: CVE-2022-24765 CVE-2022-29187 CVE-2022-39253\n CVE-2022-39260\n====================================================================\n1. Summary:\n\nAn update for git is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git repository\nis an exact copy with complete revision history. This not only allows the\nuser to work on and contribute to projects without the need to have\npermission to push the changes to their official repositories, but also\nmakes it possible for the user to work with no network connection. \n\nSecurity Fix(es):\n\n* git: On multi-user machines Git users might find themselves unexpectedly\nin a Git worktree (CVE-2022-24765)\n\n* git: Bypass of safe.directory protections (CVE-2022-29187)\n\n* git: exposure of sensitive information to a malicious actor\n(CVE-2022-39253)\n\n* git: git shell function that splits command arguments can lead to\narbitrary heap writes. (CVE-2022-39260)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 9.2 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2073414 - CVE-2022-24765 git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree\n2107439 - CVE-2022-29187 git: Bypass of safe.directory protections\n2137422 - CVE-2022-39253 git: exposure of sensitive information to a malicious actor\n2137423 - CVE-2022-39260 git: git shell function that splits command arguments can lead to arbitrary heap writes. \n2139379 - Rebase git to 2.39 version [rhel-9.2]\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\nSource:\ngit-2.39.1-1.el9.src.rpm\n\naarch64:\ngit-2.39.1-1.el9.aarch64.rpm\ngit-core-2.39.1-1.el9.aarch64.rpm\ngit-core-debuginfo-2.39.1-1.el9.aarch64.rpm\ngit-credential-libsecret-2.39.1-1.el9.aarch64.rpm\ngit-credential-libsecret-debuginfo-2.39.1-1.el9.aarch64.rpm\ngit-daemon-2.39.1-1.el9.aarch64.rpm\ngit-daemon-debuginfo-2.39.1-1.el9.aarch64.rpm\ngit-debuginfo-2.39.1-1.el9.aarch64.rpm\ngit-debugsource-2.39.1-1.el9.aarch64.rpm\ngit-subtree-2.39.1-1.el9.aarch64.rpm\n\nnoarch:\ngit-all-2.39.1-1.el9.noarch.rpm\ngit-core-doc-2.39.1-1.el9.noarch.rpm\ngit-email-2.39.1-1.el9.noarch.rpm\ngit-gui-2.39.1-1.el9.noarch.rpm\ngit-instaweb-2.39.1-1.el9.noarch.rpm\ngit-svn-2.39.1-1.el9.noarch.rpm\ngitk-2.39.1-1.el9.noarch.rpm\ngitweb-2.39.1-1.el9.noarch.rpm\nperl-Git-2.39.1-1.el9.noarch.rpm\nperl-Git-SVN-2.39.1-1.el9.noarch.rpm\n\nppc64le:\ngit-2.39.1-1.el9.ppc64le.rpm\ngit-core-2.39.1-1.el9.ppc64le.rpm\ngit-core-debuginfo-2.39.1-1.el9.ppc64le.rpm\ngit-credential-libsecret-2.39.1-1.el9.ppc64le.rpm\ngit-credential-libsecret-debuginfo-2.39.1-1.el9.ppc64le.rpm\ngit-daemon-2.39.1-1.el9.ppc64le.rpm\ngit-daemon-debuginfo-2.39.1-1.el9.ppc64le.rpm\ngit-debuginfo-2.39.1-1.el9.ppc64le.rpm\ngit-debugsource-2.39.1-1.el9.ppc64le.rpm\ngit-subtree-2.39.1-1.el9.ppc64le.rpm\n\ns390x:\ngit-2.39.1-1.el9.s390x.rpm\ngit-core-2.39.1-1.el9.s390x.rpm\ngit-core-debuginfo-2.39.1-1.el9.s390x.rpm\ngit-credential-libsecret-2.39.1-1.el9.s390x.rpm\ngit-credential-libsecret-debuginfo-2.39.1-1.el9.s390x.rpm\ngit-daemon-2.39.1-1.el9.s390x.rpm\ngit-daemon-debuginfo-2.39.1-1.el9.s390x.rpm\ngit-debuginfo-2.39.1-1.el9.s390x.rpm\ngit-debugsource-2.39.1-1.el9.s390x.rpm\ngit-subtree-2.39.1-1.el9.s390x.rpm\n\nx86_64:\ngit-2.39.1-1.el9.x86_64.rpm\ngit-core-2.39.1-1.el9.x86_64.rpm\ngit-core-debuginfo-2.39.1-1.el9.x86_64.rpm\ngit-credential-libsecret-2.39.1-1.el9.x86_64.rpm\ngit-credential-libsecret-debuginfo-2.39.1-1.el9.x86_64.rpm\ngit-daemon-2.39.1-1.el9.x86_64.rpm\ngit-daemon-debuginfo-2.39.1-1.el9.x86_64.rpm\ngit-debuginfo-2.39.1-1.el9.x86_64.rpm\ngit-debugsource-2.39.1-1.el9.x86_64.rpm\ngit-subtree-2.39.1-1.el9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-24765\nhttps://access.redhat.com/security/cve/CVE-2022-29187\nhttps://access.redhat.com/security/cve/CVE-2022-39253\nhttps://access.redhat.com/security/cve/CVE-2022-39260\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZFo03tzjgjWX9erEAQhYSg//bKkon2hHN6jSsXXntqw9ViT5zo9r/KTD\ncV+t7GM4ipVK8j4EW8EnQKrJBWAzsEhqM2vh9MvM/PpTQ2I/JP53YbTed0qgxE3T\nSU07XMVbh1BA7OKyJ+eKfWJLBT03/VzzaepqQPwyHyFDAegJ/L9DlZOkHc9NJrfa\nR+N2Hde/TmUlnRl737ltWtQHE1QSTV1PQZuXb3AEWm6FDe7O62F0GpsuIWj1z8oo\nIIDLHRjp/mCqT6/A70NIRQvcwhLfRYYMOezKL80iGi7WwRokwEScDFE+gzB9FLrf\npjNBFZkQVVxMVYOejArmPuLINaEdZJo/HAOiEtw9gOTzALyKFbWwOHDmSzz1hgbz\nkqFtZgwnpVZNs3UubXCgWeP4aU9xueZeyBHKNQKVERODtrKFt5jbpPrXu6qGyP9O\n6GSgMbUDO5OMqOhTKQiMbKj5gO2DfOIO6vNP5eFwvSXPJG0ZlPIzAJD1cwZdtsVK\nwWBIMfjjc8zUh8OYm+CWg/lgpZLkQxe/wtFcC7Pw1u7nkN95npMXM3O75R8xe1zg\nxsa+wzjCmVRwrO2gLnT7/NUkY3saShCvBD+A82trnasbVlI/49oiojZY1PI3CZtz\nafQDlfLvgygNkV3e5CGe5p9PILwmFbrpALV43dEz6eY+MbeuoE6I7ON8tYtmx4Ds\nhOpSLJjOLjE=YQQZ\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-11-01-1 Xcode 14.1\n\nXcode 14.1 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213496. \n\nGit\nAvailable for: macOS Monterey 12.5 and later\nImpact: Multiple issues in git\nDescription: Multiple issues were addressed by updating to git\nversion 2.32.3. \nCVE-2022-29187: Carlo Marcelo Arenas Bel\u00f3n and Johannes Schindelin\n\nGit\nAvailable for: macOS Monterey 12.5 and later\nImpact: Cloning a malicious repository may result in the disclosure\nof sensitive information\nDescription: This issue was addressed with improved checks. \nCVE-2022-39253: Cory Snider of Mirantis\n\nGit\nAvailable for: macOS Monterey 12.5 and later\nImpact: A remote user may cause an unexpected app termination or\narbitrary code execution if git shell is allowed as a login shell\nDescription: This issue was addressed with improved checks. \nCVE-2022-39260: Kevin Backhouse of the GitHub Security Lab\n\nIDE Xcode Server\nAvailable for: macOS Monterey 12.5 and later\nImpact: An app may be able to gain root privileges\nDescription: An injection issue was addressed with improved input\nvalidation. \nCVE-2022-42797: Tim Michaud (@TimGMichaud) of Moveworks.ai\n\nXcode 14.1 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/ To check that the Xcode\nhas been updated: * Select Xcode in the menu bar * Select About\nXcode * The version after applying this update will be \"Xcode 14.1\". \nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \nAn attacker may trigger remote code execution, cause local users into\nexecuting arbitrary commands, leak information from the local filesystem,\nand bypass restricted shell. \n\nThis update includes two changes of behavior that may affect certain setup:\n - It stops when directory traversal changes ownership from the current\n user while looking for a top-level git directory, a user could make an\n exception by using the new safe.directory configuration. \n - The default of protocol.file.allow has been changed from \"always\" to\n \"user\". \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1:2.30.2-1+deb11u1. \n\nWe recommend that you upgrade your git packages. \n\nBackground\n=========\nlibgit2 is a portable, pure C implementation of the Git core methods\nprovided as a re-entrant linkable library with a solid API. \n\nImpact\n=====\nUsages of a malicious crafted Git repository could allow the creator of\nthe repository to elevate privileges to those of the user accessing the\nrepository. \n\nWorkaround\n=========\nAdministrators can ensure that their usages of libgit2 only interact\nwith repositories which have only been modified by trusted users. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202312-15\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Git: Multiple Vulnerabilities\n Date: December 27, 2023\n Bugs: #838127, #857831, #877565, #891221, #894472, #905088\n ID: 202312-15\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nSeveral vulnerabilities have been found in Git, the worst of which could\nlead to remote code execution. \n\nBackground\n==========\n\nGit is a free and open source distributed version control system\ndesigned to handle everything from small to very large projects with\nspeed and efficiency. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n----------- ------------ ------------\ndev-vcs/git \u003c 2.39.3 \u003e= 2.39.3\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Git. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Git users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-vcs/git-2.39.3\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-23521\n https://nvd.nist.gov/vuln/detail/CVE-2022-23521\n[ 2 ] CVE-2022-24765\n https://nvd.nist.gov/vuln/detail/CVE-2022-24765\n[ 3 ] CVE-2022-29187\n https://nvd.nist.gov/vuln/detail/CVE-2022-29187\n[ 4 ] CVE-2022-39253\n https://nvd.nist.gov/vuln/detail/CVE-2022-39253\n[ 5 ] CVE-2022-39260\n https://nvd.nist.gov/vuln/detail/CVE-2022-39260\n[ 6 ] CVE-2022-41903\n https://nvd.nist.gov/vuln/detail/CVE-2022-41903\n[ 7 ] CVE-2023-22490\n https://nvd.nist.gov/vuln/detail/CVE-2023-22490\n[ 8 ] CVE-2023-23946\n https://nvd.nist.gov/vuln/detail/CVE-2023-23946\n[ 9 ] CVE-2023-25652\n https://nvd.nist.gov/vuln/detail/CVE-2023-25652\n[ 10 ] CVE-2023-25815\n https://nvd.nist.gov/vuln/detail/CVE-2023-25815\n[ 11 ] CVE-2023-29007\n https://nvd.nist.gov/vuln/detail/CVE-2023-29007\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202312-15\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-29187"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015238"
},
{
"db": "VULHUB",
"id": "VHN-420721"
},
{
"db": "VULMON",
"id": "CVE-2022-29187"
},
{
"db": "PACKETSTORM",
"id": "167744"
},
{
"db": "PACKETSTORM",
"id": "172366"
},
{
"db": "PACKETSTORM",
"id": "172210"
},
{
"db": "PACKETSTORM",
"id": "169735"
},
{
"db": "PACKETSTORM",
"id": "170787"
},
{
"db": "PACKETSTORM",
"id": "176551"
},
{
"db": "PACKETSTORM",
"id": "176313"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-29187",
"trust": 4.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/07/14/1",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-24-046-11",
"trust": 0.9
},
{
"db": "PACKETSTORM",
"id": "167744",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169735",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "170787",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91198149",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015238",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022072538",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071416",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071350",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072638",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3430",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4630",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3674",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5479",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202207-1179",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-420721",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-29187",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172366",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172210",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "176551",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "176313",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420721"
},
{
"db": "VULMON",
"id": "CVE-2022-29187"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015238"
},
{
"db": "PACKETSTORM",
"id": "167744"
},
{
"db": "PACKETSTORM",
"id": "172366"
},
{
"db": "PACKETSTORM",
"id": "172210"
},
{
"db": "PACKETSTORM",
"id": "169735"
},
{
"db": "PACKETSTORM",
"id": "170787"
},
{
"db": "PACKETSTORM",
"id": "176551"
},
{
"db": "PACKETSTORM",
"id": "176313"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-1179"
},
{
"db": "NVD",
"id": "CVE-2022-29187"
}
]
},
"id": "VAR-202207-0791",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-420721"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:14:02.795000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213496 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html"
},
{
"title": "Github Git Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=216957"
},
{
"title": "Ubuntu Security Notice: USN-5511-1: Git vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5511-1"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1623",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1623"
},
{
"title": "Debian CVElist Bug Report Logs: git: CVE-2022-29187",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=31324a5ad54489fd6559d515d47be3cb"
},
{
"title": "Red Hat: Moderate: git security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20232319 - Security Advisory"
},
{
"title": "Red Hat: Moderate: git security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20232859 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1820",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1820"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-29187"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2022-29187"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-118",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-118"
},
{
"title": "Amazon Linux 2022: ALAS-2022-236",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS-2022-236"
},
{
"title": "https://github.com/9069332997/session-1-full-stack",
"trust": 0.1,
"url": "https://github.com/9069332997/session-1-full-stack "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-29187"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015238"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-1179"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-282",
"trust": 1.1
},
{
"problemtype": "CWE-427",
"trust": 1.1
},
{
"problemtype": "Uncontrolled search path elements (CWE-427) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420721"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015238"
},
{
"db": "NVD",
"id": "CVE-2022-29187"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.openwall.com/lists/oss-security/2022/07/14/1"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213496"
},
{
"trust": 1.8,
"url": "https://github.com/git/git/security/advisories/ghsa-j342-m5hw-rr3v"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/nov/1"
},
{
"trust": 1.8,
"url": "https://github.blog/2022-04-12-git-security-vulnerability-announced"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html"
},
{
"trust": 1.5,
"url": "https://lore.kernel.org/git/xmqqv8s2fefi.fsf@gitster.g/t/#u"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29187"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202312-15"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202401-17"
},
{
"trust": 1.1,
"url": "https://lore.kernel.org/git/xmqqv8s2fefi.fsf%40gitster.g/t/#u"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/trzg5cduq27owtpc5mqor4uasnxhwezs/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ddi325loo2xbddklinoaqjeg6mhaurze/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/dikwiswudft2faityia6372bvlh3oooc/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/yrocmbwyfkrss64po6funm6l7lkbukvw/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hvoler2pigmhpqmdgg4rde2kzb74qla2/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/udzrzal7qulob6v7mkt66momwjlbjpx4/"
},
{
"trust": 0.9,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91198149/index.html"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ddi325loo2xbddklinoaqjeg6mhaurze/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/trzg5cduq27owtpc5mqor4uasnxhwezs/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hvoler2pigmhpqmdgg4rde2kzb74qla2/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/udzrzal7qulob6v7mkt66momwjlbjpx4/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/dikwiswudft2faityia6372bvlh3oooc/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/yrocmbwyfkrss64po6funm6l7lkbukvw/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071350"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169735/apple-security-advisory-2022-11-01-1.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213496"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-29187/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3430"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072638"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/git-code-execution-via-safe-directory-bypass-38786"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3674"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4630"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5479"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170787/debian-security-advisory-5332-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167744/ubuntu-security-notice-usn-5511-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072538"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071416"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24765"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39260"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39253"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5511-1"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-39260"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24765"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-39253"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-29187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41903"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23521"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/427.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/282.html"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1623.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.12"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/git/1:2.32.0-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2859"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2319"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42797"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213496."
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/git"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-29007"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-25815"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-25652"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-22490"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-420721"
},
{
"db": "VULMON",
"id": "CVE-2022-29187"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015238"
},
{
"db": "PACKETSTORM",
"id": "167744"
},
{
"db": "PACKETSTORM",
"id": "172366"
},
{
"db": "PACKETSTORM",
"id": "172210"
},
{
"db": "PACKETSTORM",
"id": "169735"
},
{
"db": "PACKETSTORM",
"id": "170787"
},
{
"db": "PACKETSTORM",
"id": "176551"
},
{
"db": "PACKETSTORM",
"id": "176313"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-1179"
},
{
"db": "NVD",
"id": "CVE-2022-29187"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-420721"
},
{
"db": "VULMON",
"id": "CVE-2022-29187"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015238"
},
{
"db": "PACKETSTORM",
"id": "167744"
},
{
"db": "PACKETSTORM",
"id": "172366"
},
{
"db": "PACKETSTORM",
"id": "172210"
},
{
"db": "PACKETSTORM",
"id": "169735"
},
{
"db": "PACKETSTORM",
"id": "170787"
},
{
"db": "PACKETSTORM",
"id": "176551"
},
{
"db": "PACKETSTORM",
"id": "176313"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-1179"
},
{
"db": "NVD",
"id": "CVE-2022-29187"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-420721"
},
{
"date": "2022-07-12T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29187"
},
{
"date": "2023-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-015238"
},
{
"date": "2022-07-14T14:29:12",
"db": "PACKETSTORM",
"id": "167744"
},
{
"date": "2023-05-16T17:08:14",
"db": "PACKETSTORM",
"id": "172366"
},
{
"date": "2023-05-09T15:18:13",
"db": "PACKETSTORM",
"id": "172210"
},
{
"date": "2022-11-08T13:42:03",
"db": "PACKETSTORM",
"id": "169735"
},
{
"date": "2023-01-30T16:35:13",
"db": "PACKETSTORM",
"id": "170787"
},
{
"date": "2024-01-15T13:55:20",
"db": "PACKETSTORM",
"id": "176551"
},
{
"date": "2023-12-27T14:55:24",
"db": "PACKETSTORM",
"id": "176313"
},
{
"date": "2022-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-1179"
},
{
"date": "2022-07-12T21:15:09.560000",
"db": "NVD",
"id": "CVE-2022-29187"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-31T00:00:00",
"db": "VULHUB",
"id": "VHN-420721"
},
{
"date": "2024-01-14T00:00:00",
"db": "VULMON",
"id": "CVE-2022-29187"
},
{
"date": "2024-02-19T06:55:00",
"db": "JVNDB",
"id": "JVNDB-2022-015238"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-1179"
},
{
"date": "2024-01-14T10:15:08.090000",
"db": "NVD",
"id": "CVE-2022-29187"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-1179"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Git\u00a0 Vulnerability regarding uncontrolled search path elements in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015238"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-1179"
}
],
"trust": 0.6
}
}
var-202112-1608
Vulnerability from variot
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. The server is fast, reliable, and can be expanded through simple APIs. An attacker can use this vulnerability to cause a buffer overflow. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6
macOS Big Sur 11.6.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213256.
apache Available for: macOS Big Sur Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721
AppKit Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team
AppleAVD Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22675: an anonymous researcher
AppleGraphicsControl Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro
AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro
CoreTypes Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2022-22663: Arsenii Kostromin (0x3c3e)
CVMS Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori
DriverKit Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
Graphics Drivers Available for: macOS Big Sur Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2022-22674: an anonymous researcher
Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc
Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic)
Intel Graphics Driver Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative
IOMobileFrameBuffer Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero
LaunchServices Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with additional permissions checks. CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing
LaunchServices Available for: macOS Big Sur Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e)
libresolv Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team
LibreSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778
libxml2 Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308
OpenSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778
PackageKit Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed by removing the vulnerable code. CVE-2022-26712: Mickey Jin (@patch1t)
Printing Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics
Security Available for: macOS Big Sur Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB Available for: macOS Big Sur Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26723: Felix Poulin-Belanger
SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs
SoftwareUpdate Available for: macOS Big Sur Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t)
TCC Available for: macOS Big Sur Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher
Tcl Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e)
Vim Available for: macOS Big Sur Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128
WebKit Available for: macOS Big Sur Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)
Wi-Fi Available for: macOS Big Sur Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher
Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval
zip Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530
zlib Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy
zsh Available for: macOS Big Sur Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444
Additional recognition
Bluetooth We would like to acknowledge Jann Horn of Project Zero for their assistance.
macOS Big Sur 11.6.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p rhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er K8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW qtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/ vZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP yXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj SY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR VZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF aC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc R2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO zymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4 d22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o= =rtPl -----END PGP SIGNATURE-----
. Summary:
An update for httpd is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64
Security Fix(es):
-
httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)
-
httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling (CVE-2022-22720)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Package List:
Red Hat Enterprise Linux Server AUS (v. 7.6):
Source: httpd-2.4.6-89.el7_6.4.src.rpm
noarch: httpd-manual-2.4.6-89.el7_6.4.noarch.rpm
x86_64: httpd-2.4.6-89.el7_6.4.x86_64.rpm httpd-debuginfo-2.4.6-89.el7_6.4.x86_64.rpm httpd-devel-2.4.6-89.el7_6.4.x86_64.rpm httpd-tools-2.4.6-89.el7_6.4.x86_64.rpm mod_session-2.4.6-89.el7_6.4.x86_64.rpm mod_ssl-2.4.6-89.el7_6.4.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.6):
Source: httpd-2.4.6-89.el7_6.4.src.rpm
noarch: httpd-manual-2.4.6-89.el7_6.4.noarch.rpm
ppc64le: httpd-2.4.6-89.el7_6.4.ppc64le.rpm httpd-debuginfo-2.4.6-89.el7_6.4.ppc64le.rpm httpd-devel-2.4.6-89.el7_6.4.ppc64le.rpm httpd-tools-2.4.6-89.el7_6.4.ppc64le.rpm mod_session-2.4.6-89.el7_6.4.ppc64le.rpm mod_ssl-2.4.6-89.el7_6.4.ppc64le.rpm
x86_64: httpd-2.4.6-89.el7_6.4.x86_64.rpm httpd-debuginfo-2.4.6-89.el7_6.4.x86_64.rpm httpd-devel-2.4.6-89.el7_6.4.x86_64.rpm httpd-tools-2.4.6-89.el7_6.4.x86_64.rpm mod_session-2.4.6-89.el7_6.4.x86_64.rpm mod_ssl-2.4.6-89.el7_6.4.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.6):
Source: httpd-2.4.6-89.el7_6.4.src.rpm
noarch: httpd-manual-2.4.6-89.el7_6.4.noarch.rpm
x86_64: httpd-2.4.6-89.el7_6.4.x86_64.rpm httpd-debuginfo-2.4.6-89.el7_6.4.x86_64.rpm httpd-devel-2.4.6-89.el7_6.4.x86_64.rpm httpd-tools-2.4.6-89.el7_6.4.x86_64.rpm mod_session-2.4.6-89.el7_6.4.x86_64.rpm mod_ssl-2.4.6-89.el7_6.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.6):
x86_64: httpd-debuginfo-2.4.6-89.el7_6.4.x86_64.rpm mod_ldap-2.4.6-89.el7_6.4.x86_64.rpm mod_proxy_html-2.4.6-89.el7_6.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional E4S (v. 7.6):
ppc64le: httpd-debuginfo-2.4.6-89.el7_6.4.ppc64le.rpm mod_ldap-2.4.6-89.el7_6.4.ppc64le.rpm mod_proxy_html-2.4.6-89.el7_6.4.ppc64le.rpm
x86_64: httpd-debuginfo-2.4.6-89.el7_6.4.x86_64.rpm mod_ldap-2.4.6-89.el7_6.4.x86_64.rpm mod_proxy_html-2.4.6-89.el7_6.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 7.6):
x86_64: httpd-debuginfo-2.4.6-89.el7_6.4.x86_64.rpm mod_ldap-2.4.6-89.el7_6.4.x86_64.rpm mod_proxy_html-2.4.6-89.el7_6.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-44790 https://access.redhat.com/security/cve/CVE-2022-22720 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
For the oldstable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u7.
For the stable distribution (bullseye), these problems have been fixed in version 2.4.52-1~deb11u2.
We recommend that you upgrade your apache2 packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20
https://security.gentoo.org/
Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20
Synopsis
Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Apache HTTPD users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"
All Apache HTTPD tools users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"
References
[ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-20
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Description:
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):
2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files
- ========================================================================== Ubuntu Security Notice USN-5212-2 January 10, 2022
apache2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Apache HTTP Server. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly perform a Server Side Request Forgery attack. (CVE-2021-44790)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm4 apache2-bin 2.4.18-2ubuntu3.17+esm4
Ubuntu 14.04 ESM: apache2 2.4.7-1ubuntu4.22+esm3 apache2-bin 2.4.7-1ubuntu4.22+esm3
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-1608",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "tenable.sc",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "5.20.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.51"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.6"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.4"
},
{
"model": "tenable.sc",
"scope": "gte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.16.0"
},
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "cloud backup",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "oracle communications session report manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications operations monitor",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications session element manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "http server",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "tenable.sc",
"scope": null,
"trust": 0.8,
"vendor": "tenable",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "http server",
"scope": "lte",
"trust": 0.6,
"vendor": "apache",
"version": "\u003c=2.4.51"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102386"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016455"
},
{
"db": "NVD",
"id": "CVE-2021-44790"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166576"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "166154"
},
{
"db": "PACKETSTORM",
"id": "165710"
},
{
"db": "PACKETSTORM",
"id": "165747"
}
],
"trust": 0.5
},
"cve": "CVE-2021-44790",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-44790",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-102386",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-408105",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-44790",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-44790",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-44790",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-44790",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-102386",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-408105",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102386"
},
{
"db": "VULHUB",
"id": "VHN-408105"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016455"
},
{
"db": "NVD",
"id": "CVE-2021-44790"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. The server is fast, reliable, and can be expanded through simple APIs. An attacker can use this vulnerability to cause a buffer overflow. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6\n\nmacOS Big Sur 11.6.6 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213256. \n\napache\nAvailable for: macOS Big Sur\nImpact: Multiple issues in apache\nDescription: Multiple issues were addressed by updating apache to\nversion 2.4.53. \nCVE-2021-44224\nCVE-2021-44790\nCVE-2022-22719\nCVE-2022-22720\nCVE-2022-22721\n\nAppKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleAVD\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22675: an anonymous researcher\n\nAppleGraphicsControl\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day\nInitiative\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-26698: Qi Sun of Trend Micro\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26697: Qi Sun and Robert Ai of Trend Micro\n\nCoreTypes\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved checks to prevent\nunauthorized actions. \nCVE-2022-22663: Arsenii Kostromin (0x3c3e)\n\nCVMS\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A memory initialization issue was addressed. \nCVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori\nCVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori\n\nDriverKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: An out-of-bounds access issue was addressed with\nimproved bounds checking. \nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\nGraphics Drivers\nAvailable for: macOS Big Sur\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed with improved input\nvalidation. \nCVE-2022-22674: an anonymous researcher\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26720: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26770: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26756: Jack Dates of RET2 Systems, Inc\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26769: Antonio Zekic (@antoniozekic)\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro\nZero Day Initiative\n\nIOMobileFrameBuffer\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26768: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs\n(@starlabs_sg)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-26757: Ned Williamson of Google Project Zero\n\nLaunchServices\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-26767: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nLaunchServices\nAvailable for: macOS Big Sur\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions on third-party applications. \nCVE-2022-26706: Arsenii Kostromin (0x3c3e)\n\nlibresolv\nAvailable for: macOS Big Sur\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)\nof the Google Security Team\n\nLibreSSL\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2022-0778\n\nlibxml2\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-23308\n\nOpenSSL\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: This issue was addressed with improved checks. \nCVE-2022-0778\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26712: Mickey Jin (@patch1t)\n\nPrinting\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26746: @gorelics\n\nSecurity\nAvailable for: macOS Big Sur\nImpact: A malicious app may be able to bypass signature validation\nDescription: A certificate parsing issue was addressed with improved\nchecks. \nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\nSMB\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26718: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSMB\nAvailable for: macOS Big Sur\nImpact: Mounting a maliciously crafted Samba network share may lead\nto arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26723: Felix Poulin-Belanger\n\nSMB\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26715: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSoftwareUpdate\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to access restricted\nfiles\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-26728: Mickey Jin (@patch1t)\n\nTCC\nAvailable for: macOS Big Sur\nImpact: An app may be able to capture a user\u0027s screen\nDescription: This issue was addressed with improved checks. \nCVE-2022-26726: an anonymous researcher\n\nTcl\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: This issue was addressed with improved environment\nsanitization. \nCVE-2022-26755: Arsenii Kostromin (0x3c3e)\n\nVim\nAvailable for: macOS Big Sur\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted mail message may lead to\nrunning arbitrary javascript\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu\nof Palo Alto Networks (paloaltonetworks.com)\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: A malicious application may disclose restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26745: an anonymous researcher\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2022-26761: Wang Yu of Cyberserval\n\nzip\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to a denial of\nservice\nDescription: A denial of service issue was addressed with improved\nstate handling. \nCVE-2022-0530\n\nzlib\nAvailable for: macOS Big Sur\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-25032: Tavis Ormandy\n\nzsh\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: This issue was addressed by updating to zsh version\n5.8.1. \nCVE-2021-45444\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Jann Horn of Project Zero for their\nassistance. \n\nmacOS Big Sur 11.6.6 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p\nrhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er\nK8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW\nqtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/\nvZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP\nyXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj\nSY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR\nVZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF\naC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc\nR2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO\nzymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4\nd22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o=\n=rtPl\n-----END PGP SIGNATURE-----\n\n\n. Summary:\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7.6\nAdvanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update\nSupport, and Red Hat Enterprise Linux 7.6 Update Services for SAP\nSolutions. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64\n\n3. \n\nSecurity Fix(es):\n\n* httpd: mod_lua: Possible buffer overflow when parsing multipart content\n(CVE-2021-44790)\n\n* httpd: Errors encountered during the discarding of request body lead to\nHTTP request smuggling (CVE-2022-22720)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Package List:\n\nRed Hat Enterprise Linux Server AUS (v. 7.6):\n\nSource:\nhttpd-2.4.6-89.el7_6.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-89.el7_6.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-89.el7_6.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-89.el7_6.4.x86_64.rpm\nhttpd-devel-2.4.6-89.el7_6.4.x86_64.rpm\nhttpd-tools-2.4.6-89.el7_6.4.x86_64.rpm\nmod_session-2.4.6-89.el7_6.4.x86_64.rpm\nmod_ssl-2.4.6-89.el7_6.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.6):\n\nSource:\nhttpd-2.4.6-89.el7_6.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-89.el7_6.4.noarch.rpm\n\nppc64le:\nhttpd-2.4.6-89.el7_6.4.ppc64le.rpm\nhttpd-debuginfo-2.4.6-89.el7_6.4.ppc64le.rpm\nhttpd-devel-2.4.6-89.el7_6.4.ppc64le.rpm\nhttpd-tools-2.4.6-89.el7_6.4.ppc64le.rpm\nmod_session-2.4.6-89.el7_6.4.ppc64le.rpm\nmod_ssl-2.4.6-89.el7_6.4.ppc64le.rpm\n\nx86_64:\nhttpd-2.4.6-89.el7_6.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-89.el7_6.4.x86_64.rpm\nhttpd-devel-2.4.6-89.el7_6.4.x86_64.rpm\nhttpd-tools-2.4.6-89.el7_6.4.x86_64.rpm\nmod_session-2.4.6-89.el7_6.4.x86_64.rpm\nmod_ssl-2.4.6-89.el7_6.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.6):\n\nSource:\nhttpd-2.4.6-89.el7_6.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-89.el7_6.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-89.el7_6.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-89.el7_6.4.x86_64.rpm\nhttpd-devel-2.4.6-89.el7_6.4.x86_64.rpm\nhttpd-tools-2.4.6-89.el7_6.4.x86_64.rpm\nmod_session-2.4.6-89.el7_6.4.x86_64.rpm\nmod_ssl-2.4.6-89.el7_6.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.6):\n\nx86_64:\nhttpd-debuginfo-2.4.6-89.el7_6.4.x86_64.rpm\nmod_ldap-2.4.6-89.el7_6.4.x86_64.rpm\nmod_proxy_html-2.4.6-89.el7_6.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.6):\n\nppc64le:\nhttpd-debuginfo-2.4.6-89.el7_6.4.ppc64le.rpm\nmod_ldap-2.4.6-89.el7_6.4.ppc64le.rpm\nmod_proxy_html-2.4.6-89.el7_6.4.ppc64le.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-89.el7_6.4.x86_64.rpm\nmod_ldap-2.4.6-89.el7_6.4.x86_64.rpm\nmod_proxy_html-2.4.6-89.el7_6.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 7.6):\n\nx86_64:\nhttpd-debuginfo-2.4.6-89.el7_6.4.x86_64.rpm\nmod_ldap-2.4.6-89.el7_6.4.x86_64.rpm\nmod_proxy_html-2.4.6-89.el7_6.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-44790\nhttps://access.redhat.com/security/cve/CVE-2022-22720\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.4.38-3+deb10u7. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.4.52-1~deb11u2. \n\nWe recommend that you upgrade your apache2 packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Apache HTTPD: Multiple Vulnerabilities\n Date: August 14, 2022\n Bugs: #813429, #816399, #816864, #829722, #835131, #850622\n ID: 202208-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Apache Webserver, the\nworst of which could result in remote code execution. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache HTTPD users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.54\"\n\nAll Apache HTTPD tools users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-admin/apache-tools-2.4.54\"\n\nReferences\n=========\n[ 1 ] CVE-2021-33193\n https://nvd.nist.gov/vuln/detail/CVE-2021-33193\n[ 2 ] CVE-2021-34798\n https://nvd.nist.gov/vuln/detail/CVE-2021-34798\n[ 3 ] CVE-2021-36160\n https://nvd.nist.gov/vuln/detail/CVE-2021-36160\n[ 4 ] CVE-2021-39275\n https://nvd.nist.gov/vuln/detail/CVE-2021-39275\n[ 5 ] CVE-2021-40438\n https://nvd.nist.gov/vuln/detail/CVE-2021-40438\n[ 6 ] CVE-2021-41524\n https://nvd.nist.gov/vuln/detail/CVE-2021-41524\n[ 7 ] CVE-2021-41773\n https://nvd.nist.gov/vuln/detail/CVE-2021-41773\n[ 8 ] CVE-2021-42013\n https://nvd.nist.gov/vuln/detail/CVE-2021-42013\n[ 9 ] CVE-2021-44224\n https://nvd.nist.gov/vuln/detail/CVE-2021-44224\n[ 10 ] CVE-2021-44790\n https://nvd.nist.gov/vuln/detail/CVE-2021-44790\n[ 11 ] CVE-2022-22719\n https://nvd.nist.gov/vuln/detail/CVE-2022-22719\n[ 12 ] CVE-2022-22720\n https://nvd.nist.gov/vuln/detail/CVE-2022-22720\n[ 13 ] CVE-2022-22721\n https://nvd.nist.gov/vuln/detail/CVE-2022-22721\n[ 14 ] CVE-2022-23943\n https://nvd.nist.gov/vuln/detail/CVE-2022-23943\n[ 15 ] CVE-2022-26377\n https://nvd.nist.gov/vuln/detail/CVE-2022-26377\n[ 16 ] CVE-2022-28614\n https://nvd.nist.gov/vuln/detail/CVE-2022-28614\n[ 17 ] CVE-2022-28615\n https://nvd.nist.gov/vuln/detail/CVE-2022-28615\n[ 18 ] CVE-2022-29404\n https://nvd.nist.gov/vuln/detail/CVE-2022-29404\n[ 19 ] CVE-2022-30522\n https://nvd.nist.gov/vuln/detail/CVE-2022-30522\n[ 20 ] CVE-2022-30556\n https://nvd.nist.gov/vuln/detail/CVE-2022-30556\n[ 21 ] CVE-2022-31813\n https://nvd.nist.gov/vuln/detail/CVE-2022-31813\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-20\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files\n\n5. ==========================================================================\nUbuntu Security Notice USN-5212-2\nJanuary 10, 2022\n\napache2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Apache HTTP Server. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. \n\nOriginal advisory details:\n\n It was discovered that the Apache HTTP Server incorrectly handled certain\n forward proxy requests. A remote attacker could use this issue to cause\n the server to crash, resulting in a denial of service, or possibly perform\n a Server Side Request Forgery attack. (CVE-2021-44790)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n apache2 2.4.18-2ubuntu3.17+esm4\n apache2-bin 2.4.18-2ubuntu3.17+esm4\n\nUbuntu 14.04 ESM:\n apache2 2.4.7-1ubuntu4.22+esm3\n apache2-bin 2.4.7-1ubuntu4.22+esm3\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44790"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016455"
},
{
"db": "CNVD",
"id": "CNVD-2021-102386"
},
{
"db": "VULHUB",
"id": "VHN-408105"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "166576"
},
{
"db": "PACKETSTORM",
"id": "169211"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "166154"
},
{
"db": "PACKETSTORM",
"id": "165710"
},
{
"db": "PACKETSTORM",
"id": "165501"
},
{
"db": "PACKETSTORM",
"id": "165747"
}
],
"trust": 3.15
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-408105",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408105"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-44790",
"trust": 4.3
},
{
"db": "TENABLE",
"id": "TNS-2022-01",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2022-03",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/20/4",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "171631",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU97805418",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016455",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-102386",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167189",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165747",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166154",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168072",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167188",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165501",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165710",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165745",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165587",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167186",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165467",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-408105",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166576",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169211",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166051",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102386"
},
{
"db": "VULHUB",
"id": "VHN-408105"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016455"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "166576"
},
{
"db": "PACKETSTORM",
"id": "169211"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "166154"
},
{
"db": "PACKETSTORM",
"id": "165710"
},
{
"db": "PACKETSTORM",
"id": "165501"
},
{
"db": "PACKETSTORM",
"id": "165747"
},
{
"db": "NVD",
"id": "CVE-2021-44790"
}
]
},
"id": "VAR-202112-1608",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102386"
},
{
"db": "VULHUB",
"id": "VHN-408105"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102386"
}
]
},
"last_update_date": "2024-11-29T20:00:22.176000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2023-217",
"trust": 0.8,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"title": "Patch for Apache HTTP Server buffer overflow vulnerability (CNVD-2021-102386)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/310311"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102386"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016455"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408105"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016455"
},
{
"db": "NVD",
"id": "CVE-2021-44790"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213255"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213256"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht213257"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20211224-0001/"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2022-01"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2022-03"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2022/dsa-5035"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/may/38"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/may/35"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/may/33"
},
{
"trust": 1.1,
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/12/20/4"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfswoh4x77cv7ah7c4rmhubdwkqdl4yh/"
},
{
"trust": 1.0,
"url": "http://packetstormsecurity.com/files/171631/apache-2.4.x-buffer-overflow.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97805418/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-44790"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22663"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0530"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26698"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26697"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22665"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24348"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bfswoh4x77cv7ah7c4rmhubdwkqdl4yh/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213256."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213255."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26727"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26748"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26746"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1136"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/apache2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29404"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41773"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30556"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33574"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33560"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-40346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-39241"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24348"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0258"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5212-1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5212-2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0303"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102386"
},
{
"db": "VULHUB",
"id": "VHN-408105"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016455"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "166576"
},
{
"db": "PACKETSTORM",
"id": "169211"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "166154"
},
{
"db": "PACKETSTORM",
"id": "165710"
},
{
"db": "PACKETSTORM",
"id": "165501"
},
{
"db": "PACKETSTORM",
"id": "165747"
},
{
"db": "NVD",
"id": "CVE-2021-44790"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-102386"
},
{
"db": "VULHUB",
"id": "VHN-408105"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016455"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "166576"
},
{
"db": "PACKETSTORM",
"id": "169211"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "166051"
},
{
"db": "PACKETSTORM",
"id": "166154"
},
{
"db": "PACKETSTORM",
"id": "165710"
},
{
"db": "PACKETSTORM",
"id": "165501"
},
{
"db": "PACKETSTORM",
"id": "165747"
},
{
"db": "NVD",
"id": "CVE-2021-44790"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102386"
},
{
"date": "2021-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-408105"
},
{
"date": "2022-12-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016455"
},
{
"date": "2022-05-17T16:59:42",
"db": "PACKETSTORM",
"id": "167188"
},
{
"date": "2022-05-17T16:59:55",
"db": "PACKETSTORM",
"id": "167189"
},
{
"date": "2022-04-04T14:30:33",
"db": "PACKETSTORM",
"id": "166576"
},
{
"date": "2022-01-28T20:12:00",
"db": "PACKETSTORM",
"id": "169211"
},
{
"date": "2022-08-15T16:02:48",
"db": "PACKETSTORM",
"id": "168072"
},
{
"date": "2022-02-18T16:37:39",
"db": "PACKETSTORM",
"id": "166051"
},
{
"date": "2022-02-28T16:18:23",
"db": "PACKETSTORM",
"id": "166154"
},
{
"date": "2022-01-26T15:06:30",
"db": "PACKETSTORM",
"id": "165710"
},
{
"date": "2022-01-10T17:59:29",
"db": "PACKETSTORM",
"id": "165501"
},
{
"date": "2022-01-27T14:43:52",
"db": "PACKETSTORM",
"id": "165747"
},
{
"date": "2021-12-20T12:15:07.440000",
"db": "NVD",
"id": "CVE-2021-44790"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102386"
},
{
"date": "2022-11-02T00:00:00",
"db": "VULHUB",
"id": "VHN-408105"
},
{
"date": "2023-12-12T07:43:00",
"db": "JVNDB",
"id": "JVNDB-2021-016455"
},
{
"date": "2024-11-21T06:31:33.257000",
"db": "NVD",
"id": "CVE-2021-44790"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "165501"
}
],
"trust": 0.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache\u00a0HTTP\u00a0Server\u00a0 of \u00a0mod_lua\u00a0 Buffer overflow vulnerability in multipart parser",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016455"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "166576"
},
{
"db": "PACKETSTORM",
"id": "165710"
},
{
"db": "PACKETSTORM",
"id": "165747"
}
],
"trust": 0.3
}
}
var-202112-2249
Vulnerability from variot
vim is vulnerable to Out-of-bounds Read. vim Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. Vim is an editor based on the UNIX platform. Attackers can use this vulnerability to read files out of bounds. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3927) A flaw was found in vim. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3928) A flaw was found in vim. The highest threat from this vulnerability is to system availability. (CVE-2021-3968) A flaw was found in vim. The highest threat from this vulnerability is to system availability. (CVE-2021-3973) A flaw was found in vim. The highest threat from this vulnerability is to system availability. (CVE-2021-3974) A flaw was found in vim. The highest threat from this vulnerability is confidentiality, integrity, and system availability. (CVE-2021-3984) A flaw was found in vim. The highest threat from this vulnerability is system availability. (CVE-2021-4136) A flaw was found in vim. (CVE-2021-4166) A flaw was found in vim. (CVE-2021-4173) A flaw was found in vim. Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. A specially crafted file could be used to, when opened in vim, disclose some of the process's internal memory. (CVE-2021-4193) References to CVE-2021-4192 and CVE-2021-4193 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory's initial release on 2022-01-18. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-03-14-4 macOS Monterey 12.3
macOS Monterey 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213183.
Accelerate Framework Available for: macOS Monterey Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22669: an anonymous researcher
AppKit Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team
AppleGraphicsControl Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro
BOM Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.79.1. CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 CVE-2022-22623
FaceTime Available for: macOS Monterey Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks. CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google
Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab
IOGPUFamily Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher
Kernel Available for: macOS Monterey Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders
Kernel Available for: macOS Monterey Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn
libarchive Available for: macOS Monterey Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation. CVE-2021-36976
Login Window Available for: macOS Monterey Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher
LoginWindow Available for: macOS Monterey Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-22657: Brandon Perry of Atredis Partners
GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22664: Brandon Perry of Atredis Partners
NSSpellChecker Available for: macOS Monterey Impact: A malicious application may be able to access information about a user's contacts Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2022-22644: an anonymous researcher
PackageKit Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t)
Preferences Available for: macOS Monterey Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
QuickTime Player Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing
Safari Downloads Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t)
Sandbox Available for: macOS Monterey Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran
Siri Available for: macOS Monterey Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/)
SMB Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22651: Felix Poulin-Belanger
SoftwareUpdate Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22639: Mickey Jin (@patch1t)
System Preferences Available for: macOS Monterey Impact: An app may be able to spoof system notifications and UI Description: This issue was addressed with a new entitlement. CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)
UIKit Available for: macOS Monterey Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt
Vim Available for: macOS Monterey Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158
VoiceOver Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2021-30918: an anonymous researcher
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: macOS Monterey Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google
Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2022-22668: MrPhil17
xar Available for: macOS Monterey Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2022-22582: Richard Warren of NCC Group
Additional recognition
AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance.
Bluetooth We would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance.
Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance.
Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance.
Local Authentication We would like to acknowledge an anonymous researcher for their assistance.
Notes We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance.
Password Manager We would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance.
Siri We would like to acknowledge an anonymous researcher for their assistance.
syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance.
TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance.
WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance.
WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance.
macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM 0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/ KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI= =RiA+ -----END PGP SIGNATURE-----
. Apple is aware of a report that this issue may have been actively exploited. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-6026-1 April 19, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and
expose sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-4166)
It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4193)
It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. (CVE-2022-0213)
It was discovered that Vim was incorrectly performing read and write operations when in visual block mode, going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0261, CVE-2022-0318)
It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319)
It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. (CVE-2022-0351)
It was discovered that Vim was not properly handling memory allocation when processing data in Ex mode, which could result in a heap buffer overflow. (CVE-2022-0359)
It was discovered that Vim was not properly performing bounds checks when executing line operations in Visual mode, which could result in a heap buffer overflow. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361, CVE-2022-0368)
It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. (CVE-2022-0408)
It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. (CVE-2022-0572)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0629)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim incorrectly handled memory access. (CVE-2022-2207)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.7
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.14
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.13
Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm9
In general, a standard system update will make all the necessary changes. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2249",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.3884"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "linux enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "factory",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": null
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
},
{
"model": "linux enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "15.0"
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "red hat enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "factory",
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
},
{
"model": "linux enterprise",
"scope": null,
"trust": 0.8,
"vendor": "suse",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016876"
},
{
"db": "NVD",
"id": "CVE-2021-4166"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167789"
}
],
"trust": 0.3
},
"cve": "CVE-2021-4166",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-4166",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-408722",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-4166",
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-4166",
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-4166",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2021-4166",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-4166",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2266",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-408722",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-4166",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408722"
},
{
"db": "VULMON",
"id": "CVE-2021-4166"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016876"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2266"
},
{
"db": "NVD",
"id": "CVE-2021-4166"
},
{
"db": "NVD",
"id": "CVE-2021-4166"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim is vulnerable to Out-of-bounds Read. vim Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. Vim is an editor based on the UNIX platform. Attackers can use this vulnerability to read files out of bounds. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3927)\nA flaw was found in vim. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3928)\nA flaw was found in vim. The highest threat from this vulnerability is to system availability. (CVE-2021-3968)\nA flaw was found in vim. The highest threat from this vulnerability is to system availability. (CVE-2021-3973)\nA flaw was found in vim. The highest threat from this vulnerability is to system availability. (CVE-2021-3974)\nA flaw was found in vim. The highest threat from this vulnerability is confidentiality, integrity, and system availability. (CVE-2021-3984)\nA flaw was found in vim. The highest threat from this vulnerability is system availability. (CVE-2021-4136)\nA flaw was found in vim. (CVE-2021-4166)\nA flaw was found in vim. (CVE-2021-4173)\nA flaw was found in vim. Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. A specially crafted file could be used to, when opened in vim, disclose some of the process\u0027s internal memory. (CVE-2021-4193)\nReferences to CVE-2021-4192 and CVE-2021-4193 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory\u0027s initial release on 2022-01-18. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-03-14-4 macOS Monterey 12.3\n\nmacOS Monterey 12.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213183. \n\nAccelerate Framework\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-22633: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22669: an anonymous researcher\n\nAppKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22631: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: An application may be able to read restricted memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-22648: an anonymous researcher\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro\nCVE-2022-22627: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22597: Qi Sun and Robert Ai of Trend Micro\n\nBOM\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\ncurl\nAvailable for: macOS Monterey\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.79.1. \nCVE-2021-22946\nCVE-2021-22947\nCVE-2021-22945\nCVE-2022-22623\n\nFaceTime\nAvailable for: macOS Monterey\nImpact: A user may send audio and video in a FaceTime call without\nknowing that they have done so\nDescription: This issue was addressed with improved checks. \nCVE-2022-22643: Sonali Luthar of the University of Virginia, Michael\nLiao of the University of Illinois at Urbana-Champaign, Rohan Pahwa\nof Rutgers University, and Bao Nguyen of the University of Florida\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-22611: Xingyu Jin of Google\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-22612: Xingyu Jin of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba\nSecurity Pandora Lab\n\nIOGPUFamily\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22641: Mohamed Ghannam (@_simo36)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22613: Alex, an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-22614: an anonymous researcher\nCVE-2022-22615: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22632: Keegan Saunders\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-22638: derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-22640: sqrtpwn\n\nlibarchive\nAvailable for: macOS Monterey\nImpact: Multiple issues in libarchive\nDescription: Multiple memory corruption issues existed in libarchive. \nThese issues were addressed with improved input validation. \nCVE-2021-36976\n\nLogin Window\nAvailable for: macOS Monterey\nImpact: A person with access to a Mac may be able to bypass Login\nWindow\nDescription: This issue was addressed with improved checks. \nCVE-2022-22647: an anonymous researcher\n\nLoginWindow\nAvailable for: macOS Monterey\nImpact: A local attacker may be able to view the previous logged in\nuser\u2019s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2022-22656\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-22657: Brandon Perry of Atredis Partners\n\nGarageBand MIDI\nAvailable for: macOS Monterey\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-22664: Brandon Perry of Atredis Partners\n\nNSSpellChecker\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access information\nabout a user\u0027s contacts\nDescription: A privacy issue existed in the handling of Contact\ncards. This was addressed with improved state management. \nCVE-2022-22644: an anonymous researcher\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22617: Mickey Jin (@patch1t)\n\nPreferences\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to read other\napplications\u0027 settings\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nQuickTime Player\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-22650: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nSafari Downloads\nAvailable for: macOS Monterey\nImpact: A maliciously crafted ZIP archive may bypass Gatekeeper\nchecks\nDescription: This issue was addressed with improved checks. \nCVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley\n(@jbradley89) of Jamf Software, Mickey Jin (@patch1t)\n\nSandbox\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: The issue was addressed with improved permissions logic. \nCVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited,\nKhiem Tran\n\nSiri\nAvailable for: macOS Monterey\nImpact: A person with physical access to a device may be able to use\nSiri to obtain some location information from the lock screen\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22599: Andrew Goldberg of the University of Texas at Austin,\nMcCombs School of Business (linkedin.com/andrew-goldberg/)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22651: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-22639: Mickey Jin (@patch1t)\n\nSystem Preferences\nAvailable for: macOS Monterey\nImpact: An app may be able to spoof system notifications and UI\nDescription: This issue was addressed with a new entitlement. \nCVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes)\n\nUIKit\nAvailable for: macOS Monterey\nImpact: A person with physical access to an iOS device may be able to\nsee sensitive information via keyboard suggestions\nDescription: This issue was addressed with improved checks. \nCVE-2022-22621: Joey Hewitt\n\nVim\nAvailable for: macOS Monterey\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\nCVE-2022-0156\nCVE-2022-0158\n\nVoiceOver\nAvailable for: macOS Monterey\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2021-30918: an anonymous researcher\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A cookie management issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232748\nCVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 232812\nCVE-2022-22610: Quan Yin of Bigo Technology Live Client Team\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 233172\nCVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\nWebKit Bugzilla: 234147\nCVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 234966\nCVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro\nZero Day Initiative\n\nWebKit\nAvailable for: macOS Monterey\nImpact: A malicious website may cause unexpected cross-origin\nbehavior\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 235294\nCVE-2022-22637: Tom McKee of Google\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-22668: MrPhil17\n\nxar\nAvailable for: macOS Monterey\nImpact: A local user may be able to write arbitrary files\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2022-22582: Richard Warren of NCC Group\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Omar Espino (omespino.com), Ron Masas of\nBreakPoint.sh for their assistance. \n\nBluetooth\nWe would like to acknowledge an anonymous researcher, chenyuwang\n(@mzzzz__) of Tencent Security Xuanwu Lab for their assistance. \n\nFace Gallery\nWe would like to acknowledge Tian Zhang (@KhaosT) for their\nassistance. \n\nIntel Graphics Driver\nWe would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi\nWu (@3ndy1) for their assistance. \n\nLocal Authentication\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNotes\nWe would like to acknowledge Nathaniel Ekoniak of Ennate Technologies\nfor their assistance. \n\nPassword Manager\nWe would like to acknowledge Maximilian Golla (@m33x) of Max Planck\nInstitute for Security and Privacy (MPI-SP) for their assistance. \n\nSiri\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nsyslog\nWe would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for\ntheir assistance. \n\nTCC\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nUIKit\nWe would like to acknowledge Tim Shadel of Day Logger, Inc. for their\nassistance. \n\nWebKit\nWe would like to acknowledge Abdullah Md Shaleh for their assistance. \n\nWebKit Storage\nWe would like to acknowledge Martin Bajanik of FingerprintJS for\ntheir assistance. \n\nmacOS Monterey 12.3 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p\nrhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd\nLrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC\njfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM\n0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL\nosOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa\nrizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/\nKZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB\nL1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi\nkwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ\nJSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo\nGXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI=\n=RiA+\n-----END PGP SIGNATURE-----\n\n\n. Apple is aware of a report that this issue may\nhave been actively exploited. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-6026-1\nApril 19, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An \nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS. \n(CVE-2021-4166)\n\nIt was discovered that Vim was using freed memory when dealing with regular\nexpressions inside a visual selection. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu\n20.04 LTS. An attacker could\npossibly use this issue to expose sensitive information. This issue only\naffected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. \n(CVE-2021-4193)\n\nIt was discovered that Vim was not properly performing bounds checks when\nupdating windows present on a screen, which could result in a heap buffer\noverflow. (CVE-2022-0213)\n\nIt was discovered that Vim was incorrectly performing read and write\noperations when in visual block mode, going beyond the end of a line and\ncausing a heap buffer overflow. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu\n22.04 LTS. (CVE-2022-0261, CVE-2022-0318)\n\nIt was discovered that Vim was incorrectly handling window exchanging\noperations when in Visual mode, which could result in an out-of-bounds read. \nAn attacker could possibly use this issue to expose sensitive information. \n(CVE-2022-0319)\n\nIt was discovered that Vim was incorrectly handling recursion when parsing\nconditional expressions. (CVE-2022-0351)\n\nIt was discovered that Vim was not properly handling memory allocation when\nprocessing data in Ex mode, which could result in a heap buffer overflow. (CVE-2022-0359)\n\nIt was discovered that Vim was not properly performing bounds checks when\nexecuting line operations in Visual mode, which could result in a heap\nbuffer overflow. This issue only affected\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361,\nCVE-2022-0368)\n\nIt was discovered that Vim was not properly handling loop conditions when\nlooking for spell suggestions, which could result in a stack buffer\noverflow. (CVE-2022-0408)\n\nIt was discovered that Vim was incorrectly handling memory access when\nexecuting buffer operations, which could result in the usage of freed\nmemory. An attacker could possibly use this issue to execute arbitrary\ncode. (CVE-2022-0443)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks for\ncolumn numbers when replacing tabs with spaces or spaces with tabs, which\ncould cause a heap buffer overflow. \n(CVE-2022-0572)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS and\nUbuntu 22.04 LTS. (CVE-2022-0629)\n\nIt was discovered that Vim was not properly performing validation of data\nthat contained special multi-byte characters, which could cause an\nout-of-bounds read. An attacker could possibly use this issue to cause a\ndenial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to define\nindentation in a file, which could cause a heap buffer overflow. An\nattacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds read. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0729)\n\nIt was discovered that Vim incorrectly handled memory access. (CVE-2022-2207)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.7\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.14\n\nUbuntu 18.04 LTS:\n vim 2:8.0.1453-1ubuntu1.13\n\nUbuntu 14.04 ESM:\n vim 2:7.4.052-1ubuntu3.1+esm9\n\nIn general, a standard system update will make all the necessary changes. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-4166"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016876"
},
{
"db": "VULHUB",
"id": "VHN-408722"
},
{
"db": "VULMON",
"id": "CVE-2021-4166"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "167789"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-408722",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408722"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-4166",
"trust": 3.9
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/15/1",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "167188",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166319",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167789",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016876",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.3561",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3002",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2412",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072103",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051702",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031433",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2266",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-05062",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-408722",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-4166",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171934",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408722"
},
{
"db": "VULMON",
"id": "CVE-2021-4166"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016876"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2266"
},
{
"db": "NVD",
"id": "CVE-2021-4166"
}
]
},
"id": "VAR-202112-2249",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-408722"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:28:49.566000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213343 Red hat Red\u00a0Hat",
"trust": 0.8,
"url": "https://www.debian.org/"
},
{
"title": "Vim Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=176547"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1557",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1557"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1743",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1743"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-014",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-014"
},
{
"title": "Apple: macOS Monterey 12.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=f1105c4a20da11497b610b14a1668180"
},
{
"title": "Apple: Security Update 2022-005 Catalina",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=b71ee1a3b689c178ee5a5bc823295063"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-4166"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016876"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2266"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408722"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016876"
},
{
"db": "NVD",
"id": "CVE-2021-4166"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213183"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213256"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213343"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/mar/29"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/35"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/jul/14"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2022/01/15/1"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ey2vfbu3yggwi5bw4xkt3f37mygequd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3fh2j57gda2wmbs6j56f6qqra6bxqqfz/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ey2vfbu3yggwi5bw4xkt3f37mygequd/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072103"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051702"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167789/apple-security-advisory-2022-07-20-4.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213183"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-4166"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213343"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213256"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166319/apple-security-advisory-2022-03-14-4.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167188/apple-security-advisory-2022-05-16-3.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3561"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-out-of-bounds-memory-reading-via-do-arg-all-37183"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3002"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031433"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2412"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.3,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1557.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22600"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22582"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213183."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22674"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213256."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0530"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26697"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.13"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6026-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.7"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213343."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26704"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408722"
},
{
"db": "VULMON",
"id": "CVE-2021-4166"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016876"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2266"
},
{
"db": "NVD",
"id": "CVE-2021-4166"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-408722"
},
{
"db": "VULMON",
"id": "CVE-2021-4166"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016876"
},
{
"db": "PACKETSTORM",
"id": "166319"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "167789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2266"
},
{
"db": "NVD",
"id": "CVE-2021-4166"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-25T00:00:00",
"db": "VULHUB",
"id": "VHN-408722"
},
{
"date": "2021-12-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-4166"
},
{
"date": "2022-12-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016876"
},
{
"date": "2022-03-15T15:49:02",
"db": "PACKETSTORM",
"id": "166319"
},
{
"date": "2022-05-17T16:59:42",
"db": "PACKETSTORM",
"id": "167188"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-04-19T13:03:56",
"db": "PACKETSTORM",
"id": "171934"
},
{
"date": "2022-07-22T16:23:52",
"db": "PACKETSTORM",
"id": "167789"
},
{
"date": "2021-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2266"
},
{
"date": "2021-12-25T19:15:07.280000",
"db": "NVD",
"id": "CVE-2021-4166"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-02T00:00:00",
"db": "VULHUB",
"id": "VHN-408722"
},
{
"date": "2022-07-22T00:00:00",
"db": "VULMON",
"id": "CVE-2021-4166"
},
{
"date": "2022-12-26T02:18:00",
"db": "JVNDB",
"id": "JVNDB-2021-016876"
},
{
"date": "2023-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2266"
},
{
"date": "2024-11-21T06:37:03.080000",
"db": "NVD",
"id": "CVE-2021-4166"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2266"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016876"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2266"
}
],
"trust": 0.6
}
}
var-202208-1345
Vulnerability from variot
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. apple's Safari Products from other vendors have out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple macOS Monterey is the eighteenth major release of Apple's Macintosh desktop operating system, macOS. Apple macOS Monterey versions prior to 12.5.1 have a security vulnerability. The vulnerability is caused by out-of-bounds writing. macOS Monterey 12.5.1. ========================================================================== Ubuntu Security Notice USN-5611-1 September 14, 2022
webkit2gtk vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: libjavascriptcoregtk-4.0-18 2.36.7-0ubuntu0.22.04.1 libjavascriptcoregtk-4.1-0 2.36.7-0ubuntu0.22.04.1 libwebkit2gtk-4.0-37 2.36.7-0ubuntu0.22.04.1 libwebkit2gtk-4.1-0 2.36.7-0ubuntu0.22.04.1
Ubuntu 20.04 LTS: libjavascriptcoregtk-4.0-18 2.36.7-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 2.36.7-0ubuntu0.20.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes.
For the stable distribution (bullseye), this problem has been fixed in version 2.36.7-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-08-17-1 iOS 15.6.1 and iPadOS 15.6.1
iOS 15.6.1 and iPadOS 15.6.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213412.
Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges. CVE-2022-32894: an anonymous researcher
WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution. WebKit Bugzilla: 243557 CVE-2022-32893: an anonymous researcher
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 15.6.1 and iPadOS 15.6.1". All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
iOS 12 is not impacted by CVE-2022-32894. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: webkit2gtk3 security update Advisory ID: RHSA-2022:6540-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6540 Issue date: 2022-09-15 CVE Names: CVE-2022-32893 ==================================================================== 1. Summary:
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.36.7).
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: webkit2gtk3-2.36.7-1.el8_6.src.rpm
aarch64: webkit2gtk3-2.36.7-1.el8_6.aarch64.rpm webkit2gtk3-debuginfo-2.36.7-1.el8_6.aarch64.rpm webkit2gtk3-debugsource-2.36.7-1.el8_6.aarch64.rpm webkit2gtk3-devel-2.36.7-1.el8_6.aarch64.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.aarch64.rpm webkit2gtk3-jsc-2.36.7-1.el8_6.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.aarch64.rpm webkit2gtk3-jsc-devel-2.36.7-1.el8_6.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.aarch64.rpm
ppc64le: webkit2gtk3-2.36.7-1.el8_6.ppc64le.rpm webkit2gtk3-debuginfo-2.36.7-1.el8_6.ppc64le.rpm webkit2gtk3-debugsource-2.36.7-1.el8_6.ppc64le.rpm webkit2gtk3-devel-2.36.7-1.el8_6.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.ppc64le.rpm webkit2gtk3-jsc-2.36.7-1.el8_6.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.ppc64le.rpm webkit2gtk3-jsc-devel-2.36.7-1.el8_6.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.ppc64le.rpm
s390x: webkit2gtk3-2.36.7-1.el8_6.s390x.rpm webkit2gtk3-debuginfo-2.36.7-1.el8_6.s390x.rpm webkit2gtk3-debugsource-2.36.7-1.el8_6.s390x.rpm webkit2gtk3-devel-2.36.7-1.el8_6.s390x.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.s390x.rpm webkit2gtk3-jsc-2.36.7-1.el8_6.s390x.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.s390x.rpm webkit2gtk3-jsc-devel-2.36.7-1.el8_6.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.s390x.rpm
x86_64: webkit2gtk3-2.36.7-1.el8_6.i686.rpm webkit2gtk3-2.36.7-1.el8_6.x86_64.rpm webkit2gtk3-debuginfo-2.36.7-1.el8_6.i686.rpm webkit2gtk3-debuginfo-2.36.7-1.el8_6.x86_64.rpm webkit2gtk3-debugsource-2.36.7-1.el8_6.i686.rpm webkit2gtk3-debugsource-2.36.7-1.el8_6.x86_64.rpm webkit2gtk3-devel-2.36.7-1.el8_6.i686.rpm webkit2gtk3-devel-2.36.7-1.el8_6.x86_64.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.i686.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.x86_64.rpm webkit2gtk3-jsc-2.36.7-1.el8_6.i686.rpm webkit2gtk3-jsc-2.36.7-1.el8_6.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.i686.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.x86_64.rpm webkit2gtk3-jsc-devel-2.36.7-1.el8_6.i686.rpm webkit2gtk3-jsc-devel-2.36.7-1.el8_6.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-32893 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYyMk0dzjgjWX9erEAQgJiw/+LYAkLQ3B+egDz2T8gBO2HzEtHgA8L7TO aFWvgGSnt32NlsOLFg1R3FxvGRVurR5Vgx2QN4tvVi/iYIgGw1WTSCC2GaiamjoP AawahjPf08LboH3d96QHN7rumXeXLUcymQyG4p4BPnEOqYPaKKdmj5CPaGWM/o+l ECo8POkVp0mHb4HOCL8iudG5aKDmEB5OqHfQS0XmFU3392yazpD6Y1DwpIfCNAhb ptdcqHrycH+QFUdd3YmtQj567R5+q/DAKFN60KHdwT+JeiRwdV9k89cAoWIJA6Hh 3ZxRuVbc108rySf/9tdZSjl7nw4IbLwcbScUwUHfHzjFfS3h7u+kkDLL10c4sfWf psc1mGVUXzLN6qBaWiY96bXOUOzX72LkC0LqhgDOfjBvaGzJjFwfydDgql/TPkSZ 478+0r5JD6sFsboLugtqhXMLNpJtxYGBSMUA31Bjmf8jWGwKrzZCbxUMuQIHk7VG 4M9gdZbu5wQw6fhksOlHGowoXEvc6UTB36eSLvZ76OK65yoXmpOXTFjIFfmDACkV M4GVQGpNglQWn/4jBXjebEeFC86baScn97NpCL41FK9AXlP7xBPaCN++DjAYDlbg NJf8tizErS4zMa1moMYL2DEac/nhLJDwtKaCvftcdRPrVnQZEZto7Chvf1FgNAJc +nurAiBV/zc=W4oO -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-1345",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.5.1"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.6.1"
},
{
"model": "wpe webkit",
"scope": "lt",
"trust": 1.0,
"vendor": "wpewebkit",
"version": "2.36.7"
},
{
"model": "webkitgtk",
"scope": "lt",
"trust": 1.0,
"vendor": "webkitgtk",
"version": "2.36.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.6.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.6.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "webkitgtk",
"scope": null,
"trust": 0.8,
"vendor": "the webkitgtk team",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "webkit",
"scope": null,
"trust": 0.8,
"vendor": "the wpe team",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-017329"
},
{
"db": "NVD",
"id": "CVE-2022-32893"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "168117"
},
{
"db": "PACKETSTORM",
"id": "168118"
},
{
"db": "PACKETSTORM",
"id": "168227"
}
],
"trust": 0.3
},
"cve": "CVE-2022-32893",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-32893",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-32893",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-32893",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-32893",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-3345",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-017329"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3345"
},
{
"db": "NVD",
"id": "CVE-2022-32893"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. apple\u0027s Safari Products from other vendors have out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple macOS Monterey is the eighteenth major release of Apple\u0027s Macintosh desktop operating system, macOS. Apple macOS Monterey versions prior to 12.5.1 have a security vulnerability. The vulnerability is caused by out-of-bounds writing. macOS Monterey 12.5.1. ==========================================================================\nUbuntu Security Notice USN-5611-1\nSeptember 14, 2022\n\nwebkit2gtk vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n libjavascriptcoregtk-4.0-18 2.36.7-0ubuntu0.22.04.1\n libjavascriptcoregtk-4.1-0 2.36.7-0ubuntu0.22.04.1\n libwebkit2gtk-4.0-37 2.36.7-0ubuntu0.22.04.1\n libwebkit2gtk-4.1-0 2.36.7-0ubuntu0.22.04.1\n\nUbuntu 20.04 LTS:\n libjavascriptcoregtk-4.0-18 2.36.7-0ubuntu0.20.04.1\n libwebkit2gtk-4.0-37 2.36.7-0ubuntu0.20.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK, such as Epiphany, to make all the necessary changes. \n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 2.36.7-1~deb11u1. \n\nWe recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-08-17-1 iOS 15.6.1 and iPadOS 15.6.1\n\niOS 15.6.1 and iPadOS 15.6.1 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213412. \n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. \nCVE-2022-32894: an anonymous researcher\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. \nWebKit Bugzilla: 243557\nCVE-2022-32893: an anonymous researcher\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/ iTunes and Software Update on the\ndevice will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it is downloaded and the option\nto be installed is presented to the user when the iOS device is\ndocked. We recommend applying the update immediately if possible. \nSelecting Don\u0027t Install will present the option the next time you\nconnect your iOS device. The automatic update process may take up to\na week depending on the day that iTunes or the device checks for\nupdates. You may manually obtain the update via the Check for Updates\nbutton within iTunes, or the Software Update on your device. To\ncheck that the iPhone, iPod touch, or iPad has been updated: *\nNavigate to Settings * Select General * Select About. The version\nafter applying this update will be \"iOS 15.6.1 and iPadOS 15.6.1\". \nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\niOS 12 is not impacted by CVE-2022-32894. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: webkit2gtk3 security update\nAdvisory ID: RHSA-2022:6540-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6540\nIssue date: 2022-09-15\nCVE Names: CVE-2022-32893\n====================================================================\n1. Summary:\n\nAn update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nWebKitGTK is the port of the portable web rendering engine WebKit to the\nGTK platform. \n\nThe following packages have been upgraded to a later upstream version:\nwebkit2gtk3 (2.36.7). \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nwebkit2gtk3-2.36.7-1.el8_6.src.rpm\n\naarch64:\nwebkit2gtk3-2.36.7-1.el8_6.aarch64.rpm\nwebkit2gtk3-debuginfo-2.36.7-1.el8_6.aarch64.rpm\nwebkit2gtk3-debugsource-2.36.7-1.el8_6.aarch64.rpm\nwebkit2gtk3-devel-2.36.7-1.el8_6.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.aarch64.rpm\nwebkit2gtk3-jsc-2.36.7-1.el8_6.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.36.7-1.el8_6.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.aarch64.rpm\n\nppc64le:\nwebkit2gtk3-2.36.7-1.el8_6.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.36.7-1.el8_6.ppc64le.rpm\nwebkit2gtk3-debugsource-2.36.7-1.el8_6.ppc64le.rpm\nwebkit2gtk3-devel-2.36.7-1.el8_6.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.ppc64le.rpm\nwebkit2gtk3-jsc-2.36.7-1.el8_6.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.36.7-1.el8_6.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.ppc64le.rpm\n\ns390x:\nwebkit2gtk3-2.36.7-1.el8_6.s390x.rpm\nwebkit2gtk3-debuginfo-2.36.7-1.el8_6.s390x.rpm\nwebkit2gtk3-debugsource-2.36.7-1.el8_6.s390x.rpm\nwebkit2gtk3-devel-2.36.7-1.el8_6.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.s390x.rpm\nwebkit2gtk3-jsc-2.36.7-1.el8_6.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.s390x.rpm\nwebkit2gtk3-jsc-devel-2.36.7-1.el8_6.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.s390x.rpm\n\nx86_64:\nwebkit2gtk3-2.36.7-1.el8_6.i686.rpm\nwebkit2gtk3-2.36.7-1.el8_6.x86_64.rpm\nwebkit2gtk3-debuginfo-2.36.7-1.el8_6.i686.rpm\nwebkit2gtk3-debuginfo-2.36.7-1.el8_6.x86_64.rpm\nwebkit2gtk3-debugsource-2.36.7-1.el8_6.i686.rpm\nwebkit2gtk3-debugsource-2.36.7-1.el8_6.x86_64.rpm\nwebkit2gtk3-devel-2.36.7-1.el8_6.i686.rpm\nwebkit2gtk3-devel-2.36.7-1.el8_6.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.x86_64.rpm\nwebkit2gtk3-jsc-2.36.7-1.el8_6.i686.rpm\nwebkit2gtk3-jsc-2.36.7-1.el8_6.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.36.7-1.el8_6.i686.rpm\nwebkit2gtk3-jsc-devel-2.36.7-1.el8_6.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-32893\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYyMk0dzjgjWX9erEAQgJiw/+LYAkLQ3B+egDz2T8gBO2HzEtHgA8L7TO\naFWvgGSnt32NlsOLFg1R3FxvGRVurR5Vgx2QN4tvVi/iYIgGw1WTSCC2GaiamjoP\nAawahjPf08LboH3d96QHN7rumXeXLUcymQyG4p4BPnEOqYPaKKdmj5CPaGWM/o+l\nECo8POkVp0mHb4HOCL8iudG5aKDmEB5OqHfQS0XmFU3392yazpD6Y1DwpIfCNAhb\nptdcqHrycH+QFUdd3YmtQj567R5+q/DAKFN60KHdwT+JeiRwdV9k89cAoWIJA6Hh\n3ZxRuVbc108rySf/9tdZSjl7nw4IbLwcbScUwUHfHzjFfS3h7u+kkDLL10c4sfWf\npsc1mGVUXzLN6qBaWiY96bXOUOzX72LkC0LqhgDOfjBvaGzJjFwfydDgql/TPkSZ\n478+0r5JD6sFsboLugtqhXMLNpJtxYGBSMUA31Bjmf8jWGwKrzZCbxUMuQIHk7VG\n4M9gdZbu5wQw6fhksOlHGowoXEvc6UTB36eSLvZ76OK65yoXmpOXTFjIFfmDACkV\nM4GVQGpNglQWn/4jBXjebEeFC86baScn97NpCL41FK9AXlP7xBPaCN++DjAYDlbg\nNJf8tizErS4zMa1moMYL2DEac/nhLJDwtKaCvftcdRPrVnQZEZto7Chvf1FgNAJc\n+nurAiBV/zc=W4oO\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32893"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017329"
},
{
"db": "VULHUB",
"id": "VHN-424982"
},
{
"db": "VULMON",
"id": "CVE-2022-32893"
},
{
"db": "PACKETSTORM",
"id": "168439"
},
{
"db": "PACKETSTORM",
"id": "168117"
},
{
"db": "PACKETSTORM",
"id": "168382"
},
{
"db": "PACKETSTORM",
"id": "169401"
},
{
"db": "PACKETSTORM",
"id": "168118"
},
{
"db": "PACKETSTORM",
"id": "168227"
},
{
"db": "PACKETSTORM",
"id": "168397"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-424982",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424982"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-32893",
"trust": 4.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/08/29/2",
"trust": 2.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/08/26/2",
"trust": 2.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/08/29/1",
"trust": 2.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/09/02/10",
"trust": 2.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/09/13/1",
"trust": 2.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/08/25/5",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "168382",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168439",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168397",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168227",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017329",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168119",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3345",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.5473",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4318",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4604",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4264",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4299",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4453",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4105",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4679",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4584",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168117",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168118",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-424982",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-32893",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169401",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424982"
},
{
"db": "VULMON",
"id": "CVE-2022-32893"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017329"
},
{
"db": "PACKETSTORM",
"id": "168439"
},
{
"db": "PACKETSTORM",
"id": "168117"
},
{
"db": "PACKETSTORM",
"id": "168382"
},
{
"db": "PACKETSTORM",
"id": "169401"
},
{
"db": "PACKETSTORM",
"id": "168118"
},
{
"db": "PACKETSTORM",
"id": "168227"
},
{
"db": "PACKETSTORM",
"id": "168397"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3345"
},
{
"db": "NVD",
"id": "CVE-2022-32893"
}
]
},
"id": "VAR-202208-1345",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-424982"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T20:00:12.010000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213414",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html"
},
{
"title": "Apple macOS Monterey Safari Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=206037"
},
{
"title": "Apple: macOS Monterey 12.5.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=1bb557c916beb7d241af583e99c5c90b"
},
{
"title": "Apple: iOS 15.6.1 and iPadOS 15.6.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=935bf26a0e1b2691d379b98ca5e49eb8"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32893"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017329"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3345"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424982"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017329"
},
{
"db": "NVD",
"id": "CVE-2022-32893"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/aug/16"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/49"
},
{
"trust": 2.5,
"url": "https://security.gentoo.org/glsa/202208-39"
},
{
"trust": 2.5,
"url": "http://www.openwall.com/lists/oss-security/2022/08/25/5"
},
{
"trust": 2.5,
"url": "http://www.openwall.com/lists/oss-security/2022/08/26/2"
},
{
"trust": 2.5,
"url": "http://www.openwall.com/lists/oss-security/2022/08/29/1"
},
{
"trust": 2.5,
"url": "http://www.openwall.com/lists/oss-security/2022/08/29/2"
},
{
"trust": 2.5,
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/10"
},
{
"trust": 2.5,
"url": "http://www.openwall.com/lists/oss-security/2022/09/13/1"
},
{
"trust": 2.3,
"url": "https://support.apple.com/en-us/ht213413"
},
{
"trust": 2.3,
"url": "https://support.apple.com/en-us/ht213414"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2022/dsa-5219"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2022/dsa-5220"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht213412"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32893"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7setaaxepgnbmyktudfezhs5lgsq64ql/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ykjgv2exvmyqw3oajni4wutkkvmd2yyk/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-32893"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ykjgv2exvmyqw3oajni4wutkkvmd2yyk/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7setaaxepgnbmyktudfezhs5lgsq64ql/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4318"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4604"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168382/ubuntu-security-notice-usn-5611-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168397/red-hat-security-advisory-2022-6540-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168119/apple-security-advisory-2022-08-18-1.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkitgtk-wpe-webkit-buffer-overflow-39127"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168439/red-hat-security-advisory-2022-6634-01.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213428"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4264"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-ios-macos-two-vulnerabilities-39070"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5473"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4299"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4453"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4584"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-32893/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168227/apple-security-advisory-2022-08-31-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4105"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4679"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32894"
},
{
"trust": 0.2,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht213413"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6634"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213413."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.36.7-0ubuntu0.22.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.36.7-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5611-1"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/webkit2gtk"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213412."
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213428."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6540"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424982"
},
{
"db": "VULMON",
"id": "CVE-2022-32893"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017329"
},
{
"db": "PACKETSTORM",
"id": "168439"
},
{
"db": "PACKETSTORM",
"id": "168117"
},
{
"db": "PACKETSTORM",
"id": "168382"
},
{
"db": "PACKETSTORM",
"id": "169401"
},
{
"db": "PACKETSTORM",
"id": "168118"
},
{
"db": "PACKETSTORM",
"id": "168227"
},
{
"db": "PACKETSTORM",
"id": "168397"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3345"
},
{
"db": "NVD",
"id": "CVE-2022-32893"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-424982"
},
{
"db": "VULMON",
"id": "CVE-2022-32893"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017329"
},
{
"db": "PACKETSTORM",
"id": "168439"
},
{
"db": "PACKETSTORM",
"id": "168117"
},
{
"db": "PACKETSTORM",
"id": "168382"
},
{
"db": "PACKETSTORM",
"id": "169401"
},
{
"db": "PACKETSTORM",
"id": "168118"
},
{
"db": "PACKETSTORM",
"id": "168227"
},
{
"db": "PACKETSTORM",
"id": "168397"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3345"
},
{
"db": "NVD",
"id": "CVE-2022-32893"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-424982"
},
{
"date": "2023-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-017329"
},
{
"date": "2022-09-21T13:46:12",
"db": "PACKETSTORM",
"id": "168439"
},
{
"date": "2022-08-19T19:28:42",
"db": "PACKETSTORM",
"id": "168117"
},
{
"date": "2022-09-14T15:09:46",
"db": "PACKETSTORM",
"id": "168382"
},
{
"date": "2022-08-28T19:12:00",
"db": "PACKETSTORM",
"id": "169401"
},
{
"date": "2022-08-19T19:28:55",
"db": "PACKETSTORM",
"id": "168118"
},
{
"date": "2022-09-01T16:33:53",
"db": "PACKETSTORM",
"id": "168227"
},
{
"date": "2022-09-15T14:21:45",
"db": "PACKETSTORM",
"id": "168397"
},
{
"date": "2022-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3345"
},
{
"date": "2022-08-24T20:15:09.147000",
"db": "NVD",
"id": "CVE-2022-32893"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-424982"
},
{
"date": "2023-10-12T07:43:00",
"db": "JVNDB",
"id": "JVNDB-2022-017329"
},
{
"date": "2022-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3345"
},
{
"date": "2024-06-28T14:09:26.977000",
"db": "NVD",
"id": "CVE-2022-32893"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "168382"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3345"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0Safari\u00a0 Out-of-Bounds Write Vulnerability in Other Vendors\u0027 Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-017329"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3345"
}
],
"trust": 0.6
}
}
var-202202-0070
Vulnerability from variot
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. ========================================================================== Ubuntu Security Notice USN-6026-1 April 19, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim was incorrectly processing Vim buffers. An
attacker could possibly use this issue to perform illegal memory access and
expose sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-4166)
It was discovered that Vim was using freed memory when dealing with regular expressions inside a visual selection. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4192)
It was discovered that Vim was incorrectly handling virtual column position operations, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4193)
It was discovered that Vim was not properly performing bounds checks when updating windows present on a screen, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0213)
It was discovered that Vim was incorrectly performing read and write operations when in visual block mode, going beyond the end of a line and causing a heap buffer overflow. If a user were tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0261, CVE-2022-0318)
It was discovered that Vim was incorrectly handling window exchanging operations when in Visual mode, which could result in an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2022-0319)
It was discovered that Vim was incorrectly handling recursion when parsing conditional expressions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0351)
It was discovered that Vim was not properly handling memory allocation when processing data in Ex mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0359)
It was discovered that Vim was not properly performing bounds checks when executing line operations in Visual mode, which could result in a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361, CVE-2022-0368)
It was discovered that Vim was not properly handling loop conditions when looking for spell suggestions, which could result in a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0408)
It was discovered that Vim was incorrectly handling memory access when executing buffer operations, which could result in the usage of freed memory. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-0443)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. (CVE-2022-0554)
It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2022-0572)
It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0629)
It was discovered that Vim was not properly performing validation of data that contained special multi-byte characters, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0685)
It was discovered that Vim was incorrectly processing data used to define indentation in a file, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0714)
It was discovered that Vim was incorrectly processing certain regular expression patterns and strings, which could cause an out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-0729)
It was discovered that Vim incorrectly handled memory access. An attacker could potentially use this issue to cause the corruption of sensitive information, a crash, or arbitrary code execution. (CVE-2022-2207)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.7
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.14
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.13
Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm9
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13
macOS Ventura 13 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213488.
Accelerate Framework Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-42795: ryuzaki
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32858: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32898: Mohamed Ghannam (@_simo36) CVE-2022-32899: Mohamed Ghannam (@_simo36)
AppleAVD Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to cause a denial-of-service Description: A memory corruption issue was addressed with improved state management. CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of Google Project Zero, an anonymous researcher
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc.
AppleMobileFileIntegrity Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t)
ATS Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved checks. CVE-2022-32890: Mickey Jin (@patch1t)
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2022-42796: an anonymous researcher
Audio Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: The issue was addressed with improved memory handling. CVE-2022-42798: Anonymous working with Trend Micro Zero Day Initiative Entry added October 27, 2022
AVEVideoEncoder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o.
Calendar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher
CFNetwork Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu)
ColorSync Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. CVE-2022-26730: David Hoyt of Hoyt LLC
Crash Reporter Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to an iOS device may be able to read past diagnostic logs Description: This issue was addressed with improved data protection. CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike
curl Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.84.0. CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208
Directory Utility Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: A logic issue was addressed with improved checks. CVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc.
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)
DriverKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32915: Tommy Muir (@Muirey03)
Exchange Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to intercept mail credentials Description: A logic issue was addressed with improved restrictions. CVE-2022-32928: an anonymous researcher
FaceTime Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2022-32935: Bistrit Dahal Entry added October 27, 2022
Find My Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A malicious application may be able to read sensitive location information Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security, Wojciech Reguła of SecuRing (wojciechregula.blog)
Finder Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges Description: This issue was addressed with improved validation of symlinks. CVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies LTD
GPU Drivers Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi)
Grapher Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution Description: The issue was addressed with improved memory handling. CVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)
Heimdal Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-3437: Evgeny Legerov of Intevydis Entry added October 25, 2022
Image Processing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)
ImageIO Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622
Intel Graphics Driver Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-32936: Antonio Zekic (@antoniozekic)
IOHIDFamily Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32924: Ian Beer of Google Project Zero
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom) Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai Entry added October 27, 2022
Kernel Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved checks. CVE-2022-42801: Ian Beer of Google Project Zero Entry added October 27, 2022
Mail Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: This issue was addressed with improved data protection. CVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security
Maps Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com
MediaLibrary Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher
Model I/O Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted USD file may disclose memory contents Description: The issue was addressed with improved memory handling. CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security Light-Year Lab Entry added October 27, 2022
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537
ncurses Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: A denial-of-service issue was addressed with improved validation. CVE-2022-29458
Notes Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user in a privileged network position may be able to track user activity Description: This issue was addressed with improved data protection. CVE-2022-42818: Gustav Hansen from WithSecure
Notifications Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to access contacts from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-32879: Ubeydullah Sümer
PackageKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A race condition was addressed with improved state handling. CVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Photos Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed with improved data protection. CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort (evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher
ppp Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A buffer overflow may result in arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32941: an anonymous researcher Entry added October 27, 2022
Ruby Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed by updating Ruby to version 2.6.10. CVE-2022-28739
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app with root privileges may be able to access private information Description: This issue was addressed with improved data protection. CVE-2022-32862: an anonymous researcher
Sandbox Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Security Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania
Sidecar Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital
Siri Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user with physical access to a device may be able to use Siri to obtain some call history information Description: A logic issue was addressed with improved state management. CVE-2022-32870: Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)
SMB Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger
Software Update Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro
SQLite Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A remote user may be able to cause a denial-of-service Description: This issue was addressed with improved checks. CVE-2021-36690
Vim Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 CVE-2022-0554 CVE-2022-0572 CVE-2022-0629 CVE-2022-0685 CVE-2022-0696 CVE-2022-0714 CVE-2022-0729 CVE-2022-0943 CVE-2022-1381 CVE-2022-1420 CVE-2022-1725 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1621 CVE-2022-1629 CVE-2022-1674 CVE-2022-1733 CVE-2022-1735 CVE-2022-1769 CVE-2022-1927 CVE-2022-1942 CVE-2022-1968 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126
Weather Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 241969 CVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc (@xmzyshypnc1)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 242762 CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with Trend Micro Zero Day Initiative
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may disclose internal states of the app Description: A correctness issue in the JIT was addressed with improved checks. WebKit Bugzilla: 242964 CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab Entry added October 27, 2022
WebKit PDF Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative
WebKit Sandboxing Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improvements to the sandbox. WebKit Bugzilla: 243181 CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab
zlib Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018 and later), iMac (2017 and later), MacBook (2017), and iMac Pro (2017) Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-37434: Evgeny Legerov CVE-2022-42800: Evgeny Legerov Entry added October 27, 2022
Additional recognition
Airport We would like to acknowledge Joseph Salazar Acuña and Renato Llamoca of Intrado-Life & Safety/Globant for their assistance. AppleCredentialManager We would like to acknowledge @jonathandata1 for their assistance.
FaceTime We would like to acknowledge an anonymous researcher for their assistance.
FileVault We would like to acknowledge Timothy Perfitt of Twocanoes Software for their assistance.
Find My We would like to acknowledge an anonymous researcher for their assistance.
Identity Services We would like to acknowledge Joshua Jones for their assistance.
IOAcceleratorFamily We would like to acknowledge Antonio Zekic (@antoniozekic) for their assistance.
Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University, and Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous researcher for their assistance.
Mail We would like to acknowledge an anonymous researcher for their assistance.
Mail Drafts We would like to acknowledge an anonymous researcher for their assistance.
Networking We would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video Communications for their assistance.
Photo Booth We would like to acknowledge Prashanth Kannan of Dremio for their assistance.
Quick Look We would like to acknowledge Hilary “It’s off by a Pixel” Street for their assistance.
Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
smbx We would like to acknowledge HD Moore of runZero Asset Inventory for their assistance.
System We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.
System Settings We would like to acknowledge Bjorn Hellenbrand for their assistance.
UIKit We would like to acknowledge Aleczander Ewing for their assistance.
WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance.
WebRTC We would like to acknowledge an anonymous researcher for their assistance.
macOS Ventura 13 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke Nxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC /v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5 hyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb h3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z Eois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ qdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok r5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ MzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv tswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY +aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU w3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA= =lIdC -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0070",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.4359"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005625"
},
{
"db": "NVD",
"id": "CVE-2022-0572"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "167419"
}
],
"trust": 0.2
},
"cve": "CVE-2022-0572",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-0572",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-414804",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0572",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2022-0572",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-0572",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0572",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-0572",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-0572",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1139",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-414804",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-0572",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414804"
},
{
"db": "VULMON",
"id": "CVE-2022-0572"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005625"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1139"
},
{
"db": "NVD",
"id": "CVE-2022-0572"
},
{
"db": "NVD",
"id": "CVE-2022-0572"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. ==========================================================================\nUbuntu Security Notice USN-6026-1\nApril 19, 2023\n\nvim vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An \nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS. \n(CVE-2021-4166)\n\nIt was discovered that Vim was using freed memory when dealing with regular\nexpressions inside a visual selection. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu\n20.04 LTS. (CVE-2021-4192)\n\nIt was discovered that Vim was incorrectly handling virtual column position\noperations, which could result in an out-of-bounds read. An attacker could\npossibly use this issue to expose sensitive information. This issue only\naffected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. \n(CVE-2021-4193)\n\nIt was discovered that Vim was not properly performing bounds checks when\nupdating windows present on a screen, which could result in a heap buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0213)\n\nIt was discovered that Vim was incorrectly performing read and write\noperations when in visual block mode, going beyond the end of a line and\ncausing a heap buffer overflow. If a user were tricked into opening a\nspecially crafted file, an attacker could crash the application, leading to a\ndenial of service, or possibly achieve code execution with user privileges. \nThis issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu\n22.04 LTS. (CVE-2022-0261, CVE-2022-0318)\n\nIt was discovered that Vim was incorrectly handling window exchanging\noperations when in Visual mode, which could result in an out-of-bounds read. \nAn attacker could possibly use this issue to expose sensitive information. \n(CVE-2022-0319)\n\nIt was discovered that Vim was incorrectly handling recursion when parsing\nconditional expressions. An attacker could possibly use this issue to cause\na denial of service or execute arbitrary code. (CVE-2022-0351)\n\nIt was discovered that Vim was not properly handling memory allocation when\nprocessing data in Ex mode, which could result in a heap buffer overflow. \nAn attacker could possibly use this issue to cause a denial of service or\nexecute arbitrary code. (CVE-2022-0359)\n\nIt was discovered that Vim was not properly performing bounds checks when\nexecuting line operations in Visual mode, which could result in a heap\nbuffer overflow. An attacker could possibly use this issue to cause a\ndenial of service or execute arbitrary code. This issue only affected\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0361,\nCVE-2022-0368)\n\nIt was discovered that Vim was not properly handling loop conditions when\nlooking for spell suggestions, which could result in a stack buffer\noverflow. An attacker could possibly use this issue to cause a denial of\nservice or execute arbitrary code. (CVE-2022-0408)\n\nIt was discovered that Vim was incorrectly handling memory access when\nexecuting buffer operations, which could result in the usage of freed\nmemory. An attacker could possibly use this issue to execute arbitrary\ncode. (CVE-2022-0443)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. (CVE-2022-0554)\n\nIt was discovered that Vim was not properly performing bounds checks for\ncolumn numbers when replacing tabs with spaces or spaces with tabs, which\ncould cause a heap buffer overflow. An attacker could possibly use this\nissue to cause a denial of service or execute arbitrary code. \n(CVE-2022-0572)\n\nIt was discovered that Vim was incorrectly processing Vim buffers. An\nattacker could possibly use this issue to perform illegal memory access and\nexpose sensitive information. This issue only affected Ubuntu 20.04 LTS and\nUbuntu 22.04 LTS. (CVE-2022-0629)\n\nIt was discovered that Vim was not properly performing validation of data\nthat contained special multi-byte characters, which could cause an\nout-of-bounds read. An attacker could possibly use this issue to cause a\ndenial of service. (CVE-2022-0685)\n\nIt was discovered that Vim was incorrectly processing data used to define\nindentation in a file, which could cause a heap buffer overflow. An\nattacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0714)\n\nIt was discovered that Vim was incorrectly processing certain regular\nexpression patterns and strings, which could cause an out-of-bounds read. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-0729)\n\nIt was discovered that Vim incorrectly handled memory access. An attacker\ncould potentially use this issue to cause the corruption of sensitive\ninformation, a crash, or arbitrary code execution. (CVE-2022-2207)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.7\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.14\n\nUbuntu 18.04 LTS:\n vim 2:8.0.1453-1ubuntu1.13\n\nUbuntu 14.04 ESM:\n vim 2:7.4.052-1ubuntu3.1+esm9\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13\n\nmacOS Ventura 13 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213488. \n\nAccelerate Framework\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2022-42795: ryuzaki\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32858: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32898: Mohamed Ghannam (@_simo36)\nCVE-2022-32899: Mohamed Ghannam (@_simo36)\n\nAppleAVD\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to cause a denial-of-service\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of\nGoogle Project Zero, an anonymous researcher\n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. \n\nAppleMobileFileIntegrity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed by removing additional\nentitlements. \nCVE-2022-42825: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32902: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-32904: Mickey Jin (@patch1t)\n\nATS\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32890: Mickey Jin (@patch1t)\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-42796: an anonymous researcher\n\nAudio\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42798: Anonymous working with Trend Micro Zero Day\nInitiative\nEntry added October 27, 2022\n\nAVEVideoEncoder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32940: ABC Research s.r.o. \n\nCalendar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2022-42819: an anonymous researcher\n\nCFNetwork\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: A certificate validation issue existed in the handling\nof WKWebView. This issue was addressed with improved validation. \nCVE-2022-42813: Jonathan Zhang of Open Computing Facility\n(ocf.berkeley.edu)\n\nColorSync\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the processing of\nICC profiles. This issue was addressed with improved input\nvalidation. \nCVE-2022-26730: David Hoyt of Hoyt LLC\n\nCrash Reporter\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to an iOS device may be able to\nread past diagnostic logs\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike\n\ncurl\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in curl\nDescription: Multiple issues were addressed by updating to curl\nversion 7.84.0. \nCVE-2022-32205\nCVE-2022-32206\nCVE-2022-32207\nCVE-2022-32208\n\nDirectory Utility\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc. \n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)\n\nDriverKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32915: Tommy Muir (@Muirey03)\n\nExchange\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to\nintercept mail credentials\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32928: an anonymous researcher\n\nFaceTime\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen \nDescription: A lock screen issue was addressed with improved state\nmanagement. \nCVE-2022-32935: Bistrit Dahal\nEntry added October 27, 2022\n\nFind My\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A malicious application may be able to read sensitive\nlocation information\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security,\nWojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nFinder\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted DMG file may lead to\narbitrary code execution with system privileges\nDescription: This issue was addressed with improved validation of\nsymlinks. \nCVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies\nLTD\n\nGPU Drivers\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32947: Asahi Lina (@LinaAsahi)\n\nGrapher\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted gcx file may lead to\nunexpected app termination or arbitrary code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)\n\nHeimdal\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-3437: Evgeny Legerov of Intevydis\nEntry added October 25, 2022\n\nImage Processing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed app may be able to determine which app is\ncurrently using the camera\nDescription: The issue was addressed with additional restrictions on\nthe observability of app states. \nCVE-2022-32913: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nImageIO\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing an image may lead to a denial-of-service\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-1622\n\nIntel Graphics Driver\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-32936: Antonio Zekic (@antoniozekic)\n\nIOHIDFamily\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-42820: Peter Pan ZhenPeng of STAR Labs\n\nIOKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42806: Tingting Yin of Tsinghua University\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)\nCVE-2022-32911: Zweig of Kunlun Lab\nCVE-2022-32924: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-32914: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-42808: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges \nDescription: A race condition was addressed with improved locking. \nCVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai\nEntry added October 27, 2022\n\nKernel\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-42801: Ian Beer of Google Project Zero\nEntry added October 27, 2022\n\nMail\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security\n\nMaps\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32883: Ron Masas of breakpointhq.com\n\nMediaLibrary\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to elevate privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-32908: an anonymous researcher\n\nModel I/O\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents \nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security\nLight-Year Lab\nEntry added October 27, 2022\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-39537\n\nncurses\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing a maliciously crafted file may lead to a denial-\nof-service or potentially disclose memory contents\nDescription: A denial-of-service issue was addressed with improved\nvalidation. \nCVE-2022-29458\n\nNotes\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user in a privileged network position may be able to track\nuser activity\nDescription: This issue was addressed with improved data protection. \nCVE-2022-42818: Gustav Hansen from WithSecure\n\nNotifications\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to access\ncontacts from the lock screen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32879: Ubeydullah S\u00fcmer\n\nPackageKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nPhotos\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha\nTechnologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort\n(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan\nof Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-42829: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-42830: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-42831: an anonymous researcher\nCVE-2022-42832: an anonymous researcher\n\nppp\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A buffer overflow may result in arbitrary code execution \nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32941: an anonymous researcher\nEntry added October 27, 2022\n\nRuby\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause unexpected app termination\nor arbitrary code execution\nDescription: A memory corruption issue was addressed by updating Ruby\nto version 2.6.10. \nCVE-2022-28739\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app with root privileges may be able to access private\ninformation\nDescription: This issue was addressed with improved data protection. \nCVE-2022-32862: an anonymous researcher\n\nSandbox\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to access user-sensitive data\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2022-42811: Justin Bui (@slyd0g) of Snowflake\n\nSecurity\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to bypass code signing checks\nDescription: An issue in code signature validation was addressed with\nimproved checks. \nCVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)\n\nShortcuts\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A shortcut may be able to check the existence of an arbitrary\npath on the file system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of\nComputer Science of. Romania\n\nSidecar\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-42790: Om kothawade of Zaprico Digital\n\nSiri\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user with physical access to a device may be able to use\nSiri to obtain some call history information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32870: Andrew Goldberg of The McCombs School of Business,\nThe University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)\n\nSMB\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause kernel code execution\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32934: Felix Poulin-Belanger\n\nSoftware Update\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro\n\nSQLite\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A remote user may be able to cause a denial-of-service\nDescription: This issue was addressed with improved checks. \nCVE-2021-36690\n\nVim\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2022-0261\nCVE-2022-0318\nCVE-2022-0319\nCVE-2022-0351\nCVE-2022-0359\nCVE-2022-0361\nCVE-2022-0368\nCVE-2022-0392\nCVE-2022-0554\nCVE-2022-0572\nCVE-2022-0629\nCVE-2022-0685\nCVE-2022-0696\nCVE-2022-0714\nCVE-2022-0729\nCVE-2022-0943\nCVE-2022-1381\nCVE-2022-1420\nCVE-2022-1725\nCVE-2022-1616\nCVE-2022-1619\nCVE-2022-1620\nCVE-2022-1621\nCVE-2022-1629\nCVE-2022-1674\nCVE-2022-1733\nCVE-2022-1735\nCVE-2022-1769\nCVE-2022-1927\nCVE-2022-1942\nCVE-2022-1968\nCVE-2022-1851\nCVE-2022-1897\nCVE-2022-1898\nCVE-2022-1720\nCVE-2022-2000\nCVE-2022-2042\nCVE-2022-2124\nCVE-2022-2125\nCVE-2022-2126\n\nWeather\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: An app may be able to read sensitive location information\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32875: an anonymous researcher\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 241969\nCVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc\n(@xmzyshypnc1)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nWebKit Bugzilla: 242047\nCVE-2022-32888: P1umer (@p1umer)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 242762\nCVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Visiting a malicious website may lead to user interface\nspoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 243693\nCVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nWebKit Bugzilla: 244622\nCVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A logic issue was addressed with improved state\nmanagement. \nWebKit Bugzilla: 245058\nCVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser\nVulnerability Research, Ryan Shin of IAAI SecLab at Korea University,\nDohyun Lee (@l33d0hyun) of DNSLab at Korea University\n\nWebKit\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may disclose\ninternal states of the app\nDescription: A correctness issue in the JIT was addressed with\nimproved checks. \nWebKit Bugzilla: 242964\nCVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab\nEntry added October 27, 2022\n\nWebKit PDF\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 242781\nCVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend\nMicro Zero Day Initiative\n\nWebKit Sandboxing\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improvements to the\nsandbox. \nWebKit Bugzilla: 243181\nCVE-2022-32892: @18\u697c\u68a6\u60f3\u6539\u9020\u5bb6 and @jq0904 of DBAppSecurity\u0027s WeBin lab\n\nzlib\nAvailable for: Mac Studio (2022), Mac Pro (2019 and later), MacBook\nAir (2018 and later), MacBook Pro (2017 and later), Mac mini (2018\nand later), iMac (2017 and later), MacBook (2017), and iMac Pro\n(2017)\nImpact: A user may be able to cause unexpected app termination or\narbitrary code execution \nDescription: This issue was addressed with improved checks. \nCVE-2022-37434: Evgeny Legerov\nCVE-2022-42800: Evgeny Legerov\nEntry added October 27, 2022\n\nAdditional recognition\n\nAirport\nWe would like to acknowledge Joseph Salazar Acu\u00f1a and Renato Llamoca\nof Intrado-Life \u0026 Safety/Globant for their assistance. \nAppleCredentialManager\nWe would like to acknowledge @jonathandata1 for their assistance. \n\nFaceTime\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nFileVault\nWe would like to acknowledge Timothy Perfitt of Twocanoes Software\nfor their assistance. \n\nFind My\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nIdentity Services\nWe would like to acknowledge Joshua Jones for their assistance. \n\nIOAcceleratorFamily\nWe would like to acknowledge Antonio Zekic (@antoniozekic) for their\nassistance. \n\nKernel\nWe would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud\n(@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University,\nand Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous\nresearcher for their assistance. \n\nMail\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nMail Drafts\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nNetworking\nWe would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video\nCommunications for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Prashanth Kannan of Dremio for their\nassistance. \n\nQuick Look\nWe would like to acknowledge Hilary \u201cIt\u2019s off by a Pixel\u201d Street for\ntheir assistance. \n\nSandbox\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nsmbx\nWe would like to acknowledge HD Moore of runZero Asset Inventory for\ntheir assistance. \n\nSystem\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\nSystem Settings\nWe would like to acknowledge Bjorn Hellenbrand for their assistance. \n\nUIKit\nWe would like to acknowledge Aleczander Ewing for their assistance. \n\nWebKit\nWe would like to acknowledge Maddie Stone of Google Project Zero,\nNarendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an\nanonymous researcher for their assistance. \n\nWebRTC\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nmacOS Ventura 13 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke\nNxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC\n/v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5\nhyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb\nh3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z\nEois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ\nqdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok\nr5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ\nMzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv\ntswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY\n+aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU\nw3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA=\n=lIdC\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0572"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005625"
},
{
"db": "VULHUB",
"id": "VHN-414804"
},
{
"db": "VULMON",
"id": "CVE-2022-0572"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0572",
"trust": 3.8
},
{
"db": "PACKETSTORM",
"id": "169561",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167419",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005625",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.2405",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022221",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022061208",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060635",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1139",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169551",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2022-11175",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-414804",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0572",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171934",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414804"
},
{
"db": "VULMON",
"id": "CVE-2022-0572"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005625"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1139"
},
{
"db": "NVD",
"id": "CVE-2022-0572"
}
]
},
"id": "VAR-202202-0070",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-414804"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:33:44.570000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "retab Apple Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"title": "Vim Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=183395"
},
{
"title": "Red Hat: CVE-2022-0572",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-0572"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1771",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1771"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1579",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1579"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-077",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-077"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0572"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005625"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1139"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414804"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005625"
},
{
"db": "NVD",
"id": "CVE-2022-0572"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0572"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4goy5ywtp5quy2eflcl7auwa2cv57c37/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7zlehvp4lnager4zdguds5v5yvqd6inf/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4goy5ywtp5quy2eflcl7auwa2cv57c37/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-0572"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2405"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-buffer-overflow-via-ex-retab-37585"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022221"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2791"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167419/ubuntu-security-notice-usn-5460-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060635"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022061208"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169561/apple-security-advisory-2022-10-27-5.html"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36690"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39537"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht213488."
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.13"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6026-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.7"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5460-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414804"
},
{
"db": "VULMON",
"id": "CVE-2022-0572"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005625"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1139"
},
{
"db": "NVD",
"id": "CVE-2022-0572"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-414804"
},
{
"db": "VULMON",
"id": "CVE-2022-0572"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005625"
},
{
"db": "PACKETSTORM",
"id": "171934"
},
{
"db": "PACKETSTORM",
"id": "169561"
},
{
"db": "PACKETSTORM",
"id": "167419"
},
{
"db": "PACKETSTORM",
"id": "169551"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1139"
},
{
"db": "NVD",
"id": "CVE-2022-0572"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-14T00:00:00",
"db": "VULHUB",
"id": "VHN-414804"
},
{
"date": "2022-02-14T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0572"
},
{
"date": "2023-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005625"
},
{
"date": "2023-04-19T13:03:56",
"db": "PACKETSTORM",
"id": "171934"
},
{
"date": "2022-10-31T14:22:32",
"db": "PACKETSTORM",
"id": "169561"
},
{
"date": "2022-06-07T15:13:22",
"db": "PACKETSTORM",
"id": "167419"
},
{
"date": "2022-10-31T14:19:00",
"db": "PACKETSTORM",
"id": "169551"
},
{
"date": "2022-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1139"
},
{
"date": "2022-02-14T12:15:23.060000",
"db": "NVD",
"id": "CVE-2022-0572"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-414804"
},
{
"date": "2022-05-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0572"
},
{
"date": "2023-06-07T05:48:00",
"db": "JVNDB",
"id": "JVNDB-2022-005625"
},
{
"date": "2022-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1139"
},
{
"date": "2024-11-21T06:38:56.540000",
"db": "NVD",
"id": "CVE-2022-0572"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1139"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005625"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1139"
}
],
"trust": 0.6
}
}
var-201406-0137
Vulnerability from variot
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DTLS packets. The issue lies in the assumption that all fragments specify the same message size. An attacker could leverage this vulnerability to execute code in the context of the process using OpenSSL. The following are vulnerable: OpenSSL 0.9.8 prior to 0.9.8za OpenSSL 1.0.0 prior to 1.0.0m OpenSSL 1.0.1 prior to 1.0.1h. This update addresses the issues by updating PHP to version 5.4.30 CVE-ID CVE-2013-7345 CVE-2014-0185 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-3981 CVE-2014-4049
Bluetooth Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of a Bluetooth API call. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4390 : Ian Beer of Google Project Zero
CoreGraphics Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or an information disclosure Description: An out of bounds memory read existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program
CoreGraphics Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of PDF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with the iSIGHT Partners GVP Program
Foundation Available for: OS X Mavericks 10.9 to 10.9.4 Impact: An application using NSXMLParser may be misused to disclose information Description: An XML External Entity issue existed in NSXMLParser's handling of XML. This issue was addressed by not loading external entities across origins. CVE-ID CVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)
Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Compiling untrusted GLSL shaders may lead to an unexpected application termination or arbitrary code execution Description: A user-space buffer overflow existed in the shader compiler. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4393 : Apple
Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple validation issues existed in some integrated graphics driver routines. These issues were addressed through improved bounds checking. CVE-ID CVE-2014-4394 : Ian Beer of Google Project Zero CVE-2014-4395 : Ian Beer of Google Project Zero CVE-2014-4396 : Ian Beer of Google Project Zero CVE-2014-4397 : Ian Beer of Google Project Zero CVE-2014-4398 : Ian Beer of Google Project Zero CVE-2014-4399 : Ian Beer of Google Project Zero CVE-2014-4400 : Ian Beer of Google Project Zero CVE-2014-4401 : Ian Beer of Google Project Zero CVE-2014-4416 : Ian Beer of Google Project Zero
IOAcceleratorFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in the handling of IOKit API arguments. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2014-4376 : Ian Beer of Google Project Zero
IOAcceleratorFamily Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds read issue existed in the handling of an IOAcceleratorFamily function. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4402 : Ian Beer of Google Project Zero
IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: An out-of-bounds read issue existed in the handling of an IOHIDFamily function. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4379 : Ian Beer of Google Project Zero
IOKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the handling of certain metadata fields of IODataQueue objects. This issue was addressed through improved validation of metadata. CVE-ID CVE-2014-4388 : @PanguTeam
IOKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4389 : Ian Beer of Google Project Zero
Kernel Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A local user can infer kernel addresses and bypass kernel address space layout randomization Description: In some cases, the CPU Global Descriptor Table was allocated at a predictable address. This issue was addressed through always allocating the Global Descriptor Table at random addresses. CVE-ID CVE-2014-4403 : Ian Beer of Google Project Zero
Libnotify Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: A malicious application may be able to execute arbitrary code with root privileges Description: An out-of-bounds write issue existed in Libnotify. This issue was addressed through improved bounds checking CVE-ID CVE-2014-4381 : Ian Beer of Google Project Zero
OpenSSL Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Multiple vulnerabilities in OpenSSL 0.9.8y, including one that may lead to arbitrary code execution Description: Multiple vulnerabilities existed in OpenSSL 0.9.8y. CVE-ID CVE-2014-0076 CVE-2014-0195 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470
QT Media Foundation Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of RLE encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1391 : Fernando Munoz working with iDefense VCP, Tom Gallagher & Paul Bates working with HP's Zero Day Initiative
QT Media Foundation Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Playing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of MIDI files. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4350 : s3tm3m working with HP's Zero Day Initiative
QT Media Foundation Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of the 'mvhd' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4979 : Andrea Micalizzi aka rgod working with HP's Zero Day Initiative
ruby Available for: OS X Mavericks 10.9 to 10.9.4 Impact: A remote attacker may be able to cause arbitrary code execution Description: A heap buffer overflow existed in LibYAML's handling of percent-encoded characters in a URI. This issue was addressed through improved bounds checking. This update addresses the issues by updating LibYAML to version 0.1.6 CVE-ID CVE-2014-2525
Note: OS X Mavericks 10.9.5 includes the security content of Safari 7.0.6: http://support.apple.com/kb/HT6367
OS X Mavericks v10.9.5 and Security Update 2014-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUGkP0AAoJEBcWfLTuOo7tygQP/1vHYXtWy6492Tjj6ycymWa+ Ct0eCCBU/AUi5ODNDeV9ddWkuFeXKbgQSHoPU19IPcIBAKnYUupVJSJ/cEHfSthh CiROjJw8Bt8comn04BgggHieLveN1xQCXQDcO29kBIpQr394XKS0lNXP//Z0oG5V sCnEDPz/0R92mwT5XkKD9WC7G/WjybS5V7BjEbdzDOn4qdTVje05xI5pof+fkeQ1 hFHo7uTCDkSzLH2YxrQHifNVyItz8AgnNHwH7zc6XmNtiNFkiFP/KU6BYyr8WiTQ Jb3pyLB/Xvmbd0kuETnDNvV0oJc88G38a++xZPnuM7zQrW/TQkkKQpiqKtYAiJuw ZhUoky620/7HULegcYtsTyuDFyEN6whdSmHLFCJzk2oZXZ7MPA8ywCFB8Y79rohW 5MTe/zVUSxxYBgVXpkmhPwXYSTINeUJGJA1RQtXhC2Hh6O2jeqJP2H0hTmgsCBRA 3X/2CGoyAAgoKTJwgXk07tBbJWf+wQwAvUN9L1Yph+uOvvUzqFt8LNEGw9jVPsZl QHcSEW/Ef/HK/OLwVZiPqse6lRJAdRZl5//vm4408jnXfJCy6KnvxcsO4Z1yTyoP kCXdWlSLBiidcRRWBfoQBSC3gANcx9a56ItWieEvJrdNOiyhb+gqEk7XraOlb/gf k4w2RKNm0Fv+kdNoFAnd =gpVc -----END PGP SIGNATURE-----
. OpenSSL is a 3rd party product that is embedded with some HP Software products. The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide. ============================================================================ Ubuntu Security Notice USN-2232-4 August 18, 2014
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
USN-2232-1 introduced a regression in OpenSSL. One of the patch backports for Ubuntu 10.04 LTS caused a regression for certain applications. This update fixes the problem.
We apologize for the inconvenience. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195) Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. (CVE-2014-0224) Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.21
After a standard system update you need to reboot your computer to make all the necessary changes.
CVE-2014-0221
Imre Rad discovered the processing of DTLS hello packets is
susceptible to denial of service.
Additional information can be found at http://www.openssl.org/news/secadv_20140605.txt
For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u10. You can use the tool checkrestart from the package debian-goodies to detect affected programs or reboot your system. There's also a forthcoming security update for the Linux kernel later the day (CVE-2014-3153), so you need to reboot anyway. Perfect timing, isn't it?
For the unstable distribution (sid), these problems will be fixed soon. Corrected: 2014-06-05 12:32:38 UTC (stable/10, 10.0-STABLE) 2014-06-05 12:33:23 UTC (releng/10.0, 10.0-RELEASE-p5) 2014-06-05 12:53:06 UTC (stable/9, 9.3-BETA1) 2014-06-05 12:53:06 UTC (stable/9, 9.3-BETA1-p2) 2014-06-05 12:33:23 UTC (releng/9.2, 9.2-RELEASE-p8) 2014-06-05 12:33:23 UTC (releng/9.1, 9.1-RELEASE-p15) 2014-06-05 12:32:38 UTC (stable/8, 8.4-STABLE) 2014-06-05 12:33:23 UTC (releng/8.4, 8.4-RELEASE-p12) CVE Name: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background
FreeBSD includes software from the OpenSSL Project.
II. [CVE-2014-3470]
III. [CVE-2014-3470]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 10.0]
fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-10.patch
fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-10.patch.asc
gpg --verify openssl-10.patch.asc
[FreeBSD 9.x and 8.x]
fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-9.patch
fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-9.patch.asc
gpg --verify openssl-9.patch.asc
b) Apply the patch. Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as described in .
Restart all deamons using the library, or reboot the system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
freebsd-update fetch
freebsd-update install
VI. Correction details
The following list contains the correction revision numbers for each affected branch.
Branch/path Revision
stable/8/ r267103 releng/8.4/ r267104 stable/9/ r267106 releng/9.1/ r267104 releng/9.2/ r267104 stable/10/ r267103 releng/10.0/ r267104
To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:
svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII.
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566). NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).
The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt
Updated Packages:
Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 1.0.1h-r1 >= 0.9.8z_p5 >= 0.9.8z_p4 >= 0.9.8z_p1 >= 0.9.8z_p3 >= 0.9.8z_p2 >= 1.0.0m >= 1.0.1h-r1
Description
Multiple vulnerabilities have been discovered in OpenSSL.
Resolution
All OpenSSL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1h-r1"
References
[ 1 ] CVE-2010-5298 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298 [ 2 ] CVE-2014-0195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195 [ 3 ] CVE-2014-0198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198 [ 4 ] CVE-2014-0221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221 [ 5 ] CVE-2014-0224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224 [ 6 ] CVE-2014-3470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470 [ 7 ] OpenSSL Security Advisory [05 Jun 2014] http://www.openssl.org/news/secadv_20140605.txt
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201407-05.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2014:0625-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0625.html Issue date: 2014-06-05 CVE Names: CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224)
Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433
A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. (CVE-2014-0195)
Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)
A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221)
A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)
Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Gröbert and Ivan Fratrić of Google as the original reporters of CVE-2014-3470.
All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1087195 - CVE-2010-5298 openssl: freelist misuse causing a possible use-after-free 1093837 - CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write() 1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability 1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake 1103598 - CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment 1103600 - CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-perl-1.0.1e-16.el6_5.14.i686.rpm openssl-static-1.0.1e-16.el6_5.14.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
ppc64: openssl-1.0.1e-16.el6_5.14.ppc.rpm openssl-1.0.1e-16.el6_5.14.ppc64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.ppc.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm openssl-devel-1.0.1e-16.el6_5.14.ppc.rpm openssl-devel-1.0.1e-16.el6_5.14.ppc64.rpm
s390x: openssl-1.0.1e-16.el6_5.14.s390.rpm openssl-1.0.1e-16.el6_5.14.s390x.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.s390.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm openssl-devel-1.0.1e-16.el6_5.14.s390.rpm openssl-devel-1.0.1e-16.el6_5.14.s390x.rpm
x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-perl-1.0.1e-16.el6_5.14.i686.rpm openssl-static-1.0.1e-16.el6_5.14.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm openssl-perl-1.0.1e-16.el6_5.14.ppc64.rpm openssl-static-1.0.1e-16.el6_5.14.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm openssl-perl-1.0.1e-16.el6_5.14.s390x.rpm openssl-static-1.0.1e-16.el6_5.14.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-perl-1.0.1e-16.el6_5.14.i686.rpm openssl-static-1.0.1e-16.el6_5.14.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2010-5298.html https://www.redhat.com/security/data/cve/CVE-2014-0195.html https://www.redhat.com/security/data/cve/CVE-2014-0198.html https://www.redhat.com/security/data/cve/CVE-2014-0221.html https://www.redhat.com/security/data/cve/CVE-2014-0224.html https://www.redhat.com/security/data/cve/CVE-2014-3470.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/articles/904433 https://access.redhat.com/site/solutions/905793
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTkGAKXlSAg2UNWIIRAnrwAJ9sLrj3wCAZhJU00jxgt03unDAHywCfVjUB pJJhdOUzRUL8R2haDM4xrsk= =hZF8 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. These vulnerabilities include:
-
The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information.
-
HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2010-5298
4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)
CVE-2014-0076
4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)
CVE-2014-0195
7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-0198
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-0221
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-0224
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-3470
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-3566
3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVE-2016-0705
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE recommends applying the following software updates to resolve the vulnerabilities in the impacted versions of HPE StoreVirtual products running HPE LeftHand OS.
LeftHand OS v11.5 - Patches 45019-00 and 45020 LeftHand OS v12.0 - Patches 50016-00 and 50017-00 LeftHand OS v12.5 - Patch 55016-00 LeftHand OS v12.6 - Patch 56002-00
Notes:
These patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision to OpenSSL v1.0.1e 48. These patches migrate Certificate Authority Hashing Algorithm from a weak hashing algorithm SHA1 to the stronger hashing algorithm SHA256. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software.
Release Date: 2014-08-08 Last Updated: 2014-08-08
Potential Security Impact: Remote denial of service (DoS), code execution, unauthorized access, disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) running on Linux and Windows. These components of HP Insight Control server deployment could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information.
HP Insight Control server deployment packages HP System Management Homepage (SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following components. This bulletin provides the information needed to update the HP Insight Control server deployment solution.
Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64 Upgrade Proliant Firmware
References:
CVE-2010-5298 Remote Denial of Service CVE-2014-0076 Unauthorized Disclosure of Information CVE-2014-0195 Remote Unauthorized Access CVE-2014-0198 Remote Denial of Service CVE-2014-0221 Remote Denial of Service (DoS) CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information CVE-2014-3470 Remote Code Execution or Unauthorized Access SSRT101628
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0 CVE-2014-0076 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following updates to v7.3.1 of HP Insight Control server deployment to resolve this vulnerability. HP has provided manual update steps if a version upgrade is not possible; if users wish to remain at v7.1.2, v7.2.0, or v7.2.1.
Note: It is important to check your current running version of HP Insight Control server deployment and to follow the correct steps listed below. For HP Insight Control server deployment v7.2.2, users must upgrade to v7.3.1 and follow the steps below to remove the vulnerability. The vulnerability known as Heartbleed (CVE-2014-0160) was fixed in HP Insight Control server deployment v7.3.1. That Security Bulletin with instructions on how to upgrade to v7.3.1 can be found here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n a-c04267749
HP Insight Control server deployment users of v7.1.2, v7.2.0, v7.2.1 should take the following steps to remove this vulnerability.
Delete the files smhamd64-.exe/smhx86-.exe" from Component Copy Location listed in the following table, rows 1 and 2. Delete the files "vcax86-.exe/vcaamd64-.exe from Component Copy Location listed in the following table, rows 3 and 4. Delete the files hpsmh-7.*.rpm" from Component Copy Location listed in row 5. In sequence, perform the steps from left to right in the following table. First, download components from Download Link; Second, rename the component as suggested in Rename to. Third, copy the component to the location specified in Component Copy Location. Table Row Number Download Link Rename to Component Copy Location
1 http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba smhamd64-ccp023716.exe \express\hpfeatures\hpagents-ws\components\Win2008
2 http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05 smhx86-cp023715.exe \express\hpfeatures\hpagents-ws\components\Win2008
3 http://www.hp.com/swpublishing/MTX-8aefeaf490284a7691eca97d13 vcax86-cp023742.exe \express\hpfeatures\hpagents-ws\components\Win2008
4 http://www.hp.com/swpublishing/MTX-c0d32bac154a4d93839d8cd1f2 vcaamd64-cp023743.exe \express\hpfeatures\hpagents-ws\components\Win2008
5 http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components \express\hpfeatures\hpagents-sles10-x64\components \express\hpfeatures\hpagents-rhel5-x64\components \express\hpfeatures\hpagents-rhel6-x64\components
Download and extract the HPSUM 5.3.6 component from ftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p750586112/v99793
Copy all content from extracted ZIP folder and paste into \eXpress\hpfeatures\fw-proLiant\components Initiate Install HP Management Agents for SLES 11 x64 on targets running SLES11 x64. Initiate Install HP Management Agents for SLES 10 x64 on targets running SLES10 x64. Initiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL 6 x64. Initiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL 5 x64. Initiate Install HP Management Agents for Windows x86/x64 on targets running Windows.
HP Insight Control server deployment users with v7.2.2:
Please upgrade to Insight Control server deployment v7.3.1 and follow the steps below for v7.3.1.
HP Insight Control server deployment users with v7.3.1:
Perform steps 1 - 4 as outlined above for users with HP Insight Control server deployment v7.1.2, v7.2.0, and v7.2.1. Download the HP SUM ZIP file from http://www.hp.com/swpublishing/MTX-f6c141a7feeb4a358bbb28300f
Extract the contents from the HP SUM ZIP file to \eXpress\hpfeatures\fw-proLiant\components location on the Insight Control server deployment server
Related security bulletins:
For System Management Homepage please see Security bulletin HPSBMU03051 https ://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04 345210
For HP Version Control Agent please see Security bulletin HPSBMU03057 https:/ /h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c0434 9897
HISTORY Version:1 (rev.1) - 8 August 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201406-0137",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smartcloud provisioning",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8za"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0m"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "19"
},
{
"model": "mariadb",
"scope": "gte",
"trust": 1.0,
"vendor": "mariadb",
"version": "10.0.0"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1h"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "mariadb",
"scope": "lt",
"trust": 1.0,
"vendor": "mariadb",
"version": "10.0.13"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "20"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.1"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.0"
},
{
"model": "bladecenter advanced management module 3.66e",
"scope": null,
"trust": 0.9,
"vendor": "ibm",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "api management",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "3.0 (ibm pureapplication system and xen)"
},
{
"model": "api management",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "3.0 (vmware)"
},
{
"model": "infosphere master data management",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "patient hub 10.0"
},
{
"model": "infosphere master data management",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "provider hub 10.0"
},
{
"model": "infosphere master data management",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "standard/advanced edition 11.0"
},
{
"model": "infosphere master data management",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "standard/advanced edition 11.3"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "patient hub 9.5"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "patient hub 9.7"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "provider hub 9.5"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "provider hub 9.7"
},
{
"model": "sdk,",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "for node.js 1.1.0.3"
},
{
"model": "smartcloud orchestrator",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "smartcloud orchestrator",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "2.3 fp1"
},
{
"model": "smartcloud provisioning",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "2.1 for ibm provided software virtual appliance"
},
{
"model": "smartcloud provisioning",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "2.3 fp1"
},
{
"model": "tivoli management framework",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "4.1.1 (linux-ix86 and linux-s390)"
},
{
"model": "tivoli workload scheduler",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "distributed 8.4.0 fp07"
},
{
"model": "tivoli workload scheduler",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "distributed 8.5.0 fp04"
},
{
"model": "tivoli workload scheduler",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "distributed 8.5.1 fp05"
},
{
"model": "tivoli workload scheduler",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "distributed 8.6.0 fp03"
},
{
"model": "tivoli workload scheduler",
"scope": "lte",
"trust": 0.8,
"vendor": "ibm",
"version": "distributed 9.1.0 fp01"
},
{
"model": "tivoli workload scheduler",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "distributed 9.2.0 ga level"
},
{
"model": "tivoli composite application manager",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "for transactions 7.2"
},
{
"model": "tivoli composite application manager",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "for transactions 7.3"
},
{
"model": "tivoli composite application manager",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "for transactions 7.4"
},
{
"model": "openssl",
"scope": "lt",
"trust": 0.8,
"vendor": "openssl",
"version": "0.9.8 thats all 0.9.8za"
},
{
"model": "openssl",
"scope": "lt",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.0 thats all 1.0.0m"
},
{
"model": "openssl",
"scope": "lt",
"trust": 0.8,
"vendor": "openssl",
"version": "1.0.1 thats all 1.0.1h"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.7.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.8.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.9 to 10.9.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.7.5"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 4.63"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 4.71"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 5.0"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle secure global desktop 5.1"
},
{
"model": "vm virtualbox",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "3.2.24"
},
{
"model": "vm virtualbox",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "4.0.26"
},
{
"model": "vm virtualbox",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "4.1.34"
},
{
"model": "vm virtualbox",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "4.2.26"
},
{
"model": "vm virtualbox",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "4.3.14"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "storage",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1"
},
{
"model": "l20/300",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "lto6 drive",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "lx/30a",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "integrated system ha database ready",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "symfoware",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "analytics server"
},
{
"model": "symfoware",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "server"
},
{
"model": "openssl",
"scope": null,
"trust": 0.7,
"vendor": "openssl",
"version": null
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.0g"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.0j"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.0d"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.0h"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.0c"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.0e"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.0i"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.0l"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.0f"
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.0k"
},
{
"model": "storevirtual 1tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433011.5"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.14"
},
{
"model": "security enterprise scanner",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.3"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30000"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.3.3"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3.1"
},
{
"model": "spa232d multi-line dect ata",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "policy center v100r003c00spc305",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "10.0-beta",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "solaris",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.20.5.0"
},
{
"model": "proactive network operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storevirtual 1tb mdl china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.5"
},
{
"model": "infosphere guardium",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "virtual connect 8gb 24-port fc module",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "3.0"
},
{
"model": "algo audit and compliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.0.2"
},
{
"model": "project openssl 0.9.8f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "documentum content server p06",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "7.1"
},
{
"model": "chrome for android",
"scope": "ne",
"trust": 0.3,
"vendor": "google",
"version": "35.0.1916.141"
},
{
"model": "tandberg mxp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8800"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "big-ip pem",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "9.1-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "project openssl 1.0.0d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "prime network analysis module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.6"
},
{
"model": "project openssl 1.0.1e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "90000"
},
{
"model": "ip video phone e20",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "blackberry enterprise service",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "10.1.2.6"
},
{
"model": "storevirtual 900gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433011.5"
},
{
"model": "ios software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "i v5r4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "ios xe software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "mate products",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32400"
},
{
"model": "project openssl 1.0.1a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.6.1"
},
{
"model": "computer telephony integration object server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storevirtual 4tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.5"
},
{
"model": "isoc v200r001c00spc202",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "3000"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "3.1.9"
},
{
"model": "10.0-release-p5",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "small business isa500 series integrated security appliances",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "srg1200\u00262200\u00263200 v100r002c02hp0001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "security network intrusion prevention system gx3002",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "ace application control engine module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "oncommand unified manager core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "storevirtual 600gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "413011.5"
},
{
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "storevirtual 2tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.6"
},
{
"model": "i v5r3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.3.28"
},
{
"model": "proventia network security controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.470"
},
{
"model": "systems insight manager 7.3.0a",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "storevirtual 600gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.5"
},
{
"model": "storevirtual hybrid san solution",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433511.5"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "project openssl 1.0.0g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "56000"
},
{
"model": "anyconnect secure mobility client for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "virtual connect 8gb 24-port fc module",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.1.3"
},
{
"model": "dsr-500n 1.09.b61",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.3"
},
{
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "88310"
},
{
"model": "big-ip analytics",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "9.1-release-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "messaging secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "7.5"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "video surveillance series ip camera",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40000"
},
{
"model": "anyconnect secure mobility client for desktop platforms",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "big-ip link controller",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "idp 4.1r2",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "fortios b0537",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.8"
},
{
"model": "jabber guest",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "8.4-release-p9",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "77009.7"
},
{
"model": "9.1-release-p15",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "usg9500 usg9500 v300r001c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "s2750\u0026s5700\u0026s6700 v200r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "filenet system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "spa510 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "espace u19** v100r001c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "content security management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.3.1"
},
{
"model": "uma v200r001c00spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 450gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.6"
},
{
"model": "idp 4.1r3",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "storevirtual vsa software",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.5"
},
{
"model": "storevirtual 900gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.6"
},
{
"model": "storevirtual 450gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.6"
},
{
"model": "usg9500 v200r001c01sph902",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "smartcloud provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "vpn client v100r001c02spc702",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "telepresence content server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tandberg codian mse model",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83200"
},
{
"model": "big-ip pem",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "uma v200r001c00spc200",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "big-ip ltm",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "api management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "oceanstor s6800t v100r005",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "project openssl 0.9.8w",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "digital media players series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "44000"
},
{
"model": "chrome for android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "34.0"
},
{
"model": "isoc v200r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "3000"
},
{
"model": "storevirtual 450gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.0"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1"
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.5"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "storevirtual 450gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.0"
},
{
"model": "enterprise linux server eus 6.5.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "release-p4",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "9.1"
},
{
"model": "manageone v100r002c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "eupp v100r001c10spc002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "prime performance manager for sps",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.1g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "big-ip psm",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "tivoli workload scheduler distributed ga level",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2.0"
},
{
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"model": "storevirtual 4tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "project openssl 0.9.8m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "10.0-release-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "5.0"
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.6"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "9.1-rc2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "updatexpress system packs installer",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.61"
},
{
"model": "s7700\u0026s9700 v200r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"model": "rational application developer for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "storevirtual vsa software",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.6"
},
{
"model": "prime access registrar appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "87100"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "stunnel",
"scope": "ne",
"trust": 0.3,
"vendor": "stunnel",
"version": "5.02"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "big-ip analytics",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "tivoli netcool/system service monitor fp11",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "flex system fc5022",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "sterling file gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "storevirtual 600gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.0"
},
{
"model": "storevirtual 900gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.0"
},
{
"model": "s3900 v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 600gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "413012.6"
},
{
"model": "ips",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storevirtual china hybrid storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433511.5"
},
{
"model": "unified communications widgets click to call",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "agile controller v100r001c00spc200",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace usm v100r001 v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "softco v100r003",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor s5500t v100r005",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "videoscape anyres live",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence t series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storevirtual 1tb mdl sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433011.5"
},
{
"model": "oncommand unified manager core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5"
},
{
"model": "tivoli netcool/system service monitor fp12",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "unified attendant console advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.0h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "9.1--releng",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "smart update manager for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.3.5"
},
{
"model": "mds switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "big-ip gtm",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "ftp server",
"scope": "eq",
"trust": 0.3,
"vendor": "cerberus",
"version": "7.0.0.1"
},
{
"model": "storevirtual 450gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.0"
},
{
"model": "proventia network security controller 1.0.3352m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "documentum content server p07",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "7.1"
},
{
"model": "wag310g wireless-g adsl2+ gateway with voip",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.6.4"
},
{
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0"
},
{
"model": "storevirtual 900gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.5"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "storevirtual 450gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.5"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.10"
},
{
"model": "telepresence tx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "90000"
},
{
"model": "telepresence system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10000"
},
{
"model": "director",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.5.2"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.2.2"
},
{
"model": "nexus switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "31640"
},
{
"model": "jabber for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ftp server",
"scope": "eq",
"trust": 0.3,
"vendor": "cerberus",
"version": "7.0.0.2"
},
{
"model": "fastsetup",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.11"
},
{
"model": "unified wireless ip phone series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "29200"
},
{
"model": "messagesight server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.1"
},
{
"model": "fusionsphere v100r003c10spc600",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "big-ip asm",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "telepresence advanced media gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.40"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32100"
},
{
"model": "tivoli workload scheduler distributed fp03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1"
},
{
"model": "smc2.0 v100r002c01b025sp07",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 1tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.0"
},
{
"model": "s2700\u0026s3700 v100r006",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "project openssl 0.9.8r",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "espace cc v200r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "ida pro",
"scope": "eq",
"trust": 0.3,
"vendor": "hex ray",
"version": "6.5"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "chrome for android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "protection service for email",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "7.1"
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.6"
},
{
"model": "jabber for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "2.1.5-3"
},
{
"model": "usg5000 v300r001c10sph201",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.5"
},
{
"model": "security information and event management",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.4"
},
{
"model": "project openssl 0.9.8n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "security network intrusion prevention system gx5208",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.14"
},
{
"model": "prime optical for sps",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.2"
},
{
"model": "9.2-rc2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433011.5"
},
{
"model": "big-ip psm",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "isoc v200r001c01",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "5000"
},
{
"model": "malware analyzer g2",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "3.5"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "snapdrive for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "security network intrusion prevention system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.3"
},
{
"model": "storevirtual 600gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473011.5"
},
{
"model": "virtual connect 8gb 24-port fc module",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.0"
},
{
"model": "operations analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "project openssl 0.9.8y",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "icewall sso agent option",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.02007"
},
{
"model": "project openssl beta4",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.0"
},
{
"model": "esight-ewl v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "hyperdp oceanstor n8500 v200r001c91",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "open systems snapvault",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.3.2.4"
},
{
"model": "guardium database activity monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "security network intrusion prevention system gx4004-v2",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "asg2000 v100r001c10sph001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual hybrid san solution",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.0"
},
{
"model": "documentum content server",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "7.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.11"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.2"
},
{
"model": "manageone v100r001c02",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 600gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.6"
},
{
"model": "wireless lan controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.0l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "9.1-release-p12",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "oncommand unified manager core package",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "smart call home",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storevirtual 1tb mdl sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.6"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "project openssl beta5",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.0"
},
{
"model": "tivoli netcool/system service monitor fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "s7700\u0026s9700 v100r006",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3"
},
{
"model": "insight control server deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.0"
},
{
"model": "oic v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 3tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.5"
},
{
"model": "infosphere master data management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0"
},
{
"model": "s6900 v100r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.3"
},
{
"model": "icewall sso dfw certd",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "spa300 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "big-ip afm",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "vsm v200r002c00spc503",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "upward integration modules for microsoft system center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5"
},
{
"model": "ecns610 v100r003c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "ucs b-series servers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.3"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "project openssl 0.9.8p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "documentum content server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "6.7"
},
{
"model": "chrome for android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0.1025308"
},
{
"model": "big-ip gtm",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "telepresence isdn link",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "3.1.4"
},
{
"model": "storevirtual fc 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.5"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30000"
},
{
"model": "storevirtual china hybrid san solution",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433511.5"
},
{
"model": "storevirtual hybrid san solution",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.6"
},
{
"model": "chrome for android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0.1700.99"
},
{
"model": "big-ip asm",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "universal small cell series software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50003.4.2.0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.13"
},
{
"model": "tandberg codian isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32200"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.4"
},
{
"model": "hardware management console release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v77.9"
},
{
"model": "cloudburst",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "storevirtual fc 900gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "8.4-release-p8",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "s5900 v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.6"
},
{
"model": "documentum content server p05",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "7.1"
},
{
"model": "oceanstor s6800t v100r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "snapdrive for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"model": "jabber video for telepresence",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security network intrusion prevention system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.5"
},
{
"model": "secure access control server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "storevirtual 600gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9"
},
{
"model": "fortios build",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.2.0589"
},
{
"model": "storevirtual fc 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.5"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "snapdrive for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "chrome for android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0"
},
{
"model": "documentum content server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "6.7"
},
{
"model": "virtualization experience media engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli workload scheduler distributed fp05",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "tivoli workload scheduler distributed fp01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0"
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1"
},
{
"model": "storevirtual 4tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453011.5"
},
{
"model": "jabber im for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "snapdrive for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "77109.7"
},
{
"model": "project openssl 0.9.8m beta1",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "small cell factory recovery root filesystem",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.99.4"
},
{
"model": "security network intrusion prevention system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.4"
},
{
"model": "guardium database activity monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "quantum policy suite",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 0.9.8q",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "10.0-rc3-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "ftp server",
"scope": "eq",
"trust": 0.3,
"vendor": "cerberus",
"version": "7.0"
},
{
"model": "storevirtual 600gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453011.5"
},
{
"model": "manageone v100r002c10 spc320",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "svn2200 v200r001c01spc600",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"model": "rational application developer for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0.1"
},
{
"model": "s2750\u0026s5700\u0026s6700 v100r006",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual china hybrid storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.0"
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3200"
},
{
"model": "director",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.5.2.3"
},
{
"model": "messagesight server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "storevirtual 3tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.0"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "safe profile",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "0"
},
{
"model": "espace vtm v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "jabber software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ssl for openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.4-453"
},
{
"model": "spa122 ata with router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "9.2-rc2-p2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "security network intrusion prevention system gx5208-v2",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "storevirtual fc 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.6"
},
{
"model": "blackberry enterprise service",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "10.1.1"
},
{
"model": "tivoli netcool/system service monitor fp10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"model": "infosphere guardium",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "9.2-release-p7",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "project openssl 1.0.1c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "advanced settings utility",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.60"
},
{
"model": "9.1-release-p11",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "ssl for openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.4-467"
},
{
"model": "chrome for android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "32.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "spa525 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "data ontap smi-s agent",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "automation stratix",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "590015.6.3"
},
{
"model": "tssc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473011.5"
},
{
"model": "advanced settings utility",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.52"
},
{
"model": "eupp v100r001c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "nexus series fabric extenders",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "20000"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8v"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.3.2"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.4.0"
},
{
"model": "security network intrusion prevention system gx6116",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "project openssl 1.0.1f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "463012.0"
},
{
"model": "storevirtual china hybrid storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.6"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "intelligencecenter",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "3.2"
},
{
"model": "storevirtual 600gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "413012.0"
},
{
"model": "blackberry enterprise service",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "10.1.2"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "algo audit and compliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"model": "telepresence mxp series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "upward integration modules for vmware vsphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.2"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.3.2"
},
{
"model": "telepresence system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "13000"
},
{
"model": "documentum content server p02",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "7.1"
},
{
"model": "espace u2980 v100r001c02",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "uma-db v2r1coospc101",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "security information and event management hf6",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.2.2"
},
{
"model": "upward integration modules for microsoft system center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0.1"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.4"
},
{
"model": "identity service engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 0.9.8g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "9.2-release-p3",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "telepresence exchange system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "usg9300 usg9300 v100r003c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "s12700 v200r005",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "smart update manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.4"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "oncommand workflow automation",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "big-ip link controller",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "sterling file gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.12"
},
{
"model": "desktop collaboration experience dx650",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "8.4-release-p11",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "automation stratix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "59000"
},
{
"model": "oncommand unified manager core package 5.2.1p1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "tivoli workload scheduler distributed fp04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "oceanstor s2200t v100r005",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"model": "storevirtual hybrid storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433511.5"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.0"
},
{
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7600-"
},
{
"model": "blackberry enterprise service",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "10.1.3"
},
{
"model": "espace u2990 v200r001c02",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.1"
},
{
"model": "telepresence system series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "30000"
},
{
"model": "storevirtual 3tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.6"
},
{
"model": "9.1-release-p7",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "tivoli workload scheduler for applications fp02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "srg1200\u00262200\u00263200 v100r002c02spc800",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "s2900 v100r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "dsr-1000n rev. a1",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "telepresence server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70100"
},
{
"model": "open source security information management",
"scope": "ne",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.10"
},
{
"model": "storevirtual hybrid san solution",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.5"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "storevirtual vsa software",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.0"
},
{
"model": "svn5500 v200r001c01spc600",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6"
},
{
"model": "telepresence ip gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70000"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "2.1"
},
{
"model": "open systems snapvault 3.0.1p6",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "blackberry os",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "10.2.0.1055"
},
{
"model": "smart update manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.0"
},
{
"model": "key",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "0"
},
{
"model": "tivoli netcool/system service monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "snapdrive for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.2"
},
{
"model": "jabber voice for android",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "onepk all-in-one vm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.7"
},
{
"model": "usg5000 v300r001c10spc200",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "big-ip ltm",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "storevirtual china hybrid san solution",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.0"
},
{
"model": "idp 4.2r1",
"scope": null,
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.9"
},
{
"model": "big-ip apm",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "tivoli netcool/system service monitor fp13",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "infosphere guardium",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "9.3-beta1-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.1.5.1"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 0.3,
"vendor": "stunnel",
"version": "5.00"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.5"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.8.0"
},
{
"model": "idp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "security network intrusion prevention system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6"
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.0"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.2"
},
{
"model": "tandberg mxp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7700"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "prime data center network manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storevirtual 1tb mdl china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433011.5"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.0.4"
},
{
"model": "cc v200r001c31",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "tivoli netcool/system service monitor fp6",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "s12700 v200r005+v200r005hp0",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "s5900 v100r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "xenmobile app controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "2.10"
},
{
"model": "8.4-rc1-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "blackberry os",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "10.0.10648"
},
{
"model": "cloudburst",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2"
},
{
"model": "xenmobile app controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "2.9"
},
{
"model": "esight v2r3c10spc201",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor s5500t v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "413012.0"
},
{
"model": "software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "isoc v200r001c02",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "9000"
},
{
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.6.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.0"
},
{
"model": "storevirtual china hybrid san solution",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.6"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.4"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.3"
},
{
"model": "security information and event management hf3",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.1.4"
},
{
"model": "insight control server deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "project openssl 0.9.8l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "security information and event management",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.1"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50000"
},
{
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.6.6"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "10.0-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "icewall sso dfw r2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0"
},
{
"model": "documentum content server sp2 p13",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "6.7"
},
{
"model": "agent desktop for cisco unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.1"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70000"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"model": "big-ip afm",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "messaging secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "7.1"
},
{
"model": "s3900 v100r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "i v5r4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "ddos secure",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "0"
},
{
"model": "anyoffice emm",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "2.6.0601.0090"
},
{
"model": "smart update manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0"
},
{
"model": "ddos secure",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": "5.14.1-1"
},
{
"model": "9.3-beta1-p2",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "storevirtual 450gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.5"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"model": "s2750\u0026s5700\u0026s6700 v200r005+v200r005hp0",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.7.0"
},
{
"model": "video surveillance series ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60000"
},
{
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "tssc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.12"
},
{
"model": "vsm v200r002c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "one-x client enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "ssl for openvms",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "1.4-476"
},
{
"model": "project openssl 1.0.0i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "security network intrusion prevention system gx7412",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "powervu d9190 comditional access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storevirtual 3tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453011.5"
},
{
"model": "i v5r3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "security network intrusion prevention system gx5108",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "malware analysis appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "4.1.1"
},
{
"model": "10.0-release-p2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "anyconnect secure mobility client",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "infosphere master data management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "i v5r4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "storevirtual 1tb mdl china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.6"
},
{
"model": "storevirtual fc 900gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433011.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "9.3"
},
{
"model": "security network intrusion prevention system gx5008",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "usg9500 usg9500 v200r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual china hybrid storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.5"
},
{
"model": "tssc",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"model": "softco v200r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "documentum content server sp2 p14",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "6.7"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.3.1"
},
{
"model": "s2750\u0026s5700\u0026s6700 v200r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "s2700\u0026s3700 v100r006c05+v100r06h",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor s6800t v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fortiap",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "0"
},
{
"model": "tivoli workload scheduler for applications",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "storevirtual 4tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.6"
},
{
"model": "big-ip psm",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "storevirtual 900gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.5"
},
{
"model": "ecns600 v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "telepresence mcu series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "web gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.4.2.1"
},
{
"model": "snapdrive for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.3"
},
{
"model": "storevirtual 900gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.0"
},
{
"model": "jabber voice for iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "prime network services controller",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asg2000 v100r001c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "idp 5.1r4",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"model": "9.3-prerelease",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "i v5r3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "unified ip conference phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "88310"
},
{
"model": "project openssl 1.0.0e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "oic v100r001c00spc402",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "documentum content server",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "7.0"
},
{
"model": "security network intrusion prevention system gx4004",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "security network intrusion prevention system gv1000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "icewall sso dfw",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0"
},
{
"model": "s7700\u0026s9700 v200r005+v200r005hp0",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "nac manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "smc2.0 v100r002c01b017sp17",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "463012.6"
},
{
"model": "storevirtual 450gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.5"
},
{
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "9.2-releng",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "hardware management console release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v77.8"
},
{
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.6.5"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "hardware management console release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v77.7"
},
{
"model": "8.4-releng",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "dsr-1000 1.09.b61",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.10"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.13"
},
{
"model": "aura collaboration environment",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "security network intrusion prevention system gx7800",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "insight control server deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.2"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "1.0.4"
},
{
"model": "big-ip afm",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8x"
},
{
"model": "vtm v100r001c30",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "logcenter v200r003c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor s5500t v100r005c30spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "security network intrusion prevention system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.6.1"
},
{
"model": "storevirtual fc 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473011.5"
},
{
"model": "storevirtual 2tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.5"
},
{
"model": "dynamic system analysis",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.61"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.4.1"
},
{
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "storevirtual 1tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.5"
},
{
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "99510"
},
{
"model": "storevirtual hybrid storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.0"
},
{
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "89450"
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.8"
},
{
"model": "telepresence supervisor mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "80500"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.2.0.9"
},
{
"model": "puredata system for operational analytics a1791",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "usg2000 v300r001c10sph201",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "dsm v100r002c05spc615",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "icewall sso dfw",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.0"
},
{
"model": "storevirtual 900gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.6"
},
{
"model": "insight control server deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "espace u2980 v100r001 v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.3"
},
{
"model": "project openssl 0.9.8t",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "cloudburst",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.5"
},
{
"model": "big-ip apm",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.0"
},
{
"model": "tivoli netcool/system service monitor fp8",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "big-ip asm",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "storevirtual 600gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.5"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "2.1.5"
},
{
"model": "storevirtual 3tb mdl sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.5"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"model": "service delivery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"model": "enterprise content management system monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "storevirtual 900gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.5"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.3.2.6"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "s7700\u0026s9700 v200r005",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "ecns600 v100r002c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "application networking manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "8.4-rc2-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "icewall sso certd r3",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0"
},
{
"model": "oceanstor s2600t v100r005c30spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace u19** v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "project openssl 1.0.0c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "storevirtual 450gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.5"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "webex meetings server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "spa112 2-port phone adapter",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "idp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "4.2"
},
{
"model": "spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tivoli workload scheduler distributed fp03",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "universal small cell series software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "70003.4.20"
},
{
"model": "project openssl 1.0.1h",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "storevirtual vsa software",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "12.5"
},
{
"model": "paging server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storevirtual 450gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.5"
},
{
"model": "oceanstor s5600t v100r005c30spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "data ontap smi-s agent",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "9.2-rc1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "ace application control engine module ace20",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "jabber for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "cloud manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.4.1"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.1.5.2"
},
{
"model": "storevirtual china hybrid san solution",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.5"
},
{
"model": "psb email and server security",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "10.00"
},
{
"model": "blackberry os",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "10.1.0.1880"
},
{
"model": "hyperdp oceanstor n8500 v200r001c09",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.3"
},
{
"model": "telepresence video communication server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "3.1.10"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"model": "blackberry os",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "10.1.0.2354"
},
{
"model": "agent desktop for cisco unified contact center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "toolscenter suite",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.53"
},
{
"model": "8.4-stable",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "telepresence ip vcr series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11000"
},
{
"model": "unified communications series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5000"
},
{
"model": "telepresence sx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "8.4-release-p12",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "netcool/system service monitor fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.014"
},
{
"model": "hyperdp v200r001c91spc201",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "idp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "4.1"
},
{
"model": "unified attendant console",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.0f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "dsr-500 1.09.b61",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "99710"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "s3900 v100r005",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor s5600t v100r005",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual fc 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.0"
},
{
"model": "documentum content server sp1 p26",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "6.7"
},
{
"model": "tivoli management framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.1"
},
{
"model": "chrome for android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "18.0"
},
{
"model": "infosphere master data management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.3"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"model": "9.2-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.6"
},
{
"model": "security information and event management hf11",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.3.2"
},
{
"model": "tivoli netcool/system service monitor fp4",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "snapdrive for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "ftp server",
"scope": "ne",
"trust": 0.3,
"vendor": "cerberus",
"version": "7.0.0.3"
},
{
"model": "storevirtual 2tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.0"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.12"
},
{
"model": "ata analog telephone adaptor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1870"
},
{
"model": "project openssl 1.0.0j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "eupp v100r001c01spc101",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "ace application control engine module ace10",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 1.0.0b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.1"
},
{
"model": "ecns600 v100r003c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "expressway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storevirtual 600gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.6"
},
{
"model": "storevirtual 1tb mdl sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.0"
},
{
"model": "aura experience portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "proventia network security controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1209"
},
{
"model": "storevirtual 450gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.6"
},
{
"model": "oceanstor s2600t v100r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.0"
},
{
"model": "ssl for openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.4-471"
},
{
"model": "storevirtual 450gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.6"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.3"
},
{
"model": "security information and event management",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.3"
},
{
"model": "storevirtual 3tb mdl sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.0"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.1.2"
},
{
"model": "smartcloud entry",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "3.1.12"
},
{
"model": "tivoli netcool/system service monitor fp9",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "tivoli workload scheduler distributed fp07",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "storevirtual 450gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.0"
},
{
"model": "smart update manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3.1"
},
{
"model": "manageone v100r002c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "463011.5"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "storevirtual 450gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.0"
},
{
"model": "ave2000 v100r001c00sph001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "security information and event management ga",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.4.0"
},
{
"model": "svn2200 v200r001c01hp0001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "8.4-beta1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "storevirtual fc 900gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.0"
},
{
"model": "esight-ewl v300r001c10spc300",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "ave2000 v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "tsm v100r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "project openssl beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0"
},
{
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.0"
},
{
"model": "usg9500 v300r001c01spc300",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 900gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.6"
},
{
"model": "tivoli netcool/system service monitor fp5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "snapdrive for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"model": "fortios b064",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "2.1.5-1"
},
{
"model": "documentum content server sp2 p15",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "6.7"
},
{
"model": "usg9500 v300r001c20sph102",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "tivoli workload scheduler for applications fp01",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "9.2-release-p5",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "storevirtual fc 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433011.5"
},
{
"model": "big-ip link controller",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "storevirtual 1tb mdl sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.5"
},
{
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "fortios",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.8"
},
{
"model": "asa cx context-aware security",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storevirtual 450gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.6"
},
{
"model": "10.0-rc2-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "tivoli workload scheduler distributed fp02",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "telepresence integrator c series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.4.13"
},
{
"model": "project openssl 1.0.1d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.5"
},
{
"model": "unified im and presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "8.4-prerelease",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473011.5"
},
{
"model": "usg9300 v200r001c01sph902",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "security network intrusion prevention system gv200",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "open systems snapvault",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.6"
},
{
"model": "elog v100r003c01spc503",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "8.4-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "anyoffice v200r002c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "463012.5"
},
{
"model": "nac appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60000"
},
{
"model": "digital media players series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "43000"
},
{
"model": "hardware management console release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v77.6"
},
{
"model": "vpn client v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "telepresence server on multiparty media",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3100"
},
{
"model": "metro ethernet series access devices",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "12000"
},
{
"model": "storevirtual 1tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.6"
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.6"
},
{
"model": "s5900 v100r005",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "13.10"
},
{
"model": "prime network",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "s6900 v100r005",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "ecns610 v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.0.0"
},
{
"model": "storevirtual hybrid storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.5"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "storevirtual 3tb mdl sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453012.6"
},
{
"model": "snapdrive for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "storevirtual fc 900gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.5"
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "blackberry enterprise service",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "10.1.0"
},
{
"model": "storevirtual 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.5"
},
{
"model": "9.2-release-p8",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "fusionsphere v100r003",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.1"
},
{
"model": "usg9500 usg9500 v300r001c20",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "tsm v100r002c07spc219",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace u2990 v200r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "big-ip pem",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "prime infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "protection service for email",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "7.5"
},
{
"model": "espace iad v300r002c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "proventia network security controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.913"
},
{
"model": "ace application control engine appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "9.1-rc1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "documentum content server sp1 p28",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "6.7"
},
{
"model": "telepresence isdn gw",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "32410"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.2.3"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "prime collaboration provisioning",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5"
},
{
"model": "stunnel",
"scope": "eq",
"trust": 0.3,
"vendor": "stunnel",
"version": "5.01"
},
{
"model": "oceanstor s5600t v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace iad v300r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "security network intrusion prevention system gx7412-10",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "storevirtual fc 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.6"
},
{
"model": "telepresence ex series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storevirtual 900gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473011.5"
},
{
"model": "telepresence server on virtual machine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"model": "oceanstor s6800t v100r005c30spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "manageone v100r001c02 spc901",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "security information and event management",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.2"
},
{
"model": "9.2-rc3-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "2.1.5-2"
},
{
"model": "tivoli network manager ip edition fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.94"
},
{
"model": "project openssl 1.0.0m",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "big-ip apm",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.0"
},
{
"model": "open systems snapvault",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.6.1"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "oceanstor s2600t v100r005",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "security network intrusion prevention system gx5008-v2",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "dsr-500n rev. a1",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "s2750\u0026s5700\u0026s6700 v200r003",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor s5800t v100r005",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "security network intrusion prevention system gx4002",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.0"
},
{
"model": "email and server security",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "11.00"
},
{
"model": "oceanstor s5800t v100r005c30spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "big-ip analytics",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "psb email and server security",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "9.20"
},
{
"model": "isoc v200r001c02spc202",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "9000"
},
{
"model": "ios xr software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storevirtual 2tb mdl sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453011.5"
},
{
"model": "9.2-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "big-ip apm",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "413011.5"
},
{
"model": "unified series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "79000"
},
{
"model": "ons series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "154000"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "aura experience portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "tivoli netcool/system service monitor fp3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "unified intelligent contact management enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "nip2000\u00265000 v100r002c10spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "hyperdp v200r001c09spc501",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "sterling b2b integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"model": "icewall sso dfw r3",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0"
},
{
"model": "release-p5",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "9.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "anyconnect secure mobility client for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "9.1-release-p14",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "9.1-release-p3",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "chrome for android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "33.0.1750.166"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "eupp v100r001c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0"
},
{
"model": "toolscenter suite",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.52"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3"
},
{
"model": "version control agent",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"model": "dsr-500 rev. a1",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.0.3"
},
{
"model": "guardium database activity monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "2.1.2"
},
{
"model": "policy center v100r003c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453011.5"
},
{
"model": "project openssl 0.9.8o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "sdk for node.js",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.0.2"
},
{
"model": "telepresence",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "13100"
},
{
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"model": "project openssl 1.0.1b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.0.0k",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "director",
"scope": "eq",
"trust": 0.3,
"vendor": "bluecoat",
"version": "5.4"
},
{
"model": "storevirtual 3tb mdl sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453011.5"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"model": "tandberg mxp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9900"
},
{
"model": "updatexpress system packs installer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.60"
},
{
"model": "oceanstor s5800t v100r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"model": "blackberry os",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "10.1"
},
{
"model": "jabber for mac",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "usg2000 v300r001c10spc200",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "d9036 modular encoding platform",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "video surveillance 4300e/4500e high-definition ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "smart update manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "6.4.1"
},
{
"model": "storevirtual 450gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453011.5"
},
{
"model": "10.0-rc1-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "storevirtual 600gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "413012.5"
},
{
"model": "blackberry os",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "10.0.92743"
},
{
"model": "unified series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "69000"
},
{
"model": "tivoli netcool/system service monitor fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "storevirtual 450gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "453011.5"
},
{
"model": "oceanstor s5600t v100r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "10.0-stable",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "tivoli netcool/system service monitor fp7",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.6.7"
},
{
"model": "sterling b2b integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "storevirtual 900gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "473012.0"
},
{
"model": "jabber video for ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tssc",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.15"
},
{
"model": "icewall mcrp",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1"
},
{
"model": "snapdrive for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.1"
},
{
"model": "tivoli composite application manager for transactions",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.0"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"model": "guardium database activity monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.3.2.2"
},
{
"model": "unified communications manager session management edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"model": "chrome for android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "31.0.1650.59"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "snapdrive for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "operations analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1"
},
{
"model": "8.4-release-p7",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "video surveillance ptz ip cameras",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "project openssl 0.9.8s",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "webex connect client for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "snapdrive for unix",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "telepresence serial gateway series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1"
},
{
"model": "9.1-release-p10",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "elog v100r003c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "security module for cisco network registar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ata series analog telephone adaptor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1900"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.5"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "4.6"
},
{
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "89610"
},
{
"model": "cognos planning fp3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"model": "open systems snapvault",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "storevirtual fc 900gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.0"
},
{
"model": "project openssl 0.9.8za",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "blackberry enterprise service",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "10.2.0"
},
{
"model": "storevirtual 450gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433011.5"
},
{
"model": "telepresence system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "500-320"
},
{
"model": "chrome for android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "35.0"
},
{
"model": "storevirtual hybrid storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433512.6"
},
{
"model": "email and server security",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "10.00"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "security network intrusion prevention system gx5108-v2",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "softco v200r001c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "9.2-prerelease",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "storevirtual 450gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433011.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"model": "big-ip gtm",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "s6900 v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0.00"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "svn5500 v200r001c01hp0001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "infosphere master data management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "413012.6"
},
{
"model": "prime lan management solution",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "epolicy orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "5.1"
},
{
"model": "proventia network security controller 1.0.3350m",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "9.1-releng",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "8.4-release-p3",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "agent desktop for cisco unified contact center enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "dsm v100r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "cms r17ac.h",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "agile controller v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "nip2000\u00265000 v100r002c10hp0001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "telepresence mx series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "tapi service provider",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "insight control server deployment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"model": "infosphere master data management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "storevirtual 1tb mdl china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433012.0"
},
{
"model": "tivoli workload scheduler distributed fp04",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "telepresence system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "500-370"
},
{
"model": "oceanstor s5800t v100r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "oceanstor s5500t v100r002",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "css series content services switches",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "115000"
},
{
"model": "blackberry os",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "10.0.10"
},
{
"model": "telepresence isdn gw mse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "83210"
},
{
"model": "ucs central",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "telepresence profile series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "smc2.0 v100r002c01b017sp16",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "emergency responder",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "web gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "mcafee",
"version": "7.3.2.10"
},
{
"model": "espace iad v300r001c07",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "storevirtual 900gb sas storage/s-buy",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433011.5"
},
{
"model": "security network intrusion prevention system gx7412-05",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "dynamic system analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.60"
},
{
"model": "icewall mcrp",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0"
},
{
"model": "s7700\u0026s9700 v200r003",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "9.2-rc1-p2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "storevirtual 600gb sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "413012.5"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.3"
},
{
"model": "open source security information management",
"scope": "eq",
"trust": 0.3,
"vendor": "alienvault",
"version": "1.0.6"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "freedome for android",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "0"
},
{
"model": "fortios b0630",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.8"
},
{
"model": "proventia network security controller",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1768"
},
{
"model": "physical access gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "storevirtual 450gb china sas storage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "433011.5"
},
{
"model": "dsr-1000 rev. a1",
"scope": null,
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "nac guest server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "session border controller enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "s7700\u0026s9700 v200r001",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "version control repository manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.4"
},
{
"model": "dsr-1000n 1.09.b61",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": null
},
{
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "89410"
},
{
"model": "9.3-beta1",
"scope": "ne",
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"model": "unity connection",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "project openssl 0.9.8u",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "isoc v200r001c01spc101",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "5000"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "9.1"
},
{
"model": "idp",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "5.1"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"model": "documentum content server sp2 p16",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "6.7"
},
{
"model": "oceanstor s2200t v100r005c30spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "prime network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "espace usm v100r001c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "project openssl 1.0.0a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "icewall sso dfw r1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-173"
},
{
"db": "BID",
"id": "67900"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002765"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-078"
},
{
"db": "NVD",
"id": "CVE-2014-0195"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:api_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:infosphere_master_data_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:initiate_master_data_service",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:java_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:smartcloud_orchestrator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:smartcloud_provisioning",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:tivoli_management_framework",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:tivoli_workload_scheduler",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:tivoli_composite_application_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:openssl:openssl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:virtualization_secure_global_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:vm_virtualbox",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:redhat:storage",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:hitachi:l20_300",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:hitachi:lto6_drive",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:hitachi:lx_30a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:integrated_system_ha_database_ready",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:symfoware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002765"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "J\u00fcri Aedla",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-173"
}
],
"trust": 0.7
},
"cve": "CVE-2014-0195",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-0195",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0195",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0195",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-0195",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2014-0195",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201406-078",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-0195",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-173"
},
{
"db": "VULMON",
"id": "CVE-2014-0195"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002765"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-078"
},
{
"db": "NVD",
"id": "CVE-2014-0195"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DTLS packets. The issue lies in the assumption that all fragments specify the same message size. An attacker could leverage this vulnerability to execute code in the context of the process using OpenSSL. \nThe following are vulnerable:\nOpenSSL 0.9.8 prior to 0.9.8za\nOpenSSL 1.0.0 prior to 1.0.0m\nOpenSSL 1.0.1 prior to 1.0.1h. This\nupdate addresses the issues by updating PHP to version 5.4.30\nCVE-ID\nCVE-2013-7345\nCVE-2014-0185\nCVE-2014-0207\nCVE-2014-0237\nCVE-2014-0238\nCVE-2014-1943\nCVE-2014-2270\nCVE-2014-3478\nCVE-2014-3479\nCVE-2014-3480\nCVE-2014-3487\nCVE-2014-3515\nCVE-2014-3981\nCVE-2014-4049\n\nBluetooth\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A validation issue existed in the handling of a\nBluetooth API call. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-4390 : Ian Beer of Google Project Zero\n\nCoreGraphics\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or an information disclosure\nDescription: An out of bounds memory read existed in the handling of\nPDF files. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with\nthe iSIGHT Partners GVP Program\n\nCoreGraphics\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An integer overflow existed in the handling of PDF\nfiles. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with\nthe iSIGHT Partners GVP Program\n\nFoundation\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: An application using NSXMLParser may be misused to disclose\ninformation\nDescription: An XML External Entity issue existed in NSXMLParser\u0027s\nhandling of XML. This issue was addressed by not loading external\nentities across origins. \nCVE-ID\nCVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)\n\nIntel Graphics Driver\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: Compiling untrusted GLSL shaders may lead to an unexpected\napplication termination or arbitrary code execution\nDescription: A user-space buffer overflow existed in the shader\ncompiler. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4393 : Apple\n\nIntel Graphics Driver\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: Multiple validation issues existed in some integrated\ngraphics driver routines. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4394 : Ian Beer of Google Project Zero\nCVE-2014-4395 : Ian Beer of Google Project Zero\nCVE-2014-4396 : Ian Beer of Google Project Zero\nCVE-2014-4397 : Ian Beer of Google Project Zero\nCVE-2014-4398 : Ian Beer of Google Project Zero\nCVE-2014-4399 : Ian Beer of Google Project Zero\nCVE-2014-4400 : Ian Beer of Google Project Zero\nCVE-2014-4401 : Ian Beer of Google Project Zero\nCVE-2014-4416 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A null pointer dereference existed in the handling of\nIOKit API arguments. This issue was addressed through improved\nvalidation of IOKit API arguments. \nCVE-ID\nCVE-2014-4376 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An out-of-bounds read issue existed in the handling of\nan IOAcceleratorFamily function. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-4402 : Ian Beer of Google Project Zero\n\nIOHIDFamily\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A local user can read kernel pointers, which can be used to\nbypass kernel address space layout randomization\nDescription: An out-of-bounds read issue existed in the handling of\nan IOHIDFamily function. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2014-4379 : Ian Beer of Google Project Zero\n\nIOKit\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A validation issue existed in the handling of certain\nmetadata fields of IODataQueue objects. This issue was addressed\nthrough improved validation of metadata. \nCVE-ID\nCVE-2014-4388 : @PanguTeam\n\nIOKit\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: An integer overflow existed in the handling of IOKit\nfunctions. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4389 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: A local user can infer kernel addresses and bypass kernel\naddress space layout randomization\nDescription: In some cases, the CPU Global Descriptor Table was\nallocated at a predictable address. This issue was addressed through\nalways allocating the Global Descriptor Table at random addresses. \nCVE-ID\nCVE-2014-4403 : Ian Beer of Google Project Zero\n\nLibnotify\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 to 10.9.4\nImpact: A malicious application may be able to execute arbitrary\ncode with root privileges\nDescription: An out-of-bounds write issue existed in Libnotify. This\nissue was addressed through improved bounds checking\nCVE-ID\nCVE-2014-4381 : Ian Beer of Google Project Zero\n\nOpenSSL\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact: Multiple vulnerabilities in OpenSSL 0.9.8y, including one\nthat may lead to arbitrary code execution\nDescription: Multiple vulnerabilities existed in OpenSSL 0.9.8y. \nCVE-ID\nCVE-2014-0076\nCVE-2014-0195\nCVE-2014-0221\nCVE-2014-0224\nCVE-2014-3470\n\nQT Media Foundation\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nRLE encoded movie files. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2014-1391 : Fernando Munoz working with iDefense VCP, Tom\nGallagher \u0026 Paul Bates working with HP\u0027s Zero Day Initiative\n\nQT Media Foundation\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact: Playing a maliciously crafted MIDI file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of MIDI\nfiles. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-4350 : s3tm3m working with HP\u0027s Zero Day Initiative\n\nQT Media Foundation\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nthe \u0027mvhd\u0027 atoms. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-4979 : Andrea Micalizzi aka rgod working with HP\u0027s Zero Day\nInitiative\n\nruby\nAvailable for: OS X Mavericks 10.9 to 10.9.4\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A heap buffer overflow existed in LibYAML\u0027s handling of\npercent-encoded characters in a URI. This issue was addressed through\nimproved bounds checking. This update addresses the issues by\nupdating LibYAML to version 0.1.6\nCVE-ID\nCVE-2014-2525\n\n\nNote: OS X Mavericks 10.9.5 includes the security content of\nSafari 7.0.6: http://support.apple.com/kb/HT6367\n\nOS X Mavericks v10.9.5 and Security Update 2014-004 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJUGkP0AAoJEBcWfLTuOo7tygQP/1vHYXtWy6492Tjj6ycymWa+\nCt0eCCBU/AUi5ODNDeV9ddWkuFeXKbgQSHoPU19IPcIBAKnYUupVJSJ/cEHfSthh\nCiROjJw8Bt8comn04BgggHieLveN1xQCXQDcO29kBIpQr394XKS0lNXP//Z0oG5V\nsCnEDPz/0R92mwT5XkKD9WC7G/WjybS5V7BjEbdzDOn4qdTVje05xI5pof+fkeQ1\nhFHo7uTCDkSzLH2YxrQHifNVyItz8AgnNHwH7zc6XmNtiNFkiFP/KU6BYyr8WiTQ\nJb3pyLB/Xvmbd0kuETnDNvV0oJc88G38a++xZPnuM7zQrW/TQkkKQpiqKtYAiJuw\nZhUoky620/7HULegcYtsTyuDFyEN6whdSmHLFCJzk2oZXZ7MPA8ywCFB8Y79rohW\n5MTe/zVUSxxYBgVXpkmhPwXYSTINeUJGJA1RQtXhC2Hh6O2jeqJP2H0hTmgsCBRA\n3X/2CGoyAAgoKTJwgXk07tBbJWf+wQwAvUN9L1Yph+uOvvUzqFt8LNEGw9jVPsZl\nQHcSEW/Ef/HK/OLwVZiPqse6lRJAdRZl5//vm4408jnXfJCy6KnvxcsO4Z1yTyoP\nkCXdWlSLBiidcRRWBfoQBSC3gANcx9a56ItWieEvJrdNOiyhb+gqEk7XraOlb/gf\nk4w2RKNm0Fv+kdNoFAnd\n=gpVc\n-----END PGP SIGNATURE-----\n\n. \nOpenSSL is a 3rd party product that is embedded with some HP Software\nproducts. The bulletin does not apply to any other 3rd party application\n(e.g. operating system, web server, or application server) that may be\nrequired to be installed by the customer according instructions in the\nproduct install guide. ============================================================================\nUbuntu Security Notice USN-2232-4\nAugust 18, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 10.04 LTS\n\nSummary:\n\nUSN-2232-1 introduced a regression in OpenSSL. One of the patch backports for\nUbuntu 10.04 LTS caused a regression for certain applications. This update\nfixes the problem. \n\nWe apologize for the inconvenience. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and\n Ubuntu 14.04 LTS. (CVE-2014-0195)\n Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. \n (CVE-2014-0224)\n Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled\n anonymous ECDH ciphersuites. This issue only\n affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. \n (CVE-2014-3470)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 10.04 LTS:\n libssl0.9.8 0.9.8k-7ubuntu8.21\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. \n\nCVE-2014-0221\n\n Imre Rad discovered the processing of DTLS hello packets is \n susceptible to denial of service. \n\nAdditional information can be found at \nhttp://www.openssl.org/news/secadv_20140605.txt\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u10. You can use the tool checkrestart from the package\ndebian-goodies to detect affected programs or reboot your system. There\u0027s\nalso a forthcoming security update for the Linux kernel later the day\n(CVE-2014-3153), so you need to reboot anyway. Perfect timing, isn\u0027t it?\n\nFor the unstable distribution (sid), these problems will be fixed soon. \nCorrected: 2014-06-05 12:32:38 UTC (stable/10, 10.0-STABLE)\n 2014-06-05 12:33:23 UTC (releng/10.0, 10.0-RELEASE-p5)\n 2014-06-05 12:53:06 UTC (stable/9, 9.3-BETA1)\n 2014-06-05 12:53:06 UTC (stable/9, 9.3-BETA1-p2)\n 2014-06-05 12:33:23 UTC (releng/9.2, 9.2-RELEASE-p8)\n 2014-06-05 12:33:23 UTC (releng/9.1, 9.1-RELEASE-p15)\n 2014-06-05 12:32:38 UTC (stable/8, 8.4-STABLE)\n 2014-06-05 12:33:23 UTC (releng/8.4, 8.4-RELEASE-p12)\nCVE Name: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII. [CVE-2014-3470]\n\nIII. [CVE-2014-3470]\n\nIV. Workaround\n\nNo workaround is available. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.0]\n# fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-10.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-10.patch.asc\n# gpg --verify openssl-10.patch.asc\n\n[FreeBSD 9.x and 8.x]\n# fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-9.patch\n# fetch http://security.FreeBSD.org/patches/SA-14:14/openssl-9.patch.asc\n# gpg --verify openssl-9.patch.asc\n\nb) Apply the patch. Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\n3) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nVI. Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/8/ r267103\nreleng/8.4/ r267104\nstable/9/ r267106\nreleng/9.1/ r267104\nreleng/9.2/ r267104\nstable/10/ r267103\nreleng/10.0/ r267104\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:http://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). NOTE: this issue\n became relevant after the CVE-2014-3568 fix (CVE-2014-3569). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate\u0026#039;s unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a CertificateVerify\n message, which allows remote attackers to obtain access without\n knowledge of a private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority with DH support\n (CVE-2015-0205). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/openssl \u003c 1.0.1h-r1 *\u003e= 0.9.8z_p5\n *\u003e= 0.9.8z_p4\n *\u003e= 0.9.8z_p1\n *\u003e= 0.9.8z_p3\n *\u003e= 0.9.8z_p2\n *\u003e= 1.0.0m\n \u003e= 1.0.1h-r1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1h-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-5298\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298\n[ 2 ] CVE-2014-0195\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195\n[ 3 ] CVE-2014-0198\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198\n[ 4 ] CVE-2014-0221\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221\n[ 5 ] CVE-2014-0224\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224\n[ 6 ] CVE-2014-3470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470\n[ 7 ] OpenSSL Security Advisory [05 Jun 2014]\n http://www.openssl.org/news/secadv_20140605.txt\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201407-05.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2014:0625-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0625.html\nIssue date: 2014-06-05\nCVE Names: CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 \n CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues. \nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470. \n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1087195 - CVE-2010-5298 openssl: freelist misuse causing a possible use-after-free\n1093837 - CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()\n1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability\n1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake\n1103598 - CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment\n1103600 - CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.14.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\n\nppc64:\nopenssl-1.0.1e-16.el6_5.14.ppc.rpm\nopenssl-1.0.1e-16.el6_5.14.ppc64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.ppc.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.ppc.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-16.el6_5.14.s390.rpm\nopenssl-1.0.1e-16.el6_5.14.s390x.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.s390.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.s390.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.14.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.ppc64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.s390x.rpm\nopenssl-static-1.0.1e-16.el6_5.14.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.14.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2010-5298.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0195.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0198.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0221.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0224.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3470.html\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/site/articles/904433\nhttps://access.redhat.com/site/solutions/905793\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTkGAKXlSAg2UNWIIRAnrwAJ9sLrj3wCAZhJU00jxgt03unDAHywCfVjUB\npJJhdOUzRUL8R2haDM4xrsk=\n=hZF8\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. These vulnerabilities include: \n\n* The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"POODLE\", which could be exploited remotely\nresulting in disclosure of information. \n\n - HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2010-5298\n 4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\n 4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)\n\n CVE-2014-0076\n 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)\n\n CVE-2014-0195\n 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0198\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n CVE-2014-0221\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n CVE-2014-0224\n 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2014-3470\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n CVE-2014-3566\n 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N\n 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n CVE-2016-0705\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE recommends applying the following software updates to resolve the\nvulnerabilities in the impacted versions of HPE StoreVirtual products running\nHPE LeftHand OS. \n\nLeftHand OS v11.5 - Patches 45019-00 and 45020 \nLeftHand OS v12.0 - Patches 50016-00 and 50017-00 \nLeftHand OS v12.5 - Patch 55016-00 \nLeftHand OS v12.6 - Patch 56002-00 \n\n**Notes:**\n\nThese patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision\nto OpenSSL v1.0.1e 48. \nThese patches migrate Certificate Authority Hashing Algorithm from a weak\nhashing algorithm SHA1 to the stronger hashing algorithm SHA256. The impacted products\nappear in the list below are vulnerable due to embedding of OpenSSL standard\nrelease software. \n\nRelease Date: 2014-08-08\nLast Updated: 2014-08-08\n\nPotential Security Impact: Remote denial of service (DoS), code execution,\nunauthorized access, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH), HP Smart Update Manager (SUM), and HP Version\nControl Agent (VCA) running on Linux and Windows. These components of HP\nInsight Control server deployment could be exploited remotely resulting in\ndenial of service (DoS), code execution, unauthorized access, or disclosure\nof information. \n\nHP Insight Control server deployment packages HP System Management Homepage\n(SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM)\nand deploys them through the following components. This bulletin provides the\ninformation needed to update the HP Insight Control server deployment\nsolution. \n\nInstall HP Management Agents for Windows x86/x64\nInstall HP Management Agents for RHEL 5 x64\nInstall HP Management Agents for RHEL 6 x64\nInstall HP Management Agents for SLES 10 x64\nInstall HP Management Agents for SLES 11 x64\nUpgrade Proliant Firmware\n\nReferences:\n\nCVE-2010-5298 Remote Denial of Service\nCVE-2014-0076 Unauthorized Disclosure of Information\nCVE-2014-0195 Remote Unauthorized Access\nCVE-2014-0198 Remote Denial of Service\nCVE-2014-0221 Remote Denial of Service (DoS)\nCVE-2014-0224 Remote Unauthorized Access or Disclosure of Information\nCVE-2014-3470 Remote Code Execution or Unauthorized Access\nSSRT101628\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0\nCVE-2014-0076 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates to v7.3.1 of HP Insight Control server\ndeployment to resolve this vulnerability. HP has provided manual update steps\nif a version upgrade is not possible; if users wish to remain at v7.1.2,\nv7.2.0, or v7.2.1. \n\nNote: It is important to check your current running version of HP Insight\nControl server deployment and to follow the correct steps listed below. For\nHP Insight Control server deployment v7.2.2, users must upgrade to v7.3.1 and\nfollow the steps below to remove the vulnerability. The vulnerability known\nas Heartbleed (CVE-2014-0160) was fixed in HP Insight Control server\ndeployment v7.3.1. That Security Bulletin with instructions on how to upgrade\nto v7.3.1 can be found here:\n\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n\na-c04267749\n\nHP Insight Control server deployment users of v7.1.2, v7.2.0, v7.2.1 should\ntake the following steps to remove this vulnerability. \n\nDelete the files smhamd64-*.exe/smhx86-*.exe\" from Component Copy Location\nlisted in the following table, rows 1 and 2. \nDelete the files \"vcax86-*.exe/vcaamd64-*.exe from Component Copy Location\nlisted in the following table, rows 3 and 4. \nDelete the files hpsmh-7.*.rpm\" from Component Copy Location listed in row 5. \nIn sequence, perform the steps from left to right in the following table. \nFirst, download components from Download Link; Second, rename the component\nas suggested in Rename to. Third, copy the component to the location\nspecified in Component Copy Location. \nTable Row Number\n Download Link\n Rename to\n Component Copy Location\n\n1\n http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba\n smhamd64-ccp023716.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n2\n http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05\n smhx86-cp023715.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n3\n http://www.hp.com/swpublishing/MTX-8aefeaf490284a7691eca97d13\n vcax86-cp023742.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n4\n http://www.hp.com/swpublishing/MTX-c0d32bac154a4d93839d8cd1f2\n vcaamd64-cp023743.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n5\n http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\nDownload and extract the HPSUM 5.3.6 component from\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p750586112/v99793\n\nCopy all content from extracted ZIP folder and paste into\n\\\\eXpress\\hpfeatures\\fw-proLiant\\components\nInitiate Install HP Management Agents for SLES 11 x64 on targets running\nSLES11 x64. \nInitiate Install HP Management Agents for SLES 10 x64 on targets running\nSLES10 x64. \nInitiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL\n6 x64. \nInitiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL\n5 x64. \nInitiate Install HP Management Agents for Windows x86/x64 on targets running\nWindows. \n\nHP Insight Control server deployment users with v7.2.2:\n\nPlease upgrade to Insight Control server deployment v7.3.1 and follow the\nsteps below for v7.3.1. \n\nHP Insight Control server deployment users with v7.3.1:\n\nPerform steps 1 - 4 as outlined above for users with HP Insight Control\nserver deployment v7.1.2, v7.2.0, and v7.2.1. \nDownload the HP SUM ZIP file from\nhttp://www.hp.com/swpublishing/MTX-f6c141a7feeb4a358bbb28300f\n\nExtract the contents from the HP SUM ZIP file to\n\\\\eXpress\\hpfeatures\\fw-proLiant\\components location on the Insight Control\nserver deployment server\n\nRelated security bulletins:\n\nFor System Management Homepage please see Security bulletin HPSBMU03051 https\n://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04\n345210\n\nFor HP Version Control Agent please see Security bulletin HPSBMU03057 https:/\n/h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c0434\n9897\n\nHISTORY\nVersion:1 (rev.1) - 8 August 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0195"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002765"
},
{
"db": "ZDI",
"id": "ZDI-14-173"
},
{
"db": "BID",
"id": "67900"
},
{
"db": "PACKETSTORM",
"id": "128315"
},
{
"db": "PACKETSTORM",
"id": "127421"
},
{
"db": "PACKETSTORM",
"id": "127917"
},
{
"db": "PACKETSTORM",
"id": "126937"
},
{
"db": "PACKETSTORM",
"id": "126957"
},
{
"db": "VULMON",
"id": "CVE-2014-0195"
},
{
"db": "PACKETSTORM",
"id": "131044"
},
{
"db": "PACKETSTORM",
"id": "127630"
},
{
"db": "PACKETSTORM",
"id": "126927"
},
{
"db": "PACKETSTORM",
"id": "140720"
},
{
"db": "PACKETSTORM",
"id": "127326"
},
{
"db": "PACKETSTORM",
"id": "127403"
},
{
"db": "PACKETSTORM",
"id": "126925"
},
{
"db": "PACKETSTORM",
"id": "127807"
}
],
"trust": 3.78
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0195",
"trust": 4.8
},
{
"db": "ZDI",
"id": "ZDI-14-173",
"trust": 2.1
},
{
"db": "BID",
"id": "67900",
"trust": 2.0
},
{
"db": "MCAFEE",
"id": "SB10075",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "59659",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "58977",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59310",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59305",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59189",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59721",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59587",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "58337",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59491",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59300",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "60571",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59287",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "58939",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59162",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "58743",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59449",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59364",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59990",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59192",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "58945",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59126",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "61254",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59175",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59655",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59451",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59429",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59040",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59306",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59518",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "58660",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59530",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59490",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59666",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59514",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59784",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "58615",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59188",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59413",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "58713",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "58883",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "58714",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59365",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59441",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59223",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59454",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59450",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59301",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59895",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59342",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59669",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59437",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59528",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1030337",
"trust": 1.7
},
{
"db": "JUNIPER",
"id": "JSA10629",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU93868849",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002765",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2304",
"trust": 0.7
},
{
"db": "LENOVO",
"id": "LEN-24443",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0696",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201406-078",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-094-04",
"trust": 0.4
},
{
"db": "DLINK",
"id": "SAP10045",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2014-0195",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "128315",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127421",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127917",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126937",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126957",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127807",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131044",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127630",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126927",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140720",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127326",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127403",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126925",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-173"
},
{
"db": "VULMON",
"id": "CVE-2014-0195"
},
{
"db": "BID",
"id": "67900"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002765"
},
{
"db": "PACKETSTORM",
"id": "128315"
},
{
"db": "PACKETSTORM",
"id": "127421"
},
{
"db": "PACKETSTORM",
"id": "127917"
},
{
"db": "PACKETSTORM",
"id": "126937"
},
{
"db": "PACKETSTORM",
"id": "126957"
},
{
"db": "PACKETSTORM",
"id": "127807"
},
{
"db": "PACKETSTORM",
"id": "131044"
},
{
"db": "PACKETSTORM",
"id": "127630"
},
{
"db": "PACKETSTORM",
"id": "126927"
},
{
"db": "PACKETSTORM",
"id": "140720"
},
{
"db": "PACKETSTORM",
"id": "127326"
},
{
"db": "PACKETSTORM",
"id": "127403"
},
{
"db": "PACKETSTORM",
"id": "126925"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-078"
},
{
"db": "NVD",
"id": "CVE-2014-0195"
}
]
},
"id": "VAR-201406-0137",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4114296536842106
},
"last_update_date": "2024-11-29T21:15:41.756000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DTLS invalid fragment vulnerability (CVE-2014-0195)",
"trust": 1.5,
"url": "http://www.openssl.org/news/secadv_20140605.txt"
},
{
"title": "HT6443",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6443"
},
{
"title": "HT6443",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6443?viewlocale=ja_JP"
},
{
"title": "KB36051",
"trust": 0.8,
"url": "http://www.blackberry.com/btsc/KB36051"
},
{
"title": "cisco-sa-20140605-openssl",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://fedoraproject.org/ja/"
},
{
"title": "Multiple Vulnerabilities in OpenSSL",
"trust": 0.8,
"url": "http://www.fortiguard.com/advisory/FG-IR-14-018/"
},
{
"title": "HIRT-PUB14010",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/hirt/publications/hirt-pub14010/index.html"
},
{
"title": "HPSBHF03293 SSRT101846",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04595951"
},
{
"title": "Once Bled, Twice Shy (OpenSSL: CVE-2014-0195)",
"trust": 0.8,
"url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Once-Bled-Twice-Shy-OpenSSL-CVE-2014-0195/ba-p/6501048#.U5ULr1SCgdU"
},
{
"title": "ZDI-14-173/CVE-2014-0195 - OpenSSL DTLS Fragment Out-of-Bounds Write: Breaking up is hard to do",
"trust": 0.8,
"url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002#.U5ULsVSCgdU"
},
{
"title": "1673137",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
},
{
"title": "1676035",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
},
{
"title": "1676062",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
},
{
"title": "1676419",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
},
{
"title": "1677695",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
},
{
"title": "1677828",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
},
{
"title": "1676128",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676128"
},
{
"title": "1678167",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
},
{
"title": "00001841",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
},
{
"title": "1678289",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
},
{
"title": "00001843",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
},
{
"title": "2079783",
"trust": 0.8,
"url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=2079783"
},
{
"title": "SB10075",
"trust": 0.8,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075"
},
{
"title": "Fix for CVE-2014-0195",
"trust": 0.8,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1632ef744872edc2aa2a53d487d3e79c965a4ad3"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2014",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html"
},
{
"title": "Bug 1103598",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103598"
},
{
"title": "SA80",
"trust": 0.8,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80"
},
{
"title": "Huawei-SA-20140613-OpenSSL",
"trust": 0.8,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
},
{
"title": "SOL15356: OpenSSL vulnerability CVE-2014-0195",
"trust": 0.8,
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15356.html"
},
{
"title": "January 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2015_critical_patch_update"
},
{
"title": "CVE-2014-0195 Buffer Errors vulnerability in OpenSSL",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0195_buffer_errors"
},
{
"title": "VMSA-2014-0012",
"trust": 0.8,
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"title": "OpenSSL\u306e\u8106\u5f31\u6027(CVE-2014-0224\u4ed6)\u306b\u3088\u308b\u30c6\u30fc\u30d7\u30e9\u30a4\u30d6\u30e9\u30ea\u88c5\u7f6e\u3078\u306e\u5f71\u97ff\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/openssl_cve20140224_tape_library.html"
},
{
"title": "cisco-sa-20140605-openssl",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/JP/112/1122/1122700_cisco-sa-20140605-openssl-j.html"
},
{
"title": "Symfoware Server: OpenSSL\u306e\u8106\u5f31\u6027(CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470)(2014\u5e747\u670815\u65e5)",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201404.html"
},
{
"title": "openssl-1.0.1h",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51081"
},
{
"title": "openssl-1.0.0m",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51080"
},
{
"title": "openssl-0.9.8za",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51079"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2014/07/25/how_long_is_too_long_to_wait_for_a_security_update/"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2014/06/06/thanks_for_nothing_openssl_cries_stonewalled_de_raadt/"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2014/06/05/openssl_bug_batch/"
},
{
"title": "Red Hat: CVE-2014-0195",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0195"
},
{
"title": "Ubuntu Security Notice: openssl regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2232-3"
},
{
"title": "Ubuntu Security Notice: openssl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2232-4"
},
{
"title": "Ubuntu Security Notice: openssl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2232-1"
},
{
"title": "Ubuntu Security Notice: openssl regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2232-2"
},
{
"title": "Debian Security Advisories: DSA-2950-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=909292f2afe623fbec51f7ab6b32f790"
},
{
"title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=07d14df4883f21063a053cea8d2239c6"
},
{
"title": "Amazon Linux AMI: ALAS-2014-349",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-349"
},
{
"title": "Symantec Security Advisories: SA80 : OpenSSL Security Advisory 05-Jun-2014",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=dd4667746d163d08265dfdd4c98e4201"
},
{
"title": "Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=eee4d8c3e2b11de5b15ee65d96af6c60"
},
{
"title": "Citrix Security Bulletins: Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=afbd3a710e98424e558b1b21482abad6"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "CVE-2014-0195",
"trust": 0.1,
"url": "https://github.com/ricedu/CVE-2014-0195 "
},
{
"title": "changelog",
"trust": 0.1,
"url": "https://github.com/securityrouter/changelog "
},
{
"title": "changelog",
"trust": 0.1,
"url": "https://github.com/halon/changelog "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/PotterXma/linux-deployment-standard "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/SF4bin/SEEKER_dataset "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/hrbrmstr/internetdb "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-173"
},
{
"db": "VULMON",
"id": "CVE-2014-0195"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002765"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-078"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002765"
},
{
"db": "NVD",
"id": "CVE-2014-0195"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.openssl.org/news/secadv_20140605.txt"
},
{
"trust": 2.6,
"url": "http://support.citrix.com/article/ctx140876"
},
{
"trust": 2.3,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
},
{
"trust": 2.3,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
},
{
"trust": 2.3,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0006.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/67900"
},
{
"trust": 2.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
},
{
"trust": 2.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21676793"
},
{
"trust": 2.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
},
{
"trust": 2.0,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa80"
},
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
},
{
"trust": 2.0,
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15356.html"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
},
{
"trust": 2.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
},
{
"trust": 2.0,
"url": "http://www.fortiguard.com/advisory/fg-ir-14-018/"
},
{
"trust": 2.0,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095757"
},
{
"trust": 2.0,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095756"
},
{
"trust": 2.0,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095755"
},
{
"trust": 2.0,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095754"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676644"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821"
},
{
"trust": 2.0,
"url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6"
},
{
"trust": 2.0,
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
},
{
"trust": 1.7,
"url": "http://h30499.www3.hp.com/t5/hp-security-research-blog/once-bled-twice-shy-openssl-cve-2014-0195/ba-p/6501048"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103598"
},
{
"trust": 1.7,
"url": "http://h30499.www3.hp.com/t5/hp-security-research-blog/zdi-14-173-cve-2014-0195-openssl-dtls-fragment-out-of-bounds/ba-p/6501002"
},
{
"trust": 1.7,
"url": "http://www.blackberry.com/btsc/kb36051"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59301"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59450"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59491"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59721"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59655"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59659"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59162"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59528"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/58939"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59666"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59587"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59126"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59490"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59514"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59669"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59413"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/58883"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59300"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59895"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59530"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59342"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59451"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/58743"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59990"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/60571"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59784"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht6443"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2014/dec/23"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=140499827729550\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
},
{
"trust": 1.7,
"url": "https://www.novell.com/support/kb/doc.php?id=7015271"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020163"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1030337"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:106"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/61254"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59518"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59454"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59449"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59441"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59437"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59429"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59365"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59364"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59310"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59306"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59305"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59287"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59223"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59192"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59189"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59188"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59175"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/59040"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/58977"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/58945"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/58714"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/58713"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/58660"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/58615"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/58337"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html"
},
{
"trust": 1.7,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
},
{
"trust": 1.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=1632ef744872edc2aa2a53d487d3e79c965a4ad3"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93868849/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0195"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298"
},
{
"trust": 0.6,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1632ef744872edc2aa2a53d487d3e79c965a4ad3"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/en/solutions/len-24443"
},
{
"trust": 0.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05301946"
},
{
"trust": 0.4,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0625.html"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.4,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.3,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10045"
},
{
"trust": 0.3,
"url": "http://www.cerberusftp.com/products/releasenotes.html"
},
{
"trust": 0.3,
"url": "http://googlechromereleases.blogspot.com/2014/06/chrome-for-android-update.html"
},
{
"trust": 0.3,
"url": "http://blogs.citrix.com/2014/06/06/citrix-security-advisory-for-openssl-vulnerabilities-june-2014/"
},
{
"trust": 0.3,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0195_buffer_errors"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2014/aug/att-93/esa-2014-079.txt"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678123"
},
{
"trust": 0.3,
"url": "http://www.openssl.org"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100181245"
},
{
"trust": 0.3,
"url": "http://www8.hp.com/us/en/software-solutions/operations-analytics-operations-analysis/"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21686583"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685551"
},
{
"trust": 0.3,
"url": "http://www.marshut.com/ixwnpv/stunnel-5-02-released.html"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100181099"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/mar/84"
},
{
"trust": 0.3,
"url": "http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=98ec479ee69ccb916d2ea4b09943faf5?nocount=true\u0026externalid=kb36051\u0026sliceid=1\u0026cmd=\u0026forward=nonthreadedkc\u0026command=show\u0026kcid=kb36051\u0026viewe"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04355095"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04343424"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04345210"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349175"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349789"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349897"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04363613"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368523"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04378799"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04379485"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04337774"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04336637"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678356"
},
{
"trust": 0.3,
"url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095940"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676889"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676673"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676041"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676128"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-14-173/"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020200"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676356"
},
{
"trust": 0.3,
"url": "http://forums.alienvault.com/discussion/3054/security-advisory-alienvault-v4-10-0-addresses-several-vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-345106.htm"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676793"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021009"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676840"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020163"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678104"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682023"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682025"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682024"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678289"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004695"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020976"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020952"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987"
},
{
"trust": 0.3,
"url": "http://www.ubuntu.com/usn/usn-2232-4/"
},
{
"trust": 0.2,
"url": "http://www.ubuntu.com/usn/usn-2232-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://github.com/ricedu/cve-2014-0195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-0195"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34546"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2232-3/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4378"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3487"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4379"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0238"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0185"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4376"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4377"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4350"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2525"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0237"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3480"
},
{
"trust": 0.1,
"url": "http://www.vsecurity.com/)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2270"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0207"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3515"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht6367"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3479"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1391"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4374"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3981"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/oo_00030"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1356843"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.21"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2232-4"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221\u003e"
},
{
"trust": 0.1,
"url": "http://www.freebsd.org/handbook/makeworld.html\u003e."
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-14:14/openssl-10.patch.asc"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-14:14/openssl-9.patch.asc"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-14:14/openssl-10.patch"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470\u003e"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/\u003e."
},
{
"trust": 0.1,
"url": "http://www.openssl.org/news/secadv_20140605.txt\u003e"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/advisories/freebsd-sa-14:14.openssl.asc\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195\u003e"
},
{
"trust": 0.1,
"url": "http://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-14:14/openssl-9.patch"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-f6c141a7feeb4a358bbb28300f"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-bd9a1cf60e344c549c4888db93"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-3395d737d98f42149125b9bb05"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-c0d32bac154a4d93839d8cd1f2"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-8aefeaf490284a7691eca97d13"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-e8076c2a35804685ad65b2b1ba"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204"
},
{
"trust": 0.1,
"url": "http://openssl.org/news/secadv_20150319.txt"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570"
},
{
"trust": 0.1,
"url": "http://openssl.org/news/secadv_20150108.txt"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3470"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-5298"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0221"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0198"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0224"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0195"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/solutions/905793"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0224.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/articles/11258"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0198.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/articles/904433"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-5298.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-3470.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0221.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0195.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "http://h17007.www1.hp.com/us/en/enterprise/servers/products/service_pack/hpsu"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/km01020441"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.18"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.14"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-173"
},
{
"db": "VULMON",
"id": "CVE-2014-0195"
},
{
"db": "BID",
"id": "67900"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002765"
},
{
"db": "PACKETSTORM",
"id": "128315"
},
{
"db": "PACKETSTORM",
"id": "127421"
},
{
"db": "PACKETSTORM",
"id": "127917"
},
{
"db": "PACKETSTORM",
"id": "126937"
},
{
"db": "PACKETSTORM",
"id": "126957"
},
{
"db": "PACKETSTORM",
"id": "127807"
},
{
"db": "PACKETSTORM",
"id": "131044"
},
{
"db": "PACKETSTORM",
"id": "127630"
},
{
"db": "PACKETSTORM",
"id": "126927"
},
{
"db": "PACKETSTORM",
"id": "140720"
},
{
"db": "PACKETSTORM",
"id": "127326"
},
{
"db": "PACKETSTORM",
"id": "127403"
},
{
"db": "PACKETSTORM",
"id": "126925"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-078"
},
{
"db": "NVD",
"id": "CVE-2014-0195"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-14-173"
},
{
"db": "VULMON",
"id": "CVE-2014-0195"
},
{
"db": "BID",
"id": "67900"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002765"
},
{
"db": "PACKETSTORM",
"id": "128315"
},
{
"db": "PACKETSTORM",
"id": "127421"
},
{
"db": "PACKETSTORM",
"id": "127917"
},
{
"db": "PACKETSTORM",
"id": "126937"
},
{
"db": "PACKETSTORM",
"id": "126957"
},
{
"db": "PACKETSTORM",
"id": "127807"
},
{
"db": "PACKETSTORM",
"id": "131044"
},
{
"db": "PACKETSTORM",
"id": "127630"
},
{
"db": "PACKETSTORM",
"id": "126927"
},
{
"db": "PACKETSTORM",
"id": "140720"
},
{
"db": "PACKETSTORM",
"id": "127326"
},
{
"db": "PACKETSTORM",
"id": "127403"
},
{
"db": "PACKETSTORM",
"id": "126925"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-078"
},
{
"db": "NVD",
"id": "CVE-2014-0195"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-05T00:00:00",
"db": "ZDI",
"id": "ZDI-14-173"
},
{
"date": "2014-06-05T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0195"
},
{
"date": "2014-06-05T00:00:00",
"db": "BID",
"id": "67900"
},
{
"date": "2014-06-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002765"
},
{
"date": "2014-09-19T15:26:13",
"db": "PACKETSTORM",
"id": "128315"
},
{
"date": "2014-07-11T21:04:18",
"db": "PACKETSTORM",
"id": "127421"
},
{
"date": "2014-08-18T23:09:13",
"db": "PACKETSTORM",
"id": "127917"
},
{
"date": "2014-06-05T19:57:42",
"db": "PACKETSTORM",
"id": "126937"
},
{
"date": "2014-06-05T21:06:55",
"db": "PACKETSTORM",
"id": "126957"
},
{
"date": "2014-08-08T21:53:16",
"db": "PACKETSTORM",
"id": "127807"
},
{
"date": "2015-03-27T20:42:44",
"db": "PACKETSTORM",
"id": "131044"
},
{
"date": "2014-07-28T20:36:25",
"db": "PACKETSTORM",
"id": "127630"
},
{
"date": "2014-06-05T15:17:27",
"db": "PACKETSTORM",
"id": "126927"
},
{
"date": "2017-01-25T21:54:44",
"db": "PACKETSTORM",
"id": "140720"
},
{
"date": "2014-07-02T21:43:37",
"db": "PACKETSTORM",
"id": "127326"
},
{
"date": "2014-07-09T17:11:19",
"db": "PACKETSTORM",
"id": "127403"
},
{
"date": "2014-06-05T15:14:53",
"db": "PACKETSTORM",
"id": "126925"
},
{
"date": "2014-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-078"
},
{
"date": "2014-06-05T21:55:06.147000",
"db": "NVD",
"id": "CVE-2014-0195"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-05T00:00:00",
"db": "ZDI",
"id": "ZDI-14-173"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0195"
},
{
"date": "2017-05-23T16:25:00",
"db": "BID",
"id": "67900"
},
{
"date": "2015-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002765"
},
{
"date": "2022-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-078"
},
{
"date": "2024-11-21T02:01:36.410000",
"db": "NVD",
"id": "CVE-2014-0195"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "127421"
},
{
"db": "PACKETSTORM",
"id": "127630"
},
{
"db": "PACKETSTORM",
"id": "127403"
},
{
"db": "PACKETSTORM",
"id": "126925"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-078"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL of d1_both.c of dtls1_reassemble_fragment Vulnerability in arbitrary code execution in function",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002765"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-078"
}
],
"trust": 0.6
}
}
var-202006-1807
Vulnerability from variot
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. Perl Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An input validation error vulnerability exists in Perl versions prior to 5.30.3. The vulnerability is caused by the program's incorrect handling of the \"PL_regkind[OP(n)] == NOTHING\" case.
Bug fix:
-
RHACM 2.0.8 images (BZ #1915461)
-
Bugs fixed (https://bugzilla.redhat.com/):
1915461 - RHACM 2.0.8 images 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/
Security fixes:
-
redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)
-
console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092)
-
console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918)
Bug fixes:
-
RHACM 2.2.4 images (BZ# 1957254)
-
Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832)
-
ACM Operator should support using the default route TLS (BZ# 1955270)
-
The scrolling bar for search filter does not work properly (BZ# 1956852)
-
Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)
-
The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181)
-
Unable to make SSH connection to a Bitbucket server (BZ# 1966513)
-
Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message
-
8.2) - aarch64, noarch, ppc64le, s390x, x86_64
Bug Fix(es):
-
[perl-net-ping] wrong return value on failing DNS name lookup (BZ#1973177)
-
Gentoo Linux Security Advisory GLSA 202006-03
https://security.gentoo.org/
Severity: Normal Title: Perl: Multiple vulnerabilities Date: June 12, 2020 Bugs: #723792 ID: 202006-03
Synopsis
Multiple vulnerabilities have been found in Perl, the worst of which could result in a Denial of Service condition.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-lang/perl < 5.30.3 >= 5.30.3
Description
Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Perl users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.30.3"
References
[ 1 ] CVE-2020-10543 https://nvd.nist.gov/vuln/detail/CVE-2020-10543 [ 2 ] CVE-2020-10878 https://nvd.nist.gov/vuln/detail/CVE-2020-10878 [ 3 ] CVE-2020-12723 https://nvd.nist.gov/vuln/detail/CVE-2020-12723
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202006-03
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . 7.4) - noarch, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: perl security update Advisory ID: RHSA-2021:0343-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0343 Issue date: 2021-02-02 CVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 ==================================================================== 1. Summary:
An update for perl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
Perl is a high-level programming language that is commonly used for system administration utilities and web programming.
Security Fix(es):
-
perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543)
-
perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (CVE-2020-10878)
-
perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (CVE-2020-12723)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1837975 - CVE-2020-10543 perl: heap-based buffer overflow in regular expression compiler leads to DoS 1837988 - CVE-2020-10878 perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS 1838000 - CVE-2020-12723 perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: perl-5.16.3-299.el7_9.src.rpm
noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm
x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: perl-5.16.3-299.el7_9.src.rpm
noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm
x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: perl-5.16.3-299.el7_9.src.rpm
noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm
ppc64: perl-5.16.3-299.el7_9.ppc64.rpm perl-Time-Piece-1.20.1-299.el7_9.ppc64.rpm perl-core-5.16.3-299.el7_9.ppc64.rpm perl-debuginfo-5.16.3-299.el7_9.ppc.rpm perl-debuginfo-5.16.3-299.el7_9.ppc64.rpm perl-devel-5.16.3-299.el7_9.ppc.rpm perl-devel-5.16.3-299.el7_9.ppc64.rpm perl-libs-5.16.3-299.el7_9.ppc.rpm perl-libs-5.16.3-299.el7_9.ppc64.rpm perl-macros-5.16.3-299.el7_9.ppc64.rpm
ppc64le: perl-5.16.3-299.el7_9.ppc64le.rpm perl-Time-Piece-1.20.1-299.el7_9.ppc64le.rpm perl-core-5.16.3-299.el7_9.ppc64le.rpm perl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm perl-devel-5.16.3-299.el7_9.ppc64le.rpm perl-libs-5.16.3-299.el7_9.ppc64le.rpm perl-macros-5.16.3-299.el7_9.ppc64le.rpm
s390x: perl-5.16.3-299.el7_9.s390x.rpm perl-Time-Piece-1.20.1-299.el7_9.s390x.rpm perl-core-5.16.3-299.el7_9.s390x.rpm perl-debuginfo-5.16.3-299.el7_9.s390.rpm perl-debuginfo-5.16.3-299.el7_9.s390x.rpm perl-devel-5.16.3-299.el7_9.s390.rpm perl-devel-5.16.3-299.el7_9.s390x.rpm perl-libs-5.16.3-299.el7_9.s390.rpm perl-libs-5.16.3-299.el7_9.s390x.rpm perl-macros-5.16.3-299.el7_9.s390x.rpm
x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: perl-debuginfo-5.16.3-299.el7_9.ppc64.rpm perl-tests-5.16.3-299.el7_9.ppc64.rpm
ppc64le: perl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm perl-tests-5.16.3-299.el7_9.ppc64le.rpm
s390x: perl-debuginfo-5.16.3-299.el7_9.s390x.rpm perl-tests-5.16.3-299.el7_9.s390x.rpm
x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: perl-5.16.3-299.el7_9.src.rpm
noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm
x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYBlBRdzjgjWX9erEAQgfWQ/+Pzq//upZZVPBq5+myRLRJCef7277Y+9k 54oh8wOTwtwEMs9ye5Y1FDmAxVd4fWX3JgAss1KE86Hhm5OoCX/FJ0/RGguMR1l2 qwmWtfGuZjrn1SmjdHlf8B/bC0f20IadUUbY/8clpFiMxe5V1g8s9ZgbHv/MBWnm Awac/6LPc7Eb24OnIuTKLYEcQRxuBG1KdikM1NN1uJU5WHkbhZfKWFMnjKihsPGp 42vnomd0P7RdXNc4FbuNlkm2iw04woJyz1AYPdScswWJqawQSbre6+3wpnHlWs4K RerhKZiJLJsC0XmSpma62I4kYbVlniYPcbrF4Zfo1j1vIIvjmOL26B/3JsUVtwfm AKVuAu8DbNIkdSo2CS2gauLWsykukprPx16X8n8Xlb9Kr9iL/r2/sI/jUGce+50S aoe2Hb40VIX6sHPLiEmWP0ufuoDxJZ2mY9mhqAMGt/xCPrZ/Pst0y4hewJVo2AIf /LG758/KJWYBx2ILfBwA07O829irVDnbw5blT47fS3qiqAzXRTp56xkCCnLQ0BGQ Ip3DFIwNVxznKYOgubXJBGl3xYHI+P/bu8tcCAYMaN4hAHdFrqJbPMNLLGf37L73 N83csDc07k/WsKua5atl3suUuYRWxSq6CnV9KNU4aUaKEmu+de+D2k34vn2+le0S HB63T1smQXA=Oj1P -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7) - aarch64, ppc64le, s390x
3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1807",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "communications lsms",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "communications performance intelligence center",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.0.1.0"
},
{
"model": "communications eagle application processor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.4.0"
},
{
"model": "sd-wan aware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "communications performance intelligence center",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.0.3.1"
},
{
"model": "tekelec platform distribution",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "perl",
"scope": "lt",
"trust": 1.0,
"vendor": "perl",
"version": "5.30.3"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "46.7"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "46.9"
},
{
"model": "communications performance intelligence center",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.0.0.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "communications performance intelligence center",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.0.2.1"
},
{
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "sd-wan aware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "tekelec platform distribution",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.7.1"
},
{
"model": "configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.2.0.8"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "46.8"
},
{
"model": "communications lsms",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "sd-wan aware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.2.0"
},
{
"model": "communications eagle application processor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "perl",
"scope": "eq",
"trust": 0.8,
"vendor": "the perl",
"version": "5.30.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006178"
},
{
"db": "NVD",
"id": "CVE-2020-10878"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:perl:perl",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006178"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "161656"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163586"
},
{
"db": "PACKETSTORM",
"id": "162245"
},
{
"db": "PACKETSTORM",
"id": "161255"
},
{
"db": "PACKETSTORM",
"id": "161843"
}
],
"trust": 0.6
},
"cve": "CVE-2020-10878",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-10878",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-006178",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-163400",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2020-10878",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-006178",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-10878",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006178",
"trust": 0.8,
"value": "High"
},
{
"author": "VULHUB",
"id": "VHN-163400",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-10878",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163400"
},
{
"db": "VULMON",
"id": "CVE-2020-10878"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006178"
},
{
"db": "NVD",
"id": "CVE-2020-10878"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. Perl Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An input validation error vulnerability exists in Perl versions prior to 5.30.3. The vulnerability is caused by the program\u0027s incorrect handling of the \\\"PL_regkind[OP(n)] == NOTHING\\\" case. \n\nBug fix:\n\n* RHACM 2.0.8 images (BZ #1915461)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1915461 - RHACM 2.0.8 images\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.4 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability\nengineers face as they work across a range of public and private cloud\nenvironments. \nClusters and applications are all visible and managed from a single\nconsole\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor\nthis release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* redisgraph-tls: redis: integer overflow when configurable limit for\nmaximum supported bulk input size is too big on 32-bit platforms\n(CVE-2021-21309)\n\n* console-header-container: nodejs-netmask: improper input validation of\noctal input data (CVE-2021-28092)\n\n* console-container: nodejs-is-svg: ReDoS via malicious string\n(CVE-2021-28918)\n\nBug fixes: \n\n* RHACM 2.2.4 images (BZ# 1957254)\n\n* Enabling observability for OpenShift Container Storage with RHACM 2.2 on\nOCP 4.7 (BZ#1950832)\n\n* ACM Operator should support using the default route TLS (BZ# 1955270)\n\n* The scrolling bar for search filter does not work properly (BZ# 1956852)\n\n* Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)\n\n* The proxy setup in install-config.yaml is not worked when IPI installing\nwith RHACM (BZ# 1960181)\n\n* Unable to make SSH connection to a Bitbucket server (BZ# 1966513)\n\n* Observability Thanos store shard crashing - cannot unmarshall DNS message\n(BZ# 1967890)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7\n1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory\n1954506 - [DDF] Table does not contain data about 20 clusters. Now it\u0027s difficult to estimate CPU usage with larger clusters\n1954535 - Reinstall Submariner - No endpoints found on one cluster\n1955270 - ACM Operator should support using the default route TLS\n1956852 - The scrolling bar for search filter does not work properly\n1957254 - RHACM 2.2.4 images\n1959426 - Limits on Length of MultiClusterObservability Resource Name\n1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. \n1963128 - [DDF] Please rename this to \"Amazon Elastic Kubernetes Service\"\n1966513 - Unable to make SSH connection to a Bitbucket server\n1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. \n1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message\n\n5. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nBug Fix(es):\n\n* [perl-net-ping] wrong return value on failing DNS name lookup\n(BZ#1973177)\n\n4. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202006-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Perl: Multiple vulnerabilities\n Date: June 12, 2020\n Bugs: #723792\n ID: 202006-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Perl, the worst of which\ncould result in a Denial of Service condition. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-lang/perl \u003c 5.30.3 \u003e= 5.30.3 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Perl. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Perl users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-lang/perl-5.30.3\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-10543\n https://nvd.nist.gov/vuln/detail/CVE-2020-10543\n[ 2 ] CVE-2020-10878\n https://nvd.nist.gov/vuln/detail/CVE-2020-10878\n[ 3 ] CVE-2020-12723\n https://nvd.nist.gov/vuln/detail/CVE-2020-12723\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202006-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. 7.4) - noarch, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: perl security update\nAdvisory ID: RHSA-2021:0343-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0343\nIssue date: 2021-02-02\nCVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723\n====================================================================\n1. Summary:\n\nAn update for perl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nPerl is a high-level programming language that is commonly used for system\nadministration utilities and web programming. \n\nSecurity Fix(es):\n\n* perl: heap-based buffer overflow in regular expression compiler leads to\nDoS (CVE-2020-10543)\n\n* perl: corruption of intermediate language state of compiled regular\nexpression due to integer overflow leads to DoS (CVE-2020-10878)\n\n* perl: corruption of intermediate language state of compiled regular\nexpression due to recursive S_study_chunk() calls leads to DoS\n(CVE-2020-12723)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1837975 - CVE-2020-10543 perl: heap-based buffer overflow in regular expression compiler leads to DoS\n1837988 - CVE-2020-10878 perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS\n1838000 - CVE-2020-12723 perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nppc64:\nperl-5.16.3-299.el7_9.ppc64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.ppc64.rpm\nperl-core-5.16.3-299.el7_9.ppc64.rpm\nperl-debuginfo-5.16.3-299.el7_9.ppc.rpm\nperl-debuginfo-5.16.3-299.el7_9.ppc64.rpm\nperl-devel-5.16.3-299.el7_9.ppc.rpm\nperl-devel-5.16.3-299.el7_9.ppc64.rpm\nperl-libs-5.16.3-299.el7_9.ppc.rpm\nperl-libs-5.16.3-299.el7_9.ppc64.rpm\nperl-macros-5.16.3-299.el7_9.ppc64.rpm\n\nppc64le:\nperl-5.16.3-299.el7_9.ppc64le.rpm\nperl-Time-Piece-1.20.1-299.el7_9.ppc64le.rpm\nperl-core-5.16.3-299.el7_9.ppc64le.rpm\nperl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm\nperl-devel-5.16.3-299.el7_9.ppc64le.rpm\nperl-libs-5.16.3-299.el7_9.ppc64le.rpm\nperl-macros-5.16.3-299.el7_9.ppc64le.rpm\n\ns390x:\nperl-5.16.3-299.el7_9.s390x.rpm\nperl-Time-Piece-1.20.1-299.el7_9.s390x.rpm\nperl-core-5.16.3-299.el7_9.s390x.rpm\nperl-debuginfo-5.16.3-299.el7_9.s390.rpm\nperl-debuginfo-5.16.3-299.el7_9.s390x.rpm\nperl-devel-5.16.3-299.el7_9.s390.rpm\nperl-devel-5.16.3-299.el7_9.s390x.rpm\nperl-libs-5.16.3-299.el7_9.s390.rpm\nperl-libs-5.16.3-299.el7_9.s390x.rpm\nperl-macros-5.16.3-299.el7_9.s390x.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nperl-debuginfo-5.16.3-299.el7_9.ppc64.rpm\nperl-tests-5.16.3-299.el7_9.ppc64.rpm\n\nppc64le:\nperl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm\nperl-tests-5.16.3-299.el7_9.ppc64le.rpm\n\ns390x:\nperl-debuginfo-5.16.3-299.el7_9.s390x.rpm\nperl-tests-5.16.3-299.el7_9.s390x.rpm\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-10543\nhttps://access.redhat.com/security/cve/CVE-2020-10878\nhttps://access.redhat.com/security/cve/CVE-2020-12723\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYBlBRdzjgjWX9erEAQgfWQ/+Pzq//upZZVPBq5+myRLRJCef7277Y+9k\n54oh8wOTwtwEMs9ye5Y1FDmAxVd4fWX3JgAss1KE86Hhm5OoCX/FJ0/RGguMR1l2\nqwmWtfGuZjrn1SmjdHlf8B/bC0f20IadUUbY/8clpFiMxe5V1g8s9ZgbHv/MBWnm\nAwac/6LPc7Eb24OnIuTKLYEcQRxuBG1KdikM1NN1uJU5WHkbhZfKWFMnjKihsPGp\n42vnomd0P7RdXNc4FbuNlkm2iw04woJyz1AYPdScswWJqawQSbre6+3wpnHlWs4K\nRerhKZiJLJsC0XmSpma62I4kYbVlniYPcbrF4Zfo1j1vIIvjmOL26B/3JsUVtwfm\nAKVuAu8DbNIkdSo2CS2gauLWsykukprPx16X8n8Xlb9Kr9iL/r2/sI/jUGce+50S\naoe2Hb40VIX6sHPLiEmWP0ufuoDxJZ2mY9mhqAMGt/xCPrZ/Pst0y4hewJVo2AIf\n/LG758/KJWYBx2ILfBwA07O829irVDnbw5blT47fS3qiqAzXRTp56xkCCnLQ0BGQ\nIp3DFIwNVxznKYOgubXJBGl3xYHI+P/bu8tcCAYMaN4hAHdFrqJbPMNLLGf37L73\nN83csDc07k/WsKua5atl3suUuYRWxSq6CnV9KNU4aUaKEmu+de+D2k34vn2+le0S\nHB63T1smQXA=Oj1P\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 7) - aarch64, ppc64le, s390x\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10878"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006178"
},
{
"db": "VULHUB",
"id": "VHN-163400"
},
{
"db": "VULMON",
"id": "CVE-2020-10878"
},
{
"db": "PACKETSTORM",
"id": "161656"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163586"
},
{
"db": "PACKETSTORM",
"id": "158058"
},
{
"db": "PACKETSTORM",
"id": "162245"
},
{
"db": "PACKETSTORM",
"id": "161255"
},
{
"db": "PACKETSTORM",
"id": "161843"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10878",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006178",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161255",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161656",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162245",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "163188",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161843",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159726",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162650",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162021",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162877",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159707",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161728",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161727",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161726",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162837",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-53545",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202006-148",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163400",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-10878",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163586",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158058",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163400"
},
{
"db": "VULMON",
"id": "CVE-2020-10878"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006178"
},
{
"db": "PACKETSTORM",
"id": "161656"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163586"
},
{
"db": "PACKETSTORM",
"id": "158058"
},
{
"db": "PACKETSTORM",
"id": "162245"
},
{
"db": "PACKETSTORM",
"id": "161255"
},
{
"db": "PACKETSTORM",
"id": "161843"
},
{
"db": "NVD",
"id": "CVE-2020-10878"
}
]
},
"id": "VAR-202006-1807",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163400"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T19:26:31.374000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2020-fd73c08076",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"title": "study_chunk: extract rck_elide_nothing",
"trust": 0.8,
"url": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8"
},
{
"title": "regcomp: use long jumps if there is any possibility of overflow",
"trust": 0.8,
"url": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c"
},
{
"title": "perl5/pod/perl5303delta.pod",
"trust": 0.8,
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"title": "Comparing changes",
"trust": 0.8,
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"title": "Red Hat: Moderate: perl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210343 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: perl: regexp security issues: CVE-2020-10543, CVE-2020-10878, CVE-2020-12723",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=babe2a0596ddd17a5ad75cd3c30c45ff"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1610",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1610"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.1.3 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210607 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: Cloud Pak for Security contains security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=08f19f0be4d5dcf7486e5abcdb671477"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "AmazonECRScanSecurityHub",
"trust": 0.1,
"url": "https://github.com/hisnakad/AmazonECRScanSecurityHub "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/hisashin0728/AmazonECRScanSecurityHub "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/snigdhasambitak/cks "
},
{
"title": "publish-security-assessments",
"trust": 0.1,
"url": "https://github.com/Azure/publish-security-assessments "
},
{
"title": "misc",
"trust": 0.1,
"url": "https://github.com/dragon7-fc/misc "
},
{
"title": "visualGambasDelta",
"trust": 0.1,
"url": "https://github.com/D5n9sMatrix/visualGambasDelta "
},
{
"title": "perl5283delta",
"trust": 0.1,
"url": "https://github.com/D5n9sMatrix/perl5283delta "
},
{
"title": "editorGambasDelta",
"trust": 0.1,
"url": "https://github.com/D5n9sMatrix/editorGambasDelta "
},
{
"title": "EditorGambasDelta",
"trust": 0.1,
"url": "https://github.com/D5n9sMatrix/EditorGambasDelta "
},
{
"title": "CICD_CloudBuild_01",
"trust": 0.1,
"url": "https://github.com/pbavinck/CICD_CloudBuild_01 "
},
{
"title": "gcp-kritis-signer",
"trust": 0.1,
"url": "https://github.com/binxio/gcp-kritis-signer "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/actions-marketplace-validations/Azure_publish-security-assessments "
},
{
"title": "gcr-kritis-signer",
"trust": 0.1,
"url": "https://github.com/binxio/gcr-kritis-signer "
},
{
"title": "litecoin-automation",
"trust": 0.1,
"url": "https://github.com/gzukel/litecoin-automation "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/D5n9sMatrix/perltoc "
},
{
"title": "snykout",
"trust": 0.1,
"url": "https://github.com/garethr/snykout "
},
{
"title": "myapp-container-jaxrs",
"trust": 0.1,
"url": "https://github.com/akiraabe/myapp-container-jaxrs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10878"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006178"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163400"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006178"
},
{
"db": "NVD",
"id": "CVE-2020-10878"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"trust": 1.1,
"url": "https://github.com/perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"trust": 1.1,
"url": "https://github.com/perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"trust": 1.1,
"url": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8"
},
{
"trust": 1.1,
"url": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"trust": 1.1,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10878"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-10878"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-10543"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-12723"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20230"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29661"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14351"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29661"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35513"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14351"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20230"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35513"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21639"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28165"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28092"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25037"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24977"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28163"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25034"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25035"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25038"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21309"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3501"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25042"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25648"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25036"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27170"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25215"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25692"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2433"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25039"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-25040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2461"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2792"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1266"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0343"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0883"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163400"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006178"
},
{
"db": "PACKETSTORM",
"id": "161656"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163586"
},
{
"db": "PACKETSTORM",
"id": "158058"
},
{
"db": "PACKETSTORM",
"id": "162245"
},
{
"db": "PACKETSTORM",
"id": "161255"
},
{
"db": "PACKETSTORM",
"id": "161843"
},
{
"db": "NVD",
"id": "CVE-2020-10878"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-163400"
},
{
"db": "VULMON",
"id": "CVE-2020-10878"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006178"
},
{
"db": "PACKETSTORM",
"id": "161656"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163586"
},
{
"db": "PACKETSTORM",
"id": "158058"
},
{
"db": "PACKETSTORM",
"id": "162245"
},
{
"db": "PACKETSTORM",
"id": "161255"
},
{
"db": "PACKETSTORM",
"id": "161843"
},
{
"db": "NVD",
"id": "CVE-2020-10878"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-05T00:00:00",
"db": "VULHUB",
"id": "VHN-163400"
},
{
"date": "2020-06-05T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10878"
},
{
"date": "2020-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006178"
},
{
"date": "2021-03-04T15:33:19",
"db": "PACKETSTORM",
"id": "161656"
},
{
"date": "2021-06-17T17:53:22",
"db": "PACKETSTORM",
"id": "163188"
},
{
"date": "2021-07-21T16:03:08",
"db": "PACKETSTORM",
"id": "163586"
},
{
"date": "2020-06-12T14:44:55",
"db": "PACKETSTORM",
"id": "158058"
},
{
"date": "2021-04-20T16:17:10",
"db": "PACKETSTORM",
"id": "162245"
},
{
"date": "2021-02-02T16:12:23",
"db": "PACKETSTORM",
"id": "161255"
},
{
"date": "2021-03-17T14:36:02",
"db": "PACKETSTORM",
"id": "161843"
},
{
"date": "2020-06-05T14:15:10.527000",
"db": "NVD",
"id": "CVE-2020-10878"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-163400"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10878"
},
{
"date": "2020-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006178"
},
{
"date": "2024-11-21T04:56:16.367000",
"db": "NVD",
"id": "CVE-2020-10878"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Perl Integer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006178"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163586"
},
{
"db": "PACKETSTORM",
"id": "162245"
},
{
"db": "PACKETSTORM",
"id": "161255"
},
{
"db": "PACKETSTORM",
"id": "161843"
}
],
"trust": 0.5
}
}
var-202205-2080
Vulnerability from variot
Use After Free in GitHub repository vim/vim prior to 8.2. vim/vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. Versions prior to Vim 8.2 have a security vulnerability, which stems from a reuse-after-free issue. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32
https://security.gentoo.org/
Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32
Synopsis
Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service.
Background
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
[ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-5995-1 April 04, 2023
vim vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description: - vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2345, CVE-2022-2581)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927, CVE-2022-2344)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2946)
It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening a specially crafted file, it could cause Vim to crash, or possible execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-2980)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10: vim 2:9.0.0242-1ubuntu1.3 vim-athena 2:9.0.0242-1ubuntu1.3 vim-gtk3 2:9.0.0242-1ubuntu1.3 vim-motif 2:9.0.0242-1ubuntu1.3 vim-nox 2:9.0.0242-1ubuntu1.3 vim-tiny 2:9.0.0242-1ubuntu1.3
Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.5 vim-athena 2:8.2.3995-1ubuntu2.5 vim-gtk 2:8.2.3995-1ubuntu2.5 vim-gtk3 2:8.2.3995-1ubuntu2.5 vim-nox 2:8.2.3995-1ubuntu2.5 vim-tiny 2:8.2.3995-1ubuntu2.5
Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.13 vim-athena 2:8.1.2269-1ubuntu5.13 vim-gtk 2:8.1.2269-1ubuntu5.13 vim-gtk3 2:8.1.2269-1ubuntu5.13 vim-nox 2:8.1.2269-1ubuntu5.13 vim-tiny 2:8.1.2269-1ubuntu5.13
Ubuntu 18.04 LTS: vim 2:8.0.1453-1ubuntu1.12 vim-athena 2:8.0.1453-1ubuntu1.12 vim-gnome 2:8.0.1453-1ubuntu1.12 vim-gtk 2:8.0.1453-1ubuntu1.12 vim-gtk3 2:8.0.1453-1ubuntu1.12 vim-nox 2:8.0.1453-1ubuntu1.12 vim-tiny 2:8.0.1453-1ubuntu1.12
Ubuntu 14.04 ESM: vim 2:7.4.052-1ubuntu3.1+esm8 vim-athena 2:7.4.052-1ubuntu3.1+esm8 vim-gnome 2:7.4.052-1ubuntu3.1+esm8 vim-gtk 2:7.4.052-1ubuntu3.1+esm8 vim-nox 2:7.4.052-1ubuntu3.1+esm8 vim-tiny 2:7.4.052-1ubuntu3.1+esm8
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5995-1 CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720, CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206, CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571, CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980
Package Information: https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3 https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5 https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13 https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-2080",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "vim",
"scope": "lt",
"trust": 1.0,
"vendor": "vim",
"version": "8.2.5024"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "vim",
"scope": null,
"trust": 0.8,
"vendor": "vim",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011171"
},
{
"db": "NVD",
"id": "CVE-2022-1898"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 0.2
},
"cve": "CVE-2022-1898",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1898",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-423552",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "security@huntr.dev",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1898",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1898",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1898",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@huntr.dev",
"id": "CVE-2022-1898",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-1898",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-4245",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-423552",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1898",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423552"
},
{
"db": "VULMON",
"id": "CVE-2022-1898"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011171"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4245"
},
{
"db": "NVD",
"id": "CVE-2022-1898"
},
{
"db": "NVD",
"id": "CVE-2022-1898"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use After Free in GitHub repository vim/vim prior to 8.2. vim/vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. Versions prior to Vim 8.2 have a security vulnerability, which stems from a reuse-after-free issue. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Vim, gVim: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231\n ID: 202208-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Vim, the worst of which\ncould result in denial of service. \n\nBackground\n=========\nVim is an efficient, highly configurable improved version of the classic\n\u2018vi\u2019 text editor. gVim is the GUI version of Vim. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-editors/gvim \u003c 9.0.0060 \u003e= 9.0.0060\n 2 app-editors/vim \u003c 9.0.0060 \u003e= 9.0.0060\n 3 app-editors/vim-core \u003c 9.0.0060 \u003e= 9.0.0060\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Vim and gVim. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Vim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-9.0.0060\"\n\nAll gVim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/gvim-9.0.0060\"\n\nAll vim-core users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-editors/vim-core-9.0.0060\"\n\nReferences\n=========\n[ 1 ] CVE-2021-3770\n https://nvd.nist.gov/vuln/detail/CVE-2021-3770\n[ 2 ] CVE-2021-3778\n https://nvd.nist.gov/vuln/detail/CVE-2021-3778\n[ 3 ] CVE-2021-3796\n https://nvd.nist.gov/vuln/detail/CVE-2021-3796\n[ 4 ] CVE-2021-3872\n https://nvd.nist.gov/vuln/detail/CVE-2021-3872\n[ 5 ] CVE-2021-3875\n https://nvd.nist.gov/vuln/detail/CVE-2021-3875\n[ 6 ] CVE-2021-3927\n https://nvd.nist.gov/vuln/detail/CVE-2021-3927\n[ 7 ] CVE-2021-3928\n https://nvd.nist.gov/vuln/detail/CVE-2021-3928\n[ 8 ] CVE-2021-3968\n https://nvd.nist.gov/vuln/detail/CVE-2021-3968\n[ 9 ] CVE-2021-3973\n https://nvd.nist.gov/vuln/detail/CVE-2021-3973\n[ 10 ] CVE-2021-3974\n https://nvd.nist.gov/vuln/detail/CVE-2021-3974\n[ 11 ] CVE-2021-3984\n https://nvd.nist.gov/vuln/detail/CVE-2021-3984\n[ 12 ] CVE-2021-4019\n https://nvd.nist.gov/vuln/detail/CVE-2021-4019\n[ 13 ] CVE-2021-4069\n https://nvd.nist.gov/vuln/detail/CVE-2021-4069\n[ 14 ] CVE-2021-4136\n https://nvd.nist.gov/vuln/detail/CVE-2021-4136\n[ 15 ] CVE-2021-4166\n https://nvd.nist.gov/vuln/detail/CVE-2021-4166\n[ 16 ] CVE-2021-4173\n https://nvd.nist.gov/vuln/detail/CVE-2021-4173\n[ 17 ] CVE-2021-4187\n https://nvd.nist.gov/vuln/detail/CVE-2021-4187\n[ 18 ] CVE-2021-4192\n https://nvd.nist.gov/vuln/detail/CVE-2021-4192\n[ 19 ] CVE-2021-4193\n https://nvd.nist.gov/vuln/detail/CVE-2021-4193\n[ 20 ] CVE-2021-46059\n https://nvd.nist.gov/vuln/detail/CVE-2021-46059\n[ 21 ] CVE-2022-0128\n https://nvd.nist.gov/vuln/detail/CVE-2022-0128\n[ 22 ] CVE-2022-0156\n https://nvd.nist.gov/vuln/detail/CVE-2022-0156\n[ 23 ] CVE-2022-0158\n https://nvd.nist.gov/vuln/detail/CVE-2022-0158\n[ 24 ] CVE-2022-0213\n https://nvd.nist.gov/vuln/detail/CVE-2022-0213\n[ 25 ] CVE-2022-0261\n https://nvd.nist.gov/vuln/detail/CVE-2022-0261\n[ 26 ] CVE-2022-0318\n https://nvd.nist.gov/vuln/detail/CVE-2022-0318\n[ 27 ] CVE-2022-0319\n https://nvd.nist.gov/vuln/detail/CVE-2022-0319\n[ 28 ] CVE-2022-0351\n https://nvd.nist.gov/vuln/detail/CVE-2022-0351\n[ 29 ] CVE-2022-0359\n https://nvd.nist.gov/vuln/detail/CVE-2022-0359\n[ 30 ] CVE-2022-0361\n https://nvd.nist.gov/vuln/detail/CVE-2022-0361\n[ 31 ] CVE-2022-0368\n https://nvd.nist.gov/vuln/detail/CVE-2022-0368\n[ 32 ] CVE-2022-0392\n https://nvd.nist.gov/vuln/detail/CVE-2022-0392\n[ 33 ] CVE-2022-0393\n https://nvd.nist.gov/vuln/detail/CVE-2022-0393\n[ 34 ] CVE-2022-0407\n https://nvd.nist.gov/vuln/detail/CVE-2022-0407\n[ 35 ] CVE-2022-0408\n https://nvd.nist.gov/vuln/detail/CVE-2022-0408\n[ 36 ] CVE-2022-0413\n https://nvd.nist.gov/vuln/detail/CVE-2022-0413\n[ 37 ] CVE-2022-0417\n https://nvd.nist.gov/vuln/detail/CVE-2022-0417\n[ 38 ] CVE-2022-0443\n https://nvd.nist.gov/vuln/detail/CVE-2022-0443\n[ 39 ] CVE-2022-0554\n https://nvd.nist.gov/vuln/detail/CVE-2022-0554\n[ 40 ] CVE-2022-0629\n https://nvd.nist.gov/vuln/detail/CVE-2022-0629\n[ 41 ] CVE-2022-0685\n https://nvd.nist.gov/vuln/detail/CVE-2022-0685\n[ 42 ] CVE-2022-0714\n https://nvd.nist.gov/vuln/detail/CVE-2022-0714\n[ 43 ] CVE-2022-0729\n https://nvd.nist.gov/vuln/detail/CVE-2022-0729\n[ 44 ] CVE-2022-0943\n https://nvd.nist.gov/vuln/detail/CVE-2022-0943\n[ 45 ] CVE-2022-1154\n https://nvd.nist.gov/vuln/detail/CVE-2022-1154\n[ 46 ] CVE-2022-1160\n https://nvd.nist.gov/vuln/detail/CVE-2022-1160\n[ 47 ] CVE-2022-1381\n https://nvd.nist.gov/vuln/detail/CVE-2022-1381\n[ 48 ] CVE-2022-1420\n https://nvd.nist.gov/vuln/detail/CVE-2022-1420\n[ 49 ] CVE-2022-1616\n https://nvd.nist.gov/vuln/detail/CVE-2022-1616\n[ 50 ] CVE-2022-1619\n https://nvd.nist.gov/vuln/detail/CVE-2022-1619\n[ 51 ] CVE-2022-1620\n https://nvd.nist.gov/vuln/detail/CVE-2022-1620\n[ 52 ] CVE-2022-1621\n https://nvd.nist.gov/vuln/detail/CVE-2022-1621\n[ 53 ] CVE-2022-1629\n https://nvd.nist.gov/vuln/detail/CVE-2022-1629\n[ 54 ] CVE-2022-1674\n https://nvd.nist.gov/vuln/detail/CVE-2022-1674\n[ 55 ] CVE-2022-1720\n https://nvd.nist.gov/vuln/detail/CVE-2022-1720\n[ 56 ] CVE-2022-1733\n https://nvd.nist.gov/vuln/detail/CVE-2022-1733\n[ 57 ] CVE-2022-1735\n https://nvd.nist.gov/vuln/detail/CVE-2022-1735\n[ 58 ] CVE-2022-1769\n https://nvd.nist.gov/vuln/detail/CVE-2022-1769\n[ 59 ] CVE-2022-1771\n https://nvd.nist.gov/vuln/detail/CVE-2022-1771\n[ 60 ] CVE-2022-1785\n https://nvd.nist.gov/vuln/detail/CVE-2022-1785\n[ 61 ] CVE-2022-1796\n https://nvd.nist.gov/vuln/detail/CVE-2022-1796\n[ 62 ] CVE-2022-1851\n https://nvd.nist.gov/vuln/detail/CVE-2022-1851\n[ 63 ] CVE-2022-1886\n https://nvd.nist.gov/vuln/detail/CVE-2022-1886\n[ 64 ] CVE-2022-1897\n https://nvd.nist.gov/vuln/detail/CVE-2022-1897\n[ 65 ] CVE-2022-1898\n https://nvd.nist.gov/vuln/detail/CVE-2022-1898\n[ 66 ] CVE-2022-1927\n https://nvd.nist.gov/vuln/detail/CVE-2022-1927\n[ 67 ] CVE-2022-1942\n https://nvd.nist.gov/vuln/detail/CVE-2022-1942\n[ 68 ] CVE-2022-1968\n https://nvd.nist.gov/vuln/detail/CVE-2022-1968\n[ 69 ] CVE-2022-2000\n https://nvd.nist.gov/vuln/detail/CVE-2022-2000\n[ 70 ] CVE-2022-2042\n https://nvd.nist.gov/vuln/detail/CVE-2022-2042\n[ 71 ] CVE-2022-2124\n https://nvd.nist.gov/vuln/detail/CVE-2022-2124\n[ 72 ] CVE-2022-2125\n https://nvd.nist.gov/vuln/detail/CVE-2022-2125\n[ 73 ] CVE-2022-2126\n https://nvd.nist.gov/vuln/detail/CVE-2022-2126\n[ 74 ] CVE-2022-2129\n https://nvd.nist.gov/vuln/detail/CVE-2022-2129\n[ 75 ] CVE-2022-2175\n https://nvd.nist.gov/vuln/detail/CVE-2022-2175\n[ 76 ] CVE-2022-2182\n https://nvd.nist.gov/vuln/detail/CVE-2022-2182\n[ 77 ] CVE-2022-2183\n https://nvd.nist.gov/vuln/detail/CVE-2022-2183\n[ 78 ] CVE-2022-2206\n https://nvd.nist.gov/vuln/detail/CVE-2022-2206\n[ 79 ] CVE-2022-2207\n https://nvd.nist.gov/vuln/detail/CVE-2022-2207\n[ 80 ] CVE-2022-2208\n https://nvd.nist.gov/vuln/detail/CVE-2022-2208\n[ 81 ] CVE-2022-2210\n https://nvd.nist.gov/vuln/detail/CVE-2022-2210\n[ 82 ] CVE-2022-2231\n https://nvd.nist.gov/vuln/detail/CVE-2022-2231\n[ 83 ] CVE-2022-2257\n https://nvd.nist.gov/vuln/detail/CVE-2022-2257\n[ 84 ] CVE-2022-2264\n https://nvd.nist.gov/vuln/detail/CVE-2022-2264\n[ 85 ] CVE-2022-2284\n https://nvd.nist.gov/vuln/detail/CVE-2022-2284\n[ 86 ] CVE-2022-2285\n https://nvd.nist.gov/vuln/detail/CVE-2022-2285\n[ 87 ] CVE-2022-2286\n https://nvd.nist.gov/vuln/detail/CVE-2022-2286\n[ 88 ] CVE-2022-2287\n https://nvd.nist.gov/vuln/detail/CVE-2022-2287\n[ 89 ] CVE-2022-2288\n https://nvd.nist.gov/vuln/detail/CVE-2022-2288\n[ 90 ] CVE-2022-2289\n https://nvd.nist.gov/vuln/detail/CVE-2022-2289\n[ 91 ] CVE-2022-2304\n https://nvd.nist.gov/vuln/detail/CVE-2022-2304\n[ 92 ] CVE-2022-2343\n https://nvd.nist.gov/vuln/detail/CVE-2022-2343\n[ 93 ] CVE-2022-2344\n https://nvd.nist.gov/vuln/detail/CVE-2022-2344\n[ 94 ] CVE-2022-2345\n https://nvd.nist.gov/vuln/detail/CVE-2022-2345\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-32\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. =========================================================================\nUbuntu Security Notice USN-5995-1\nApril 04, 2023\n\nvim vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Vim. \n\nSoftware Description:\n- vim: Vi IMproved - enhanced vi editor\n\nDetails:\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,\nand Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674,\nCVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851,\nCVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125,\nCVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\nCVE-2022-2304, CVE-2022-2345, CVE-2022-2581)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04\nLTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849,\nCVE-2022-2923)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927,\nCVE-2022-2344)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,\nand Ubuntu 22.10. (CVE-2022-2946)\n\nIt was discovered that Vim incorrectly handled memory when opening certain\nfiles. If an attacker could trick a user into opening a specially crafted\nfile, it could cause Vim to crash, or possible execute arbitrary code. This\nissue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. \n(CVE-2022-2980)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.10:\n vim 2:9.0.0242-1ubuntu1.3\n vim-athena 2:9.0.0242-1ubuntu1.3\n vim-gtk3 2:9.0.0242-1ubuntu1.3\n vim-motif 2:9.0.0242-1ubuntu1.3\n vim-nox 2:9.0.0242-1ubuntu1.3\n vim-tiny 2:9.0.0242-1ubuntu1.3\n\nUbuntu 22.04 LTS:\n vim 2:8.2.3995-1ubuntu2.5\n vim-athena 2:8.2.3995-1ubuntu2.5\n vim-gtk 2:8.2.3995-1ubuntu2.5\n vim-gtk3 2:8.2.3995-1ubuntu2.5\n vim-nox 2:8.2.3995-1ubuntu2.5\n vim-tiny 2:8.2.3995-1ubuntu2.5\n\nUbuntu 20.04 LTS:\n vim 2:8.1.2269-1ubuntu5.13\n vim-athena 2:8.1.2269-1ubuntu5.13\n vim-gtk 2:8.1.2269-1ubuntu5.13\n vim-gtk3 2:8.1.2269-1ubuntu5.13\n vim-nox 2:8.1.2269-1ubuntu5.13\n vim-tiny 2:8.1.2269-1ubuntu5.13\n\nUbuntu 18.04 LTS:\n vim 2:8.0.1453-1ubuntu1.12\n vim-athena 2:8.0.1453-1ubuntu1.12\n vim-gnome 2:8.0.1453-1ubuntu1.12\n vim-gtk 2:8.0.1453-1ubuntu1.12\n vim-gtk3 2:8.0.1453-1ubuntu1.12\n vim-nox 2:8.0.1453-1ubuntu1.12\n vim-tiny 2:8.0.1453-1ubuntu1.12\n\nUbuntu 14.04 ESM:\n vim 2:7.4.052-1ubuntu3.1+esm8\n vim-athena 2:7.4.052-1ubuntu3.1+esm8\n vim-gnome 2:7.4.052-1ubuntu3.1+esm8\n vim-gtk 2:7.4.052-1ubuntu3.1+esm8\n vim-nox 2:7.4.052-1ubuntu3.1+esm8\n vim-tiny 2:7.4.052-1ubuntu3.1+esm8\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5995-1\n CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720,\n CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796,\n CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942,\n CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126,\n CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,\n CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571,\n CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923,\n CVE-2022-2946, CVE-2022-2980\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3\n https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5\n https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13\n https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1898"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011171"
},
{
"db": "VULHUB",
"id": "VHN-423552"
},
{
"db": "VULMON",
"id": "CVE-2022-1898"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1898",
"trust": 3.7
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011171",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4245",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2023.0019",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3012",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062022",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022063027",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-50691",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-423552",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1898",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168124",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171681",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423552"
},
{
"db": "VULMON",
"id": "CVE-2022-1898"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011171"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4245"
},
{
"db": "NVD",
"id": "CVE-2022-1898"
}
]
},
"id": "VAR-202205-2080",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-423552"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:04:43.780000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "using\u00a0freed\u00a0memory\u00a0with\u00a0\"]d\" Apple Apple\u00a0Security\u00a0Updates",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"title": "Vim Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=194717"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-1898"
},
{
"title": "Debian CVElist Bug Report Logs: vim: CVE-2022-1942 CVE-2022-1968 CVE-2022-2000 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2285 CVE-2022-2288 CVE-2022-2304 CVE-2022-2207 CVE-2022-1616 CVE-2022-1619 CVE-2022-1621 CVE-2022-1720 CVE-2022-1785 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=11dbcf77118f7ec64d0ef6c1e3c087e3"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1628",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1628"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1829",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1829"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-116",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-116"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1898"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011171"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4245"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423552"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011171"
},
{
"db": "NVD",
"id": "CVE-2022-1898"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"trust": 1.8,
"url": "https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea"
},
{
"trust": 1.8,
"url": "https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202305-16"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1898"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ozslfikfyu5y2km5ejkqnyhwrubdq4gj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qmfhbc5oqxdpv2sdya2juqgvcpyastjb/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qmfhbc5oqxdpv2sdya2juqgvcpyastjb/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tynk6sdcmolqjoi3b4aoe66p2g2ih4zm/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ozslfikfyu5y2km5ejkqnyhwrubdq4gj/"
},
{
"trust": 0.8,
"url": "https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022063027"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0019"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062022"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1898/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3012"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vim-reuse-after-free-via-nv-brackets-38493"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2129"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2126"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1851"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1968"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2345"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1735"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1733"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2304"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2344"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1886"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1771"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2000"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2287"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2288"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2257"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2124"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2343"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1381"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2125"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2207"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2183"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1616"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2264"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1620"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1796"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2289"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1420"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2182"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2208"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2923"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1898"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015984"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/alas-2022-1628.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0417"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0393"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0319"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0351"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4019"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0213"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2581"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5995-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3296"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0051"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3099"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3278"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-47024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0049"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3591"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3234"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-423552"
},
{
"db": "VULMON",
"id": "CVE-2022-1898"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011171"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4245"
},
{
"db": "NVD",
"id": "CVE-2022-1898"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-423552"
},
{
"db": "VULMON",
"id": "CVE-2022-1898"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011171"
},
{
"db": "PACKETSTORM",
"id": "168124"
},
{
"db": "PACKETSTORM",
"id": "171681"
},
{
"db": "PACKETSTORM",
"id": "172122"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4245"
},
{
"db": "NVD",
"id": "CVE-2022-1898"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-27T00:00:00",
"db": "VULHUB",
"id": "VHN-423552"
},
{
"date": "2022-05-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1898"
},
{
"date": "2023-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011171"
},
{
"date": "2022-08-22T16:01:59",
"db": "PACKETSTORM",
"id": "168124"
},
{
"date": "2023-04-04T12:59:12",
"db": "PACKETSTORM",
"id": "171681"
},
{
"date": "2023-05-03T15:29:00",
"db": "PACKETSTORM",
"id": "172122"
},
{
"date": "2022-05-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-4245"
},
{
"date": "2022-05-27T09:15:08.030000",
"db": "NVD",
"id": "CVE-2022-1898"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-08T00:00:00",
"db": "VULHUB",
"id": "VHN-423552"
},
{
"date": "2022-08-21T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1898"
},
{
"date": "2023-08-21T01:37:00",
"db": "JVNDB",
"id": "JVNDB-2022-011171"
},
{
"date": "2023-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-4245"
},
{
"date": "2024-11-21T06:41:42.490000",
"db": "NVD",
"id": "CVE-2022-1898"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-4245"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vim/vim\u00a0 Vulnerability in using free memory in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011171"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-4245"
}
],
"trust": 0.6
}
}
var-202206-1963
Vulnerability from variot
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the updated file accessible to more users than intended. curl There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-5495-1 June 27, 2022
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in curl. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)
Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-32206)
Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-diddle attack. (CVE-2022-32208)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: curl 7.81.0-1ubuntu1.3 libcurl3-gnutls 7.81.0-1ubuntu1.3 libcurl3-nss 7.81.0-1ubuntu1.3 libcurl4 7.81.0-1ubuntu1.3
Ubuntu 21.10: curl 7.74.0-1.3ubuntu2.3 libcurl3-gnutls 7.74.0-1.3ubuntu2.3 libcurl3-nss 7.74.0-1.3ubuntu2.3 libcurl4 7.74.0-1.3ubuntu2.3
Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.12 libcurl3-gnutls 7.68.0-1ubuntu2.12 libcurl3-nss 7.68.0-1ubuntu2.12 libcurl4 7.68.0-1ubuntu2.12
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.19 libcurl3-gnutls 7.58.0-2ubuntu3.19 libcurl3-nss 7.58.0-2ubuntu3.19 libcurl4 7.58.0-2ubuntu3.19
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: curl security update Advisory ID: RHSA-2022:6157-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6157 Issue date: 2022-08-24 CVE Names: CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ==================================================================== 1. Summary:
An update for curl is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
-
curl: HTTP compression denial of service (CVE-2022-32206)
-
curl: Unpreserved file permissions (CVE-2022-32207)
-
curl: FTP-KRB bad message verification (CVE-2022-32208)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099305 - CVE-2022-32207 curl: Unpreserved file permissions 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification
- Package List:
Red Hat Enterprise Linux AppStream (v. 9):
aarch64: curl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm curl-debugsource-7.76.1-14.el9_0.5.aarch64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm libcurl-devel-7.76.1-14.el9_0.5.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm
ppc64le: curl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm curl-debugsource-7.76.1-14.el9_0.5.ppc64le.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm libcurl-devel-7.76.1-14.el9_0.5.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm
s390x: curl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm curl-debugsource-7.76.1-14.el9_0.5.s390x.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm libcurl-devel-7.76.1-14.el9_0.5.s390x.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm
x86_64: curl-debuginfo-7.76.1-14.el9_0.5.i686.rpm curl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm curl-debugsource-7.76.1-14.el9_0.5.i686.rpm curl-debugsource-7.76.1-14.el9_0.5.x86_64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm libcurl-devel-7.76.1-14.el9_0.5.i686.rpm libcurl-devel-7.76.1-14.el9_0.5.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 9):
Source: curl-7.76.1-14.el9_0.5.src.rpm
aarch64: curl-7.76.1-14.el9_0.5.aarch64.rpm curl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm curl-debugsource-7.76.1-14.el9_0.5.aarch64.rpm curl-minimal-7.76.1-14.el9_0.5.aarch64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm libcurl-7.76.1-14.el9_0.5.aarch64.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm libcurl-minimal-7.76.1-14.el9_0.5.aarch64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm
ppc64le: curl-7.76.1-14.el9_0.5.ppc64le.rpm curl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm curl-debugsource-7.76.1-14.el9_0.5.ppc64le.rpm curl-minimal-7.76.1-14.el9_0.5.ppc64le.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm libcurl-7.76.1-14.el9_0.5.ppc64le.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm libcurl-minimal-7.76.1-14.el9_0.5.ppc64le.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm
s390x: curl-7.76.1-14.el9_0.5.s390x.rpm curl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm curl-debugsource-7.76.1-14.el9_0.5.s390x.rpm curl-minimal-7.76.1-14.el9_0.5.s390x.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm libcurl-7.76.1-14.el9_0.5.s390x.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm libcurl-minimal-7.76.1-14.el9_0.5.s390x.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm
x86_64: curl-7.76.1-14.el9_0.5.x86_64.rpm curl-debuginfo-7.76.1-14.el9_0.5.i686.rpm curl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm curl-debugsource-7.76.1-14.el9_0.5.i686.rpm curl-debugsource-7.76.1-14.el9_0.5.x86_64.rpm curl-minimal-7.76.1-14.el9_0.5.x86_64.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm curl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm libcurl-7.76.1-14.el9_0.5.i686.rpm libcurl-7.76.1-14.el9_0.5.x86_64.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm libcurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm libcurl-minimal-7.76.1-14.el9_0.5.i686.rpm libcurl-minimal-7.76.1-14.el9_0.5.x86_64.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm libcurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32207 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYwZpA9zjgjWX9erEAQjorQ/9G7KqpJrOkRXFM3iFlTVnUV/mGwdu4v5p dru+hce/7sEETk1Er9JXSBIZvtCk31V7QxswgIpgAwCBX/Ie/wr+tosF3jE+4YjL MCgtbk5Tzuak49Gsggz40GbvauEm3NiSyLPmG+A+tWrjqst3UWwobirEg7iVGUU1 OOWKhNPzAr0iWoY1z2EBvBl23Fo8gaMYX9dd8dhcGza2OVMwzywrNW69h6bsQhDp Y5nAyBBCvwosqmDdIzZV5vDQEWoxb5uP+jnRgwtgJpaqdsn+ULkDuShIQZGntdA5 fSCM57aSEmOY0bx/fE3/Z1b8Si3+GJ+j688rSlcRwlaA+Bxo5Az+PUbe4eWwTc2B vstfKWZHPLv/nyq+1JjV7/e+cuwAkn9YsT3/TUPlLtGjmg1x+4wytRXEF3uipFZR P5TJGLIlvaQbnpNfVfkxefCvvGRuomILaP12rRYuKuI1CR+jRLu3jEmFfoSyJs/q WR9OXuSQEFjTmLo3m8S7iRLN6bUWKItYhNmaSucZRgCvayT5BY54GbbssIAykQX8 zLXIbqHQJec8sJuIdSwDSAuxyhrq30kSk0WLpfkK/uw179XpUphNK9CHL7VnGiVj haaef/yP7L12NBguJBmUnYWaWwa3sqepNQ3D8RQYXHrOmQ38VOjL76RQ0URYPkSB pl2iagecnP0=fQUi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack.
For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u2.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K i8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD waofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp rXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz Uao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE yIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab SPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF REStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R 1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt TV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38 EPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA= =3E71 -----END PGP SIGNATURE----- . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. After installing the updated packages, the httpd daemon will be restarted automatically. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202212-01
https://security.gentoo.org/
Severity: High Title: curl: Multiple Vulnerabilities Date: December 19, 2022 Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365 ID: 202212-01
Synopsis
Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.
Background
A command line tool and library for transferring data with URLs.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.86.0 >= 7.86.0
Description
Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All curl users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.86.0"
References
[ 1 ] CVE-2021-22922 https://nvd.nist.gov/vuln/detail/CVE-2021-22922 [ 2 ] CVE-2021-22923 https://nvd.nist.gov/vuln/detail/CVE-2021-22923 [ 3 ] CVE-2021-22925 https://nvd.nist.gov/vuln/detail/CVE-2021-22925 [ 4 ] CVE-2021-22926 https://nvd.nist.gov/vuln/detail/CVE-2021-22926 [ 5 ] CVE-2021-22945 https://nvd.nist.gov/vuln/detail/CVE-2021-22945 [ 6 ] CVE-2021-22946 https://nvd.nist.gov/vuln/detail/CVE-2021-22946 [ 7 ] CVE-2021-22947 https://nvd.nist.gov/vuln/detail/CVE-2021-22947 [ 8 ] CVE-2022-22576 https://nvd.nist.gov/vuln/detail/CVE-2022-22576 [ 9 ] CVE-2022-27774 https://nvd.nist.gov/vuln/detail/CVE-2022-27774 [ 10 ] CVE-2022-27775 https://nvd.nist.gov/vuln/detail/CVE-2022-27775 [ 11 ] CVE-2022-27776 https://nvd.nist.gov/vuln/detail/CVE-2022-27776 [ 12 ] CVE-2022-27779 https://nvd.nist.gov/vuln/detail/CVE-2022-27779 [ 13 ] CVE-2022-27780 https://nvd.nist.gov/vuln/detail/CVE-2022-27780 [ 14 ] CVE-2022-27781 https://nvd.nist.gov/vuln/detail/CVE-2022-27781 [ 15 ] CVE-2022-27782 https://nvd.nist.gov/vuln/detail/CVE-2022-27782 [ 16 ] CVE-2022-30115 https://nvd.nist.gov/vuln/detail/CVE-2022-30115 [ 17 ] CVE-2022-32205 https://nvd.nist.gov/vuln/detail/CVE-2022-32205 [ 18 ] CVE-2022-32206 https://nvd.nist.gov/vuln/detail/CVE-2022-32206 [ 19 ] CVE-2022-32207 https://nvd.nist.gov/vuln/detail/CVE-2022-32207 [ 20 ] CVE-2022-32208 https://nvd.nist.gov/vuln/detail/CVE-2022-32208 [ 21 ] CVE-2022-32221 https://nvd.nist.gov/vuln/detail/CVE-2022-32221 [ 22 ] CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 [ 23 ] CVE-2022-35260 https://nvd.nist.gov/vuln/detail/CVE-2022-35260 [ 24 ] CVE-2022-42915 https://nvd.nist.gov/vuln/detail/CVE-2022-42915 [ 25 ] CVE-2022-42916 https://nvd.nist.gov/vuln/detail/CVE-2022-42916
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202212-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1963",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "curl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.69.0"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "bootstrap os",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "element software",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.0"
},
{
"model": "curl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.84.0"
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "hci management node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "element software",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "h300s",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "curl",
"scope": null,
"trust": 0.8,
"vendor": "haxx",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "bootstrap os",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015269"
},
{
"db": "NVD",
"id": "CVE-2022-32207"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168174"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "170165"
}
],
"trust": 0.3
},
"cve": "CVE-2022-32207",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-32207",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-424134",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-32207",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-32207",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-32207",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-32207",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2569",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-424134",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-32207",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424134"
},
{
"db": "VULMON",
"id": "CVE-2022-32207"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015269"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2569"
},
{
"db": "NVD",
"id": "CVE-2022-32207"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. curl There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ==========================================================================\nUbuntu Security Notice USN-5495-1\nJune 27, 2022\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \nAn attacker could possibly use this issue to cause a denial of service. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)\n\nHarry Sintonen discovered that curl incorrectly handled certain HTTP compressions. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2022-32206)\n\nHarry Sintonen incorrectly handled certain file permissions. \nAn attacker could possibly use this issue to expose sensitive information. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)\n\nHarry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. \nAn attacker could possibly use this to perform a machine-in-the-diddle attack. \n(CVE-2022-32208)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n curl 7.81.0-1ubuntu1.3\n libcurl3-gnutls 7.81.0-1ubuntu1.3\n libcurl3-nss 7.81.0-1ubuntu1.3\n libcurl4 7.81.0-1ubuntu1.3\n\nUbuntu 21.10:\n curl 7.74.0-1.3ubuntu2.3\n libcurl3-gnutls 7.74.0-1.3ubuntu2.3\n libcurl3-nss 7.74.0-1.3ubuntu2.3\n libcurl4 7.74.0-1.3ubuntu2.3\n\nUbuntu 20.04 LTS:\n curl 7.68.0-1ubuntu2.12\n libcurl3-gnutls 7.68.0-1ubuntu2.12\n libcurl3-nss 7.68.0-1ubuntu2.12\n libcurl4 7.68.0-1ubuntu2.12\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.19\n libcurl3-gnutls 7.58.0-2ubuntu3.19\n libcurl3-nss 7.58.0-2ubuntu3.19\n libcurl4 7.58.0-2ubuntu3.19\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: curl security update\nAdvisory ID: RHSA-2022:6157-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6157\nIssue date: 2022-08-24\nCVE Names: CVE-2022-32206 CVE-2022-32207 CVE-2022-32208\n====================================================================\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: HTTP compression denial of service (CVE-2022-32206)\n\n* curl: Unpreserved file permissions (CVE-2022-32207)\n\n* curl: FTP-KRB bad message verification (CVE-2022-32208)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2099300 - CVE-2022-32206 curl: HTTP compression denial of service\n2099305 - CVE-2022-32207 curl: Unpreserved file permissions\n2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\naarch64:\ncurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.aarch64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\nlibcurl-devel-7.76.1-14.el9_0.5.aarch64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\n\nppc64le:\ncurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.ppc64le.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\nlibcurl-devel-7.76.1-14.el9_0.5.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\n\ns390x:\ncurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.s390x.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\nlibcurl-devel-7.76.1-14.el9_0.5.s390x.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\n\nx86_64:\ncurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm\ncurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.i686.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.x86_64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\nlibcurl-devel-7.76.1-14.el9_0.5.i686.rpm\nlibcurl-devel-7.76.1-14.el9_0.5.x86_64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 9):\n\nSource:\ncurl-7.76.1-14.el9_0.5.src.rpm\n\naarch64:\ncurl-7.76.1-14.el9_0.5.aarch64.rpm\ncurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.aarch64.rpm\ncurl-minimal-7.76.1-14.el9_0.5.aarch64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\nlibcurl-7.76.1-14.el9_0.5.aarch64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\nlibcurl-minimal-7.76.1-14.el9_0.5.aarch64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.aarch64.rpm\n\nppc64le:\ncurl-7.76.1-14.el9_0.5.ppc64le.rpm\ncurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.ppc64le.rpm\ncurl-minimal-7.76.1-14.el9_0.5.ppc64le.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\nlibcurl-7.76.1-14.el9_0.5.ppc64le.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\nlibcurl-minimal-7.76.1-14.el9_0.5.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.ppc64le.rpm\n\ns390x:\ncurl-7.76.1-14.el9_0.5.s390x.rpm\ncurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.s390x.rpm\ncurl-minimal-7.76.1-14.el9_0.5.s390x.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\nlibcurl-7.76.1-14.el9_0.5.s390x.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\nlibcurl-minimal-7.76.1-14.el9_0.5.s390x.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.s390x.rpm\n\nx86_64:\ncurl-7.76.1-14.el9_0.5.x86_64.rpm\ncurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm\ncurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.i686.rpm\ncurl-debugsource-7.76.1-14.el9_0.5.x86_64.rpm\ncurl-minimal-7.76.1-14.el9_0.5.x86_64.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm\ncurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\nlibcurl-7.76.1-14.el9_0.5.i686.rpm\nlibcurl-7.76.1-14.el9_0.5.x86_64.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.i686.rpm\nlibcurl-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\nlibcurl-minimal-7.76.1-14.el9_0.5.i686.rpm\nlibcurl-minimal-7.76.1-14.el9_0.5.x86_64.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.i686.rpm\nlibcurl-minimal-debuginfo-7.76.1-14.el9_0.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-32206\nhttps://access.redhat.com/security/cve/CVE-2022-32207\nhttps://access.redhat.com/security/cve/CVE-2022-32208\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYwZpA9zjgjWX9erEAQjorQ/9G7KqpJrOkRXFM3iFlTVnUV/mGwdu4v5p\ndru+hce/7sEETk1Er9JXSBIZvtCk31V7QxswgIpgAwCBX/Ie/wr+tosF3jE+4YjL\nMCgtbk5Tzuak49Gsggz40GbvauEm3NiSyLPmG+A+tWrjqst3UWwobirEg7iVGUU1\nOOWKhNPzAr0iWoY1z2EBvBl23Fo8gaMYX9dd8dhcGza2OVMwzywrNW69h6bsQhDp\nY5nAyBBCvwosqmDdIzZV5vDQEWoxb5uP+jnRgwtgJpaqdsn+ULkDuShIQZGntdA5\nfSCM57aSEmOY0bx/fE3/Z1b8Si3+GJ+j688rSlcRwlaA+Bxo5Az+PUbe4eWwTc2B\nvstfKWZHPLv/nyq+1JjV7/e+cuwAkn9YsT3/TUPlLtGjmg1x+4wytRXEF3uipFZR\nP5TJGLIlvaQbnpNfVfkxefCvvGRuomILaP12rRYuKuI1CR+jRLu3jEmFfoSyJs/q\nWR9OXuSQEFjTmLo3m8S7iRLN6bUWKItYhNmaSucZRgCvayT5BY54GbbssIAykQX8\nzLXIbqHQJec8sJuIdSwDSAuxyhrq30kSk0WLpfkK/uw179XpUphNK9CHL7VnGiVj\nhaaef/yP7L12NBguJBmUnYWaWwa3sqepNQ3D8RQYXHrOmQ38VOjL76RQ0URYPkSB\npl2iagecnP0=fQUi\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. These flaws may allow remote attackers to obtain sensitive\ninformation, leak authentication or cookie header data or facilitate a\ndenial of service attack. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 7.74.0-1.3+deb11u2. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K\ni8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD\nwaofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp\nrXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz\nUao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE\nyIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab\nSPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF\nREStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R\n1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt\nTV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38\nEPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA=\n=3E71\n-----END PGP SIGNATURE-----\n. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nService Pack 1 serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.51, and includes bug fixes and enhancements, which\nare documented in the Release Notes document linked to in the References. After installing the updated packages, the\nhttpd daemon will be restarted automatically. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202212-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: curl: Multiple Vulnerabilities\n Date: December 19, 2022\n Bugs: #803308, #813270, #841302, #843824, #854708, #867679, #878365\n ID: 202212-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in curl, the worst of which\ncould result in arbitrary code execution. \n\nBackground\n=========\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl \u003c 7.86.0 \u003e= 7.86.0\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in curl. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll curl users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.86.0\"\n\nReferences\n=========\n[ 1 ] CVE-2021-22922\n https://nvd.nist.gov/vuln/detail/CVE-2021-22922\n[ 2 ] CVE-2021-22923\n https://nvd.nist.gov/vuln/detail/CVE-2021-22923\n[ 3 ] CVE-2021-22925\n https://nvd.nist.gov/vuln/detail/CVE-2021-22925\n[ 4 ] CVE-2021-22926\n https://nvd.nist.gov/vuln/detail/CVE-2021-22926\n[ 5 ] CVE-2021-22945\n https://nvd.nist.gov/vuln/detail/CVE-2021-22945\n[ 6 ] CVE-2021-22946\n https://nvd.nist.gov/vuln/detail/CVE-2021-22946\n[ 7 ] CVE-2021-22947\n https://nvd.nist.gov/vuln/detail/CVE-2021-22947\n[ 8 ] CVE-2022-22576\n https://nvd.nist.gov/vuln/detail/CVE-2022-22576\n[ 9 ] CVE-2022-27774\n https://nvd.nist.gov/vuln/detail/CVE-2022-27774\n[ 10 ] CVE-2022-27775\n https://nvd.nist.gov/vuln/detail/CVE-2022-27775\n[ 11 ] CVE-2022-27776\n https://nvd.nist.gov/vuln/detail/CVE-2022-27776\n[ 12 ] CVE-2022-27779\n https://nvd.nist.gov/vuln/detail/CVE-2022-27779\n[ 13 ] CVE-2022-27780\n https://nvd.nist.gov/vuln/detail/CVE-2022-27780\n[ 14 ] CVE-2022-27781\n https://nvd.nist.gov/vuln/detail/CVE-2022-27781\n[ 15 ] CVE-2022-27782\n https://nvd.nist.gov/vuln/detail/CVE-2022-27782\n[ 16 ] CVE-2022-30115\n https://nvd.nist.gov/vuln/detail/CVE-2022-30115\n[ 17 ] CVE-2022-32205\n https://nvd.nist.gov/vuln/detail/CVE-2022-32205\n[ 18 ] CVE-2022-32206\n https://nvd.nist.gov/vuln/detail/CVE-2022-32206\n[ 19 ] CVE-2022-32207\n https://nvd.nist.gov/vuln/detail/CVE-2022-32207\n[ 20 ] CVE-2022-32208\n https://nvd.nist.gov/vuln/detail/CVE-2022-32208\n[ 21 ] CVE-2022-32221\n https://nvd.nist.gov/vuln/detail/CVE-2022-32221\n[ 22 ] CVE-2022-35252\n https://nvd.nist.gov/vuln/detail/CVE-2022-35252\n[ 23 ] CVE-2022-35260\n https://nvd.nist.gov/vuln/detail/CVE-2022-35260\n[ 24 ] CVE-2022-42915\n https://nvd.nist.gov/vuln/detail/CVE-2022-42915\n[ 25 ] CVE-2022-42916\n https://nvd.nist.gov/vuln/detail/CVE-2022-42916\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202212-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32207"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015269"
},
{
"db": "VULHUB",
"id": "VHN-424134"
},
{
"db": "VULMON",
"id": "CVE-2022-32207"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "168174"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "170303"
},
{
"db": "PACKETSTORM",
"id": "170165"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-32207",
"trust": 4.0
},
{
"db": "HACKERONE",
"id": "1573634",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "168174",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167607",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99464755",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95292697",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99752892",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94715153",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-166-12",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-075-01",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-194-01",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-23-103-09",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015269",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169318",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "170166",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.6333",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3732",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3117",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2163",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3143",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062927",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071142",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2569",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-424134",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-32207",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170303",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170165",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424134"
},
{
"db": "VULMON",
"id": "CVE-2022-32207"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015269"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "168174"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "170303"
},
{
"db": "PACKETSTORM",
"id": "170165"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2569"
},
{
"db": "NVD",
"id": "CVE-2022-32207"
}
]
},
"id": "VAR-202206-1963",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-424134"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:51:16.480000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213488 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"title": "curl Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=199973"
},
{
"title": "Red Hat: Moderate: curl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226157 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: USN-5495-1: curl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5495-1"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-32207"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2022-32207"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20228840 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20228841 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1875",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1875"
},
{
"title": "Debian Security Advisories: DSA-5197-1 curl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d9b734e3e9b6712333c95a6263dead82"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-206",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-206"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-145",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-145"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-32207 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32207"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015269"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2569"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.1
},
{
"problemtype": "CWE-840",
"trust": 1.0
},
{
"problemtype": "Inappropriate default permissions (CWE-276) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424134"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015269"
},
{
"db": "NVD",
"id": "CVE-2022-32207"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://hackerone.com/reports/1573634"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99752892"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94715153"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99464755"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95292697"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-075-01"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-09"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-12"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167607/ubuntu-security-notice-usn-5495-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2163"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071142"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062927"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169318/debian-security-advisory-5197-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168174/red-hat-security-advisory-2022-6157-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/curl-privilege-escalation-via-cookies-alt-svc-hsts-file-permissions-38672"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170166/red-hat-security-advisory-2022-8840-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6333"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-32207/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3117"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-32206"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-32207"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-32208"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2022:6157"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5495-1"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-31813"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42915"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-28615"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42916"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22721"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-35252"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-28614"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-28330"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26377"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23943"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-30522"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-32221"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/276.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-32207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.74.0-1.3ubuntu2.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.12"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.19"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30115"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35260"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22926"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27780"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35252"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42915"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40674"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8841"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40303"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-37434"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424134"
},
{
"db": "VULMON",
"id": "CVE-2022-32207"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015269"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "168174"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "170303"
},
{
"db": "PACKETSTORM",
"id": "170165"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2569"
},
{
"db": "NVD",
"id": "CVE-2022-32207"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-424134"
},
{
"db": "VULMON",
"id": "CVE-2022-32207"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015269"
},
{
"db": "PACKETSTORM",
"id": "167607"
},
{
"db": "PACKETSTORM",
"id": "168174"
},
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "170303"
},
{
"db": "PACKETSTORM",
"id": "170165"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2569"
},
{
"db": "NVD",
"id": "CVE-2022-32207"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-424134"
},
{
"date": "2022-07-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-32207"
},
{
"date": "2023-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-015269"
},
{
"date": "2022-06-28T15:26:16",
"db": "PACKETSTORM",
"id": "167607"
},
{
"date": "2022-08-25T15:27:31",
"db": "PACKETSTORM",
"id": "168174"
},
{
"date": "2022-08-28T19:12:00",
"db": "PACKETSTORM",
"id": "169318"
},
{
"date": "2022-12-08T21:28:44",
"db": "PACKETSTORM",
"id": "170166"
},
{
"date": "2022-12-19T13:48:31",
"db": "PACKETSTORM",
"id": "170303"
},
{
"date": "2022-12-08T21:28:21",
"db": "PACKETSTORM",
"id": "170165"
},
{
"date": "2022-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2569"
},
{
"date": "2022-07-07T13:15:08.403000",
"db": "NVD",
"id": "CVE-2022-32207"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-424134"
},
{
"date": "2023-01-05T00:00:00",
"db": "VULMON",
"id": "CVE-2022-32207"
},
{
"date": "2023-09-26T06:16:00",
"db": "JVNDB",
"id": "JVNDB-2022-015269"
},
{
"date": "2023-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2569"
},
{
"date": "2024-03-27T15:00:46.637000",
"db": "NVD",
"id": "CVE-2022-32207"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "169318"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2569"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl\u00a0 Vulnerability regarding improper default permissions in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015269"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2569"
}
],
"trust": 0.6
}
}
var-202112-1654
Vulnerability from variot
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). The server is fast, reliable, and can be expanded through simple APIs. Attackers can use this vulnerability to cause system crashes or server request forgery. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6
macOS Big Sur 11.6.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213256.
apache Available for: macOS Big Sur Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721
AppKit Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team
AppleAVD Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22675: an anonymous researcher
AppleGraphicsControl Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro
AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro
CoreTypes Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2022-22663: Arsenii Kostromin (0x3c3e)
CVMS Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori
DriverKit Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
Graphics Drivers Available for: macOS Big Sur Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2022-22674: an anonymous researcher
Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc
Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic)
Intel Graphics Driver Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative
IOMobileFrameBuffer Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero
LaunchServices Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with additional permissions checks. CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing
LaunchServices Available for: macOS Big Sur Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e)
libresolv Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team
LibreSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778
libxml2 Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308
OpenSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778
PackageKit Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed by removing the vulnerable code. CVE-2022-26712: Mickey Jin (@patch1t)
Printing Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics
Security Available for: macOS Big Sur Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB Available for: macOS Big Sur Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26723: Felix Poulin-Belanger
SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs
SoftwareUpdate Available for: macOS Big Sur Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t)
TCC Available for: macOS Big Sur Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher
Tcl Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e)
Vim Available for: macOS Big Sur Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128
WebKit Available for: macOS Big Sur Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)
Wi-Fi Available for: macOS Big Sur Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher
Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval
zip Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530
zlib Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy
zsh Available for: macOS Big Sur Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444
Additional recognition
Bluetooth We would like to acknowledge Jann Horn of Project Zero for their assistance.
macOS Big Sur 11.6.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p rhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er K8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW qtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/ vZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP yXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj SY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR VZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF aC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc R2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO zymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4 d22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o= =rtPl -----END PGP SIGNATURE-----
. Summary:
An update for httpd24-httpd is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Security Fix(es):
-
httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)
-
httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)
-
httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)
-
httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)
-
httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)
-
httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)
-
httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719)
-
httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)
-
httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)
-
httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)
-
httpd: mod_sed: DoS vulnerability (CVE-2022-30522)
-
httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)
-
httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)
-
httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)
-
httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)
Additional changes:
- To fix CVE-2022-29404, the default value for the "LimitRequestBody" directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB.
On systems where the value of "LimitRequestBody" is not explicitly specified in an httpd configuration file, updating the httpd package sets "LimitRequestBody" to the default value of 1 GiB. As a consequence, if the total size of the HTTP request body exceeds this 1 GiB default limit, httpd returns the 413 Request Entity Too Large error code.
If the new default allowed size of an HTTP request message body is insufficient for your use case, update your httpd configuration files within the respective context (server, per-directory, per-file, or per-location) and set your preferred limit in bytes. For example, to set a new 2 GiB limit, use:
LimitRequestBody 2147483648
Systems already configured to use any explicit value for the "LimitRequestBody" directive are unaffected by this change.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path 2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests 2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations 2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 2064322 - CVE-2022-22719 httpd: mod_lua: Use of uninitialized value of in r:parsebody 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling 2095002 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite() 2095006 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match() 2095012 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2095018 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: httpd24-httpd-2.4.34-23.el7.5.src.rpm
noarch: httpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm
ppc64le: httpd24-httpd-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-devel-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-tools-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_ldap-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_session-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_ssl-2.4.34-23.el7.5.ppc64le.rpm
s390x: httpd24-httpd-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-devel-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-tools-2.4.34-23.el7.5.s390x.rpm httpd24-mod_ldap-2.4.34-23.el7.5.s390x.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.s390x.rpm httpd24-mod_session-2.4.34-23.el7.5.s390x.rpm httpd24-mod_ssl-2.4.34-23.el7.5.s390x.rpm
x86_64: httpd24-httpd-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: httpd24-httpd-2.4.34-23.el7.5.src.rpm
noarch: httpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm
x86_64: httpd24-httpd-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-33193 https://access.redhat.com/security/cve/CVE-2021-34798 https://access.redhat.com/security/cve/CVE-2021-36160 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-44224 https://access.redhat.com/security/cve/CVE-2022-22719 https://access.redhat.com/security/cve/CVE-2022-22721 https://access.redhat.com/security/cve/CVE-2022-23943 https://access.redhat.com/security/cve/CVE-2022-26377 https://access.redhat.com/security/cve/CVE-2022-28614 https://access.redhat.com/security/cve/CVE-2022-28615 https://access.redhat.com/security/cve/CVE-2022-29404 https://access.redhat.com/security/cve/CVE-2022-30522 https://access.redhat.com/security/cve/CVE-2022-30556 https://access.redhat.com/security/cve/CVE-2022-31813 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/6975397
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section. ========================================================================== Ubuntu Security Notice USN-5212-2 January 10, 2022
apache2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Apache HTTP Server. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. (CVE-2021-44224)
It was discovered that the Apache HTTP Server Lua module incorrectly handled memory in the multipart parser. (CVE-2021-44790)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm4 apache2-bin 2.4.18-2ubuntu3.17+esm4
Ubuntu 14.04 ESM: apache2 2.4.7-1ubuntu4.22+esm3 apache2-bin 2.4.7-1ubuntu4.22+esm3
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-1654",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "tenable.sc",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "5.20.0"
},
{
"model": "tenable.sc",
"scope": "gte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.14.0"
},
{
"model": "communications session route manager",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "communications session report manager",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.52"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": null
},
{
"model": "communications element manager",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "tenable.sc",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "202201.1"
},
{
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.7"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.6"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.4"
},
{
"model": "tenable.sc",
"scope": "gte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.16.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "oracle communications session report manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications operations monitor",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle communications session element manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "http server",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "tenable.sc",
"scope": null,
"trust": 0.8,
"vendor": "tenable",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "http server",
"scope": "gte",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.7,\u003c2.4.52"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102387"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016456"
},
{
"db": "NVD",
"id": "CVE-2021-44224"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169540"
},
{
"db": "PACKETSTORM",
"id": "167073"
}
],
"trust": 0.3
},
"cve": "CVE-2021-44224",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-44224",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-102387",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-406829",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-44224",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.2,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-44224",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-44224",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-44224",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-102387",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-1578",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-406829",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102387"
},
{
"db": "VULHUB",
"id": "VHN-406829"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016456"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1578"
},
{
"db": "NVD",
"id": "CVE-2021-44224"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). The server is fast, reliable, and can be expanded through simple APIs. Attackers can use this vulnerability to cause system crashes or server request forgery. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6\n\nmacOS Big Sur 11.6.6 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213256. \n\napache\nAvailable for: macOS Big Sur\nImpact: Multiple issues in apache\nDescription: Multiple issues were addressed by updating apache to\nversion 2.4.53. \nCVE-2021-44224\nCVE-2021-44790\nCVE-2022-22719\nCVE-2022-22720\nCVE-2022-22721\n\nAppKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleAVD\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22675: an anonymous researcher\n\nAppleGraphicsControl\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day\nInitiative\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-26698: Qi Sun of Trend Micro\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26697: Qi Sun and Robert Ai of Trend Micro\n\nCoreTypes\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved checks to prevent\nunauthorized actions. \nCVE-2022-22663: Arsenii Kostromin (0x3c3e)\n\nCVMS\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A memory initialization issue was addressed. \nCVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori\nCVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori\n\nDriverKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: An out-of-bounds access issue was addressed with\nimproved bounds checking. \nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\nGraphics Drivers\nAvailable for: macOS Big Sur\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed with improved input\nvalidation. \nCVE-2022-22674: an anonymous researcher\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26720: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26770: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26756: Jack Dates of RET2 Systems, Inc\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26769: Antonio Zekic (@antoniozekic)\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro\nZero Day Initiative\n\nIOMobileFrameBuffer\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26768: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs\n(@starlabs_sg)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-26757: Ned Williamson of Google Project Zero\n\nLaunchServices\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-26767: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nLaunchServices\nAvailable for: macOS Big Sur\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions on third-party applications. \nCVE-2022-26706: Arsenii Kostromin (0x3c3e)\n\nlibresolv\nAvailable for: macOS Big Sur\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)\nof the Google Security Team\n\nLibreSSL\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2022-0778\n\nlibxml2\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-23308\n\nOpenSSL\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: This issue was addressed with improved checks. \nCVE-2022-0778\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26712: Mickey Jin (@patch1t)\n\nPrinting\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26746: @gorelics\n\nSecurity\nAvailable for: macOS Big Sur\nImpact: A malicious app may be able to bypass signature validation\nDescription: A certificate parsing issue was addressed with improved\nchecks. \nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\nSMB\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26718: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSMB\nAvailable for: macOS Big Sur\nImpact: Mounting a maliciously crafted Samba network share may lead\nto arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26723: Felix Poulin-Belanger\n\nSMB\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26715: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSoftwareUpdate\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to access restricted\nfiles\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-26728: Mickey Jin (@patch1t)\n\nTCC\nAvailable for: macOS Big Sur\nImpact: An app may be able to capture a user\u0027s screen\nDescription: This issue was addressed with improved checks. \nCVE-2022-26726: an anonymous researcher\n\nTcl\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: This issue was addressed with improved environment\nsanitization. \nCVE-2022-26755: Arsenii Kostromin (0x3c3e)\n\nVim\nAvailable for: macOS Big Sur\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted mail message may lead to\nrunning arbitrary javascript\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu\nof Palo Alto Networks (paloaltonetworks.com)\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: A malicious application may disclose restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26745: an anonymous researcher\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2022-26761: Wang Yu of Cyberserval\n\nzip\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to a denial of\nservice\nDescription: A denial of service issue was addressed with improved\nstate handling. \nCVE-2022-0530\n\nzlib\nAvailable for: macOS Big Sur\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-25032: Tavis Ormandy\n\nzsh\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: This issue was addressed by updating to zsh version\n5.8.1. \nCVE-2021-45444\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Jann Horn of Project Zero for their\nassistance. \n\nmacOS Big Sur 11.6.6 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p\nrhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er\nK8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW\nqtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/\nvZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP\nyXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj\nSY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR\nVZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF\naC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc\nR2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO\nzymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4\nd22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o=\n=rtPl\n-----END PGP SIGNATURE-----\n\n\n. Summary:\n\nAn update for httpd24-httpd is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. \n\nSecurity Fix(es):\n\n* httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)\n\n* httpd: Request splitting via HTTP/2 method injection and mod_proxy\n(CVE-2021-33193)\n\n* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path\n(CVE-2021-36160)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n(CVE-2021-39275)\n\n* httpd: possible NULL dereference or SSRF in forward proxy configurations\n(CVE-2021-44224)\n\n* httpd: mod_lua: Use of uninitialized value of in r:parsebody\n(CVE-2022-22719)\n\n* httpd: core: Possible buffer overflow with very large or unlimited\nLimitXMLRequestBody (CVE-2022-22721)\n\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)\n\n* httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)\n\n* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)\n\n* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n(CVE-2022-31813)\n\n* httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)\n\n* httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)\n\n* httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)\n\nAdditional changes:\n\n* To fix CVE-2022-29404, the default value for the \"LimitRequestBody\"\ndirective in the Apache HTTP Server has been changed from 0 (unlimited) to\n1 GiB. \n\nOn systems where the value of \"LimitRequestBody\" is not explicitly\nspecified in an httpd configuration file, updating the httpd package sets\n\"LimitRequestBody\" to the default value of 1 GiB. As a consequence, if the\ntotal size of the HTTP request body exceeds this 1 GiB default limit, httpd\nreturns the 413 Request Entity Too Large error code. \n\nIf the new default allowed size of an HTTP request message body is\ninsufficient for your use case, update your httpd configuration files\nwithin the respective context (server, per-directory, per-file, or\nper-location) and set your preferred limit in bytes. For example, to set a\nnew 2 GiB limit, use:\n\nLimitRequestBody 2147483648\n\nSystems already configured to use any explicit value for the\n\"LimitRequestBody\" directive are unaffected by this change. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy\n2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path\n2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests\n2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations\n2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds\n2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody\n2064322 - CVE-2022-22719 httpd: mod_lua: Use of uninitialized value of in r:parsebody\n2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling\n2095002 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite()\n2095006 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match()\n2095012 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody\n2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability\n2095018 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets\n2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-23.el7.5.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-23.el7.5.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.s390x.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.s390x.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-23.el7.5.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-33193\nhttps://access.redhat.com/security/cve/CVE-2021-34798\nhttps://access.redhat.com/security/cve/CVE-2021-36160\nhttps://access.redhat.com/security/cve/CVE-2021-39275\nhttps://access.redhat.com/security/cve/CVE-2021-44224\nhttps://access.redhat.com/security/cve/CVE-2022-22719\nhttps://access.redhat.com/security/cve/CVE-2022-22721\nhttps://access.redhat.com/security/cve/CVE-2022-23943\nhttps://access.redhat.com/security/cve/CVE-2022-26377\nhttps://access.redhat.com/security/cve/CVE-2022-28614\nhttps://access.redhat.com/security/cve/CVE-2022-28615\nhttps://access.redhat.com/security/cve/CVE-2022-29404\nhttps://access.redhat.com/security/cve/CVE-2022-30522\nhttps://access.redhat.com/security/cve/CVE-2022-30556\nhttps://access.redhat.com/security/cve/CVE-2022-31813\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/articles/6975397\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.6 Release Notes linked from the References section. ==========================================================================\nUbuntu Security Notice USN-5212-2\nJanuary 10, 2022\n\napache2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Apache HTTP Server. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. \n\nOriginal advisory details:\n\n It was discovered that the Apache HTTP Server incorrectly handled certain\n forward proxy requests. (CVE-2021-44224)\n\n It was discovered that the Apache HTTP Server Lua module incorrectly\n handled memory in the multipart parser. (CVE-2021-44790)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n apache2 2.4.18-2ubuntu3.17+esm4\n apache2-bin 2.4.18-2ubuntu3.17+esm4\n\nUbuntu 14.04 ESM:\n apache2 2.4.7-1ubuntu4.22+esm3\n apache2-bin 2.4.7-1ubuntu4.22+esm3\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44224"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016456"
},
{
"db": "CNVD",
"id": "CNVD-2021-102387"
},
{
"db": "VULHUB",
"id": "VHN-406829"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169540"
},
{
"db": "PACKETSTORM",
"id": "167073"
},
{
"db": "PACKETSTORM",
"id": "165501"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-406829",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-406829"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-44224",
"trust": 4.5
},
{
"db": "TENABLE",
"id": "TNS-2022-01",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2022-03",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/20/3",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "167073",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167189",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165501",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168565",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97805418",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016456",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-102387",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169541",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "165467",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168072",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021122709",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051150",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060706",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012003",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010609",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051703",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021122021",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042295",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010513",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0171",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0064",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0039",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0686",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2411",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0135",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0214",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1578",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167188",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169540",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167186",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-406829",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102387"
},
{
"db": "VULHUB",
"id": "VHN-406829"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016456"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169540"
},
{
"db": "PACKETSTORM",
"id": "167073"
},
{
"db": "PACKETSTORM",
"id": "165501"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1578"
},
{
"db": "NVD",
"id": "CVE-2021-44224"
}
]
},
"id": "VAR-202112-1654",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102387"
},
{
"db": "VULHUB",
"id": "VHN-406829"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102387"
}
]
},
"last_update_date": "2024-11-29T20:05:15.626000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0January\u00a02022 Hitachi Server / Client Product Security Information",
"trust": 0.8,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"title": "Patch for Apache HTTP Server code issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/310321"
},
{
"title": "Apache HTTP Server Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=175753"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102387"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016456"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1578"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-406829"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016456"
},
{
"db": "NVD",
"id": "CVE-2021-44224"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213255"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213256"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213257"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20211224-0001/"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2022-01"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2022-03"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2022/dsa-5035"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/may/38"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/may/35"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/may/33"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/12/20/3"
},
{
"trust": 1.1,
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfswoh4x77cv7ah7c4rmhubdwkqdl4yh/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97805418/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bfswoh4x77cv7ah7c4rmhubdwkqdl4yh/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/"
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0686"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010609"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-http-server-server-side-request-forgery-via-proxyrequests-on-37111"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0064"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122709"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060706"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165501/ubuntu-security-notice-usn-5212-2.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169541/red-hat-security-advisory-2022-7143-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010513"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2411"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0039"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0214"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0135"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051703"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168565/red-hat-security-advisory-2022-6753-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042295"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0171"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165467/ubuntu-security-notice-usn-5212-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122021"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051150"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213256"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167189/apple-security-advisory-2022-05-16-4.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012003"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167073/red-hat-security-advisory-2022-1915-01.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36160"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-44224"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-33193"
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22663"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0530"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26698"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26697"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22665"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-39275"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213256."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213255."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26727"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26748"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26746"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/6975397"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30556"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6753"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-34798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30556"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26377"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22822"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22826"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45960"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23990"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25315"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7144"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25235"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22825"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-46143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35452"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35452"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5212-1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5212-2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102387"
},
{
"db": "VULHUB",
"id": "VHN-406829"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016456"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169540"
},
{
"db": "PACKETSTORM",
"id": "167073"
},
{
"db": "PACKETSTORM",
"id": "165501"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1578"
},
{
"db": "NVD",
"id": "CVE-2021-44224"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-102387"
},
{
"db": "VULHUB",
"id": "VHN-406829"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016456"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169540"
},
{
"db": "PACKETSTORM",
"id": "167073"
},
{
"db": "PACKETSTORM",
"id": "165501"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1578"
},
{
"db": "NVD",
"id": "CVE-2021-44224"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102387"
},
{
"date": "2021-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-406829"
},
{
"date": "2022-12-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016456"
},
{
"date": "2022-05-17T16:59:42",
"db": "PACKETSTORM",
"id": "167188"
},
{
"date": "2022-05-17T16:59:55",
"db": "PACKETSTORM",
"id": "167189"
},
{
"date": "2022-09-30T14:51:18",
"db": "PACKETSTORM",
"id": "168565"
},
{
"date": "2022-10-27T13:05:19",
"db": "PACKETSTORM",
"id": "169540"
},
{
"date": "2022-05-11T16:37:39",
"db": "PACKETSTORM",
"id": "167073"
},
{
"date": "2022-01-10T17:59:29",
"db": "PACKETSTORM",
"id": "165501"
},
{
"date": "2021-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-1578"
},
{
"date": "2021-12-20T12:15:07.393000",
"db": "NVD",
"id": "CVE-2021-44224"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102387"
},
{
"date": "2022-11-02T00:00:00",
"db": "VULHUB",
"id": "VHN-406829"
},
{
"date": "2023-12-12T07:41:00",
"db": "JVNDB",
"id": "JVNDB-2021-016456"
},
{
"date": "2022-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-1578"
},
{
"date": "2024-11-21T06:30:37.133000",
"db": "NVD",
"id": "CVE-2021-44224"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "165501"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1578"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache\u00a0HTTP\u00a0Server\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016456"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1578"
}
],
"trust": 0.6
}
}
var-202101-0566
Vulnerability from variot
There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. binutils Has NULL A pointer dereference vulnerability exists.Denial of service (DoS) It may be put into a state. GNU Binutils (GNU Binary Utilities or binutils) is a set of programming language tool programs developed by the GNU community. The program is primarily designed to handle object files in various formats and provides linkers, assemblers, and other tools for object files and archives. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-24
https://security.gentoo.org/
Severity: Normal Title: Binutils: Multiple vulnerabilities Date: July 10, 2021 Bugs: #678806, #761957, #764170 ID: 202107-24
Synopsis
Multiple vulnerabilities have been found in Binutils, the worst of which could result in a Denial of Service condition.
Background
The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 sys-devel/binutils < 2.35.2 >= 2.35.2
Description
Multiple vulnerabilities have been discovered in Binutils. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Binutils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.35.2"
References
[ 1 ] CVE-2019-9070 https://nvd.nist.gov/vuln/detail/CVE-2019-9070 [ 2 ] CVE-2019-9071 https://nvd.nist.gov/vuln/detail/CVE-2019-9071 [ 3 ] CVE-2019-9072 https://nvd.nist.gov/vuln/detail/CVE-2019-9072 [ 4 ] CVE-2019-9073 https://nvd.nist.gov/vuln/detail/CVE-2019-9073 [ 5 ] CVE-2019-9074 https://nvd.nist.gov/vuln/detail/CVE-2019-9074 [ 6 ] CVE-2019-9075 https://nvd.nist.gov/vuln/detail/CVE-2019-9075 [ 7 ] CVE-2019-9076 https://nvd.nist.gov/vuln/detail/CVE-2019-9076 [ 8 ] CVE-2019-9077 https://nvd.nist.gov/vuln/detail/CVE-2019-9077 [ 9 ] CVE-2020-19599 https://nvd.nist.gov/vuln/detail/CVE-2020-19599 [ 10 ] CVE-2020-35448 https://nvd.nist.gov/vuln/detail/CVE-2020-35448 [ 11 ] CVE-2020-35493 https://nvd.nist.gov/vuln/detail/CVE-2020-35493 [ 12 ] CVE-2020-35494 https://nvd.nist.gov/vuln/detail/CVE-2020-35494 [ 13 ] CVE-2020-35495 https://nvd.nist.gov/vuln/detail/CVE-2020-35495 [ 14 ] CVE-2020-35496 https://nvd.nist.gov/vuln/detail/CVE-2020-35496 [ 15 ] CVE-2020-35507 https://nvd.nist.gov/vuln/detail/CVE-2020-35507
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202107-24
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0566",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "binutils",
"scope": "lt",
"trust": 1.0,
"vendor": "gnu",
"version": "2.34"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "hci compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire \\\u0026 hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "brocade fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "solidfire\\, enterprise sds \\\u0026 hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ontap select deploy utility",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "hci management node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "binutils",
"scope": null,
"trust": 0.8,
"vendor": "gnu",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "hci compute node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015127"
},
{
"db": "NVD",
"id": "CVE-2020-35495"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "163455"
}
],
"trust": 0.1
},
"cve": "CVE-2020-35495",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-35495",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-377691",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2020-35495",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-35495",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-35495",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-35495",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-085",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-377691",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-35495",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377691"
},
{
"db": "VULMON",
"id": "CVE-2020-35495"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015127"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-085"
},
{
"db": "NVD",
"id": "CVE-2020-35495"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There\u0027s a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. binutils Has NULL A pointer dereference vulnerability exists.Denial of service (DoS) It may be put into a state. GNU Binutils (GNU Binary Utilities or binutils) is a set of programming language tool programs developed by the GNU community. The program is primarily designed to handle object files in various formats and provides linkers, assemblers, and other tools for object files and archives. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202107-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Binutils: Multiple vulnerabilities\n Date: July 10, 2021\n Bugs: #678806, #761957, #764170\n ID: 202107-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Binutils, the worst of\nwhich could result in a Denial of Service condition. \n\nBackground\n==========\n\nThe GNU Binutils are a collection of tools to create, modify and\nanalyse binary files. Many of the files use BFD, the Binary File\nDescriptor library, to do low-level manipulation. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 sys-devel/binutils \u003c 2.35.2 \u003e= 2.35.2 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Binutils. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Binutils users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=sys-devel/binutils-2.35.2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-9070\n https://nvd.nist.gov/vuln/detail/CVE-2019-9070\n[ 2 ] CVE-2019-9071\n https://nvd.nist.gov/vuln/detail/CVE-2019-9071\n[ 3 ] CVE-2019-9072\n https://nvd.nist.gov/vuln/detail/CVE-2019-9072\n[ 4 ] CVE-2019-9073\n https://nvd.nist.gov/vuln/detail/CVE-2019-9073\n[ 5 ] CVE-2019-9074\n https://nvd.nist.gov/vuln/detail/CVE-2019-9074\n[ 6 ] CVE-2019-9075\n https://nvd.nist.gov/vuln/detail/CVE-2019-9075\n[ 7 ] CVE-2019-9076\n https://nvd.nist.gov/vuln/detail/CVE-2019-9076\n[ 8 ] CVE-2019-9077\n https://nvd.nist.gov/vuln/detail/CVE-2019-9077\n[ 9 ] CVE-2020-19599\n https://nvd.nist.gov/vuln/detail/CVE-2020-19599\n[ 10 ] CVE-2020-35448\n https://nvd.nist.gov/vuln/detail/CVE-2020-35448\n[ 11 ] CVE-2020-35493\n https://nvd.nist.gov/vuln/detail/CVE-2020-35493\n[ 12 ] CVE-2020-35494\n https://nvd.nist.gov/vuln/detail/CVE-2020-35494\n[ 13 ] CVE-2020-35495\n https://nvd.nist.gov/vuln/detail/CVE-2020-35495\n[ 14 ] CVE-2020-35496\n https://nvd.nist.gov/vuln/detail/CVE-2020-35496\n[ 15 ] CVE-2020-35507\n https://nvd.nist.gov/vuln/detail/CVE-2020-35507\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202107-24\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35495"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015127"
},
{
"db": "VULHUB",
"id": "VHN-377691"
},
{
"db": "VULMON",
"id": "CVE-2020-35495"
},
{
"db": "PACKETSTORM",
"id": "163455"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35495",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "163455",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015127",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202101-085",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-377691",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-35495",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377691"
},
{
"db": "VULMON",
"id": "CVE-2020-35495"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015127"
},
{
"db": "PACKETSTORM",
"id": "163455"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-085"
},
{
"db": "NVD",
"id": "CVE-2020-35495"
}
]
},
"id": "VAR-202101-0566",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-377691"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:05:43.527000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug\u00a025306 NetAppNetApp\u00a0Advisory",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KOK3QWSVOUJWJ54HVGIFWNLWQ5ZY4S6/"
},
{
"title": "GNU binutils Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138344"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-35495"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015127"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-085"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377691"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015127"
},
{
"db": "NVD",
"id": "CVE-2020-35495"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911441"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202107-24"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210212-0007/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35495"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4kok3qwsvoujwj54hvgifwnlwq5zy4s6/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4kok3qwsvoujwj54hvgifwnlwq5zy4s6/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnu-binutils-affect-ibm-netezza-analytics/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/binutils-null-pointer-dereference-via-bfd-pef-parse-symbols-34254"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnu-binutils-affect-ibm-netezza-analytics-for-nps/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163455/gentoo-linux-security-advisory-202107-24.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-gnu-binutils-affect-ibm-netezza-performance-server/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2020-35495"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-19599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9071"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9077"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35493"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9073"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9072"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35448"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35507"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35496"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9076"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9075"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35494"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-377691"
},
{
"db": "VULMON",
"id": "CVE-2020-35495"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015127"
},
{
"db": "PACKETSTORM",
"id": "163455"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-085"
},
{
"db": "NVD",
"id": "CVE-2020-35495"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-377691"
},
{
"db": "VULMON",
"id": "CVE-2020-35495"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015127"
},
{
"db": "PACKETSTORM",
"id": "163455"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-085"
},
{
"db": "NVD",
"id": "CVE-2020-35495"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-04T00:00:00",
"db": "VULHUB",
"id": "VHN-377691"
},
{
"date": "2021-01-04T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35495"
},
{
"date": "2021-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015127"
},
{
"date": "2021-07-11T12:01:11",
"db": "PACKETSTORM",
"id": "163455"
},
{
"date": "2021-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-085"
},
{
"date": "2021-01-04T15:15:13.667000",
"db": "NVD",
"id": "CVE-2020-35495"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-02T00:00:00",
"db": "VULHUB",
"id": "VHN-377691"
},
{
"date": "2022-09-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35495"
},
{
"date": "2021-09-10T07:56:00",
"db": "JVNDB",
"id": "JVNDB-2020-015127"
},
{
"date": "2022-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-085"
},
{
"date": "2024-11-21T05:27:25.380000",
"db": "NVD",
"id": "CVE-2020-35495"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-085"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "binutils\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015127"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-085"
}
],
"trust": 0.6
}
}
var-202104-0750
Vulnerability from variot
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. plural Apple There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. There is a security vulnerability in Apple iOS. Please keep an eye on CNNVD or manufacturer announcements. A security issue exists in WebKitGTK prior to 2.30.6 and WPE WebKit prior to 2.30.6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: GNOME security, bug fix, and enhancement update Advisory ID: RHSA-2021:4381-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4381 Issue date: 2021-11-09 CVE Names: CVE-2020-13558 CVE-2020-24870 CVE-2020-27918 CVE-2020-29623 CVE-2020-36241 CVE-2021-1765 CVE-2021-1788 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1844 CVE-2021-1870 CVE-2021-1871 CVE-2021-21775 CVE-2021-21779 CVE-2021-21806 CVE-2021-28650 CVE-2021-30663 CVE-2021-30665 CVE-2021-30682 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799 ==================================================================== 1. Summary:
An update for GNOME is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
GNOME is the default desktop environment of Red Hat Enterprise Linux.
The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
GDM must be restarted for this update to take effect. The GNOME session must be restarted (log out, then log back in) for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time 1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8) 1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop 1813727 - Files copied from NFS4 to Desktop can't be opened 1854679 - [RFE] Disable left edge gesture 1873297 - Gnome-software coredumps when run as root in terminal 1873488 - GTK3 prints errors with overlay scrollbar disabled 1888404 - Updates page hides ongoing updates on refresh 1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3. 1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ... 1904139 - Automatic Logout Feature not working 1905000 - Desktop refresh broken after unlock 1909300 - gdm isn't killing the login screen on login after all, should rebase to latest release 1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot 1924725 - [Wayland] Double-touch desktop icons fails sometimes 1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory 1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp 1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution 1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login 1937416 - Rebase WebKitGTK to 2.32 1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0] 1938937 - Mutter: mouse click doesn't work when using 10-bit graphic monitor [rhel-8.5.0] 1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) 1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution 1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history 1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation 1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution 1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection 1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation 1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution 1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution 1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution 1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution 1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH 1951086 - Disable the Facebook provider 1952136 - Disable the Foursquare provider 1955754 - gnome-session kiosk-session support still isn't up to muster 1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide 1960705 - Vino nonfunctional in FIPS mode 1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V 1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens 1971534 - gnome-shell[2343]: gsignal.c:2642: instance '0x5583c61f9280' has no handler with id '23831' 1972545 - flatpak: Prefer runtime from the same origin as the application 1978287 - gnome-shell to include / Documented - PolicyKit-authentication-agent 1978505 - Gnome Software development package is missing important header files. 1978612 - pt_BR translations for "Register System" panel 1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution 1980661 - "Screen Lock disabled" notification appears on first login after disabling gdm and notification pop-up. 1981420 - Improve style of overview close buttons 1986863 - CVE-2021-21775 webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution 1986866 - CVE-2021-21779 webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution 1986872 - CVE-2021-30663 webkitgtk: Integer overflow leading to arbitrary code execution 1986874 - CVE-2021-30665 webkitgtk: Memory corruption leading to arbitrary code execution 1986879 - CVE-2021-30682 webkitgtk: Logic issue leading to leak of sensitive user information 1986881 - CVE-2021-30689 webkitgtk: Logic issue leading to universal cross site scripting attack 1986883 - CVE-2021-30720 webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers 1986886 - CVE-2021-30734 webkitgtk: Memory corruptions leading to arbitrary code execution 1986888 - CVE-2021-30744 webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack 1986890 - CVE-2021-30749 webkitgtk: Memory corruptions leading to arbitrary code execution 1986892 - CVE-2021-30758 webkitgtk: Type confusion leading to arbitrary code execution 1986900 - CVE-2021-30795 webkitgtk: Use-after-free leading to arbitrary code execution 1986902 - CVE-2021-30797 webkitgtk: Insufficient checks leading to arbitrary code execution 1986906 - CVE-2021-30799 webkitgtk: Memory corruptions leading to arbitrary code execution 1987233 - [RHEL8.5]Login screen shows dots when entering username 1989035 - terminal don't redraw if partially off screen 1998989 - [RHEL8.5] [Hyper-V]Cannot display GUI after installed RHEL8.5 recent build 1999120 - Gnome file manager crashes Xwayland/Desktop on drag/drop of files 2004170 - Unable to login to session via xdmcp
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: LibRaw-0.19.5-3.el8.src.rpm accountsservice-0.6.55-2.el8.src.rpm gdm-40.0-15.el8.src.rpm gnome-autoar-0.2.3-2.el8.src.rpm gnome-calculator-3.28.2-2.el8.src.rpm gnome-control-center-3.28.2-28.el8.src.rpm gnome-online-accounts-3.28.2-3.el8.src.rpm gnome-session-3.28.1-13.el8.src.rpm gnome-settings-daemon-3.32.0-16.el8.src.rpm gnome-shell-3.32.2-40.el8.src.rpm gnome-shell-extensions-3.32.1-20.el8.src.rpm gnome-software-3.36.1-10.el8.src.rpm gtk3-3.22.30-8.el8.src.rpm mutter-3.32.2-60.el8.src.rpm vino-3.22.0-11.el8.src.rpm webkit2gtk3-2.32.3-2.el8.src.rpm
aarch64: accountsservice-0.6.55-2.el8.aarch64.rpm accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm accountsservice-libs-0.6.55-2.el8.aarch64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm gdm-40.0-15.el8.aarch64.rpm gdm-debuginfo-40.0-15.el8.aarch64.rpm gdm-debugsource-40.0-15.el8.aarch64.rpm gnome-autoar-0.2.3-2.el8.aarch64.rpm gnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm gnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm gnome-calculator-3.28.2-2.el8.aarch64.rpm gnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm gnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm gnome-control-center-3.28.2-28.el8.aarch64.rpm gnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm gnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm gnome-online-accounts-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm gnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm gnome-session-3.28.1-13.el8.aarch64.rpm gnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm gnome-session-debugsource-3.28.1-13.el8.aarch64.rpm gnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm gnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm gnome-session-xsession-3.28.1-13.el8.aarch64.rpm gnome-settings-daemon-3.32.0-16.el8.aarch64.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm gnome-shell-3.32.2-40.el8.aarch64.rpm gnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm gnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm gnome-software-3.36.1-10.el8.aarch64.rpm gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm gtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-3.22.30-8.el8.aarch64.rpm gtk3-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-debugsource-3.22.30-8.el8.aarch64.rpm gtk3-devel-3.22.30-8.el8.aarch64.rpm gtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm gtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm mutter-3.32.2-60.el8.aarch64.rpm mutter-debuginfo-3.32.2-60.el8.aarch64.rpm mutter-debugsource-3.32.2-60.el8.aarch64.rpm mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm vino-3.22.0-11.el8.aarch64.rpm vino-debuginfo-3.22.0-11.el8.aarch64.rpm vino-debugsource-3.22.0-11.el8.aarch64.rpm webkit2gtk3-2.32.3-2.el8.aarch64.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm webkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
noarch: gnome-classic-session-3.32.1-20.el8.noarch.rpm gnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm gnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm gnome-shell-extension-common-3.32.1-20.el8.noarch.rpm gnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm gnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm gnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm gnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm gnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm gnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm gnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm gnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm gnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm gnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm gnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm gnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm gnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm gnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm gnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm gnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm gnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm
ppc64le: LibRaw-0.19.5-3.el8.ppc64le.rpm LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm accountsservice-0.6.55-2.el8.ppc64le.rpm accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm gdm-40.0-15.el8.ppc64le.rpm gdm-debuginfo-40.0-15.el8.ppc64le.rpm gdm-debugsource-40.0-15.el8.ppc64le.rpm gnome-autoar-0.2.3-2.el8.ppc64le.rpm gnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm gnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm gnome-calculator-3.28.2-2.el8.ppc64le.rpm gnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm gnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm gnome-control-center-3.28.2-28.el8.ppc64le.rpm gnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm gnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm gnome-online-accounts-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm gnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm gnome-session-3.28.1-13.el8.ppc64le.rpm gnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm gnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm gnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm gnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm gnome-session-xsession-3.28.1-13.el8.ppc64le.rpm gnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm gnome-shell-3.32.2-40.el8.ppc64le.rpm gnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm gnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm gnome-software-3.36.1-10.el8.ppc64le.rpm gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm gtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-3.22.30-8.el8.ppc64le.rpm gtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-debugsource-3.22.30-8.el8.ppc64le.rpm gtk3-devel-3.22.30-8.el8.ppc64le.rpm gtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm gtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm mutter-3.32.2-60.el8.ppc64le.rpm mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm mutter-debugsource-3.32.2-60.el8.ppc64le.rpm mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm vino-3.22.0-11.el8.ppc64le.rpm vino-debuginfo-3.22.0-11.el8.ppc64le.rpm vino-debugsource-3.22.0-11.el8.ppc64le.rpm webkit2gtk3-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
s390x: accountsservice-0.6.55-2.el8.s390x.rpm accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm accountsservice-debugsource-0.6.55-2.el8.s390x.rpm accountsservice-libs-0.6.55-2.el8.s390x.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm gdm-40.0-15.el8.s390x.rpm gdm-debuginfo-40.0-15.el8.s390x.rpm gdm-debugsource-40.0-15.el8.s390x.rpm gnome-autoar-0.2.3-2.el8.s390x.rpm gnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm gnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm gnome-calculator-3.28.2-2.el8.s390x.rpm gnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm gnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm gnome-control-center-3.28.2-28.el8.s390x.rpm gnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm gnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm gnome-online-accounts-3.28.2-3.el8.s390x.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm gnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm gnome-session-3.28.1-13.el8.s390x.rpm gnome-session-debuginfo-3.28.1-13.el8.s390x.rpm gnome-session-debugsource-3.28.1-13.el8.s390x.rpm gnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm gnome-session-wayland-session-3.28.1-13.el8.s390x.rpm gnome-session-xsession-3.28.1-13.el8.s390x.rpm gnome-settings-daemon-3.32.0-16.el8.s390x.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm gnome-shell-3.32.2-40.el8.s390x.rpm gnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm gnome-shell-debugsource-3.32.2-40.el8.s390x.rpm gnome-software-3.36.1-10.el8.s390x.rpm gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm gnome-software-debugsource-3.36.1-10.el8.s390x.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm gtk-update-icon-cache-3.22.30-8.el8.s390x.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-3.22.30-8.el8.s390x.rpm gtk3-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-debugsource-3.22.30-8.el8.s390x.rpm gtk3-devel-3.22.30-8.el8.s390x.rpm gtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-immodule-xim-3.22.30-8.el8.s390x.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm gtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm mutter-3.32.2-60.el8.s390x.rpm mutter-debuginfo-3.32.2-60.el8.s390x.rpm mutter-debugsource-3.32.2-60.el8.s390x.rpm mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm vino-3.22.0-11.el8.s390x.rpm vino-debuginfo-3.22.0-11.el8.s390x.rpm vino-debugsource-3.22.0-11.el8.s390x.rpm webkit2gtk3-2.32.3-2.el8.s390x.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm webkit2gtk3-devel-2.32.3-2.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm
x86_64: LibRaw-0.19.5-3.el8.i686.rpm LibRaw-0.19.5-3.el8.x86_64.rpm LibRaw-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm LibRaw-debugsource-0.19.5-3.el8.i686.rpm LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm accountsservice-0.6.55-2.el8.x86_64.rpm accountsservice-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm accountsservice-debugsource-0.6.55-2.el8.i686.rpm accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm accountsservice-libs-0.6.55-2.el8.i686.rpm accountsservice-libs-0.6.55-2.el8.x86_64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm gdm-40.0-15.el8.i686.rpm gdm-40.0-15.el8.x86_64.rpm gdm-debuginfo-40.0-15.el8.i686.rpm gdm-debuginfo-40.0-15.el8.x86_64.rpm gdm-debugsource-40.0-15.el8.i686.rpm gdm-debugsource-40.0-15.el8.x86_64.rpm gnome-autoar-0.2.3-2.el8.i686.rpm gnome-autoar-0.2.3-2.el8.x86_64.rpm gnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm gnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm gnome-autoar-debugsource-0.2.3-2.el8.i686.rpm gnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm gnome-calculator-3.28.2-2.el8.x86_64.rpm gnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm gnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm gnome-control-center-3.28.2-28.el8.x86_64.rpm gnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm gnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm gnome-online-accounts-3.28.2-3.el8.i686.rpm gnome-online-accounts-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm gnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm gnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm gnome-online-accounts-devel-3.28.2-3.el8.i686.rpm gnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm gnome-session-3.28.1-13.el8.x86_64.rpm gnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm gnome-session-debugsource-3.28.1-13.el8.x86_64.rpm gnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm gnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm gnome-session-xsession-3.28.1-13.el8.x86_64.rpm gnome-settings-daemon-3.32.0-16.el8.x86_64.rpm gnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm gnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm gnome-shell-3.32.2-40.el8.x86_64.rpm gnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm gnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm gnome-software-3.36.1-10.el8.x86_64.rpm gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm gsettings-desktop-schemas-3.32.0-6.el8.i686.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm gtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm gtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-3.22.30-8.el8.i686.rpm gtk3-3.22.30-8.el8.x86_64.rpm gtk3-debuginfo-3.22.30-8.el8.i686.rpm gtk3-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-debugsource-3.22.30-8.el8.i686.rpm gtk3-debugsource-3.22.30-8.el8.x86_64.rpm gtk3-devel-3.22.30-8.el8.i686.rpm gtk3-devel-3.22.30-8.el8.x86_64.rpm gtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm gtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm gtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm gtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm gtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm gtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm mutter-3.32.2-60.el8.i686.rpm mutter-3.32.2-60.el8.x86_64.rpm mutter-debuginfo-3.32.2-60.el8.i686.rpm mutter-debuginfo-3.32.2-60.el8.x86_64.rpm mutter-debugsource-3.32.2-60.el8.i686.rpm mutter-debugsource-3.32.2-60.el8.x86_64.rpm mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm vino-3.22.0-11.el8.x86_64.rpm vino-debuginfo-3.22.0-11.el8.x86_64.rpm vino-debugsource-3.22.0-11.el8.x86_64.rpm webkit2gtk3-2.32.3-2.el8.i686.rpm webkit2gtk3-2.32.3-2.el8.x86_64.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm webkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm webkit2gtk3-devel-2.32.3-2.el8.i686.rpm webkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source: gsettings-desktop-schemas-3.32.0-6.el8.src.rpm
aarch64: gsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm
ppc64le: gsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm
s390x: gsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm
x86_64: gsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 8):
aarch64: accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm accountsservice-devel-0.6.55-2.el8.aarch64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm gnome-software-devel-3.36.1-10.el8.aarch64.rpm mutter-debuginfo-3.32.2-60.el8.aarch64.rpm mutter-debugsource-3.32.2-60.el8.aarch64.rpm mutter-devel-3.32.2-60.el8.aarch64.rpm mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
ppc64le: LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm LibRaw-devel-0.19.5-3.el8.ppc64le.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm accountsservice-devel-0.6.55-2.el8.ppc64le.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm gnome-software-devel-3.36.1-10.el8.ppc64le.rpm mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm mutter-debugsource-3.32.2-60.el8.ppc64le.rpm mutter-devel-3.32.2-60.el8.ppc64le.rpm mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
s390x: accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm accountsservice-debugsource-0.6.55-2.el8.s390x.rpm accountsservice-devel-0.6.55-2.el8.s390x.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm gnome-software-debugsource-3.36.1-10.el8.s390x.rpm gnome-software-devel-3.36.1-10.el8.s390x.rpm mutter-debuginfo-3.32.2-60.el8.s390x.rpm mutter-debugsource-3.32.2-60.el8.s390x.rpm mutter-devel-3.32.2-60.el8.s390x.rpm mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
x86_64: LibRaw-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm LibRaw-debugsource-0.19.5-3.el8.i686.rpm LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm LibRaw-devel-0.19.5-3.el8.i686.rpm LibRaw-devel-0.19.5-3.el8.x86_64.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm accountsservice-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm accountsservice-debugsource-0.6.55-2.el8.i686.rpm accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm accountsservice-devel-0.6.55-2.el8.i686.rpm accountsservice-devel-0.6.55-2.el8.x86_64.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm gnome-software-3.36.1-10.el8.i686.rpm gnome-software-debuginfo-3.36.1-10.el8.i686.rpm gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm gnome-software-debugsource-3.36.1-10.el8.i686.rpm gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm gnome-software-devel-3.36.1-10.el8.i686.rpm gnome-software-devel-3.36.1-10.el8.x86_64.rpm mutter-debuginfo-3.32.2-60.el8.i686.rpm mutter-debuginfo-3.32.2-60.el8.x86_64.rpm mutter-debugsource-3.32.2-60.el8.i686.rpm mutter-debugsource-3.32.2-60.el8.x86_64.rpm mutter-devel-3.32.2-60.el8.i686.rpm mutter-devel-3.32.2-60.el8.x86_64.rpm mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-13558 https://access.redhat.com/security/cve/CVE-2020-24870 https://access.redhat.com/security/cve/CVE-2020-27918 https://access.redhat.com/security/cve/CVE-2020-29623 https://access.redhat.com/security/cve/CVE-2020-36241 https://access.redhat.com/security/cve/CVE-2021-1765 https://access.redhat.com/security/cve/CVE-2021-1788 https://access.redhat.com/security/cve/CVE-2021-1789 https://access.redhat.com/security/cve/CVE-2021-1799 https://access.redhat.com/security/cve/CVE-2021-1801 https://access.redhat.com/security/cve/CVE-2021-1844 https://access.redhat.com/security/cve/CVE-2021-1870 https://access.redhat.com/security/cve/CVE-2021-1871 https://access.redhat.com/security/cve/CVE-2021-21775 https://access.redhat.com/security/cve/CVE-2021-21779 https://access.redhat.com/security/cve/CVE-2021-21806 https://access.redhat.com/security/cve/CVE-2021-28650 https://access.redhat.com/security/cve/CVE-2021-30663 https://access.redhat.com/security/cve/CVE-2021-30665 https://access.redhat.com/security/cve/CVE-2021-30682 https://access.redhat.com/security/cve/CVE-2021-30689 https://access.redhat.com/security/cve/CVE-2021-30720 https://access.redhat.com/security/cve/CVE-2021-30734 https://access.redhat.com/security/cve/CVE-2021-30744 https://access.redhat.com/security/cve/CVE-2021-30749 https://access.redhat.com/security/cve/CVE-2021-30758 https://access.redhat.com/security/cve/CVE-2021-30795 https://access.redhat.com/security/cve/CVE-2021-30797 https://access.redhat.com/security/cve/CVE-2021-30799 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYYrdm9zjgjWX9erEAQhgIA/+KzLn8QVHI3X8x9ufH1+nO8QXQqwTGQ0E awNXP8h4qsL7EGugHrz/KVjwaKJs/erPxh5jGl/xE1ZhngGlyStUpQkI2Y3cP2/3 05jDPPS0QEfG5Y0rlnESyPxtwQTCpqped5P7L8VtKuzRae1HV63onsBB8zpcIFF7 sTKcP6wAAjJDltUjlhnEkkE3G6Dxfv14/UowRAWoT9pa9cP0+KqdhuYKHdt3fCD7 tEItM/SFQGoCF8zvXbvAiUXfZsQ/t/Yik9O6WISTWenaxCcP43Xn7aicsvZMVOvQ w+jnH/hnMLBoPhH2k4PClsDapa/D6IrQIUrwxtgfbC4KRs0fbdrEGCPqs4nl/AdD Migcf4gCMBq0bk3/yKp+/bi+OWwRMmw3ZdkJsOTNrOAkK1UCyrpF1ULyfs+8/OC5 QnXW88fPCwhFj+KSAq5Cqfwm3hrKTCWIT/T1DQBG+J7Y9NgEx+zEXVmWaaA0z+7T qji5aUsIH+TG3t1EwtXABWGGEBRxC+svUoWNJBW1u6qwxfMx5E+hHUHhRewVYLYu SToRXa3cIX23M/XyHNXBgMCpPPw8DeY5aAA1fvKQsuMCLywDg0N3mYhvk1HUNidb Z6HmsLjLrGbkb1AAhP0V0wUuh5P6YJlL6iM49fQgztlHoBO0OAo56GBjAyT3pAAX 2rgR2Ny0wo4=gfrM -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:
The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es):
- mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"
- Gentoo Linux Security Advisory GLSA 202104-03
https://security.gentoo.org/
Severity: Normal Title: WebkitGTK+: Multiple vulnerabilities Date: April 30, 2021 Bugs: #770793, #773193 ID: 202104-03
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.30.6 >= 2.30.6
Description
Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.30.6"
References
[ 1 ] CVE-2020-13558 https://nvd.nist.gov/vuln/detail/CVE-2020-13558 [ 2 ] CVE-2020-27918 https://nvd.nist.gov/vuln/detail/CVE-2020-27918 [ 3 ] CVE-2020-29623 https://nvd.nist.gov/vuln/detail/CVE-2020-29623 [ 4 ] CVE-2020-9947 https://nvd.nist.gov/vuln/detail/CVE-2020-9947 [ 5 ] CVE-2021-1765 https://nvd.nist.gov/vuln/detail/CVE-2021-1765 [ 6 ] CVE-2021-1789 https://nvd.nist.gov/vuln/detail/CVE-2021-1789 [ 7 ] CVE-2021-1799 https://nvd.nist.gov/vuln/detail/CVE-2021-1799 [ 8 ] CVE-2021-1801 https://nvd.nist.gov/vuln/detail/CVE-2021-1801 [ 9 ] CVE-2021-1870 https://nvd.nist.gov/vuln/detail/CVE-2021-1870 [ 10 ] WSA-2021-0001 https://webkitgtk.org/security/WSA-2021-0001.html [ 11 ] WSA-2021-0002 https://webkitgtk.org/security/WSA-2021-0002.html
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202104-03
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-01-26-1 iOS 14.4 and iPadOS 14.4
iOS 14.4 and iPadOS 14.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212146.
Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to elevate privileges. CVE-2021-1782: an anonymous researcher
WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution. CVE-2021-1871: an anonymous researcher CVE-2021-1870: an anonymous researcher
Additional details available soon.
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "iOS 14.4 and iPadOS 14.4". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4877-1 security@debian.org https://www.debian.org/security/ Alberto Garcia March 27, 2021 https://www.debian.org/security/faq
Package : webkit2gtk CVE ID : CVE-2020-27918 CVE-2020-29623 CVE-2021-1765 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1870
The following vulnerabilities have been discovered in the webkit2gtk web engine:
CVE-2020-27918
Liu Long discovered that processing maliciously crafted web
content may lead to arbitrary code execution.
CVE-2020-29623
Simon Hunt discovered that users may be unable to fully delete
their browsing history under some circumstances.
CVE-2021-1765
Eliya Stein discovered that maliciously crafted web content may
violate iframe sandboxing policy.
CVE-2021-1799
Gregory Vishnepolsky, Ben Seri and Samy Kamkar discovered that a
malicious website may be able to access restricted ports on
arbitrary servers.
CVE-2021-1870
An anonymous researcher discovered that processing maliciously
crafted web content may lead to arbitrary code execution.
For the stable distribution (buster), these problems have been fixed in version 2.30.6-1~deb10u1.
We recommend that you upgrade your webkit2gtk packages
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0750",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.4"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "webkitgtk",
"scope": "lt",
"trust": 1.0,
"vendor": "webkitgtk",
"version": "2.30.6"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.2"
},
{
"model": "ipad os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.4"
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "webkitgtk",
"scope": null,
"trust": 0.8,
"vendor": "the webkitgtk team",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013407"
},
{
"db": "NVD",
"id": "CVE-2021-1870"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gentoo",
"sources": [
{
"db": "PACKETSTORM",
"id": "162412"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2438"
}
],
"trust": 0.7
},
"cve": "CVE-2021-1870",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-1870",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-376530",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-1870",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-1870",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-1870",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-1870",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-2438",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-376530",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-1870",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376530"
},
{
"db": "VULMON",
"id": "CVE-2021-1870"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013407"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2438"
},
{
"db": "NVD",
"id": "CVE-2021-1870"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. plural Apple There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. There is a security vulnerability in Apple iOS. Please keep an eye on CNNVD or manufacturer announcements. A security issue exists in WebKitGTK prior to 2.30.6 and WPE WebKit prior to 2.30.6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: GNOME security, bug fix, and enhancement update\nAdvisory ID: RHSA-2021:4381-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:4381\nIssue date: 2021-11-09\nCVE Names: CVE-2020-13558 CVE-2020-24870 CVE-2020-27918\n CVE-2020-29623 CVE-2020-36241 CVE-2021-1765\n CVE-2021-1788 CVE-2021-1789 CVE-2021-1799\n CVE-2021-1801 CVE-2021-1844 CVE-2021-1870\n CVE-2021-1871 CVE-2021-21775 CVE-2021-21779\n CVE-2021-21806 CVE-2021-28650 CVE-2021-30663\n CVE-2021-30665 CVE-2021-30682 CVE-2021-30689\n CVE-2021-30720 CVE-2021-30734 CVE-2021-30744\n CVE-2021-30749 CVE-2021-30758 CVE-2021-30795\n CVE-2021-30797 CVE-2021-30799\n====================================================================\n1. Summary:\n\nAn update for GNOME is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nGNOME is the default desktop environment of Red Hat Enterprise Linux. \n\nThe following packages have been upgraded to a later upstream version: gdm\n(40.0), webkit2gtk3 (2.32.3). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nGDM must be restarted for this update to take effect. The GNOME session\nmust be restarted (log out, then log back in) for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time\n1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8)\n1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop\n1813727 - Files copied from NFS4 to Desktop can\u0027t be opened\n1854679 - [RFE] Disable left edge gesture\n1873297 - Gnome-software coredumps when run as root in terminal\n1873488 - GTK3 prints errors with overlay scrollbar disabled\n1888404 - Updates page hides ongoing updates on refresh\n1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3. \n1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ... \n1904139 - Automatic Logout Feature not working\n1905000 - Desktop refresh broken after unlock\n1909300 - gdm isn\u0027t killing the login screen on login after all, should rebase to latest release\n1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot\n1924725 - [Wayland] Double-touch desktop icons fails sometimes\n1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory\n1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp\n1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution\n1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login\n1937416 - Rebase WebKitGTK to 2.32\n1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0]\n1938937 - Mutter: mouse click doesn\u0027t work when using 10-bit graphic monitor [rhel-8.5.0]\n1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix)\n1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution\n1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history\n1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation\n1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution\n1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection\n1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation\n1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution\n1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution\n1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution\n1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution\n1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH\n1951086 - Disable the Facebook provider\n1952136 - Disable the Foursquare provider\n1955754 - gnome-session kiosk-session support still isn\u0027t up to muster\n1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide\n1960705 - Vino nonfunctional in FIPS mode\n1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V\n1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens\n1971534 - gnome-shell[2343]: gsignal.c:2642: instance \u00270x5583c61f9280\u0027 has no handler with id \u002723831\u0027\n1972545 - flatpak: Prefer runtime from the same origin as the application\n1978287 - gnome-shell to include / Documented - PolicyKit-authentication-agent\n1978505 - Gnome Software development package is missing important header files. \n1978612 - pt_BR translations for \"Register System\" panel\n1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution\n1980661 - \"Screen Lock disabled\" notification appears on first login after disabling gdm and notification pop-up. \n1981420 - Improve style of overview close buttons\n1986863 - CVE-2021-21775 webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution\n1986866 - CVE-2021-21779 webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution\n1986872 - CVE-2021-30663 webkitgtk: Integer overflow leading to arbitrary code execution\n1986874 - CVE-2021-30665 webkitgtk: Memory corruption leading to arbitrary code execution\n1986879 - CVE-2021-30682 webkitgtk: Logic issue leading to leak of sensitive user information\n1986881 - CVE-2021-30689 webkitgtk: Logic issue leading to universal cross site scripting attack\n1986883 - CVE-2021-30720 webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers\n1986886 - CVE-2021-30734 webkitgtk: Memory corruptions leading to arbitrary code execution\n1986888 - CVE-2021-30744 webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack\n1986890 - CVE-2021-30749 webkitgtk: Memory corruptions leading to arbitrary code execution\n1986892 - CVE-2021-30758 webkitgtk: Type confusion leading to arbitrary code execution\n1986900 - CVE-2021-30795 webkitgtk: Use-after-free leading to arbitrary code execution\n1986902 - CVE-2021-30797 webkitgtk: Insufficient checks leading to arbitrary code execution\n1986906 - CVE-2021-30799 webkitgtk: Memory corruptions leading to arbitrary code execution\n1987233 - [RHEL8.5]Login screen shows dots when entering username\n1989035 - terminal don\u0027t redraw if partially off screen\n1998989 - [RHEL8.5] [Hyper-V]Cannot display GUI after installed RHEL8.5 recent build\n1999120 - Gnome file manager crashes Xwayland/Desktop on drag/drop of files\n2004170 - Unable to login to session via xdmcp\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nLibRaw-0.19.5-3.el8.src.rpm\naccountsservice-0.6.55-2.el8.src.rpm\ngdm-40.0-15.el8.src.rpm\ngnome-autoar-0.2.3-2.el8.src.rpm\ngnome-calculator-3.28.2-2.el8.src.rpm\ngnome-control-center-3.28.2-28.el8.src.rpm\ngnome-online-accounts-3.28.2-3.el8.src.rpm\ngnome-session-3.28.1-13.el8.src.rpm\ngnome-settings-daemon-3.32.0-16.el8.src.rpm\ngnome-shell-3.32.2-40.el8.src.rpm\ngnome-shell-extensions-3.32.1-20.el8.src.rpm\ngnome-software-3.36.1-10.el8.src.rpm\ngtk3-3.22.30-8.el8.src.rpm\nmutter-3.32.2-60.el8.src.rpm\nvino-3.22.0-11.el8.src.rpm\nwebkit2gtk3-2.32.3-2.el8.src.rpm\n\naarch64:\naccountsservice-0.6.55-2.el8.aarch64.rpm\naccountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm\naccountsservice-debugsource-0.6.55-2.el8.aarch64.rpm\naccountsservice-libs-0.6.55-2.el8.aarch64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm\ngdm-40.0-15.el8.aarch64.rpm\ngdm-debuginfo-40.0-15.el8.aarch64.rpm\ngdm-debugsource-40.0-15.el8.aarch64.rpm\ngnome-autoar-0.2.3-2.el8.aarch64.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm\ngnome-calculator-3.28.2-2.el8.aarch64.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm\ngnome-control-center-3.28.2-28.el8.aarch64.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm\ngnome-online-accounts-3.28.2-3.el8.aarch64.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm\ngnome-session-3.28.1-13.el8.aarch64.rpm\ngnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm\ngnome-session-debugsource-3.28.1-13.el8.aarch64.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm\ngnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm\ngnome-session-xsession-3.28.1-13.el8.aarch64.rpm\ngnome-settings-daemon-3.32.0-16.el8.aarch64.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm\ngnome-shell-3.32.2-40.el8.aarch64.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm\ngnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm\ngnome-software-3.36.1-10.el8.aarch64.rpm\ngnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm\ngnome-software-debugsource-3.36.1-10.el8.aarch64.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm\ngtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-3.22.30-8.el8.aarch64.rpm\ngtk3-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-debugsource-3.22.30-8.el8.aarch64.rpm\ngtk3-devel-3.22.30-8.el8.aarch64.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm\nmutter-3.32.2-60.el8.aarch64.rpm\nmutter-debuginfo-3.32.2-60.el8.aarch64.rpm\nmutter-debugsource-3.32.2-60.el8.aarch64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm\nvino-3.22.0-11.el8.aarch64.rpm\nvino-debuginfo-3.22.0-11.el8.aarch64.rpm\nvino-debugsource-3.22.0-11.el8.aarch64.rpm\nwebkit2gtk3-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm\n\nnoarch:\ngnome-classic-session-3.32.1-20.el8.noarch.rpm\ngnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm\ngnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-common-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm\ngnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm\n\nppc64le:\nLibRaw-0.19.5-3.el8.ppc64le.rpm\nLibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm\nLibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm\naccountsservice-0.6.55-2.el8.ppc64le.rpm\naccountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm\naccountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm\naccountsservice-libs-0.6.55-2.el8.ppc64le.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm\ngdm-40.0-15.el8.ppc64le.rpm\ngdm-debuginfo-40.0-15.el8.ppc64le.rpm\ngdm-debugsource-40.0-15.el8.ppc64le.rpm\ngnome-autoar-0.2.3-2.el8.ppc64le.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm\ngnome-calculator-3.28.2-2.el8.ppc64le.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm\ngnome-control-center-3.28.2-28.el8.ppc64le.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm\ngnome-online-accounts-3.28.2-3.el8.ppc64le.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm\ngnome-session-3.28.1-13.el8.ppc64le.rpm\ngnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm\ngnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm\ngnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm\ngnome-session-xsession-3.28.1-13.el8.ppc64le.rpm\ngnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm\ngnome-shell-3.32.2-40.el8.ppc64le.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm\ngnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm\ngnome-software-3.36.1-10.el8.ppc64le.rpm\ngnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm\ngnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm\ngtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-3.22.30-8.el8.ppc64le.rpm\ngtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-debugsource-3.22.30-8.el8.ppc64le.rpm\ngtk3-devel-3.22.30-8.el8.ppc64le.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm\nmutter-3.32.2-60.el8.ppc64le.rpm\nmutter-debuginfo-3.32.2-60.el8.ppc64le.rpm\nmutter-debugsource-3.32.2-60.el8.ppc64le.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm\nvino-3.22.0-11.el8.ppc64le.rpm\nvino-debuginfo-3.22.0-11.el8.ppc64le.rpm\nvino-debugsource-3.22.0-11.el8.ppc64le.rpm\nwebkit2gtk3-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm\n\ns390x:\naccountsservice-0.6.55-2.el8.s390x.rpm\naccountsservice-debuginfo-0.6.55-2.el8.s390x.rpm\naccountsservice-debugsource-0.6.55-2.el8.s390x.rpm\naccountsservice-libs-0.6.55-2.el8.s390x.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm\ngdm-40.0-15.el8.s390x.rpm\ngdm-debuginfo-40.0-15.el8.s390x.rpm\ngdm-debugsource-40.0-15.el8.s390x.rpm\ngnome-autoar-0.2.3-2.el8.s390x.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm\ngnome-calculator-3.28.2-2.el8.s390x.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm\ngnome-control-center-3.28.2-28.el8.s390x.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm\ngnome-online-accounts-3.28.2-3.el8.s390x.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm\ngnome-session-3.28.1-13.el8.s390x.rpm\ngnome-session-debuginfo-3.28.1-13.el8.s390x.rpm\ngnome-session-debugsource-3.28.1-13.el8.s390x.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm\ngnome-session-wayland-session-3.28.1-13.el8.s390x.rpm\ngnome-session-xsession-3.28.1-13.el8.s390x.rpm\ngnome-settings-daemon-3.32.0-16.el8.s390x.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm\ngnome-shell-3.32.2-40.el8.s390x.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm\ngnome-shell-debugsource-3.32.2-40.el8.s390x.rpm\ngnome-software-3.36.1-10.el8.s390x.rpm\ngnome-software-debuginfo-3.36.1-10.el8.s390x.rpm\ngnome-software-debugsource-3.36.1-10.el8.s390x.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm\ngtk-update-icon-cache-3.22.30-8.el8.s390x.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-3.22.30-8.el8.s390x.rpm\ngtk3-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-debugsource-3.22.30-8.el8.s390x.rpm\ngtk3-devel-3.22.30-8.el8.s390x.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-immodule-xim-3.22.30-8.el8.s390x.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm\nmutter-3.32.2-60.el8.s390x.rpm\nmutter-debuginfo-3.32.2-60.el8.s390x.rpm\nmutter-debugsource-3.32.2-60.el8.s390x.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm\nvino-3.22.0-11.el8.s390x.rpm\nvino-debuginfo-3.22.0-11.el8.s390x.rpm\nvino-debugsource-3.22.0-11.el8.s390x.rpm\nwebkit2gtk3-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm\n\nx86_64:\nLibRaw-0.19.5-3.el8.i686.rpm\nLibRaw-0.19.5-3.el8.x86_64.rpm\nLibRaw-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm\nLibRaw-debugsource-0.19.5-3.el8.i686.rpm\nLibRaw-debugsource-0.19.5-3.el8.x86_64.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm\naccountsservice-0.6.55-2.el8.x86_64.rpm\naccountsservice-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm\naccountsservice-debugsource-0.6.55-2.el8.i686.rpm\naccountsservice-debugsource-0.6.55-2.el8.x86_64.rpm\naccountsservice-libs-0.6.55-2.el8.i686.rpm\naccountsservice-libs-0.6.55-2.el8.x86_64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm\ngdm-40.0-15.el8.i686.rpm\ngdm-40.0-15.el8.x86_64.rpm\ngdm-debuginfo-40.0-15.el8.i686.rpm\ngdm-debuginfo-40.0-15.el8.x86_64.rpm\ngdm-debugsource-40.0-15.el8.i686.rpm\ngdm-debugsource-40.0-15.el8.x86_64.rpm\ngnome-autoar-0.2.3-2.el8.i686.rpm\ngnome-autoar-0.2.3-2.el8.x86_64.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm\ngnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.i686.rpm\ngnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm\ngnome-calculator-3.28.2-2.el8.x86_64.rpm\ngnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm\ngnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm\ngnome-control-center-3.28.2-28.el8.x86_64.rpm\ngnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm\ngnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm\ngnome-online-accounts-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-3.28.2-3.el8.x86_64.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.i686.rpm\ngnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm\ngnome-session-3.28.1-13.el8.x86_64.rpm\ngnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm\ngnome-session-debugsource-3.28.1-13.el8.x86_64.rpm\ngnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm\ngnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm\ngnome-session-xsession-3.28.1-13.el8.x86_64.rpm\ngnome-settings-daemon-3.32.0-16.el8.x86_64.rpm\ngnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm\ngnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm\ngnome-shell-3.32.2-40.el8.x86_64.rpm\ngnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm\ngnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm\ngnome-software-3.36.1-10.el8.x86_64.rpm\ngnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm\ngnome-software-debugsource-3.36.1-10.el8.x86_64.rpm\ngsettings-desktop-schemas-3.32.0-6.el8.i686.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm\ngsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm\ngtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm\ngtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-3.22.30-8.el8.i686.rpm\ngtk3-3.22.30-8.el8.x86_64.rpm\ngtk3-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-debugsource-3.22.30-8.el8.i686.rpm\ngtk3-debugsource-3.22.30-8.el8.x86_64.rpm\ngtk3-devel-3.22.30-8.el8.i686.rpm\ngtk3-devel-3.22.30-8.el8.x86_64.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm\ngtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm\nmutter-3.32.2-60.el8.i686.rpm\nmutter-3.32.2-60.el8.x86_64.rpm\nmutter-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-debuginfo-3.32.2-60.el8.x86_64.rpm\nmutter-debugsource-3.32.2-60.el8.i686.rpm\nmutter-debugsource-3.32.2-60.el8.x86_64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm\nvino-3.22.0-11.el8.x86_64.rpm\nvino-debuginfo-3.22.0-11.el8.x86_64.rpm\nvino-debugsource-3.22.0-11.el8.x86_64.rpm\nwebkit2gtk3-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\ngsettings-desktop-schemas-3.32.0-6.el8.src.rpm\n\naarch64:\ngsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm\n\nppc64le:\ngsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm\n\ns390x:\ngsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm\n\nx86_64:\ngsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm\n\nRed Hat Enterprise Linux CRB (v. 8):\n\naarch64:\naccountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm\naccountsservice-debugsource-0.6.55-2.el8.aarch64.rpm\naccountsservice-devel-0.6.55-2.el8.aarch64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm\ngnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm\ngnome-software-debugsource-3.36.1-10.el8.aarch64.rpm\ngnome-software-devel-3.36.1-10.el8.aarch64.rpm\nmutter-debuginfo-3.32.2-60.el8.aarch64.rpm\nmutter-debugsource-3.32.2-60.el8.aarch64.rpm\nmutter-devel-3.32.2-60.el8.aarch64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm\n\nppc64le:\nLibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm\nLibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm\nLibRaw-devel-0.19.5-3.el8.ppc64le.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm\naccountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm\naccountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm\naccountsservice-devel-0.6.55-2.el8.ppc64le.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm\ngnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm\ngnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm\ngnome-software-devel-3.36.1-10.el8.ppc64le.rpm\nmutter-debuginfo-3.32.2-60.el8.ppc64le.rpm\nmutter-debugsource-3.32.2-60.el8.ppc64le.rpm\nmutter-devel-3.32.2-60.el8.ppc64le.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm\n\ns390x:\naccountsservice-debuginfo-0.6.55-2.el8.s390x.rpm\naccountsservice-debugsource-0.6.55-2.el8.s390x.rpm\naccountsservice-devel-0.6.55-2.el8.s390x.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm\ngnome-software-debuginfo-3.36.1-10.el8.s390x.rpm\ngnome-software-debugsource-3.36.1-10.el8.s390x.rpm\ngnome-software-devel-3.36.1-10.el8.s390x.rpm\nmutter-debuginfo-3.32.2-60.el8.s390x.rpm\nmutter-debugsource-3.32.2-60.el8.s390x.rpm\nmutter-devel-3.32.2-60.el8.s390x.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm\n\nx86_64:\nLibRaw-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm\nLibRaw-debugsource-0.19.5-3.el8.i686.rpm\nLibRaw-debugsource-0.19.5-3.el8.x86_64.rpm\nLibRaw-devel-0.19.5-3.el8.i686.rpm\nLibRaw-devel-0.19.5-3.el8.x86_64.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm\nLibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm\naccountsservice-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm\naccountsservice-debugsource-0.6.55-2.el8.i686.rpm\naccountsservice-debugsource-0.6.55-2.el8.x86_64.rpm\naccountsservice-devel-0.6.55-2.el8.i686.rpm\naccountsservice-devel-0.6.55-2.el8.x86_64.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm\naccountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm\ngnome-software-3.36.1-10.el8.i686.rpm\ngnome-software-debuginfo-3.36.1-10.el8.i686.rpm\ngnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm\ngnome-software-debugsource-3.36.1-10.el8.i686.rpm\ngnome-software-debugsource-3.36.1-10.el8.x86_64.rpm\ngnome-software-devel-3.36.1-10.el8.i686.rpm\ngnome-software-devel-3.36.1-10.el8.x86_64.rpm\nmutter-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-debuginfo-3.32.2-60.el8.x86_64.rpm\nmutter-debugsource-3.32.2-60.el8.i686.rpm\nmutter-debugsource-3.32.2-60.el8.x86_64.rpm\nmutter-devel-3.32.2-60.el8.i686.rpm\nmutter-devel-3.32.2-60.el8.x86_64.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.i686.rpm\nmutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-13558\nhttps://access.redhat.com/security/cve/CVE-2020-24870\nhttps://access.redhat.com/security/cve/CVE-2020-27918\nhttps://access.redhat.com/security/cve/CVE-2020-29623\nhttps://access.redhat.com/security/cve/CVE-2020-36241\nhttps://access.redhat.com/security/cve/CVE-2021-1765\nhttps://access.redhat.com/security/cve/CVE-2021-1788\nhttps://access.redhat.com/security/cve/CVE-2021-1789\nhttps://access.redhat.com/security/cve/CVE-2021-1799\nhttps://access.redhat.com/security/cve/CVE-2021-1801\nhttps://access.redhat.com/security/cve/CVE-2021-1844\nhttps://access.redhat.com/security/cve/CVE-2021-1870\nhttps://access.redhat.com/security/cve/CVE-2021-1871\nhttps://access.redhat.com/security/cve/CVE-2021-21775\nhttps://access.redhat.com/security/cve/CVE-2021-21779\nhttps://access.redhat.com/security/cve/CVE-2021-21806\nhttps://access.redhat.com/security/cve/CVE-2021-28650\nhttps://access.redhat.com/security/cve/CVE-2021-30663\nhttps://access.redhat.com/security/cve/CVE-2021-30665\nhttps://access.redhat.com/security/cve/CVE-2021-30682\nhttps://access.redhat.com/security/cve/CVE-2021-30689\nhttps://access.redhat.com/security/cve/CVE-2021-30720\nhttps://access.redhat.com/security/cve/CVE-2021-30734\nhttps://access.redhat.com/security/cve/CVE-2021-30744\nhttps://access.redhat.com/security/cve/CVE-2021-30749\nhttps://access.redhat.com/security/cve/CVE-2021-30758\nhttps://access.redhat.com/security/cve/CVE-2021-30795\nhttps://access.redhat.com/security/cve/CVE-2021-30797\nhttps://access.redhat.com/security/cve/CVE-2021-30799\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYYrdm9zjgjWX9erEAQhgIA/+KzLn8QVHI3X8x9ufH1+nO8QXQqwTGQ0E\nawNXP8h4qsL7EGugHrz/KVjwaKJs/erPxh5jGl/xE1ZhngGlyStUpQkI2Y3cP2/3\n05jDPPS0QEfG5Y0rlnESyPxtwQTCpqped5P7L8VtKuzRae1HV63onsBB8zpcIFF7\nsTKcP6wAAjJDltUjlhnEkkE3G6Dxfv14/UowRAWoT9pa9cP0+KqdhuYKHdt3fCD7\ntEItM/SFQGoCF8zvXbvAiUXfZsQ/t/Yik9O6WISTWenaxCcP43Xn7aicsvZMVOvQ\nw+jnH/hnMLBoPhH2k4PClsDapa/D6IrQIUrwxtgfbC4KRs0fbdrEGCPqs4nl/AdD\nMigcf4gCMBq0bk3/yKp+/bi+OWwRMmw3ZdkJsOTNrOAkK1UCyrpF1ULyfs+8/OC5\nQnXW88fPCwhFj+KSAq5Cqfwm3hrKTCWIT/T1DQBG+J7Y9NgEx+zEXVmWaaA0z+7T\nqji5aUsIH+TG3t1EwtXABWGGEBRxC+svUoWNJBW1u6qwxfMx5E+hHUHhRewVYLYu\nSToRXa3cIX23M/XyHNXBgMCpPPw8DeY5aAA1fvKQsuMCLywDg0N3mYhvk1HUNidb\nZ6HmsLjLrGbkb1AAhP0V0wUuh5P6YJlL6iM49fQgztlHoBO0OAo56GBjAyT3pAAX\n2rgR2Ny0wo4=gfrM\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. \n\nSecurity Fix(es):\n\n* mig-controller: incorrect namespaces handling may lead to not authorized\nusage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2019088 - \"MigrationController\" CR displays syntax error when unquiescing applications\n2021666 - Route name longer than 63 characters causes direct volume migration to fail\n2021668 - \"MigrationController\" CR ignores the \"cluster_subdomain\" value for direct volume migration routes\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image\n2027196 - \"migration-controller\" pod goes into \"CrashLoopBackoff\" state if an invalid registry route is entered on the \"Clusters\" page of the web console\n2027382 - \"Copy oc describe/oc logs\" window does not close automatically after timeout\n2028841 - \"rsync-client\" container fails during direct volume migration with \"Address family not supported by protocol\" error\n2031793 - \"migration-controller\" pod goes into \"CrashLoopBackOff\" state if \"MigPlan\" CR contains an invalid \"includedResources\" resource\n2039852 - \"migration-controller\" pod goes into \"CrashLoopBackOff\" state if \"MigPlan\" CR contains an invalid \"destMigClusterRef\" or \"srcMigClusterRef\"\n\n5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202104-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: April 30, 2021\n Bugs: #770793, #773193\n ID: 202104-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nBackground\n==========\n\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from\nhybrid HTML/CSS applications to full-fledged web browsers. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.30.6 \u003e= 2.30.6\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in WebkitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.30.6\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-13558\n https://nvd.nist.gov/vuln/detail/CVE-2020-13558\n[ 2 ] CVE-2020-27918\n https://nvd.nist.gov/vuln/detail/CVE-2020-27918\n[ 3 ] CVE-2020-29623\n https://nvd.nist.gov/vuln/detail/CVE-2020-29623\n[ 4 ] CVE-2020-9947\n https://nvd.nist.gov/vuln/detail/CVE-2020-9947\n[ 5 ] CVE-2021-1765\n https://nvd.nist.gov/vuln/detail/CVE-2021-1765\n[ 6 ] CVE-2021-1789\n https://nvd.nist.gov/vuln/detail/CVE-2021-1789\n[ 7 ] CVE-2021-1799\n https://nvd.nist.gov/vuln/detail/CVE-2021-1799\n[ 8 ] CVE-2021-1801\n https://nvd.nist.gov/vuln/detail/CVE-2021-1801\n[ 9 ] CVE-2021-1870\n https://nvd.nist.gov/vuln/detail/CVE-2021-1870\n[ 10 ] WSA-2021-0001\n https://webkitgtk.org/security/WSA-2021-0001.html\n[ 11 ] WSA-2021-0002\n https://webkitgtk.org/security/WSA-2021-0002.html\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202104-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-01-26-1 iOS 14.4 and iPadOS 14.4\n\niOS 14.4 and iPadOS 14.4 addresses the following issues. Information\nabout the security content is also available at\nhttps://support.apple.com/HT212146. \n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A malicious application may be able to elevate privileges. \nCVE-2021-1782: an anonymous researcher\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A remote attacker may be able to cause arbitrary code\nexecution. \nCVE-2021-1871: an anonymous researcher\nCVE-2021-1870: an anonymous researcher\n\nAdditional details available soon. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 14.4 and iPadOS 14.4\". -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4877-1 security@debian.org\nhttps://www.debian.org/security/ Alberto Garcia\nMarch 27, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : webkit2gtk\nCVE ID : CVE-2020-27918 CVE-2020-29623 CVE-2021-1765 CVE-2021-1789\n CVE-2021-1799 CVE-2021-1801 CVE-2021-1870\n\nThe following vulnerabilities have been discovered in the webkit2gtk\nweb engine:\n\nCVE-2020-27918\n\n Liu Long discovered that processing maliciously crafted web\n content may lead to arbitrary code execution. \n\nCVE-2020-29623\n\n Simon Hunt discovered that users may be unable to fully delete\n their browsing history under some circumstances. \n\nCVE-2021-1765\n\n Eliya Stein discovered that maliciously crafted web content may\n violate iframe sandboxing policy. \n\nCVE-2021-1799\n\n Gregory Vishnepolsky, Ben Seri and Samy Kamkar discovered that a\n malicious website may be able to access restricted ports on\n arbitrary servers. \n\nCVE-2021-1870\n\n An anonymous researcher discovered that processing maliciously\n crafted web content may lead to arbitrary code execution. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.30.6-1~deb10u1. \n\nWe recommend that you upgrade your webkit2gtk packages",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1870"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013407"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-376530"
},
{
"db": "VULMON",
"id": "CVE-2021-1870"
},
{
"db": "PACKETSTORM",
"id": "164872"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "162412"
},
{
"db": "PACKETSTORM",
"id": "161146"
},
{
"db": "PACKETSTORM",
"id": "169018"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-376530",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376530"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-1870",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "162412",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161146",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "164872",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013407",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1071",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1566",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1486",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3779",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0245",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1078",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2194",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0349",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0298",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050106",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2438",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-376530",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-1870",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165631",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169018",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376530"
},
{
"db": "VULMON",
"id": "CVE-2021-1870"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013407"
},
{
"db": "PACKETSTORM",
"id": "164872"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "162412"
},
{
"db": "PACKETSTORM",
"id": "161146"
},
{
"db": "PACKETSTORM",
"id": "169018"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2438"
},
{
"db": "NVD",
"id": "CVE-2021-1870"
}
]
},
"id": "VAR-202104-0750",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-376530"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:25:13.701000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212147",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/"
},
{
"title": "Apple iOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140050"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2021/01/26/apple_ios_zero_days/"
},
{
"title": "Red Hat: CVE-2021-1870",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-1870"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-1870 log"
},
{
"title": "Debian Security Advisories: DSA-4877-1 webkit2gtk -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=54614041ef5c5198dc0441d800a306fb"
},
{
"title": "Arch Linux Advisories: [ASA-202103-25] wpewebkit: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202103-25"
},
{
"title": "Arch Linux Advisories: [ASA-202103-24] webkit2gtk: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202103-24"
},
{
"title": "Amazon Linux 2: ALAS2-2023-2088",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-2088"
},
{
"title": "Known Exploited Vulnerabilities Detector",
"trust": 0.1,
"url": "https://github.com/Ostorlab/KEV "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/apple-zero%e2%80%91days-active-attack/165842/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/apple-webkit-remote-code-execution/164595/"
},
{
"title": null,
"trust": 0.1,
"url": "https://www.welivesecurity.com/2021/01/27/apple-patches-three-ios-zero-days-under-attack/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-1870"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013407"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2438"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013407"
},
{
"db": "NVD",
"id": "CVE-2021-1870"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://security.gentoo.org/glsa/202104-03"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212146"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212147"
},
{
"trust": 1.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1870"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/l3l6zzou5js7e3rfyglp7uflxcg7tnlu/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jn6zod62cto54chtmjthvef6r2y532tj/"
},
{
"trust": 0.8,
"url": "https://cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jn6zod62cto54chtmjthvef6r2y532tj/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l3l6zzou5js7e3rfyglp7uflxcg7tnlu/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0245"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050106"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161146/apple-security-advisory-2021-01-26-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3779"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1566"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0349/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162412/gentoo-linux-security-advisory-202104-03.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164872/red-hat-security-advisory-2021-4381-05.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-ios-three-vulnerabilities-34417"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0298/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkitgtk-multiple-vulnerabilities-34951"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1078"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1486"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2194"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1071"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-1870"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1765"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1801"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29623"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13558"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1799"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27918"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1789"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30744"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1844"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21775"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1871"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21806"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30734"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1871"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30758"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1801"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-36241"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30797"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1765"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30720"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13558"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-28650"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24870"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1799"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21779"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-29623"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1789"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27918"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30749"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30795"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30663"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-1788"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30799"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30665"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30689"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-30682"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/apple-zero%e2%80%91days-active-attack/165842/"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2021-1870"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30689"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4381"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30758"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24870"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36241"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28650"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3575"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15389"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-18032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-5785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27842"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10001"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3948"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27828"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26926"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0202"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15389"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9947"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0002.html"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0001.html"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212146."
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1782"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/webkit2gtk"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376530"
},
{
"db": "VULMON",
"id": "CVE-2021-1870"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013407"
},
{
"db": "PACKETSTORM",
"id": "164872"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "162412"
},
{
"db": "PACKETSTORM",
"id": "161146"
},
{
"db": "PACKETSTORM",
"id": "169018"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2438"
},
{
"db": "NVD",
"id": "CVE-2021-1870"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-376530"
},
{
"db": "VULMON",
"id": "CVE-2021-1870"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013407"
},
{
"db": "PACKETSTORM",
"id": "164872"
},
{
"db": "PACKETSTORM",
"id": "165631"
},
{
"db": "PACKETSTORM",
"id": "162412"
},
{
"db": "PACKETSTORM",
"id": "161146"
},
{
"db": "PACKETSTORM",
"id": "169018"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2438"
},
{
"db": "NVD",
"id": "CVE-2021-1870"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-376530"
},
{
"date": "2021-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1870"
},
{
"date": "2022-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-013407"
},
{
"date": "2021-11-10T17:09:58",
"db": "PACKETSTORM",
"id": "164872"
},
{
"date": "2022-01-20T17:48:29",
"db": "PACKETSTORM",
"id": "165631"
},
{
"date": "2021-05-03T20:24:45",
"db": "PACKETSTORM",
"id": "162412"
},
{
"date": "2021-01-27T14:07:26",
"db": "PACKETSTORM",
"id": "161146"
},
{
"date": "2021-03-28T19:12:00",
"db": "PACKETSTORM",
"id": "169018"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-01-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2438"
},
{
"date": "2021-04-02T19:15:20.567000",
"db": "NVD",
"id": "CVE-2021-1870"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-02T00:00:00",
"db": "VULHUB",
"id": "VHN-376530"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1870"
},
{
"date": "2024-05-31T06:08:00",
"db": "JVNDB",
"id": "JVNDB-2021-013407"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-01-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2438"
},
{
"date": "2024-11-21T05:45:15.777000",
"db": "NVD",
"id": "CVE-2021-1870"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2438"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Apple\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013407"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2438"
}
],
"trust": 1.2
}
}
var-202208-0945
Vulnerability from variot
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. feep.net of libtar Products from other vendors have out-of-bounds read vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state. openEuler is an operating system of the Open Atom Open Source Foundation. There are security vulnerabilities in openEuler 20.03-LTS-SP1, 20.03-LTS-SP3 and 22.03-LTS versions of the Open Atom Open Source Foundation. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: libtar security update Advisory ID: RHSA-2023:2898-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2898 Issue date: 2023-05-16 CVE Names: CVE-2021-33643 CVE-2021-33644 CVE-2021-33645 CVE-2021-33646 ==================================================================== 1. Summary:
An update for libtar is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The libtar packages contain a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions.
Security Fix(es):
-
libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)
-
libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)
-
libtar: memory leak found in th_read() function (CVE-2021-33645)
-
libtar: memory leak found in th_read() function (CVE-2021-33646)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2121289 - CVE-2021-33643 libtar: out-of-bounds read in gnu_longlink 2121292 - CVE-2021-33644 libtar: out-of-bounds read in gnu_longname 2121295 - CVE-2021-33645 libtar: memory leak found in th_read() function 2121297 - CVE-2021-33646 libtar: memory leak found in th_read() function
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: libtar-1.2.20-17.el8.src.rpm
aarch64: libtar-1.2.20-17.el8.aarch64.rpm libtar-debuginfo-1.2.20-17.el8.aarch64.rpm libtar-debugsource-1.2.20-17.el8.aarch64.rpm
ppc64le: libtar-1.2.20-17.el8.ppc64le.rpm libtar-debuginfo-1.2.20-17.el8.ppc64le.rpm libtar-debugsource-1.2.20-17.el8.ppc64le.rpm
s390x: libtar-1.2.20-17.el8.s390x.rpm libtar-debuginfo-1.2.20-17.el8.s390x.rpm libtar-debugsource-1.2.20-17.el8.s390x.rpm
x86_64: libtar-1.2.20-17.el8.i686.rpm libtar-1.2.20-17.el8.x86_64.rpm libtar-debuginfo-1.2.20-17.el8.i686.rpm libtar-debuginfo-1.2.20-17.el8.x86_64.rpm libtar-debugsource-1.2.20-17.el8.i686.rpm libtar-debugsource-1.2.20-17.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-33643 https://access.redhat.com/security/cve/CVE-2021-33644 https://access.redhat.com/security/cve/CVE-2021-33645 https://access.redhat.com/security/cve/CVE-2021-33646 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBZGNwdNzjgjWX9erEAQjfPw//SoG/pVemP1peDGxUFDfBMBbldrFWpNro Te4tTe3YAkVgQgtnGZ8n3Arlrryk+3wfgQj3u9gdUj1w14YyEZC8hpWLCXI5iw/P Ul4dHHOnO0UW568dkaqUeJjl02o2ugRp2RZVt14yuZqLKmF9WCJW7lCZQLoqCIVp 7P3vZOQBlyU6BuGXO4Th86fpLDEZCboBQDA2QeNFvt+qNwvNxgb3A05217tfXnZ4 EpltZPIrl8pzEmmWA09XeFgIm5GXNiWjjR/fF3OHSgQ9cmXnafxWSBNiDlzHNQCk 0/z5gcvl+BJLceQoZBo6hdldHCiOF20jCxr8Nb/3sSJ+zAqQqqNsnDQ1TGs2GMDz Mx5JECSk0p79MMKR0mrP2NbCqxqEsqOkjinIa0PDlKNPFbEikA4l7fXu58KyHsr/ V9otYHvD1ilS7cTw1FGi198oodCofA+euZCQBNnWuFbnrCo1cyRBN6mjCMZwDgww ZhNWOUvAmkhtC5ebBb8zuMJ73ojSwiv886kJbEjDlG7SDGbMPHxEAgTHWZp5l+jw z36m+SegsAXE/UKHRYTFriRA5p1pyq/AVUMwhMXvQhwwNxPl2wsaUOJGFBw3Fu3n bAFXpxAngQvELHEFOtmL9fzbnFo93OTkvuz9tJpbvNOCmDBJJEN6Znhic0iWzT0p kHiakPvkvj4=I+bk -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-0945",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openeuler",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "22.03"
},
{
"model": "openeuler",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "20.03"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "libtar",
"scope": "lt",
"trust": 1.0,
"vendor": "feep",
"version": "1.2.21"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "37"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "openeuler",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "libtar",
"scope": null,
"trust": 0.8,
"vendor": "feep net",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020153"
},
{
"db": "NVD",
"id": "CVE-2021-33644"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "172362"
}
],
"trust": 0.1
},
"cve": "CVE-2021-33644",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-33644",
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-33644",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33644",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-33644",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2779",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020153"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2779"
},
{
"db": "NVD",
"id": "CVE-2021-33644"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. feep.net of libtar Products from other vendors have out-of-bounds read vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state. openEuler is an operating system of the Open Atom Open Source Foundation. There are security vulnerabilities in openEuler 20.03-LTS-SP1, 20.03-LTS-SP3 and 22.03-LTS versions of the Open Atom Open Source Foundation. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: libtar security update\nAdvisory ID: RHSA-2023:2898-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:2898\nIssue date: 2023-05-16\nCVE Names: CVE-2021-33643 CVE-2021-33644 CVE-2021-33645\n CVE-2021-33646\n====================================================================\n1. Summary:\n\nAn update for libtar is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe libtar packages contain a C library for manipulating tar archives. The\nlibrary supports both the strict POSIX tar format and many of the commonly\nused GNU extensions. \n\nSecurity Fix(es):\n\n* libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)\n\n* libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)\n\n* libtar: memory leak found in th_read() function (CVE-2021-33645)\n\n* libtar: memory leak found in th_read() function (CVE-2021-33646)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.8 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2121289 - CVE-2021-33643 libtar: out-of-bounds read in gnu_longlink\n2121292 - CVE-2021-33644 libtar: out-of-bounds read in gnu_longname\n2121295 - CVE-2021-33645 libtar: memory leak found in th_read() function\n2121297 - CVE-2021-33646 libtar: memory leak found in th_read() function\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nlibtar-1.2.20-17.el8.src.rpm\n\naarch64:\nlibtar-1.2.20-17.el8.aarch64.rpm\nlibtar-debuginfo-1.2.20-17.el8.aarch64.rpm\nlibtar-debugsource-1.2.20-17.el8.aarch64.rpm\n\nppc64le:\nlibtar-1.2.20-17.el8.ppc64le.rpm\nlibtar-debuginfo-1.2.20-17.el8.ppc64le.rpm\nlibtar-debugsource-1.2.20-17.el8.ppc64le.rpm\n\ns390x:\nlibtar-1.2.20-17.el8.s390x.rpm\nlibtar-debuginfo-1.2.20-17.el8.s390x.rpm\nlibtar-debugsource-1.2.20-17.el8.s390x.rpm\n\nx86_64:\nlibtar-1.2.20-17.el8.i686.rpm\nlibtar-1.2.20-17.el8.x86_64.rpm\nlibtar-debuginfo-1.2.20-17.el8.i686.rpm\nlibtar-debuginfo-1.2.20-17.el8.x86_64.rpm\nlibtar-debugsource-1.2.20-17.el8.i686.rpm\nlibtar-debugsource-1.2.20-17.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-33643\nhttps://access.redhat.com/security/cve/CVE-2021-33644\nhttps://access.redhat.com/security/cve/CVE-2021-33645\nhttps://access.redhat.com/security/cve/CVE-2021-33646\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZGNwdNzjgjWX9erEAQjfPw//SoG/pVemP1peDGxUFDfBMBbldrFWpNro\nTe4tTe3YAkVgQgtnGZ8n3Arlrryk+3wfgQj3u9gdUj1w14YyEZC8hpWLCXI5iw/P\nUl4dHHOnO0UW568dkaqUeJjl02o2ugRp2RZVt14yuZqLKmF9WCJW7lCZQLoqCIVp\n7P3vZOQBlyU6BuGXO4Th86fpLDEZCboBQDA2QeNFvt+qNwvNxgb3A05217tfXnZ4\nEpltZPIrl8pzEmmWA09XeFgIm5GXNiWjjR/fF3OHSgQ9cmXnafxWSBNiDlzHNQCk\n0/z5gcvl+BJLceQoZBo6hdldHCiOF20jCxr8Nb/3sSJ+zAqQqqNsnDQ1TGs2GMDz\nMx5JECSk0p79MMKR0mrP2NbCqxqEsqOkjinIa0PDlKNPFbEikA4l7fXu58KyHsr/\nV9otYHvD1ilS7cTw1FGi198oodCofA+euZCQBNnWuFbnrCo1cyRBN6mjCMZwDgww\nZhNWOUvAmkhtC5ebBb8zuMJ73ojSwiv886kJbEjDlG7SDGbMPHxEAgTHWZp5l+jw\nz36m+SegsAXE/UKHRYTFriRA5p1pyq/AVUMwhMXvQhwwNxPl2wsaUOJGFBw3Fu3n\nbAFXpxAngQvELHEFOtmL9fzbnFo93OTkvuz9tJpbvNOCmDBJJEN6Znhic0iWzT0p\nkHiakPvkvj4=I+bk\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33644"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020153"
},
{
"db": "VULHUB",
"id": "VHN-393722"
},
{
"db": "PACKETSTORM",
"id": "172362"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33644",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020153",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2779",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-393722",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172362",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393722"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020153"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2779"
},
{
"db": "NVD",
"id": "CVE-2021-33644"
}
]
},
"id": "VAR-202208-0945",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-393722"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:02:28.939000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "openEuler Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=204268"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2779"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393722"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020153"
},
{
"db": "NVD",
"id": "CVE-2021-33644"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openeuler-sa-2022-1807"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7q26qdnojdofywmjweik5xr62m2ff6ij/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/od4hebsti22fnykokk7w3x6zqe6fv3xc/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4s4pjrcjleawn2ekxglsobtl7o57v7nc/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7wx5ye66ct7y5c2hthxsfdkqwywywj2t/"
},
{
"trust": 1.5,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5yshzy753r7xw6cikjvawi373ww3yrrj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4s4pjrcjleawn2ekxglsobtl7o57v7nc/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5yshzy753r7xw6cikjvawi373ww3yrrj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7q26qdnojdofywmjweik5xr62m2ff6ij/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7wx5ye66ct7y5c2hthxsfdkqwywywj2t/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/od4hebsti22fnykokk7w3x6zqe6fv3xc/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33644"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/libtar-four-vulnerabilities-39176"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-33644/"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33646"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33646"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33644"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33643"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393722"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020153"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2779"
},
{
"db": "NVD",
"id": "CVE-2021-33644"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-393722"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020153"
},
{
"db": "PACKETSTORM",
"id": "172362"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2779"
},
{
"db": "NVD",
"id": "CVE-2021-33644"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-393722"
},
{
"date": "2023-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-020153"
},
{
"date": "2023-05-16T17:07:39",
"db": "PACKETSTORM",
"id": "172362"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2779"
},
{
"date": "2022-08-10T20:15:20.517000",
"db": "NVD",
"id": "CVE-2021-33644"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-11T00:00:00",
"db": "VULHUB",
"id": "VHN-393722"
},
{
"date": "2023-09-19T08:11:00",
"db": "JVNDB",
"id": "JVNDB-2021-020153"
},
{
"date": "2022-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2779"
},
{
"date": "2023-11-07T03:35:53.727000",
"db": "NVD",
"id": "CVE-2021-33644"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2779"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "feep.net\u00a0 of \u00a0libtar\u00a0 Out-of-Bounds Read Vulnerability in Other Vendors\u0027 Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020153"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2779"
}
],
"trust": 0.6
}
}
var-202202-0163
Vulnerability from variot
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. Expat ( alias libexpat) Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-24
https://security.gentoo.org/
Severity: High Title: Expat: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #791703, #830422, #831918, #833431, #870097 ID: 202209-24
Synopsis
Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/expat < 2.4.9 >= 2.4.9
Description
Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Expat users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">\xdev-libs/expat-2.4.9"
References
[ 1 ] CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 [ 2 ] CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 [ 3 ] CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 [ 4 ] CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 [ 5 ] CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 [ 6 ] CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 [ 7 ] CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 [ 8 ] CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 [ 9 ] CVE-2022-23852 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 [ 10 ] CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 [ 11 ] CVE-2022-25235 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 [ 12 ] CVE-2022-25236 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 [ 13 ] CVE-2022-25313 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 [ 14 ] CVE-2022-25314 https://nvd.nist.gov/vuln/detail/CVE-2022-25314 [ 15 ] CVE-2022-25315 https://nvd.nist.gov/vuln/detail/CVE-2022-25315 [ 16 ] CVE-2022-40674 https://nvd.nist.gov/vuln/detail/CVE-2022-40674
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202209-24
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . Description:
Red Hat Advanced Cluster Management for Kubernetes 2.3.12 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/
Security fix:
- CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
Bug fixes:
-
Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856)
-
RHACM 2.3.12 images (BZ# 2101411)
-
Bugs fixed (https://bugzilla.redhat.com/):
2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation 2101411 - RHACM 2.3.12 images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: OpenShift Virtualization 4.11.0 Images security and bug fix update Advisory ID: RHSA-2022:6526-01 Product: cnv Advisory URL: https://access.redhat.com/errata/RHSA-2022:6526 Issue date: 2022-09-14 CVE Names: CVE-2018-25032 CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-13435 CVE-2020-14155 CVE-2020-17541 CVE-2020-24370 CVE-2020-35492 CVE-2021-3580 CVE-2021-3634 CVE-2021-3737 CVE-2021-4115 CVE-2021-4189 CVE-2021-20231 CVE-2021-20232 CVE-2021-23177 CVE-2021-25219 CVE-2021-31535 CVE-2021-31566 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-38185 CVE-2021-38561 CVE-2021-40528 CVE-2021-43527 CVE-2021-44716 CVE-2021-44717 CVE-2022-0778 CVE-2022-1271 CVE-2022-1292 CVE-2022-1621 CVE-2022-1629 CVE-2022-1798 CVE-2022-2068 CVE-2022-2097 CVE-2022-21698 CVE-2022-22576 CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVE-2022-24407 CVE-2022-24675 CVE-2022-24921 CVE-2022-25313 CVE-2022-25314 CVE-2022-27191 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 CVE-2022-28327 CVE-2022-29824 ==================================================================== 1. Summary:
Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.11.0 images:
RHEL-8-CNV-4.11 ==============hostpath-provisioner-container-v4.11.0-21 kubevirt-tekton-tasks-operator-container-v4.11.0-29 kubevirt-template-validator-container-v4.11.0-17 bridge-marker-container-v4.11.0-26 hostpath-csi-driver-container-v4.11.0-21 cluster-network-addons-operator-container-v4.11.0-26 ovs-cni-marker-container-v4.11.0-26 virtio-win-container-v4.11.0-16 ovs-cni-plugin-container-v4.11.0-26 kubemacpool-container-v4.11.0-26 hostpath-provisioner-operator-container-v4.11.0-24 cnv-containernetworking-plugins-container-v4.11.0-26 kubevirt-ssp-operator-container-v4.11.0-54 virt-cdi-uploadserver-container-v4.11.0-59 virt-cdi-cloner-container-v4.11.0-59 virt-cdi-operator-container-v4.11.0-59 virt-cdi-importer-container-v4.11.0-59 virt-cdi-uploadproxy-container-v4.11.0-59 virt-cdi-controller-container-v4.11.0-59 virt-cdi-apiserver-container-v4.11.0-59 kubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7 kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7 kubevirt-tekton-tasks-copy-template-container-v4.11.0-7 checkup-framework-container-v4.11.0-67 kubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7 kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7 vm-network-latency-checkup-container-v4.11.0-67 kubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7 hyperconverged-cluster-webhook-container-v4.11.0-95 cnv-must-gather-container-v4.11.0-62 hyperconverged-cluster-operator-container-v4.11.0-95 kubevirt-console-plugin-container-v4.11.0-83 virt-controller-container-v4.11.0-105 virt-handler-container-v4.11.0-105 virt-operator-container-v4.11.0-105 virt-launcher-container-v4.11.0-105 virt-artifacts-server-container-v4.11.0-105 virt-api-container-v4.11.0-105 libguestfs-tools-container-v4.11.0-105 hco-bundle-registry-container-v4.11.0-587
Security Fix(es):
-
golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
-
kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
-
golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
-
golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
-
prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
-
golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
-
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
-
golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
-
golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
-
golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
-
golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
-
golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1937609 - VM cannot be restarted
1945593 - Live migration should be blocked for VMs with host devices
1968514 - [RFE] Add cancel migration action to virtctl
1993109 - CNV MacOS Client not signed
1994604 - [RFE] - Add a feature to virtctl to print out a message if virtctl is a different version than the server side
2001385 - no "name" label in virt-operator pod
2009793 - KBase to clarify nested support status is missing
2010318 - with sysprep config data as cfgmap volume and as cdrom disk a windows10 VMI fails to LiveMigrate
2025276 - No permissions when trying to clone to a different namespace (as Kubeadmin)
2025401 - [TEST ONLY] [CNV+OCS/ODF] Virtualization poison pill implemenation
2026357 - Migration in sequence can be reported as failed even when it succeeded
2029349 - cluster-network-addons-operator does not serve metrics through HTTPS
2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
2031857 - Add annotation for URL to download the image
2033077 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate
2035344 - kubemacpool-mac-controller-manager not ready
2036676 - NoReadyVirtController and NoReadyVirtOperator are never triggered
2039976 - Pod stuck in "Terminating" state when removing VM with kernel boot and container disks
2040766 - A crashed Windows VM cannot be restarted with virtctl or the UI
2041467 - [SSP] Support custom DataImportCron creating in custom namespaces
2042402 - LiveMigration with postcopy misbehave when failure occurs
2042809 - sysprep disk requires autounattend.xml if an unattend.xml exists
2045086 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate
2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
2047186 - When entering to a RH supported template, it changes the project (namespace) to ?OpenShift?
2051899 - 4.11.0 containers
2052094 - [rhel9-cnv] VM fails to start, virt-handler error msg: Couldn't configure ip nat rules
2052466 - Event does not include reason for inability to live migrate
2052689 - Overhead Memory consumption calculations are incorrect
2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements
2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
2056467 - virt-template-validator pods getting scheduled on the same node
2057157 - [4.10.0] HPP-CSI-PVC fails to bind PVC when node fqdn is long
2057310 - qemu-guest-agent does not report information due to selinux denials
2058149 - cluster-network-addons-operator deployment's MULTUS_IMAGE is pointing to brew image
2058925 - Must-gather: for vms with longer name, gather_vms_details fails to collect qemu, dump xml logs
2059121 - [CNV-4.11-rhel9] virt-handler pod CrashLoopBackOff state
2060485 - virtualMachine with duplicate interfaces name causes MACs to be rejected by Kubemacpool
2060585 - [SNO] Failed to find the virt-controller leader pod
2061208 - Cannot delete network Interface if VM has multiqueue for networking enabled.
2061723 - Prevent new DataImportCron to manage DataSource if multiple DataImportCron pointing to same DataSource
2063540 - [CNV-4.11] Authorization Failed When Cloning Source Namespace
2063792 - No DataImportCron for CentOS 7
2064034 - On an upgraded cluster NetworkAddonsConfig seems to be reconciling in a loop
2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression
2064936 - Migration of vm from VMware reports pvc not large enough
2065014 - Feature Highlights in CNV 4.10 contains links to 4.7
2065019 - "Running VMs per template" in the new overview tab counts VMs that are not running
2066768 - [CNV-4.11-HCO] User Cannot List Resource "namespaces" in API group
2067246 - [CNV]: Unable to ssh to Virtual Machine post changing Flavor tiny to custom
2069287 - Two annotations for VM Template provider name
2069388 - [CNV-4.11] kubemacpool-mac-controller - TLS handshake error
2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass
2070864 - non-privileged user cannot see catalog tiles
2071488 - "Migrate Node to Node" is confusing.
2071549 - [rhel-9] unable to create a non-root virt-launcher based VM
2071611 - Metrics documentation generators are missing metrics/recording rules
2071921 - Kubevirt RPM is not being built
2073669 - [rhel-9] VM fails to start
2073679 - [rhel-8] VM fails to start: missing virt-launcher-monitor downstream
2073982 - [CNV-4.11-RHEL9] 'virtctl' binary fails with 'rc1' with 'virtctl version' command
2074337 - VM created from registry cannot be started
2075200 - VLAN filtering cannot be configured with Intel X710
2075409 - [CNV-4.11-rhel9] hco-operator and hco-webhook pods CrashLoopBackOff
2076292 - Upgrade from 4.10.1->4.11 using nightly channel, is not completing with error "could not complete the upgrade process. KubeVirt is not with the expected version. Check KubeVirt observed version in the status field of its CR"
2076379 - must-gather: ruletables and qemu logs collected as a part of gather_vm_details scripts are zero bytes file
2076790 - Alert SSPDown is constantly in Firing state
2076908 - clicking on a template in the Running VMs per Template card leads to 404
2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
2078700 - Windows template boot source should be blank
2078703 - [RFE] Please hide the user defined password when customizing cloud-init
2078709 - VM conditions column have wrong key/values
2078728 - Common template rootDisk is not named correctly
2079366 - rootdisk is not able to edit
2079674 - Configuring preferred node affinity in the console results in wrong yaml and unschedulable VM
2079783 - Actions are broken in topology view
2080132 - virt-launcher logs live migration in nanoseconds if the migration is stuck
2080155 - [RFE] Provide the progress of VM migration in the source virt launcher pod
2080547 - Metrics kubevirt_hco_out_of_band_modifications_count, does not reflect correct modification count when label is added to priorityclass/kubevirt-cluster-critical in a loop
2080833 - Missing cloud init script editor in the scripts tab
2080835 - SSH key is set using cloud init script instead of new api
2081182 - VM SSH command generated by UI points at api VIP
2081202 - cloud-init for Windows VM generated with corrupted "undefined" section
2081409 - when viewing a common template details page, user need to see the message "can't edit common template" on all tabs
2081671 - SSH service created outside the UI is not discoverable
2081831 - [RFE] Improve disk hotplug UX
2082008 - LiveMigration fails due to loss of connection to destination host
2082164 - Migration progress timeout expects absolute progress
2082912 - [CNV-4.11] HCO Being Unable to Reconcile State
2083093 - VM overview tab is crashed
2083097 - ?Mount Windows drivers disk? should not show when the template is not ?windows?
2083100 - Something keeps loading in the ?node selector? modal
2083101 - ?Restore default settings? never become available while editing CPU/Memory
2083135 - VM fails to schedule with vTPM in spec
2083256 - SSP Reconcile logging improvement when CR resources are changed
2083595 - [RFE] Disable VM descheduler if the VM is not live migratable
2084102 - [e2e] Many elements are lacking proper selector like 'data-test-id' or 'data-test'
2084122 - [4.11]Clone from filesystem to block on storage api with the same size fails
2084418 - ?Invalid SSH public key format? appears when drag ssh key file to ?Authorized SSH Key? field
2084431 - User credentials for ssh is not in correct format
2084476 - The Virtual Machine Authorized SSH Key is not shown in the scripts tab.
2084532 - Console is crashed while detaching disk
2084610 - Newly added Kubevirt-plugin pod is missing resources.requests values (cpu/memory)
2085320 - Tolerations rules is not adding correctly
2085322 - Not able to stop/restart VM if the VM is staying in "Starting"
2086272 - [dark mode] Titles in Overview tab not visible enough in dark mode
2086278 - Cloud init script edit add " hostname='' " when is should not be added
2086281 - [dark mode] Helper text in Scripts tab not visible enough on dark mode
2086286 - [dark mode] The contrast of the Labels and edit labels not look good in the dark mode
2086293 - [dark mode] Titles in Parameters tab not visible enough in dark mode
2086294 - [dark mode] Can't see the number inside the donut chart in VMs per template card
2086303 - non-priv user can't create VM when namespace is not selected
2086479 - some modals use ?Save? and some modals use ?Submit?
2086486 - cluster overview getting started card include old information
2086488 - Cannot cancel vm migration if the migration pod is not schedulable in the backend
2086769 - Missing vm.kubevirt.io/template.namespace label when creating VM with the wizard
2086803 - When clonnig a template we need to update vm labels and annotaions to match new template
2086825 - VM restore PVC uses exact source PVC request size
2086849 - Create from YAML example is not runnable
2087188 - When VM is stopped - adding disk failed to show
2087189 - When VM is stopped - adding disk failed to show
2087232 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed
2087546 - "Quick Starts" is missing in Getting started card
2087547 - Activity and Status card are missing in Virtualization Overview
2087559 - template in "VMs per template" should take user to vm list page
2087566 - Remove the ?auto upload? label from template in the catalog if the auto-upload boot source not exists
2087570 - Page title should be ?VirtualMachines? and not ?Virtual Machines?
2087577 - "VMs per template" load time is a bit long
2087578 - Terminology "VM" should be "Virtual Machine" in all places
2087582 - Remove VMI and MTV from the navigation
2087583 - [RFE] Show more info about boot source in template list
2087584 - Template provider should not be mandatory
2087587 - Improve the descriptive text in the kebab menu of template
2087589 - Red icons shows in storage disk source selection without a good reason
2087590 - [REF] "Upload a new file to a PVC" should not open the form in a new tab
2087593 - "Boot method" is not a good name in overview tab
2087603 - Align details card for single VM overview with the design doc
2087616 - align the utilization card of single VM overview with the design
2087701 - [RFE] Missing a link to VMI from running VM details page
2087717 - Message when editing template boot source is wrong
2088034 - Virtualization Overview crashes when a VirtualMachine has no labels
2088355 - disk modal shows all storage classes as default
2088361 - Attached disk keeps in loading status when add disk to a power off VM by non-privileged user
2088379 - Create VM from catalog does not respect the storageclass of the template's boot source
2088407 - Missing create button in the template list
2088471 - [HPP] hostpath-provisioner-csi does not comply with restricted security context
2088472 - Golden Images import cron jobs are not getting updated on upgrade to 4.11
2088477 - [4.11.z] VMSnapshot restore fails to provision volume with size mismatch error
2088849 - "dataimportcrontemplate.kubevirt.io/enable" field does not do any validation
2089078 - ConsolePlugin kubevirt-plugin is not getting reconciled by hco
2089271 - Virtualization appears twice in sidebar
2089327 - add network modal crash when no networks available
2089376 - Virtual Machine Template without dataVolumeTemplates gets blank page
2089477 - [RFE] Allow upload source when adding VM disk
2089700 - Drive column in Disks card of Overview page has duplicated values
2089745 - When removing all disks from customize wizard app crashes
2089789 - Add windows drivers disk is missing when template is not windows
2089825 - Top consumers card on Virtualization Overview page should keep display parameters as set by user
2089836 - Card titles on single VM Overview page does not have hyperlinks to relevant pages
2089840 - Cant create snapshot if VM is without disks
2089877 - Utilization card on single VM overview - timespan menu lacks 5min option
2089932 - Top consumers card on single VM overview - View by resource dropdown menu needs an update
2089942 - Utilization card on single VM overview - trend charts at the bottom should be linked to proper metrics
2089954 - Details card on single VM overview - VNC console has grey padding
2089963 - Details card on single VM overview - Operating system info is not available
2089967 - Network Interfaces card on single VM overview - name tooltip lacks info
2089970 - Network Interfaces card on single VM overview - IP tooltip
2089972 - Disks card on single VM overview -typo
2089979 - Single VM Details - CPU|Memory edit icon misplaced
2089982 - Single VM Details - SSH modal has redundant VM name
2090035 - Alert card is missing in single VM overview
2090036 - OS should be "Operating system" and host should be "hostname" in single vm overview
2090037 - Add template link in single vm overview details card
2090038 - The update field under the version in overview should be consistent with the operator page
2090042 - Move the edit button close to the text for "boot order" and "ssh access"
2090043 - "No resource selected" in vm boot order
2090046 - Hardware devices section In the VM details and Template details should be aligned with catalog page
2090048 - "Boot mode" should be editable while VM is running
2090054 - Services ?kubernetes" and "openshift" should not be listing in vm details
2090055 - Add link to vm template in vm details page
2090056 - "Something went wrong" shows on VM "Environment" tab
2090057 - "?" icon is too big in environment and disk tab
2090059 - Failed to add configmap in environment tab due to validate error
2090064 - Miss "remote desktop" in console dropdown list for windows VM
2090066 - [RFE] Improve guest login credentials
2090068 - Make the "name" and "Source" column wider in vm disk tab
2090131 - Key's value in "add affinity rule" modal is too small
2090350 - memory leak in virt-launcher process
2091003 - SSH service is not deleted along the VM
2091058 - After VM gets deleted, the user is redirected to a page with a different namespace
2091309 - While disabling a golden image via HCO, user should not be required to enter the whole spec.
2091406 - wrong template namespace label when creating a vm with wizard
2091754 - Scheduling and scripts tab should be editable while the VM is running
2091755 - Change bottom "Save" to "Apply" on cloud-init script form
2091756 - The root disk of cloned template should be editable
2091758 - "OS" should be "Operating system" in template filter
2091760 - The provider should be empty if it's not set during cloning
2091761 - Miss "Edit labels" and "Edit annotations" in template kebab button
2091762 - Move notification above the tabs in template details page
2091764 - Clone a template should lead to the template details
2091765 - "Edit bootsource" is keeping in load in template actions dropdown
2091766 - "Are you sure you want to leave this page?" pops up when click the "Templates" link
2091853 - On Snapshot tab of single VM "Restore" button should move to the kebab actions together with the Delete
2091863 - BootSource edit modal should list affected templates
2091868 - Catalog list view has two columns named "BootSource"
2091889 - Devices should be editable for customize template
2091897 - username is missing in the generated ssh command
2091904 - VM is not started if adding "Authorized SSH Key" during vm creation
2091911 - virt-launcher pod remains as NonRoot after LiveMigrating VM from NonRoot to Root
2091940 - SSH is not enabled in vm details after restart the VM
2091945 - delete a template should lead to templates list
2091946 - Add disk modal shows wrong units
2091982 - Got a lot of "Reconciler error" in cdi-deployment log after adding custom DataImportCron to hco
2092048 - When Boot from CD is checked in customized VM creation - Disk source should be Blank
2092052 - Virtualization should be omitted in Calatog breadcrumbs
2092071 - Getting started card in Virtualization overview can not be hidden.
2092079 - Error message stays even when problematic field is dismissed
2092158 - PrometheusRule kubevirt-hyperconverged-prometheus-rule is not getting reconciled by HCO
2092228 - Ensure Machine Type for new VMs is 8.6
2092230 - [RFE] Add indication/mark to deprecated template
2092306 - VM is stucking with WaitingForVolumeBinding if creating via "Boot from CD"
2092337 - os is empty in VM details page
2092359 - [e2e] data-test-id includes all pvc name
2092654 - [RFE] No obvious way to delete the ssh key from the VM
2092662 - No url example for rhel and windows template
2092663 - no hyperlink for URL example in disk source "url"
2092664 - no hyperlink to the cdi uploadproxy URL
2092781 - Details card should be removed for non admins.
2092783 - Top consumers' card should be removed for non admins.
2092787 - Operators links should be removed from Getting started card
2092789 - "Learn more about Operators" link should lead to the Red Hat documentation
2092951 - ?Edit BootSource? action should have more explicit information when disabled
2093282 - Remove links to 'all-namespaces/' for non-privileged user
2093691 - Creation flow drawer left padding is broken
2093713 - Required fields in creation flow should be highlighted if empty
2093715 - Optional parameters section in creation flow is missing bottom padding
2093716 - CPU|Memory modal button should say "Restore template settings?
2093772 - Add a service in environment it reminds a pending change in boot order
2093773 - Console crashed if adding a service without serial number
2093866 - Cannot create vm from the template vm-template-example
2093867 - OS for template 'vm-template-example' should matching the version of the image
2094202 - Cloud-init username field should have hint
2094207 - Cloud-init password field should have auto-generate option
2094208 - SSH key input is missing validation
2094217 - YAML view should reflect shanges in SSH form
2094222 - "?" icon should be placed after red asterisk in required fields
2094323 - Workload profile should be editable in template details page
2094405 - adding resource on enviornment isnt showing on disks list when vm is running
2094440 - Utilization pie charts figures are not based on current data
2094451 - PVC selection in VM creation flow does not work for non-priv user
2094453 - CD Source selection in VM creation flow is missing Upload option
2094465 - Typo in Source tooltip
2094471 - Node selector modal for non-privileged user
2094481 - Tolerations modal for non-privileged user
2094486 - Add affinity rule modal
2094491 - Affinity rules modal button
2094495 - Descheduler modal has same text in two lines
2094646 - [e2e] Elements on scheduling tab are missing proper data-test-id
2094665 - Dedicated Resources modal for non-privileged user
2094678 - Secrets and ConfigMaps can't be added to Windows VM
2094727 - Creation flow should have VM info in header row
2094807 - hardware devices dropdown has group title even with no devices in cluster
2094813 - Cloudinit password is seen in wizard
2094848 - Details card on Overview page - 'View details' link is missing
2095125 - OS is empty in the clone modal
2095129 - "undefined" appears in rootdisk line in clone modal
2095224 - affinity modal for non-privileged users
2095529 - VM migration cancelation in kebab action should have shorter name
2095530 - Column sizes in VM list view
2095532 - Node column in VM list view is visible to non-privileged user
2095537 - Utilization card information should display pie charts as current data and sparkline charts as overtime
2095570 - Details tab of VM should not have Node info for non-privileged user
2095573 - Disks created as environment or scripts should have proper label
2095953 - VNC console controls layout
2095955 - VNC console tabs
2096166 - Template "vm-template-example" is binding with namespace "default"
2096206 - Inconsistent capitalization in Template Actions
2096208 - Templates in the catalog list is not sorted
2096263 - Incorrectly displaying units for Disks size or Memory field in various places
2096333 - virtualization overview, related operators title is not aligned
2096492 - Cannot create vm from a cloned template if its boot source is edited
2096502 - "Restore template settings" should be removed from template CPU editor
2096510 - VM can be created without any disk
2096511 - Template shows "no Boot Source" and label "Source available" at the same time
2096620 - in templates list, edit boot reference kebab action opens a modal with different title
2096781 - Remove boot source provider while edit boot source reference
2096801 - vnc thumbnail in virtual machine overview should be active on page load
2096845 - Windows template's scripts tab is crashed
2097328 - virtctl guestfs shouldn't required uid = 0
2097370 - missing titles for optional parameters in wizard customization page
2097465 - Count is not updating for 'prometheusrule' component when metrics kubevirt_hco_out_of_band_modifications_count executed
2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP
2098134 - "Workload profile" column is not showing completely in template list
2098135 - Workload is not showing correct in catalog after change the template's workload
2098282 - Javascript error when changing boot source of custom template to be an uploaded file
2099443 - No "Quick create virtualmachine" button for template 'vm-template-example'
2099533 - ConsoleQuickStart for HCO CR's VM is missing
2099535 - The cdi-uploadproxy certificate url should be opened in a new tab
2099539 - No storage option for upload while editing a disk
2099566 - Cloudinit should be replaced by cloud-init in all places
2099608 - "DynamicB" shows in vm-example disk size
2099633 - Doc links needs to be updated
2099639 - Remove user line from the ssh command section
2099802 - Details card link shouldn't be hard-coded
2100054 - Windows VM with WSL2 guest fails to migrate
2100284 - Virtualization overview is crashed
2100415 - HCO is taking too much time for reconciling kubevirt-plugin deployment
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode
2101192 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP
2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page
2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user
2101485 - Cloudinit should be replaced by cloud-init in all places
2101628 - non-priv user cannot load dataSource while edit template's rootdisk
2101954 - [4.11]Smart clone and csi clone leaves tmp unbound PVC and ObjectTransfer
2102076 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page
2102116 - [e2e] elements on Template Scheduling tab are missing proper data-test-id
2102117 - [e2e] elements on VM Scripts tab are missing proper data-test-id
2102122 - non-priv user cannot load dataSource while edit template's rootdisk
2102124 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user
2102125 - vm clone modal is displaying DV size instead of PVC size
2102127 - Cannot add NIC to VM template as non-priv user
2102129 - All templates are labeling "source available" in template list page
2102131 - The number of hardware devices is not correct in vm overview tab
2102135 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode
2102143 - vm clone modal is displaying DV size instead of PVC size
2102256 - Add button moved to right
2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal
2102543 - Add button moved to right
2102544 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal
2102545 - VM filter has two "Other" checkboxes which are triggered together
2104617 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed
2106175 - All pages are crashed after visit Virtualization -> Overview
2106258 - All pages are crashed after visit Virtualization -> Overview
2110178 - [Docs] Text repetition in Virtual Disk Hot plug instructions
2111359 - kubevirt plugin console is crashed after creating a vm with 2 nics
2111562 - kubevirt plugin console crashed after visit vmi page
2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs
- References:
https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-17541 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-35492 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-4115 https://access.redhat.com/security/cve/CVE-2021-4189 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-25219 https://access.redhat.com/security/cve/CVE-2021-31535 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-38185 https://access.redhat.com/security/cve/CVE-2021-38561 https://access.redhat.com/security/cve/CVE-2021-40528 https://access.redhat.com/security/cve/CVE-2021-43527 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-1621 https://access.redhat.com/security/cve/CVE-2022-1629 https://access.redhat.com/security/cve/CVE-2022-1798 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-2097 https://access.redhat.com/security/cve/CVE-2022-21698 https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-23772 https://access.redhat.com/security/cve/CVE-2022-23773 https://access.redhat.com/security/cve/CVE-2022-23806 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/cve/CVE-2022-24675 https://access.redhat.com/security/cve/CVE-2022-24921 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-27191 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/cve/CVE-2022-28327 https://access.redhat.com/security/cve/CVE-2022-29824 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYyJ8IdzjgjWX9erEAQh2Dw/+M+tknCYULLILonF1TEVyD12Yyo+Pabbt a4YQUX2aFlmhOOaVBRXwDMrIPJi/Mi52+Kh05PE4/q2RndH/UbY/SfmtV70UTgiO gb7r+w86fTMHc8h60G9rYfmuVvqgL1HWg7HImJHxtB5DHFcbwtUmB3/nJ5O2oiGn oQdcr2KWA0UjVqv13VffBdkYRbTREJdF/7+2eJDKvFjNiKZYxNw4tBYxgEGcasU/ W61U+E8VU9uRHwtQOUvsOM8ga+3m/qyV8eov4BjmoEUUJYJeqI7hDhn8/GBtMJgb zKL1F3+PgEVyxoZsIKT3YJTLKJd1JLdIEe05fInlcoDSnNU3WZQhNKDZzusW4Mkg B9mwZAhicKGlUNzpt3qp9clq9j/fH1IjS7PetaEBcpr9xeH8VglDLHmNqoMoNmO8 S74c2v3tl6/VnqsYo+jrLLQHbfwrbxCNi1ROpSzr2CD5E9wcyrRS9IBacZKEMYe1 810o/o7T64G9+7xy/5IkPb4lEb3fKC5huBhwZKTjJJQtl6ojLSLXECFR8+1wQTTi LD0EAKjZhVtaMDJVRCo4jL2e2cdfGHJkeIYRzcqo6EmuFzVZYUrPsqyXzERQ6+r9 ayXDJs6y+3BakK/TZi8H3jkE23POT8OqEOR34bGrcaW1BvAEG0GejXh4qEJmzhlg Jpmb+NWHfF0VHM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - noarch
- The mingw-expat packages provide a port of the Expat library for MinGW.
The following packages have been upgraded to a later upstream version: mingw-expat (2.4.8).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64
- Description:
Expat is a C library for parsing XML documents.
Security Fix(es):
-
expat: stack exhaustion in doctype parsing (CVE-2022-25313)
-
expat: integer overflow in copyString() (CVE-2022-25314)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2056350 - CVE-2022-25313 expat: stack exhaustion in doctype parsing 2056354 - CVE-2022-25314 expat: integer overflow in copyString()
- Package List:
Red Hat Enterprise Linux AppStream (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
7
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0163",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sinema remote connect server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "libexpat",
"scope": "lt",
"trust": 1.0,
"vendor": "libexpat",
"version": "2.4.5"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "zfs storage appliance kit",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle http server",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "sinema remote connect server",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "libexpat",
"scope": null,
"trust": 0.8,
"vendor": "libexpat",
"version": null
},
{
"model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003477"
},
{
"db": "NVD",
"id": "CVE-2022-25313"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "168392"
},
{
"db": "PACKETSTORM",
"id": "169777"
},
{
"db": "PACKETSTORM",
"id": "167984"
},
{
"db": "PACKETSTORM",
"id": "167671"
}
],
"trust": 0.5
},
"cve": "CVE-2022-25313",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-25313",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-415280",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2022-25313",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-25313",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-25313",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-25313",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULHUB",
"id": "VHN-415280",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-25313",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415280"
},
{
"db": "VULMON",
"id": "CVE-2022-25313"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003477"
},
{
"db": "NVD",
"id": "CVE-2022-25313"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. Expat ( alias libexpat) Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202209-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Expat: Multiple Vulnerabilities\n Date: September 29, 2022\n Bugs: #791703, #830422, #831918, #833431, #870097\n ID: 202209-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Expat, the worst of\nwhich could result in arbitrary code execution. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/expat \u003c 2.4.9 \u003e= 2.4.9\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Expat. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Expat users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e\\xdev-libs/expat-2.4.9\"\n\nReferences\n=========\n[ 1 ] CVE-2021-45960\n https://nvd.nist.gov/vuln/detail/CVE-2021-45960\n[ 2 ] CVE-2021-46143\n https://nvd.nist.gov/vuln/detail/CVE-2021-46143\n[ 3 ] CVE-2022-22822\n https://nvd.nist.gov/vuln/detail/CVE-2022-22822\n[ 4 ] CVE-2022-22823\n https://nvd.nist.gov/vuln/detail/CVE-2022-22823\n[ 5 ] CVE-2022-22824\n https://nvd.nist.gov/vuln/detail/CVE-2022-22824\n[ 6 ] CVE-2022-22825\n https://nvd.nist.gov/vuln/detail/CVE-2022-22825\n[ 7 ] CVE-2022-22826\n https://nvd.nist.gov/vuln/detail/CVE-2022-22826\n[ 8 ] CVE-2022-22827\n https://nvd.nist.gov/vuln/detail/CVE-2022-22827\n[ 9 ] CVE-2022-23852\n https://nvd.nist.gov/vuln/detail/CVE-2022-23852\n[ 10 ] CVE-2022-23990\n https://nvd.nist.gov/vuln/detail/CVE-2022-23990\n[ 11 ] CVE-2022-25235\n https://nvd.nist.gov/vuln/detail/CVE-2022-25235\n[ 12 ] CVE-2022-25236\n https://nvd.nist.gov/vuln/detail/CVE-2022-25236\n[ 13 ] CVE-2022-25313\n https://nvd.nist.gov/vuln/detail/CVE-2022-25313\n[ 14 ] CVE-2022-25314\n https://nvd.nist.gov/vuln/detail/CVE-2022-25314\n[ 15 ] CVE-2022-25315\n https://nvd.nist.gov/vuln/detail/CVE-2022-25315\n[ 16 ] CVE-2022-40674\n https://nvd.nist.gov/vuln/detail/CVE-2022-40674\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202209-24\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.12 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity fix:\n\n* CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\nBug fixes:\n\n* Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856)\n\n* RHACM 2.3.12 images (BZ# 2101411)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation\n2101411 - RHACM 2.3.12 images\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: OpenShift Virtualization 4.11.0 Images security and bug fix update\nAdvisory ID: RHSA-2022:6526-01\nProduct: cnv\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6526\nIssue date: 2022-09-14\nCVE Names: CVE-2018-25032 CVE-2019-5827 CVE-2019-13750\n CVE-2019-13751 CVE-2019-17594 CVE-2019-17595\n CVE-2019-18218 CVE-2019-19603 CVE-2019-20838\n CVE-2020-13435 CVE-2020-14155 CVE-2020-17541\n CVE-2020-24370 CVE-2020-35492 CVE-2021-3580\n CVE-2021-3634 CVE-2021-3737 CVE-2021-4115\n CVE-2021-4189 CVE-2021-20231 CVE-2021-20232\n CVE-2021-23177 CVE-2021-25219 CVE-2021-31535\n CVE-2021-31566 CVE-2021-36084 CVE-2021-36085\n CVE-2021-36086 CVE-2021-36087 CVE-2021-38185\n CVE-2021-38561 CVE-2021-40528 CVE-2021-43527\n CVE-2021-44716 CVE-2021-44717 CVE-2022-0778\n CVE-2022-1271 CVE-2022-1292 CVE-2022-1621\n CVE-2022-1629 CVE-2022-1798 CVE-2022-2068\n CVE-2022-2097 CVE-2022-21698 CVE-2022-22576\n CVE-2022-23772 CVE-2022-23773 CVE-2022-23806\n CVE-2022-24407 CVE-2022-24675 CVE-2022-24921\n CVE-2022-25313 CVE-2022-25314 CVE-2022-27191\n CVE-2022-27774 CVE-2022-27776 CVE-2022-27782\n CVE-2022-28327 CVE-2022-29824\n====================================================================\n1. Summary:\n\nRed Hat OpenShift Virtualization release 4.11.0 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nOpenShift Virtualization is Red Hat\u0027s virtualization solution designed for\nRed Hat OpenShift Container Platform. \n\nThis advisory contains the following OpenShift Virtualization 4.11.0\nimages:\n\nRHEL-8-CNV-4.11\n==============hostpath-provisioner-container-v4.11.0-21\nkubevirt-tekton-tasks-operator-container-v4.11.0-29\nkubevirt-template-validator-container-v4.11.0-17\nbridge-marker-container-v4.11.0-26\nhostpath-csi-driver-container-v4.11.0-21\ncluster-network-addons-operator-container-v4.11.0-26\novs-cni-marker-container-v4.11.0-26\nvirtio-win-container-v4.11.0-16\novs-cni-plugin-container-v4.11.0-26\nkubemacpool-container-v4.11.0-26\nhostpath-provisioner-operator-container-v4.11.0-24\ncnv-containernetworking-plugins-container-v4.11.0-26\nkubevirt-ssp-operator-container-v4.11.0-54\nvirt-cdi-uploadserver-container-v4.11.0-59\nvirt-cdi-cloner-container-v4.11.0-59\nvirt-cdi-operator-container-v4.11.0-59\nvirt-cdi-importer-container-v4.11.0-59\nvirt-cdi-uploadproxy-container-v4.11.0-59\nvirt-cdi-controller-container-v4.11.0-59\nvirt-cdi-apiserver-container-v4.11.0-59\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.0-7\ncheckup-framework-container-v4.11.0-67\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7\nvm-network-latency-checkup-container-v4.11.0-67\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7\nhyperconverged-cluster-webhook-container-v4.11.0-95\ncnv-must-gather-container-v4.11.0-62\nhyperconverged-cluster-operator-container-v4.11.0-95\nkubevirt-console-plugin-container-v4.11.0-83\nvirt-controller-container-v4.11.0-105\nvirt-handler-container-v4.11.0-105\nvirt-operator-container-v4.11.0-105\nvirt-launcher-container-v4.11.0-105\nvirt-artifacts-server-container-v4.11.0-105\nvirt-api-container-v4.11.0-105\nlibguestfs-tools-container-v4.11.0-105\nhco-bundle-registry-container-v4.11.0-587\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n(CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* prometheus/client_golang: Denial of service using\nInstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled\noverflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect\naccess control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field\nelements (CVE-2022-23806)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: regexp: stack exhaustion via a deeply nested expression\n(CVE-2022-24921)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* golang: crypto/elliptic: panic caused by oversized scalar\n(CVE-2022-28327)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1937609 - VM cannot be restarted\n1945593 - Live migration should be blocked for VMs with host devices\n1968514 - [RFE] Add cancel migration action to virtctl\n1993109 - CNV MacOS Client not signed\n1994604 - [RFE] - Add a feature to virtctl to print out a message if virtctl is a different version than the server side\n2001385 - no \"name\" label in virt-operator pod\n2009793 - KBase to clarify nested support status is missing\n2010318 - with sysprep config data as cfgmap volume and as cdrom disk a windows10 VMI fails to LiveMigrate\n2025276 - No permissions when trying to clone to a different namespace (as Kubeadmin)\n2025401 - [TEST ONLY] [CNV+OCS/ODF] Virtualization poison pill implemenation\n2026357 - Migration in sequence can be reported as failed even when it succeeded\n2029349 - cluster-network-addons-operator does not serve metrics through HTTPS\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2031857 - Add annotation for URL to download the image\n2033077 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate\n2035344 - kubemacpool-mac-controller-manager not ready\n2036676 - NoReadyVirtController and NoReadyVirtOperator are never triggered\n2039976 - Pod stuck in \"Terminating\" state when removing VM with kernel boot and container disks\n2040766 - A crashed Windows VM cannot be restarted with virtctl or the UI\n2041467 - [SSP] Support custom DataImportCron creating in custom namespaces\n2042402 - LiveMigration with postcopy misbehave when failure occurs\n2042809 - sysprep disk requires autounattend.xml if an unattend.xml exists\n2045086 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2047186 - When entering to a RH supported template, it changes the project (namespace) to ?OpenShift?\n2051899 - 4.11.0 containers\n2052094 - [rhel9-cnv] VM fails to start, virt-handler error msg: Couldn\u0027t configure ip nat rules\n2052466 - Event does not include reason for inability to live migrate\n2052689 - Overhead Memory consumption calculations are incorrect\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2056467 - virt-template-validator pods getting scheduled on the same node\n2057157 - [4.10.0] HPP-CSI-PVC fails to bind PVC when node fqdn is long\n2057310 - qemu-guest-agent does not report information due to selinux denials\n2058149 - cluster-network-addons-operator deployment\u0027s MULTUS_IMAGE is pointing to brew image\n2058925 - Must-gather: for vms with longer name, gather_vms_details fails to collect qemu, dump xml logs\n2059121 - [CNV-4.11-rhel9] virt-handler pod CrashLoopBackOff state\n2060485 - virtualMachine with duplicate interfaces name causes MACs to be rejected by Kubemacpool\n2060585 - [SNO] Failed to find the virt-controller leader pod\n2061208 - Cannot delete network Interface if VM has multiqueue for networking enabled. \n2061723 - Prevent new DataImportCron to manage DataSource if multiple DataImportCron pointing to same DataSource\n2063540 - [CNV-4.11] Authorization Failed When Cloning Source Namespace\n2063792 - No DataImportCron for CentOS 7\n2064034 - On an upgraded cluster NetworkAddonsConfig seems to be reconciling in a loop\n2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server\n2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression\n2064936 - Migration of vm from VMware reports pvc not large enough\n2065014 - Feature Highlights in CNV 4.10 contains links to 4.7\n2065019 - \"Running VMs per template\" in the new overview tab counts VMs that are not running\n2066768 - [CNV-4.11-HCO] User Cannot List Resource \"namespaces\" in API group\n2067246 - [CNV]: Unable to ssh to Virtual Machine post changing Flavor tiny to custom\n2069287 - Two annotations for VM Template provider name\n2069388 - [CNV-4.11] kubemacpool-mac-controller - TLS handshake error\n2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2070864 - non-privileged user cannot see catalog tiles\n2071488 - \"Migrate Node to Node\" is confusing. \n2071549 - [rhel-9] unable to create a non-root virt-launcher based VM\n2071611 - Metrics documentation generators are missing metrics/recording rules\n2071921 - Kubevirt RPM is not being built\n2073669 - [rhel-9] VM fails to start\n2073679 - [rhel-8] VM fails to start: missing virt-launcher-monitor downstream\n2073982 - [CNV-4.11-RHEL9] \u0027virtctl\u0027 binary fails with \u0027rc1\u0027 with \u0027virtctl version\u0027 command\n2074337 - VM created from registry cannot be started\n2075200 - VLAN filtering cannot be configured with Intel X710\n2075409 - [CNV-4.11-rhel9] hco-operator and hco-webhook pods CrashLoopBackOff\n2076292 - Upgrade from 4.10.1-\u003e4.11 using nightly channel, is not completing with error \"could not complete the upgrade process. KubeVirt is not with the expected version. Check KubeVirt observed version in the status field of its CR\"\n2076379 - must-gather: ruletables and qemu logs collected as a part of gather_vm_details scripts are zero bytes file\n2076790 - Alert SSPDown is constantly in Firing state\n2076908 - clicking on a template in the Running VMs per Template card leads to 404\n2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode\n2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar\n2078700 - Windows template boot source should be blank\n2078703 - [RFE] Please hide the user defined password when customizing cloud-init\n2078709 - VM conditions column have wrong key/values\n2078728 - Common template rootDisk is not named correctly\n2079366 - rootdisk is not able to edit\n2079674 - Configuring preferred node affinity in the console results in wrong yaml and unschedulable VM\n2079783 - Actions are broken in topology view\n2080132 - virt-launcher logs live migration in nanoseconds if the migration is stuck\n2080155 - [RFE] Provide the progress of VM migration in the source virt launcher pod\n2080547 - Metrics kubevirt_hco_out_of_band_modifications_count, does not reflect correct modification count when label is added to priorityclass/kubevirt-cluster-critical in a loop\n2080833 - Missing cloud init script editor in the scripts tab\n2080835 - SSH key is set using cloud init script instead of new api\n2081182 - VM SSH command generated by UI points at api VIP\n2081202 - cloud-init for Windows VM generated with corrupted \"undefined\" section\n2081409 - when viewing a common template details page, user need to see the message \"can\u0027t edit common template\" on all tabs\n2081671 - SSH service created outside the UI is not discoverable\n2081831 - [RFE] Improve disk hotplug UX\n2082008 - LiveMigration fails due to loss of connection to destination host\n2082164 - Migration progress timeout expects absolute progress\n2082912 - [CNV-4.11] HCO Being Unable to Reconcile State\n2083093 - VM overview tab is crashed\n2083097 - ?Mount Windows drivers disk? should not show when the template is not ?windows?\n2083100 - Something keeps loading in the ?node selector? modal\n2083101 - ?Restore default settings? never become available while editing CPU/Memory\n2083135 - VM fails to schedule with vTPM in spec\n2083256 - SSP Reconcile logging improvement when CR resources are changed\n2083595 - [RFE] Disable VM descheduler if the VM is not live migratable\n2084102 - [e2e] Many elements are lacking proper selector like \u0027data-test-id\u0027 or \u0027data-test\u0027\n2084122 - [4.11]Clone from filesystem to block on storage api with the same size fails\n2084418 - ?Invalid SSH public key format? appears when drag ssh key file to ?Authorized SSH Key? field\n2084431 - User credentials for ssh is not in correct format\n2084476 - The Virtual Machine Authorized SSH Key is not shown in the scripts tab. \n2084532 - Console is crashed while detaching disk\n2084610 - Newly added Kubevirt-plugin pod is missing resources.requests values (cpu/memory)\n2085320 - Tolerations rules is not adding correctly\n2085322 - Not able to stop/restart VM if the VM is staying in \"Starting\"\n2086272 - [dark mode] Titles in Overview tab not visible enough in dark mode\n2086278 - Cloud init script edit add \" hostname=\u0027\u0027 \" when is should not be added\n2086281 - [dark mode] Helper text in Scripts tab not visible enough on dark mode\n2086286 - [dark mode] The contrast of the Labels and edit labels not look good in the dark mode\n2086293 - [dark mode] Titles in Parameters tab not visible enough in dark mode\n2086294 - [dark mode] Can\u0027t see the number inside the donut chart in VMs per template card\n2086303 - non-priv user can\u0027t create VM when namespace is not selected\n2086479 - some modals use ?Save? and some modals use ?Submit?\n2086486 - cluster overview getting started card include old information\n2086488 - Cannot cancel vm migration if the migration pod is not schedulable in the backend\n2086769 - Missing vm.kubevirt.io/template.namespace label when creating VM with the wizard\n2086803 - When clonnig a template we need to update vm labels and annotaions to match new template\n2086825 - VM restore PVC uses exact source PVC request size\n2086849 - Create from YAML example is not runnable\n2087188 - When VM is stopped - adding disk failed to show\n2087189 - When VM is stopped - adding disk failed to show\n2087232 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed\n2087546 - \"Quick Starts\" is missing in Getting started card\n2087547 - Activity and Status card are missing in Virtualization Overview\n2087559 - template in \"VMs per template\" should take user to vm list page\n2087566 - Remove the ?auto upload? label from template in the catalog if the auto-upload boot source not exists\n2087570 - Page title should be ?VirtualMachines? and not ?Virtual Machines?\n2087577 - \"VMs per template\" load time is a bit long\n2087578 - Terminology \"VM\" should be \"Virtual Machine\" in all places\n2087582 - Remove VMI and MTV from the navigation\n2087583 - [RFE] Show more info about boot source in template list\n2087584 - Template provider should not be mandatory\n2087587 - Improve the descriptive text in the kebab menu of template\n2087589 - Red icons shows in storage disk source selection without a good reason\n2087590 - [REF] \"Upload a new file to a PVC\" should not open the form in a new tab\n2087593 - \"Boot method\" is not a good name in overview tab\n2087603 - Align details card for single VM overview with the design doc\n2087616 - align the utilization card of single VM overview with the design\n2087701 - [RFE] Missing a link to VMI from running VM details page\n2087717 - Message when editing template boot source is wrong\n2088034 - Virtualization Overview crashes when a VirtualMachine has no labels\n2088355 - disk modal shows all storage classes as default\n2088361 - Attached disk keeps in loading status when add disk to a power off VM by non-privileged user\n2088379 - Create VM from catalog does not respect the storageclass of the template\u0027s boot source\n2088407 - Missing create button in the template list\n2088471 - [HPP] hostpath-provisioner-csi does not comply with restricted security context\n2088472 - Golden Images import cron jobs are not getting updated on upgrade to 4.11\n2088477 - [4.11.z] VMSnapshot restore fails to provision volume with size mismatch error\n2088849 - \"dataimportcrontemplate.kubevirt.io/enable\" field does not do any validation\n2089078 - ConsolePlugin kubevirt-plugin is not getting reconciled by hco\n2089271 - Virtualization appears twice in sidebar\n2089327 - add network modal crash when no networks available\n2089376 - Virtual Machine Template without dataVolumeTemplates gets blank page\n2089477 - [RFE] Allow upload source when adding VM disk\n2089700 - Drive column in Disks card of Overview page has duplicated values\n2089745 - When removing all disks from customize wizard app crashes\n2089789 - Add windows drivers disk is missing when template is not windows\n2089825 - Top consumers card on Virtualization Overview page should keep display parameters as set by user\n2089836 - Card titles on single VM Overview page does not have hyperlinks to relevant pages\n2089840 - Cant create snapshot if VM is without disks\n2089877 - Utilization card on single VM overview - timespan menu lacks 5min option\n2089932 - Top consumers card on single VM overview - View by resource dropdown menu needs an update\n2089942 - Utilization card on single VM overview - trend charts at the bottom should be linked to proper metrics\n2089954 - Details card on single VM overview - VNC console has grey padding\n2089963 - Details card on single VM overview - Operating system info is not available\n2089967 - Network Interfaces card on single VM overview - name tooltip lacks info\n2089970 - Network Interfaces card on single VM overview - IP tooltip\n2089972 - Disks card on single VM overview -typo\n2089979 - Single VM Details - CPU|Memory edit icon misplaced\n2089982 - Single VM Details - SSH modal has redundant VM name\n2090035 - Alert card is missing in single VM overview\n2090036 - OS should be \"Operating system\" and host should be \"hostname\" in single vm overview\n2090037 - Add template link in single vm overview details card\n2090038 - The update field under the version in overview should be consistent with the operator page\n2090042 - Move the edit button close to the text for \"boot order\" and \"ssh access\"\n2090043 - \"No resource selected\" in vm boot order\n2090046 - Hardware devices section In the VM details and Template details should be aligned with catalog page\n2090048 - \"Boot mode\" should be editable while VM is running\n2090054 - Services ?kubernetes\" and \"openshift\" should not be listing in vm details\n2090055 - Add link to vm template in vm details page\n2090056 - \"Something went wrong\" shows on VM \"Environment\" tab\n2090057 - \"?\" icon is too big in environment and disk tab\n2090059 - Failed to add configmap in environment tab due to validate error\n2090064 - Miss \"remote desktop\" in console dropdown list for windows VM\n2090066 - [RFE] Improve guest login credentials\n2090068 - Make the \"name\" and \"Source\" column wider in vm disk tab\n2090131 - Key\u0027s value in \"add affinity rule\" modal is too small\n2090350 - memory leak in virt-launcher process\n2091003 - SSH service is not deleted along the VM\n2091058 - After VM gets deleted, the user is redirected to a page with a different namespace\n2091309 - While disabling a golden image via HCO, user should not be required to enter the whole spec. \n2091406 - wrong template namespace label when creating a vm with wizard\n2091754 - Scheduling and scripts tab should be editable while the VM is running\n2091755 - Change bottom \"Save\" to \"Apply\" on cloud-init script form\n2091756 - The root disk of cloned template should be editable\n2091758 - \"OS\" should be \"Operating system\" in template filter\n2091760 - The provider should be empty if it\u0027s not set during cloning\n2091761 - Miss \"Edit labels\" and \"Edit annotations\" in template kebab button\n2091762 - Move notification above the tabs in template details page\n2091764 - Clone a template should lead to the template details\n2091765 - \"Edit bootsource\" is keeping in load in template actions dropdown\n2091766 - \"Are you sure you want to leave this page?\" pops up when click the \"Templates\" link\n2091853 - On Snapshot tab of single VM \"Restore\" button should move to the kebab actions together with the Delete\n2091863 - BootSource edit modal should list affected templates\n2091868 - Catalog list view has two columns named \"BootSource\"\n2091889 - Devices should be editable for customize template\n2091897 - username is missing in the generated ssh command\n2091904 - VM is not started if adding \"Authorized SSH Key\" during vm creation\n2091911 - virt-launcher pod remains as NonRoot after LiveMigrating VM from NonRoot to Root\n2091940 - SSH is not enabled in vm details after restart the VM\n2091945 - delete a template should lead to templates list\n2091946 - Add disk modal shows wrong units\n2091982 - Got a lot of \"Reconciler error\" in cdi-deployment log after adding custom DataImportCron to hco\n2092048 - When Boot from CD is checked in customized VM creation - Disk source should be Blank\n2092052 - Virtualization should be omitted in Calatog breadcrumbs\n2092071 - Getting started card in Virtualization overview can not be hidden. \n2092079 - Error message stays even when problematic field is dismissed\n2092158 - PrometheusRule kubevirt-hyperconverged-prometheus-rule is not getting reconciled by HCO\n2092228 - Ensure Machine Type for new VMs is 8.6\n2092230 - [RFE] Add indication/mark to deprecated template\n2092306 - VM is stucking with WaitingForVolumeBinding if creating via \"Boot from CD\"\n2092337 - os is empty in VM details page\n2092359 - [e2e] data-test-id includes all pvc name\n2092654 - [RFE] No obvious way to delete the ssh key from the VM\n2092662 - No url example for rhel and windows template\n2092663 - no hyperlink for URL example in disk source \"url\"\n2092664 - no hyperlink to the cdi uploadproxy URL\n2092781 - Details card should be removed for non admins. \n2092783 - Top consumers\u0027 card should be removed for non admins. \n2092787 - Operators links should be removed from Getting started card\n2092789 - \"Learn more about Operators\" link should lead to the Red Hat documentation\n2092951 - ?Edit BootSource? action should have more explicit information when disabled\n2093282 - Remove links to \u0027all-namespaces/\u0027 for non-privileged user\n2093691 - Creation flow drawer left padding is broken\n2093713 - Required fields in creation flow should be highlighted if empty\n2093715 - Optional parameters section in creation flow is missing bottom padding\n2093716 - CPU|Memory modal button should say \"Restore template settings?\n2093772 - Add a service in environment it reminds a pending change in boot order\n2093773 - Console crashed if adding a service without serial number\n2093866 - Cannot create vm from the template `vm-template-example`\n2093867 - OS for template \u0027vm-template-example\u0027 should matching the version of the image\n2094202 - Cloud-init username field should have hint\n2094207 - Cloud-init password field should have auto-generate option\n2094208 - SSH key input is missing validation\n2094217 - YAML view should reflect shanges in SSH form\n2094222 - \"?\" icon should be placed after red asterisk in required fields\n2094323 - Workload profile should be editable in template details page\n2094405 - adding resource on enviornment isnt showing on disks list when vm is running\n2094440 - Utilization pie charts figures are not based on current data\n2094451 - PVC selection in VM creation flow does not work for non-priv user\n2094453 - CD Source selection in VM creation flow is missing Upload option\n2094465 - Typo in Source tooltip\n2094471 - Node selector modal for non-privileged user\n2094481 - Tolerations modal for non-privileged user\n2094486 - Add affinity rule modal\n2094491 - Affinity rules modal button\n2094495 - Descheduler modal has same text in two lines\n2094646 - [e2e] Elements on scheduling tab are missing proper data-test-id\n2094665 - Dedicated Resources modal for non-privileged user\n2094678 - Secrets and ConfigMaps can\u0027t be added to Windows VM\n2094727 - Creation flow should have VM info in header row\n2094807 - hardware devices dropdown has group title even with no devices in cluster\n2094813 - Cloudinit password is seen in wizard\n2094848 - Details card on Overview page - \u0027View details\u0027 link is missing\n2095125 - OS is empty in the clone modal\n2095129 - \"undefined\" appears in rootdisk line in clone modal\n2095224 - affinity modal for non-privileged users\n2095529 - VM migration cancelation in kebab action should have shorter name\n2095530 - Column sizes in VM list view\n2095532 - Node column in VM list view is visible to non-privileged user\n2095537 - Utilization card information should display pie charts as current data and sparkline charts as overtime\n2095570 - Details tab of VM should not have Node info for non-privileged user\n2095573 - Disks created as environment or scripts should have proper label\n2095953 - VNC console controls layout\n2095955 - VNC console tabs\n2096166 - Template \"vm-template-example\" is binding with namespace \"default\"\n2096206 - Inconsistent capitalization in Template Actions\n2096208 - Templates in the catalog list is not sorted\n2096263 - Incorrectly displaying units for Disks size or Memory field in various places\n2096333 - virtualization overview, related operators title is not aligned\n2096492 - Cannot create vm from a cloned template if its boot source is edited\n2096502 - \"Restore template settings\" should be removed from template CPU editor\n2096510 - VM can be created without any disk\n2096511 - Template shows \"no Boot Source\" and label \"Source available\" at the same time\n2096620 - in templates list, edit boot reference kebab action opens a modal with different title\n2096781 - Remove boot source provider while edit boot source reference\n2096801 - vnc thumbnail in virtual machine overview should be active on page load\n2096845 - Windows template\u0027s scripts tab is crashed\n2097328 - virtctl guestfs shouldn\u0027t required uid = 0\n2097370 - missing titles for optional parameters in wizard customization page\n2097465 - Count is not updating for \u0027prometheusrule\u0027 component when metrics kubevirt_hco_out_of_band_modifications_count executed\n2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2098134 - \"Workload profile\" column is not showing completely in template list\n2098135 - Workload is not showing correct in catalog after change the template\u0027s workload\n2098282 - Javascript error when changing boot source of custom template to be an uploaded file\n2099443 - No \"Quick create virtualmachine\" button for template \u0027vm-template-example\u0027\n2099533 - ConsoleQuickStart for HCO CR\u0027s VM is missing\n2099535 - The cdi-uploadproxy certificate url should be opened in a new tab\n2099539 - No storage option for upload while editing a disk\n2099566 - Cloudinit should be replaced by cloud-init in all places\n2099608 - \"DynamicB\" shows in vm-example disk size\n2099633 - Doc links needs to be updated\n2099639 - Remove user line from the ssh command section\n2099802 - Details card link shouldn\u0027t be hard-coded\n2100054 - Windows VM with WSL2 guest fails to migrate\n2100284 - Virtualization overview is crashed\n2100415 - HCO is taking too much time for reconciling kubevirt-plugin deployment\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2101192 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2101454 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2101485 - Cloudinit should be replaced by cloud-init in all places\n2101628 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2101954 - [4.11]Smart clone and csi clone leaves tmp unbound PVC and ObjectTransfer\n2102076 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2102116 - [e2e] elements on Template Scheduling tab are missing proper data-test-id\n2102117 - [e2e] elements on VM Scripts tab are missing proper data-test-id\n2102122 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2102124 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2102125 - vm clone modal is displaying DV size instead of PVC size\n2102127 - Cannot add NIC to VM template as non-priv user\n2102129 - All templates are labeling \"source available\" in template list page\n2102131 - The number of hardware devices is not correct in vm overview tab\n2102135 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2102143 - vm clone modal is displaying DV size instead of PVC size\n2102256 - Add button moved to right\n2102448 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102543 - Add button moved to right\n2102544 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102545 - VM filter has two \"Other\" checkboxes which are triggered together\n2104617 - Storage status report \"OpenShift Data Foundation is not available\" even the operator is installed\n2106175 - All pages are crashed after visit Virtualization -\u003e Overview\n2106258 - All pages are crashed after visit Virtualization -\u003e Overview\n2110178 - [Docs] Text repetition in Virtual Disk Hot plug instructions\n2111359 - kubevirt plugin console is crashed after creating a vm with 2 nics\n2111562 - kubevirt plugin console crashed after visit vmi page\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-25032\nhttps://access.redhat.com/security/cve/CVE-2019-5827\nhttps://access.redhat.com/security/cve/CVE-2019-13750\nhttps://access.redhat.com/security/cve/CVE-2019-13751\nhttps://access.redhat.com/security/cve/CVE-2019-17594\nhttps://access.redhat.com/security/cve/CVE-2019-17595\nhttps://access.redhat.com/security/cve/CVE-2019-18218\nhttps://access.redhat.com/security/cve/CVE-2019-19603\nhttps://access.redhat.com/security/cve/CVE-2019-20838\nhttps://access.redhat.com/security/cve/CVE-2020-13435\nhttps://access.redhat.com/security/cve/CVE-2020-14155\nhttps://access.redhat.com/security/cve/CVE-2020-17541\nhttps://access.redhat.com/security/cve/CVE-2020-24370\nhttps://access.redhat.com/security/cve/CVE-2020-35492\nhttps://access.redhat.com/security/cve/CVE-2021-3580\nhttps://access.redhat.com/security/cve/CVE-2021-3634\nhttps://access.redhat.com/security/cve/CVE-2021-3737\nhttps://access.redhat.com/security/cve/CVE-2021-4115\nhttps://access.redhat.com/security/cve/CVE-2021-4189\nhttps://access.redhat.com/security/cve/CVE-2021-20231\nhttps://access.redhat.com/security/cve/CVE-2021-20232\nhttps://access.redhat.com/security/cve/CVE-2021-23177\nhttps://access.redhat.com/security/cve/CVE-2021-25219\nhttps://access.redhat.com/security/cve/CVE-2021-31535\nhttps://access.redhat.com/security/cve/CVE-2021-31566\nhttps://access.redhat.com/security/cve/CVE-2021-36084\nhttps://access.redhat.com/security/cve/CVE-2021-36085\nhttps://access.redhat.com/security/cve/CVE-2021-36086\nhttps://access.redhat.com/security/cve/CVE-2021-36087\nhttps://access.redhat.com/security/cve/CVE-2021-38185\nhttps://access.redhat.com/security/cve/CVE-2021-38561\nhttps://access.redhat.com/security/cve/CVE-2021-40528\nhttps://access.redhat.com/security/cve/CVE-2021-43527\nhttps://access.redhat.com/security/cve/CVE-2021-44716\nhttps://access.redhat.com/security/cve/CVE-2021-44717\nhttps://access.redhat.com/security/cve/CVE-2022-0778\nhttps://access.redhat.com/security/cve/CVE-2022-1271\nhttps://access.redhat.com/security/cve/CVE-2022-1292\nhttps://access.redhat.com/security/cve/CVE-2022-1621\nhttps://access.redhat.com/security/cve/CVE-2022-1629\nhttps://access.redhat.com/security/cve/CVE-2022-1798\nhttps://access.redhat.com/security/cve/CVE-2022-2068\nhttps://access.redhat.com/security/cve/CVE-2022-2097\nhttps://access.redhat.com/security/cve/CVE-2022-21698\nhttps://access.redhat.com/security/cve/CVE-2022-22576\nhttps://access.redhat.com/security/cve/CVE-2022-23772\nhttps://access.redhat.com/security/cve/CVE-2022-23773\nhttps://access.redhat.com/security/cve/CVE-2022-23806\nhttps://access.redhat.com/security/cve/CVE-2022-24407\nhttps://access.redhat.com/security/cve/CVE-2022-24675\nhttps://access.redhat.com/security/cve/CVE-2022-24921\nhttps://access.redhat.com/security/cve/CVE-2022-25313\nhttps://access.redhat.com/security/cve/CVE-2022-25314\nhttps://access.redhat.com/security/cve/CVE-2022-27191\nhttps://access.redhat.com/security/cve/CVE-2022-27774\nhttps://access.redhat.com/security/cve/CVE-2022-27776\nhttps://access.redhat.com/security/cve/CVE-2022-27782\nhttps://access.redhat.com/security/cve/CVE-2022-28327\nhttps://access.redhat.com/security/cve/CVE-2022-29824\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYyJ8IdzjgjWX9erEAQh2Dw/+M+tknCYULLILonF1TEVyD12Yyo+Pabbt\na4YQUX2aFlmhOOaVBRXwDMrIPJi/Mi52+Kh05PE4/q2RndH/UbY/SfmtV70UTgiO\ngb7r+w86fTMHc8h60G9rYfmuVvqgL1HWg7HImJHxtB5DHFcbwtUmB3/nJ5O2oiGn\noQdcr2KWA0UjVqv13VffBdkYRbTREJdF/7+2eJDKvFjNiKZYxNw4tBYxgEGcasU/\nW61U+E8VU9uRHwtQOUvsOM8ga+3m/qyV8eov4BjmoEUUJYJeqI7hDhn8/GBtMJgb\nzKL1F3+PgEVyxoZsIKT3YJTLKJd1JLdIEe05fInlcoDSnNU3WZQhNKDZzusW4Mkg\nB9mwZAhicKGlUNzpt3qp9clq9j/fH1IjS7PetaEBcpr9xeH8VglDLHmNqoMoNmO8\nS74c2v3tl6/VnqsYo+jrLLQHbfwrbxCNi1ROpSzr2CD5E9wcyrRS9IBacZKEMYe1\n810o/o7T64G9+7xy/5IkPb4lEb3fKC5huBhwZKTjJJQtl6ojLSLXECFR8+1wQTTi\nLD0EAKjZhVtaMDJVRCo4jL2e2cdfGHJkeIYRzcqo6EmuFzVZYUrPsqyXzERQ6+r9\nayXDJs6y+3BakK/TZi8H3jkE23POT8OqEOR34bGrcaW1BvAEG0GejXh4qEJmzhlg\nJpmb+NWHfF0VHM\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - noarch\n\n3. The mingw-expat packages\nprovide a port of the Expat library for MinGW. \n\nThe following packages have been upgraded to a later upstream version:\nmingw-expat (2.4.8). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.7 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n\n5. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nExpat is a C library for parsing XML documents. \n\nSecurity Fix(es):\n\n* expat: stack exhaustion in doctype parsing (CVE-2022-25313)\n\n* expat: integer overflow in copyString() (CVE-2022-25314)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2056350 - CVE-2022-25313 expat: stack exhaustion in doctype parsing\n2056354 - CVE-2022-25314 expat: integer overflow in copyString()\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-25313"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003477"
},
{
"db": "VULHUB",
"id": "VHN-415280"
},
{
"db": "VULMON",
"id": "CVE-2022-25313"
},
{
"db": "PACKETSTORM",
"id": "168578"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "168392"
},
{
"db": "PACKETSTORM",
"id": "169777"
},
{
"db": "PACKETSTORM",
"id": "167984"
},
{
"db": "PACKETSTORM",
"id": "167671"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-25313",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-484086",
"trust": 1.2
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/02/19/1",
"trust": 1.2
},
{
"db": "ICS CERT",
"id": "ICSA-22-167-17",
"trust": 0.9
},
{
"db": "JVN",
"id": "JVNVU99030761",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003477",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167671",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167984",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169777",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168578",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167845",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167648",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168022",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168265",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167838",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168054",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166254",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167853",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167985",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168228",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167778",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168351",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2022-18354",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-415280",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-25313",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168213",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168392",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415280"
},
{
"db": "VULMON",
"id": "CVE-2022-25313"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003477"
},
{
"db": "PACKETSTORM",
"id": "168578"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "168392"
},
{
"db": "PACKETSTORM",
"id": "169777"
},
{
"db": "PACKETSTORM",
"id": "167984"
},
{
"db": "PACKETSTORM",
"id": "167671"
},
{
"db": "NVD",
"id": "CVE-2022-25313"
}
]
},
"id": "VAR-202202-0163",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415280"
}
],
"trust": 0.7003805
},
"last_update_date": "2024-11-29T19:54:59.723000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2023-204",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html"
},
{
"title": "Ubuntu Security Notice: USN-5320-1: Expat vulnerabilities and regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5320-1"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-25313"
},
{
"title": "Amazon Linux 2: ALAS2-2023-2280",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-2280"
},
{
"title": "Debian Security Advisories: DSA-5085-1 expat -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b32ad21c953fb4340d1a4cbd3394eb98"
},
{
"title": "Red Hat: Important: mingw-expat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227811 - Security Advisory"
},
{
"title": "Red Hat: Moderate: ACS 3.71 enhancement and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225704 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Openshift Logging Bug Fix and security update Release (5.3.10)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225908 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Logging Subsystem 5.4.3 - Red Hat OpenShift security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225556 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Openshift Logging Bug Fix and security update Release (5.2.13)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225909 - Security Advisory"
},
{
"title": "Red Hat: Moderate: New container image for Red Hat Ceph Storage 5.2 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226024 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226290 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227143 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227144 - Security Advisory"
},
{
"title": "Red Hat: Important: Release of containers for OSP 16.2.z director operator tech preview",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225673 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.5.1 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225531 - Security Advisory"
},
{
"title": "Red Hat: Moderate: RHSA: Submariner 0.13 - security and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226346 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226430 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.12 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226271 - Security Advisory"
},
{
"title": "Red Hat: Critical: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226696 - Security Advisory"
},
{
"title": "Red Hat: Important: Release of OpenShift Serverless 1.24.0",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226040 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, \u0026 bugfix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226156 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.3 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225840 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.11.0 extras and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225070 - Security Advisory"
},
{
"title": "Amazon Linux 2022: ALAS-2022-232",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS-2022-232"
},
{
"title": "Red Hat: Important: OpenShift Virtualization 4.11.0 Images security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226526 - Security Advisory"
},
{
"title": "Red Hat: Important: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226429 - Security Advisory"
},
{
"title": "Red Hat: Important: OpenShift Container Platform 4.11.0 bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225069 - Security Advisory"
},
{
"title": "Linux_OS20.04_X64_By_Griggorii_ubuntu_focal_fossa-linux-image-kernel-5.6.0-oem #not bubblewrap\nISO DOWNLOAD size 2Gb ubuntu-20.04.2-desktop-amd64.iso: https://drive.google.com/file/d/1-2AWbtRp0aXwGdmgcrJLbMERtcOT_oUs/view?usp=sharing",
"trust": 0.1,
"url": "https://github.com/Griggorii/Ubuntu-20.04.2-desktop-amd64_By_Griggorii_linux-image-kernel-5.6.0-oem "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/manas3c/CVE-POC "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-25313"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003477"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-674",
"trust": 1.0
},
{
"problemtype": "Resource exhaustion (CWE-400) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-400",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415280"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003477"
},
{
"db": "NVD",
"id": "CVE-2022-25313"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/202209-24"
},
{
"trust": 1.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"trust": 1.2,
"url": "https://security.netapp.com/advisory/ntap-20220303-0008/"
},
{
"trust": 1.2,
"url": "https://www.debian.org/security/2022/dsa-5085"
},
{
"trust": 1.2,
"url": "https://github.com/libexpat/libexpat/pull/558"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.2,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html"
},
{
"trust": 1.2,
"url": "http://www.openwall.com/lists/oss-security/2022/02/19/1"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
},
{
"trust": 0.9,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99030761/index.html"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-27782"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-27776"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22576"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-27774"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-40528"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-29824"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23990"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2097"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1629"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-38561"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1621"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/674.html"
},
{
"trust": 0.1,
"url": "https://github.com/griggorii/ubuntu-20.04.2-desktop-amd64_by_griggorii_linux-image-kernel-5.6.0-oem"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5320-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1729"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21123"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32250"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21166"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21125"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1966"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1966"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2526"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6526"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4189"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3634"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24921"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38185"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27191"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23772"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1798"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3737"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4115"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23773"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24675"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7811"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25315"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5908"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-34169"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21540"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5244"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415280"
},
{
"db": "VULMON",
"id": "CVE-2022-25313"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003477"
},
{
"db": "PACKETSTORM",
"id": "168578"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "168392"
},
{
"db": "PACKETSTORM",
"id": "169777"
},
{
"db": "PACKETSTORM",
"id": "167984"
},
{
"db": "PACKETSTORM",
"id": "167671"
},
{
"db": "NVD",
"id": "CVE-2022-25313"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415280"
},
{
"db": "VULMON",
"id": "CVE-2022-25313"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-003477"
},
{
"db": "PACKETSTORM",
"id": "168578"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "168392"
},
{
"db": "PACKETSTORM",
"id": "169777"
},
{
"db": "PACKETSTORM",
"id": "167984"
},
{
"db": "PACKETSTORM",
"id": "167671"
},
{
"db": "NVD",
"id": "CVE-2022-25313"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-18T00:00:00",
"db": "VULHUB",
"id": "VHN-415280"
},
{
"date": "2022-02-18T00:00:00",
"db": "VULMON",
"id": "CVE-2022-25313"
},
{
"date": "2023-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-003477"
},
{
"date": "2022-09-30T14:56:43",
"db": "PACKETSTORM",
"id": "168578"
},
{
"date": "2022-09-01T16:30:25",
"db": "PACKETSTORM",
"id": "168213"
},
{
"date": "2022-09-15T14:20:18",
"db": "PACKETSTORM",
"id": "168392"
},
{
"date": "2022-11-08T13:49:57",
"db": "PACKETSTORM",
"id": "169777"
},
{
"date": "2022-08-05T14:51:51",
"db": "PACKETSTORM",
"id": "167984"
},
{
"date": "2022-07-01T15:01:53",
"db": "PACKETSTORM",
"id": "167671"
},
{
"date": "2022-02-18T05:15:08.130000",
"db": "NVD",
"id": "CVE-2022-25313"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-415280"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-25313"
},
{
"date": "2023-02-21T02:59:00",
"db": "JVNDB",
"id": "JVNDB-2022-003477"
},
{
"date": "2024-11-21T06:51:58.680000",
"db": "NVD",
"id": "CVE-2022-25313"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Expat\u00a0 Resource exhaustion vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-003477"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "arbitrary, code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "168578"
}
],
"trust": 0.1
}
}